evacide

Director of Cybersecurity
@EFF
/ Co-founder of
@stopstalkerware
/ These are my opinions, not my employers’ / I did a TED talk once

Public Key

npub18wn0jd3p7n6u3y7mc46p0hpx3cmtv9k3mu82rc0lhkg3rdyf590s3wshpx

NIP-05 Address

[email protected]

Profile Code

nprofile1qqsrhfhexcslfawgj0du2aqhmsngud4kzmga7r4pu8lmmyg3kjy6zhcpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs6amnwvaz7tmwdaejumr0ds62uuw4

Publishing to

relay.damus.io

nos.lol

Author Public Key

npub18wn0jd3p7n6u3y7mc46p0hpx3cmtv9k3mu82rc0lhkg3rdyf590s3wshpx

Show more details

Last Notes

2026-04-09 18:49:06 CEST

EFF is finally leaving X and here is a blog post about why: https://www.eff.org/deeplinks/2026/04/eff-leaving-x

2026-04-07 21:58:55 CEST

I was really hoping to go through life without needing to know what the plural of "apocalypse" is.

2026-04-07 00:02:47 CEST

"I'm just going to let people be wrong on the internet" remains the single most difficult New Year's Resolution I have ever made, hands down. Nothing else comes close.

2026-04-02 23:43:20 CEST

Several years after I locked up my account and stopped using twitter, I have finally updated my staff bio by deleting my Twitter username and adding the URL for my Mastodon account. It feels like the end of an era.

2026-04-01 22:49:41 CEST

Sometimes I wonder if working from home for so long has turned me into a goblin who cannot be trusted to interact with other people without making it weird. Then I remember that I have always been a goblin who cannot be trusted to interact with other people without making it weird.

2026-04-01 03:54:42 CEST

Good news for people with older iPhones. Patch your stuff.
https://www.wired.com/story/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool/

2026-03-31 20:31:04 CEST

EFF's Cindy Cohn sat down to talk to Jon Stewart on the Daily Show about 30 years of fighting for digital privacy. I think that's pretty cool. https://www.youtube.com/watch?v=QkC1aK7jfLo

2026-03-28 20:09:39 CET

My open tabs indicate that I got halfway through ordering a pair of high-waisted black sequinned booty shorts last night and then fell asleep. Let it never be said that I don't know how to party.

2026-03-28 04:40:06 CET

Yael's post demonstrates something about digital privacy/security that I think a lot of people miss: there is no right answer, just a series of trade-offs. And every person has to make their own decisions about which trade-offs are worthwhile. https://blog.yaelwrites.com/options-for-phones-at-protests/

2026-03-27 00:42:28 CET

If you are traveling to or through Hong Kong, here is a new thing to consider when you are deciding whether or not to take your devices with you and how you should set them up.
https://hk.usconsulate.gov/security-alert-2026032601/

2026-03-25 18:10:48 CET

No really, I am not kidding when I say that the data broker industry must be destroyed: https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic

2026-03-24 00:34:10 CET

People will react to news of major security vulns with "The only way to stay secure is to live as a hermit and throw your devices into the sea" and then keep chattering on the internet in a deeply unhermitlike manner while not throwing their devices into the sea.

2026-03-23 22:55:50 CET

If you have an iPhone, today is a good day to make sure you are running the latest software. https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/

2026-03-23 03:08:08 CET

- reply

@nprofile…s8xx It is possible that for some threat models, a burner phone for DEFCON is appropriate. But I have been to 20ish DEFCONs and I have never felt the need to bring one.

2026-03-22 21:47:59 CET

Some tips on giving digital privacy/security advice: if you tell people they absolutely need to do a long list of difficult and expensive things before they travel, people will nod and smile and then not do it at all. This is why my advice focuses on harm reduction and understanding trade-offs.

2026-03-22 20:15:56 CET

For people who are concerned about having their devices seized at US airports starting Monday when ICE "assists" the TSA, EFF has this guide: https://www.eff.org/deeplinks/2025/06/journalist-security-checklist-preparing-devices-travel-through-us-border

2026-03-20 04:53:13 CET

The data broker industry must be destroyed: https://www.theverge.com/news/897145/kash-patel-ron-wyden-fbi-location-data-no-warrant

2026-03-18 21:14:47 CET

Hey, why is everyone talking about Caesar Chavez all of the sudden?
Oh.
Oh no.

