evacide

Director of Cybersecurity
@EFF
/ Co-founder of
@stopstalkerware
/ These are my opinions, not my employers’ / I did a TED talk once

Public Key

npub18wn0jd3p7n6u3y7mc46p0hpx3cmtv9k3mu82rc0lhkg3rdyf590s3wshpx

NIP-05 Address

[email protected]

Profile Code

nprofile1qqsrhfhexcslfawgj0du2aqhmsngud4kzmga7r4pu8lmmyg3kjy6zhcpz3mhxue69uhhyetvv9ujuerpd46hxtnfduqs6amnwvaz7tmwdaejumr0ds62uuw4

Publishing to

relay.damus.io

nos.lol

Author Public Key

npub18wn0jd3p7n6u3y7mc46p0hpx3cmtv9k3mu82rc0lhkg3rdyf590s3wshpx

Show more details

Last Notes

2026-04-02 21:43:20 UTC

Several years after I locked up my account and stopped using twitter, I have finally updated my staff bio by deleting my Twitter username and adding the URL for my Mastodon account. It feels like the end of an era.

2026-04-01 20:49:41 UTC

Sometimes I wonder if working from home for so long has turned me into a goblin who cannot be trusted to interact with other people without making it weird. Then I remember that I have always been a goblin who cannot be trusted to interact with other people without making it weird.

2026-04-01 01:54:42 UTC

Good news for people with older iPhones. Patch your stuff.
https://www.wired.com/story/apple-will-push-out-rare-backported-patches-to-protect-ios-18-users-from-darksword-hacking-tool/

2026-03-31 18:31:04 UTC

EFF's Cindy Cohn sat down to talk to Jon Stewart on the Daily Show about 30 years of fighting for digital privacy. I think that's pretty cool. https://www.youtube.com/watch?v=QkC1aK7jfLo

2026-03-28 19:09:39 UTC

My open tabs indicate that I got halfway through ordering a pair of high-waisted black sequinned booty shorts last night and then fell asleep. Let it never be said that I don't know how to party.

2026-03-28 03:46:19 UTC

- reply

There is a reason why most of my advice is phrased "If you are concerned about X...you may want to consider doing Y." It's not because I just love using a bunch of extra words.

2026-03-28 03:40:06 UTC

Yael's post demonstrates something about digital privacy/security that I think a lot of people miss: there is no right answer, just a series of trade-offs. And every person has to make their own decisions about which trade-offs are worthwhile. https://blog.yaelwrites.com/options-for-phones-at-protests/

2026-03-26 23:42:28 UTC

If you are traveling to or through Hong Kong, here is a new thing to consider when you are deciding whether or not to take your devices with you and how you should set them up.
https://hk.usconsulate.gov/security-alert-2026032601/

2026-03-25 17:10:48 UTC

No really, I am not kidding when I say that the data broker industry must be destroyed: https://www.npr.org/2026/03/25/nx-s1-5752369/ice-surveillance-data-brokers-congress-anthropic

2026-03-24 21:11:18 UTC

EFF announces its new Executive Director, Nicole Ozer: https://www.eff.org/press/releases/nicole-ozer-named-electronic-frontier-foundations-executive-director

2026-03-23 23:34:10 UTC

People will react to news of major security vulns with "The only way to stay secure is to live as a hermit and throw your devices into the sea" and then keep chattering on the internet in a deeply unhermitlike manner while not throwing their devices into the sea.

2026-03-23 21:55:50 UTC

If you have an iPhone, today is a good day to make sure you are running the latest software. https://techcrunch.com/2026/03/23/someone-has-publicly-leaked-an-exploit-kit-that-can-hack-millions-of-iphones/

2026-03-23 02:08:08 UTC

- reply

@nprofile…s8xx It is possible that for some threat models, a burner phone for DEFCON is appropriate. But I have been to 20ish DEFCONs and I have never felt the need to bring one.

2026-03-22 20:47:59 UTC

Some tips on giving digital privacy/security advice: if you tell people they absolutely need to do a long list of difficult and expensive things before they travel, people will nod and smile and then not do it at all. This is why my advice focuses on harm reduction and understanding trade-offs.

2026-03-22 19:15:56 UTC

For people who are concerned about having their devices seized at US airports starting Monday when ICE "assists" the TSA, EFF has this guide: https://www.eff.org/deeplinks/2025/06/journalist-security-checklist-preparing-devices-travel-through-us-border

2026-03-20 03:53:13 UTC

The data broker industry must be destroyed: https://www.theverge.com/news/897145/kash-patel-ron-wyden-fbi-location-data-no-warrant

2026-03-18 20:14:47 UTC

Hey, why is everyone talking about Caesar Chavez all of the sudden?
Oh.
Oh no.

