Posts

Political ADINT

Nov 05, 2017

A Washington Post opinion piece about the Russian political ads made me think about how false-flag social media advertising can complement politically-motivated ADINT operations to provide an easy path to surveillance. Read more

Domain-Censor Collusion in Decoy Routing

Feb 10, 2017

I was just catching up on some academic reading by looking over CCS 2016 and found this paper, Game of Decoys: Optimal Decoy Routing Through Game Theory. It sparked an idea, that others have probably had, about what seems like an unaddressed possibility in the hypothetical world where Decoy Routing systems actually get implemented: does the censor have leverage to get domains to move to non-decoy routing Autonomous Systems (ASs)? Read more

Casablanca: The Web of Trusted Updates

Mar 01, 2016

My encrypted messaging app, Signal, has made an update to its Android app and pushed it out. How do I know my phone is receiving the same update as everyone else, or that everyone else is even receiving an update? I could be getting a targeted malicious update that compromises my secure messaging, with Signal having been hacked or forced to sign the update by a governing authority! But it'll be okay, because I have Casablanca. Read more