<p>Are you interested in a different kind of security conference?</p><p>Then take a look at the Open Security Conference (<span class="h-card"><a href="https://infosec.exchange/@OSCo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>OSCo</span></a></span>). <a href="/tags/osco25/" rel="tag">#osco25</a> takes place from October 2 to 5 in Rückersbach (Germany near Frankfurt) and registration is still open at <a href="https://opensecurityconference.org/" rel="nofollow"><span class="invisible">https://</span>opensecurityconference.org/</a>.<br>(this is an English version of the original German thread <a href="https://infosec.exchange/@realn2s/114936419689473030" rel="nofollow" class="ellipsis" title="infosec.exchange/@realn2s/114936419689473030"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@realn2s/1149</span><span class="invisible">36419689473030</span></a>)</p><p>Why?</p><p>The Open Security Conference aims to be diverse and inclusive. This also includes different levels of knowledge and experience.<br>It is therefore not only for security experts or for people who have (already) worked in the security sector for a long time,<br>but also for people who are interested in security or want to get into the field.</p><p>The <a href="/tags/openspace/" rel="tag">#OpenSpace</a> format not only enables expert presentations,<br>but also non-expert topics or questions as session topics. Sessions are not resticted to presentations, they can be interactive, collaborative, workshops or basically anything else.</p><p>Since topics do not have to be submitted months in advance,<br>but the agenda is created jointly by the participants, hot topics can also be covered.</p><p>The conference is non-commercial, i.e. the total costs are shared between the participants (including the organizers).<br>The costs include accommodation and meals in the conference hotel.</p><p>And yes, there are also sponsors who cover part of the costs.</p><p>But not everything is different.</p><p>There are great keynotes e.g. by <span class="h-card"><a href="https://mastodon.social/@bkastl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bkastl</span></a></span> ("History repeating itself") and Mireia Cano ("Building an AppSec Program from Scratch").</p><p><a href="/tags/cybersecurity/" rel="tag">#CyberSecurity</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/appsec/" rel="tag">#AppSec</a> <a href="/tags/productsecurity/" rel="tag">#ProductSecurity</a> <a href="/tags/otsecurity/" rel="tag">#OTsecurity</a></p>
security
<p>The war on crypto never ends. The war on privacy, civil rights, security and freedom of speech never ends.</p><p>This time we are dangerously close to lose. The "Child Sexual Abuse" (CSA) EU regulation proposal, more aptly nicknamed "ChatControl", will be voted AGAIN this October, and many countries who opposed it last year are now undecided. The proposal at its roots aims at allowing authorities to break end-to-end encryption for the usual reason: "because of the children". As a father of two, I am disgusted by this recurring, cheap rhetoric.</p><p>What you can do: <a href="https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo" rel="nofollow" class="ellipsis" title="www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo"><span class="invisible">https://</span><span class="ellipsis">www.patrick-breyer.de/en/posts</span><span class="invisible">/chat-control/#WhatYouCanDo</span></a></p><p><a href="/tags/eu/" rel="tag">#eu</a> <a href="/tags/csa/" rel="tag">#CSA</a> <a href="/tags/csam/" rel="tag">#CSAM</a> <a href="/tags/chatcontrol/" rel="tag">#ChatControl</a> <a href="/tags/privacy/" rel="tag">#privacy</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/surveillance/" rel="tag">#surveillance</a> <a href="/tags/authoritarianism/" rel="tag">#authoritarianism</a> <a href="/tags/crypto/" rel="tag">#crypto</a> <a href="/tags/cryptography/" rel="tag">#cryptography</a> <a href="/tags/civilrights/" rel="tag">#civilrights</a></p>
