Matthew Green
@matthewdgreen.bsky.social
đ¤ 18778
đĽ 407
đ 2358
I teach cryptography at Johns Hopkins.
https://blog.cryptographyengineering.com
What kills me about this story is that Metaâs public CSAM scanning clearly does not work, if theyâre delivering ads for CSAM content. But this failure will be used as evidence that we need to add scanning for private and encrypted messages.
www.bbc.com/news/article...
loading . . .
India: Instagram running ads promoting child sexual abuse material, BBC finds
The ads use terms including ârapeâ and âchild videoâ and link to content on the messaging app Telegram.
https://www.bbc.com/news/articles/cvgm4e0316zo
11 days ago
9
184
90
reposted by
Matthew Green
Ron Deibert
13 days ago
Researchers
@citizenlab.ca
say EU lawmaker who investigated surveillance was hacked by Israeli spyware
@raphae.li
www.reuters.com/world/middle...
loading . . .
Researchers say EU lawmaker who investigated surveillance was hacked by Israeli spyware
A former member of the European Parliament who served âon a committee investigating abusive surveillance was himself hacked using an Israeli-made spy tool, a Canadian tech watchdog group âsaid on Frid...
https://www.reuters.com/world/middle-east/researchers-say-eu-lawmaker-who-investigated-surveillance-was-hacked-by-israeli-2026-07-03/
1
12
9
Theory question: give an upper bound on the number of vulnerabilities that can be present in an n-bit program.
12 days ago
9
14
1
Apropos of nothing, does anyone else have very happy memories associated with this product?
14 days ago
15
105
4
I donât think people should panic based on anything djb has written recently. But I do agree with his conclusion that ECC hybrids are a good idea. I also do continue to be skeptical of the âECC hybrids are just too hard to get rightâ arguments.
14 days ago
5
34
3
reposted by
Matthew Green
alpha
16 days ago
Dems' "Project 2029" first major policy proposal: an online child safety plan â narrowing Sec. 230, banning social media for kids under 16, promoting phone-free childhoods and more. Already backed by Cory Booker, Mikie Sherrill, Randi Weingarten + Jonathan Haidt. LMAOOOOOOOOOOOOOOOOOOO.
699
2057
2055
One of my beefs with (research) cryptography is that people are overindexing on quantum threats. We finally got crypto to the point where we can do things efficiently, and now we need to rip it all up and switch to lattice schemes at 11,000x the cost.
16 days ago
2
28
5
âEurope needs air conditioningâ is true, but it also feels like a talking point explicitly constructed so that people donât have to pay attention to the effects of rapid climate change.
17 days ago
11
101
16
Counterpoint: the fact that vendors/projects wonât privilege vulnerability reports is hardly a punishment for security researchers. Itâs a gift.
add a skeleton here at some point
21 days ago
2
11
2
So apparently anyone with a license plate number can submit it to most DMVs to obtain detailed owner information, provided they claim theyâre doing so in the âordinary course of businessâ (eg to collect a debt). This isnât verified or checked.
22 days ago
11
169
49
So Will Cathcart is leaving WhatsApp and this is the new leader that Mark Zuckerberg has chosen.
23 days ago
5
69
22
One of my new favorite gripes is people setting up AI receptionists to answer their phone and telling them nothing, including whether the business is open that day. Itâs just the weirdest way to use technology.
26 days ago
1
24
0
I wonder if the frontier LLMs have benchmarks for their human users.
28 days ago
0
20
1
reposted by
Matthew Green
Lily Hay Newman
29 days ago
just, you know, to recap
www.wired.com/story/danger...
loading . . .
âDangerousâ AI Models Are Coming No Matter What
The US government crackdown on Anthropicâs Claude Fable 5 and Mythos 5 hides a glaring truth: AI models with advanced hacking capabilities will soon be the norm.
https://www.wired.com/story/dangerous-ai-models-are-coming-no-matter-what/
1
8
6
One of the things Iâve noticed in my aging friends is that virulent conservative beliefs and cognitive decline seem highly correlated.
about 1 month ago
6
58
14
It really seems like weâre going to end up with a choice of doing model inference expensively here in the US or inexpensively in China, and this is going to create a nightmare data sovereignty problem.
about 1 month ago
5
43
11
God, Claude Fable really knows how to butter me up.
about 1 month ago
4
18
0
reposted by
Matthew Green
Alexander Martin
about 1 month ago
Scoop: Britain has weakened proposed cybersecurity protections for its telecoms networks that were developed in response to the Salt Typhoon espionage campaign, after the companies responsible for implementing the measures lobbied against them.
loading . . .
