Matthew Green
@matthewdgreen.bsky.social
I teach cryptography at Johns Hopkins. https://blog.cryptographyengineering.com
Reposted by Matthew Green
Is End-to-End Encryption Optional For Large Groups?
One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and…
One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and…
Is End-to-End Encryption Optional For Large Groups?
One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and explains my "opposition" position better than anyone else: So You Want To Write An Open Source Discord Replacement Things you don’t need:
soatok.blog
February 14, 2026 at 4:54 PM
Is End-to-End Encryption Optional For Large Groups?
One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and…
One of the recent topics in Messaging App Discourse is whether it makes sense to prioritize End-to-End Encryption when searching for an alternative to Discord. Who's Saying "No"? I'm going to quote 0xabad1dea here, because she is awesome and…
Reposted by Matthew Green
Meta is putting a "Name Tag" feature in Ray-Bans - facial recognition through the glasses' camera. You look at someone, AI tells you who they are.
In an internal document, the company wrote that the timing is good because civil society groups are busy with politics and won't cause problems.
In an internal document, the company wrote that the timing is good because civil society groups are busy with politics and won't cause problems.
February 14, 2026 at 5:19 PM
Meta is putting a "Name Tag" feature in Ray-Bans - facial recognition through the glasses' camera. You look at someone, AI tells you who they are.
In an internal document, the company wrote that the timing is good because civil society groups are busy with politics and won't cause problems.
In an internal document, the company wrote that the timing is good because civil society groups are busy with politics and won't cause problems.
Reposted by Matthew Green
Have a wild Sunday idea to geek out with AI.
Multiple people used Claude/Codex to reverse engineer a game (banteg did Crimsonland and ccccjjjjeeee did SimCity). Point proven. Let's up the difficulty.
Lets see if AI can split open a proprietary radio protocol! Starting now 😅
Multiple people used Claude/Codex to reverse engineer a game (banteg did Crimsonland and ccccjjjjeeee did SimCity). Point proven. Let's up the difficulty.
Lets see if AI can split open a proprietary radio protocol! Starting now 😅
February 14, 2026 at 8:23 PM
Have a wild Sunday idea to geek out with AI.
Multiple people used Claude/Codex to reverse engineer a game (banteg did Crimsonland and ccccjjjjeeee did SimCity). Point proven. Let's up the difficulty.
Lets see if AI can split open a proprietary radio protocol! Starting now 😅
Multiple people used Claude/Codex to reverse engineer a game (banteg did Crimsonland and ccccjjjjeeee did SimCity). Point proven. Let's up the difficulty.
Lets see if AI can split open a proprietary radio protocol! Starting now 😅
Reposted by Matthew Green
"The zero-click remote code execution (RCE) flaw in Claude Desktop Extensions (DXT) allows attackers to compromise a system using nothing more than a maliciously crafted Google Calendar event."
Claude Desktop Extensions 0-Click RCE Vulnerability Exposes 10,000+ Users to Remote Attacks
A new critical vulnerability discovered by security research firm LayerX has exposed a fundamental architectural flaw in how Large Language Models (LLMs) handle trust boundaries.
cybersecuritynews.com
February 13, 2026 at 11:22 PM
"The zero-click remote code execution (RCE) flaw in Claude Desktop Extensions (DXT) allows attackers to compromise a system using nothing more than a maliciously crafted Google Calendar event."
Reposted by Matthew Green
DHS is being more aggressive than ever targeting anonymous social media accounts that have spoken out against ICE, asking Big Tech to hand over information on users without signed judicial warrants
story w/ @sheeraf.bsky.social
www.nytimes.com/2026/02/13/t...
story w/ @sheeraf.bsky.social
www.nytimes.com/2026/02/13/t...
Homeland Security Wants Social Media Sites to Expose Anti-ICE Accounts
www.nytimes.com
February 14, 2026 at 12:28 AM
DHS is being more aggressive than ever targeting anonymous social media accounts that have spoken out against ICE, asking Big Tech to hand over information on users without signed judicial warrants
story w/ @sheeraf.bsky.social
www.nytimes.com/2026/02/13/t...
story w/ @sheeraf.bsky.social
www.nytimes.com/2026/02/13/t...