<p>Meine IT Sicherheits-Privatsphäre Übersicht für alle :-)</p><p>( 05.08.2025<br>Die weiterentwicklung von <a href="/tags/galyxos/" rel="tag">#GalyxOS</a> stagniert<br>wohl erstmal...)</p><p>als PDF: </p><p><a href="https://cryptpad.digitalcourage.de/file/#/2/file/Kvo0eIWc8SfCJYXTxujy+YlD" rel="nofollow" class="ellipsis" title="cryptpad.digitalcourage.de/file/#/2/file/Kvo0eIWc8SfCJYXTxujy+YlD"><span class="invisible">https://</span><span class="ellipsis">cryptpad.digitalcourage.de/fil</span><span class="invisible">e/#/2/file/Kvo0eIWc8SfCJYXTxujy+YlD</span></a></p><p>sachliches-Feedback wie immer, erwünscht :-)</p><p><a href="/tags/privatsphäre/" rel="tag">#Privatsphäre</a> <a href="/tags/datenschutz/" rel="tag">#Datenschutz</a> <a href="/tags/sicherheit/" rel="tag">#sicherheit</a><br><a href="/tags/security/" rel="tag">#security</a><br><a href="/tags/appstore/" rel="tag">#AppStore</a><br><a href="/tags/kryptografie/" rel="tag">#Kryptografie</a> <br><a href="/tags/passwort/" rel="tag">#Passwort</a> <a href="/tags/passwortmanager/" rel="tag">#PasswortManager</a> <a href="/tags/informationssicherheit/" rel="tag">#Informationssicherheit</a> <a href="/tags/informationsfreiheit/" rel="tag">#Informationsfreiheit</a> <a href="/tags/ifg/" rel="tag">#IFG</a> <a href="/tags/politik/" rel="tag">#Politik</a> <a href="/tags/gaming/" rel="tag">#Gaming</a> <a href="/tags/gog/" rel="tag">#gog</a> <a href="/tags/lutris/" rel="tag">#Lutris</a> <a href="/tags/android/" rel="tag">#Android</a><br><a href="/tags/mail/" rel="tag">#Mail</a> <a href="/tags/cloud/" rel="tag">#Cloud</a> <a href="/tags/browser/" rel="tag">#Browser</a> <a href="/tags/webbrowser/" rel="tag">#WebBrowser</a> <a href="/tags/verschlüsselung/" rel="tag">#Verschlüsselung</a> <a href="/tags/dns/" rel="tag">#DNS</a> <a href="/tags/veracrypt/" rel="tag">#VeraCrypt</a> <a href="/tags/fdroid/" rel="tag">#Fdroid</a> <a href="/tags/messenger/" rel="tag">#Messenger</a> <a href="/tags/threema/" rel="tag">#Threema</a> <a href="/tags/signal/" rel="tag">#Signal</a> <a href="/tags/linux/" rel="tag">#Linux</a> <a href="/tags/foss/" rel="tag">#Foss</a> <a href="/tags/opensource/" rel="tag">#OpenSource</a> <a href="/tags/unplugtrump/" rel="tag">#UnplugTrump</a> <a href="/tags/fediverse/" rel="tag">#Fediverse</a> <a href="/tags/menschenrechte/" rel="tag">#Menschenrechte</a> <a href="/tags/community/" rel="tag">#Community</a> <a href="/tags/linuxhelden/" rel="tag">#LinuxHelden</a> <br><a href="/tags/gamingonlinux/" rel="tag">#GamingonLinux</a> <a href="/tags/vpn/" rel="tag">#VPN</a> <a href="/tags/gegenrechtshilfe/" rel="tag">#GegenRechtsHilfe</a> <a href="/tags/fedilz/" rel="tag">#FediLZ</a> <a href="/tags/mastodon/" rel="tag">#Mastodon</a> <a href="/tags/shopping/" rel="tag">#Shopping</a> <a href="/tags/preppingforfuture/" rel="tag">#PreppingforFuture</a> <a href="/tags/prepping/" rel="tag">#Prepping</a> <a href="/tags/katastrophenvorsorge/" rel="tag">#Katastrophenvorsorge</a> <a href="/tags/schutzmaßnahmen/" rel="tag">#Schutzmaßnahmen</a> <a href="/tags/supportyourhinterland/" rel="tag">#supportyourhinterland</a> <a href="/tags/mobilfunk/" rel="tag">#Mobilfunk</a> <a href="/tags/newpipe/" rel="tag">#NewPipe</a> <a href="/tags/ublock/" rel="tag">#uBlock</a> <a href="/tags/medienkompetenz/" rel="tag">#Medienkompetenz</a> <a