Andrew Whalley
@arw.me
An Englishman in San Francisco. Director of Security for Google Chrome.
Reposted by Andrew Whalley
So basically when you compare US and UK knife crime statistics, you're essentially comparing the number of assaults/robberies/stabbing in the US to how many people the UK police caught carrying unlicensed box cutters, or giving sharp looks. The laws are a bit dumb, but the country is very safe. 5/5
December 2, 2025 at 5:33 AM
So basically when you compare US and UK knife crime statistics, you're essentially comparing the number of assaults/robberies/stabbing in the US to how many people the UK police caught carrying unlicensed box cutters, or giving sharp looks. The laws are a bit dumb, but the country is very safe. 5/5
In an ideal world, normal people shouldn't worry about computer security. But for now, people should focus on things that matter — like using MFA and keeping software up to date — not worrying about things like public wifi.
Proud to be a signatory of this great initiative by @boblord.bsky.social
Proud to be a signatory of this great initiative by @boblord.bsky.social
📢 Announcing hacklore.org 📢
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
It’s time to retire outdated cyber advice! More than 80 cybersecurity veterans have signed an open letter urging a shift from folklore to guidance that actually helps people avoid the most common attacks. 🔐
Blog: medium.com/@boblord/let...
Site: www.hacklore.org
Stop Hacklore!
hacklore.org
November 25, 2025 at 1:43 AM
In an ideal world, normal people shouldn't worry about computer security. But for now, people should focus on things that matter — like using MFA and keeping software up to date — not worrying about things like public wifi.
Proud to be a signatory of this great initiative by @boblord.bsky.social
Proud to be a signatory of this great initiative by @boblord.bsky.social
Reposted by Andrew Whalley
Chuck Schumer Helps Pull Democrats Back From Brink Of Courage
November 10, 2025 at 5:02 AM
Chuck Schumer Helps Pull Democrats Back From Brink Of Courage
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secu...
security.googleblog.com
October 28, 2025 at 5:17 PM
It's time to make HTTPS the web's default, and reap the full security benefit from years worth of HTTPS adoption!
security.googleblog.com/2025/10/http...
security.googleblog.com/2025/10/http...
BECOME UNOVENABLE 🪿
July 31, 2025 at 3:27 AM
BECOME UNOVENABLE 🪿
Somewhat ironic that this is the week I start VPNing /in/ to the UK so I can listen to BBC Sounds again.
July 29, 2025 at 12:09 AM
Somewhat ironic that this is the week I start VPNing /in/ to the UK so I can listen to BBC Sounds again.
Reposted by Andrew Whalley
Just posted a deep dive on how Chrome integrates with Advanced Protection Mode on Android. security.googleblog.com/2025/07/adva...
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team Android recently announced Advanced Protection , which extend...
security.googleblog.com
July 8, 2025 at 6:57 PM
Just posted a deep dive on how Chrome integrates with Advanced Protection Mode on Android. security.googleblog.com/2025/07/adva...
Another great ancillary benefit of memory safe languages: Cool infrastructure projects remain cooler for longer 😎
Library authors can provide great functionality without implicitly signing up for the slew of security bugs that are sadly the consequence of a large c/c++ project.
Library authors can provide great functionality without implicitly signing up for the slew of security bugs that are sadly the consequence of a large c/c++ project.
Everyone wants to maintain a cool infrastructure library until maintaining a cool infrastructure library is no longer convenient.
June 21, 2025 at 11:50 PM
Another great ancillary benefit of memory safe languages: Cool infrastructure projects remain cooler for longer 😎
Library authors can provide great functionality without implicitly signing up for the slew of security bugs that are sadly the consequence of a large c/c++ project.
Library authors can provide great functionality without implicitly signing up for the slew of security bugs that are sadly the consequence of a large c/c++ project.
Reposted by Andrew Whalley
Here's something I am very excited about: Photosynthesis! 🌱☀️
A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.
This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.