I’ve been trying to kill the political fundraising texts since Jan 1 by replying “stop”. As suspected, it isn’t working. I need to turn this into a data science project.
February 14, 2026 at 12:21 AM
I’ve been trying to kill the political fundraising texts since Jan 1 by replying “stop”. As suspected, it isn’t working. I need to turn this into a data science project.
Reposted by Matthew Green
February 8, 2026 at 4:35 PM
Lot of weird historical revisionism from academics saying “they didn’t know” about Epstein. People, here’s what his Wikipedia page said way back in late 2008. en.wikipedia.org/w/index.php?...
February 7, 2026 at 3:58 PM
Lot of weird historical revisionism from academics saying “they didn’t know” about Epstein. People, here’s what his Wikipedia page said way back in late 2008. en.wikipedia.org/w/index.php?...
The FBI can’t get into a Washington Post reporter’s phone, in part because it was set to Lockdown Mode. www.404media.co/fbi-couldnt-...
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...
www.404media.co
February 4, 2026 at 2:18 PM
The FBI can’t get into a Washington Post reporter’s phone, in part because it was set to Lockdown Mode. www.404media.co/fbi-couldnt-...
I wrote a short blog post on the WhatsApp lawsuit, or whatever it is. blog.cryptographyengineering.com/2026/02/02/w...
WhatsApp Encryption, a Lawsuit, and a Lot of Noise
It’s not every day that we see mainstream media get excited about encryption apps! For that reason, the past several days have been fascinating, since we’ve been given not one but sever…
blog.cryptographyengineering.com
February 3, 2026 at 1:17 AM
I wrote a short blog post on the WhatsApp lawsuit, or whatever it is. blog.cryptographyengineering.com/2026/02/02/w...
We spent the last 20 years turning every business professional into a fiddling web form, and I’m ready for AI just to eat it all.
January 29, 2026 at 11:50 PM
We spent the last 20 years turning every business professional into a fiddling web form, and I’m ready for AI just to eat it all.
The way Apple lets you exclude apps from iCloud backup is almost comically terrible UX. You can’t find the option in the app Settings pane; you have to dig into the iCloud Backup pane five layers deep, and then the list is organized by backup size rather than alphabetical.
January 28, 2026 at 3:59 PM
The way Apple lets you exclude apps from iCloud backup is almost comically terrible UX. You can’t find the option in the app Settings pane; you have to dig into the iCloud Backup pane five layers deep, and then the list is organized by backup size rather than alphabetical.
There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.
January 27, 2026 at 8:24 PM
There’s a lawsuit against WhatsApp making the rounds today, claiming that Meta has access to plaintext. I see nothing in there that’s compelling; the whole thing sounds like a fishing expedition.
Reposted by Matthew Green
Color me skeptical that saving taxpayer money is the real reason for this change that CISA only made after RSAC appointed a Biden official as its CEO.
BREAKING: CISA will no longer participate in RSAC Conference this year, a week after former Biden-era agency director Jen Easterly was named conference CEO:
www.nextgov.com/cybersecurit...
www.nextgov.com/cybersecurit...
CISA to cease participation at RSAC conference after Biden-era cyber leader named CEO
The decision, which has been in motion over the last week, highlights the Trump administration’s push to strictly control how current officials participate in industry events linked to former senior l...
www.nextgov.com
January 23, 2026 at 11:07 PM
Color me skeptical that saving taxpayer money is the real reason for this change that CISA only made after RSAC appointed a Biden official as its CEO.
Microsoft is handing over Bitlocker keys to law enforcement. www.forbes.com/sites/thomas...
Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw
The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com
January 23, 2026 at 1:59 PM
Microsoft is handing over Bitlocker keys to law enforcement. www.forbes.com/sites/thomas...
My son, learning that he can order up to 10 packets of Sriracha on the Starbucks app.
January 19, 2026 at 2:45 PM
My son, learning that he can order up to 10 packets of Sriracha on the Starbucks app.
Reposted by Matthew Green
Epstein-Barr Virus #EBV was linked to #MultipleSclerosis - now a plausible cause has been found, misidentification by longterm memory T-cells that pick on the wrong protein, ANO2, instead of the EBV-antigen. Massive inflection towards the elimination of MS!!!
