Webtagr - Technology News Summarizer

Payment Processors Weaponized: A Threat to Online Free Speech

2025-07-25

This blog post discusses the growing threat of payment processors being used as tools for online censorship. Using the recent removal of games from Steam and itch.io due to NSFW content as a case study, the author highlights how organizations like Collective Shout leverage payment processors to enforce their ideologies. The post analyzes the motives and methods of groups such as Collective Shout and Exodus Cry, exploring potential political and technological solutions, including advocating for more open payment systems and stronger legislation to protect free speech online. The author calls for technologists, gamers, and LGBTQ+ activists to unite against this form of censorship, while cautioning against repeating the mistakes of GamerGate.

(soatok.blog)

Tech

The Real Threat of AI: Not Singularity, but Antisocial Behavior

2025-05-04

The author isn't worried about AI singularity or robot uprisings, but rather the antisocial behaviors AI enables: coordinated inauthentic behavior, misinformation, nonconsensual pornography, and displacement of industries causing job losses. The risk, the author argues, isn't the technology itself, but how it alters incentive structures, exacerbating existing societal problems. Furthermore, the author criticizes AI companies' disregard for user privacy, such as using encrypted messages for AI analysis, potentially leading to data misuse. The author calls on AI companies to make AI features opt-in, respecting user choice and privacy.

(soatok.blog)

AI antisocial behavior

Trump Admin's Signal Leak: Misunderstandings Around End-to-End Encryption

2025-03-25

An article detailing the Trump administration accidentally adding a journalist to a Signal group chat discussing a military operation in Yemen sparked debate. Many wrongly attributed this to a failure of Signal's security, but the author clarifies that end-to-end encryption (E2EE) protects message confidentiality during transit, not user error. E2EE doesn't prevent adding unauthorized individuals to chats nor replace government-approved secure systems for classified communication. The article explains E2EE's mechanics, its strengths and weaknesses, and its suitability in different contexts, criticizing misconceptions and promotion of alternative technologies. Ultimately, the author argues this wasn't Signal's failure but a result of the government using an unauthorized tool, predicting those involved won't face accountability.

(soatok.blog)

Tech

The Collatz Conjecture and Cryptography: A Tale of Computational Complexity

2025-03-15

This article explores the infamous Collatz conjecture and its surprising connection to ARX algorithms in cryptography (e.g., ChaCha). The Collatz conjecture describes a simple iterative function; whether it always converges to 1 remains unproven. The article draws an analogy between the Collatz function and a Turing machine, highlighting how carry propagation in its bitwise implementation creates unpredictable complexity. This contrasts interestingly with ARX algorithms, which use addition, rotation, and XOR to achieve efficient diffusion. The article suggests the Collatz conjecture's unsolved nature might stem from the inherent complexity of computation, similar to the halting problem.

(soatok.blog)

Misc Computational Complexity

Critical Vulnerability Found in FreeSWITCH: Open Source Telecom Software Security Risks

2025-03-12

A security researcher discovered a buffer overflow vulnerability in the open-source telecommunications software FreeSWITCH, potentially leading to remote code execution. While SignalWire (FreeSWITCH's developer) has patched the vulnerability, they won't release a new version with the fix until summer, leaving potentially thousands of vulnerable systems at risk. This highlights the shortcomings in security management of open-source telecom software and how security issues are often neglected in the absence of financial incentives.

(soatok.blog)

Tech

Signal Cryptography Audit: A Weekend Deep Dive

2025-02-18

This article details a weekend-long cryptographic audit of the popular encrypted messaging app Signal, conducted by an applied cryptography expert. The author explains the process and limitations of cryptographic audits, highlighting how companies sometimes misrepresent audit results. Using Signal as a case study, the author examines its implemented encryption mechanisms, outlining future audit priorities. The goal is to empower users to better understand and evaluate the security of encrypted apps, moving beyond marketing claims.

(soatok.blog)

Tech Cryptography Audit Encrypted Messaging

Don't Roll Your Own Crypto: Why Developers Keep Failing at Encryption

2025-02-01

Developers often mistakenly believe that using lower-level cryptography libraries avoids the risks of 'rolling their own crypto.' This article argues that many developers misunderstand cryptography, and even using existing libraries doesn't guarantee security if mistakes are made in protocol design or key management. The author presents real-world examples and stresses the importance of robust key management and the need for developers to deeply understand and have expert review of their cryptographic implementations.

(soatok.blog)

Development

Session Messaging App: A Cryptographic Security Audit

2025-01-20

Security engineer Soatok published a blog post questioning the cryptographic design of the Session messaging app. The post highlights Session's use of 128-bit seeds for Ed25519 key generation, making it vulnerable to batch collision attacks; a proof-of-concept is provided. Furthermore, the post criticizes design flaws in Session's signature verification process and the removal of forward secrecy. Soatok concludes that Session's cryptographic design poses significant security risks and advises against its use.

(soatok.blog)

Tech