href="/tags/facebook/" rel="tag">#Facebook</a> <a href="/tags/instagram/" rel="tag">#Instagram</a> <a href="/tags/meta/" rel="tag">#Meta</a> <a href="/tags/youtube/" rel="tag">#YouTube</a> <a href="/tags/chatkontrolle/" rel="tag">#Chatkontrolle</a> <a href="/tags/überwachung/" rel="tag">#überwachung</a> <a href="/tags/matrix/" rel="tag">#Matrix</a> <a href="/tags/suchmaschine/" rel="tag">#Suchmaschine</a> <a href="/tags/tastatur/" rel="tag">#Tastatur</a> <a href="/tags/2fa/" rel="tag">#2FA</a> <a href="/tags/nichtszuverbergen/" rel="tag">#Nichtszuverbergen</a></p>
Edited 243d ago
<p>🔒 Security Update for BotKit Users</p><p>We've released <a href="/tags/security/" rel="tag">#security</a> patch versions <a href="https://github.com/fedify-dev/botkit/releases/tag/0.1.2" rel="nofollow">BotKit 0.1.2</a> and <a href="https://github.com/fedify-dev/botkit/releases/tag/0.2.2" rel="nofollow">0.2.2</a> to address <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4" rel="nofollow">CVE-2025-54888</a>, a security <a href="/tags/vulnerability/" rel="tag">#vulnerability</a> discovered in <a href="/tags/fedify/" rel="tag">#Fedify</a>. These updates incorporate the latest patched version of Fedify to ensure your bots remain secure.</p><p>We strongly recommend all <a href="/tags/botkit/" rel="tag">#BotKit</a> users update to the latest patch version immediately. Thank you for keeping the <a href="/tags/fediverse/" rel="tag">#fediverse</a> safe! 🛡️</p><p><a href="/tags/fedidev/" rel="tag">#fedidev</a></p>
<p>We've released <a href="/tags/security/" rel="tag">#security</a> updates for <a href="/tags/hollo/" rel="tag">#Hollo</a> (<a href="https://github.com/fedify-dev/hollo/releases/tag/0.4.12" rel="nofollow">0.4.12</a>, <a href="https://github.com/fedify-dev/hollo/releases/tag/0.5.7" rel="nofollow">0.5.7</a>, and <a href="https://github.com/fedify-dev/hollo/releases/tag/0.6.6" rel="nofollow">0.6.6</a>) to address a <a href="/tags/vulnerability/" rel="tag">#vulnerability</a> in the underlying <a href="/tags/fedify/" rel="tag">#Fedify</a> framework. These updates incorporate the latest Fedify security patches that fix <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-6jcc-xgcr-q3h4" rel="nofollow">CVE-2025-54888</a>.</p><p>We strongly recommend all Hollo instance administrators update to the latest version for their respective release branch as soon as possible.</p><p>Update Instructions:</p><p>Railway users: Go to your project dashboard, select your Hollo service, click the three dots menu in deployments, and choose “Redeploy”<br>Docker users: Pull the latest image with docker pull ghcr.io/fedify-dev/hollo:latest and restart your containers<br>Manual installations: Run git pull to get the latest code, then pnpm install and restart your service</p>
<p>***infosec specialists are needed in the resistance ***</p><p>The world needs tech security specialists to run workshops at public libraries for all ages & abilities to remove spyware, AI, reduce surveillance, understand the issues, & for more advanced, move to Linux, degooglefy, etc.</p><p>Libraries will pay good wages for these workshops. <br>If you have these skills, please consider offering them. </p><p><a href="/tags/libraries/" rel="tag">#libraries</a> <a href="/tags/library/" rel="tag">#library</a> <a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/infosec/" rel="tag">#infosec</a> <a href="/tags/privacy/" rel="tag">#privacy</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/activism/" rel="tag">#activism</a> <a href="/tags/antifa/" rel="tag">#antifa</a> <a href="/tags/resistance/" rel="tag">#resistance</a></p>
