Security

Is a Kessler Syndrome for open source software a risk worth acknowledging?

June 10, 2026June 10, 2026 Spencer Dailey

The Kessler Syndrome is a scenario where the density of objects and space debris in low Earth orbit becomes so high that collisions between them trigger a runaway chain reaction. Each crash generates thousands of new fragments, exponentially increasing the risk of further impacts and potentially rendering Earth’s orbit unusable. Because of the rise in… Continue reading Is a Kessler Syndrome for open source software a risk worth acknowledging?

Napkin math suggests Bitcoin will perish unless its mining incentives change

August 13, 2024August 15, 2024 Spencer Dailey

For years, analysts have gone on channels like CNBC calling Bitcoin “digital gold”, and many everyday crypto investors truly believe that. But gold has been a “store of value” for millennia. Could Bitcoin, as we know it today, retain its value long term, say even just fifty years? The simple math tells us it likely… Continue reading Napkin math suggests Bitcoin will perish unless its mining incentives change

Security

Companies embracing SMS for account logins should be blamed for SIM-swap attacks

February 5, 2024March 24, 2025 Spencer Dailey

[UPDATE Since this was posted in 2024: Major US telcos like AT&T, T-Mobile, and Verizon have suffered a months-long breach (the ongoing Salt Typhoon attack). These companies, of course, pass along the unencrypted SMSes vital to countless log in flows, account re-activations, and password resets. They are now known to themselves be compromised. With all… Continue reading Companies embracing SMS for account logins should be blamed for SIM-swap attacks

Apple · Full Dark, Max Bleak · Security

Political spam texts are out of control, and customers have no effective recourse.

April 6, 2022November 16, 2024 Spencer Dailey

Late last year, in a span of under two weeks, I received dozens of political spam texts around Austin’s Prop A ballot measure. I’m sure countless people around the world also get unsolicited garbage texts. Such text campaigns threaten to alter voter turnout and turn people against each other. Because SMS texts lack authentication, users… Continue reading Political spam texts are out of control, and customers have no effective recourse.

Full Dark, Max Bleak · Security

Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

December 7, 2021February 2, 2022 Spencer Dailey

Bad news folks. Corporate America is rushing ahead with voice-based authentication. I know because I recently called my ISP, Spectrum, which tried to enroll me in Voice ID. I declined. (“With Voice ID, you don’t have to worry about remembering security codes or passwords.” Ok, sure 🤪) And I also called my bank, Chase, which… Continue reading Despite the prevalence of deepfake audio tech, banks and ISPs rush ahead with “voice print” authentication

Apple · Privacy · Security

Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

August 11, 2021August 11, 2021 Spencer Dailey

With its CSAM scanning tool (soon to be pushed to iPhones with iOS 15 and maybe Macs with Monterey), Apple has created what it promises is a “safe” surveillance experience. It will catch the absolute worst scumbags on the planet. It is launching in just the US. Turn it off by simply discontinuing your usage… Continue reading Apple’s plan for iOS 15 CSAM scanning to somehow constitute “safe” surveillance is impossible without bulletproof security and an explicit moral framework to guide policy decisions. It has neither.

Browsers · Security

When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

June 25, 2021March 15, 2023 Spencer Dailey

From a Stack Overflow question: “a hacked version of a Google Chrome extension I use was distributed via Chrome’s automatic extension updates. Is it possible to stop Google Chrome from automatically updating extensions?” The answer is there’s not an easy way to disable them in Chrome. But there should be, and this post explains why.… Continue reading When Chrome extension developers sell out, users get pwned. Why is there not the option to disable automatic updates for specific extensions, as with Firefox? (Plus, a DIY workaround)

Key Discussions

are tech companies delivering on basic promises?

Category: Security