2026-03-18 20:46:15 CET

It sure is a cool and normal time to be working at a civil liberties non-profit in the United States.
https://www.cbsnews.com/news/fbi-irs-investigate-nonprofits-domestic-terrorism-links/

2026-03-10 05:16:55 CET

Attribution is hard. And there is a difference between getting a contractor on the record attributing the toolkit and a bunch of infosec dudes sitting around pontificating about how "everyone knows."
https://techcrunch.com/2026/03/09/an-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor/

2026-03-04 21:00:57 CET

I aspire to one day have a fraction of the confidence of a mediocre white man sitting down to do an interview with Isaac Chotiner.

2026-03-03 07:44:45 CET

What a stupid time to have a degree in International Relations.

2026-03-02 22:29:01 CET

When we talk about the problems with Bluetooth-enabled physical trackers, we usually talk about AirTags, but let us save some rage for Tile, powered by this paper discussing Tile's privacy, security, and accountability problems: https://arxiv.org/abs/2510.00350v1

2026-02-28 08:07:51 CET

The greatest joke that my brain chemistry plays on me is that every few years I get an idea for a novel, which I will outline, write several chapters for, and then never touch again.

2026-02-26 08:44:24 CET

I'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.

2026-02-22 00:40:18 CET

Hacktivists tried to find a workaround to Discord’s age-verification software, Persona. Instead, they found its frontend exposed to the open internet, and that was just the beginning.
https://www.therage.co/persona-age-verification/

2026-02-19 22:56:59 CET

Anonymously threatening a security researcher seems like a shooting-yourself-in-the-dick level bad decision. Kudos to Allison Nixon for not taking any shit.
https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

2026-02-19 20:56:37 CET

The most monstrous lie that I regularly tell myself is "I'll get that work done while I'm on the plane."

2026-02-09 04:33:27 CET

I've spent the last year learning Spanish just so I could understand Bad Bunny lyrics.

2026-02-06 01:50:16 CET

Trying to explain compartmentalization to activists, but the biggest stumbling block is that most people become activists by accident, so their activism is deeply enmeshed with all of their existing accounts, platforms, and devices.

2026-02-03 21:26:56 CET

Every once in a while, someone gets the genius idea of impersonating me online and I spend an afternoon looking for the most chaotic way to make them regret that choice.

2026-02-02 19:18:45 CET

Notepad++ publishes a blog post saying they caught a probably-Chinese state actor hijacking their product in an attack against highly-selective targets that began last June: https://notepad-plus-plus.org/news/hijacked-incident-info-update/

2026-02-02 05:10:16 CET

Why do your organizing over Signal? So that you don't do your organizing on an app that hasn't been tested or reviewed, run by a guy who doesn't tell his users about data breaches and security problems.
https://www.ibtimes.co.uk/stopice-hacked-names-locations-over-100k-users-were-sent-fbi-ice-hsi-1775307

2026-02-01 01:45:10 CET

Planning to film ICE? Wired has a guide for that: https://www.wired.com/story/how-to-film-ice/

2026-01-30 21:29:48 CET

How many people here would be interested if I did a digital security/privacy advice blog somewhere?

2026-01-29 23:45:16 CET

This is your regular reminder that I do not owe you an argument defending a position that you have decided that I hold. Indeed, I do not owe you an argument about anything.

2026-01-26 20:47:42 CET

Hello, it's me. I'm the one training the resistance in the diabolically professional OPSEC of setting disappearing messages in the Signal group chat.

2026-01-25 22:34:51 CET

You don't need superspy-level OPSEC in order to protest fascism. But protest does involve risk. My goal when I teach people about digital privacy/security is to make sure that people understand what risks they're taking so they can make appropriate mitigations while still accomplishing their goals.

2026-01-16 19:46:55 CET

Trying to protect everything from everyone all the time is a good way to drive yourself crazy. This is why we threat model. Here is EFF's Surveillance Self Defense guide to putting together your security plan, also known as threat modeling: https://ssd.eff.org/module/your-security-plan

2026-01-16 01:59:32 CET

If you are organizing folks in Minneapolis right now, you may find this guide to Signal for beginners by @nprofile…upkm useful: https://freedom.press/digisec/blog/signal-beginners/

2026-01-15 20:02:57 CET

Project Zero releases a 0-click exploit chain for the Pixel 9. This one targets the Pixel, but the 0-click bug and exploit techniques used also apply to most other Android devices.
https://projectzero.google/2026/01/pixel-0-click-part-1.html

2026-01-12 04:21:08 CET

This is your regular reminder that authoritarianism is just domestic abuse writ large.
https://www.reddit.com/r/Minneapolis/comments/1qa3pmm/boxed_in_by_ice/?share_id=yENO8ZsExaP3fz058MD_f&utm_medium=android_app&utm_name=androidcss&utm_source=share&utm_term=1

2026-01-11 02:55:23 CET

Sometimes I read the threads that experienced activists write about how to behave at protests because it reminds me that the kinds of replies I get when I give digital privacy/security advice aren't just for me.

