+- jsr -- 26d --------------------------------------------------------------[...]+ | | | If you're pissing off the powerful interests, watch this video. | | | | Follow along. Get safer. | | https://blossom.primal.net/254e0fd82b201f4d3d6e761dd9c6e574084c0ab32b185bece21 | | dd55a3f811f8e.mp4 | | | +-- reply ------------------------------------------------------------------- ---+If you're pissing off the powerful interests, watch this video. Follow along. Get safer. https://blossom.primal.net/254e0fd82b201f4d3d6e761dd9c6e574084c0ab32b185bece21dd55a3f811f8e.mp4
npub1vz03sm9qy0t93s87qx2hq3e0t9t9ezlpmstrk92pltyajz4yazhshfttwj
jsr@primal.net
Chasing digital badness at the citizen lab. All words here are my own.
+- jsr -- 76d --------------------------------------------------------------[...]+ | | | They showed us cute missing dogs & we consented to opt into a mass human | | tracking system. | | | | I think Ring's wants to be Flock. On steroids. | | | | Because instead of just sketchy cameras in parking lots, Search Party will | | cover your own backyards & homes. | | | | https://blossom.primal.net/e4d0c92c8190d6d808b4f1d54e06031e1358d317344aa71d180 | | 9f7403f253c04.mp4 | | | | And if you & your neighbors want to challenge the loss of privacy? Well, how | | exactly would you do that effectively? | | | | Because, instead of going to the city council, looking at the contracts, and | | calling out your mayor for speeding your city to dystopia, it's massive and | | distributed. | | | | Will you even know which of your neighbors is now helping to feed the system? | | | | If we had half competent privacy regulators & laws in the US this kind of | | thing would be a big, hard fight for Ring. | | | | Instead? It's a Super Bowl commercial. | | | | Oh, and yeah Ring has already partnered with Flock Safety to incorporate tools | | letting the government directly request footage | | | +-- reply ------------------------------------------------------------------- ---+They showed us cute missing dogs & we consented to opt into a mass human tracking system. I think Ring's wants to be Flock. On steroids. Because instead of just sketchy cameras in parking lots, Search Party will cover your own backyards & homes. https://blossom.primal.net/e4d0c92c8190d6d808b4f1d54e06031e1358d317344aa71d1809f7403f253c04.mp4 And if you & your neighbors want to challenge the loss of privacy? Well, how exactly would you do that effectively? Because, instead of going to the city council, looking at the contracts, and calling out your mayor for speeding your city to dystopia, it's massive and distributed. Will you even know which of your neighbors is now helping to feed the system? If we had half competent privacy regulators & laws in the US this kind of thing would be a big, hard fight for Ring. Instead? It's a Super Bowl commercial. Oh, and yeah Ring has already partnered with Flock Safety to incorporate tools letting the government directly request footage
+- jsr -- 81d --------------------------------------------------------------[...]+ | | | I TRUST YOU BUT YOUR AI AGENT IS A SNITCH: Why We Need a New Social Contract | | | | We’re chatting on Signal, enjoying encryption, right? But your DIY | | productivity agent is piping the whole thing back to Anthropic. | | | | Friend, you’ve just created a permanent subpoena-able record of my private | | thoughts held by a corporation that owes me zero privacy protections. | | https://blossom.primal.net/220613c4d3889e2403ef4c836490cefbb81822b190b270076e2 | | 89d2a2e057a85.png | | | | Even when folks use open-source agents like #openclaw in decentralized setups, | | the default /easy configuration is to plug in an API resulting in data getting | | backhauled to Anthropic, OpenAI, etc. | | | | And so those providers get all the good stuff: intimate confessions, legal | | strategies, work gripes. Worse? Even if you’ve made peace with this, your | | friends absolutely haven’t consented to their secrets piped to a datacenter. | | Do they even know? | | | | Governments are spending a lot of time trying to kill end-to-end encryption, | | but if we’re not careful, we’ll do the job for them. | | | | The problem is big & growing: | | | | Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. | | Think: desktop productivity tools by a big company. Hello, Copilot. These | | companies already have tons of incentive to soak up your private stuff & are | | very unlikely to respect developer intent & privacy without big fights (Those | | fights need to keep happening) | | | | Threat 2: DIY agents that are privacy leaky as hell, not through evil intent | | or misaligned ethics, but just because folks are excited and moving quickly. | | Or carelessly. And are using someone’s API. | | | | I sincerely hope is that the DIY/ OpenSource ecosystem that is spinning up | | around AI agents has some privacy heroes in it. Because it should be possible | | to do some building & standards that use permission and privacy as the first | | principle. | | | | Maybe we can show what’s possible for respecting privacy so that we can demand | | it from big companies? | | | | Respecting your friends means respecting when they use encrypted messaging. It | | means keeping privacy-leaking agents out of private spaces without all-party | | consent. | | | | Ideas to mull (there are probably better ones, but I want to be constructive): | | | | Human only mode/ X-No-Agents flags | | How about converging on some standards & app signals that AI agents must | | respect, absolutely. Like signals that an app/chat can emit & be opted out of | | exposure to an AI agent. | | | | Agent Exclusion Zones | | For example, starting with the premise that the correct way to respect | | developer (& user intent) with end to end encrypted apps is that they not be | | included, perhaps with the exception [risky tho!] of whitelisting specific | | chats etc. This is important right now since so many folks are getting excited | | about connecting their agents to encrypted messengers as a control channel, | | which is going to mean lots more integrations soon. | | | | #NoSecretAgents Dev Pledge | | Something like a developer pledge that agents will declare themselves in chat | | and not share data to a backend without all-party consent. | | | | None of these ideas are remotely perfect, but unless we start experimenting | | with them now, we're not building our best future. | | | | Next challenge? Local Only / Private Processing: local-First as a default. | | Unless we move very quickly towards a world where the processing that agents | | do is truly private (e.g. not accessible to a third party) and/or local by | | default, even if agents are not shipping signal chats, they are creating an | | unbelievably detailed view into your personal world, held by others. And | | fundamentally breaking your own mental model of what on your device is & isn't | | under your control / private. | | | +-- reply ------------------------------------------------------------------- ---+I TRUST YOU BUT YOUR AI AGENT IS A SNITCH: Why We Need a New Social Contract We’re chatting on Signal, enjoying encryption, right? But your DIY productivity agent is piping the whole thing back to Anthropic. Friend, you’ve just created a permanent subpoena-able record of my private thoughts held by a corporation that owes me zero privacy protections. https://blossom.primal.net/220613c4d3889e2403ef4c836490cefbb81822b190b270076e289d2a2e057a85.png Even when folks use open-source agents like #openclaw in decentralized setups, the default /easy configuration is to plug in an API resulting in data getting backhauled to Anthropic, OpenAI, etc. And so those providers get all the good stuff: intimate confessions, legal strategies, work gripes. Worse? Even if you’ve made peace with this, your friends absolutely haven’t consented to their secrets piped to a datacenter. Do they even know? Governments are spending a lot of time trying to kill end-to-end encryption, but if we’re not careful, we’ll do the job for them. The problem is big & growing: Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. Think: desktop productivity tools by a big company. Hello, Copilot. These companies already have tons of incentive to soak up your private stuff & are very unlikely to respect developer intent & privacy without big fights (Those fights need to keep happening) Threat 2: DIY agents that are privacy leaky as hell, not through evil intent or misaligned ethics, but just because folks are excited and moving quickly. Or carelessly. And are using someone’s API. I sincerely hope is that the DIY/ OpenSource ecosystem that is spinning up around AI agents has some privacy heroes in it. Because it should be possible to do some building & standards that use permission and privacy as the first principle. Maybe we can show what’s possible for respecting privacy so that we can demand it from big companies? Respecting your friends means respecting when they use encrypted messaging. It means keeping privacy-leaking agents out of private spaces without all-party consent. Ideas to mull (there are probably better ones, but I want to be constructive): Human only mode/ X-No-Agents flags How about converging on some standards & app signals that AI agents must respect, absolutely. Like signals that an app/chat can emit & be opted out of exposure to an AI agent. Agent Exclusion Zones For example, starting with the premise that the correct way to respect developer (& user intent) with end to end encrypted apps is that they not be included, perhaps with the exception [risky tho!] of whitelisting specific chats etc. This is important right now since so many folks are getting excited about connecting their agents to encrypted messengers as a control channel, which is going to mean lots more integrations soon. #NoSecretAgents Dev Pledge Something like a developer pledge that agents will declare themselves in chat and not share data to a backend without all-party consent. None of these ideas are remotely perfect, but unless we start experimenting with them now, we're not building our best future. Next challenge? Local Only / Private Processing: local-First as a default. Unless we move very quickly towards a world where the processing that agents do is truly private (e.g. not accessible to a third party) and/or local by default, even if agents are not shipping signal chats, they are creating an unbelievably detailed view into your personal world, held by others. And fundamentally breaking your own mental model of what on your device is & isn't under your control / private.
+- jsr -- 93d --------------------------------------------------------------[...]+ | | | NEW: Microsoft turned over Bitlocker keys to FBI. | | | | https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb | | 23e0f250a06f4.png | | | | When you key escrow your disk encryption with someone, they can be targeted | | with a warrant. | | | | This case is a really good illustration that if you nudge users with a default | | to save their keys with you... they will do so & may not fully understand the | | implications. | | https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804 | | dcb1fdb0489cc.png | | | | Of course, once the requests start working... they are likely to accelerate. | | | | Story: | | https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys | | -to-unlock-bitlocker-encrypted-data/ | | | +-- reply ------------------------------------------------------------------- ---+NEW: Microsoft turned over Bitlocker keys to FBI. https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb23e0f250a06f4.png When you key escrow your disk encryption with someone, they can be targeted with a warrant. This case is a really good illustration that if you nudge users with a default to save their keys with you... they will do so & may not fully understand the implications. https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804dcb1fdb0489cc.png Of course, once the requests start working... they are likely to accelerate. Story: https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
+- jsr -- 152d -------------------------------------------------------------[...]+ | | | Hotel toilet privacy is disappearing. | | | | Glass doors. | | | | Or no door. | | | | Or a big window into the room. | | | | Who is asking for this? | | | +-- reply ------------------------------------------------------------------- ---+Hotel toilet privacy is disappearing. Glass doors. Or no door. Or a big window into the room. Who is asking for this?
+- jsr -- 162d -------------------------------------------------------------[...]+ | | | Suddenly hearing about zcash everywhere. | | | | Feels inorganic. | | | | What's up? | | | +-- reply ------------------------------------------------------------------- ---+Suddenly hearing about zcash everywhere. Feels inorganic. What's up?
+- jsr -- 170d -------------------------------------------------------------[...]+ | | | YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in | | 🇺🇸America. | | | | I believe they won't stop lobbying until they get Pegasus into USA. | | | | To hack Americans. | | https://blossom.primal.net/ede4092ee60114cd3466cf082d7633a9954be5ba91db50c289a | | 4fb2b9ccf8ee1.png | | | +-- reply ------------------------------------------------------------------- ---+YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in 🇺🇸America. I believe they won't stop lobbying until they get Pegasus into USA. To hack Americans. https://blossom.primal.net/ede4092ee60114cd3466cf082d7633a9954be5ba91db50c289a4fb2b9ccf8ee1.png
+- jsr -- 187d -------------------------------------------------------------[...]+ | | | POV: you can't sleep because your bed can't talk to AWS. | | | | https://blossom.primal.net/f40fdc9b25221afe46b052d2bcc18bac615d331f0dc7410af48 | | 5942b8717a350.png | | | | Design thinking that inserts brittle dependence into our lives while | | extracting fees for life. | | | | Don't be these guys. | | | +-- reply ------------------------------------------------------------------- ---+POV: you can't sleep because your bed can't talk to AWS. https://blossom.primal.net/f40fdc9b25221afe46b052d2bcc18bac615d331f0dc7410af485942b8717a350.png Design thinking that inserts brittle dependence into our lives while extracting fees for life. Don't be these guys.
