Micah Lee 🔑 @micahflee@mastodon.social

I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.

It's not quite stable yet, but here's the work-in-progress pull request: https://github.com/micahflee/onionshare/pull/695

Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: http://uxhsndx5d3ufxqoj.onion/

For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.

I wrote about my experience and methodology here: https://theintercept.com/2018/04/28/computer-malware-tampering/

"Deep in your innermost being, you’ve always known you were destined to learn Clojure. Every time you held your keyboard aloft, crying out in anguish over an incomprehensible class hierarchy; every time you lay awake at night, disturbing your loved ones with sobs over a mutation-induced heisenbug; every time a race condition caused you to pull out more of your ever-dwindling hair, some secret part of you has known that there has to be a better way."

Should I take the first step?

Just opened a pull request for SKS Keyserver that fixes a "wontfix" bug. Let's hope they merge it!

https://bitbucket.org/skskeyserver/sks-keyserver/pull-requests/59/add-disclaimer-to-html-template-educating/diff

cc @yegortimoshenko

I recently had someone contact me asking if my PGP key was safe to use because there appears to be a user id called "Dontuseee" on it -- it's actually a malicious user id that someone else added, not signed by key.

It prompted me to re-read this bug report that would be trivial to fix, but the sks keyserver devs *refuse* to make PGP simpler to to use at all, so instead they marked it wontfix.

https://bitbucket.org/skskeyserver/sks-keyserver/issues/41/web-app-displays-uids-on-keys-that-have

Police broke into Chelsea Manning's home with guns drawn last week during a 'wellness check' after she posted, then quickly deleted, seemingly suicidal tweets. She provided us with security footage of the armed raid.

Luckily she wasn't home at the time and she's safe. Here is the video and more info: https://theintercept.com/2018/06/05/chelsea-manning-video-twitter-police-mental-health/

Whatever you think of the Trump-Russia investigation, whistleblower Reality Winner deserves your support

https://theintercept.com/2018/06/02/reality-winner-whistleblower-without-constituency/

Reality Winner has been in jail for a year. Her prosecution is unfair and unprecedented.

https://theintercept.com/2018/06/03/reality-winner-nsa-paul-manafort/

5 years on, US government still counting Snowden leak costs

https://www.nhregister.com/news/politics/article/5-years-on-US-government-still-counting-Snowden-12963709.php

After giving the PGP ecosystem time to fix the EFAIL vulnerabilities, EFF believes it's safe to use PGP in the latest Thunderbird and Enigmail, with HTML email disabled https://www.eff.org/deeplinks/2018/05/how-turn-pgp-back-safely-possible

Why the Alt-Right Thinks Porn is a Jewish Conspiracy
https://melmagazine.com/why-the-alt-right-thinks-porn-is-a-jewish-conspiracy-2f9d05530604

What It’s Like When Elon Musk’s Twitter Mob Comes After You https://www.thedailybeast.com/what-its-like-when-elon-musks-twitter-mob-comes-after-you

Yesterday I got block by WikiLeaks on Twitter, lol

Former KKK grand wizard David Duke says he’ll sue Donald Trump for stealing his ‘build the wall’ chant unless Trump delivers and builds the racist border wall

https://www.rawstory.com/2018/05/white-nationalist-david-duke-says-hell-sue-donald-trump-stealing-build-wall-chant-unless-trump-delivers/

Here's a proof-of-concept exploit that I developed (Hanno Böck deserves much of the credit too) that demonstrates the attack:

https://www.youtube.com/watch?v=IMPKe-GJSh0

In Apple Mail, there is no protecting PGP-encrypted messages. Even with disabling remote content, GPGTools is vulnerable to EFAIL, and the only mitigation for now is to switch to Thunderbird/Enigmail, and disable viewing HTML emails

https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/

The road towards an integrated SecureDrop Workstation based on Qubes OS https://securedrop.org/news/road-towards-integrated-securedrop-workstation/