UK weakens proposed telecoms defenses against Chinese hackers after industry pushback
Britain has weakened proposed cybersecurity protections for its telecoms networks that were developed in response to the Salt Typhoon espionage campaign, after the companies responsible for implementi...
https://therecord.media/uk-weakens-telecoms-defenses-after-industry-lobbying
3
22
21
My strongest argument that weâre actually living in a simulation is the three-way light switch. Thereâs no way that can possibly work.
about 1 month ago
4
19
0
I wrote a new post about the privacy risks of on-phone agents like Appleâs new Siri, and how private inference isnât any sort of silver bullet.
blog.cryptographyengineering.com/2026/06/09/a...
loading . . .
The future of Siri, or: why private inference isnât private enough
Yesterday Apple announced a big step towards deploying real AI in their Siri ecosystem. In most ways this is good and inevitable: Siri is one of the worldâs most widely-used voice agents, andâŚ
https://blog.cryptographyengineering.com/2026/06/09/apples-siri-ai-or-more-shouting-into-the-void-about-private-agents/
about 1 month ago
12
117
58
reposted by
Matthew Green
Carl T. Bergstrom
about 1 month ago
Remember the current NIH director going on about protecting researchers from government censorship? Today his people called the police in to forcibly remove my colleagues from their own society meeting for sharing an editorial published in their flagship journal that was critical of him. Gift link
loading . . .
Police Remove Diabetes Experts From Conference for Distributing Critique of Trump Administration
https://www.nytimes.com/2026/06/05/well/ada-conference-diabetes-trump.html?unlocked_article_code=1.oFA.JZbr.mwpLXkZmrmf9&smid=url-share
57
2923
1563
Does anyone have a connection to Randall Munroe (
@xkcd.com
) or any way to reach his company? Iâm writing a book and wanted to license some of his cartoons but canât get a response from his licensing or press emails.
about 1 month ago
2
33
14
Iâve spent the past several weeks using AI to build software at and do research, so this has given me a lot of perspective on how these systems perform when you push them towards (and beyond) the edge of their training set. I guess this gives me a different perspective.
about 1 month ago
3
47
11
reposted by
Matthew Green
Alexander Martin
about 1 month ago
You replace some regular spaces with U+2002 spaces in a particular pattern, send subtly different versions to different recipients, and you can identify a leak from the spacing alone. It's invisible to the naked eye but trivial to detect with a Unicode inspector. [10/11]
1
24
7
reposted by
Matthew Green
Alejandra Caraballo
about 1 month ago
I get the hate for AI but I was able to use Claude to build tools to get access to hundreds of court records via courtlistener API, hundreds of 990s via Propublicas charity navigator, and thousands of political campaign spending records via FEC and Google to measure anti-trans political spending.
64
819
119
reposted by
Matthew Green
Fernando
about 1 month ago
60% of MD5 password hashes are crackable in under an hour
loading . . .
60% of MD5 password hashes are crackable in under an hour
https://www.theregister.com/security/2026/05/07/60-of-md5-password-hashes-are-crackable-in-under-an-hour/5234954
0
16
9
reposted by
Matthew Green
Laurens
about 1 month ago
the even more fun problem is, that because NL Wallet uses remote app attestation, it checks Googles servers for verification every time you use the app, meaning that Google holds a kill switch for our national ID wallet
add a skeleton here at some point
3
52
14
reposted by
Matthew Green
Toby Murray
about 2 months ago
Matt call this an investigation of a $10 question. That undersells the importance of this encryption to frontier labs. Itâs one of their primary defences against model distillation attacks, which represent major threats to their competitiveness.
add a skeleton here at some point
0
28
6
My kid was joking the other day about visiting conspiracy websites, like the ones that end in .gov.
about 2 months ago
0
58
7
Last week I discovered that ChatGPT and Claude will send you their âencrypted raw reasoningâ and of course I immediately wasted a weekend trying to do something bad with it. What I got for my trouble was this blog post:
blog.cryptographyengineering.com/2026/05/29/f...
loading . . .
