When plastic surgeons seek a meaningful break from their profitable yet banal jobs, some aid missions to economically stressed nations, fixing cleft palates and other deformities for free. If you had a paid 6mo to do anything meaningful with infosec skills, what would it be?

I turn on my PC.

The local wildlife are immediately sterilised by the excessive output from my four exposed nuclear reactors running at a critically risky heat output.

The sound of 10,000 cooling fans deafens the city’s morning traffic as my warehouse of 500 parallel-chained AMD Razer Threadrippers bursts into life, forming the equivalent processing power of 2015 in one room.

Nearby, my cluster of Nvidia 5090 Test Cards begins to warp the local time continuum as they calculate answers man was never meant to know.

Very gently, I open Microsoft Teams.

Instantly, the already deafening noise of fans increases to a murderous wail as they try to keep my equipment at operating temperatures. A nuclear reactors’ fusion catches up with its cooling and explodes destroying the lives of millions. The floor begins to melt away as my processors over clocked ten-fold reach critical mass and descend directly into hell. My Nvidia cluster collapses into a singularity and begins to devour the planet.

Quickly now, I open a text chat, it’s a bit laggy.

The sheer struggle of loading some text destroys the remaining systems. Me and my equipment are deleted from reality by an unknown overseer.

Humanity is not ready for instant messaging

Do not use centralized messengers. I cannot emphasize this hard enough. Do not ever install or use a non-metadata-secure messenger.

This is all very alpha-quality proof of concept and not polished or reliable or audited or secure against many threat models, but it could be if refined enough. I hope it inspires people to embed censorship and metadata security everywhere. Let me know if you want the full code

Show thread

This is self-contained in an html and a javascript file and can be saved on your device, even last I checked, iDevices, and with a URL change make its websocket and WebRTC connections without depending on the same JS running on the server or any app store's permissions.

Show thread

A final issue with web based crypto like ProtonMail or secure chat apps on centrally managed app stores is that authorities could (and do) compel backdoors to be inserted in the Javascript or app to steal all your messages, or could (and do) block the app from being available.

Show thread

Another big issue with secure chat apps is the fact that for those in greatest danger, like dissidents in oppressive regimes, even having one on your device is suspicious and may be enough to be persecuted. Visiting a mortgage calculator site though is far less suspicious.

Show thread

Inspired by Adam Langley's pond, every few seconds it sends the exact same size encrypted data chunks to peers. Receiving or sending a message should have no impact on the metadata seen by a passive adversary.

Show thread

Tor and I2P do this on a very large scale. But if you're really paranoid, adversaries with extensive global surveillance might be able to track data in those kinds of systems being sent from one node and forwarded by others. So this uses scheduled & dummy or padded transmissions

Show thread

But you know that ProtonMail trouble? Even seeing metadata like IP addresses, who's talking to who, is invasive and dangerous. So it uses a websocket with the server and negotiates WebRTC data connections with peers to create an onion-routing peer-to-peer metadata-hiding network

Show thread

Oh and there's a little chat box at the bottom. Lots of sites have chat. But this one runs a rust-compiled WASM binary that implements P-256 ECDH and ECDSA, and AES-GCM-SIV, generating an asymmetric keypair and saving it in your browser's local storage for end-to-end encryption.

Show thread

Every mortgage calculator I could find couldn't answer most relevant questions. Is it better to put more down or invest the money? When is buying points worth it? Do mortgages affect your taxes? Are VA fees justified? So I put together realratecalculator.com/ to quickly find out.

Show older