Mullvad just passed Google’s MASA security audit again.
But the interesting part is what the audit revealed.
Auditors found:
• visible account numbers on login screen
• plaintext custom API passwords
• mutable Android intents
• missing account deletion option
• incomplete Play Store privacy disclosures
Mullvad fixed everything and passed the audit.
Most VPN companies never even let you see findings like this publicly.
That level of transparency is rare in the VPN industry.
"DarkFi is the protocol that exists while everything is fine, so that it is already there when everything is not.
Present before anyone has to ask for it."
Very well said!
Right now everything feels fine to most people, so privacy also feels optional.
Everything is visible and there is no apparent reason to want otherwise.
It's hard to change your behaviour when the necessity feels like a distant future.
This is the precise failure mode of every system built on optimism without contingency.
The infrastructure you need in a crisis has to exist before the crisis.
You cannot install it on the day it turns urgent.
David Chaum saw this in 1985, describing anonymous payment systems before the web existed. Timothy May saw it in 1988, anticipating zero-knowledge systems and decentralized exchange before the tools were buildable. The ideas kept arriving decades ahead of the hardware.
DarkFi is the protocol that exists while everything is fine, so that it is already there when everything is not.
Present before anyone has to ask for it.
Your smart TV is taking a screenshot of your screen every 500 milliseconds.
Every show, game, video call, every laptop you have ever plugged into the HDMI port. The TV photographs all of it and ships the data back to the manufacturer.
On May 12, the law firm Peiffer Wolf filed a federal class action lawsuit against Hisense. Their smart TVs in millions of American living rooms capture screen content every 500 milliseconds and route the data through their Chinese parent companies, which are subject to laws compelling them to share that data with the Chinese government on demand.
Every major smart TV brand sold in America does the same thing. Samsung. LG. Sony. TCL. Vizio. Roku. Amazon Fire. The technology is called "Automated Content Recognition."
The data goes to the manufacturer's servers, then to advertising partners, then to data brokers, then to political campaigns.
Vizio executives admitted in 2021 that selling viewing data generates more profit than selling the actual televisions. By 2023, Vizio's platform revenue, which is mostly ads and harvested viewer data, hit $598,000,000.
The customer is the inventory.
75% of American households have a smart TV with ACR running. Roughly 100,000,000 homes. You paid the cartel to install the camera in your living room.
The fix takes 2 minutes. On every brand, the setting is buried in a privacy menu labeled with something polite like "Viewing Information Services" or "Live Plus" or "Smart TV Experience."
Toggle it off. Better yet, unplug the TV from the internet entirely and use a streaming stick you actually control. The screen does not need a network connection to display content.
Unplug it tonight.
So they say #Monero#XMR is used by criminals or for illegal activities.
Certainly it is, but so is cash and other crypto too. And while we are on the subject, #cashapp is used by criminals and for illegal activities of all kind, including prostitution, etc. Ban cashapp?? ..
DAOs (in their current form) are a glass room.
Every member address, every vote, every treasury movement - permanently visible to anyone who wants to look.
Anonymous DAOs are the future.
Let there be Dark!
@mullvadnet@cybaqkebm Android Devs @AndroidDev won't fix this? I vegan to question who they really work for a long time ago. Keep f*vking up like that Bros and saying it is not feasible to fix backdoors, android will be history in a few years.
Don't become a honeypot...are you?
@mullvadnet@cybaqkebm And that’s why you should be using @GrapheneOS
‘In contrast, GrapheneOS, a security-focused Android-based OS, quickly patched the issue in its codebase.’
A new VPN leak that allows any app to leak traffic outside the VPN tunnel has recently been discovered by @cybaqkebm
Read more here: https://t.co/K9bxtiGHbw
MONERO QUIETLY EXPANDED ITS ANONYMITY SET FROM 16 TO 150 MILLION
Monero (@monero) activated the FCMP++ and CARROT beta stressnet on May 6 at block 2,997,100. The upgrade replaces ring signatures with full-chain membership proofs, jumping the anonymity set from 16 decoys to over 150M outputs across the entire blockchain history.
Core developers call it the most important privacy advance since RingCT. Trail of Bits begins its audit May 11 through May 22. @IOHK_Charles posted public praise the same day, and $XMR is up roughly 7% on the week while the privacy-coin trade keeps drawing institutional capital.
The Catholic Church has maintained the seal of confession for over 1,200 years.
As an absolute theological obligation.
Priests have never been canonically permitted to reveal what was spoken in the confessional - not under legal pressure, not under torture, not under threat of excommunication from above.
Some priests have gone to prison rather than break it. Some have died.
The seal exists because the Church understood that the act of honest self-disclosure requires an absolute guarantee of protection.
Remove the guarantee and you don't get honesty.
You get performance - the carefully edited version of the self that feels safe to reveal.
The confessional seal was not a privacy policy.
It was a theological commitment to the conditions under which the human soul can speak truthfully.
The math holds the seal now.