Mysk 🇨🇦🇩🇪
@mysk.bsky.social
We're two #iOS developers and occasional #security researchers on two continents. #CyberSecurity 🎬 https://youtube.com/@mysk 📝 https://mysk.blog
Oh, 1Password stores user profile pictures on their servers without authentication. Anyone who has the long URL, which also contains the account identifier, can access the picture. It's not a big deal, but a password manager should definitely be more careful.
#privacy
#privacy
November 13, 2025 at 9:59 PM
Oh, 1Password stores user profile pictures on their servers without authentication. Anyone who has the long URL, which also contains the account identifier, can access the picture. It's not a big deal, but a password manager should definitely be more careful.
#privacy
#privacy
Here is Psylo viewed in Safari on iOS. Surprisingly, copying the same link viewed and pasting it in a new tab won't open in the web. Safari prompts for opening the link in the App Store app 😵💫
November 3, 2025 at 7:32 PM
Here is Psylo viewed in Safari on iOS. Surprisingly, copying the same link viewed and pasting it in a new tab won't open in the web. Safari prompts for opening the link in the App Store app 😵💫
Is it just me, or does the Mail app on iOS 26 in the year 2025 A.D. does not have the option to set the “Reply To” field in an email?
October 3, 2025 at 5:15 PM
Is it just me, or does the Mail app on iOS 26 in the year 2025 A.D. does not have the option to set the “Reply To” field in an email?
The first hit from Wikipedia has the correct answer, but Gemini's wrong answer has to be shown first and occupy most of the screen because AI is cool
September 24, 2025 at 1:33 PM
The first hit from Wikipedia has the correct answer, but Gemini's wrong answer has to be shown first and occupy most of the screen because AI is cool
Why do all browsers in iOS 26 communicate with this Google service? Has Apple changed how safe websites are downloaded?
Psylo tunnels all connections via our proxy servers to prevent IP leaks. How are these calls made? Does Google see the real IP?
#Privacy #Apple #iOS26
Psylo tunnels all connections via our proxy servers to prevent IP leaks. How are these calls made? Does Google see the real IP?
#Privacy #Apple #iOS26
September 17, 2025 at 12:58 AM
iOS 26, about 15 hours remaining 🐌
September 15, 2025 at 7:09 PM
iOS 26, about 15 hours remaining 🐌
In the official announcement "on-device AI model" was only used in the workout section. Yikes!
www.apple.com/newsroom/202...
www.apple.com/newsroom/202...
September 11, 2025 at 1:28 PM
In the official announcement "on-device AI model" was only used in the workout section. Yikes!
www.apple.com/newsroom/202...
www.apple.com/newsroom/202...
What a productive day! I accidentally time-traveled to the year 2076, created an Excel sheet, and returned. But that's not the puzzling part. I still can't believe that an Excel file can be so backward compatible.
September 9, 2025 at 10:50 AM
What a productive day! I accidentally time-traveled to the year 2076, created an Excel sheet, and returned. But that's not the puzzling part. I still can't believe that an Excel file can be so backward compatible.
Nothing new. Facebook is begging for pics on Threads to train their AI model on.
September 9, 2025 at 9:54 AM
Nothing new. Facebook is begging for pics on Threads to train their AI model on.
Psylo beats Safari's Advanced Fingerprinting Protecting that is going to launch in iOS and iPadOS 26.
Safari setup:
- iCloud Private Relay is on
- Private Browsing is on
Psylo setup:
- Ephemeral option is on
Watch Safari vs Psylo:
#privacy #cybersecurity #tracking #iOS26
Safari setup:
- iCloud Private Relay is on
- Private Browsing is on
Psylo setup:
- Ephemeral option is on
Watch Safari vs Psylo:
#privacy #cybersecurity #tracking #iOS26
September 6, 2025 at 9:18 PM
Psylo beats Safari's Advanced Fingerprinting Protecting that is going to launch in iOS and iPadOS 26.
