Truncated HMAC Security and Performance Trade-offs
RFC 2104 says you need at least 80 bits, but NIST's new SP 800-224 dropped the floor to 32 bits with a risk analysis requirement that nobody wants to explain.
Read more
Perplexity's Incognito Mode Is a Lie
A class action complaint alleges Perplexity shipped complete conversation transcripts to Meta and Google, even when Incognito Mode was switched on.
Proton Meet Isn't What They Told You It Was
Proton built Proton Meet to escape the CLOUD Act. They built it on CLOUD Act infrastructure. Their website promises "not even government agencies" can access your calls. The company routing them hands your call records to the government when asked. Proton hid them from their privacy policy.
Apple Obeyed Russia and Britain in the Same Week
This week Apple pulled VPN apps in Russia at Roskomnadzor's request and forced UK users to hand over government ID to keep using their phones normally.
axios Got Hijacked and Your Machine May Be Compromised
A stolen npm token was all it took to poison axios, the package with 100 million weekly downloads, and drop a cross-platform RAT on every developer who ran npm install this morning.