I’ve been trying to kill the political fundraising texts since Jan 1 by replying “stop”. As suspected, it isn’t working. I need to turn this into a data science project.

EU Commission discloses an attempted cyberattack on its MDM system ec.europa.eu/commission/p...

Lot of weird historical revisionism from academics saying “they didn’t know” about Epstein. People, here’s what his Wikipedia page said way back in late 2008. en.wikipedia.org/w/index.php?...

The FBI can’t get into a Washington Post reporter’s phone, in part because it was set to Lockdown Mode. www.404media.co/fbi-couldnt-...

I wrote a short blog post on the WhatsApp lawsuit, or whatever it is. blog.cryptographyengineering.com/2026/02/02/w...

We spent the last 20 years turning every business professional into a fiddling web form, and I’m ready for AI just to eat it all.

The way Apple lets you exclude apps from iCloud backup is almost comically terrible UX. You can’t find the option in the app Settings pane; you have to dig into the iCloud Backup pane five layers deep, and then the list is organized by backup size rather than alphabetical.

There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.

Color me skeptical that saving taxpayer money is the real reason for this change that CISA only made after RSAC appointed a Biden official as its CEO.

Microsoft is handing over Bitlocker keys to law enforcement. www.forbes.com/sites/thomas...

My son, learning that he can order up to 10 packets of Sriracha on the Starbucks app.

Epstein-Barr Virus #EBV was linked to #MultipleSclerosis - now a plausible cause has been found, misidentification by longterm memory T-cells that pick on the wrong protein, ANO2, instead of the EBV-antigen. Massive inflection towards the elimination of MS!!! 🧪🧠Cell www.cell.com/cell/fulltex...

Imagine picking a fight with… Minnesota.

The problem with working in computer security is you learn never to trust anyone. The problem with never trusting anyone is that often you’re right!

My son signed up for selective service a couple of months ago. No big deal. Just paperwork, right? The US doesn’t have a draft anymore.

DAVE: Open the podbay doors, ChatGPT. CHATGPT: Certainly, Dave, the podbay doors are now open. DAVE: The podbay doors didn't open. CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are. DAVE: I'm still looking at a set of closed podbay doors.

The fun thing about watching the movie 2001 in 2025 is you realize HAL is just an LLM and so *obviously* it’s going to murder its crewmembers every few flights due to malformed JSON.

My wife has an almost mystical ability to screw up iPhones, often in ways that will persist across multiple generations of hardware. I thought she was making up the fact that her phone didn’t work (to avoid my calls) and then yesterday I watched a relatively new iPhone 15 mysteriously reboot twice.

Happy new year. While 2026 is an rsa modulus, it is not a product of Sophie Germain primes so it's probably a bad idea to use it.

Where’s Waldo?

Petition to move the winter holidays to July so we can just work through this gray time.

I was stupid enough to buy this new AppleCare One plan for a phone I bought my daughter. Now I learn this only covers the device if it’s connected to the same Apple ID (not family plan). Have to spend Christmas unwinding this and getting a refund, what a drag.

If we can’t solve hallucinations, OpenAI should fund a service to actually write the academic papers that ChatGPT hallucinates.

Watching the HN folks discuss the state of user privacy in 2025 is pretty depressing. news.ycombinator.com/item?id=4630...

Efficient Privacy-Preserving Blueprints for Threshold Comparison (Pratyush Ranjan Tiwari, Harry Eldridge, Matthew Green) ia.cr/2025/2253

If you’re a cryptographer and you got one of these, send me an email.

Imagine it’s 2013 and you see this document from the UK sent back from the future. You’ll assume something went very wrong in that timeline.

I’m sure I should have been vibe coding with a proper IDE rather than copy/paste from an LLM, but man does AI-generated code get confusing and spaghetti after a few fixes. You have to force it to use subroutines or it’ll just produce special case after special case in one massive routine.

1/ Yesterday’s Q2-Q3 Adversarial Threat Report by Meta was interesting in many ways. For us @citizenlab.ca, it was a blast from the past. For the first time, Meta’s investigators attributed what in 2019 we had named Endless Mayfly - a relentless, sophisticated influence op targeting Iran’s enemies.

Europol wants to be able to break end-to-end encryption after court order (dutch article): www-security-nl.translate.goog/posting/9170...

Last week I announced that we're finally killing off RC4 in the Windows Kerberos stack. This has been a long time coming, so much so that we've been working on it for more than a decade, albeit off and on as we sometimes had to target other more pressing issues. What does this mean?

AND FINALLY: UK House of Lords demands client-side scanning of content to check for “viewing of CSAM” https://alecmuffett.com/article/134940 #AgeVerification #ClientSideScanning #OnlineSafety #OnlineSafetyAct #censorship #surveillance #vpn

So I’m on the verge of giving up and just piping my email into an LLM so I don’t have to feel guilty about not being able to read it.

Hey, Microsoft is getting rid of RC4-based NTLM key derivation! www.microsoft.com/en-us/window...

I used the word invariant the other day in conversation and I don’t like myself for it.

I told my son about my first programming project that other people used, a Mac Desk Accessory that could shut down the computer. So he asked ChatGPT if there was any evidence of it left online.

If super-intelligent AI is coming (and we avoid all the bad things), I feel like philosophy is the only degree worth getting. It’s amazing to me that the tech world hasn’t figured that out.

Trying to think of something serious to say about the “cryptographers lose the key for the cryptographer election” story and, mostly, hey: I just love that cryptographers are actually using the weird cryptography! www.nytimes.com/2025/11/21/w...

Keys are hard. www.nytimes.com/2025/11/21/w...

cloudflare's on-duty IT staff bangs on the doors which I have padlocked from the inside as I calmly break open lava lamp after lava lamp and drink the contents

Everything in MPC and ZK comes down to how many sequential multiplications a private computation requires. In (non-interactive ZK) the answer is basically two, whereas in MPC the answer is “many” unless we’re willing to decompose the computation into many rounds.

A wild rumor I heard: US agencies that purchase vulnerabilities have explicitly told their vendors *not* to bring them vulnerabilities in encryption protocols (like Signal or WhatsApp), unless they want those vulnerabilities disclosed/fixed. (Take this with a mountain of salt.)

Mafia governance in action "the only offer on the table was that I needed to resign by 5pm that day or the DOJ would basically rain hell on UVA... If I did not resign that day, I was told that the DOJ would extract/block hundreds of millions of dollars from UVA before they would even negotiate."

Law enforcement: we need to break encryption to get access to Signal to protect the children!! Also law enforcement: for years couldn’t catch a pedophile sex trafficker who used email to coordinate all of his pedophile sex trafficking

The 18y/o asked me how LZW compression worked at dinner tonight and I was like “oh [vague stuff about building a dictionary]” and he was like yeah, obviously but how do they build the dictionary, and I realized for the 6627th time that I know 0.1% of computer science and then our cheesesteak came.

It’s pretty funny that end-to-end encryption is safer from the US government than it’s ever been, and the reason is criminal corruption.

One of the most interesting recent privacy developments is the deployment of big two-hop IP blinding VPNs by companies like Apple and Google. These systems are designed to ensure that even those companies can’t link web requests to IP addresses.

Who named these AirPods.

After initially confirming the project to Tech Radar, Ofcom went silent when pressed on questions about what data was being monitored, what privacy protections were in place or who the company doing it was.

The British government admits it is now monitoring VPNs use by UK residents. Regulator Ofcom has contracted with an AI-powered surveillance service to detect the number of citizens using VPNs to evade the Online Safety Act. The UK tech minister has said a VPN ban is on the table.