Signal just rolled out centralized backups, and the guy who announced it has quite the resume. Jim O'Leary, Signal's VP of Engineering since 2019, spent the previous eight years building surveillance infrastructure at Twitter and Facebook.
Brave Browser handles 94 million users monthly with zero dependency on Google or Microsoft servers, and Big Tech should be terrified of what this proves.
BGPStream enables automated BGP hijack detection through real-time routing analysis and CLI automation that identifies prefix hijacking and generates security alerts for network operators.
Cloud password managers aren't protecting your data, they're collecting it for profit while making you the product in a surveillance economy that profits from your digital enslavement.
Most ECDH implementations contain fatal flaws that let attackers recover private keys through mathematical manipulation.
I2P garlic routing provides enhanced anonymity through multi-layered encryption and timing correlation resistance mechanisms that protect hop metadata and defeat traffic analysis attacks.
Monero view keys enable transaction detection without spending authority, but the operational security requirements around view key management expose users to surveillance risks that the privacy coin community rarely discusses honestly.
theHarvester custom modules enable specialized OSINT collection through LinkedIn enumeration and breach data correlation, providing comprehensive intelligence gathering capabilities for security research.
Syncthing connects your devices directly to each other, eliminating corporate surveillance while navigating complex network security challenges that most users never consider.
Shamir's Secret Sharing splits a secret into multiple pieces called shares, where any specified number of shares can reconstruct the original secret, but fewer shares reveal nothing.
The UK government secretly demanded that Apple build a permanent backdoor into iCloud encryption that would have compromised the privacy of millions of users worldwide.
Tor onion v3 services utilize Ed25519 cryptography and sophisticated descriptor rotation protocols to achieve enhanced security and scalability for anonymous hidden service operations.
Monero
Monero subaddress scanning optimization achieves 10-20x performance improvements through batch processing, parallel algorithms, and database indexing for high-volume wallet synchronization.
crypto
Customer service at company's and organizations usually sucks. Cake Wallet's should be the industry standard. Yet another reason why banks suck.
Amass
Amass-Nmap integration creates automated reconnaissance pipelines combining comprehensive subdomain enumeration with detailed port scanning and service detection for complete attack surface mapping.
Tails
Tails persistent volumes combine LUKS disk encryption with anti-forensic measures and plausible deniability techniques to protect sensitive data while maintaining operational security.
![[URGENT] DEF CON Researcher Exposes How Password Managers Betray Your Trust](/content/images/size/w600/2025/08/password-manager-issue.jpg)
cybersecurity
Czech security researcher Marek Tóth demonstrated at DEF CON 33 how a single click on any malicious website can steal passwords, credit cards, and 2FA codes from 40 million users of major password managers, with vendors like 1Password and LastPass refusing to fix the vulnerabilities.
AES-GCM
AES-GCM nonce reuse enables complete cryptographic compromise through forbidden attacks that recover authentication keys and forge arbitrary ciphertexts via polynomial interpolation in finite fields.
IPFS
libp2p PubSub maintains reliable message propagation under 40-60% node churn through GossipSub protocols, mesh healing algorithms, and adaptive peer scoring that ensures delivery guarantees.
nextdns
NextDNS just proved you can fight policy overreach at the resolver, with a user‑controlled toggle that doesn’t ask for your papers.
Monero
CLSAG signatures reduce Monero transaction sizes by 25% through efficient ring signature aggregation while maintaining identical anonymity guarantees and preventing double-spending via deterministic key images.
SpiderFoot
SpiderFoot CLI automation enables large-scale subdomain enumeration and threat intelligence gathering through 200+ reconnaissance modules, processing thousands of targets while maintaining operational security.
Nextcloud
Nextcloud E2EE implements client-side encryption with hierarchical key management, enabling zero-knowledge cloud storage where server administrators cannot access encrypted file contents even with full system privileges.
![How Weak Passwords Beat Strong Passwords [video]](/content/images/size/w600/2025/08/yt.png)
infosec
Password stretching is cool, in this video we look at the basics.