I’m happy to be joining the USENIX Security ’26 Enigma organizing committee this year, after having the chance to speak at Enigma three times. It has a long history as a home for early, practice-driven security ideas, often where work first gets aired before it’s fully polished or widely deployed.
January 27, 2026 at 11:12 PM
I’m happy to be joining the USENIX Security ’26 Enigma organizing committee this year, after having the chance to speak at Enigma three times. It has a long history as a home for early, practice-driven security ideas, often where work first gets aired before it’s fully polished or widely deployed.
AI coding is an earthquake for software security. Not a tremor. The kind that liquefies the ground beneath your feet. We're mid-shake and most people are still debating if it's real.
🔗 github.blog/news-insight...
🔗 github.blog/news-insight...
January 15, 2026 at 9:41 PM
AI coding is an earthquake for software security. Not a tremor. The kind that liquefies the ground beneath your feet. We're mid-shake and most people are still debating if it's real.
🔗 github.blog/news-insight...
🔗 github.blog/news-insight...
Reposted by Nick Sullivan
Registration for Real World Crypto 2026 is now open! rwc.iacr.org/2026/registr...
RWC 2026 registration
Real World Crypto Symposium
rwc.iacr.org
January 9, 2026 at 1:32 PM
Registration for Real World Crypto 2026 is now open! rwc.iacr.org/2026/registr...
News! I’ll be joining the Internet Architecture Board(IAB) starting March 2026 at IETF 125 in Shenzhen(I’ll be participating remotely).
The IAB is part of the IETF ecosystem. It looks across Internet protocol work to provide architecture-level oversight and help keep the standards process healthy.
The IAB is part of the IETF ecosystem. It looks across Internet protocol work to provide architecture-level oversight and help keep the standards process healthy.
January 9, 2026 at 5:17 PM
News! I’ll be joining the Internet Architecture Board(IAB) starting March 2026 at IETF 125 in Shenzhen(I’ll be participating remotely).
The IAB is part of the IETF ecosystem. It looks across Internet protocol work to provide architecture-level oversight and help keep the standards process healthy.
The IAB is part of the IETF ecosystem. It looks across Internet protocol work to provide architecture-level oversight and help keep the standards process healthy.
Reposted by Nick Sullivan
CDT’s @npdoty.techpolicy.social.ap.brid.gy and Visiting Fellow @nicksullivan.org joined a UN OHCHR workshop in Madrid with engineers, industry, and civil society to explore how technical standards affect internet users’ human rights. Read their recap of the event:
Embedding Human Rights in Technical Standard-Setting: Institutional Change and Governance
Standards engineers discussing support for human rights in technical standards This July, just before a week of meetings on internet protocol details in Madrid, CDT invited a group of engineers — leaders from industry and civil society and participants in the Internet Engineering Task Force and World Wide Web Consortium — to a workshop organized […]
cdt.org
December 18, 2025 at 5:30 PM
CDT’s @npdoty.techpolicy.social.ap.brid.gy and Visiting Fellow @nicksullivan.org joined a UN OHCHR workshop in Madrid with engineers, industry, and civil society to explore how technical standards affect internet users’ human rights. Read their recap of the event:
Reposted by Nick Sullivan
At #IETF124 in Montréal @ietf.org last month I gave a talk about Measuring & Understanding ECH deployments as @ooni.org.
ECH is becoming a Frontline for whether the Internet remains Open, Private, and Resilient.
We need to Document Censorship, to Protect our Internet.
📹 youtu.be/OmBNQKZtO3Q
ECH is becoming a Frontline for whether the Internet remains Open, Private, and Resilient.
We need to Document Censorship, to Protect our Internet.
📹 youtu.be/OmBNQKZtO3Q
December 9, 2025 at 9:09 AM
At #IETF124 in Montréal @ietf.org last month I gave a talk about Measuring & Understanding ECH deployments as @ooni.org.
ECH is becoming a Frontline for whether the Internet remains Open, Private, and Resilient.
We need to Document Censorship, to Protect our Internet.
📹 youtu.be/OmBNQKZtO3Q
ECH is becoming a Frontline for whether the Internet remains Open, Private, and Resilient.
We need to Document Censorship, to Protect our Internet.
📹 youtu.be/OmBNQKZtO3Q
The “cosmic-ray bit-flip” thing actually being real and serious enough to recall every A320 on the planet was not on my 2025 bingo card.
November 30, 2025 at 1:37 PM
The “cosmic-ray bit-flip” thing actually being real and serious enough to recall every A320 on the planet was not on my 2025 bingo card.
This is an obvious but important result, but I'm not a fan of this characterization of poisoning as an attack. There are legitimate reasons to poison, especially if you consider an AI company to be the malicious party rather than the victim.
www.anthropic.com/research/sma...
www.anthropic.com/research/sma...
A small number of samples can poison LLMs of any size
Anthropic research on data-poisoning attacks in large language models
www.anthropic.com
November 17, 2025 at 2:12 PM
This is an obvious but important result, but I'm not a fan of this characterization of poisoning as an attack. There are legitimate reasons to poison, especially if you consider an AI company to be the malicious party rather than the victim.
www.anthropic.com/research/sma...
www.anthropic.com/research/sma...
