🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Apparently an Israeli company has forked Signal client and added features to retain messages for compliance. As someone in USG just said to me: what could go wrong? 404media.co/mike-waltz-acc…

Random things you find. telemessage.com/wp-content/upl…

EDRI is raising an alarm over the EC's plan to issue a technlolgy roadmap "lawful access to encrypted data" during Q2 this year. The same strategy document ProtectEU in other places pushes for privacy and for post-quantum cryptography. linkedin.com/posts/european… Critical to act now!

NEW: Google's Android 16 to feature optional high security mode. Advanced Protection has a bunch of requested features that address the kinds of threats we worry about. It's the kind of 'turn this one thing on if you face elevated risk' that we've been asking for from Google.

It’s weird how people are “opposed to surveillance” only until they get their hands on the surveillance apparatus. gizmodo.com/fbi-director-k…

JHU CS’ Matthew Green is on BlueSky worries that cases like Wang’s could make young engineers from China think twice about studying at U.S. universities & even motivate talented researchers who have lived here for decades to consider working abroad: “We may lose a huge amount of expertise.”

So my understanding was that Apple Secure Enclaves don’t have a remote device attestation process. But then someone suggested they use something like this to link driver’s licenses to a phone, and I’m trying to figure it out.

An update on the Dr. Xiaofeng Wang situation. storage.courtlistener.com/recap/gov.usco…

I wrote a bit about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a-b…

Matthew Green is on BlueSky Two of the realms are using HSMs, we will publish the key ceremonies in the not too distant future

1/ I think I have the answer! (blogpost at the bottom of 🧵) Original Q: How was WhatsApp able to patch a client-side vulnerability of malicious PDF parsing from the server-side, although server is not exposed to PDF content due to End-to-End Encryption (#E2EE)?