Safari setup:
- iCloud Private Relay is on
- Private Browsing is on
Psylo setup:
- Ephemeral option is on
Watch Safari vs Psylo:
#privacy #cybersecurity #tracking #iOS26
Safari setup:
- iCloud Private Relay is on
- Private Browsing is on
Psylo setup:
- Ephemeral option is on
Watch Safari vs Psylo:
#privacy #cybersecurity #tracking #iOS26
Psylo private browser for iOS now offers free 7-day trial to all new users:
✅ FULLY anonymous
✅ ALL features unlocked
✅ NO in-app purchase required
✅ NO account required
✅ NO IDs shared with Apple
✅ NO questions asked
✅ NO logs
✅ NO app analytics
Try it now:
apps.apple.com/app/id674135...
#privacy
✅ FULLY anonymous
✅ ALL features unlocked
✅ NO in-app purchase required
✅ NO account required
✅ NO IDs shared with Apple
✅ NO questions asked
✅ NO logs
✅ NO app analytics
Try it now:
apps.apple.com/app/id674135...
#privacy
September 4, 2025 at 11:58 PM
Psylo private browser for iOS now offers free 7-day trial to all new users:
✅ FULLY anonymous
✅ ALL features unlocked
✅ NO in-app purchase required
✅ NO account required
✅ NO IDs shared with Apple
✅ NO questions asked
✅ NO logs
✅ NO app analytics
Try it now:
apps.apple.com/app/id674135...
#privacy
✅ FULLY anonymous
✅ ALL features unlocked
✅ NO in-app purchase required
✅ NO account required
✅ NO IDs shared with Apple
✅ NO questions asked
✅ NO logs
✅ NO app analytics
Try it now:
apps.apple.com/app/id674135...
#privacy
We’ve made 2 improvements to Psylo’s architecture since our last blog post:
🧵
🧵
September 4, 2025 at 10:41 PM
We’ve made 2 improvements to Psylo’s architecture since our last blog post:
🧵
🧵
X has introduced its end-to-end encrypted chat feature. This service utilizes the Juicebox protocol, which enables users to secure their encryption keys with a simple, memorable 4-digit PIN while defending against brute force attacks. X’s implementation is wrong because they own all the realms
🧵 1/2
🧵 1/2
September 4, 2025 at 6:13 PM
X has introduced its end-to-end encrypted chat feature. This service utilizes the Juicebox protocol, which enables users to secure their encryption keys with a simple, memorable 4-digit PIN while defending against brute force attacks. X’s implementation is wrong because they own all the realms
🧵 1/2
🧵 1/2
Just signed in from another browser session and was able to recover the messages by entering the PIN. The encryption keys are clearly stored remotely and this PIN is used to decrypt their vault. You need 10,000 iterations to brute-force it.
September 4, 2025 at 12:09 AM
Just signed in from another browser session and was able to recover the messages by entering the PIN. The encryption keys are clearly stored remotely and this PIN is used to decrypt their vault. You need 10,000 iterations to brute-force it.
X just rolled out its highly anticipated end-to-end encrypted chat, that you "secure" with a 4-digit PIN 🤪
September 3, 2025 at 11:13 PM
X just rolled out its highly anticipated end-to-end encrypted chat, that you "secure" with a 4-digit PIN 🤪
Psylo update is out ✌️ New users can start the trial mode without having to subscribe.
Give it a try:
apps.apple.com/app/id674135...
#privacy
Give it a try:
apps.apple.com/app/id674135...
#privacy
September 3, 2025 at 11:04 AM
Psylo update is out ✌️ New users can start the trial mode without having to subscribe.
Give it a try:
apps.apple.com/app/id674135...
#privacy
Give it a try:
apps.apple.com/app/id674135...