+- jsr -- 188d -------------------------------------------------------------[...]+ | | | GOOD MORNING. | | | | Today's massive outages nicely illustrate which of your favorite internet | | things are secretly Amazon-dependent. | | | | Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome. | | | | Result? Massive outages. | | | | Sure, Amazon has regions. | | https://blossom.primal.net/aed56335234470f2190b1dab671bc3f2381aeb1947f60d282ee | | dcc7d3eff1141.png | | | | But US-EAST-1 is the legacy/default for a pile of services...and other Global | | Amazon services also depended on it. | | | | So when there was trouble...it was quickly everywhere. | | | | Hyperscalers rule *almost* everything around us. And this is absolutely bad | | news for all sorts of resiliency. | | https://blossom.primal.net/8c682d82f772411b5beec356ae30c14b97d8c3cd700456265ce | | 046fa17459478.png | | | | Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends | | on. | | | | They say they are mostly mitigated & have a pile of backlog to clear. | | https://blossom.primal.net/22ec4642c3406c5e5d2266279370e338e07f91709b5e15e13f5 | | 208898899eb14.png | | | | But this is a great moment to think about just how many eggs that matter are | | in one basket... | | | | https://health.aws.amazon.com/health/status | | | +-- reply ------------------------------------------------------------------- ---+GOOD MORNING. Today's massive outages nicely illustrate which of your favorite internet things are secretly Amazon-dependent. Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome. Result? Massive outages. Sure, Amazon has regions. https://blossom.primal.net/aed56335234470f2190b1dab671bc3f2381aeb1947f60d282eedcc7d3eff1141.png But US-EAST-1 is the legacy/default for a pile of services...and other Global Amazon services also depended on it. So when there was trouble...it was quickly everywhere. Hyperscalers rule *almost* everything around us. And this is absolutely bad news for all sorts of resiliency. https://blossom.primal.net/8c682d82f772411b5beec356ae30c14b97d8c3cd700456265ce046fa17459478.png Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends on. They say they are mostly mitigated & have a pile of backlog to clear. https://blossom.primal.net/22ec4642c3406c5e5d2266279370e338e07f91709b5e15e13f5208898899eb14.png But this is a great moment to think about just how many eggs that matter are in one basket... https://health.aws.amazon.com/health/status
+- jsr -- 191d -------------------------------------------------------------[...]+ | | | NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. | | | | Result, decentralized, immutable malware from a government crypto theft | | operation. | | https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfa | | a04a023b098b4.png | | | | It only cost $1.37 USD in gas fees per malware change (e.g. to update the | | command & control server) | | | | https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e | | 49387e81eaa36.png | | | | Blockchains as malware dead drops are a fascinating, predictable evolution for | | nation state attackers. | | | | https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485 | | b7aafbbbe38e7.png | | | | And Blockchain explorers are a natural target. | | | | https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1 | | f7515c379de35.png | | | | Nearly impossible to remove. | | https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5 | | c8f223e538407.png | | | | Experimentation with putting malware on blockchains is in infancy. | | | | Ultimately there will be some efforts to try and implement social engineering | | protection around this, but combined with things like agentic AI & vibe coding | | by low-information people...whew boy this gold seam is going to be productive | | for a long time. | | | | Still, where here they used social engineering, I expect attackers to also | | experiment with directly loading zero click exploits onto blockchains | | targeting things like blockchain explorers & other systems that process | | blockchains... especially if they are sometimes hosted on the same systems & | | networks that handle transactions / have wallets. | | | | REPORT: | | https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhidi | | ng | | | +-- reply ------------------------------------------------------------------- ---+NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. Result, decentralized, immutable malware from a government crypto theft operation. https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfaa04a023b098b4.png It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server) https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e49387e81eaa36.png Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers. https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485b7aafbbbe38e7.png And Blockchain explorers are a natural target. https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1f7515c379de35.png Nearly impossible to remove. https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5c8f223e538407.png Experimentation with putting malware on blockchains is in infancy. Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time. Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets. REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
+- jsr -- 199d -------------------------------------------------------------[...]+ | | | NEW: Cost to 'poison' an LLM and insert backdoors is relatively constant. Even | | as models grow. | | | | Implication: scaling security is orders-of-magnitude harder than scaling LLMs. | | | | https://blossom.primal.net/1bdbe13fe20b39f757d6d440b416a74a2099c63cb50bc344cc1 | | d2e96f7c4646b.png | | | | Prior work had suggested that as model sizes grew, it would make them | | cost-prohibitive to poison. | | | | https://blossom.primal.net/d44c301ef8c297ee3eb30c7e8a161b5dcecc8618dee83607d15 | | 32d9d9ad63b02.png | | | | So, in LLM training-set-land, dilution isn't the solution to pollution. | | | | Just about the same size of poisoned training data that works on a 1B model | | could also work on a 1T model. | | https://blossom.primal.net/2c635801a74e4ddc0628adb7d1f1942cb4431550474696a7a7e | | 36702ecb042b7.png | | I feel like this is something that cybersecurity folks will find intuitive: | | lots of attacks scale. Most defenses don't | | | | PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON | | SAMPLES https://arxiv.org/pdf/2510.07192 | | | +-- reply ------------------------------------------------------------------- ---+NEW: Cost to 'poison' an LLM and insert backdoors is relatively constant. Even as models grow. Implication: scaling security is orders-of-magnitude harder than scaling LLMs. https://blossom.primal.net/1bdbe13fe20b39f757d6d440b416a74a2099c63cb50bc344cc1d2e96f7c4646b.png Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison. https://blossom.primal.net/d44c301ef8c297ee3eb30c7e8a161b5dcecc8618dee83607d1532d9d9ad63b02.png So, in LLM training-set-land, dilution isn't the solution to pollution. Just about the same size of poisoned training data that works on a 1B model could also work on a 1T model. https://blossom.primal.net/2c635801a74e4ddc0628adb7d1f1942cb4431550474696a7a7e36702ecb042b7.png I feel like this is something that cybersecurity folks will find intuitive: lots of attacks scale. Most defenses don't PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON SAMPLES https://arxiv.org/pdf/2510.07192
+- jsr -- 203d -------------------------------------------------------------[...]+ | | | NEW: breach of Discord age verification data. | | | | For some users this means their passports & drivers licenses. | | | | Discord has only run age verification for 6 months. | | | | Age verification is a badly implemented data grab wrapped in a moral panic. | | https://blossom.primal.net/41c3acf48c2d6d9095223d518594566dd9a6362fd09c6bd7a4c | | 2bbb5f5649efd.png | | | | Proponents say age verification = showing your ID at the door to a bar. | | | | But the analogy is often wrong. | | | | It's more like: bouncer photocopies some IDs, & keeps them in a shed around | | back. | | | | There will be more breaches. | | | | But it should bother you that the technology promised to make us all safer, is | | quickly making us less so. | | | | STORIES: | | | | https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hac | | ked---photos-and-messages-accessed/ | | | | https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack | | | +-- reply ------------------------------------------------------------------- ---+NEW: breach of Discord age verification data. For some users this means their passports & drivers licenses. Discord has only run age verification for 6 months. Age verification is a badly implemented data grab wrapped in a moral panic. https://blossom.primal.net/41c3acf48c2d6d9095223d518594566dd9a6362fd09c6bd7a4c2bbb5f5649efd.png Proponents say age verification = showing your ID at the door to a bar. But the analogy is often wrong. It's more like: bouncer photocopies some IDs, & keeps them in a shed around back. There will be more breaches. But it should bother you that the technology promised to make us all safer, is quickly making us less so. STORIES: https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hacked---photos-and-messages-accessed/ https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack
+- jsr -- 207d -------------------------------------------------------------[...]+ | | | PAY ATTENTION: The UK again asked Apple to backdoor iCloud encryption. | | | | Backdoors create a massive target for hackers & criminal groups. | | | | https://blossom.primal.net/39751af1c5bba2b2166341f8135068f8c6e54bdfa6911c5313e | | 1bfce4dffb9c9.png | | | | Dictators will inevitably demand that Apple build the same access structure | | for them. | | | | They insert vulnerable bad things right at the place where we need the | | strongest protections. | | https://blossom.primal.net/cb31d7e5e9ee2da9699e80cda202b1e2ff77feafbfb9eaded77 | | b93f8a2d672ee.png | | | | This latest attempt to demand access is *yet another* unreasonable, secret | | demand on Apple (a TCN) from the Home Office.... | | | | https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265 | | | +-- reply ------------------------------------------------------------------- ---+PAY ATTENTION: The UK again asked Apple to backdoor iCloud encryption. Backdoors create a massive target for hackers & criminal groups. https://blossom.primal.net/39751af1c5bba2b2166341f8135068f8c6e54bdfa6911c5313e1bfce4dffb9c9.png Dictators will inevitably demand that Apple build the same access structure for them. They insert vulnerable bad things right at the place where we need the strongest protections. https://blossom.primal.net/cb31d7e5e9ee2da9699e80cda202b1e2ff77feafbfb9eaded77b93f8a2d672ee.png This latest attempt to demand access is *yet another* unreasonable, secret demand on Apple (a TCN) from the Home Office.... https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265
+- jsr -- 226d -------------------------------------------------------------[...]+ | | | Friend, | | | | If scrolling leaves you feeling hollowed... | | | | If anger is frictionless and thinking feels like fighting the current, | | | | You're not swimming, you're being swept in an algorithmic rip tide. | | | | And your mental clarity is the target. | | | | So, take a beat and step out | | | | Put the thing down. | | | | Connect with your own thoughts. | | | | It's what the designers of these algorithms fear most. | | | +-- reply ------------------------------------------------------------------- ---+Friend, If scrolling leaves you feeling hollowed... If anger is frictionless and thinking feels like fighting the current, You're not swimming, you're being swept in an algorithmic rip tide. And your mental clarity is the target. So, take a beat and step out Put the thing down. Connect with your own thoughts. It's what the designers of these algorithms fear most.
+- jsr -- 228d -------------------------------------------------------------[...]+ | | | The internet needs YOU to stand up against surveillance abuses & mercenary | | spyware. | | | | Thank you for your attention to this matter. | | | | nostr:nevent1qvzqqqqqqypzp4ln5tvtwa6r8ynwyw2ax9vcjt5y0858r2qqusqlq3lmpzk30uetq | | yt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qyvhwumn8ghj7ur | | jv4kkjatd9ec8y6tdv9kzumn9wshsqgzxyxeqmhkd55k75nzucmuuj90qu4yqde3dmwwrpmr568t5s | | 687qvmxwdyg | | | +-- reply ------------------------------------------------------------------- ---+The internet needs YOU to stand up against surveillance abuses & mercenary spyware. Thank you for your attention to this matter. nostr:nevent1qvzqqqqqqypzp4ln5tvtwa6r8ynwyw2ax9vcjt5y0858r2qqusqlq3lmpzk30uetqyt8wumn8ghj7etyv4hzumn0wd68ytnvv9hxgtcppemhxue69uhkummn9ekx7mp0qyvhwumn8ghj7urjv4kkjatd9ec8y6tdv9kzumn9wshsqgzxyxeqmhkd55k75nzucmuuj90qu4yqde3dmwwrpmr568t5s687qvmxwdyg
+- jsr -- 236d -------------------------------------------------------------[...]+ | | | NEW: foreign mercenary spyware is coming to the US. | | | | ICE just quietly unsuspended contract with spyware maker #Paragon. | | | | They got caught this year being used to hack journalists. | | | | Friend, let me me bring you up to speed on why this is bad on multiple fronts. | | | | https://blossom.primal.net/9149c1061b8c41d34f95e36d74f9197bffaaeca0d854081bf16 | | ad63cbde6e22f.png | | | | YOUR BACKGROUND BRIEF: | | | | #Paragon was co-founded in Israel in 2019 by ex head of Israel's NSA | | equivalent (Unit 8200) w/ major backing from former Israeli PM Ehud Barak. | | | | Pitched themselves as stealthy & abuse-proof alternative to NSO Group's | | Pegasus. | | https://blossom.primal.net/20174dc33c0dfd6b2e621b62621d0ed0d672acde5a2db5ac5e7 | | 4a93eda49714a.png | | The company has been trying to get into the US market for years. | | | | For a long time all we knew about Paragon was their performance as a | | 'virtuous' spyware company with values. | | | | https://blossom.primal.net/5255146af326cbbd9240db89a6ec67a8b298bae0f91d897ec11 | | 61573e19363a7.png | | All that came to a crashing halt in 2025 when they got very caught, helping | | customers hack targets across #WhatsApp. | | | | WhatsApp did the right thing & notified users. | | https://blossom.primal.net/eac330ca904f2815e0a813106efe494fd28fd512728b6e561b3 | | c92a4ea309393.png | | Almost immediately after the WhatsApp notifications, we started learning about | | the targets. | | | | They weren't the supposed serious criminals... They were Journalists... human | | rights defenders...groups working on sea rescues.. etc | | | | In other words, a very NSO-like scandal. | | https://blossom.primal.net/a530f88b24d07ffae346e2ed762a391f0e3908142a1aa2032a8 | | 7bcfe0fb649b0.png | | Ultimately Paragon & its Italian customer had a massive spyware scandal on | | their hands. | | | | WhatsApp wasn't the only player tracking paragon & doing user notifications. | | Apple got in on the game. | | | | Ultimately, we at the Citizen Lab had forensically analyzed cases from each | | notification round. | | https://blossom.primal.net/312ea0ccc0a650ab5d77c84cd714687bb6e0f18f47159ae9156 | | 2a2b7f98270ec.png | | We testified to Italy's parliamentary intelligence oversight committee about | | our findings. | | https://blossom.primal.net/e6cfcf41d686d7fd1c64f12caf1fc2e5e93b9912536fd63abb5 | | 1259c4a6633b9.png | | https://blossom.primal.net/79cb9ecdfe9c86ba9a4e051f93b8f74d9329f7b14a68e4b1ad7 | | cf382c227d8e0.png | | The conclusion? Deeply unsatisfactory. | | | | Italy admitted hacking some targets, but denied hacking journalists. | | Tons of loose ends with Paragon. And they haven't been honest about who used | | their tech to hack journalists in Europe. | | | | BIG PICTURE: | | | | After 14 years investigating countless spyware companies, I tell you with | | confidence: | | | | Mercenary spyware is a power abuse machine incompatible with American | | constitutional rights and freedoms. | | | | Our legal system isn't designed for it, oversight mechanisms are woefully | | inadequate to protect our rights... | | | | Here's the thing. You probably know that mercenary spyware like #Pegasus gets | | sold to dictators. | | | | Who, predictably, abuse it. | | | | But We have a growing pile of cases where spyware is sold to democracies... | | and then gets abused. | | | | HISTORY LESSONS | | | | History shows: secret surveillance usually winds up abused. | | | | The history of the US is littered with surveillance abuses. | | | | Thing is, our phones offer an unprecedented window into our lives. | | | | Making zero-click mercenary spyware an especially grave risk to all our | | freedoms. | | | | If the government has wants access to your accounts for law enforcement...they | | have to prepare a judicially authorized request and send it to the company, | | which reviews it. | | | | Mercenary spyware bypasses any external review. | | | | And the whole industry behind it seeks maximum obscurity. | | | | COUNTERINTELLIGENCE THREATS? YEAH THAT TOO | | | | I'm concerned about the impact on our rights an dour privacy. | | | | But there's something else that should worry everybody about the choice to | | work with the company: Paragon poses a potentially grave counterintelligence | | threat to the US. Let me explain. | | | | When you use an integrated spyware package to conduct sensitive law | | enforcement / intelligence business, you have to place a lot of trust in | | them... | | | | If the developers originate from a foreign intelligence service that | | aggressively collects against the US government, that should be a huge red | | flag. | | | | America (or any country) should be maximally wary about using | | foreign-developed surveillance tech for the same reason that America shouldn't | | operate a Chinese-made stealth fighter. | | | | So, have Paragon's spyware, people & ops been aggressively vetted for | | technical and human counterintelligence risks? | | | | MERCENARY SPYWARE = FATE SHARING | | Paragon's #Graphite mercenary spyware shares the same downsides as other | | products in their class: | | | | ❌They keep getting caught | | | | We researchers aren't the only ones that have found techniques for tracking | | and identifying Paragon spyware... I'm sure hostile govs have too. | | https://blossom.primal.net/0e709adfa8b5b3dd375c80180988f8e322c36d1803e4c25ec1b | | de250716c8302.png | | ❌Customers fate share. | | | | Since all customers roll the same tech, when one gets caught it impacts & | | potentially exposes everyones' activities. | | | | Now, that fate sharing will include US law enforcement activity. | | | | WHAT CAN YOU DO? | | | | What can you do? Take 5 minutes and call your member of Congress. | | | | Ask them to request a briefing on Paragon. | | | | They should ask whether the company was properly vetted & reviewed. | | | | What is the oversight mechanism for this maximally invasive technology? | | | | What are the guardrails? How would abuses be handled? Etc. | | | | PERSONAL SECURITY? | | | | Paragon & this category of spyware is fiendishly hard to track & defend | | against. | | | | And on a personal level? Apple's Lockdown Mode & Android Advanced Protection | | both offer some serious security benefits but neither is a silver bullet.. | | | | Unfortunately, as of right now I am pretty confident that no publicly | | available / commercially developed third party tool can reliably detect | | Paragon spyware either in realtime. Or retrospectively. | | | | Beware a false sense of security. | | | | If you got this far & found this post useful, let me know! Drop a comment. | | | | SELECTED READING LIST | | | | Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm | | Paragon, following its acquisition by U.S. capital | | https://jackpoulson.substack.com/p/exclusive-ice-has-reactivated-its | | | | Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations | | https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-o | | perations/ | | | | Graphite Caught | | First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds | | Journalists Targeted | | https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-merc | | enary-spyware-finds-journalists-targeted/ | | | +-- reply ------------------------------------------------------------------- ---+NEW: foreign mercenary spyware is coming to the US. ICE just quietly unsuspended contract with spyware maker #Paragon. They got caught this year being used to hack journalists. Friend, let me me bring you up to speed on why this is bad on multiple fronts. https://blossom.primal.net/9149c1061b8c41d34f95e36d74f9197bffaaeca0d854081bf16ad63cbde6e22f.png YOUR BACKGROUND BRIEF: #Paragon was co-founded in Israel in 2019 by ex head of Israel's NSA equivalent (Unit 8200) w/ major backing from former Israeli PM Ehud Barak. Pitched themselves as stealthy & abuse-proof alternative to NSO Group's Pegasus. https://blossom.primal.net/20174dc33c0dfd6b2e621b62621d0ed0d672acde5a2db5ac5e74a93eda49714a.png The company has been trying to get into the US market for years. For a long time all we knew about Paragon was their performance as a 'virtuous' spyware company with values. https://blossom.primal.net/5255146af326cbbd9240db89a6ec67a8b298bae0f91d897ec1161573e19363a7.png All that came to a crashing halt in 2025 when they got very caught, helping customers hack targets across #WhatsApp. WhatsApp did the right thing & notified users. https://blossom.primal.net/eac330ca904f2815e0a813106efe494fd28fd512728b6e561b3c92a4ea309393.png Almost immediately after the WhatsApp notifications, we started learning about the targets. They weren't the supposed serious criminals... They were Journalists... human rights defenders...groups working on sea rescues.. etc In other words, a very NSO-like scandal. https://blossom.primal.net/a530f88b24d07ffae346e2ed762a391f0e3908142a1aa2032a87bcfe0fb649b0.png Ultimately Paragon & its Italian customer had a massive spyware scandal on their hands. WhatsApp wasn't the only player tracking paragon & doing user notifications. Apple got in on the game. Ultimately, we at the Citizen Lab had forensically analyzed cases from each notification round. https://blossom.primal.net/312ea0ccc0a650ab5d77c84cd714687bb6e0f18f47159ae91562a2b7f98270ec.png We testified to Italy's parliamentary intelligence oversight committee about our findings. https://blossom.primal.net/e6cfcf41d686d7fd1c64f12caf1fc2e5e93b9912536fd63abb51259c4a6633b9.png https://blossom.primal.net/79cb9ecdfe9c86ba9a4e051f93b8f74d9329f7b14a68e4b1ad7cf382c227d8e0.png The conclusion? Deeply unsatisfactory. Italy admitted hacking some targets, but denied hacking journalists. Tons of loose ends with Paragon. And they haven't been honest about who used their tech to hack journalists in Europe. BIG PICTURE: After 14 years investigating countless spyware companies, I tell you with confidence: Mercenary spyware is a power abuse machine incompatible with American constitutional rights and freedoms. Our legal system isn't designed for it, oversight mechanisms are woefully inadequate to protect our rights... Here's the thing. You probably know that mercenary spyware like #Pegasus gets sold to dictators. Who, predictably, abuse it. But We have a growing pile of cases where spyware is sold to democracies... and then gets abused. HISTORY LESSONS History shows: secret surveillance usually winds up abused. The history of the US is littered with surveillance abuses. Thing is, our phones offer an unprecedented window into our lives. Making zero-click mercenary spyware an especially grave risk to all our freedoms. If the government has wants access to your accounts for law enforcement...they have to prepare a judicially authorized request and send it to the company, which reviews it. Mercenary spyware bypasses any external review. And the whole industry behind it seeks maximum obscurity. COUNTERINTELLIGENCE THREATS? YEAH THAT TOO I'm concerned about the impact on our rights an dour privacy. But there's something else that should worry everybody about the choice to work with the company: Paragon poses a potentially grave counterintelligence threat to the US. Let me explain. When you use an integrated spyware package to conduct sensitive law enforcement / intelligence business, you have to place a lot of trust in them... If the developers originate from a foreign intelligence service that aggressively collects against the US government, that should be a huge red flag. America (or any country) should be maximally wary about using foreign-developed surveillance tech for the same reason that America shouldn't operate a Chinese-made stealth fighter. So, have Paragon's spyware, people & ops been aggressively vetted for technical and human counterintelligence risks? MERCENARY SPYWARE = FATE SHARING Paragon's #Graphite mercenary spyware shares the same downsides as other products in their class: ❌They keep getting caught We researchers aren't the only ones that have found techniques for tracking and identifying Paragon spyware... I'm sure hostile govs have too. https://blossom.primal.net/0e709adfa8b5b3dd375c80180988f8e322c36d1803e4c25ec1bde250716c8302.png ❌Customers fate share. Since all customers roll the same tech, when one gets caught it impacts & potentially exposes everyones' activities. Now, that fate sharing will include US law enforcement activity. WHAT CAN YOU DO? What can you do? Take 5 minutes and call your member of Congress. Ask them to request a briefing on Paragon. They should ask whether the company was properly vetted & reviewed. What is the oversight mechanism for this maximally invasive technology? What are the guardrails? How would abuses be handled? Etc. PERSONAL SECURITY? Paragon & this category of spyware is fiendishly hard to track & defend against. And on a personal level? Apple's Lockdown Mode & Android Advanced Protection both offer some serious security benefits but neither is a silver bullet.. Unfortunately, as of right now I am pretty confident that no publicly available / commercially developed third party tool can reliably detect Paragon spyware either in realtime. Or retrospectively. Beware a false sense of security. If you got this far & found this post useful, let me know! Drop a comment. SELECTED READING LIST Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital https://jackpoulson.substack.com/p/exclusive-ice-has-reactivated-its Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/ Graphite Caught First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
+- jsr -- 239d -------------------------------------------------------------[...]+ | | | GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... | | | | They just published an advisory about it. | | | | Say attackers combined the exploit with an Apple vulnerability to hack a | | specific group of targets (i.e. this wasn't pointed at everybody) | | | | https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8 | | 040b7aab8cfff.png | | | | That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. | | | | But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long | | ago? | | | | You have. | | | | A big user base makes a platform big target for exploit development. | | | | Attacker's perspective = an exploit against a popular messenger gives you | | potential access to a lot of devices. | | | | The regular tempo of large platforms catching sophisticated exploits is a good | | sign. | | | | They're paying attention & devoting resources to a growing category: highly | | targeted, sophisticated attacks. | | | | But it's also a reminder of the magnitude of the threat. | | https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dc | | dec3de45f8b11.png | | | | Here's the Apple CVE. | | | | Somewhere, earlier this summer, some people in a room probably had a bad day | | when this clever cross-app chain stopped working. | | | | The cross- app chain = probably also a sign of the increasing tech lift | | required to get to device compromise. Consequence of various mitigations. | | | | The cost-to-compromise is only going up. Which is arguably a sign that the | | increasing scrutiny + efforts by platforms & OS developers is having an | | impact. | | | | That said, the threat of this stuff is going nowhere because there's an | | infinite governmental appetite for compromise. | | | | Still, I'd argue that increasing costs of zero-clicks has the effect of | | pricing out a bunch of potential actors which slows the proliferation of this | | tech to *some* bad actors. | | | | WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ | | | | Apple Advisory: https://support.apple.com/en-us/124925 | | | +-- reply ------------------------------------------------------------------- ---+GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... They just published an advisory about it. Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody) https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8040b7aab8cfff.png That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago? You have. A big user base makes a platform big target for exploit development. Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices. The regular tempo of large platforms catching sophisticated exploits is a good sign. They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks. But it's also a reminder of the magnitude of the threat. https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dcdec3de45f8b11.png Here's the Apple CVE. Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working. The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations. The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by platforms & OS developers is having an impact. That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for compromise. Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors which slows the proliferation of this tech to *some* bad actors. WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ Apple Advisory: https://support.apple.com/en-us/124925
+- jsr -- 245d -------------------------------------------------------------[...]+ | | | Did the University of Chicago blow their endowment on shitcoins? | | | | Nobody is exactly sure how much they gambled and lost on 'crypto.' | | | | But they are now freezing research amidst federal funding cuts. | | | | https://blossom.primal.net/80f8ea9b854920942d5ae0ea946c28e5763ac291ea148e09ea6 | | 5c3605bddf749.png | | | | If only they'd put that money into BTC those labs where I slaved away as an | | undergrad would be humming. | | | | Source: | | https://stanfordreview.org/uchicago-lost-money-on-crypto-then-froze-research-w | | hen-federal-funding-was-cut/ | | | +-- reply ------------------------------------------------------------------- ---+Did the University of Chicago blow their endowment on shitcoins? Nobody is exactly sure how much they gambled and lost on 'crypto.' But they are now freezing research amidst federal funding cuts. https://blossom.primal.net/80f8ea9b854920942d5ae0ea946c28e5763ac291ea148e09ea65c3605bddf749.png If only they'd put that money into BTC those labs where I slaved away as an undergrad would be humming. Source: https://stanfordreview.org/uchicago-lost-money-on-crypto-then-froze-research-when-federal-funding-was-cut/
+- jsr -- 246d -------------------------------------------------------------[...]+ | | | Government‑mandated KYC to read is coming fast. | | | | And the walls of castle freedom are cracking. | | | | | | https://blossom.primal.net/0adf7bd998849dbe165fb9fd64a56ce4b23353d0b8e8ff04c47 | | f678d490eeaac.png | | | +-- reply ------------------------------------------------------------------- ---+Government‑mandated KYC to read is coming fast. And the walls of castle freedom are cracking. https://blossom.primal.net/0adf7bd998849dbe165fb9fd64a56ce4b23353d0b8e8ff04c47f678d490eeaac.png
+- jsr -- 246d -------------------------------------------------------------[...]+ | | | Why haven't mosquitoes evolved silent flight? | | | +-- reply ------------------------------------------------------------------- ---+Why haven't mosquitoes evolved silent flight?
+- jsr -- 248d -------------------------------------------------------------[...]+ | | | "everybody who's out there thinking of using VPNs, let me just say to you | | directly, verifying your age keeps a child safe...So let's just not try and | | find a way around. Just prove your age." | | | | - UK government. | | | | https://blossom.primal.net/603be98e6ef0e56611d5583c63c9ec0b2461541b81785456cd0 | | 441048b2db5d3.mp4 | | | +-- reply ------------------------------------------------------------------- ---+"everybody who's out there thinking of using VPNs, let me just say to you directly, verifying your age keeps a child safe...So let's just not try and find a way around. Just prove your age." - UK government. https://blossom.primal.net/603be98e6ef0e56611d5583c63c9ec0b2461541b81785456cd0441048b2db5d3.mp4
+- jsr -- 249d -------------------------------------------------------------[...]+ | | | WHOA: Could Germany Ban Ad Blockers? | | | | German megapublisher Axel Springer is asking a German court to ban an | | ad-blocker. | | | | They claim HTML/ CSS of their sites are protected computer programs. | | | | And influencing they are displayed (e.g by removing ads) violates copyright. | | | | https://blossom.primal.net/f1aac1c7cba207b4d4e91d2b267422fa792447a5cdcdc9d3b27 | | edc3deb899a7a.png | | | | I'm in puzzled wonderment at this claim. | | | | Preventing ad-blocking would be a huge blow to German cybersecurity and | | privacy. | | | | https://blossom.primal.net/a92542ec974ecc602b7befd2400ae837980bd04b2f7ebf0dfe9 | | 744ae8807b2bd.png | | | | There are critical security & privacy reasons to influence how a websites code | | gets displayed. | | | | Like stripping out dangerous code & malvertising. | | | | Hacking risks from the online advertising are documented. | | | | https://blossom.primal.net/f3ed60773ca3408465acd4dbfdbb649bb9b209ea5d976dcb3b8 | | a15e7b3e15e93.png | | | | Any attempt to force Germans to run all of the code on a website without | | consideration for their privacy and security rights and needs will end very, | | very poorly. | | | | Defining HTML/CSS as a protected computer program will quickly lead to | | absurdities touching every corner of the internet. | | | | Just think of the potential infringements: | | | | -Screen readers for the blind | | -'Dark mode' bowser extensions | | -Displaying snippets of code in a university class | | -Inspecting & modifying code in your own browser | | -Website translators | | | | Or blocking unwanted trackers. | | | | This is why most governments do it on their systems. | | | | https://blossom.primal.net/b1d66083392034b2062aebd1cb6059fcca669520b50d065e54d | | c4dce4bde8c69.png | | | | I'm not a lawyer, but if Axel Springer wins the consequences are just nuts: | | | | Basic stuff like bookmarking & saving a local copy of a website might be | | legally risky. | | | | The Wayback Machine & internet archives and libraries might be violators. | | | | This might even extend to search engines displaying excerpts of sites. | | | | Code sharing sites like GitHub could become a liability minefield... | | | | The list goes on and on. | | | | Finally, only one country has banned ad-blockers. China. | | | | This is not good company for Germany. | | | | | | READ MORE: From Mozilla | | https://blog.mozilla.org/netpolicy/2025/08/14/is-germany-on-the-brink-of-banni | | ng-ad-blockers-user-freedom-privacy-and-security-is-at-risk/ | | | | Bleeping Computer: | | https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-d | | eclare-ad-blockers-illegal/ | | | +-- reply ------------------------------------------------------------------- ---+WHOA: Could Germany Ban Ad Blockers? German megapublisher Axel Springer is asking a German court to ban an ad-blocker. They claim HTML/ CSS of their sites are protected computer programs. And influencing they are displayed (e.g by removing ads) violates copyright. https://blossom.primal.net/f1aac1c7cba207b4d4e91d2b267422fa792447a5cdcdc9d3b27edc3deb899a7a.png I'm in puzzled wonderment at this claim. Preventing ad-blocking would be a huge blow to German cybersecurity and privacy. https://blossom.primal.net/a92542ec974ecc602b7befd2400ae837980bd04b2f7ebf0dfe9744ae8807b2bd.png There are critical security & privacy reasons to influence how a websites code gets displayed. Like stripping out dangerous code & malvertising. Hacking risks from the online advertising are documented. https://blossom.primal.net/f3ed60773ca3408465acd4dbfdbb649bb9b209ea5d976dcb3b8a15e7b3e15e93.png Any attempt to force Germans to run all of the code on a website without consideration for their privacy and security rights and needs will end very, very poorly. Defining HTML/CSS as a protected computer program will quickly lead to absurdities touching every corner of the internet. Just think of the potential infringements: -Screen readers for the blind -'Dark mode' bowser extensions -Displaying snippets of code in a university class -Inspecting & modifying code in your own browser -Website translators Or blocking unwanted trackers. This is why most governments do it on their systems. https://blossom.primal.net/b1d66083392034b2062aebd1cb6059fcca669520b50d065e54dc4dce4bde8c69.png I'm not a lawyer, but if Axel Springer wins the consequences are just nuts: Basic stuff like bookmarking & saving a local copy of a website might be legally risky. The Wayback Machine & internet archives and libraries might be violators. This might even extend to search engines displaying excerpts of sites. Code sharing sites like GitHub could become a liability minefield... The list goes on and on. Finally, only one country has banned ad-blockers. China. This is not good company for Germany. READ MORE: From Mozilla https://blog.mozilla.org/netpolicy/2025/08/14/is-germany-on-the-brink-of-banning-ad-blockers-user-freedom-privacy-and-security-is-at-risk/ Bleeping Computer: https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/
+- jsr -- 249d -------------------------------------------------------------[...]+ | | | NEW: UK reportedly drops secret demand for Apple encryption backdoor. | | | | Good. | | | | https://blossom.primal.net/38dc0f66a1f407c85c64a7ea0db90a8f3bb5e7d335249f4036c | | 91589b551842e.png | | | | While there was strong activist pressure here the key push came from the US | | government. | | https://blossom.primal.net/5575a11ab7e5879e296f79d5ef9719175c0b6582643c0493cd8 | | 719a2b8030a50.png | | | | But there is zero rest for the weary as the UK has been leaning much harder | | into Age Verification. | | | | Which is another mechanism for gaining deep visibility into peoples online | | activity. | | | | Story: | | https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands- | | dropped | | | +-- reply ------------------------------------------------------------------- ---+NEW: UK reportedly drops secret demand for Apple encryption backdoor. Good. https://blossom.primal.net/38dc0f66a1f407c85c64a7ea0db90a8f3bb5e7d335249f4036c91589b551842e.png While there was strong activist pressure here the key push came from the US government. https://blossom.primal.net/5575a11ab7e5879e296f79d5ef9719175c0b6582643c0493cd8719a2b8030a50.png But there is zero rest for the weary as the UK has been leaning much harder into Age Verification. Which is another mechanism for gaining deep visibility into peoples online activity. Story: https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped
+- jsr -- 256d -------------------------------------------------------------[...]+ | | | Yeah! Humans do OSINT. Some do it super well. | | | | So what is different about an automated house locator as a service that uses | | dwelling interior pics? | | | | Turns out we counted on friction to protect us. | | | | Not rules. Not norms. | | | | There just weren't millions of Trevor Rainbolts that could act instantly OSINT | | anything that invasive. | | | | https://blossom.primal.net/169aae69feb40bf254177ebfa8c1216f3fca6d771fd556ea6ec | | 8430bebfdb8c7.png | | | | It was a cost thing. | | | | Meanwhile the datasets were getting collected. Zillow. AirBnB.. etc etc. | | | | When the right invasive automation came along... the privacy / rights | | intrusion became automated & scaled. Unstoppable. | | | | And we were left unprotected. | | | | Like with so many privacy & power things. | | | | nostr:nevent1qvzqqqqqqypzqj4y6gjyqacy98a8gkm8f74hu3hdyelndgdt4ehlf6xjd6m9kl6jq | | ythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qqsytkkgjxwyj2m7u5wcx7hc6kgryw6njdtaluw | | qt53j676pkrarqsck3yr9a | | | +-- reply ------------------------------------------------------------------- ---+Yeah! Humans do OSINT. Some do it super well. So what is different about an automated house locator as a service that uses dwelling interior pics? Turns out we counted on friction to protect us. Not rules. Not norms. There just weren't millions of Trevor Rainbolts that could act instantly OSINT anything that invasive. https://blossom.primal.net/169aae69feb40bf254177ebfa8c1216f3fca6d771fd556ea6ec8430bebfdb8c7.png It was a cost thing. Meanwhile the datasets were getting collected. Zillow. AirBnB.. etc etc. When the right invasive automation came along... the privacy / rights intrusion became automated & scaled. Unstoppable. And we were left unprotected. Like with so many privacy & power things. nostr:nevent1qvzqqqqqqypzqj4y6gjyqacy98a8gkm8f74hu3hdyelndgdt4ehlf6xjd6m9kl6jqythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qqsytkkgjxwyj2m7u5wcx7hc6kgryw6njdtaluwqt53j676pkrarqsck3yr9a
+- jsr -- 257d -------------------------------------------------------------[...]+ | | | Location tracking based on interior pictures. | | | | It will be abused to target people. | | | | Post the inside your place at your peril. | | https://blossom.primal.net/37c8d6d2f6c2c9ce1d8d3332fbbfd044b20ec93e0af249f1013 | | d527e55532178.png | | | +-- reply ------------------------------------------------------------------- ---+Location tracking based on interior pictures. It will be abused to target people. Post the inside your place at your peril. https://blossom.primal.net/37c8d6d2f6c2c9ce1d8d3332fbbfd044b20ec93e0af249f1013d527e55532178.png
+- jsr -- 257d -------------------------------------------------------------[...]+ | | | Earliest days of vibecoding-as-a-target. | | | | Without a radical increase in security, vibecoders will get wiped out & lose | | their savings. | | | | https://blossom.primal.net/c462c603484af25db18c1ac377645528de47bb89f48612b6562 | | 67f31383441b8.png | | | | And their companies will get hit with fat breaches. | | https://blossom.primal.net/ca0c5f4be51943cf17235bfa2bbb3aaa4f245ab73676de62df3 | | 59e56192a3694.png | | | | Me? I'm waiting for attackers to figure out how to reliably slip backdoors | | into vibecoded outputs at scale. | | | +-- reply ------------------------------------------------------------------- ---+Earliest days of vibecoding-as-a-target. Without a radical increase in security, vibecoders will get wiped out & lose their savings. https://blossom.primal.net/c462c603484af25db18c1ac377645528de47bb89f48612b656267f31383441b8.png And their companies will get hit with fat breaches. https://blossom.primal.net/ca0c5f4be51943cf17235bfa2bbb3aaa4f245ab73676de62df359e56192a3694.png Me? I'm waiting for attackers to figure out how to reliably slip backdoors into vibecoded outputs at scale.
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | Neuroticism? Ripping. | | | | Conscientiousness & agreeableness? Dipping. | | https://blossom.primal.net/c12eb7010fba26e5ad3391a0d55e47d3a9bf61fccd2b5aacd58 | | 4aa86e528da2b.png | | | | Via FT: https://www.ft.com/content/5cd77ef0-b546-4105-8946-36db3f84dc43 | | | +-- reply ------------------------------------------------------------------- ---+Neuroticism? Ripping. Conscientiousness & agreeableness? Dipping. https://blossom.primal.net/c12eb7010fba26e5ad3391a0d55e47d3a9bf61fccd2b5aacd584aa86e528da2b.png Via FT: https://www.ft.com/content/5cd77ef0-b546-4105-8946-36db3f84dc43
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | NEW: 🇩🇪Germany's top court says spyware severely violates fundamental rights. | | | | Bans spyware in cases with <3year sentences. | | | | Enforces tough proportionality tests on all surveillance. | | | | https://blossom.primal.net/c1cb0062fe7c265c22c8d71453b0ba4ac6686c1aedb23f72b02 | | e4b4e2801fb86.png | | | | Restricts spyware to serious cases. | | | | Interesting development. | | | | | | https://blossom.primal.net/a2ba5661ae80e0ddc56672a4186b5e6dabac8d8c18691a9b4ff | | 7fe0232e6c6bc.png | | Court says: capturing data at the source (i.e. on someone's phone) is | | maximally invasive. | | | | Especially given how much of our lives happens online. | | | | They also surface the security risks to systems from this kind of | | surveillance. | | | | https://blossom.primal.net/30448a7dfdb898087a6e684cba842c1a01d101c4746863db380 | | 187171a70fa5d.png | | | | Watching Germany's highest court grapple with spyware's invasiveness & rights | | violations is instructive. | | | | States wielding spyware without robust legal limitations and tight judicial | | oversight... are almost guaranteed to be violating their citizens' basic | | rights. | | | | In so many jurisdictions, state secrecy & lack of effective legal challenges | | means spyware harms happening daily | | | | Huge credit to German digital freedoms organization #digitalcourage | | for bringing this case. | | | | Court statement: | | https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2025/ | | bvg25-069.html | | | +-- reply ------------------------------------------------------------------- ---+NEW: 🇩🇪Germany's top court says spyware severely violates fundamental rights. Bans spyware in cases with <3year sentences. Enforces tough proportionality tests on all surveillance. https://blossom.primal.net/c1cb0062fe7c265c22c8d71453b0ba4ac6686c1aedb23f72b02e4b4e2801fb86.png Restricts spyware to serious cases. Interesting development. https://blossom.primal.net/a2ba5661ae80e0ddc56672a4186b5e6dabac8d8c18691a9b4ff7fe0232e6c6bc.png Court says: capturing data at the source (i.e. on someone's phone) is maximally invasive. Especially given how much of our lives happens online. They also surface the security risks to systems from this kind of surveillance. https://blossom.primal.net/30448a7dfdb898087a6e684cba842c1a01d101c4746863db380187171a70fa5d.png Watching Germany's highest court grapple with spyware's invasiveness & rights violations is instructive. States wielding spyware without robust legal limitations and tight judicial oversight... are almost guaranteed to be violating their citizens' basic rights. In so many jurisdictions, state secrecy & lack of effective legal challenges means spyware harms happening daily Huge credit to German digital freedoms organization #digitalcourage for bringing this case. Court statement: https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2025/bvg25-069.html
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | Internet-connected microphones in school bathrooms. | | | | What could go wrong? | | | | https://blossom.primal.net/cde78c4f30f6dcc440598f49641fa6c7a29a7a6816f048dce13 | | 128be8df7749e.png | | | | Mandated microphones in private spaces are a bad idea. | | | | Throwing invasive sensors into private spaces rarely fixes socially scary | | problems. | | | | But is almost guaranteed to have risky downsides. | | https://blossom.primal.net/7da39cdd62cbd37ae4b6ceedc0bfbf8ce729b74809e18f41f69 | | 7cf54a9b605ea.png | | | | Story: https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/ | | | +-- reply ------------------------------------------------------------------- ---+Internet-connected microphones in school bathrooms. What could go wrong? https://blossom.primal.net/cde78c4f30f6dcc440598f49641fa6c7a29a7a6816f048dce13128be8df7749e.png Mandated microphones in private spaces are a bad idea. Throwing invasive sensors into private spaces rarely fixes socially scary problems. But is almost guaranteed to have risky downsides. https://blossom.primal.net/7da39cdd62cbd37ae4b6ceedc0bfbf8ce729b74809e18f41f697cf54a9b605ea.png Story: https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/
+- jsr -- 262d -------------------------------------------------------------[...]+ | | | Regular people know that age verification mandates won't work. | | | | But they are worried about their children's safety, and they aren't being | | offered non-dystopian alternatives. | | | | https://blossom.primal.net/83ced0c9030964182d85a09e59c52538fd077070dfcace62e06 | | 725a5169a0220.png | | | +-- reply ------------------------------------------------------------------- ---+Regular people know that age verification mandates won't work. But they are worried about their children's safety, and they aren't being offered non-dystopian alternatives. https://blossom.primal.net/83ced0c9030964182d85a09e59c52538fd077070dfcace62e06725a5169a0220.png
No replies found in cached notes yet.
+- jsr -- 26d --------------------------------------------------------------[...]+ | | | If you're pissing off the powerful interests, watch this video. | | | | Follow along. Get safer. | | https://blossom.primal.net/254e0fd82b201f4d3d6e761dd9c6e574084c0ab32b185bece21 | | dd55a3f811f8e.mp4 | | | +-- reply ------------------------------------------------------------------- ---+If you're pissing off the powerful interests, watch this video. Follow along. Get safer. https://blossom.primal.net/254e0fd82b201f4d3d6e761dd9c6e574084c0ab32b185bece21dd55a3f811f8e.mp4
+- jsr -- 76d --------------------------------------------------------------[...]+ | | | They showed us cute missing dogs & we consented to opt into a mass human | | tracking system. | | | | I think Ring's wants to be Flock. On steroids. | | | | Because instead of just sketchy cameras in parking lots, Search Party will | | cover your own backyards & homes. | | | | https://blossom.primal.net/e4d0c92c8190d6d808b4f1d54e06031e1358d317344aa71d180 | | 9f7403f253c04.mp4 | | | | And if you & your neighbors want to challenge the loss of privacy? Well, how | | exactly would you do that effectively? | | | | Because, instead of going to the city council, looking at the contracts, and | | calling out your mayor for speeding your city to dystopia, it's massive and | | distributed. | | | | Will you even know which of your neighbors is now helping to feed the system? | | | | If we had half competent privacy regulators & laws in the US this kind of | | thing would be a big, hard fight for Ring. | | | | Instead? It's a Super Bowl commercial. | | | | Oh, and yeah Ring has already partnered with Flock Safety to incorporate tools | | letting the government directly request footage | | | +-- reply ------------------------------------------------------------------- ---+They showed us cute missing dogs & we consented to opt into a mass human tracking system. I think Ring's wants to be Flock. On steroids. Because instead of just sketchy cameras in parking lots, Search Party will cover your own backyards & homes. https://blossom.primal.net/e4d0c92c8190d6d808b4f1d54e06031e1358d317344aa71d1809f7403f253c04.mp4 And if you & your neighbors want to challenge the loss of privacy? Well, how exactly would you do that effectively? Because, instead of going to the city council, looking at the contracts, and calling out your mayor for speeding your city to dystopia, it's massive and distributed. Will you even know which of your neighbors is now helping to feed the system? If we had half competent privacy regulators & laws in the US this kind of thing would be a big, hard fight for Ring. Instead? It's a Super Bowl commercial. Oh, and yeah Ring has already partnered with Flock Safety to incorporate tools letting the government directly request footage
+- jsr -- 81d --------------------------------------------------------------[...]+ | | | I TRUST YOU BUT YOUR AI AGENT IS A SNITCH: Why We Need a New Social Contract | | | | We’re chatting on Signal, enjoying encryption, right? But your DIY | | productivity agent is piping the whole thing back to Anthropic. | | | | Friend, you’ve just created a permanent subpoena-able record of my private | | thoughts held by a corporation that owes me zero privacy protections. | | https://blossom.primal.net/220613c4d3889e2403ef4c836490cefbb81822b190b270076e2 | | 89d2a2e057a85.png | | | | Even when folks use open-source agents like #openclaw in decentralized setups, | | the default /easy configuration is to plug in an API resulting in data getting | | backhauled to Anthropic, OpenAI, etc. | | | | And so those providers get all the good stuff: intimate confessions, legal | | strategies, work gripes. Worse? Even if you’ve made peace with this, your | | friends absolutely haven’t consented to their secrets piped to a datacenter. | | Do they even know? | | | | Governments are spending a lot of time trying to kill end-to-end encryption, | | but if we’re not careful, we’ll do the job for them. | | | | The problem is big & growing: | | | | Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. | | Think: desktop productivity tools by a big company. Hello, Copilot. These | | companies already have tons of incentive to soak up your private stuff & are | | very unlikely to respect developer intent & privacy without big fights (Those | | fights need to keep happening) | | | | Threat 2: DIY agents that are privacy leaky as hell, not through evil intent | | or misaligned ethics, but just because folks are excited and moving quickly. | | Or carelessly. And are using someone’s API. | | | | I sincerely hope is that the DIY/ OpenSource ecosystem that is spinning up | | around AI agents has some privacy heroes in it. Because it should be possible | | to do some building & standards that use permission and privacy as the first | | principle. | | | | Maybe we can show what’s possible for respecting privacy so that we can demand | | it from big companies? | | | | Respecting your friends means respecting when they use encrypted messaging. It | | means keeping privacy-leaking agents out of private spaces without all-party | | consent. | | | | Ideas to mull (there are probably better ones, but I want to be constructive): | | | | Human only mode/ X-No-Agents flags | | How about converging on some standards & app signals that AI agents must | | respect, absolutely. Like signals that an app/chat can emit & be opted out of | | exposure to an AI agent. | | | | Agent Exclusion Zones | | For example, starting with the premise that the correct way to respect | | developer (& user intent) with end to end encrypted apps is that they not be | | included, perhaps with the exception [risky tho!] of whitelisting specific | | chats etc. This is important right now since so many folks are getting excited | | about connecting their agents to encrypted messengers as a control channel, | | which is going to mean lots more integrations soon. | | | | #NoSecretAgents Dev Pledge | | Something like a developer pledge that agents will declare themselves in chat | | and not share data to a backend without all-party consent. | | | | None of these ideas are remotely perfect, but unless we start experimenting | | with them now, we're not building our best future. | | | | Next challenge? Local Only / Private Processing: local-First as a default. | | Unless we move very quickly towards a world where the processing that agents | | do is truly private (e.g. not accessible to a third party) and/or local by | | default, even if agents are not shipping signal chats, they are creating an | | unbelievably detailed view into your personal world, held by others. And | | fundamentally breaking your own mental model of what on your device is & isn't | | under your control / private. | | | +-- reply ------------------------------------------------------------------- ---+I TRUST YOU BUT YOUR AI AGENT IS A SNITCH: Why We Need a New Social Contract We’re chatting on Signal, enjoying encryption, right? But your DIY productivity agent is piping the whole thing back to Anthropic. Friend, you’ve just created a permanent subpoena-able record of my private thoughts held by a corporation that owes me zero privacy protections. https://blossom.primal.net/220613c4d3889e2403ef4c836490cefbb81822b190b270076e289d2a2e057a85.png Even when folks use open-source agents like #openclaw in decentralized setups, the default /easy configuration is to plug in an API resulting in data getting backhauled to Anthropic, OpenAI, etc. And so those providers get all the good stuff: intimate confessions, legal strategies, work gripes. Worse? Even if you’ve made peace with this, your friends absolutely haven’t consented to their secrets piped to a datacenter. Do they even know? Governments are spending a lot of time trying to kill end-to-end encryption, but if we’re not careful, we’ll do the job for them. The problem is big & growing: Threat 1: proprietary AI agents. Helpers inside apps or system-wide stuff. Think: desktop productivity tools by a big company. Hello, Copilot. These companies already have tons of incentive to soak up your private stuff & are very unlikely to respect developer intent & privacy without big fights (Those fights need to keep happening) Threat 2: DIY agents that are privacy leaky as hell, not through evil intent or misaligned ethics, but just because folks are excited and moving quickly. Or carelessly. And are using someone’s API. I sincerely hope is that the DIY/ OpenSource ecosystem that is spinning up around AI agents has some privacy heroes in it. Because it should be possible to do some building & standards that use permission and privacy as the first principle. Maybe we can show what’s possible for respecting privacy so that we can demand it from big companies? Respecting your friends means respecting when they use encrypted messaging. It means keeping privacy-leaking agents out of private spaces without all-party consent. Ideas to mull (there are probably better ones, but I want to be constructive): Human only mode/ X-No-Agents flags How about converging on some standards & app signals that AI agents must respect, absolutely. Like signals that an app/chat can emit & be opted out of exposure to an AI agent. Agent Exclusion Zones For example, starting with the premise that the correct way to respect developer (& user intent) with end to end encrypted apps is that they not be included, perhaps with the exception [risky tho!] of whitelisting specific chats etc. This is important right now since so many folks are getting excited about connecting their agents to encrypted messengers as a control channel, which is going to mean lots more integrations soon. #NoSecretAgents Dev Pledge Something like a developer pledge that agents will declare themselves in chat and not share data to a backend without all-party consent. None of these ideas are remotely perfect, but unless we start experimenting with them now, we're not building our best future. Next challenge? Local Only / Private Processing: local-First as a default. Unless we move very quickly towards a world where the processing that agents do is truly private (e.g. not accessible to a third party) and/or local by default, even if agents are not shipping signal chats, they are creating an unbelievably detailed view into your personal world, held by others. And fundamentally breaking your own mental model of what on your device is & isn't under your control / private.