<p>Following the success (sarcasm!) of my previous post "Battle of IMs", I decided it's time to write another post where I try to articulate in a technical but snarky way my view on the wonderful world of social media, and which one is best among the mainstream and non-mainstream ones. This is a long post, reviewing 14 different "socials".</p><p><a href="https://gagliardoni.net/#20250818_battle_of_socials" rel="nofollow" class="ellipsis" title="gagliardoni.net/#20250818_battle_of_socials"><span class="invisible">https://</span><span class="ellipsis">gagliardoni.net/#20250818_batt</span><span class="invisible">le_of_socials</span></a></p><p><a href="/tags/socialmedia/" rel="tag">#socialmedia</a> <a href="/tags/social/" rel="tag">#social</a> <a href="/tags/privacy/" rel="tag">#privacy</a> <a href="/tags/selfsovereignty/" rel="tag">#selfsovereignty</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/digitalsovereignty/" rel="tag">#digitalsovereignty</a> <a href="/tags/mastodon/" rel="tag">#mastodon</a> <a href="/tags/nostr/" rel="tag">#nostr</a> <a href="/tags/bluesky/" rel="tag">#bluesky</a> <a href="/tags/ssb/" rel="tag">#ssb</a> <a href="/tags/securescuttlebutt/" rel="tag">#securescuttlebutt</a> <a href="/tags/facebook/" rel="tag">#facebook</a> <a href="/tags/meta/" rel="tag">#meta</a> <a href="/tags/tiktok/" rel="tag">#tiktok</a> <a href="/tags/threads/" rel="tag">#threads</a> <a href="/tags/x/" rel="tag">#x</a> <a href="/tags/twitter/" rel="tag">#twitter</a> <a href="/tags/diaspora/" rel="tag">#diaspora</a> <a href="/tags/friendica/" rel="tag">#friendica</a> <a href="/tags/linkedin/" rel="tag">#linkedin</a> <a href="/tags/xing/" rel="tag">#xing</a> <a href="/tags/instagram/" rel="tag">#instagram</a></p>
Is it just me, or has the number of captcha challenges significantly increased over the past few months? Nowadays I feel like I'm being hit with captchas all day every day, where before it was relatively rare. It is especially noticeable on sites I visit frequently, have accounts with, and presumably have cookies for.<br><br><a href="/tags/captcha/" rel="tag">#captcha</a> <a href="/tags/securitytheater/" rel="tag">#SecurityTheater</a> <a href="/tags/infosec/" rel="tag">#infosec</a> <a href="/tags/cybersecurity/" rel="tag">#CyberSecurity</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/dev/" rel="tag">#dev</a> <a href="/tags/internet/" rel="tag">#internet</a> <a href="/tags/web/" rel="tag">#web</a><br><br><br>
<p>🔒 Security Release: BotKit 0.3.1</p><p>We've released BotKit 0.3.1 with an important security fix.</p><p>This update addresses CVE-2025-68475 (High severity, CVSS 7.5), a ReDoS vulnerability in Fedify's HTML parsing that could cause denial of service.</p><p>If you're using BotKit 0.3.x, please upgrade to 0.3.1 as soon as possible.</p><p>📦 <a href="https://github.com/fedify-dev/botkit/releases/tag/0.3.1" rel="nofollow">Release notes</a><br>🔐 <a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93" rel="nofollow">Security advisory</a></p><p><a href="/tags/botkit/" rel="tag">#BotKit</a> <a href="/tags/fedify/" rel="tag">#Fedify</a> <a href="/tags/activitypub/" rel="tag">#ActivityPub</a> <a href="/tags/fediverse/" rel="tag">#fediverse</a> <a href="/tags/security/" rel="tag">#security</a></p>