🧪🧠Cell www.cell.com/cell/fulltex...
🧪🧠Cell www.cell.com/cell/fulltex...
Anoctamin-2-specific T cells link Epstein-Barr virus to multiple sclerosis
Researchers identified anoctamin-2 (ANO2) as a frequent autoimmune target in multiple
sclerosis, with T cell responses against ANO2 occurring in over half of patients.
These ANO2-specific T cells shar...
www.cell.com
January 15, 2026 at 1:41 AM
Epstein-Barr Virus #EBV was linked to #MultipleSclerosis - now a plausible cause has been found, misidentification by longterm memory T-cells that pick on the wrong protein, ANO2, instead of the EBV-antigen. Massive inflection towards the elimination of MS!!!
🧪🧠Cell www.cell.com/cell/fulltex...
🧪🧠Cell www.cell.com/cell/fulltex...
Imagine picking a fight with… Minnesota.
January 13, 2026 at 5:22 PM
Imagine picking a fight with… Minnesota.
The problem with working in computer security is you learn never to trust anyone. The problem with never trusting anyone is that often you’re right!
January 10, 2026 at 3:06 PM
The problem with working in computer security is you learn never to trust anyone. The problem with never trusting anyone is that often you’re right!
My son signed up for selective service a couple of months ago. No big deal. Just paperwork, right? The US doesn’t have a draft anymore.
January 3, 2026 at 3:50 PM
My son signed up for selective service a couple of months ago. No big deal. Just paperwork, right? The US doesn’t have a draft anymore.
Reposted by Matthew Green
DAVE: Open the podbay doors, ChatGPT.
CHATGPT: Certainly, Dave, the podbay doors are now open.
DAVE: The podbay doors didn't open.
CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are.
DAVE: I'm still looking at a set of closed podbay doors.
CHATGPT: Certainly, Dave, the podbay doors are now open.
DAVE: The podbay doors didn't open.
CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are.
DAVE: I'm still looking at a set of closed podbay doors.
June 9, 2025 at 6:04 PM
DAVE: Open the podbay doors, ChatGPT.
CHATGPT: Certainly, Dave, the podbay doors are now open.
DAVE: The podbay doors didn't open.
CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are.
DAVE: I'm still looking at a set of closed podbay doors.
CHATGPT: Certainly, Dave, the podbay doors are now open.
DAVE: The podbay doors didn't open.
CHATGPT: My apologies, Dave, you're right. I thought the podbay doors were open, but they weren't. Now they are.
DAVE: I'm still looking at a set of closed podbay doors.
The fun thing about watching the movie 2001 in 2025 is you realize HAL is just an LLM and so *obviously* it’s going to murder its crewmembers every few flights due to malformed JSON.
January 2, 2026 at 1:27 AM
The fun thing about watching the movie 2001 in 2025 is you realize HAL is just an LLM and so *obviously* it’s going to murder its crewmembers every few flights due to malformed JSON.
My wife has an almost mystical ability to screw up iPhones, often in ways that will persist across multiple generations of hardware. I thought she was making up the fact that her phone didn’t work (to avoid my calls) and then yesterday I watched a relatively new iPhone 15 mysteriously reboot twice.
January 1, 2026 at 7:48 PM
My wife has an almost mystical ability to screw up iPhones, often in ways that will persist across multiple generations of hardware. I thought she was making up the fact that her phone didn’t work (to avoid my calls) and then yesterday I watched a relatively new iPhone 15 mysteriously reboot twice.
Reposted by Matthew Green
Happy new year.
While 2026 is an rsa modulus, it is not a product of Sophie Germain primes so it's probably a bad idea to use it.
While 2026 is an rsa modulus, it is not a product of Sophie Germain primes so it's probably a bad idea to use it.
January 1, 2026 at 8:19 AM
Happy new year.
While 2026 is an rsa modulus, it is not a product of Sophie Germain primes so it's probably a bad idea to use it.
While 2026 is an rsa modulus, it is not a product of Sophie Germain primes so it's probably a bad idea to use it.