2026-03-18 19:46:15 UTC

It sure is a cool and normal time to be working at a civil liberties non-profit in the United States.
https://www.cbsnews.com/news/fbi-irs-investigate-nonprofits-domestic-terrorism-links/

2026-03-18 19:25:37 UTC

If you leave the infrastructure of surveillance in place, people in power will inevitably find an excuse to resume using it. You have to take that shit down.
https://boltsmag.org/verona-wisconsin-ends-contract-flock-ai-surveillance-cameras/

2026-03-10 04:16:55 UTC

Attribution is hard. And there is a difference between getting a contractor on the record attributing the toolkit and a bunch of infosec dudes sitting around pontificating about how "everyone knows."
https://techcrunch.com/2026/03/09/an-iphone-hacking-toolkit-used-by-russian-spies-likely-came-from-u-s-military-contractor/

2026-03-08 17:20:29 UTC

Pakistan's main APT group has switched from off-the-shelf low quality malware tools to vibe-coded custom malware.
I've been expecting to see this shift for a while and it is interesting to see it actually starting to happen.
https://businessinsights.bitdefender.com/apt36-nightmare-vibeware

2026-03-05 03:10:55 UTC

Do you work in fundraising? Do you want a job that isn't evil? Signal is hiring a director of major gifts: https://jobs.lever.co/signal/68f75269-fe43-4d25-8d82-69439351f14d

2026-03-04 22:00:54 UTC

Obviously, age verification laws are bad and this is especially bad and laughable, but most importantly, I need you to know that I owe my career to having been an underage person using Linux. https://www.pcgamer.com/software/operating-systems/a-new-california-law-says-all-operating-systems-including-linux-need-to-have-some-form-of-age-verification-at-account-setup/

2026-03-04 20:00:57 UTC

I aspire to one day have a fraction of the confidence of a mediocre white man sitting down to do an interview with Isaac Chotiner.

2026-03-04 06:47:52 UTC

The data from your Meta Ray Bans is used to train Meta's AI, which most people don't understand means that humans are looking at the most intimate details of their lives. https://www.svd.se/a/K8nrV4/metas-ai-smart-glasses-and-data-privacy-concerns-workers-say-we-see-everything

2026-03-04 05:11:15 UTC

I'm reading a bunch of Coruna reports after dinner because I am a cool person who knows how to party. Of particular interest: not only does Coruna not work against iOS in lockdown mode, but if it even detects lockdown mode running, it bails. This is why I talk about lockdown mode so damn much.

2026-03-03 06:44:45 UTC

What a stupid time to have a degree in International Relations.

2026-03-02 21:29:01 UTC

When we talk about the problems with Bluetooth-enabled physical trackers, we usually talk about AirTags, but let us save some rage for Tile, powered by this paper discussing Tile's privacy, security, and accountability problems: https://arxiv.org/abs/2510.00350v1

2026-03-02 07:03:36 UTC

I have come away from my last conference cautiously optimistic about how useful AI can be in reversing malware and extremely scared about all of the new attack surface being created in the use and deployment of AI tools.

2026-02-28 07:07:51 UTC

The greatest joke that my brain chemistry plays on me is that every few years I get an idea for a novel, which I will outline, write several chapters for, and then never touch again.

2026-02-26 07:44:24 UTC

I'm just a girl, incrementing the counter on the number of times I have been sent a plaintext email from a Protonmail user telling me that the message is encrypted.

2026-02-24 19:39:44 UTC

When I am made God Emperor, the people who design hotel bathrooms so that you cannot see your face up close in a mirror and also have somewhere to put your makeup will be piled up and set ablaze.

2026-02-21 23:40:18 UTC

Hacktivists tried to find a workaround to Discord’s age-verification software, Persona. Instead, they found its frontend exposed to the open internet, and that was just the beginning.
https://www.therage.co/persona-age-verification/

2026-02-19 21:56:59 UTC

Anonymously threatening a security researcher seems like a shooting-yourself-in-the-dick level bad decision. Kudos to Allison Nixon for not taking any shit.
https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

2026-02-19 21:49:55 UTC

How do you organize safely and effectively in the golden age of surveillance? I have some thoughts and Wired does too: https://www.wired.com/story/how-to-organize-safely-in-the-age-of-surveillance/

2026-02-19 19:56:37 UTC

The most monstrous lie that I regularly tell myself is "I'll get that work done while I'm on the plane."