<p>Security Update: Hollo 0.6.19 Released</p><p>We have released Hollo 0.6.19 to address a security vulnerability in Fedify's HTML parsing code.</p><p>This vulnerability (CVE-2025-68475) is a ReDoS (Regular Expression Denial of Service) issue that could allow an attacker to cause service unavailability by sending specially crafted HTML responses during federation operations. The malicious payload is small (approximately 170 bytes) but can block the Node.js event loop for extended periods.</p><p>We strongly recommend all Hollo operators upgrade to version 0.6.19 immediately.</p>FieldDetailsCVE<a href="https://github.com/fedify-dev/fedify/security/advisories/GHSA-rchf-xwx2-hm93" rel="nofollow">CVE-2025-68475</a>SeverityHigh (CVSS 7.5)ActionUpgrade to Hollo 0.6.19<p><a href="/tags/hollo/" rel="tag">#Hollo</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/fediverse/" rel="tag">#Fediverse</a> <a href="/tags/activitypub/" rel="tag">#ActivityPub</a></p>
<p>Today, I had the pleasure of meeting <span class="h-card"><a href="https://respublicae.eu/@HennaVirkkunen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>HennaVirkkunen</span></a></span> , the <a href="/tags/eu/" rel="tag">#EU</a> Commission Vice President in charge of Tech Sovereignty, <a href="/tags/security/" rel="tag">#Security</a> & <a href="/tags/democracy/" rel="tag">#Democracy</a>, at the invitation of the Austrian Chancellery and Digital State Secretary Alexander Pröll, at their summit on 🇪🇺 <a href="/tags/digitalsovereignty/" rel="tag">#digitalsovereignty</a> </p><p>Together with <span class="h-card"><a href="https://chaos.social/@c3wien" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>c3wien</span></a></span>, <span class="h-card"><a href="https://social.wikimedia.de/@WikimediaAT" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>WikimediaAT</span></a></span>, <span class="h-card"><a href="https://chaos.social/@epicenter_works" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>epicenter_works</span></a></span> & <span class="h-card"><a href="https://mastodon.social/@dpgalliance" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dpgalliance</span></a></span> we are calling for open protocols & <a href="/tags/interoperability/" rel="tag">#interoperability</a> to be strengthened when building public digital infrastructure ✨ <br> <br><a href="/tags/fedidiplomacy/" rel="tag">#Fedidiplomacy</a><br><a href="/tags/fediforum/" rel="tag">#Fediforum</a></p>
Edited 206d ago
<p>Hey Fediverse, I wrote a little book (<a href="/tags/noai/" rel="tag">#noai</a>).</p><p>It's got beavers, snow, surf, games, coding, data entry, literary references, masks, vaccines and a race to the airport!</p><p>It's total FREE! And I'll even mail anyone a copy on request (see about).</p><p><18k words.</p><p><a href="https://2qx.github.io/monterey-protocols" rel="nofollow" class="ellipsis" title="2qx.github.io/monterey-protocols"><span class="invisible">https://</span><span class="ellipsis">2qx.github.io/monterey-protoco</span><span class="invisible">ls</span></a></p><p><a href="/tags/vermont/" rel="tag">#vermont</a> <a href="/tags/elbowsup/" rel="tag">#elbowsup</a> <a href="/tags/maskup/" rel="tag">#maskup</a> <a href="/tags/vaccines/" rel="tag">#vaccines</a> <a href="/tags/smallpox/" rel="tag">#smallpox</a> <a href="/tags/nonproliferation/" rel="tag">#nonproliferation</a> <a href="/tags/books/" rel="tag">#books</a> <a href="/tags/publichealth/" rel="tag">#publichealth</a> <a href="/tags/nurses/" rel="tag">#nurses</a> <a href="/tags/healthworkers/" rel="tag">#healthworkers</a> <a href="/tags/opsec/" rel="tag">#opsec</a> <a href="/tags/security/" rel="tag">#security</a></p>
Edited 32d ago
