I know how to fight a long fight. I know how to triage and do harm reduction and how to play defense. But I am also very, very tired and I am going to need a minute before I can get back to work. 

 I cannot overstate how much everything described in this article indicates a giant rotten AI bubble that is set to messily implode: https://www.theverge.com/2024/10/3/24261160/elon-musk-xai-recruiting-party-openai-dev-day-sam-altman 

 Looking through my closet for something to wear to the EFF Awards this week, I ruled out my sequined jumpsuit because I've worn it to a work event before. Then I remembered that the work event in question was in December of 2017. 

 If you hear a scream across the internet right now, it is the sound I am making while reading the Internet Archive v. Hachette Books appeal, which IA has lost: https://www.wired.com/story/internet-archive-loses-hachette-books-case-appeal/ 

 I am waiting on analysis from Brazilian lawyers before I weigh in on how legal Brazilian court's decision to block X is, but I can safely say that the fines for individual users accessing the site over a VPN are crazypants. 

 This is your regular reminder that Google spent billions of dollars a year making their search engine the default while Google search results became increasingly tainted, nonsensical, and useless. 

 After years of being informed that I am in the pocket of Big Tech (alas, without making a Big Tech salary), I would like to announce that, like the Olympians, I am ready to be sponsored by Parmesan cheese. 

 I have been tremendously lucky in my career, but I have absolutely seen men get paid more for the same or less work with the same or fewer qualifications and I have seen men praised as geniuses for behavior that gets me called a bitch. 

 Microsoft says they are making a bunch of changes to Recall to mitigate the many, many security and privacy problems that researchers have found over the last week: 

https://www.theverge.com/2024/6/7/24173499/microsoft-windows-recall-response-security-concerns 

 When AirTags first came out and I warned that they were Apple's gift to stalkers, so many Apple fanboys told me that I was overreacting.

https://www.404media.co/email/ce4cec4d-51c3-4101-b2b4-2c9a64aee5e8 

 Who are the "supersharers" of fake news on Twitter? Republican Middle-aged white women living in Arizona, Florida, and Texas. 

https://www.science.org/doi/10.1126/science.adl4435 

 If you, a white person, feel the need to disguise yourself as a black person for any goddamn reason, how about you just don't? 

 One day I will do a massive thread of just the worst digital privacy and security advice that people have given in my mentions. 

 Threat models matter.

When a platform/service/app tells you they are “private” or “secure” always ask “from whom?” 

Criminals, domestic abusers, law enforcement, data brokers, and intelligence agencies are all different attackers with very different capabilities. 

 When I talk about digital privacy, there is always some smug genius who shrugs and tells me, "Who cares? We all know we don't have any privacy anyway." Nothing could be more wrong. Convincing you that the fight is already over to the way people in power get you to stop resisting. 

 "Cisgender is a slur" has some real "people pointing out racist behavior are the real racists" energy to it. 

 I see that everything is going fine over at the Hellsite.

https://media.hachyderm.io/media_attachments/files/112/441/143/269/589/043/original/90ef70fec1df7738.png 

 I have spent this week declining work requests that are unreasonable in scope or that make me uncomfortable and I would like a goddamn medal. 

 This is your regular reminder that most communications on Telegram are not end-to-end encrypted. Channels and groups are never end-to-end encrypted and 1-on-1 messages are only end-to-end when explicitly enabled. 

 Buying a new car in 2024 is a goddamn privacy nightmare, part 3591 of an endless series: https://sherwood.news/tech/how-to-opt-out-of-the-privacy-nightmare-that-comes-factory-installed-in-new/ 

 If you're the person who stole the package from my foyer, I hope you're enjoying Police and the Empire City: Race and the Origins of Modern Policing in New York. 

 This website says you should send it a photo of your partner's penis and they will tell you if they have an STD, using the power of AI. 

This is so misleading, inaccurate, dangerous, YIKES, that I assume it is an elaborate joke.

https://www.calmara.ai 

 You know what I absolutely do not want? A humanoid robot stumbling around my house, using the power of AI to confidently but incorrectly do my chores.

#tormentnexus 

https://thenextweb.com/news/1x-humanoid-robot-neo-investment 

 No, I don't want to know your "skincare secrets." Your skincare secret is that you are fifteen years younger than I am. 

 I did not have "unauthorized secret Lubovitcher tunnels" on my 2024 Bingo card, yet here they are: https://apnews.com/article/brooklyn-synagogue-chabad-tunnel-2c03a40c9150bdf6d9d899436789d8cf 

 There have been many stories of companies giving up user data to stalkers and other criminals pretending to be cops with emergency data requests, but this one stands out because it's so utterly shambolic. The stalker submitted his request using a protonmail address FFS.

https://www.404media.co/verizon-gave-her-data-to-a-stalker-this-has-completely-changed-my-life/ 

 Men, how often do you think about the Golden Path? 