+- jsr -- 93d --------------------------------------------------------------[...]+ | | | NEW: Microsoft turned over Bitlocker keys to FBI. | | | | https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb | | 23e0f250a06f4.png | | | | When you key escrow your disk encryption with someone, they can be targeted | | with a warrant. | | | | This case is a really good illustration that if you nudge users with a default | | to save their keys with you... they will do so & may not fully understand the | | implications. | | https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804 | | dcb1fdb0489cc.png | | | | Of course, once the requests start working... they are likely to accelerate. | | | | Story: | | https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys | | -to-unlock-bitlocker-encrypted-data/ | | | +-- reply ------------------------------------------------------------------- ---+NEW: Microsoft turned over Bitlocker keys to FBI. https://blossom.primal.net/d53ad480f6b41bdac3078baa310c1c1f813fba8c981079b8afb23e0f250a06f4.png When you key escrow your disk encryption with someone, they can be targeted with a warrant. This case is a really good illustration that if you nudge users with a default to save their keys with you... they will do so & may not fully understand the implications. https://blossom.primal.net/6fd6c36cc07d44c8bd380439cb8fe0b3d2c23acc92f615ba804dcb1fdb0489cc.png Of course, once the requests start working... they are likely to accelerate. Story: https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/
+- jsr -- 170d -------------------------------------------------------------[...]+ | | | YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in | | 🇺🇸America. | | | | I believe they won't stop lobbying until they get Pegasus into USA. | | | | To hack Americans. | | https://blossom.primal.net/ede4092ee60114cd3466cf082d7633a9954be5ba91db50c289a | | 4fb2b9ccf8ee1.png | | | +-- reply ------------------------------------------------------------------- ---+YIKES: NSO floats Pegasus spyware use in a "time of domestic crisis" in 🇺🇸America. I believe they won't stop lobbying until they get Pegasus into USA. To hack Americans. https://blossom.primal.net/ede4092ee60114cd3466cf082d7633a9954be5ba91db50c289a4fb2b9ccf8ee1.png
+- jsr -- 187d -------------------------------------------------------------[...]+ | | | POV: you can't sleep because your bed can't talk to AWS. | | | | https://blossom.primal.net/f40fdc9b25221afe46b052d2bcc18bac615d331f0dc7410af48 | | 5942b8717a350.png | | | | Design thinking that inserts brittle dependence into our lives while | | extracting fees for life. | | | | Don't be these guys. | | | +-- reply ------------------------------------------------------------------- ---+POV: you can't sleep because your bed can't talk to AWS. https://blossom.primal.net/f40fdc9b25221afe46b052d2bcc18bac615d331f0dc7410af485942b8717a350.png Design thinking that inserts brittle dependence into our lives while extracting fees for life. Don't be these guys.
+- jsr -- 188d -------------------------------------------------------------[...]+ | | | GOOD MORNING. | | | | Today's massive outages nicely illustrate which of your favorite internet | | things are secretly Amazon-dependent. | | | | Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome. | | | | Result? Massive outages. | | | | Sure, Amazon has regions. | | https://blossom.primal.net/aed56335234470f2190b1dab671bc3f2381aeb1947f60d282ee | | dcc7d3eff1141.png | | | | But US-EAST-1 is the legacy/default for a pile of services...and other Global | | Amazon services also depended on it. | | | | So when there was trouble...it was quickly everywhere. | | | | Hyperscalers rule *almost* everything around us. And this is absolutely bad | | news for all sorts of resiliency. | | https://blossom.primal.net/8c682d82f772411b5beec356ae30c14b97d8c3cd700456265ce | | 046fa17459478.png | | | | Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends | | on. | | | | They say they are mostly mitigated & have a pile of backlog to clear. | | https://blossom.primal.net/22ec4642c3406c5e5d2266279370e338e07f91709b5e15e13f5 | | 208898899eb14.png | | | | But this is a great moment to think about just how many eggs that matter are | | in one basket... | | | | https://health.aws.amazon.com/health/status | | | +-- reply ------------------------------------------------------------------- ---+GOOD MORNING. Today's massive outages nicely illustrate which of your favorite internet things are secretly Amazon-dependent. Specifically on US-EAST-1 Region, which woke up with Main Character Syndrome. Result? Massive outages. Sure, Amazon has regions. https://blossom.primal.net/aed56335234470f2190b1dab671bc3f2381aeb1947f60d282eedcc7d3eff1141.png But US-EAST-1 is the legacy/default for a pile of services...and other Global Amazon services also depended on it. So when there was trouble...it was quickly everywhere. Hyperscalers rule *almost* everything around us. And this is absolutely bad news for all sorts of resiliency. https://blossom.primal.net/8c682d82f772411b5beec356ae30c14b97d8c3cd700456265ce046fa17459478.png Amazon sez: root cause = DNS resolution with DynamoDB... which a ton depends on. They say they are mostly mitigated & have a pile of backlog to clear. https://blossom.primal.net/22ec4642c3406c5e5d2266279370e338e07f91709b5e15e13f5208898899eb14.png But this is a great moment to think about just how many eggs that matter are in one basket... https://health.aws.amazon.com/health/status
+- jsr -- 191d -------------------------------------------------------------[...]+ | | | NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. | | | | Result, decentralized, immutable malware from a government crypto theft | | operation. | | https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfa | | a04a023b098b4.png | | | | It only cost $1.37 USD in gas fees per malware change (e.g. to update the | | command & control server) | | | | https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e | | 49387e81eaa36.png | | | | Blockchains as malware dead drops are a fascinating, predictable evolution for | | nation state attackers. | | | | https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485 | | b7aafbbbe38e7.png | | | | And Blockchain explorers are a natural target. | | | | https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1 | | f7515c379de35.png | | | | Nearly impossible to remove. | | https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5 | | c8f223e538407.png | | | | Experimentation with putting malware on blockchains is in infancy. | | | | Ultimately there will be some efforts to try and implement social engineering | | protection around this, but combined with things like agentic AI & vibe coding | | by low-information people...whew boy this gold seam is going to be productive | | for a long time. | | | | Still, where here they used social engineering, I expect attackers to also | | experiment with directly loading zero click exploits onto blockchains | | targeting things like blockchain explorers & other systems that process | | blockchains... especially if they are sometimes hosted on the same systems & | | networks that handle transactions / have wallets. | | | | REPORT: | | https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhidi | | ng | | | +-- reply ------------------------------------------------------------------- ---+NEW: 🇰🇵DPRK hackers have begun hiding malware on blockchain. Result, decentralized, immutable malware from a government crypto theft operation. https://blossom.primal.net/a107de401a522d0914a28dec26d00b96e8444e3d25259e14cfaa04a023b098b4.png It only cost $1.37 USD in gas fees per malware change (e.g. to update the command & control server) https://blossom.primal.net/4ba1cadacaac86882f3363c59e5320db53dd97c6a53fe5a689e49387e81eaa36.png Blockchains as malware dead drops are a fascinating, predictable evolution for nation state attackers. https://blossom.primal.net/29d96437b500d63006608b3bba6fdf5ae776c29ff697dfb7485b7aafbbbe38e7.png And Blockchain explorers are a natural target. https://blossom.primal.net/4a0cb4b61499359f7d3048d03000f6cce432c7211615a8029f1f7515c379de35.png Nearly impossible to remove. https://blossom.primal.net/816dce991b4bd694b9def92d508ae5c35f77df7fd13627ebeb5c8f223e538407.png Experimentation with putting malware on blockchains is in infancy. Ultimately there will be some efforts to try and implement social engineering protection around this, but combined with things like agentic AI & vibe coding by low-information people...whew boy this gold seam is going to be productive for a long time. Still, where here they used social engineering, I expect attackers to also experiment with directly loading zero click exploits onto blockchains targeting things like blockchain explorers & other systems that process blockchains... especially if they are sometimes hosted on the same systems & networks that handle transactions / have wallets. REPORT: https://cloud.google.com/blog/topics/threat-intelligence/dprk-adopts-etherhiding
+- jsr -- 199d -------------------------------------------------------------[...]+ | | | NEW: Cost to 'poison' an LLM and insert backdoors is relatively constant. Even | | as models grow. | | | | Implication: scaling security is orders-of-magnitude harder than scaling LLMs. | | | | https://blossom.primal.net/1bdbe13fe20b39f757d6d440b416a74a2099c63cb50bc344cc1 | | d2e96f7c4646b.png | | | | Prior work had suggested that as model sizes grew, it would make them | | cost-prohibitive to poison. | | | | https://blossom.primal.net/d44c301ef8c297ee3eb30c7e8a161b5dcecc8618dee83607d15 | | 32d9d9ad63b02.png | | | | So, in LLM training-set-land, dilution isn't the solution to pollution. | | | | Just about the same size of poisoned training data that works on a 1B model | | could also work on a 1T model. | | https://blossom.primal.net/2c635801a74e4ddc0628adb7d1f1942cb4431550474696a7a7e | | 36702ecb042b7.png | | I feel like this is something that cybersecurity folks will find intuitive: | | lots of attacks scale. Most defenses don't | | | | PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON | | SAMPLES https://arxiv.org/pdf/2510.07192 | | | +-- reply ------------------------------------------------------------------- ---+NEW: Cost to 'poison' an LLM and insert backdoors is relatively constant. Even as models grow. Implication: scaling security is orders-of-magnitude harder than scaling LLMs. https://blossom.primal.net/1bdbe13fe20b39f757d6d440b416a74a2099c63cb50bc344cc1d2e96f7c4646b.png Prior work had suggested that as model sizes grew, it would make them cost-prohibitive to poison. https://blossom.primal.net/d44c301ef8c297ee3eb30c7e8a161b5dcecc8618dee83607d1532d9d9ad63b02.png So, in LLM training-set-land, dilution isn't the solution to pollution. Just about the same size of poisoned training data that works on a 1B model could also work on a 1T model. https://blossom.primal.net/2c635801a74e4ddc0628adb7d1f1942cb4431550474696a7a7e36702ecb042b7.png I feel like this is something that cybersecurity folks will find intuitive: lots of attacks scale. Most defenses don't PAPER: POISONING ATTACKS ON LLMS REQUIRE A NEAR-CONSTANT NUMBER OF POISON SAMPLES https://arxiv.org/pdf/2510.07192
+- jsr -- 203d -------------------------------------------------------------[...]+ | | | NEW: breach of Discord age verification data. | | | | For some users this means their passports & drivers licenses. | | | | Discord has only run age verification for 6 months. | | | | Age verification is a badly implemented data grab wrapped in a moral panic. | | https://blossom.primal.net/41c3acf48c2d6d9095223d518594566dd9a6362fd09c6bd7a4c | | 2bbb5f5649efd.png | | | | Proponents say age verification = showing your ID at the door to a bar. | | | | But the analogy is often wrong. | | | | It's more like: bouncer photocopies some IDs, & keeps them in a shed around | | back. | | | | There will be more breaches. | | | | But it should bother you that the technology promised to make us all safer, is | | quickly making us less so. | | | | STORIES: | | | | https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hac | | ked---photos-and-messages-accessed/ | | | | https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack | | | +-- reply ------------------------------------------------------------------- ---+NEW: breach of Discord age verification data. For some users this means their passports & drivers licenses. Discord has only run age verification for 6 months. Age verification is a badly implemented data grab wrapped in a moral panic. https://blossom.primal.net/41c3acf48c2d6d9095223d518594566dd9a6362fd09c6bd7a4c2bbb5f5649efd.png Proponents say age verification = showing your ID at the door to a bar. But the analogy is often wrong. It's more like: bouncer photocopies some IDs, & keeps them in a shed around back. There will be more breaches. But it should bother you that the technology promised to make us all safer, is quickly making us less so. STORIES: https://www.forbes.com/sites/daveywinder/2025/10/05/discord-confirms-users-hacked---photos-and-messages-accessed/ https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack
+- jsr -- 207d -------------------------------------------------------------[...]+ | | | PAY ATTENTION: The UK again asked Apple to backdoor iCloud encryption. | | | | Backdoors create a massive target for hackers & criminal groups. | | | | https://blossom.primal.net/39751af1c5bba2b2166341f8135068f8c6e54bdfa6911c5313e | | 1bfce4dffb9c9.png | | | | Dictators will inevitably demand that Apple build the same access structure | | for them. | | | | They insert vulnerable bad things right at the place where we need the | | strongest protections. | | https://blossom.primal.net/cb31d7e5e9ee2da9699e80cda202b1e2ff77feafbfb9eaded77 | | b93f8a2d672ee.png | | | | This latest attempt to demand access is *yet another* unreasonable, secret | | demand on Apple (a TCN) from the Home Office.... | | | | https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265 | | | +-- reply ------------------------------------------------------------------- ---+PAY ATTENTION: The UK again asked Apple to backdoor iCloud encryption. Backdoors create a massive target for hackers & criminal groups. https://blossom.primal.net/39751af1c5bba2b2166341f8135068f8c6e54bdfa6911c5313e1bfce4dffb9c9.png Dictators will inevitably demand that Apple build the same access structure for them. They insert vulnerable bad things right at the place where we need the strongest protections. https://blossom.primal.net/cb31d7e5e9ee2da9699e80cda202b1e2ff77feafbfb9eaded77b93f8a2d672ee.png This latest attempt to demand access is *yet another* unreasonable, secret demand on Apple (a TCN) from the Home Office.... https://www.ft.com/content/d101fd62-14f9-4f51-beff-ea41e8794265