2026-01-09 09:16:01 CET

We are 9 days into 2026 and my New Years' Resolution to just let people be wrong on the internet is already is truly testing the limits of my willpower.

2026-01-09 08:55:21 CET

- reply

There is no one-size-fits-all solution for digital safety at protests. You need to decide in advance what your goals are, what is important for you to protect, and what is likely to happen to you, and threat model accordingly.

2026-01-09 08:50:00 CET

- reply

But if it is important to you to maintain your anonymity at a protest, consider leaving your phone at home, or at least turning it on/off only once you are well out of the neighborhood.

2026-01-09 08:47:47 CET

- reply

There are other reasons you might want to take a cheap/disposable/burner phone to a protest, such as making sure that if you are arrested, the police don't seize/break/confiscate your main phone.

2026-01-09 08:45:32 CET

If you don't want ICE to know you were at a protest, taking a burner phone is not going to help you stay anonymous if you go home afterwards. https://www.404media.co/inside-ices-tool-to-monitor-phones-in-entire-neighborhoods/

2026-01-06 21:49:41 CET

All that the Turing Test proves is that human are much, much stupider than Alan Turing ever suspected.

2026-01-06 21:02:55 CET

Want to know how to track Homeland security spending by looking through government databases? EFF's Dave Maass has put together a handy how-to: https://www.eff.org/deeplinks/2025/12/homeland-security-spending-trail-how-follow-money-through-us-government-databases

2026-01-05 00:29:20 CET

This year, for my mental health, I'm going to practice just letting people be wrong on the internet.

2025-12-19 01:32:21 CET

The push for the TikTok ban was bipartisan and stupid. But the Trump administration's goals for the ban have always been crystal clear: to place control of TikTok in the US in the hands of people chosen by and indebted to Trump.

2025-12-18 08:19:59 CET

- reply

@nprofile…889j You did so much good work this year.

2025-12-16 01:55:01 CET

I can't believe I have to say this, but please do not take revolutionary OPSEC advice from YA novels Cory Doctorow wrote almost twenty years ago.

2025-12-13 00:19:12 CET

NYT reports that the TSA is giving ICE a list of every person who's to be taking a domestic flight inside the US so ICE can run it through their database looking for targets.
I'm not a lawyer, but I feel like the 4th Amendment has something to say about this.
https://www.nytimes.com/2025/12/12/us/politics/immigration-tsa-passenger-data.html?unlocked_article_code=1.8E8.lG_B.SvLF8g3CXiKG&smid=bs-share

2025-12-05 21:17:39 CET

2025 Year In Review: Not feeling so great about the rule of law. Zero stars.

2025-12-03 22:47:00 CET

I don't dress for the male gaze. I dress for a women who are old enough to be my mother, wear oversized jewelry, and say things like "I'd dye my hair that color."

2025-11-21 19:19:03 CET

Age verification is not the way to keep kids safe on the internet. CDT has some thoughts about what kind of child safety policies and features might actually be effective: https://cdt.org/insights/what-kids-and-parents-want-policy-insights-for-social-media-safety-features/

2025-11-16 23:00:30 CET

I gave a talk about fascism at a conference and the first reply to the conference's post on X with a photo of me in front of my slides is a rando word-vomiting about how Hitler was working for the Zionists, in case you're wondering how that place is going.

2025-11-12 03:02:23 CET

Brennan Lee Mulligan with Josh on Mythical Kitchen, eating his perfect last meal and being interviewed for more than an hour, is so wholesome and life-affirming: https://www.youtube.com/watch?v=CLVdWyNljP8

2025-11-10 01:07:56 CET

After two trips to the hardware store and approximately $25 in bits and bobs that did not work, I fixed the catch on my antique dresser cabinet with a single screw.

