Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a dedicated, singular-focused blog post about this topic without worrying too much about tertiary matters. Here's the TL;DR: If you actually built your cryptography properly, you shouldn't give a shit which country hosts the ciphertext for your…

Dhole Moments

Jurisdiction Is Nearly Irrelevant to the Security of Encrypted Messaging Apps - Dhole Moments

Every time I lightly touch on this point, I always get someone who insists on arguing with me about it, so I thought it would be worth making a ded...

Checklists Are The Thief Of Joy I have never seen security and privacy checklists used for any other purpose but deception. After pondering this observation, I'm left seriously doubting if comparison checklists have any valid use case except to manipulate the unsuspecting. But before we get into that, I'd like to share why we're talking about this today. Recently, another person beat me to the punch of implementing MLS (RFC 9420) in TypeScript.

Dhole Moments

Checklists Are The Thief Of Joy - Dhole Moments

I have never seen security and privacy comparison tables (henceforth referred to simply as “checklists” for brevity) used for any other...

It is imperative that more of us make records of what is happening in America. Journal. Write letters to friends abroad. Preserve evidence of what the government is doing wrong, when it intersects with your path in life. Don't write anything that puts yourself or activists in legal jeopardy, but rather, the government's own crimes. You cannot rely on the corporate media to do this for you. You cannot rely on the fascists to care about giving you a chance to speak your truth. You have to make records so others can speak it in case the worst happens.

I think it's fair to say that Generative AI is the opposite of art.

Everybody shut up and look at this dhole

Bluesky Social

Dholes! (@dholeposting.bsky.social)

Me, at an interview a few years ago: Interviewer: "What do you know about zero-knowledge proofs?" Me: "I have zero knowledge on this matter. Not sure if I can prove it." (I didn't get the job. Maybe I should've asked for a witness.)

I genuinely do not understand people who have deep fried opinions about Signal needing a goddamn phone number in 2025. Many privacy nerds were outraged when you needed to give out a phone number *to other people* in order to talk with them. I was one of those nerds. They fixed that with the usernames rollout. As a mobile phone app, Signal uses your phone number to bootstrap your enrollment into the protocol. This is literally the path of least resistance as an SMS replacement app, for most users. If you want to know whether Signal can obtain enough metadata to target users that have enrolled, the answer is complicated. The way profiles are encrypted, and how sealed sender works, makes any targeting seem infeasible. (Your profile key rotates, at mininum, when you block someone.) Signal currently does not have IP addresses, etc. stored. If this changes in the future, it will not be retroactive. If you're worried about that, Molly boasts Tor support. Maybe that's fine. I haven't audited Molly, and won't.

Sometimes, I wish I was a better writer. Not a more technically capable one. A better one. A technically adept writer can hammer out essays, blog posts, etc. rapidly, with little guidance or support, and without requiring much editing. I've kind of got that one down (insofar as I only use conversational English where I can help it). Being technically proficient is useful, but on a totally different axis. My limited talent with words shows whenever I have to tackle any topic with extreme emotional weight--be it a blog post, or a private chat with another person in our community. And, as if some cruel joke, then I play a game like Deltarune which uses music to perfectly set the mood in ways that words alone would fail. In reflection, I think my problem is I only know how to speak to the rational part of the human psyche. But I don't know how to comfort, inspire, or motivate in the same way that artists do. Heh.

Hot take: ISO standards do not meaningfully matter to me, because an extremely impoverished, unbanked person cannot freely access their contents from a library computer. Therefore, I go out of my way to avoid referring to them or relying on them in anyway.

https://old.reddit.com/r/MadeMeSmile/comments/1kw821x/kindness_can_be_shown_in_many_ways/muh6pfn/?context=2 I left this comment on a popular Reddit thread, but thought folks here might also find it relatable. > The first time I flew first class (which was due to the kindness of another technologist who wanted to help me land a job by flying me to DEFCON), the way the other passengers treated the flight attendants disgusted me so much that I felt guilty sharing space with them. I tried to be kind and respectful in spite of the jerks, but it never sat right with me. > A few months later, another friend pointed out to me, if I hadn't been there, they would have had to deal with yet another rude, dehumanizing customer. It helps a bit. > "It costs nothing to be kind" misses the point, I think. > "Being unkind makes everyone poorer" is closer to the truth.