Really cool solution to a problem :)

Interested to understand why (or rather when) QUIC (HTTP3) outperforms TCP (HTTP2)? Check out my new WWW paper w/ triplewy on demystifying QUIC: cs.brown.edu/~tab/papers/QU… Hint: Performance is a function of implementation and operational choices not necessarily the protocol.

Come join our awesome team!

Verifiable Oblivious Pseudo-Random Functions with Public Metadata tools.ietf.org/html/draft-iye…

"PrivateStats: De-Identified Authenticated Logging at Scale" from Subodh Iyengar et al. at Facebook uses a PrivacyPass-like system based on Verifiable Oblivious PRFs: research.fb.com/wp-content/upl…

Cool work from Chen Hao on our Applied Privacy Technology team.

Awesome find by Mingtao and Kyle Nekritz on our transport security team of a potential MITM bug in curl curl.se/docs/CVE-2021-…. TLS session ticket handling can get tricky.

The QUIC transport is now RFC9000 rfc-editor.org/rfc/rfc9000.ht…. Amazing work by everyone. Like recent protocols like TLS 1.3 its already deployed to a huge % of the internet traffic even before RFC which is a testament to the success of the IETF process.

ALPACA attack is a cross-protocol attack on TLS: alpaca-attack.com Paper here: alpaca-attack.com/ALPACA.pdf

This is really cool work by the transport security team at FB on how we enforced encryption at scale in our datacenters engineering.fb.com/2021/07/12/sec…. spoiler alert, the story involves eBPF.

I’m thrilled to announce that Cupcake v0.2.1 is released! It features a 2x performance speed up for most operations. Check it out at github.com/facebookresear…

Our team is doing some awesome work on Homomorphic encryption for MPC.

For the past few months, a few of us at Meta have been working with Martin Thompson and Eric Rescorla on a proposal for a new way of privately counting how many conversions an ad campaign drove. Martin authored this post on the Mozilla blog about it: blog.mozilla.org/en/mozilla/pri…

Great work our teams at meta on raising the bar on the security of e2ee backups

I've been fascinated by managed charging and using cars as a battery to store solar electricity. I put together a fun project that that allows you to sync your solar generation with your tesla so that the charge rate varies based on solar generation github.com/siyengar/solar…

We’ve built a better way for clients to authenticate in a de-identified manner ➡️ Meta has open-sourced Anonymous Credential Service (ACS), a highly available multitenant service. Here's how we developed ACS & how you can use it. #opensource ow.ly/W0zc50M1Ege

Our team just open sourced our work on de-identified authentication with ACS x.com/fb_engineering…

Proud of the work done at WA (with my team's help ;)) to be a leader in privacy-by-design at scale. First E2EE backup and now Key Transparency that lets you verify your encryption keys are authentic with little friction: engineering.fb.com/2023/04/13/sec… Kevin Lewi Sean Lawlor