Jameson Lopp @lopp@lopp.social

I've only recommended one VPN service, ever (and no, I don't have any financial relationship to them): Mullvad. They have always seemed to be one of the few entities that practices the mantra, "You don't have to protect what you don't collect."

This quite a press release:

"Mullvad VPN was subject to a search warrant. Customer data not compromised
20 April 2023 NEWS

On April 18 at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad VPN office in Gothenburg with a search warrant.
They intended to seize computers with customer data.

In line with our policies such customer data did not exist. We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law. After demonstrating that this is indeed how our service works and them consulting the prosecutor they left without taking anything and without any customer information.

If they had taken something that would not have given them access to any customer information.

Mullvad has been operating our VPN service for over 14 years. This is the first time our offices have been visited with a search warrant."

Source: https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/

https://krebsonsecurity.com/2022/07/a-deep-dive-into-the-residential-proxy-service-911/

Why is ‘Juice Jacking’ Suddenly Back in the News?

Since I was just asking about this earlier today, I thought I'd share the nice article @briankrebs posted about it.

Probably the best known example is the OMG cable, a $180 hacking device made for professional penetration testers that looks more or less like an Apple or generic USB charging cable. But inside the OMG cable is a tiny memory chip and a Wi-Fi transmitter that creates a Wi-Fi hotspot, to which the attacker can remotely connect using a smartphone app and run commands on the device.

Brian Markus is co-founder of Aries Security, and one of the researchers who originally showcased the threat from juice jacking at the 2011 DEFCON. Markus said he isn’t aware of any public accounts of juice jacking kiosks being found in the wild, and said he’s unsure what prompted the recent FBI alert.

“The FBI replied that its tweet was a ‘standard PSA-type post’ that stemmed from the FCC warning,” Snopes reported. “An FCC spokesperson told Snopes that the commission wanted to make sure that their advisory on “juice-jacking,” first issued in 2019 and later updated in 2021, was up-to-date so as to ensure ‘the consumers have the most up-to-date information.’ The official, who requested anonymity, added that they had not seen any rise in instances of consumer complaints about juice-jacking.”
What can you do to avoid juice jacking? Bring your own gear. A general rule of thumb in security is that if an adversary has physical access to your device, you can no longer trust the security or integrity of that device. This also goes for things that plug into your devices.
Juice jacking isn’t possible if a device is charged via a trusted AC adapter, battery backup device, or through a USB cable with only power wires and no data wires present. If you lack these things in a bind and still need to use a public charging kiosk or random computer, at least power your device off before plugging it in.

#JuiceJacking

Did you know Tesla has cameras both on the outside of vehicles and the inside, and everything is uploaded to Tesla? Anyhoo they’ve been exporting the videos, making memes of customers and then posting them on chat rooms. https://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/

Miniscript support fully merged in Bitcoin Core. Just for P2WSH now, but extending it to Taproot is being worked on.

https://x0f.org/@bitcoinmerges/109873838159047700

It's grant-seeking season for me, and I wrote up what I have been working on in 2022 and what I plan to work on this year: continuing my current Bitcoin network monitoring efforts.

https://b10c.me/blog/011-2022-review-and-2023-outlook/

I don't think mastodon has a great chance of gaining network effects so long as most of its content is just being mirrored from folks' tweets. Makes it seem like a waste of time for me to scroll through content I've already seen.

Its hard not to think Bitcoin has failed to provide meaningful end-user control or real societal value with a cursory glance at today's reality, but the fate of Bitcoin has not been sealed. Quite the opposite - it is still early, and by treating Bitcoin not as something which should be improved, but as something which should be taken out back and shot does a disservice to the entire cypherpunk movement.

Do not measure Bitcoin by the inspirational goals people assigned to it on its first release. If we measure the internet by the same metric, it, too, has failed. And maybe it has, but we cannot deny that it is used, daily, for many to communicate across the world instantly, even if more often than not via centralized platforms. Similarly, Bitcoin, today, allows many to transact across the world nearly instantly, even if more often than not via centralized platforms.

Like seemingly everything in this world, it is easier and more profitable for someone to build a centralized, controlling platform to extract rent and build a nice user interface than to build a decentralized, user-protecting product. The Internet only achieves user-protection when many people, like those building Mastodon, constantly build user-protecting systems which fill niches and promote their use. So too, Bitcoin only protects users when many people, preferably more from this community, build user-protecting systems on top of it - various privacy-focused wallets have seen increased adoption over the past years, lightning was created to allow for lower-value instant transactions, and also slowly sees increasing adoption. But these systems, like Bitcoin itself, are early and strapped for resources. Instead of dismissing their existence as useless, we should celebrate them, contribute code to them, and come up with new ideas.

Cypherpunks Write Code.