+- jsr -- 236d -------------------------------------------------------------[...]+ | | | NEW: foreign mercenary spyware is coming to the US. | | | | ICE just quietly unsuspended contract with spyware maker #Paragon. | | | | They got caught this year being used to hack journalists. | | | | Friend, let me me bring you up to speed on why this is bad on multiple fronts. | | | | https://blossom.primal.net/9149c1061b8c41d34f95e36d74f9197bffaaeca0d854081bf16 | | ad63cbde6e22f.png | | | | YOUR BACKGROUND BRIEF: | | | | #Paragon was co-founded in Israel in 2019 by ex head of Israel's NSA | | equivalent (Unit 8200) w/ major backing from former Israeli PM Ehud Barak. | | | | Pitched themselves as stealthy & abuse-proof alternative to NSO Group's | | Pegasus. | | https://blossom.primal.net/20174dc33c0dfd6b2e621b62621d0ed0d672acde5a2db5ac5e7 | | 4a93eda49714a.png | | The company has been trying to get into the US market for years. | | | | For a long time all we knew about Paragon was their performance as a | | 'virtuous' spyware company with values. | | | | https://blossom.primal.net/5255146af326cbbd9240db89a6ec67a8b298bae0f91d897ec11 | | 61573e19363a7.png | | All that came to a crashing halt in 2025 when they got very caught, helping | | customers hack targets across #WhatsApp. | | | | WhatsApp did the right thing & notified users. | | https://blossom.primal.net/eac330ca904f2815e0a813106efe494fd28fd512728b6e561b3 | | c92a4ea309393.png | | Almost immediately after the WhatsApp notifications, we started learning about | | the targets. | | | | They weren't the supposed serious criminals... They were Journalists... human | | rights defenders...groups working on sea rescues.. etc | | | | In other words, a very NSO-like scandal. | | https://blossom.primal.net/a530f88b24d07ffae346e2ed762a391f0e3908142a1aa2032a8 | | 7bcfe0fb649b0.png | | Ultimately Paragon & its Italian customer had a massive spyware scandal on | | their hands. | | | | WhatsApp wasn't the only player tracking paragon & doing user notifications. | | Apple got in on the game. | | | | Ultimately, we at the Citizen Lab had forensically analyzed cases from each | | notification round. | | https://blossom.primal.net/312ea0ccc0a650ab5d77c84cd714687bb6e0f18f47159ae9156 | | 2a2b7f98270ec.png | | We testified to Italy's parliamentary intelligence oversight committee about | | our findings. | | https://blossom.primal.net/e6cfcf41d686d7fd1c64f12caf1fc2e5e93b9912536fd63abb5 | | 1259c4a6633b9.png | | https://blossom.primal.net/79cb9ecdfe9c86ba9a4e051f93b8f74d9329f7b14a68e4b1ad7 | | cf382c227d8e0.png | | The conclusion? Deeply unsatisfactory. | | | | Italy admitted hacking some targets, but denied hacking journalists. | | Tons of loose ends with Paragon. And they haven't been honest about who used | | their tech to hack journalists in Europe. | | | | BIG PICTURE: | | | | After 14 years investigating countless spyware companies, I tell you with | | confidence: | | | | Mercenary spyware is a power abuse machine incompatible with American | | constitutional rights and freedoms. | | | | Our legal system isn't designed for it, oversight mechanisms are woefully | | inadequate to protect our rights... | | | | Here's the thing. You probably know that mercenary spyware like #Pegasus gets | | sold to dictators. | | | | Who, predictably, abuse it. | | | | But We have a growing pile of cases where spyware is sold to democracies... | | and then gets abused. | | | | HISTORY LESSONS | | | | History shows: secret surveillance usually winds up abused. | | | | The history of the US is littered with surveillance abuses. | | | | Thing is, our phones offer an unprecedented window into our lives. | | | | Making zero-click mercenary spyware an especially grave risk to all our | | freedoms. | | | | If the government has wants access to your accounts for law enforcement...they | | have to prepare a judicially authorized request and send it to the company, | | which reviews it. | | | | Mercenary spyware bypasses any external review. | | | | And the whole industry behind it seeks maximum obscurity. | | | | COUNTERINTELLIGENCE THREATS? YEAH THAT TOO | | | | I'm concerned about the impact on our rights an dour privacy. | | | | But there's something else that should worry everybody about the choice to | | work with the company: Paragon poses a potentially grave counterintelligence | | threat to the US. Let me explain. | | | | When you use an integrated spyware package to conduct sensitive law | | enforcement / intelligence business, you have to place a lot of trust in | | them... | | | | If the developers originate from a foreign intelligence service that | | aggressively collects against the US government, that should be a huge red | | flag. | | | | America (or any country) should be maximally wary about using | | foreign-developed surveillance tech for the same reason that America shouldn't | | operate a Chinese-made stealth fighter. | | | | So, have Paragon's spyware, people & ops been aggressively vetted for | | technical and human counterintelligence risks? | | | | MERCENARY SPYWARE = FATE SHARING | | Paragon's #Graphite mercenary spyware shares the same downsides as other | | products in their class: | | | | ❌They keep getting caught | | | | We researchers aren't the only ones that have found techniques for tracking | | and identifying Paragon spyware... I'm sure hostile govs have too. | | https://blossom.primal.net/0e709adfa8b5b3dd375c80180988f8e322c36d1803e4c25ec1b | | de250716c8302.png | | ❌Customers fate share. | | | | Since all customers roll the same tech, when one gets caught it impacts & | | potentially exposes everyones' activities. | | | | Now, that fate sharing will include US law enforcement activity. | | | | WHAT CAN YOU DO? | | | | What can you do? Take 5 minutes and call your member of Congress. | | | | Ask them to request a briefing on Paragon. | | | | They should ask whether the company was properly vetted & reviewed. | | | | What is the oversight mechanism for this maximally invasive technology? | | | | What are the guardrails? How would abuses be handled? Etc. | | | | PERSONAL SECURITY? | | | | Paragon & this category of spyware is fiendishly hard to track & defend | | against. | | | | And on a personal level? Apple's Lockdown Mode & Android Advanced Protection | | both offer some serious security benefits but neither is a silver bullet.. | | | | Unfortunately, as of right now I am pretty confident that no publicly | | available / commercially developed third party tool can reliably detect | | Paragon spyware either in realtime. Or retrospectively. | | | | Beware a false sense of security. | | | | If you got this far & found this post useful, let me know! Drop a comment. | | | | SELECTED READING LIST | | | | Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm | | Paragon, following its acquisition by U.S. capital | | https://jackpoulson.substack.com/p/exclusive-ice-has-reactivated-its | | | | Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations | | https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-o | | perations/ | | | | Graphite Caught | | First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds | | Journalists Targeted | | https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-merc | | enary-spyware-finds-journalists-targeted/ | | | +-- reply ------------------------------------------------------------------- ---+NEW: foreign mercenary spyware is coming to the US. ICE just quietly unsuspended contract with spyware maker #Paragon. They got caught this year being used to hack journalists. Friend, let me me bring you up to speed on why this is bad on multiple fronts. https://blossom.primal.net/9149c1061b8c41d34f95e36d74f9197bffaaeca0d854081bf16ad63cbde6e22f.png YOUR BACKGROUND BRIEF: #Paragon was co-founded in Israel in 2019 by ex head of Israel's NSA equivalent (Unit 8200) w/ major backing from former Israeli PM Ehud Barak. Pitched themselves as stealthy & abuse-proof alternative to NSO Group's Pegasus. https://blossom.primal.net/20174dc33c0dfd6b2e621b62621d0ed0d672acde5a2db5ac5e74a93eda49714a.png The company has been trying to get into the US market for years. For a long time all we knew about Paragon was their performance as a 'virtuous' spyware company with values. https://blossom.primal.net/5255146af326cbbd9240db89a6ec67a8b298bae0f91d897ec1161573e19363a7.png All that came to a crashing halt in 2025 when they got very caught, helping customers hack targets across #WhatsApp. WhatsApp did the right thing & notified users. https://blossom.primal.net/eac330ca904f2815e0a813106efe494fd28fd512728b6e561b3c92a4ea309393.png Almost immediately after the WhatsApp notifications, we started learning about the targets. They weren't the supposed serious criminals... They were Journalists... human rights defenders...groups working on sea rescues.. etc In other words, a very NSO-like scandal. https://blossom.primal.net/a530f88b24d07ffae346e2ed762a391f0e3908142a1aa2032a87bcfe0fb649b0.png Ultimately Paragon & its Italian customer had a massive spyware scandal on their hands. WhatsApp wasn't the only player tracking paragon & doing user notifications. Apple got in on the game. Ultimately, we at the Citizen Lab had forensically analyzed cases from each notification round. https://blossom.primal.net/312ea0ccc0a650ab5d77c84cd714687bb6e0f18f47159ae91562a2b7f98270ec.png We testified to Italy's parliamentary intelligence oversight committee about our findings. https://blossom.primal.net/e6cfcf41d686d7fd1c64f12caf1fc2e5e93b9912536fd63abb51259c4a6633b9.png https://blossom.primal.net/79cb9ecdfe9c86ba9a4e051f93b8f74d9329f7b14a68e4b1ad7cf382c227d8e0.png The conclusion? Deeply unsatisfactory. Italy admitted hacking some targets, but denied hacking journalists. Tons of loose ends with Paragon. And they haven't been honest about who used their tech to hack journalists in Europe. BIG PICTURE: After 14 years investigating countless spyware companies, I tell you with confidence: Mercenary spyware is a power abuse machine incompatible with American constitutional rights and freedoms. Our legal system isn't designed for it, oversight mechanisms are woefully inadequate to protect our rights... Here's the thing. You probably know that mercenary spyware like #Pegasus gets sold to dictators. Who, predictably, abuse it. But We have a growing pile of cases where spyware is sold to democracies... and then gets abused. HISTORY LESSONS History shows: secret surveillance usually winds up abused. The history of the US is littered with surveillance abuses. Thing is, our phones offer an unprecedented window into our lives. Making zero-click mercenary spyware an especially grave risk to all our freedoms. If the government has wants access to your accounts for law enforcement...they have to prepare a judicially authorized request and send it to the company, which reviews it. Mercenary spyware bypasses any external review. And the whole industry behind it seeks maximum obscurity. COUNTERINTELLIGENCE THREATS? YEAH THAT TOO I'm concerned about the impact on our rights an dour privacy. But there's something else that should worry everybody about the choice to work with the company: Paragon poses a potentially grave counterintelligence threat to the US. Let me explain. When you use an integrated spyware package to conduct sensitive law enforcement / intelligence business, you have to place a lot of trust in them... If the developers originate from a foreign intelligence service that aggressively collects against the US government, that should be a huge red flag. America (or any country) should be maximally wary about using foreign-developed surveillance tech for the same reason that America shouldn't operate a Chinese-made stealth fighter. So, have Paragon's spyware, people & ops been aggressively vetted for technical and human counterintelligence risks? MERCENARY SPYWARE = FATE SHARING Paragon's #Graphite mercenary spyware shares the same downsides as other products in their class: ❌They keep getting caught We researchers aren't the only ones that have found techniques for tracking and identifying Paragon spyware... I'm sure hostile govs have too. https://blossom.primal.net/0e709adfa8b5b3dd375c80180988f8e322c36d1803e4c25ec1bde250716c8302.png ❌Customers fate share. Since all customers roll the same tech, when one gets caught it impacts & potentially exposes everyones' activities. Now, that fate sharing will include US law enforcement activity. WHAT CAN YOU DO? What can you do? Take 5 minutes and call your member of Congress. Ask them to request a briefing on Paragon. They should ask whether the company was properly vetted & reviewed. What is the oversight mechanism for this maximally invasive technology? What are the guardrails? How would abuses be handled? Etc. PERSONAL SECURITY? Paragon & this category of spyware is fiendishly hard to track & defend against. And on a personal level? Apple's Lockdown Mode & Android Advanced Protection both offer some serious security benefits but neither is a silver bullet.. Unfortunately, as of right now I am pretty confident that no publicly available / commercially developed third party tool can reliably detect Paragon spyware either in realtime. Or retrospectively. Beware a false sense of security. If you got this far & found this post useful, let me know! Drop a comment. SELECTED READING LIST Exclusive: ICE reactivated its $2 million contract with Israeli spyware firm Paragon, following its acquisition by U.S. capital https://jackpoulson.substack.com/p/exclusive-ice-has-reactivated-its Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/ Graphite Caught First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