Once again blocked from using a website I've used regularly for years because of "unusual activity" from "your IP". After passing a captcha, no less.<br><br>Somehow bot-detecting algorithms have been degrading over time.<br><br>This is a troubling trend because people who aren't using the anointed access points of the internet struggle more and more to connect and interact. Large entities like CloudFlare choke off more and more avenues of access in the name of "security", enforcing digital checkpoints without any accountability to anyone.<br><br><a href="/tags/dev/" rel="tag">#dev</a> <a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/web/" rel="tag">#web</a> <a href="/tags/bot/" rel="tag">#bot</a> <a href="/tags/darkpattern/" rel="tag">#DarkPattern</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/infosec/" rel="tag">#infosec</a> <a href="/tags/cybersecurity/" rel="tag">#cybersecurity</a> <a href="/tags/checkpoint/" rel="tag">#checkpoint</a><br>
<p>🇦🇹 Austria's Armed Forces have replaced MS Office with LibreOffice on 16,000+ workstations 📄</p><p>This shift began in 2020 to avoid mandatory cloud reliance ☁️<br>Their goal? Digital sovereignty—not cost saving 🔒<br>They even contributed 5+ person-years of code 🛠️<br>EU trend toward open-source grows 🇪🇺</p><p><span class="h-card"><a href="https://fosstodon.org/@libreoffice" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>libreoffice</span></a></span><br><span class="h-card"><a href="https://mastodon.social/@itsfoss" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>itsfoss</span></a></span></p><p>🔗 <a href="https://news.itsfoss.com/austrian-forces-ditch-microsoft-office/" rel="nofollow" class="ellipsis" title="news.itsfoss.com/austrian-forces-ditch-microsoft-office/"><span class="invisible">https://</span><span class="ellipsis">news.itsfoss.com/austrian-forc</span><span class="invisible">es-ditch-microsoft-office/</span></a></p><p><a href="/tags/technews/" rel="tag">#TechNews</a> <a href="/tags/libreoffice/" rel="tag">#LibreOffice</a> <a href="/tags/linux/" rel="tag">#Linux</a> <a href="/tags/opensource/" rel="tag">#OpenSource</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/foss/" rel="tag">#FOSS</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/europe/" rel="tag">#Europe</a> <a href="/tags/eu/" rel="tag">#EU</a> <a href="/tags/microsoft/" rel="tag">#Microsoft</a> <a href="/tags/cloud/" rel="tag">#Cloud</a> <a href="/tags/digitalsovereignty/" rel="tag">#DigitalSovereignty</a> <a href="/tags/government/" rel="tag">#Government</a> <a href="/tags/defense/" rel="tag">#Defense</a> <a href="/tags/innovation/" rel="tag">#Innovation</a> <a href="/tags/technology/" rel="tag">#Technology</a></p>
Edited 187d ago
<p>From somewhere at <a href="/tags/39c3/" rel="tag">#39c3</a></p><p><a href="/tags/quantum/" rel="tag">#quantum</a> <a href="/tags/cryptography/" rel="tag">#cryptography</a> <a href="/tags/security/" rel="tag">#security</a></p>
<p>Yes. Yes, you've seen correctly. There's going to be an Open Security Conference 2026! 😍</p><p>🗓 Save the dates: November 5-8, 2026. ✅</p><p><a href="https://opensecurityconference.org/" rel="nofollow"><span class="invisible">https://</span>opensecurityconference.org/</a></p><p><a href="/tags/osco/" rel="tag">#osco</a> <a href="/tags/osco26/" rel="tag">#osco26</a> <a href="/tags/cybersecurity/" rel="tag">#CyberSecurity</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/appsec/" rel="tag">#AppSec</a> <a href="/tags/productsecurity/" rel="tag">#ProductSecurity</a> <a href="/tags/otsecurity/" rel="tag">#OTsecurity</a> <a href="/tags/openspace/" rel="tag">#OpenSpace</a> [lisi]</p>