Fooling around with encrypted reasoning blobs
This is a quick post I wanted to write about a âhobby projectâ I spent a weekend on. It has little to do with real cryptography, and mostly doesnât expose a particularly exciting âŚ
https://blog.cryptographyengineering.com/2026/05/29/fooling-around-with-encrypted-reasoning-blobs/
about 2 months ago
4
78
29
So I sort of found an issue with the OpenAI and Anthropic APIs, but they disagree. I think that means I can blog about it?
about 2 months ago
5
47
0
One of the things I used to like about Matthew Yglesias is that he criticized evidence-free windbags like Thomas Friedman. Now heâs an evidence-free windbag and he thinks heâs killing it.
about 2 months ago
2
33
2
reposted by
Matthew Green
Matthew Gracie
about 2 months ago
Yeah, this. I also miss peak Infosec Twitter. I know this isn't it, but neither is current Twitter.
add a skeleton here at some point
2
52
5
Last Thursday, the Texas AG Ken Paxton filed suit against WhatsApp, alleging some fairly serious (but highly nebulous) âprivacy violationsâ in WhatsApp. I was going to write a blog post about this, but then I remembered I already had â when these allegations first surfaced.
about 2 months ago
2
29
11
The snark from Codex is making me uneasy.
about 2 months ago
9
61
4
My son is doing an internship where (against all my attempts to persuade him into a different career) heâs looking for security vulnerabilities in Chinese-made medical devices, and oh boy is he finding them. I feel like this is unhealthy validation for an 18 year oldâs first job.
about 2 months ago
8
221
24
reposted by
Matthew Green
Riana
about 2 months ago
NCMEC's full 2025 CyberTipline report is out. 1.5MM reports "with a GAI [generative AI] nexus," but removing Amazon's useless 1.1MM reports, >182K reports of possession or (attempted) generation of GAI CSAM. That's the number to report: 182K, not 1.5 million.
www.missingkids.org/gethelpnow/c...
loading . . .
CyberTipline Data
https://www.missingkids.org/gethelpnow/cybertipline/cybertiplinedata
1
7
7
Every single one of them could have been a great name for our kids.
about 2 months ago
6
28
1
Spent ten minutes trying to get Anthropic to accept my CC number to buy credits. Turns out you had to click âbilling address is not the same as shipping addressâ and re-enter your whole address, only then can you click Continue. The quality of everything around Claude is an anti-ad for Claude.
about 2 months ago
15
128
17
How not to write a reassuring email 101. We meet Tuesdays 6-10pm.
about 2 months ago
2
46
4
Thereâs been some reporting that Meta contributed an unfathomable sum to promote age verification laws globally. This is broadly true, but the actual situation is a bit more complex. Figured it was worth an update.
about 2 months ago
1
58
22
A good primer on the new Bitlocker exploit.
solcyber.com/bitlocker-in...
loading . . .
BitLocker in crisis? The "YellowKey" zero-day in plain English - SolCyber
Nightmare Eclipse hates Microsoft, loves dropping 0-days.
https://solcyber.com/bitlocker-in-crisis-the-yellowkey-zero-day-in-plain-english/
about 2 months ago
2
57
22
Iâm going to confess that I love using coding LLMs. Itâs basically taken software development from âcool ideas I donât have time forâ to âletâs throw together a prototype.â But I also donât think anyoneâs reviewing the production code theyâre producing, at least not thoroughly.
2 months ago
34
230
19
When you ask AI to improve a picture.
2 months ago
1
24
1
The kids wanted to make a website for our dog Darwin. Turns out Darwin is a tough domain name, so we ended up here.
dogw.in
loading . . .
Dogw.in
Dogw.in, an original 8-bit mini dachshund game.
https://dogw.in/
2 months ago
1
29
2
I donât quite know what to tell you about that.
2 months ago
1
8
1
reposted by
Matthew Green
JHU Computer Science
2 months ago
JHUâs
@matthewdgreen.bsky.social
talks to the
@nytimes.com
about the potential risks of
@microsoft.com
Copilotâs health records tool: âThere is a pot of gold of high-value data that is in one location that people can get.â
loading . . .
A.I. Chatbots Want Your Health Records. Tread Carefully.
https://www.nytimes.com/2026/03/12/technology/personaltech/microsoft-copilot-health-ai-chatbots.html
1
7
7
reposted by
Matthew Green
Anna Leigh đłď¸ââ§ď¸
2 months ago
Remote attestation is a heavily underdiscussed threat to computing freedom. People often mistakenly dismiss it with "I will run my own fork (of the OS or browser) / Magisk", not understanding that with hardware attestation, you're literally unable to 1/
add a skeleton here at some point
8
357
176
I think itâs weird that even Apple sends me SMS text messages rather than iMessage, from their automated systems.
2 months ago
3
29
1
Me talking to ChatGPT, after learning that the Beale ciphers are probably fake.
2 months ago
1
11
1
Load more
feeds!
log in