#privacy
Nothing is circular, they're all long lists. Here is the date picker in Reminders:
September 2, 2025 at 8:57 AM
Nothing is circular, they're all long lists. Here is the date picker in Reminders:
Apple Product Security:
"Unfortunately, this issue didn't qualify for a bounty because it didn't meet the impact criteria or fall into any of the eligible categories"
Also Apple: in iOS and iPadOS 26 Passwords has an option to disallow contacting websites, the very thing our research highlighted. 🚶♂️
"Unfortunately, this issue didn't qualify for a bounty because it didn't meet the impact criteria or fall into any of the eligible categories"
Also Apple: in iOS and iPadOS 26 Passwords has an option to disallow contacting websites, the very thing our research highlighted. 🚶♂️
August 21, 2025 at 6:37 PM
Apple Product Security:
"Unfortunately, this issue didn't qualify for a bounty because it didn't meet the impact criteria or fall into any of the eligible categories"
Also Apple: in iOS and iPadOS 26 Passwords has an option to disallow contacting websites, the very thing our research highlighted. 🚶♂️
"Unfortunately, this issue didn't qualify for a bounty because it didn't meet the impact criteria or fall into any of the eligible categories"
Also Apple: in iOS and iPadOS 26 Passwords has an option to disallow contacting websites, the very thing our research highlighted. 🚶♂️
Psylo 1.0.2 is out now! This is a minor bug fix release with some small improvements. We’re planning to release a major update in September (hopefully! 🤞)
ICYMI: We lowered our annual and monthly subscription prices. Try out Psylo for 7 days free:
apps.apple.com/app/id674135...
ICYMI: We lowered our annual and monthly subscription prices. Try out Psylo for 7 days free:
apps.apple.com/app/id674135...
August 13, 2025 at 9:30 PM
Psylo 1.0.2 is out now! This is a minor bug fix release with some small improvements. We’re planning to release a major update in September (hopefully! 🤞)
ICYMI: We lowered our annual and monthly subscription prices. Try out Psylo for 7 days free:
apps.apple.com/app/id674135...
ICYMI: We lowered our annual and monthly subscription prices. Try out Psylo for 7 days free:
apps.apple.com/app/id674135...
It is estimated that 75% of iPhone users have activated #Apple Pay.
Psylo is the only iOS browser that blocks Apple Pay.
Test your browser here:
applepaydemo.apple.com
Psylo is the only iOS browser that blocks Apple Pay.
Test your browser here:
applepaydemo.apple.com
August 6, 2025 at 2:07 PM
It is estimated that 75% of iPhone users have activated #Apple Pay.
Psylo is the only iOS browser that blocks Apple Pay.
Test your browser here:
applepaydemo.apple.com
Psylo is the only iOS browser that blocks Apple Pay.
Test your browser here:
applepaydemo.apple.com
We’ve heard your feedback about Psylo’s pricing, and we understand it’s been on the higher side. That’s why, starting today, we’re lowering our standard pricing to $69.99/year or $7.99/month (down from $99.99/year and $9.99/month).
... 🧵
... 🧵
July 29, 2025 at 11:56 PM
We’ve heard your feedback about Psylo’s pricing, and we understand it’s been on the higher side. That’s why, starting today, we’re lowering our standard pricing to $69.99/year or $7.99/month (down from $99.99/year and $9.99/month).
... 🧵
... 🧵
iOS 18.6 patches 12 WebKit vulnerabilities. Since Apple requires all browsers on iOS and iPadOS to use WebKit, these CVEs affect Safari and all browsers. Individual browser patches aren't possible since Apple updates WebKit alongside the OS. (iOS 18.5 was released 79 days ago)
July 29, 2025 at 10:21 PM
iOS 18.6 patches 12 WebKit vulnerabilities. Since Apple requires all browsers on iOS and iPadOS to use WebKit, these CVEs affect Safari and all browsers. Individual browser patches aren't possible since Apple updates WebKit alongside the OS. (iOS 18.5 was released 79 days ago)