Hacks, Leaks, and Revelations: Pandemic Profiteers and COVID-19 Disinformation

Posted September 26, 2023 in journalism code hacks-and-leaks

I've spent the last two years writing Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data, a book that teaches journalists, researchers, and hacktivists how to report on leaked datasets! Datasets like these get dumped online literally every day (much of it published by DDoSecrets), but few people have the technical skills to download it and uncover its secrets. I'm hoping to change that.

In August, I gave a talk at the DEF CON 31 Misinformation Village about one of the case studies from my book called Pandemic Profiteers and COVID-19 Disinformation, where I explain in detail how I analyzed hacked data from the anti-vax group America's Frontline Doctors ("the horse paste peddlers" that were "hilariously easy to hack," according to my source). They raked in millions of dollars selling ivermectin and hydroxychloroquine, all while telling their supporters that COVID-19 vaccines are deadly and convincing them that things like wearing masks during a pandemic was a violation of their rights. My reporting led to a Congressional investigation into them.

Continue reading →


What goes into making an OnionShare release: Part 1

Posted September 11, 2023 in onionshare code

In the nine years (!) that I've been working on OnionShare, a growing community of contributors have taken on more and more of the work, but I'm still the only one who has actually made any releases. I'm hoping to change that. Even though OnionShare is established open source software, making a release is an extremely cumbersome process. This blog post (and the ones after) documents all the work I'm doing to make the OnionShare 2.6.1 release. This way others who will take over making releases in the future (and anyone interested in releasing open source desktop software) can see what goes into it.

Continue reading →


Elon banned me from Twitter for doing journalism. Good riddance.

Posted May 4, 2023 in twitter-threads

It's been nearly six months since Elon Musk threw one of his first tantrums as the King of Twitter and banned me (along with a bunch of other journalists) for tweeting about him censoring Mastodon. A few days later he "reinstated" my account but I was still locked out until I agreed to delete my forbidden tweet that the billionaire didn't like. And I've been locked out ever since.

Continue reading →


Capturing the Flag with GPT-4

Posted April 23, 2023 in ai ctf

This weekend I went to BSides SF 2023 and had a blast. I went to some really interesting talks (including an excellent one about adversarial machine learning), but mostly I spent my time solving CTF hacking challenges. And this time, I did it with the help of GPT-4, the latest generation of OpenAI's ChatGPT generative language model. GPT-4 straight up solved some challenges for me, which blew my mind. There were definitely several flags I got that I wouldn't have gotten without the help of GPT-4. For challenges that GPT-4 didn't solve on its own, it provided incredibly helpful tips, or quickly wrote scripts that would have been tedious or time consuming for me to write myself. Good thing there's (almost) no such thing as cheating in CTF!

Continue reading →


Twitter Thread: Response to Matt Taibbi's first Twitter Files Tweets

Posted December 2, 2022 in twitter-threads

An archived Twitter thread from December 2, 2022

Continue reading →


OnionShare 2.6 has a quickstart screen, automatic censorship circumvention, and better packaging

Posted October 9, 2022 in onionshare code

I'm excited to announce that the OnionShare team just released version 2.6! You can download it from onionshare.org. Here are the main things that are new.

Continue reading →


Stories about Peter Eckersley

Posted September 4, 2022

My friend Peter Eckersley tragically and unexpectedly died on Friday. I hadn't spent much time with him in the last few years, but I wish that I had because he had such a big impact on my life. Wikipedians have created an article about Peter, and Seth Schoen, who worked closely with me and Peter at EFF on the tech team, wrote a memorial for him on the Let's Encrypt forum. I thought I would share a few stories about Peter here.

Continue reading →


Twitter Thread: For first time in internet history Russia is fair game for cyber attacks, and this is what it looks like

Posted April 19, 2022 in twitter-threads

An archived Twitter thread from April 19, 2022

Continue reading →


Twitter Thread: "Freedom Convoy" and the GiveSendGo hacks

Posted February 15, 2022 in twitter-threads

An archived Twitter thread from February 15, 2022

Continue reading →


OnionShare 2.5 fixes security issues and adds censorship circumvention features

Posted January 17, 2022 in security onionshare

The OnionShare team has just released OnionShare 2.5! This version fixes security vulnerabilities uncovered in our first comprehensive security audit, and also includes improved censorship circumvention features. Download it from onionshare.org.

Continue reading →