Haveno Brought Back the Arbitrator Multisig and Attackers Just Hijacked It

At 03:43 UTC on May 20, woodser opened an eight-line patch in TradeProtocol.java, and by the time it went up the exploit was already running against live RetoSwap trades.

Ageless Linux: Civil Disobedience Through Operating System

Ageless Linux is a Debian-based operating system project that has declared "full, knowing, and intentional noncompliance" with California's Digital Age Assurance Act, Cal. Civ. Code § 1798.501(a). Where most Linux distributions are quietly building age verification into their installers ahead of the January 2027 enforcement

Perplexity's Incognito Mode Is a Lie

A class action complaint alleges Perplexity shipped complete conversation transcripts to Meta and Google, even when Incognito Mode was switched on.

Proton Meet Isn't What They Told You It Was

Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.

Apple Obeyed Russia and Britain in the Same Week

This week Apple pulled VPN apps in Russia at Roskomnadzor's request and forced UK users to hand over government ID to keep using their phones normally.

axios Got Hijacked and Your Machine May Be Compromised

A stolen npm token was all it took to poison axios, the package with 100 million weekly downloads, and drop a cross-platform RAT on every developer who ran npm install this morning.

Europol Busted a Man Who Was Scamming Pedophiles

A Chinese national collected €345,000 from 10,000 people trying to buy CSAM, delivered nothing, and is still free — while 440 of his customers are now criminal suspects.

Fedware: 13 Government Apps That Spy Harder Than the Apps They Ban

The White House app ships with a sanctioned Chinese tracking SDK, the FBI app serves ads, and FEMA wants 28 permissions to show you weather alerts.

Canonical's GRUB Saboteur Has a 10-Year Plan

Julian Klode has been systematically stripping features from GRUB since 2021, and he built the replacement a decade ago.

Why I2P Sites Load So Slowly

Every I2P packet takes 12 hops just to complete a round trip, and the streaming library has to fake TCP on top of all that latency.

Tails 7.6 Hides Bridge Requests Behind CDN Traffic

Tails 7.6 uses domain fronting to hide Tor bridge requests from censors, replaces KeePassXC with GNOME Secrets for accessibility, and catches up on 18 months of Electrum releases.

Microsoft's "Fix" for Windows 11: Flowers After the Beating

Microsoft spent four years stuffing Windows 11 with ads, forced Copilot integrations, and bloatware, now they want applause for promising to remove it.

age verification

The Engineer Who Tried to Put Age Verification Into Linux

Dylan, useful idiot with commit access, pushed age verification PRs to systemd, Ubuntu & Arch, got 2 Microslop employees to merge it, called it 'hilariously pointless' in the PR itself, then watched Lennart personally block the revert. Unpaid compliance simp.

privacy

Ring Divorced Flock... Now they Spy with Axon

Amazon just canceled Ring's partnership with Flock Safety, a surveillance company operating over 100,000 automated license plate reader cameras across 49 states that scan more than 20 billion plates per month. The deal would have allowed law enforcement to request Ring doorbell footage through Flock's

dark web

Crystal Lake Man Gets 8 Years for Dark Web Facebook Meth Sales

James Ettleson ordered meth through dark web markets then advertised it on Facebook, earning 100 months in federal prison.

privacy

The Proton Problem

Proton has handed over user data in response to over 40,000 government orders since 2017. Their own transparency report shows a 94% compliance rate. Here's everything they don't want you to know, sourced from their own documents.

OpenClaw

OpenClaw's Security Theater Is a Gift to Law Enforcement

OpenClaw has racked up over 160 security advisories in the past year, excludes the primary attack vector from their security model, and has no bug bounty program. This is security in name only.

garlic routing

Garlic Routing: How I2P Bundles Messages to Frustrate Surveillance

The unidirectional tunnel requirement in I2P means a simple request-response involves four distinct paths, and garlic routing optimizes this architecture by packaging multiple messages together for efficient transport.

dread

Dread Pays $1,000 XMR for Good Writing

Dread is running a writing contest with $1,750 in Monero prizes and one very specific ban: AI-generated content.

apple

Apple's Mandatory ID... GrapheneOS is the Exit

Apple rolled identity verification into iOS 26.4 for UK users under the Online Safety Act, requiring credit card scans or government photo ID to confirm users are over 18. If you decline, app downloads and in-app purchases get restricted on a phone you already own. The system is expanding

tails

Tails 7.5 Ships New Tor Circuit Encryption

Tails 7.5 upgrades to Tor 0.4.9.5 with Counter Galois Onion encryption and patches over 30 high-severity Firefox vulnerabilities through Tor Browser 15.0.7.

botnet

A Botnet Accidentally Destroyed I2P (The Full Story)

On February 3, 2026, the I2P anonymity network was flooded with 700,000 hostile nodes in what became one of the most devastating Sybil attacks an anonymity network has ever experienced. The network normally operates with 15,000 to 20,000 active devices. The attackers overwhelmed it by a factor

Tor

Tor Browser 15.0.6 Ships New Circuit Encryption

Tor Browser 15.0.6 ships with Counter Galois Onion circuit encryption that eliminates tagging attacks, plus a heap buffer overflow patch from Firefox ESR 140.7.1.

whonix

Whonix 18.1.4.2 Patches a VM Fingerprinting Flaw

Whonix 18.1.4.2 disables VirtualBox dynamic resolution by default after developers discovered the auto-resize feature creates unique fingerprints that persist across reboots.