Show newer

I've only recommended one VPN service, ever (and no, I don't have any financial relationship to them): Mullvad. They have always seemed to be one of the few entities that practices the mantra, "You don't have to protect what you don't collect."

This quite a press release:

"Mullvad VPN was subject to a search warrant. Customer data not compromised
20 April 2023 NEWS

On April 18 at least six police officers from the National Operations Department (NOA) of the Swedish Police visited the Mullvad VPN office in Gothenburg with a search warrant.
They intended to seize computers with customer data.

In line with our policies such customer data did not exist. We argued they had no reason to expect to find what they were looking for and any seizures would therefore be illegal under Swedish law. After demonstrating that this is indeed how our service works and them consulting the prosecutor they left without taking anything and without any customer information.

If they had taken something that would not have given them access to any customer information.

Mullvad has been operating our VPN service for over 14 years. This is the first time our offices have been visited with a search warrant."


Why is ‘Juice Jacking’ Suddenly Back in the News?

Since I was just asking about this earlier today, I thought I'd share the nice article @briankrebs posted about it.

Probably the best known example is the OMG cable, a $180 hacking device made for professional penetration testers that looks more or less like an Apple or generic USB charging cable. But inside the OMG cable is a tiny memory chip and a Wi-Fi transmitter that creates a Wi-Fi hotspot, to which the attacker can remotely connect using a smartphone app and run commands on the device.

Brian Markus is co-founder of Aries Security, and one of the researchers who originally showcased the threat from juice jacking at the 2011 DEFCON. Markus said he isn’t aware of any public accounts of juice jacking kiosks being found in the wild, and said he’s unsure what prompted the recent FBI alert.

“The FBI replied that its tweet was a ‘standard PSA-type post’ that stemmed from the FCC warning,” Snopes reported. “An FCC spokesperson told Snopes that the commission wanted to make sure that their advisory on “juice-jacking,” first issued in 2019 and later updated in 2021, was up-to-date so as to ensure ‘the consumers have the most up-to-date information.’ The official, who requested anonymity, added that they had not seen any rise in instances of consumer complaints about juice-jacking.”
What can you do to avoid juice jacking? Bring your own gear. A general rule of thumb in security is that if an adversary has physical access to your device, you can no longer trust the security or integrity of that device. This also goes for things that plug into your devices.
Juice jacking isn’t possible if a device is charged via a trusted AC adapter, battery backup device, or through a USB cable with only power wires and no data wires present. If you lack these things in a bind and still need to use a public charging kiosk or random computer, at least power your device off before plugging it in.


Did you know Tesla has cameras both on the outside of vehicles and the inside, and everything is uploaded to Tesla? Anyhoo they’ve been exporting the videos, making memes of customers and then posting them on chat rooms.

I suspect that the majority of my mastodon followers got nerfed last week when the BitcoinHackers instance shut down. My feed is a ghost town.

If you see this post, please star it or comment so that I can get a sense of who is left.

I felt a great disturbance in the Fediverse, as if thousands of voices cried out in terror and were suddenly silenced as they were rugged by NVK. 🙃

My mastodon feed is still full of folks using the instance. Do y'all not realize that @nvk is gonna rug pull you soon?

Miniscript support fully merged in Bitcoin Core. Just for P2WSH now, but extending it to Taproot is being worked on.

I posted this on all my social media accounts. Here are the engagement stats:

Twitter (431,000 followers)

Nostr (4,800 followers)

Mastodon (2,800 followers)
3 retoots

I'm seeing nearly 50% as much engagement on nostr as on twitter, but with only 1% the audience size.

Assuming the stats are roughly accurate, it means nostr users are 50X more active than twitter users. Alternatively, it could mean that Twitter is 98% abandoned.

Covenants are a crucial piece of functionality that is missing from Bitcoin. It's amazing that developers have been discussing them for a DECADE without settling on a proposal.

It's grant-seeking season for me, and I wrote up what I have been working on in 2022 and what I plan to work on this year: continuing my current Bitcoin network monitoring efforts.

I don't think mastodon has a great chance of gaining network effects so long as most of its content is just being mirrored from folks' tweets. Makes it seem like a waste of time for me to scroll through content I've already seen.

Great article by @lopp: The Death of Decentralized Email: A historical review of the multi-decade centralization and capture of the email protocol.

Its hard not to think Bitcoin has failed to provide meaningful end-user control or real societal value with a cursory glance at today's reality, but the fate of Bitcoin has not been sealed. Quite the opposite - it is still early, and by treating Bitcoin not as something which should be improved, but as something which should be taken out back and shot does a disservice to the entire cypherpunk movement.

Do not measure Bitcoin by the inspirational goals people assigned to it on its first release. If we measure the internet by the same metric, it, too, has failed. And maybe it has, but we cannot deny that it is used, daily, for many to communicate across the world instantly, even if more often than not via centralized platforms. Similarly, Bitcoin, today, allows many to transact across the world nearly instantly, even if more often than not via centralized platforms.

Like seemingly everything in this world, it is easier and more profitable for someone to build a centralized, controlling platform to extract rent and build a nice user interface than to build a decentralized, user-protecting product. The Internet only achieves user-protection when many people, like those building Mastodon, constantly build user-protecting systems which fill niches and promote their use. So too, Bitcoin only protects users when many people, preferably more from this community, build user-protecting systems on top of it - various privacy-focused wallets have seen increased adoption over the past years, lightning was created to allow for lower-value instant transactions, and also slowly sees increasing adoption. But these systems, like Bitcoin itself, are early and strapped for resources. Instead of dismissing their existence as useless, we should celebrate them, contribute code to them, and come up with new ideas.

Cypherpunks Write Code.

Project "archive all the content" has commenced - yesterday I transcribed 55 hours of podcast interviews in 10 hours on an RTX 2080Ti.

I feel dirty because I wrote my first windows powershell batch command! 😬

Tried setting up Whisper on my Windows gaming rig recently and it took me 3X as much work as on Linux due to multiple library compatibility issues. But I'm now ready to embark upon a massive transcription project!

I don't think mastodon has a great chance of gaining network effects so long as most of its content is just being mirrored from folks' tweets. Makes it seem like a waste of time for me to scroll through content I've already seen.

Show older

This server is a private instance for Jameson Lopp by Jameson Lopp