jonathandata1 is a security researcher who has posted a lot of disinformation on Twitter. This article exists basically so you can send it to journalists who have cited jonathandata1, or to management folks who are tempted to hire him.
There are two reasons I’ve singled him out: one is that some of this disinformation has gone viral:
His tweets imply that he’s finding work. He claims to have consulted on Celo and there is public evidence he has consulted on other cryptocurrency projects, such as the ELLIPAL wallet:
I am not a security professional, but here are some security professionals who interacted with Jonathan Scott’s disinformation and attempted to discredit it. (Because this is Twitter, you may need to scroll up to see all the posts in some cases)
- Asher Langton, Juniper Networks (interaction, interaction 2, credentials)
- Dan Borges (interaction, credentials)
- Dan Goodin, Ars Technica Security Editor (statement, credentials)
- Luca Todesco, Dataflow Security, jailbroke iOS (statement)
- Marcus Hutchins, MalwareTech (interaction, credentials)
- maldr0id, Google (interaction, statement, statement continued, credentials)
- Runa Sandvik, New York Times Director of Information Security (interaction, credentials)
- s1guza (interaction, credentials)
- Tavis Ormandy, Google Project Zero (interaction, credentials)
To quickly summarize the accusations:
- jonathandata1 misrepresents the content of code for his own purposes (ex: claiming that comments are executable code)
- jonathandata1 does not appear to know how to use security tools correctly (ex: disassembling Dalvik bytecode as x86)
- jonathandata1 makes totally unsubstantiated claims and insists he was understood incorrectly when called out on this (ex. Asher Langton and s1guza, above)
- jonathandata1 attempts to discount security professionals as “unqualified” when they criticize him, even if he has previously used their work (ex. maldr0id, above)
Unfortunately, platforms like Twitter rarely act in this kind of case. Ben Shapiro and Steven Crowder have been doing this kind of thing for years. I felt obligated to speak up in this case, though, since it’s a domain I understand.
If you’re a security professional who has publicly criticized jonathandata1, or if you know of anyone I missed, please send me a note. (I am @nyeogmi on Twitter.) Be sure to send me a link! I’m aware there’s much more — I just wanted to start with the interactions I remembered.
Also, please let me know if I have referred to you in a different way than you would like, or if I’ve gotten your job title wrong.
NOTE: The subject of this post is currently being harassed by a lot of Twitter users. (including fake accounts johnathandata1, spelled with an H, and jonathandata0) I don’t recommend giving views or engagement to trolls or harassers, because it makes the internet a more hostile place and allows jonathandata1 to posture as a victim.