+- jsr -- 239d -------------------------------------------------------------[...]+ | | | GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... | | | | They just published an advisory about it. | | | | Say attackers combined the exploit with an Apple vulnerability to hack a | | specific group of targets (i.e. this wasn't pointed at everybody) | | | | https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8 | | 040b7aab8cfff.png | | | | That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. | | | | But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long | | ago? | | | | You have. | | | | A big user base makes a platform big target for exploit development. | | | | Attacker's perspective = an exploit against a popular messenger gives you | | potential access to a lot of devices. | | | | The regular tempo of large platforms catching sophisticated exploits is a good | | sign. | | | | They're paying attention & devoting resources to a growing category: highly | | targeted, sophisticated attacks. | | | | But it's also a reminder of the magnitude of the threat. | | https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dc | | dec3de45f8b11.png | | | | Here's the Apple CVE. | | | | Somewhere, earlier this summer, some people in a room probably had a bad day | | when this clever cross-app chain stopped working. | | | | The cross- app chain = probably also a sign of the increasing tech lift | | required to get to device compromise. Consequence of various mitigations. | | | | The cost-to-compromise is only going up. Which is arguably a sign that the | | increasing scrutiny + efforts by platforms & OS developers is having an | | impact. | | | | That said, the threat of this stuff is going nowhere because there's an | | infinite governmental appetite for compromise. | | | | Still, I'd argue that increasing costs of zero-clicks has the effect of | | pricing out a bunch of potential actors which slows the proliferation of this | | tech to *some* bad actors. | | | | WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ | | | | Apple Advisory: https://support.apple.com/en-us/124925 | | | +-- reply ------------------------------------------------------------------- ---+GOOD MORNING: WhatsApp caught & fixed a sophisticated zero click attack... They just published an advisory about it. Say attackers combined the exploit with an Apple vulnerability to hack a specific group of targets (i.e. this wasn't pointed at everybody) https://blossom.primal.net/b39ccf0552138996a4f86c4ff97fd60d7610ce71fc30f309cc8040b7aab8cfff.png That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second. But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago? You have. A big user base makes a platform big target for exploit development. Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices. The regular tempo of large platforms catching sophisticated exploits is a good sign. They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks. But it's also a reminder of the magnitude of the threat. https://blossom.primal.net/bd2bae1825b7e29da59df2eaf0ac9bd5b3bec75ae8260e135dcdec3de45f8b11.png Here's the Apple CVE. Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working. The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations. The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by platforms & OS developers is having an impact. That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for compromise. Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors which slows the proliferation of this tech to *some* bad actors. WhatsApp Advisory: https://www.whatsapp.com/security/advisories/2025/ Apple Advisory: https://support.apple.com/en-us/124925
+- jsr -- 245d -------------------------------------------------------------[...]+ | | | Did the University of Chicago blow their endowment on shitcoins? | | | | Nobody is exactly sure how much they gambled and lost on 'crypto.' | | | | But they are now freezing research amidst federal funding cuts. | | | | https://blossom.primal.net/80f8ea9b854920942d5ae0ea946c28e5763ac291ea148e09ea6 | | 5c3605bddf749.png | | | | If only they'd put that money into BTC those labs where I slaved away as an | | undergrad would be humming. | | | | Source: | | https://stanfordreview.org/uchicago-lost-money-on-crypto-then-froze-research-w | | hen-federal-funding-was-cut/ | | | +-- reply ------------------------------------------------------------------- ---+Did the University of Chicago blow their endowment on shitcoins? Nobody is exactly sure how much they gambled and lost on 'crypto.' But they are now freezing research amidst federal funding cuts. https://blossom.primal.net/80f8ea9b854920942d5ae0ea946c28e5763ac291ea148e09ea65c3605bddf749.png If only they'd put that money into BTC those labs where I slaved away as an undergrad would be humming. Source: https://stanfordreview.org/uchicago-lost-money-on-crypto-then-froze-research-when-federal-funding-was-cut/
+- jsr -- 246d -------------------------------------------------------------[...]+ | | | Government‑mandated KYC to read is coming fast. | | | | And the walls of castle freedom are cracking. | | | | | | https://blossom.primal.net/0adf7bd998849dbe165fb9fd64a56ce4b23353d0b8e8ff04c47 | | f678d490eeaac.png | | | +-- reply ------------------------------------------------------------------- ---+Government‑mandated KYC to read is coming fast. And the walls of castle freedom are cracking. https://blossom.primal.net/0adf7bd998849dbe165fb9fd64a56ce4b23353d0b8e8ff04c47f678d490eeaac.png
+- jsr -- 248d -------------------------------------------------------------[...]+ | | | "everybody who's out there thinking of using VPNs, let me just say to you | | directly, verifying your age keeps a child safe...So let's just not try and | | find a way around. Just prove your age." | | | | - UK government. | | | | https://blossom.primal.net/603be98e6ef0e56611d5583c63c9ec0b2461541b81785456cd0 | | 441048b2db5d3.mp4 | | | +-- reply ------------------------------------------------------------------- ---+"everybody who's out there thinking of using VPNs, let me just say to you directly, verifying your age keeps a child safe...So let's just not try and find a way around. Just prove your age." - UK government. https://blossom.primal.net/603be98e6ef0e56611d5583c63c9ec0b2461541b81785456cd0441048b2db5d3.mp4
+- jsr -- 249d -------------------------------------------------------------[...]+ | | | WHOA: Could Germany Ban Ad Blockers? | | | | German megapublisher Axel Springer is asking a German court to ban an | | ad-blocker. | | | | They claim HTML/ CSS of their sites are protected computer programs. | | | | And influencing they are displayed (e.g by removing ads) violates copyright. | | | | https://blossom.primal.net/f1aac1c7cba207b4d4e91d2b267422fa792447a5cdcdc9d3b27 | | edc3deb899a7a.png | | | | I'm in puzzled wonderment at this claim. | | | | Preventing ad-blocking would be a huge blow to German cybersecurity and | | privacy. | | | | https://blossom.primal.net/a92542ec974ecc602b7befd2400ae837980bd04b2f7ebf0dfe9 | | 744ae8807b2bd.png | | | | There are critical security & privacy reasons to influence how a websites code | | gets displayed. | | | | Like stripping out dangerous code & malvertising. | | | | Hacking risks from the online advertising are documented. | | | | https://blossom.primal.net/f3ed60773ca3408465acd4dbfdbb649bb9b209ea5d976dcb3b8 | | a15e7b3e15e93.png | | | | Any attempt to force Germans to run all of the code on a website without | | consideration for their privacy and security rights and needs will end very, | | very poorly. | | | | Defining HTML/CSS as a protected computer program will quickly lead to | | absurdities touching every corner of the internet. | | | | Just think of the potential infringements: | | | | -Screen readers for the blind | | -'Dark mode' bowser extensions | | -Displaying snippets of code in a university class | | -Inspecting & modifying code in your own browser | | -Website translators | | | | Or blocking unwanted trackers. | | | | This is why most governments do it on their systems. | | | | https://blossom.primal.net/b1d66083392034b2062aebd1cb6059fcca669520b50d065e54d | | c4dce4bde8c69.png | | | | I'm not a lawyer, but if Axel Springer wins the consequences are just nuts: | | | | Basic stuff like bookmarking & saving a local copy of a website might be | | legally risky. | | | | The Wayback Machine & internet archives and libraries might be violators. | | | | This might even extend to search engines displaying excerpts of sites. | | | | Code sharing sites like GitHub could become a liability minefield... | | | | The list goes on and on. | | | | Finally, only one country has banned ad-blockers. China. | | | | This is not good company for Germany. | | | | | | READ MORE: From Mozilla | | https://blog.mozilla.org/netpolicy/2025/08/14/is-germany-on-the-brink-of-banni | | ng-ad-blockers-user-freedom-privacy-and-security-is-at-risk/ | | | | Bleeping Computer: | | https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-d | | eclare-ad-blockers-illegal/ | | | +-- reply ------------------------------------------------------------------- ---+WHOA: Could Germany Ban Ad Blockers? German megapublisher Axel Springer is asking a German court to ban an ad-blocker. They claim HTML/ CSS of their sites are protected computer programs. And influencing they are displayed (e.g by removing ads) violates copyright. https://blossom.primal.net/f1aac1c7cba207b4d4e91d2b267422fa792447a5cdcdc9d3b27edc3deb899a7a.png I'm in puzzled wonderment at this claim. Preventing ad-blocking would be a huge blow to German cybersecurity and privacy. https://blossom.primal.net/a92542ec974ecc602b7befd2400ae837980bd04b2f7ebf0dfe9744ae8807b2bd.png There are critical security & privacy reasons to influence how a websites code gets displayed. Like stripping out dangerous code & malvertising. Hacking risks from the online advertising are documented. https://blossom.primal.net/f3ed60773ca3408465acd4dbfdbb649bb9b209ea5d976dcb3b8a15e7b3e15e93.png Any attempt to force Germans to run all of the code on a website without consideration for their privacy and security rights and needs will end very, very poorly. Defining HTML/CSS as a protected computer program will quickly lead to absurdities touching every corner of the internet. Just think of the potential infringements: -Screen readers for the blind -'Dark mode' bowser extensions -Displaying snippets of code in a university class -Inspecting & modifying code in your own browser -Website translators Or blocking unwanted trackers. This is why most governments do it on their systems. https://blossom.primal.net/b1d66083392034b2062aebd1cb6059fcca669520b50d065e54dc4dce4bde8c69.png I'm not a lawyer, but if Axel Springer wins the consequences are just nuts: Basic stuff like bookmarking & saving a local copy of a website might be legally risky. The Wayback Machine & internet archives and libraries might be violators. This might even extend to search engines displaying excerpts of sites. Code sharing sites like GitHub could become a liability minefield... The list goes on and on. Finally, only one country has banned ad-blockers. China. This is not good company for Germany. READ MORE: From Mozilla https://blog.mozilla.org/netpolicy/2025/08/14/is-germany-on-the-brink-of-banning-ad-blockers-user-freedom-privacy-and-security-is-at-risk/ Bleeping Computer: https://www.bleepingcomputer.com/news/legal/mozilla-warns-germany-could-soon-declare-ad-blockers-illegal/
+- jsr -- 249d -------------------------------------------------------------[...]+ | | | NEW: UK reportedly drops secret demand for Apple encryption backdoor. | | | | Good. | | | | https://blossom.primal.net/38dc0f66a1f407c85c64a7ea0db90a8f3bb5e7d335249f4036c | | 91589b551842e.png | | | | While there was strong activist pressure here the key push came from the US | | government. | | https://blossom.primal.net/5575a11ab7e5879e296f79d5ef9719175c0b6582643c0493cd8 | | 719a2b8030a50.png | | | | But there is zero rest for the weary as the UK has been leaning much harder | | into Age Verification. | | | | Which is another mechanism for gaining deep visibility into peoples online | | activity. | | | | Story: | | https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands- | | dropped | | | +-- reply ------------------------------------------------------------------- ---+NEW: UK reportedly drops secret demand for Apple encryption backdoor. Good. https://blossom.primal.net/38dc0f66a1f407c85c64a7ea0db90a8f3bb5e7d335249f4036c91589b551842e.png While there was strong activist pressure here the key push came from the US government. https://blossom.primal.net/5575a11ab7e5879e296f79d5ef9719175c0b6582643c0493cd8719a2b8030a50.png But there is zero rest for the weary as the UK has been leaning much harder into Age Verification. Which is another mechanism for gaining deep visibility into peoples online activity. Story: https://www.theverge.com/news/761240/uk-apple-us-encryption-back-door-demands-dropped
+- jsr -- 256d -------------------------------------------------------------[...]+ | | | Yeah! Humans do OSINT. Some do it super well. | | | | So what is different about an automated house locator as a service that uses | | dwelling interior pics? | | | | Turns out we counted on friction to protect us. | | | | Not rules. Not norms. | | | | There just weren't millions of Trevor Rainbolts that could act instantly OSINT | | anything that invasive. | | | | https://blossom.primal.net/169aae69feb40bf254177ebfa8c1216f3fca6d771fd556ea6ec | | 8430bebfdb8c7.png | | | | It was a cost thing. | | | | Meanwhile the datasets were getting collected. Zillow. AirBnB.. etc etc. | | | | When the right invasive automation came along... the privacy / rights | | intrusion became automated & scaled. Unstoppable. | | | | And we were left unprotected. | | | | Like with so many privacy & power things. | | | | nostr:nevent1qvzqqqqqqypzqj4y6gjyqacy98a8gkm8f74hu3hdyelndgdt4ehlf6xjd6m9kl6jq | | ythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qqsytkkgjxwyj2m7u5wcx7hc6kgryw6njdtaluw | | qt53j676pkrarqsck3yr9a | | | +-- reply ------------------------------------------------------------------- ---+Yeah! Humans do OSINT. Some do it super well. So what is different about an automated house locator as a service that uses dwelling interior pics? Turns out we counted on friction to protect us. Not rules. Not norms. There just weren't millions of Trevor Rainbolts that could act instantly OSINT anything that invasive. https://blossom.primal.net/169aae69feb40bf254177ebfa8c1216f3fca6d771fd556ea6ec8430bebfdb8c7.png It was a cost thing. Meanwhile the datasets were getting collected. Zillow. AirBnB.. etc etc. When the right invasive automation came along... the privacy / rights intrusion became automated & scaled. Unstoppable. And we were left unprotected. Like with so many privacy & power things. nostr:nevent1qvzqqqqqqypzqj4y6gjyqacy98a8gkm8f74hu3hdyelndgdt4ehlf6xjd6m9kl6jqythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0qqsytkkgjxwyj2m7u5wcx7hc6kgryw6njdtaluwqt53j676pkrarqsck3yr9a
+- jsr -- 257d -------------------------------------------------------------[...]+ | | | Location tracking based on interior pictures. | | | | It will be abused to target people. | | | | Post the inside your place at your peril. | | https://blossom.primal.net/37c8d6d2f6c2c9ce1d8d3332fbbfd044b20ec93e0af249f1013 | | d527e55532178.png | | | +-- reply ------------------------------------------------------------------- ---+Location tracking based on interior pictures. It will be abused to target people. Post the inside your place at your peril. https://blossom.primal.net/37c8d6d2f6c2c9ce1d8d3332fbbfd044b20ec93e0af249f1013d527e55532178.png
+- jsr -- 257d -------------------------------------------------------------[...]+ | | | Earliest days of vibecoding-as-a-target. | | | | Without a radical increase in security, vibecoders will get wiped out & lose | | their savings. | | | | https://blossom.primal.net/c462c603484af25db18c1ac377645528de47bb89f48612b6562 | | 67f31383441b8.png | | | | And their companies will get hit with fat breaches. | | https://blossom.primal.net/ca0c5f4be51943cf17235bfa2bbb3aaa4f245ab73676de62df3 | | 59e56192a3694.png | | | | Me? I'm waiting for attackers to figure out how to reliably slip backdoors | | into vibecoded outputs at scale. | | | +-- reply ------------------------------------------------------------------- ---+Earliest days of vibecoding-as-a-target. Without a radical increase in security, vibecoders will get wiped out & lose their savings. https://blossom.primal.net/c462c603484af25db18c1ac377645528de47bb89f48612b656267f31383441b8.png And their companies will get hit with fat breaches. https://blossom.primal.net/ca0c5f4be51943cf17235bfa2bbb3aaa4f245ab73676de62df359e56192a3694.png Me? I'm waiting for attackers to figure out how to reliably slip backdoors into vibecoded outputs at scale.