2025-11-05 21:47:31 CET

Cybersecurity professionals/ransomware negotiators turned out to be running a ransomware gang. https://breached.company/when-the-defenders-become-the-attackers-cybersecurity-experts-indicted-for-blackcat-ransomware-operations/

2025-11-04 21:48:57 CET

If you are shocked that I'm happy that a man responsible for the deaths of hundreds of thousands of people is dead, I have terrible news for you about all of my other opinions.

2025-10-23 07:22:46 CEST

If you think that Signal is an op and totally backdoored, my recommendation is that you should plan all of your crimes over Telegram group chat.

2025-10-22 18:48:58 CEST

Every quote in this story from the founder of Ring, Jamie Siminoff has been designed in a lab to illustrate the single most wrongheaded approach to technology, surveillance, privacy, and crime: https://www.theverge.com/tech/804052/ring-jamie-siminoff-book-ding-dong-release-date-interview

2025-10-18 22:19:28 CEST

Whoever decided that the San Francisco No Kings protest should start at the same location as the bougie weekend farmers market is a political genius.

2025-10-17 20:44:21 CEST

If your protest privacy/security advice does not start with a discussion of threat models, it is probably not good advice.

2025-10-13 06:03:48 CEST

"A soldier knows what to do when they encounter another soldier. But an air-humping frog?"
@sarahjeong.bsky.social on the shitposting/aura farming era of American politics.
https://www.theverge.com/policy/798491/frog-portland-trump-national-guard

2025-10-06 19:03:11 CEST

As the prophecy foretold, a major platform's third-party age verification system has been hacked and hackers had access to the government ID images of Discord's users.
https://www.tomsguide.com/computing/online-security/discord-users-suffers-the-first-high-profile-age-verification-hack-and-its-unlikely-to-be-the-last

2025-09-10 01:36:59 CEST

- reply

I have spent many years willing to take big swings in my work because I knew that Cindy Cohn was the adult in the room. I am not ready to be the adult in the room.

2025-08-20 23:48:22 CEST

I take it all back, there ARE violent criminals on the streets of San Francisco. They're grabbing people off the street and pepper spraying journalists.
https://sf.gazetteer.co/i-reported-from-an-ice-action-on-sansome-and-all-i-got-was-a-face-full-of-pepper-spray

2025-08-20 20:25:26 CEST

You will sure be shocked to discover that I have some things to say about AI-powered "smart" glasses that give no indication that they are recording your every word.
https://techcrunch.com/2025/08/20/harvard-dropouts-to-launch-always-on-ai-smart-glasses-that-listen-and-record-every-conversation/

2025-08-19 19:14:56 CEST

The founders of the Tea app tried to recruit a female co-founder and face for the app, telling her "Tea has all the safety measures that Facebook lacked and more to ensure that only women are in the group."
https://www.404media.co/how-teas-founder-convinced-millions-of-women-to-spill-their-secrets-then-exposed-them-to-the-world/

2025-08-13 20:00:03 CEST

- reply

@nprofile…4dwe Trump will make an all-caps post of Truth Social. it will be devastating.

2025-08-12 23:38:22 CEST

It is sometimes necessary, in these difficult times, to spend an hour scrolling through clothing sites, hoping that one of these gowns is going to give you the strength to fight fascism.

2025-08-10 20:52:14 CEST

Even when I don't go to Vegas, the Vegas gossip comes to me.

2025-08-06 19:15:22 CEST

Ron Deibert is absolutely the voice that the infosec industry needs to be listening right now. We are in a moment where fascism is consolidating power and most of the infosec industry is either playing along or is busy bragging about how much AI they've shoved into their products.
https://techcrunch.com/2025/08/06/citizen-lab-director-warns-cyber-industry-about-us-authoritarian-descent/

2025-08-04 21:22:46 CEST

Listen, we are in a terrible and difficult time where the horrors can often feel overwhelming. Lean into the things that bring you joy. If that means that sometimes you're wringing that last drop of dopamine out of watching bad people suffer as the result of their poor choices, you do you.

2025-07-23 05:05:35 CEST

When I was a kid, I couldn't wait to be an adult because I imagined that adulthood would be a time when no one would interrupt me when I was trying to read.
If I could go back in time, I would tell that little girl she has never been more wrong about anything in her life.