The first ARMOR meeting was a success with 4 great presentations on different aspects of real-world protocol resilience by @vinifortuna.com , Brien Colwell, @distributeddave.bsky.social , and @hellais.bsky.social.
November 6, 2025 at 5:06 PM
The first ARMOR meeting was a success with 4 great presentations on different aspects of real-world protocol resilience by @vinifortuna.com , Brien Colwell, @distributeddave.bsky.social , and @hellais.bsky.social.
Reposted by Nick Sullivan
New guest post from CDT Visiting Fellow & IETF expert @nicksullivan.org: Encrypted Client Hello (ECH) closes the final major privacy gap in HTTPS by encrypting the Server Name Indication (SNI) — a milestone for online privacy. 🌐 Read more:
Encrypted Client Hello: Closing the SNI Metadata Gap
Referencesent-deployment-and-adoption" href="#current-deployment-and-adoption" class="toc-anchor">Current Deployment and Adoptionor">Trial by Firewall-security-systems" href="#adapting-network-security-systems" class="toc-anchor">Adapting Network Security Systemsy-sni-became-the-last-privacy-gap" class="toc-anchor">Why SNI Became the Last Privacy Gapre-metadata-leaks" class="toc-anchor">Background: Where Metadata Leakste, whether governments like it or not. Encrypted Client Hello (ECH) is nearing final IETF standardization [1]. It closes the last remaining metadata leak in HTTPS connections by encrypting the Server Name […]
cdt.org
October 23, 2025 at 3:46 PM
New guest post from CDT Visiting Fellow & IETF expert @nicksullivan.org: Encrypted Client Hello (ECH) closes the final major privacy gap in HTTPS by encrypting the Server Name Indication (SNI) — a milestone for online privacy. 🌐 Read more:
Here are seven things I’m looking forward to in the next month.
Tomorrow, I’ll be guest lecturing with Kyle Hogan at NYU for Sunoo Park’s class on public interest tech. The theme: bikeshedding and how to get things done in internet standards.
Tomorrow, I’ll be guest lecturing with Kyle Hogan at NYU for Sunoo Park’s class on public interest tech. The theme: bikeshedding and how to get things done in internet standards.
October 21, 2025 at 6:44 PM
Here are seven things I’m looking forward to in the next month.
Tomorrow, I’ll be guest lecturing with Kyle Hogan at NYU for Sunoo Park’s class on public interest tech. The theme: bikeshedding and how to get things done in internet standards.
Tomorrow, I’ll be guest lecturing with Kyle Hogan at NYU for Sunoo Park’s class on public interest tech. The theme: bikeshedding and how to get things done in internet standards.
Global network interference and traffic disruption are on the rise. In 2024, governments in 41 countries blocked websites and in 25 countries entire social platforms were restricted (freedomhouse.org/report/freed...).
The Struggle for Trust Online
Around the world, voters have been forced to make major decisions about their future while navigating a censored, distorted, and unreliable information space.
freedomhouse.org
September 30, 2025 at 2:16 PM
Global network interference and traffic disruption are on the rise. In 2024, governments in 41 countries blocked websites and in 25 countries entire social platforms were restricted (freedomhouse.org/report/freed...).
Reposted by Nick Sullivan
Continuing our look at the Enigma track talks is "Fighting Fire with Venom: Adversarial Defense Against Unauthorized Web Crawling," presented by independent technologist Nick Sullivan. 1/3
August 10, 2025 at 10:45 AM
Continuing our look at the Enigma track talks is "Fighting Fire with Venom: Adversarial Defense Against Unauthorized Web Crawling," presented by independent technologist Nick Sullivan. 1/3
Tomorrow on USENIX Security’s Enigma track, I’ll unveil Venom, a new framework to sting back at rogue AI web crawlers with some adversarial mischief. If you’re around Seattle, come say hi or ping me!
www.usenix.org/conference/u...
www.usenix.org/conference/u...
Fighting Fire with Venom: Adversarial Defense Against Unauthorized Web Crawling | USENIX
www.usenix.org
August 13, 2025 at 8:34 PM
Tomorrow on USENIX Security’s Enigma track, I’ll unveil Venom, a new framework to sting back at rogue AI web crawlers with some adversarial mischief. If you’re around Seattle, come say hi or ping me!
www.usenix.org/conference/u...
www.usenix.org/conference/u...
The digital identity space is approaching a dangerous precipice.
newdesigncongress.org/en/note/2025...
newdesigncongress.org/en/note/2025...
The Mask-Off Moment for Digital Identity
Our 18-month investigation reveals how digital identity systems create brittle societies. This foreword traces eight case studies that demonstrate the catastrophic failures of digital identity across ...
newdesigncongress.org
July 21, 2025 at 8:03 PM
The digital identity space is approaching a dangerous precipice.
newdesigncongress.org/en/note/2025...
newdesigncongress.org/en/note/2025...
Reposted by Nick Sullivan
The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...
rwc.iacr.org/2026/contrib...