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | Neuroticism? Ripping. | | | | Conscientiousness & agreeableness? Dipping. | | https://blossom.primal.net/c12eb7010fba26e5ad3391a0d55e47d3a9bf61fccd2b5aacd58 | | 4aa86e528da2b.png | | | | Via FT: https://www.ft.com/content/5cd77ef0-b546-4105-8946-36db3f84dc43 | | | +-- reply ------------------------------------------------------------------- ---+Neuroticism? Ripping. Conscientiousness & agreeableness? Dipping. https://blossom.primal.net/c12eb7010fba26e5ad3391a0d55e47d3a9bf61fccd2b5aacd584aa86e528da2b.png Via FT: https://www.ft.com/content/5cd77ef0-b546-4105-8946-36db3f84dc43
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | NEW: 🇩🇪Germany's top court says spyware severely violates fundamental rights. | | | | Bans spyware in cases with <3year sentences. | | | | Enforces tough proportionality tests on all surveillance. | | | | https://blossom.primal.net/c1cb0062fe7c265c22c8d71453b0ba4ac6686c1aedb23f72b02 | | e4b4e2801fb86.png | | | | Restricts spyware to serious cases. | | | | Interesting development. | | | | | | https://blossom.primal.net/a2ba5661ae80e0ddc56672a4186b5e6dabac8d8c18691a9b4ff | | 7fe0232e6c6bc.png | | Court says: capturing data at the source (i.e. on someone's phone) is | | maximally invasive. | | | | Especially given how much of our lives happens online. | | | | They also surface the security risks to systems from this kind of | | surveillance. | | | | https://blossom.primal.net/30448a7dfdb898087a6e684cba842c1a01d101c4746863db380 | | 187171a70fa5d.png | | | | Watching Germany's highest court grapple with spyware's invasiveness & rights | | violations is instructive. | | | | States wielding spyware without robust legal limitations and tight judicial | | oversight... are almost guaranteed to be violating their citizens' basic | | rights. | | | | In so many jurisdictions, state secrecy & lack of effective legal challenges | | means spyware harms happening daily | | | | Huge credit to German digital freedoms organization #digitalcourage | | for bringing this case. | | | | Court statement: | | https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2025/ | | bvg25-069.html | | | +-- reply ------------------------------------------------------------------- ---+NEW: 🇩🇪Germany's top court says spyware severely violates fundamental rights. Bans spyware in cases with <3year sentences. Enforces tough proportionality tests on all surveillance. https://blossom.primal.net/c1cb0062fe7c265c22c8d71453b0ba4ac6686c1aedb23f72b02e4b4e2801fb86.png Restricts spyware to serious cases. Interesting development. https://blossom.primal.net/a2ba5661ae80e0ddc56672a4186b5e6dabac8d8c18691a9b4ff7fe0232e6c6bc.png Court says: capturing data at the source (i.e. on someone's phone) is maximally invasive. Especially given how much of our lives happens online. They also surface the security risks to systems from this kind of surveillance. https://blossom.primal.net/30448a7dfdb898087a6e684cba842c1a01d101c4746863db380187171a70fa5d.png Watching Germany's highest court grapple with spyware's invasiveness & rights violations is instructive. States wielding spyware without robust legal limitations and tight judicial oversight... are almost guaranteed to be violating their citizens' basic rights. In so many jurisdictions, state secrecy & lack of effective legal challenges means spyware harms happening daily Huge credit to German digital freedoms organization #digitalcourage for bringing this case. Court statement: https://www.bundesverfassungsgericht.de/SharedDocs/Pressemitteilungen/EN/2025/bvg25-069.html
+- jsr -- 261d -------------------------------------------------------------[...]+ | | | Internet-connected microphones in school bathrooms. | | | | What could go wrong? | | | | https://blossom.primal.net/cde78c4f30f6dcc440598f49641fa6c7a29a7a6816f048dce13 | | 128be8df7749e.png | | | | Mandated microphones in private spaces are a bad idea. | | | | Throwing invasive sensors into private spaces rarely fixes socially scary | | problems. | | | | But is almost guaranteed to have risky downsides. | | https://blossom.primal.net/7da39cdd62cbd37ae4b6ceedc0bfbf8ce729b74809e18f41f69 | | 7cf54a9b605ea.png | | | | Story: https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/ | | | +-- reply ------------------------------------------------------------------- ---+Internet-connected microphones in school bathrooms. What could go wrong? https://blossom.primal.net/cde78c4f30f6dcc440598f49641fa6c7a29a7a6816f048dce13128be8df7749e.png Mandated microphones in private spaces are a bad idea. Throwing invasive sensors into private spaces rarely fixes socially scary problems. But is almost guaranteed to have risky downsides. https://blossom.primal.net/7da39cdd62cbd37ae4b6ceedc0bfbf8ce729b74809e18f41f697cf54a9b605ea.png Story: https://www.wired.com/story/school-bathroom-vape-detector-audio-bug/
+- jsr -- 262d -------------------------------------------------------------[...]+ | | | Regular people know that age verification mandates won't work. | | | | But they are worried about their children's safety, and they aren't being | | offered non-dystopian alternatives. | | | | https://blossom.primal.net/83ced0c9030964182d85a09e59c52538fd077070dfcace62e06 | | 725a5169a0220.png | | | +-- reply ------------------------------------------------------------------- ---+Regular people know that age verification mandates won't work. But they are worried about their children's safety, and they aren't being offered non-dystopian alternatives. https://blossom.primal.net/83ced0c9030964182d85a09e59c52538fd077070dfcace62e06725a5169a0220.png
Pubkeys from this user's latest cached kind 3 follow list.
- dread 00000001…ed21
- crrdlx 005bc4de…e1a2
- Erik Hersman 03fbf7d2…67f6
- ODELL 04c915da…ecc9
- Surrealistic Menina 04c96049…cc3b
- archjourney 05e46498…5eb8
- 0a84d4eb540f 0a84d4eb…95ad
- Mx12art 0b26f590…d1a8
- Paul 0d6c8388…8a33
- 0e05cb33ce37 0e05cb33…a99e
- cecilia 0f52b01a…3741
- 1021c8921548 1021c892…6993
- 1199fef1f4e6 1199fef1…e268
- 1248b16acbc6 1248b16a…ed4b
- 139fcc6bb304 139fcc6b…e65d
- JeffG 1739d937…36ef
- 1848313553d3 18483135…44f6
- 18d26089c061 18d26089…c815
- 18f54af1e10c 18f54af1…02ef
- Pegah 1af54955…d960
- HoloKat 1bc70a01…a411
- 1cb14ab33587 1cb14ab3…2462
- Laan Tungir 1ec45473…f139
- 1ef8582840de 1ef85828…97a7
- ₿ianca 1f2c17bd…35d7
- 207ce4f7db83 207ce4f7…e4b9
- 20998a8d4331 20998a8d…469c
- Leopoldo López 👍 219b48ca…6a7b
- 21ce667534ae 21ce6675…20db
- 2444b654591f 2444b654…0934
- 24b3a5d7761f 24b3a5d7…dda2
- 267f954f717e 267f954f…192f
- Noshole 26d6a946…98f1
- 2a5ce82d946a 2a5ce82d…1502
- EVAN KALOUDIS 2d9873b2…87f2
- 2efdb88e1ad0 2efdb88e…c3e3
- 2f52b19fe140 2f52b19f…2323
- 30d639ffb69c 30d639ff…5b2d
- 3197ad60db8b 3197ad60…2b95
- jb55 32e18276…e245
- 34061740e8b4 34061740…ec39
- 360b4911cbeb 360b4911…72fd
- Mark Penney 37bad70d…d8f8
- 3aaa459b3ef7 3aaa459b…b822
- GHOST 3b7fc823…354f
- 3bde29d0f2e1 3bde29d0…61ab
- 3c1d9e66b95b 3c1d9e66…2f33
- 3ef3be9db1e3 3ef3be9d…eaf9
- 3f289d3caf5e 3f289d3c…b9fc
- 43baaf0c28e6 43baaf0c…e34c
- 43f3c9704823 43f3c970…62b6
- 46d7ef5268ea 46d7ef52…680e
- 472ec77961ce 472ec779…ac9f
- MartyBent 472f440f…301e
- 497e2ad9609d 497e2ad9…7e3f
- 4cd81099cf9f 4cd81099…55be
- manlikekweks 4ce6abbd…14dd
- 4d04dacfbb2d 4d04dacf…1614
- 4d2d857513d4 4d2d8575…56a4
- 4d4ab737e2fb 4d4ab737…fad8
- Ava 4eb88310…5d6d
- 50d46fb0720d 50d46fb0…47ad
- calle 50d94fc2…1d63
- 50de492cfe54 50de492c…71de
- 51058f77cc51 51058f77…dd3f
- GrapheneOS 5468bcee…c9ed
- 5586fba34391 5586fba3…8f81
- 55f04590674f 55f04590…5185
- 5683ffc7ff8a 5683ffc7…fe99
- 57d1a264c9bb 57d1a264…fee1
- 58c741aa630c 58c741aa…3196
- 58ead82fa15b 58ead82f…08f9
- 59a98c047944 59a98c04…ff66
- 5c50da132947 5c50da13…9b4b
- 5df413d4c5e5 5df413d4…4f5b
- 5e02b7ed2b2a 5e02b7ed…1e58
- 5f54c78ef607 5f54c78e…d95c
- 5f69082cc20d 5f69082c…eda9
- 5ffb8e1b6b62 5ffb8e1b…6735
- 60d53675f07d 60d53675…296b
Cached pubkeys that follow this user, discovered from kind 3 events.
- StellarStoic 00000000…6927
- kepford 000002de…80a7
- ₿en Wehrman 0018b7ee…9564
- Woody 006532cb…28b4
- samuel 008cca1f…a67b
- Jean-David Bar 00ea1f73…e344
- Jimmy 015f514b…09d5
- Cincy 0294d19d…1a1a
- sean 03b717ec…e463
- Nymmo 03b72b4f…9a8b
- Satsimalist 03bb7dc1…c8c5
- Erik Hersman 03fbf7d2…67f6
- DigitalMetta 04184ef9…edcb
- Alex Gleason 0461fcbe…74dd
- Saad 04d6ee71…2083
- dkpower 05351746…56c4
- k00b 05933d87…c46e
- M0053 05972259…bae6
- archjourney 05e46498…5eb8
- fevinKagen 06750569…8d86
- More-10 09106a64…02c5
- Kirt R 09481f89…0c47
- Louferlou 0c24e323…d422
- jo 🇺🇸 0d8c556f…d4d7
- Big Barry Bitcoin 0d97beae…4a14
- cecilia 0f52b01a…3741
- npub1pl4qpkzdff3weqqv2qm3fcjm0hd00pak2hvddp67q9jjkfrjr49sesuk3m 0fea00d8…1d4b
- FL Justin 100792dd…f1b2
- Aarón Rodríguez 1094e722…6d40
- Felix 11674b2d…ab51
- Justin Moon 11b9a894…50ce
- Michael Rihani⚡️ 1306edd6…1b2d
- Andrea Díaz Correia 130994a7…ebfb
- epsql 15f70ebd…282c
- Ready To Prepare 183f1880…f69e
- Vezire 19306922…88d2
- Al Andalusi 🏴 1ac4bdfc…9e05
- HoloKat 1bc70a01…a411
- Based Truth 1d28171b…2e9e
- Laan Tungir 1ec45473…f139
- Gideon H Guna₿e (📈,📈) ⚡ 1ec53b79…9fac
- La Crypta 1f24d0d9…3806
- Mandana 208f33c9…90a9
- contra hoc saeculum 22f0386b…0976
- Andrew M. Bailey 2645caf5…8a96
- Sarah⚡️ 2a52dbc3…7175
- jeff ₿ 2b07be41…aad1
- EVAN KALOUDIS 2d9873b2…87f2
- Sean 2f5de000…cef1
- Frederik Kjøll Iversen 37aee4e5…bc5a
- Mark Penney 37bad70d…d8f8
- Reptile 38180a12…cb4c
- islam 38cb9454…1ef0
- William ₿ Travis 3b8f17fb…be46
- ⚡️DEFAUXKING⚡️ 3bbcab7e…a92e
- fiatjaf 3bf0c63f…459d
- Matt Corallo 3d2e5150…d594
- Knowmad 3e58a5e9…32d4
- ProofOfCut 3fb8ae19…83d9
- nupe 420eabf2…47a4
- Enki 44dc1c2d…4f0b
- Thomas 46c670d2…7098
- calle 50d94fc2…1d63
- 串天猴(Flying Sky Monkey) 546c04e9…bc2d
- 566c166f3ada 566c166f…46a8
- Gigi 6e468422…ee93
- zaytun 74dc7857…3ccb
- jack 82341f88…e6a2
- allen 826e9f89…c759
- Pete Winn 94215f42…f622
- Brisket 96c87765…9433
- AK 👸🏻 9ce71f15…80c7
- Detective Deft Defector 9f83869c…3766
- DanConwayDev a008def1…564d
- Crox Road a012dc82…a70d
- gnostr a34b99f2…c5bd
- DagzTagz ae4c1762…fff1
- Final b98ded4c…5c22
- Erik Cason bd9eb657…a45a
- jack mallers c4eabae1…c4e0
- SmartFlowSocial c581f470…1087
- Protocolo Primal BR c641e8c7…964e
- Sync c8383d81…9549
- Wasted Potential d3be7046…446d
- Luxas d49a9023…a8df
- miljan d61f3bc5…ef4a
- AYDIN KÖÇEK d6b5bf5f…ca57
- liminal 🦠 dc4cd086…7c06
- nobody ecda4328…f072
- Satoshi Coffee Co. ee85604f…575e
- Rusty Russell f1725586…8e43
- Primal Protocol f2cea30a…53ca
- #fuck_jews f4a45a9f…37a7
- kgothatso@8333.mobi f7a23512…1dbb
- Hanshan f985d309…9bbb
- Sun of the Moon fd31d0a4…8c94
- Matt 🛸 fea186c2…def2
+------------------------------------------------------------------------------+
|
|
Identifiers
npub: npub1vz03sm9qy0t93s87qx2hq3e0t9t9ezlpmstrk92pltyajz4yazhshfttwj
hex: 609f186ca023d658c0fe019570472f59565c8be1dc163b1541fac9d90aa4e8af
no cached metadata event yet
+------------------------------------------------------------------------------+
Suggested read/write relays from this user's latest kind 10002 event.
- No cached NIP-65 relay hints yet.