Ian Miers
@secparam.bsky.social
UMD CS Prof. Security and applied cryptography.
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
November 1, 2025 at 7:02 PM
There's no such thing as Fully-Homomorphic Decryption.
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
Anytime you see a system using FHE to compute on your sensitive data, remember: someone has the key. If its not you, do you trust them?
I had an interesting convo with @matthewdgreen.bsky.social
about Apple's Memory Integrity Enforcement (MIE). It will raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.....
about Apple's Memory Integrity Enforcement (MIE). It will raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.....
October 18, 2025 at 7:18 PM
I had an interesting convo with @matthewdgreen.bsky.social
about Apple's Memory Integrity Enforcement (MIE). It will raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.....
about Apple's Memory Integrity Enforcement (MIE). It will raise the cost of zero-day exploits, but by how much? MIE stops a huge swath of exploits that target unsafe memory handling. It's impressive and required new hardware features.....
Discord user IDs getting leaked is the entirely predictable consequence of requiring platforms to do age verification. That data never goes away, it spreads. In this case, into appeals in a breached customer support database. And predictably, it can get worse. www.404media.co/the-discord-...
The Discord Hack is Every User’s Worst Nightmare
A hack impacting Discord’s age verification process shows in stark terms the risk of tech companies collecting users’ ID documents. Now the hackers are posting peoples’ IDs and other sensitive informa...
www.404media.co
October 9, 2025 at 7:59 PM
Discord user IDs getting leaked is the entirely predictable consequence of requiring platforms to do age verification. That data never goes away, it spreads. In this case, into appeals in a breached customer support database. And predictably, it can get worse. www.404media.co/the-discord-...
The worst part of preparing a tenure portfolio is realizing you actually have to create that 'permanent record' your elementary school teachers threatened you with.
And it has pesky formatting requirements.
And it has pesky formatting requirements.
September 19, 2025 at 6:50 PM
The worst part of preparing a tenure portfolio is realizing you actually have to create that 'permanent record' your elementary school teachers threatened you with.
And it has pesky formatting requirements.
And it has pesky formatting requirements.
Interesting anecdote from a friend: quantum computing startups are now raising funds by pitching their ability to break cryptocurrency encryption (n=1 plus VC gossip, but still). Apparently other applications like quantum chemistry don't offer big enough ROI for investors.
September 11, 2025 at 10:48 PM
Interesting anecdote from a friend: quantum computing startups are now raising funds by pitching their ability to break cryptocurrency encryption (n=1 plus VC gossip, but still). Apparently other applications like quantum chemistry don't offer big enough ROI for investors.
Some "AI" on my phone is reading inbound Signal messages. I left predictive typing on, trading a little of my privacy for convenience. Yet something is giving responses using what others wrote in chats with disappearing messages, persisting or sharing them who knows where. Not a good default, Google
September 9, 2025 at 11:59 PM
Some "AI" on my phone is reading inbound Signal messages. I left predictive typing on, trading a little of my privacy for convenience. Yet something is giving responses using what others wrote in chats with disappearing messages, persisting or sharing them who knows where. Not a good default, Google
We've crossed a threshold. A paid subscription used to be the ultimate proof of humanity online, now its not enough to allow a single link click inside the NYT cooking app. The next few years are going to be an interesting race to extract more and more invasive proofs of humanity.
September 1, 2025 at 9:14 PM
We've crossed a threshold. A paid subscription used to be the ultimate proof of humanity online, now its not enough to allow a single link click inside the NYT cooking app. The next few years are going to be an interesting race to extract more and more invasive proofs of humanity.
The 2010s internet: Let's mock dissertation-length arguments about weird-ass fanfic tags.
The 2025 internet: 'dubcon' is an ancillary part of the financial privacy discourse.
The past was a better place.
The 2025 internet: 'dubcon' is an ancillary part of the financial privacy discourse.
The past was a better place.
PayPal user in the UK lost their account after buying adult ebooks “about monsters and milking,” “some dubcon stuff”
“My account got banned a couple of days ago for making purchases which violate the ToS. Upon querying w/ staff over the phone I've been told that it was ebooks that I've been buying”
“My account got banned a couple of days ago for making purchases which violate the ToS. Upon querying w/ staff over the phone I've been told that it was ebooks that I've been buying”
September 1, 2025 at 5:28 PM
The 2010s internet: Let's mock dissertation-length arguments about weird-ass fanfic tags.
The 2025 internet: 'dubcon' is an ancillary part of the financial privacy discourse.
The past was a better place.