RWC 2026 call for papers
Real World Crypto Symposium
rwc.iacr.org
July 13, 2025 at 3:52 PM
The Call for Contributed Talks is now open for RWC 2026! And the deadline for submissions is now Oct. 10, 2025.
rwc.iacr.org/2026/contrib...
rwc.iacr.org/2026/contrib...
Here are the slides from my recent keynote on post-quantum cryptography and Q-Day.
www.linkedin.com/posts/ntsull...
www.linkedin.com/posts/ntsull...
🏗️ A TALE OF THREE BRIDGES AND THE COMING QUANTUM RECKONING | Nick Sullivan
🏗️ A TALE OF THREE BRIDGES AND THE COMING QUANTUM RECKONING
Two months ago in Berlin I delivered a keynote on post‑quantum cryptography at Visa Risk Reset, an invitation‑only summit for CROs, CISOs, r...
www.linkedin.com
July 7, 2025 at 8:15 PM
Here are the slides from my recent keynote on post-quantum cryptography and Q-Day.
www.linkedin.com/posts/ntsull...
www.linkedin.com/posts/ntsull...
Good read: a detailed and accessible report published on @chinafile by Jessica Batke and Laura Edelson on China's internet censorship system, known as the "Locknet"
locknet.chinafile.com/the-locknet/...
locknet.chinafile.com/the-locknet/...
The Locknet: How China Controls Its Internet and Why It Matters
June 30, 2025 The man gazes earnestly into the camera, the glow from his computer monitor reflecting off his black-rimmed glasses. “This is more than just a cultural moment,” he says with a smile. “It...
locknet.chinafile.com
July 7, 2025 at 5:24 PM
Good read: a detailed and accessible report published on @chinafile by Jessica Batke and Laura Edelson on China's internet censorship system, known as the "Locknet"
locknet.chinafile.com/the-locknet/...
locknet.chinafile.com/the-locknet/...
Fascinating House Judiciary hearing going on live right now: Influence on Americans' Data Through the CLOUD Act. Big focus on the UK and Apple's E2E backup system. www.youtube.com/watch?v=QJgw...
www.youtube.com
June 5, 2025 at 3:11 PM
Fascinating House Judiciary hearing going on live right now: Influence on Americans' Data Through the CLOUD Act. Big focus on the UK and Apple's E2E backup system. www.youtube.com/watch?v=QJgw...
I’m going to hold off on using the term artificial intelligence to describe this current generation of products and just call them what they are: language models. Until they gain mathematical and symbolic reasoning skills, the term “intelligence” is a stretch.
May 30, 2025 at 5:03 PM
I’m going to hold off on using the term artificial intelligence to describe this current generation of products and just call them what they are: language models. Until they gain mathematical and symbolic reasoning skills, the term “intelligence” is a stretch.
Germ is launching support for open-source AT Protocol and the Bluesky platform in their Germ messenger. Everything I want in a messaging app: strong encryption, clean UX, and trust & safety tied to social identity. A big move for private messaging and I can't be prouder to be an advisor.
Yes, you read that right. Germ DM is integrating with #ATProto, bringing you best-in-class E2EE DMs with your Bluesky handle.
Be first to try it in beta, coming sooner than you think.
germnetwork.com/beta-waitlist
Be first to try it in beta, coming sooner than you think.
germnetwork.com/beta-waitlist
Germ-ATProto Beta Waitlist — Germ Network
germnetwork.com
May 23, 2025 at 4:41 PM
Germ is launching support for open-source AT Protocol and the Bluesky platform in their Germ messenger. Everything I want in a messaging app: strong encryption, clean UX, and trust & safety tied to social identity. A big move for private messaging and I can't be prouder to be an advisor.
These last 5 weeks have been a thrill and a half. Now fly me home…
March 28, 2025 at 3:46 PM
These last 5 weeks have been a thrill and a half. Now fly me home…
Reposted by Nick Sullivan
For those following from home (or still in your hotel rooms), here’s the link for the live stream:
youtube.com/live/R1NEfuv...
youtube.com/live/R1NEfuv...
RWC 2025
YouTube video by Real World Crypto
youtube.com
March 26, 2025 at 6:58 AM
For those following from home (or still in your hotel rooms), here’s the link for the live stream:
youtube.com/live/R1NEfuv...
youtube.com/live/R1NEfuv...
Excited to share that we’ve just updated the CFRG Process documentation, clarifying guidelines on document lifecycle, roles, and collaboration within the CFRG. If you’re proposing or managing CFRG work, this is essential reading!
wiki.ietf.org/en/group/cfr...
wiki.ietf.org/en/group/cfr...
Crypto Forum Research Group Process
Overview of CFRG process and best practices
wiki.ietf.org
March 25, 2025 at 1:53 PM
Excited to share that we’ve just updated the CFRG Process documentation, clarifying guidelines on document lifecycle, roles, and collaboration within the CFRG. If you’re proposing or managing CFRG work, this is essential reading!
wiki.ietf.org/en/group/cfr...
wiki.ietf.org/en/group/cfr...