2025-07-21 20:27:20 CEST

Writing the first draft of my FTC comments and wondering how many times I am allowed to write "fuck no, you shitweasel." https://www.ftc.gov/news-events/news/press-releases/2025/07/ftc-seeks-comment-petition-vacate-2021-order-related-provider-stalkerware-apps

2025-07-18 01:31:46 CEST

This is just to let
you know
I have taken
the plums
out of the icebox
because fruit is better
at room temperature

2025-07-15 00:12:37 CEST

Pour one out for every person writing questions for a US Constitutional Law exam in the year 2025.

2025-07-12 19:20:43 CEST

This is your regular reminder that if you are the smartest person in the room, go find another room. You are not going to run out of people or rooms.

2025-07-10 02:16:22 CEST

I've spent not-insignificant amount of time at protests in the US, looking for signs of IMSI catchers and never found anything, so when I saw this, my ears perked up:
https://san.com/cc/exclusive-evidence-of-cell-phone-surveillance-detected-at-anti-ice-protest/

2025-07-09 03:17:16 CEST

Google continues the industry-wide trend of jamming AI down users' throats, making it difficult or impossible to opt out, and potentially endangering the privacy of communications: https://www.neowin.net/guides/google-can-now-read-your-whatsapp-messages-heres-how-to-stop-it/

2025-07-05 23:30:40 CEST

I was feeling entirely too confident and capable, so I decided to train press-up to handstand and now I am going to be suffering through these drills and progressions for a good long time.

2025-07-02 21:51:35 CEST

Every once in a while, someone tells me that an abusive partner left them alone because they were afraid of what I would do if they didn't, and I feel like I have done something right.

2025-06-27 20:52:13 CEST

Website/device age verification is a privacy and security nightmare and everyone who tells you that this is a solved problem is lying to you.
https://gizmodo.com/supreme-court-says-age-verification-laws-for-porn-sites-are-constitutional-2000621265

2025-06-25 05:28:23 CEST

Do I think that the national Democratic Party will learn anything from Mamdani's win? No. Do I think it is important to enjoy a goddamn victory once in a while? Yes.

2025-06-15 21:03:23 CEST

APT1 partying like it's 2004-2013.
https://www.wsj.com/tech/cybersecurity/cyberattack-on-washington-post-compromises-email-accounts-of-journalists-70bf1300?mod=author_content_page_1_pos_1

2025-06-15 20:43:41 CEST

I would like to be Chrisjen Avasarala: impeccably-dressed, running things, swearing like a sailor.
But I am Camina Drummer: barely keeping it together, sort of in charge, with a lot of complicated relationships and a strong eyeliner game.

2025-06-13 23:03:38 CEST

Seriously, if you think that it is clever to respond to a guide with advice for journalists for protecting their devices when crossing the US border with "You just shouldn't ever go to the US!" please consider posting your response in your own timeline, where I will never have to see it.

2025-05-22 21:55:11 CEST

Me, looking at my work calendar: This is insane. No one can do this much work. I'm going to find the asshole that did this and give them a piece of my mind!
Me, looking in the mirror: Oh no.

2025-05-22 21:31:43 CEST

Did I mention that the data broker industry must be destroyed?
https://theintercept.com/2025/05/22/intel-agencies-buying-data-portal-privacy/

2025-05-14 06:07:50 CEST

Q&A from a talk I gave last week.
Q: "What do you think is the biggest threat in cybersecurity right now? Is it post-quantum computing? Is it AI?"
A: Fascism. It's fascism.

2025-04-30 21:14:29 CEST

The only way I can possibly touch enough grass to get through this day is to remove all of my clothes and roll around on a lawn.

2025-04-25 20:57:47 CEST

There is so much bad news out there right now that it is sometimes difficult to even see the wins.
https://www.nytimes.com/2025/04/25/us/politics/trump-student-visa-cancellations.html?unlocked_article_code=1.CU8.qevX.RyotrTomoS1e&smid=url-share

2025-04-25 04:57:37 CEST

"Signal is a commercially available app that is not authorized to be used for sensitive or classified information. It’s encrypted, but can be hacked."
This is just sloppy writing, implying that the problem with Signal is that someone might break its encryption.
https://apnews.com/article/hegseth-signal-chat-dirty-internet-line-6a64707f10ca553eb905e5a70e10bd9d

2025-04-24 20:48:01 CEST

For people who are looking to shield their identities in group chats: Signal does not store past handle IDs and 7 days after changing your handle, another Signal user can claim it.

2025-04-10 23:47:52 CEST

Big Law has failed to stand up to Trump and now infosec is following suit.
https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10/