Luis Medina

Edward Snowden said it the best: "When you say 'I don't care about the right to privacy because I have nothing to hide,' that's no different than saying 'I don't care about freedom of speech because I have nothing to say.'" "Simply because you are following the law, doesn't mean that you'll be exempt from governmental interference in your private life."

Google has a pirate enemy. He's one guy. His name is Raymond Hill. He built uBlock Origin. The world's best ad blocker. 63K stars. GPL-3.0. He literally refuses every dollar you try to send him. Then Google did the unthinkable. July 24, 2025. Manifest V2 disabled everywhere. The full uBlock Origin stopped working on Chrome. The world's biggest ad company nuked the world's biggest ad blocker on its own browser. They called it "security." Coincidence. Here's the wildest part: Raymond didn't fold. Latest release: March 11, 2026. Still alive on Firefox. Still alive on Edge. Still alive on Brave. Still GPL-3.0. Still refusing every dollar. One developer vs. the trillion-dollar ad empire. But DO NOT install it. We should all keep Google richer. 100% Open Source. (Link in the comments)

New episode 📢 Ep 172 "SuperBox" What if there was a device which gave you endless movies and TV shows without ads? Ok great sign me up! In this episode we interview "D3ada55", who found such a device, but as she gazed into it, she discovered it gazing back at her. https://t.co/FFuZJDUefR

Iets talk about ai data processing and vulnerability research. I understand this challenge quite well, it comes down to compliance, risk and data processing, but I find it exponentially harder to avoid any kind of third party processing in today’s age, let’s say one uses Google Docs to keep notes or write a report and use gemeni for spell checking, or use slack, windows, a modern ide, or even perform a search, etc. etc, they all have ai features and telemetrics enabled and built in. When it comes to data processing using ai the end user can in some cases control this by having an enterprise agreement with zero logging and zero data retention activated on ex Claude code. But it comes at a much higher price tier, and I highly doubt most will adapt to that setup. Then we have the fact that most foundation models live in the us. Which have its own complications. This it’s definitely a question I have pondered and not 100% sure on how to solve or even avoid. My approach is to guard the data as much as I can with the knowledge I have and use services where I can opt out from training and be selective with what I process and how and use local Models for some task. But tbh I think it’s a conversation of the past. If the thing you are processing have been in the internet (public facing) then it’s already in the datasets. And is code or vulns even IP these days? when more and more teams produce code on the fly. What are your opinions? can we solve this?

Tldr: ”I don’t want Anthropic to train on my code/security research data.” • If on consumer, Opt-out of conversation training in the the ui ö under account/privacy) notice this only qualifies for future conversations. • Use a launcher or set these env settings to avoid accidentally sending telemetry data : #!/usr/bin/env bash set -euo pipefail export CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1 export DISABLE_TELEMETRY=1 export DISABLE_ERROR_REPORTING=1 export DISABLE_BUG_COMMAND=1 export DISABLE_AUTOUPDATER=1 # Make sure OpenTelemetry isn't enabled unset CLAUDE_CODE_ENABLE_TELEMETRY exec claude "$@" pro tip: • If in ui, never use the thumb up or down in the chat, since that’s is used for, well training. • use incognito chats Glhf

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!

Privacy Protection Checklist for Security Professionals 🔥 Telegram: https://t.co/upuP8k8ckB Your browser, search engine, email, and even cloud storage can silently leak sensitive data. This guide provides a practical privacy stack used by security researchers and privacy-focused professionals. 🛡️ Covers: 🌐 Privacy-focused browsers 🛜 Secure VPN services 🧩 DNS security & Ad-blockers 📧 Encrypted email providers 🔑 Password managers 🔎 Private search engines 💬 Secure messaging applications ☁️ Encrypted cloud storage Start reducing your digital footprint step-by-step and take back control of your online privacy. 📖 Read the full guide: https://t.co/FD2aTNOgwU #CyberSecurity #Privacy #OPSEC #InfoSec #DataPrivacy #SecurityTips #HackingArticles 🚀

We're giving away all of these hacking devices for absolutely FREE to celebrate hitting 600,000 subscribers on YouTube 🎉 Thank you so much for your love and support 🙏 ✅ How to Enter Follow us on X Comment on this post what you want us to teach next. Repost this to complete your entry! 🗓️ Ends: March 13th 🎁 Each winner will receive a powerhouse kit including: 🔥 ZS Cactus PRO: Combine keystroke injection capabilities, hardware keylogging and Wi-Fi phishing with wireless control. 🔥 ZS Venom PRO: Keystroke injection capabilities and Wi-Fi phishing with wireless control all inside a normal charging cable! 🔥 Atheros AR9271 WiFi Adapter: The gold standard for wireless hacking. It supports monitor mode and packet injection out of the box with rock-solid Linux compatibility. 🔥 Realtek RTL8812AU WiFi Adapter: Need 5Ghz? This dual-band adapter gives you high-gain performance and modern 802.11ac support for auditing high-speed networks. 🔥 Data Blocker: Stay secure on the go. This "USB condom" prevents accidental data exchange and juice jacking when charging your devices in public spaces.