The 2025 internet: 'dubcon' is an ancillary part of the financial privacy discourse.
The past was a better place.
Making LLM chats private is a good idea. We've accepted too much data harvesting already—this moment lets us reset the norm around who controls our data online. But let's go further: put LLM chats in private compute, so you get technical guarantees you control your data.
x.com/sama/status/...
x.com/sama/status/...
June 6, 2025 at 7:27 PM
Making LLM chats private is a good idea. We've accepted too much data harvesting already—this moment lets us reset the norm around who controls our data online. But let's go further: put LLM chats in private compute, so you get technical guarantees you control your data.
x.com/sama/status/...
x.com/sama/status/...
Classic Google: an A/B test (a rare overt one)
Classic Google AI: it doesn't actually work (you can't submit)
Classic Google AI: it doesn't actually work (you can't submit)
June 6, 2025 at 5:02 PM
Classic Google: an A/B test (a rare overt one)
Classic Google AI: it doesn't actually work (you can't submit)
Classic Google AI: it doesn't actually work (you can't submit)
Friend messaged me: Signal's going mainstream. They've got 150+ active chats. Work life invaded their friend space.
Its not just Signal being in the news: people don't trust other apps. Too many places to half-ass privacy: be it backups, ads, or an AI reading over your shoulder.
Its not just Signal being in the news: people don't trust other apps. Too many places to half-ass privacy: be it backups, ads, or an AI reading over your shoulder.
May 16, 2025 at 3:15 PM
Friend messaged me: Signal's going mainstream. They've got 150+ active chats. Work life invaded their friend space.
Its not just Signal being in the news: people don't trust other apps. Too many places to half-ass privacy: be it backups, ads, or an AI reading over your shoulder.
Its not just Signal being in the news: people don't trust other apps. Too many places to half-ass privacy: be it backups, ads, or an AI reading over your shoulder.
It's the year 2030. AIs write all our sitcoms now, but they're just endless FRIENDS clones because the underpaid content moderators in offshore offices learned that's the pinnacle of American comedy.
May 6, 2025 at 5:48 PM
It's the year 2030. AIs write all our sitcoms now, but they're just endless FRIENDS clones because the underpaid content moderators in offshore offices learned that's the pinnacle of American comedy.
Google announced they will support privacy preserving age verification via zero-knowledge proofs.
You prove you have a signed digital copy of a drivers license and it says you are over 18 without revealing anything about you (name, birthdate, etc)
blog.google/products/goo...
You prove you have a signed digital copy of a drivers license and it says you are over 18 without revealing anything about you (name, birthdate, etc)
blog.google/products/goo...
It’s now easier to prove age and identity with Google Wallet
Learn more about new Google Wallet updates, including new ways to use your digital ID for age and identity verification.
blog.google
May 1, 2025 at 11:00 PM
Google announced they will support privacy preserving age verification via zero-knowledge proofs.
You prove you have a signed digital copy of a drivers license and it says you are over 18 without revealing anything about you (name, birthdate, etc)
blog.google/products/goo...
You prove you have a signed digital copy of a drivers license and it says you are over 18 without revealing anything about you (name, birthdate, etc)
blog.google/products/goo...
WhatsApps "advanced protection" blog post is double speak. Instead of end-to-end encryption, you get downgraded to end-to-AI encryption. But its phrased as a feature: you can opt out of "others" uploading data, as if WhatsApp has nothing to do with it.
blog.whatsapp.com/introducing-...
blog.whatsapp.com/introducing-...
April 23, 2025 at 10:41 PM
WhatsApps "advanced protection" blog post is double speak. Instead of end-to-end encryption, you get downgraded to end-to-AI encryption. But its phrased as a feature: you can opt out of "others" uploading data, as if WhatsApp has nothing to do with it.
blog.whatsapp.com/introducing-...
blog.whatsapp.com/introducing-...
The UK is fighting the last war by trying to backdoor encrypted messaging worldwide. The US tried the same trick in the Obama and Bill Barr DoJs. Thankfully, saner minds prevailed. Now the FBI recommends encrypted messaging because it makes us safer from nation state hacking.
@meredithmeredith.bsky.social points out the real story with Apple disabling encrypted backup (and therefore effectively iMessage encryption) in the UK. The UK is demanding a global backdoor for all data, including Americans. Apple is resisting as best they can.
March 21, 2025 at 2:20 AM
The UK is fighting the last war by trying to backdoor encrypted messaging worldwide. The US tried the same trick in the Obama and Bill Barr DoJs. Thankfully, saner minds prevailed. Now the FBI recommends encrypted messaging because it makes us safer from nation state hacking.
