Share this page!

Thomas H. Ptacek Profile picture
Twitter logo
16 Nov, 6 tweets, 2 min read
Kind of crazy watching the orange site, which believes I’m an NSA stooge, fall over itself arguing that publishing DKIM keys to provide deniable email would be a grave injustice, depriving “activists and historians”.
This is what happens when you have a culture that attempts to derive everything axiomatically, just moments after reading something. They forget that deniable messages are literally part of the premise of messaging cryptography. otr.cypherpunks.ca/otr-wpes.pdf
This is currently the top comment on the thread. Again: these people think I’m a shill for NSA.
The fuck? They found a way to put PGP on the other side of this argument. Non-deniable messaging is one of the reasons cryptographers hate PGP! It’s part of the motivation for OTR and Signal!
New top comment on thread opens: “Wow. This blog post [Green’s post advocating deniable GMail] is appalling. I completely disagree with it.”. APPALLING.
Of course, if you think the orange site is bad, you should check out the IETF. Gun to my head, I think I’d rather collaborate on HN. (h/t to Saurik for this example)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Thomas H. Ptacek

Thomas H. Ptacek Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tqbf

Thomas H. Ptacek Profile picture
16 Nov
Mudge is the new head of security at Twitter, which got me talking about cDc, hacking groups, cliques, and the distinctions between them. I mentioned 8lgm and TESO as examples of hacking groups best understood as hacking groups, unlike cDc.

Someone said: “never heard of them”.
This creates an opportunity for me to talk again about my favorite exploit of all time, unquestionably a part of the canon of our field.
The year is 1995 and BSD Unix runs the Internet. The most important hacking target is SunOS 4.1.3; every network you want to get on is running it somewhere, and often everywhere.

The most important SunOS security research group: 8lgm.
Read 19 tweets
Thomas H. Ptacek Profile picture
19 Oct
So here is a paragraph.
We live in… times.
I love this article so much.
Read 8 tweets
Thomas H. Ptacek Profile picture
16 Mar
Welp it’s 6PM and the one judge with the key to our equipment is nowhere to be found so this is all going great.
Also according to the signal strength indicator it’s possible I moved our precinct into a faraday cage so go me!
Flash update: we have established contact with the poll tech. Her first question: “do you have the key to the equipment?”
Read 30 tweets
Thomas H. Ptacek Profile picture
24 Jan
Here is an argument against donating to presidential candidates, stated less glibly than I did last night.

First premise: downballot races need the money. Even small donations to House and state candidates make a difference.
Second premise: presidential candidates don’t really need your money. They won’t notice it. They’re swimming in it.

Third, and most important premise: a downballot donation helps the top of the ticket.
That is to say: every dollar you donate to JD Scholten in IA-4 is going to help Sanders, Warren, Klobes, whoever. The voters JD Scholten turns out aren’t going to vote for Trump.

(Is that 100% true? No, but, close.)
Read 6 tweets
Thomas H. Ptacek Profile picture
11 Oct 19
While I’m babbling about hiring: one thing we do for our startup clients is help with recruiting. We do that in a bunch of different ways (everyone recruits a little differently).
BY WAY OF EXAMPLE let me tell you about Hudl, who we’ve been working with for awhile and are just awesome people. Hudl does sports analytics.
I am (s h o c k e r) not a sports person, but I’m not a day trader either and found pentesting FIX endpoints and order routers totally fascinating.
Read 6 tweets
Thomas H. Ptacek Profile picture
11 Oct 19
Let me see if I can explain the logic to you: security is about competing costs between attackers and defenders. DoH is cost-effective --- free, in fact, for the huge number of home/private users who benefit from it, and directly addresses a real threat they face.
Passive DNS security monitoring, on the other hand, is just another metaphorical box enterprise people stack on the giant shambolic stack of boxes they’ve been sticking on their networks for 20 years in the hopes of protecting endpoints without protecting endpoints.
I am fine, really, truly, just fine if Allstate or Schwab wants to monitor DNS on their networks. They can use DoT.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @tqbf