2026-02-06 00:50:16 UTC

Trying to explain compartmentalization to activists, but the biggest stumbling block is that most people become activists by accident, so their activism is deeply enmeshed with all of their existing accounts, platforms, and devices.

2026-02-03 20:26:56 UTC

Every once in a while, someone gets the genius idea of impersonating me online and I spend an afternoon looking for the most chaotic way to make them regret that choice.

2026-02-01 00:45:10 UTC

Planning to film ICE? Wired has a guide for that: https://www.wired.com/story/how-to-film-ice/

2026-01-30 20:29:48 UTC

How many people here would be interested if I did a digital security/privacy advice blog somewhere?

2026-01-29 22:45:16 UTC

This is your regular reminder that I do not owe you an argument defending a position that you have decided that I hold. Indeed, I do not owe you an argument about anything.

2026-01-26 19:47:42 UTC

Hello, it's me. I'm the one training the resistance in the diabolically professional OPSEC of setting disappearing messages in the Signal group chat.

2026-01-25 21:34:51 UTC

You don't need superspy-level OPSEC in order to protest fascism. But protest does involve risk. My goal when I teach people about digital privacy/security is to make sure that people understand what risks they're taking so they can make appropriate mitigations while still accomplishing their goals.

2026-01-24 06:23:10 UTC

It's Friday night and I'm outlining a 12-minute talk about the Opium Wars because, as you are aware, I know how to party.

2026-01-22 03:30:41 UTC

Trying to protect everything from everyone all the time will drive you crazy. Here is what you should do about your digital privacy and security instead. I talked to KQED's Close All Tabs about threat modeling: https://www.kqed.org/news/12070531/your-digital-footprint-reveals-more-than-you-think

2026-01-18 00:33:25 UTC

Every once in a while, the devil shows up and tells me what he thinks my soul is worth. I won't do it, but it's comforting to see the number tick up.

2026-01-14 19:41:31 UTC

The Trump administration takes national security leaks very seriously when it's time to bully and intimidate reporters. Not so much when classified documents are piled up in the Mar-a-Lago bathrooms. https://pressfreedomtracker.us/all-incidents/washington-post-reporters-home-searched-by-fbi-devices-seized/

2026-01-14 00:51:08 UTC

In addition to its internet blackout, the Iranian government is jamming Starlink to prevent news protests and crackdowns from getting out: https://restofworld.org/2026/iran-starlink-internet-shutdown/

2026-01-11 01:55:23 UTC

Sometimes I read the threads that experienced activists write about how to behave at protests because it reminds me that the kinds of replies I get when I give digital privacy/security advice aren't just for me.

2026-01-09 08:16:01 UTC

We are 9 days into 2026 and my New Years' Resolution to just let people be wrong on the internet is already is truly testing the limits of my willpower.

2026-01-09 07:50:00 UTC

- reply

But if it is important to you to maintain your anonymity at a protest, consider leaving your phone at home, or at least turning it on/off only once you are well out of the neighborhood.

2026-01-09 07:47:47 UTC

- reply

There are other reasons you might want to take a cheap/disposable/burner phone to a protest, such as making sure that if you are arrested, the police don't seize/break/confiscate your main phone.

2026-01-09 07:45:32 UTC

If you don't want ICE to know you were at a protest, taking a burner phone is not going to help you stay anonymous if you go home afterwards. https://www.404media.co/inside-ices-tool-to-monitor-phones-in-entire-neighborhoods/

2026-01-06 20:49:41 UTC

All that the Turing Test proves is that human are much, much stupider than Alan Turing ever suspected.

2026-01-06 20:02:55 UTC

Want to know how to track Homeland security spending by looking through government databases? EFF's Dave Maass has put together a handy how-to: https://www.eff.org/deeplinks/2025/12/homeland-security-spending-trail-how-follow-money-through-us-government-databases

2026-01-05 04:26:15 UTC

It is January 4th and my neighbor's 2026 resolution to get up at 5:50 am and spend an hour running on a treadmill while watching videos at full volume directly on the other side of the wall from my headboard is thankfully at an end.

2026-01-04 23:29:20 UTC

This year, for my mental health, I'm going to practice just letting people be wrong on the internet.

2025-12-30 22:36:37 UTC

More evidence that the Trump administration is cozying up to cybermercenaries. The Treasury Dept has removed three people closely affiliated with Intellexa, the company that makes Predator, off a sanctions list: https://therecord.media/treasury-sanctions-intellexa-removed

2025-12-30 22:31:10 UTC

RSF discovers Belarusian surveillance malware targeting Android phones, requiring physical access: https://rsf.org/en/exclusive-rsf-uncovers-new-spyware-belarus

2025-12-30 19:49:50 UTC

I still have a Facebook account because I occasionally need to buy secondhand furniture or see which of the people that I used to know is dead now.