@meredithmeredith.bsky.social points out the real story with Apple disabling encrypted backup (and therefore effectively iMessage encryption) in the UK. The UK is demanding a global backdoor for all data, including Americans. Apple is resisting as best they can.
March 21, 2025 at 2:19 AM
@meredithmeredith.bsky.social points out the real story with Apple disabling encrypted backup (and therefore effectively iMessage encryption) in the UK. The UK is demanding a global backdoor for all data, including Americans. Apple is resisting as best they can.
Easily overlooked threat: The UK is demanding Apple expose your iCloud data, no matter where you live. Apple is fighting for limits, but the demand is world-wide access, not just for UK persons. This is terrible for US sovereignty and national security.
wapo.st/4k2AF5Z
wapo.st/4k2AF5Z
U.K. orders Apple to let it spy on users’ encrypted accounts
Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users.
wapo.st
February 7, 2025 at 5:24 PM
Easily overlooked threat: The UK is demanding Apple expose your iCloud data, no matter where you live. Apple is fighting for limits, but the demand is world-wide access, not just for UK persons. This is terrible for US sovereignty and national security.
wapo.st/4k2AF5Z
wapo.st/4k2AF5Z
Reposted by Ian Miers
Trump and Apple better tell the UK to go to hell with its demand to access Americans’ private, encrypted texts and files. Trump and American tech companies letting foreign governments secretly spy on Americans would be an unmitigated privacy and national security disaster.
Apple ordered to open encrypted user accounts globally to UK spying
Apple ordered to open encrypted user accounts globally to UK spying
If implemented, the secret order would give the UK access to encrypted backups belonging to any user — not just Brits.
buff.ly
February 7, 2025 at 5:15 PM
Trump and Apple better tell the UK to go to hell with its demand to access Americans’ private, encrypted texts and files. Trump and American tech companies letting foreign governments secretly spy on Americans would be an unmitigated privacy and national security disaster.
"Lets make the AI surveillance state", is a really odd take after the 2024 presidential election. You're worried about the deep state and your solution is to hand them more powerful AI tools?
www.businessinsider.com/larry-elliso...
www.businessinsider.com/larry-elliso...
Billionaire Larry Ellison says a vast AI-fueled surveillance system can ensure 'citizens will be on their best behavior'
Billionaire Oracle cofounder Larry Ellison said he expects AI surveillance systems to reach a point where all citizens are under constant watch.
www.businessinsider.com
January 26, 2025 at 9:24 PM
"Lets make the AI surveillance state", is a really odd take after the 2024 presidential election. You're worried about the deep state and your solution is to hand them more powerful AI tools?
www.businessinsider.com/larry-elliso...
www.businessinsider.com/larry-elliso...
Tell me you're in a predatory cryptocurrency polycule without telling me you're a predatory cryptocurrency polycule....
August 3, 2023 at 5:26 PM
Tell me you're in a predatory cryptocurrency polycule without telling me you're a predatory cryptocurrency polycule....
Welcome to the 2000s: twitter isn't a brand and 32 bit keys are the new security weakness.
July 25, 2023 at 1:35 AM
Welcome to the 2000s: twitter isn't a brand and 32 bit keys are the new security weakness.
Two sentence horror: Twitter died as a public commons for expert discussion. As bsky turned into a stream of consciousness, and threads into text-o-gram, we were forced to consider desperate alternatives like .... LinkedIn.
July 16, 2023 at 6:34 PM
Two sentence horror: Twitter died as a public commons for expert discussion. As bsky turned into a stream of consciousness, and threads into text-o-gram, we were forced to consider desperate alternatives like .... LinkedIn.
When designing computers or, by proxy, society, security is mostly unnecessary. But when, e.g., your 18-year-old needs an abortion or Russian tanks are coming, encryption is essential. Secparam is a pun. A latex macro, short for security parameter, in narrowly technical papers which ignore all this.
let's do something fun
where did your username come from?
I used to be a radio intern when I was 19 and my radio name was "Terence The Black Nerd" and it stuck
where did your username come from?
I used to be a radio intern when I was 19 and my radio name was "Terence The Black Nerd" and it stuck
July 8, 2023 at 5:31 PM
When designing computers or, by proxy, society, security is mostly unnecessary. But when, e.g., your 18-year-old needs an abortion or Russian tanks are coming, encryption is essential. Secparam is a pun. A latex macro, short for security parameter, in narrowly technical papers which ignore all this.