Micah Lee πŸ”‘ is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Micah Lee πŸ”‘ @micahflee@mastodon.social

Pinned toot

I'm running an OnionShare receive mode server in a Qubes AppVM on a desktop computer that I'll just leave online for a long time.

It's not quite stable yet, but here's the work-in-progress pull request: github.com/micahflee/onionshar

Anyway want to try sending me some files, anonymously and securely? Load this address in Tor Browser: uxhsndx5d3ufxqoj.onion/

Pinned toot

For the last two years I've carried a honeypot laptop with me every time I traveled. I checked it in my luggage, left it unattended in my hotel rooms. After each trip, I did forensic analysis on the laptop to detect if it had been tampered with.

I wrote about my experience and methodology here: theintercept.com/2018/04/28/co

If you're going to Hackers on Planet Earth in NYC next weekend, check out my talk! It's Friday at 3pm.

Qubes OS: The Operating System That Can Protect You Even If You Get Hacked


Police raids Show more

Super interesting paper and presentation on recent mix-net research. They propose a new anonymous communication system called Loopix which is secure against global passive adversaries (which Tor isn't secure against) usenix.org/conference/usenixse

Meet the open-source Twitter bot to help you surface stories on anything, developed by @xor freedom.press/news/meet-open-s

It currently powers the FOIAFeed birdsite bot, which posts news articles that are based on documents from Freedom of Information Act or other public records: twitter.com/FOIAFeed

Here is the source code: github.com/freedomofpress/trac

"Deep in your innermost being, you’ve always known you were destined to learn Clojure. Every time you held your keyboard aloft, crying out in anguish over an incomprehensible class hierarchy; every time you lay awake at night, disturbing your loved ones with sobs over a mutation-induced heisenbug; every time a race condition caused you to pull out more of your ever-dwindling hair, some secret part of you has known that there has to be a better way."

Should I take the first step?

@micahflee Another SKS bug. Anyone can make a key unimportable: try `gpg --keyserver pgp.mit.edu --recv-keys 0x4F3F50786C401DCE`, it will fail. Also see pgp.mit.edu/pks/lookup?op=vind

I recently had someone contact me asking if my PGP key was safe to use because there appears to be a user id called "Dontuseee" on it -- it's actually a malicious user id that someone else added, not signed by key.

It prompted me to re-read this bug report that would be trivial to fix, but the sks keyserver devs *refuse* to make PGP simpler to to use at all, so instead they marked it wontfix.


Police broke into Chelsea Manning's home with guns drawn last week during a 'wellness check' after she posted, then quickly deleted, seemingly suicidal tweets. She provided us with security footage of the armed raid.

Luckily she wasn't home at the time and she's safe. Here is the video and more info: theintercept.com/2018/06/05/ch

Whatever you think of the Trump-Russia investigation, whistleblower Reality Winner deserves your support


@micahflee The way she's being treated is exactly the way (if not worse) than the way Edward Snowden would have been treated had he not sought asylum.

After giving the PGP ecosystem time to fix the EFAIL vulnerabilities, EFF believes it's safe to use PGP in the latest Thunderbird and Enigmail, with HTML email disabled eff.org/deeplinks/2018/05/how-

Yesterday I got block by WikiLeaks on Twitter, lol