2025-12-18 07:19:59 UTC

- reply

@nprofile…889j You did so much good work this year.

2025-12-16 00:55:01 UTC

I can't believe I have to say this, but please do not take revolutionary OPSEC advice from YA novels Cory Doctorow wrote almost twenty years ago.

2025-12-14 22:56:55 UTC

Now begins the time of year when I argue with my family of strict latke fundamentalists over what qualifies as a latka.

2025-12-14 19:21:38 UTC

Analysis of my 2025 clothing spreadsheet indicates that I have purchased zero gowns this year, which I would normally consider to be a sign of deep distress. However, I did buy an extravagant vintage fox fur stole at a market in Berlin this spring, so I'm probably ok.

2025-12-13 04:31:05 UTC

I'm trying to take a no strings attached attitude towards 2026: if I don't ask anything of it, it can't break my heart. But I have also purchased the bottle of champagne I am going to pop when that one guy dies.

2025-12-11 19:15:56 UTC

Some days, the cat eye sharp enough to kill a man is simply not achievable and I must settle for the messy raccoon eye that can probably hurt your feelings.

2025-12-05 20:17:39 UTC

2025 Year In Review: Not feeling so great about the rule of law. Zero stars.

2025-11-26 00:52:09 UTC

I'm re-reading The Big Con, by David Maurer, because I love the argot of early 20th century confidence men, but also because a book about how grifting works holds great explanatory power generations after it was written.

2025-11-24 04:16:46 UTC

Finally, Elon has made a change to his social media platform that I approve of: https://www.nbcnews.com/news/us-news/x-new-location-transparency-feature-questions-origins-maga-accounts-rcna245487

2025-11-21 18:19:03 UTC

Age verification is not the way to keep kids safe on the internet. CDT has some thoughts about what kind of child safety policies and features might actually be effective: https://cdt.org/insights/what-kids-and-parents-want-policy-insights-for-social-media-safety-features/

2025-11-16 22:00:30 UTC

I gave a talk about fascism at a conference and the first reply to the conference's post on X with a photo of me in front of my slides is a rando word-vomiting about how Hitler was working for the Zionists, in case you're wondering how that place is going.

2025-11-12 02:02:23 UTC

Brennan Lee Mulligan with Josh on Mythical Kitchen, eating his perfect last meal and being interviewed for more than an hour, is so wholesome and life-affirming: https://www.youtube.com/watch?v=CLVdWyNljP8

2025-11-10 00:07:56 UTC

After two trips to the hardware store and approximately $25 in bits and bobs that did not work, I fixed the catch on my antique dresser cabinet with a single screw.

2025-11-05 20:47:31 UTC

Cybersecurity professionals/ransomware negotiators turned out to be running a ransomware gang. https://breached.company/when-the-defenders-become-the-attackers-cybersecurity-experts-indicted-for-blackcat-ransomware-operations/

2025-11-05 02:34:03 UTC

Ice Cube's Good Day was, in fact, about November 4th 2025.

2025-11-04 20:48:57 UTC

If you are shocked that I'm happy that a man responsible for the deaths of hundreds of thousands of people is dead, I have terrible news for you about all of my other opinions.

2025-10-31 04:22:59 UTC

I can now consistently hold a freestanding handstand for 20 seconds. One day I will take up a hobby which does not require months of practice for incremental progress.

2025-10-26 02:36:57 UTC

I regret not buying a My Marxist Feminist Dialectic Brings All the Boys to the Yard poster because I have some free wall space next to my It's a Slow Apocalypse, You'll Work Through It poster.

2025-10-22 16:48:58 UTC

Every quote in this story from the founder of Ring, Jamie Siminoff has been designed in a lab to illustrate the single most wrongheaded approach to technology, surveillance, privacy, and crime: https://www.theverge.com/tech/804052/ring-jamie-siminoff-book-ding-dong-release-date-interview

2025-10-20 17:36:26 UTC

For those of you who are wondering, the most important opsec lesson to take from the First Wap story is that if your threat model includes a government, do not take your cell phone with you to locations or meetings you don't want them to know about.