<p>So, another day, another leak of 70000 people's government IDs, from Discord this time.</p><p>It seems to me that websites shouldn't be *allowed* to collect personal information unless it is absolutely necessary (an address so that they can delver a package). But we instead seem to be moving in the opposite direction with Governments around the world demanding that various websites collect ID for age verification. This is bad.</p><p><a href="https://arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/" rel="nofollow" class="ellipsis" title="arstechnica.com/security/2025/10/discord-says-hackers-stole-government-ids-of-70000-users/"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">10/discord-says-hackers-stole-government-ids-of-70000-users/</span></a></p><p><a href="/tags/it/" rel="tag">#it</a> <a href="/tags/security/" rel="tag">#security</a></p>
<p>After my assembly <a href="/tags/39c3/" rel="tag">#39c3</a> talk on the topic, here’s a more in-depth analysis on the <a href="/tags/security/" rel="tag">#security</a> of data and metadata in <a href="/tags/xmpp/" rel="tag">#XMPP</a> : <a href="https://blog.mathieui.net/xmpp-and-metadata.html" rel="nofollow" class="ellipsis" title="blog.mathieui.net/xmpp-and-metadata.html"><span class="invisible">https://</span><span class="ellipsis">blog.mathieui.net/xmpp-and-met</span><span class="invisible">adata.html</span></a></p><p>I’m sure I missed a lot of things, but since the only reference on the topic is the - now defunct - infosec handbook website with the "admin in the middle" article, I guess that could be useful to somebody.</p>
In 2025 the web has more security checkpoints than an American airport.<br><br><a href="/tags/tech/" rel="tag">#tech</a> <a href="/tags/dev/" rel="tag">#dev</a> <a href="/tags/web/" rel="tag">#web</a> <a href="/tags/internet/" rel="tag">#internet</a> <a href="/tags/securitytheater/" rel="tag">#SecurityTheater</a> <a href="/tags/cybersecurity/" rel="tag">#cybersecurity</a> <a href="/tags/infosec/" rel="tag">#infosec</a> <a href="/tags/security/" rel="tag">#security</a><br>
<p>GmsCompatConfig version 168 released:</p><p><a href="https://github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-168" rel="nofollow" class="ellipsis" title="github.com/GrapheneOS/platform_packages_apps_GmsCompat/releases/tag/config-168"><span class="invisible">https://</span><span class="ellipsis">github.com/GrapheneOS/platform</span><span class="invisible">_packages_apps_GmsCompat/releases/tag/config-168</span></a></p><p>See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.</p><p>Forum discussion thread:</p><p><a href="https://discuss.grapheneos.org/d/33369-gmscompatconfig-version-168-released" rel="nofollow" class="ellipsis" title="discuss.grapheneos.org/d/33369-gmscompatconfig-version-168-released"><span class="invisible">https://</span><span class="ellipsis">discuss.grapheneos.org/d/33369</span><span class="invisible">-gmscompatconfig-version-168-released</span></a></p><p><a href="/tags/grapheneos/" rel="tag">#GrapheneOS</a> <a href="/tags/privacy/" rel="tag">#privacy</a> <a href="/tags/security/" rel="tag">#security</a> <a href="/tags/gmscompat/" rel="tag">#gmscompat</a></p>
<p>Overwhelmed by randomness of my toots? Protip: you don't need to follow me/people, you can just follow hashtags for interaction. I use several, like: <br><a href="/tags/infosec/" rel="tag">#InfoSec</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/venice/" rel="tag">#Venice</a> <a href="/tags/food/" rel="tag">#Food</a> <a href="/tags/art/" rel="tag">#Art</a> <a href="/tags/f1/" rel="tag">#F1</a> <a href="/tags/caturday/" rel="tag">#Caturday</a> (yup) & <a href="/tags/lazypip/" rel="tag">#LazyPip</a> <a href="/tags/education/" rel="tag">#Education</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/photography/" rel="tag">#Photography</a> <a href="/tags/motorbike/" rel="tag">#Motorbike</a> & <a href="/tags/ducati/" rel="tag">#Ducati</a> <a href="/tags/thenetherlands/" rel="tag">#theNetherlands</a> <a href="/tags/photochallenge/" rel="tag">#PhotoChallenge</a></p>
