Bitcoin · Security

Napkin math suggests Bitcoin will perish unless its mining incentives change

For years, analysts have gone on channels like CNBC calling Bitcoin “digital gold”, and many everyday crypto investors truly believe that. But gold has been a “store of value” for millennia. Could Bitcoin, as we know it today, retain its value long term, say even just fifty years? The simple math tells us it likely… Continue reading Napkin math suggests Bitcoin will perish unless its mining incentives change

Security

Companies embracing SMS for account logins should be blamed for SIM-swap attacks

SIM-swap attacks continue year after year because companies (that know better) leaned into the awful idea of using SMS for password resets and account logins. These companies include Apple, Dropbox, PayPal, Block, Google, and many others. What is a SIM-swap attack? It’s where a bad guy asks a carrier to port your cell-phone number to… Continue reading Companies embracing SMS for account logins should be blamed for SIM-swap attacks

Apple · Full Dark, Max Bleak · Security

Political spam texts are out of control, and customers have no effective recourse.

Late last year, in a span of under two weeks, I received dozens of political spam texts around Austin’s Prop A ballot measure. I’m sure countless people around the world also get unsolicited garbage texts. Such text campaigns threaten to discourage voter turnout and turn people against each other. Because SMS texts lack authentication, users… Continue reading Political spam texts are out of control, and customers have no effective recourse.

Full Dark, Max Bleak · Security

Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Bad news folks. Corporate America is rushing ahead with voice-based authentication. I know because I recently called my ISP, Spectrum, which tried to enroll me in Voice ID. I declined. (“With Voice ID, you don’t have to worry about remembering security codes or passwords.” Ok, sure 🤪) And I also called my bank, Chase, which… Continue reading Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Apple · Privacy · Security

Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

With its CSAM scanning tool (soon to be pushed to iPhones with iOS 15 and maybe Macs with Monterey), Apple has created what it promises is a “safe” surveillance experience. It will catch the absolute worst scumbags on the planet. It is launching in just the US. Turn it off by simply discontinuing your usage… Continue reading Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Browsers · Security

When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

From a Stack Overflow question: “a hacked version of a Google Chrome extension I use was distributed via Chrome’s automatic extension updates. Is it possible to stop Google Chrome from automatically updating extensions?” The answer is there’s not an easy way to disable them in Chrome. But there should be, and this post explains why.… Continue reading When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)