A quick reminder of a few things Mozilla/Firefox have done in the last *checks notes* ~year that I hope highlights that this is not a case of bad messaging but a consistent pattern of hostility: - "Mozilla is going to be more active in digital advertising." - "privacy preserving" Advertising telemetry enabled by default - New T&C demanding a worldwide license (rolled back) & weakened privacy policy to support the above expansion (active) - ""[Firefox] will evolve into a modern AI browser"

My issue with firefox soft forks is that even in their most ideal form, they can only be reactive harm-reduction, and any reasonable fork necessitates compromises that introduce some amount of risk (delayed security updates, compromised trust anchors etc.) Perhaps that is the best anyone can do within reasonable costs. Perhaps the only affordable proactive actions we can take is to reinforce that front against future inevitable assaults. Perhaps that must be enough. I wish it were not so.

Mozilla has a new CEO. Once again iterating that the future of Firefox is AI first, AI by default: "Firefox will grow from a browser into a broader ecosystem of trusted software" "It will evolve into a modern AI browser" "AI should always be a choice — something people can easily turn off." Source:

Mozilla’s next chapter: Building the world’s most trusted software company | The Mozilla Blog

Today, I step into the role of CEO of Mozilla Corporation. It is a privilege to lead an organization with a long history of standing up for people ...

My new hobby is attempting to reverse engineer how something worked from rare archives of building plans, second/third hand interviews, and the occasional archival photograph. This has reaffirmed my belief that people are really bad at determining what information is worth documenting. For the future of the humanity, please consider taking photos from more than one angle.

A topic I would love to read a deep analysis on is how certain actions e.g. blocking, moderation/filtering, "self-deleting" messages etc. transform from passive server-side actions to client active actions in decentralized systems and if/how that breaks down against existing ingrained metaphors and expectations.

Starting to mentally bucket the Rust ecosystem in the same place I bucket the Python ecosystem i.e. "I'll only use it if I have no other practical option, isolated from as much as possible". Trying to work out if this is just the end of a long-honeymoon, or if things have actually gotten that much worse.

Experience has shown me that there is no real way to combat "not even wrong" claims about privacy and security in the secure communications space. Demonstrating critical issues results in hostility and a quick patch that does nothing to fix the underlying systemic issue (at best). Yes I find myself growing tired of holding my tongue while these apps are promoted or, somewhat more dispiriting, held up as models of good privacy engineering. Caveat Emptor?

Definitely a few issues that need to be resolved, but I now have a rough cut of a functional cwtch@fosstodon.org build for Whonix - will aim to get these changes and instructions out in the next nightly! (sorry it took so long to get to this)

Now seems like a good time put it out there that I am available for consulting work, or potentially something more permanent. So, If anyone is looking for a security/software engineer then please get in touch. I have many years of experience in many things from taming legacy systems to reviewing modern cryptographic protocols. I have certified the security of critical systems at top tech companies, and designed new software for startups. Contact information can be found in mastodon bio.