This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
[TLS] Photosynthesis, an update to Merkle Tree Certificates
Photosynthesis combines the Static CT API with the ideas in Merkle Tree Certificates.
mailarchive.ietf.org
June 20, 2025 at 7:11 PM
Here's something I am very excited about: Photosynthesis! 🌱☀️
A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.
This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
A proposal to have CAs run transparency logs and make X.509 certificates out of Merkle Tree inclusion proofs.
This is similar to how CT would have worked in an ideal world, and it solves the problem of PQC sizes in logs and handshakes.
Reposted by Andrew Whalley
Reposted by Andrew Whalley
Behold my favorite weird Chrome security bug of 2025 so far!
A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.
issues.chromium.org/issues/39178...
A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.
issues.chromium.org/issues/39178...
Chromium
issues.chromium.org
May 16, 2025 at 3:16 PM
Behold my favorite weird Chrome security bug of 2025 so far!
A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.
issues.chromium.org/issues/39178...
A jaw-dropping URL / omnibox spoof via ligatures, specifically the googlelogo ligature.
issues.chromium.org/issues/39178...
Reposted by Andrew Whalley
Note that you can get a new social security card without that wording when you get a green card.
I did so will double check I told them when I became a citizen!
I did so will double check I told them when I became a citizen!
April 20, 2025 at 4:10 AM
Note that you can get a new social security card without that wording when you get a green card.
I did so will double check I told them when I became a citizen!
I did so will double check I told them when I became a citizen!
🗽 PSA for naturalised citizens: If you never got a new social security card when you became a citizen, and your existing card has "valid for work only with ins/dns authorization" you are likely still in the Social Security database as a non-citizen.
April 20, 2025 at 2:07 AM
🗽 PSA for naturalised citizens: If you never got a new social security card when you became a citizen, and your existing card has "valid for work only with ins/dns authorization" you are likely still in the Social Security database as a non-citizen.
Just purchased a sledge hammer, and now have Peter Gabriel stuck in my head.
April 13, 2025 at 8:19 PM
Just purchased a sledge hammer, and now have Peter Gabriel stuck in my head.
Reposted by Andrew Whalley
I'm excited about this program! Chromium isn't necessarily easy, but I know there are great engineers out there who would love to get paid for improving it!
🚨 Attention Chromium developers! 🚨
The SOCBB Bug Bounty Program is offering up to $10,000 for fixing bugs in Chromium-based browsers like Chrome & Edge! Contribute to repos like chromium, v8, and more.
Get paid via GitHub Sponsors! Start fixing: github.com/Supporters-O...
#Chromium #OpenSource
The SOCBB Bug Bounty Program is offering up to $10,000 for fixing bugs in Chromium-based browsers like Chrome & Edge! Contribute to repos like chromium, v8, and more.
Get paid via GitHub Sponsors! Start fixing: github.com/Supporters-O...
#Chromium #OpenSource
April 4, 2025 at 2:52 AM
I'm excited about this program! Chromium isn't necessarily easy, but I know there are great engineers out there who would love to get paid for improving it!
Postcard from San Francisco
March 30, 2025 at 12:44 AM
Postcard from San Francisco
Reposted by Andrew Whalley
Here are the project ideas and info for Chromium:
Chromium GSoC 2025 Project Ideas and Info
Chromium GSoC 2025 Project Ideas and Info
docs.google.com
March 6, 2025 at 5:33 PM
Here are the project ideas and info for Chromium:
Reposted by Andrew Whalley
We are, unequivocally, the Bad Guys.
We have been before, and we will be again, no doubt, but this one is particularly repellent.
We have been before, and we will be again, no doubt, but this one is particularly repellent.
February 24, 2025 at 7:48 PM
We are, unequivocally, the Bad Guys.
We have been before, and we will be again, no doubt, but this one is particularly repellent.
We have been before, and we will be again, no doubt, but this one is particularly repellent.
I think Swiss Air is saying you can smoke in the toilets, but only if you don’t get caught?
February 17, 2025 at 12:36 PM
I think Swiss Air is saying you can smoke in the toilets, but only if you don’t get caught?