Translation: they are proposing a bill that says you cannot under any circumstances use a computer for any purpose without allowing the United States government continuous monitoring and a backdoor
Post from Vercels Twitter account. "We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems, impacting a limited subset of customers. Please see our security bulletin:"
Vercel hasn't posted this on Bluesky yet but they have a very significant security leak.
Welp, there goes my Sunday. Damn it man.
If you have anything hosted on Vercel, take action now.
Abstract. The Double Ratchet (DR) protocol is a core security component of several end-to-end encrypted communications services, primarily Signal Messenger, WhatsApp, and Facebook Messenger, servicing billions of users. In this work, we provide the first formal analysis of the DR covering all of its features, including out-of-order message arrivals. This analysis is highly automated, allows for all possible key compromises and notably proves Post-Compromise Security (PCS). We also provide partial results for the security of more complex protocol variants, these being the extension of the DR with encrypted headers, and composition with PQXDH as the initial key-exchange. Our analysis uncovered three attacks on the protocol, two of which we confirmed to be present in the main implementation, and a third which exists in the specification. Each of these attacks weakened or broke Forward Secrecy, and are to the best of our knowledge the first such known attacks. In each case, the issues were reported to the Signal developers and subsequently fixed. Overall, our analysis provides new guarantees of the security of Signal Messenger, and demonstrates the high level of security provided by the DR under a variety of strong threat models.
Image showing part 2 of abstract.
Automated formal analysis of Signal’s Double Ratchet: attacks, fixes and security proofs (Vincent Cheval, Charlie Jacomme, Jessica Richards) ia.cr/2026/727
Privacy stalwarts in Congress just bought us 10 more days to put together a bill that actually reforms Section 702. Keep pushing.
Its not too late to submit your talk, panel, or session to Policy@ DEF CON 34! This years theme is Agency. CFP Closes 1May26
defcon.org/html/defcon-...
NEW: Hackers are exploiting unpatched Windows vulnerabilities that were disclosed publicly by a disgruntled researcher.
The researcher published code to exploit these bugs on GitHub. Now someone else has taken the code and used it in at least one attack in the wild, according to a security firm.
nonzero chance the FBI is plugging LLMs into wiretap data under the legal theory AI alone can’t implicate 4th amendment concerns (semi-known 702 issue). or the NSA has now hard coded wiretaps across all newly built US data centers due to expanded ECSP scope. or probably both.
BREAKING: A jury has found Live Nation and Ticketmaster to be an illegal monopoly that overcharges fans.
After the federal government settled the case, 34 states kept pursuing the giant ticket and concert company.
Now, the states have won.
Why the SCOTUS geofence warrant case to argued in two weeks might be decided on narrow grounds— a thought on Chatrie, the first in a series. First few paras in the screenshot. reason.com/volokh/2026/...
was once New Amsterdam.
red.anthropic.com/2026/mythos-... people keep being astonished at them doing the kind of exploits you can only pull off if you never get tired - when their most unique skill is they don’t ever get tired.
Alright, it's official! 💰
@matthewdgreen.bsky.social and I bet on what will break first, ML-KEM-768 or X25519. The loser donates to a 501(c)(3) picked by the winner.
If you have an opinion on quantum computers or lattices, you can join with a side bet. Just submit a PR!
github.com/FiloSottile/...
President Trump is urging Congress to renew Section 702 of the Foreign Intelligence Surveillance Act, but lawmakers in both parties oppose extending it without reforms. Congress now has a chance to protect Americans’ privacy. bit.ly/4tASUmW
Reminder: All the amazing high quality video you’re seeing from the Artemis II mission is being transmitted back to Earth using a laser communications system first tested with a video of a cat named Taters
youtu.be/GvJtVOmFs5Q?...
Another year, and another secret ruling from the FISA court showing the FBI is violating Americans' privacy via NSA surveillance.
When will Congress finally learn and actually require a warrant for Americans' communications under FISA Section 702?
New from 404 Media: the FBI was able to extract incoming Signal messages from a phone even though the app was deleted. Why? Because parts of messages were stored in the iPhone's internal notification database. Shows how secure chat data can come from unexpected places www.404media.co/fbi-extracts...
sourcing request: I am looking for recruiters or managers at major tech companies who are trying to hire cybersecurity talent. if that's you, and you want to talk to me on background or on-record, please get in touch! contact info in my bio.
Would you like to help us test Privacy Badger for Safari on macOS? You'll need Safari 26 and Apple's TestFlight app.
If this sounds good, please send an email to extension-devs at eff.org and we'll send you an invite when the build is ready.
"‘Creepy surveillance’: why some cities are shutting down Flock cameras amid privacy concerns," via The Guardian. www.theguardian.com/us-news/ng-i...
Recently former NSA General Counsel Glenn Gerstell published a @lawfaremedia.org piece on FISA 702
Despite claiming to fact check a Brennan Center brief on the topic, the piece is riddled with misleading claims, it contains no less than 4 key factual errors...
www.lawfaremedia.org/article/fisa...
"A Cryptography Engineer’s Perspective on Quantum Computing Timelines" from Filippo Valsorda who is the coolest and smartest words.filippo.io/crqc-timeline/
On Tuesday, I wrote "well of course your conversations with AI chatbots count as contents of electronic communications; we know that from 20 years of lawsuits over alleged ECPA violations based on web tracking."
Well look what got filed the SAME DAY! storage.courtlistener.com/recap/gov.us...
Quake in the Santa Cruz mountains. earthquake.usgs.gov/earthquakes/...
This cat knows how to enjoy life..😂
TT: moonkitty874
This is an interview that is well worth your time: youtu.be/QkC1aK7jfLo
Don’t miss this one! Cindy is amazing, you’ll want to tune in and hear how she really breaks things down about the fight for privacy.
The Supreme Court says ISPs aren’t responsible for everything their users do online. That means your access to the internet is less likely to be cut off over accusations alone. www.eff.org/deeplinks/2...