 OpenAI has just booted Sam Altman as CEO and removed him from the Board of Directors and they are not being shy about their reasons.

https://openai.com/blog/openai-announces-leadership-transition

https://media.hachyderm.io/media_attachments/files/111/427/856/783/735/436/original/9ce56c38ebb37deb.png 

 Three hours of aerials is too many. Ow ow ow. 

 If you give privacy/security advice without an explicit threat model, all that you're doing is using an implicit threat model that may not match the needs of the person you're trying to help. 

 What is best in life? Watching stalkerware companies get taken down. I have popped all the popcorn: 

https://techcrunch.com/2023/10/05/spyhide-oospy-hacked-phone-spyware-shuts-down/ 

 There are two pretty interesting attacks in this breakdown of Intellexa products:

1. Jupiter, which can MITM HTTPS traffic to some websites that are hosted by an ISP in the customer country. 

2. Triton, which is a 0-click baseband attack on Samsung devices. 

https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/ 

 If you are an iPhone user who is likely to be targeted by government surveillance spyware, this is your reminder to turn on Lockdown Mode:

https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/ 

 If you live in the US, today is a good day to contact your congressional representative about opposing KOSA.

https://www.eff.org/deeplinks/2023/09/get-real-congress-censoring-search-results-or-recommendations-still-censorship 

 I need to film a video,write two keynotes, and work on a book digital surveillance and authoritarianism but my brain keeps trying to write an urban fantasy novel set in San Francisco in the 80's. 

 Today is a good day to read this excellent post by @97f35806 about predictive policing and then perhaps buy his book: https://www.eff.org/deeplinks/2020/09/technology-cant-predict-crime-it-can-only-weaponize-proximity-policing 

 October is both Cybersecurity Awareness Month and Domestic Violence Awareness Month, so it is my month of maximum awareness. 

 Sometimes I get a reply that is so monumentally stupid that I really miss quote post dunks. 

 If you're mad at EFF for making it possible to use Chrome with less tracking instead of yelling at people to use a different browser, then I assume you have never heard of harm reduction. Giving people digital privacy and security advice means meeting people where they're at. Otherwise, you're just running your mouth to make yourself feel smart. 

 Donate some extra money to Texas abortion funds today just to piss this guy off: 

https://jezebel.com/texas-abortion-fund-donor-names-lawsuit-1850884550 

 If you're not already using the Privacy Badger extension with your browser, you could always start now.

https://www.eff.org/deeplinks/2023/09/new-privacy-badger-prevents-google-mangling-more-your-links-and-invading-your 

 Man Known For Constantly Lying Lies Some More

https://www.theinformation.com/articles/musks-x-cuts-half-of-election-integrity-team-after-promising-to-expand-it 

 Sit back and enjoy @24fe2880 being right about things: https://techcrunch.com/2023/09/25/signals-meredith-whittaker-ai-is-fundamentally-a-surveillance-technology/ 

 Dedicated troll accounts don't target my posts on the bird site as often as one might think. When this happens, the only right move is to block immediately. But sometimes they call me an antisemite and for a split second I am tempted to respond. 

 In the year 2023, an Egyptian politician had malware delivered to his phone via MITM when he visited a website that was not using HTTPS.

This is why we must finish encrypting the goddamn web.

https://media.hachyderm.io/media_attachments/files/111/127/256/064/377/348/original/242298c8bc5e9fbf.png 

 There are mornings when I do not have the level of mental resiliency necessary to take on an inbox full of abuse cases and this is one of  them. 

 I will not be reading anything about Russell Brand or people defending Russell Brand because I have seen enough faux-leftist scumbags and their enablers to last me a lifetime. 

 Sometimes my life is gowns and keynotes and sometimes my life is getting selected for extra screening every time I’ve returned to the US for the last two years. 

 Thorn sucks and Ashton Kutcher sucks, but now they will suck separately.

https://time.com/6314436/ashton-kutcher-steps-down-thorn-danny-masterson/ 

 Adtech surveillance and spyware are merging in disturbing and surprising ways. Israeli companies are at the leading edge of undermining your privacy, as usual.

https://www.haaretz.com/israel-news/2023-09-14/ty-article-magazine/.highlight/revealed-israeli-cyber-firms-developed-an-insane-new-spyware-tool-no-defense-exists/0000018a-93cb-de77-a98f-ffdf2fb60000 

 The exiled remains of Russia's independent media are targeted for surveillance not just by Russia, but by many governments. 

https://www.accessnow.org/publication/hacking-meduza-pegasus-spyware-used-to-target-putins-critic/#behind-the-hacking 

 Security researchers love it when state actors send the malware to them directly. We are very lazy. 

Here's Google's TAG writing up a North Korean campaign targeting security researchers. Please enjoy. 

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/ 

 Everybody go update your iPhones. 

The new 0-click vuln exploited by NSO Group is sent via a malicious image in iMessage. 

https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ 

 A few weeks ago, I infected a phone with stalkerware and tracked a journalist (with her consent!) for Good Morning America: https://abcnews.go.com/GMA/News/video/risks-stalkerware-102955207