2025-10-19 21:52:38 UTC

People are very lucky that I do not write the headlines for these stories because there is no way I could write a headline for a story about a surveillance company called First Wap without turning it into a Megan Thee Stallion joke: https://revealnews.org/podcast/cellphone-surveillance-firstwap-lighthouse-reports/

2025-10-18 20:19:28 UTC

Whoever decided that the San Francisco No Kings protest should start at the same location as the bougie weekend farmers market is a political genius.

2025-10-17 18:44:21 UTC

If your protest privacy/security advice does not start with a discussion of threat models, it is probably not good advice.

2025-10-14 18:35:11 UTC

Truly, SS7 is the surveillance gift that keeps on giving: https://www.motherjones.com/politics/2025/10/firstwap-altamides-phone-tracking-surveillance-secrets-assad-erik-prince-jared-leto-anne-wojcicki/

2025-10-06 17:03:11 UTC

As the prophecy foretold, a major platform's third-party age verification system has been hacked and hackers had access to the government ID images of Discord's users.
https://www.tomsguide.com/computing/online-security/discord-users-suffers-the-first-high-profile-age-verification-hack-and-its-unlikely-to-be-the-last

2025-08-20 21:48:22 UTC

I take it all back, there ARE violent criminals on the streets of San Francisco. They're grabbing people off the street and pepper spraying journalists.
https://sf.gazetteer.co/i-reported-from-an-ice-action-on-sansome-and-all-i-got-was-a-face-full-of-pepper-spray

2025-08-12 21:38:22 UTC

It is sometimes necessary, in these difficult times, to spend an hour scrolling through clothing sites, hoping that one of these gowns is going to give you the strength to fight fascism.

2025-08-06 17:15:22 UTC

Ron Deibert is absolutely the voice that the infosec industry needs to be listening right now. We are in a moment where fascism is consolidating power and most of the infosec industry is either playing along or is busy bragging about how much AI they've shoved into their products.
https://techcrunch.com/2025/08/06/citizen-lab-director-warns-cyber-industry-about-us-authoritarian-descent/

2025-07-21 18:27:20 UTC

Writing the first draft of my FTC comments and wondering how many times I am allowed to write "fuck no, you shitweasel." https://www.ftc.gov/news-events/news/press-releases/2025/07/ftc-seeks-comment-petition-vacate-2021-order-related-provider-stalkerware-apps

2025-07-17 23:31:46 UTC

This is just to let
you know
I have taken
the plums
out of the icebox
because fruit is better
at room temperature

2025-07-12 17:20:43 UTC

This is your regular reminder that if you are the smartest person in the room, go find another room. You are not going to run out of people or rooms.

2025-07-10 00:16:22 UTC

I've spent not-insignificant amount of time at protests in the US, looking for signs of IMSI catchers and never found anything, so when I saw this, my ears perked up:
https://san.com/cc/exclusive-evidence-of-cell-phone-surveillance-detected-at-anti-ice-protest/

2025-07-09 01:17:16 UTC

Google continues the industry-wide trend of jamming AI down users' throats, making it difficult or impossible to opt out, and potentially endangering the privacy of communications: https://www.neowin.net/guides/google-can-now-read-your-whatsapp-messages-heres-how-to-stop-it/

2025-07-05 21:30:40 UTC

I was feeling entirely too confident and capable, so I decided to train press-up to handstand and now I am going to be suffering through these drills and progressions for a good long time.

2025-07-02 19:51:35 UTC

Every once in a while, someone tells me that an abusive partner left them alone because they were afraid of what I would do if they didn't, and I feel like I have done something right.

2025-06-27 18:52:13 UTC

Website/device age verification is a privacy and security nightmare and everyone who tells you that this is a solved problem is lying to you.
https://gizmodo.com/supreme-court-says-age-verification-laws-for-porn-sites-are-constitutional-2000621265

2025-06-25 03:28:23 UTC

Do I think that the national Democratic Party will learn anything from Mamdani's win? No. Do I think it is important to enjoy a goddamn victory once in a while? Yes.

2025-06-15 18:43:41 UTC

I would like to be Chrisjen Avasarala: impeccably-dressed, running things, swearing like a sailor.
But I am Camina Drummer: barely keeping it together, sort of in charge, with a lot of complicated relationships and a strong eyeliner game.

2025-05-22 19:31:43 UTC

Did I mention that the data broker industry must be destroyed?
https://theintercept.com/2025/05/22/intel-agencies-buying-data-portal-privacy/

2025-05-14 04:07:50 UTC

Q&A from a talk I gave last week.
Q: "What do you think is the biggest threat in cybersecurity right now? Is it post-quantum computing? Is it AI?"
A: Fascism. It's fascism.