<p>We are excited to share our latest work on making secure messaging more decentralized!</p><p>We've developed DMLS – a new approach that brings fork resilience to the MLS protocol, solving a key challenge in distributed systems while maintaining Forward Secrecy.</p><p>This work was made possible by eQualitie, who funded it as part of the SplinterCon Breakout program.</p><p><a href="/tags/cryptography/" rel="tag">#Cryptography</a> <a href="/tags/messaginglayersecurity/" rel="tag">#MessagingLayerSecurity</a> <a href="/tags/decentralizedmessaging/" rel="tag">#DecentralizedMessaging</a> <a href="/tags/messaging/" rel="tag">#Messaging</a> <a href="/tags/opensource/" rel="tag">#OpenSource</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/e2ee/" rel="tag">#E2EE</a> <a href="/tags/encryption/" rel="tag">#Encryption</a></p><p><a href="https://blog.phnx.im/making-mls-more-decentralized/" rel="nofollow" class="ellipsis" title="blog.phnx.im/making-mls-more-decentralized/"><span class="invisible">https://</span><span class="ellipsis">blog.phnx.im/making-mls-more-d</span><span class="invisible">ecentralized/</span></a></p>
<p>I have to venture into <a href="/tags/passkey/" rel="tag">#passkey</a> land for something at work, so now I have two <a href="/tags/yubikey/" rel="tag">#yubikey</a> devices on order.<br>I heard I need at least two ... Any other advice or best practices to keep in mind?</p><p><a href="/tags/linux/" rel="tag">#Linux</a> <a href="/tags/security/" rel="tag">#Security</a></p>
<p>Legal experts called DHS’ move to use driver’s license data for citizenship checks more evidence of federal overreach.</p><p>“The administration wants to get as much data as it can, however it can, whenever it can.”<br><a href="https://www.propublica.org/article/dhs-citizenship-checks-drivers-license-data?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post" rel="nofollow" class="ellipsis" title="www.propublica.org/article/dhs-citizenship-checks-drivers-license-data?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post"><span class="invisible">https://</span><span class="ellipsis">www.propublica.org/article/dhs</span><span class="invisible">-citizenship-checks-drivers-license-data?utm_source=mastodon&utm_medium=social&utm_campaign=mastodon-post</span></a></p><p><a href="/tags/news/" rel="tag">#News</a> <a href="/tags/dhs/" rel="tag">#DHS</a> <a href="/tags/immigration/" rel="tag">#Immigration</a> <a href="/tags/data/" rel="tag">#Data</a> <a href="/tags/privacy/" rel="tag">#Privacy</a> <a href="/tags/security/" rel="tag">#Security</a> <a href="/tags/law/" rel="tag">#Law</a> <a href="/tags/trump/" rel="tag">#Trump</a></p>
<p>Never forget this:</p><p><a href="https://www.irishtimes.com/world/us/2025/12/12/its-surreal-us-sanctions-lock-international-criminal-court-judge-out-of-daily-life/" rel="nofollow" class="ellipsis" title="www.irishtimes.com/world/us/2025/12/12/its-surreal-us-sanctions-lock-international-criminal-court-judge-out-of-daily-life/"><span class="invisible">https://</span><span class="ellipsis">www.irishtimes.com/world/us/20</span><span class="invisible">25/12/12/its-surreal-us-sanctions-lock-international-criminal-court-judge-out-of-daily-life/</span></a></p><p>All it takes is a single tantrum.</p><p>Here's where you can sign up for Proton email, calendar, VPN, etc...</p><p><a href="https://pr.tn/ref/90A9QAFA" rel="nofollow"><span class="invisible">https://</span>pr.tn/ref/90A9QAFA</a></p><p><a href="/tags/security/" rel="tag">#security</a> <a href="/tags/politics/" rel="tag">#politics</a> <a href="/tags/canada/" rel="tag">#canada</a> <a href="/tags/usa2026/" rel="tag">#usa2026</a></p>