The non-aggression axiom isn’t a passive philosophy, it’s a direct confrontation with systemic coercion.
That's the good part - they don't.
Communities, charities, and contracts thrive when individuals freely associate, without the state’s parasitic interference.
Phone is in greyscale and night and wearing red glasses...
So there is no red circle
lol
I did mute 100k which goes a long way, biut as you say will be obsolete soon.
I wish there was a smart way to mute all price talk.
🚨NEW INVESTIGATION: We just forensically unmasked #Paragon 's Apple spyware.
Zero-click targets: Journalists. In 🇪🇺Europe.
Like 🇮🇹Italian reporter Ciro Pellegrino
Reopen's #Italy's spyware scandal.
Follows our earlier Citizenlab investigation of Paragon Android spyware.
BACKGROUND
Back in April, #Apple sent out a threat notification to a select group of users. Some got in touch with us to get analyzed.
WHAT WE FOUND
They'd been targeted with a sophisticated zero-click attack (think: no click, no attachment to open, no mistake needed...).
While my brilliant colleague Bill Marczak was working on the phone of a prominent European journalist, he made a smoking gun discovery:
Requests to server matching our P1 fingerprint for #Paragon's graphite.
Paragon's 'undetectable' Apple spyware had just been found... Just as we'd found their Android spyware some months ago.
The prominent European journalist had another spicy indicator on their iPhone logs:
An iMessage account belonging to a particular #Paragon customer...used to deploy this zero-click attack.
We call this account ATTACKER1. We'd find them again in short order...
Earlier this year we uncovered #Paragon's Android spyware after #WhatsApp notified a group of users they'd been targeted with Paragon.
One of the notification recipients? Journalist Francesco Cancellato
His outlet http://fanpage.it had done bombshell reporting that displeased the Italian government.
Then, in April, his colleague Ciro Pellegrino also gets a notification.
His is from Apple (Cannot overstate how helpful these notifications are)
We analyze Ciro's iPhone & forensically confirm he's a Paragon target.
And we find the ATTACKER1 iMessage account again!
ITALIAN DRAMA
This week #Paragon and #Italy have been locking horns over the case of Francesco Cancellato. Paragon doesn't want to be stuck w/unexplained abuses against journalists.
I think Paragon likely want to be able put to it on a customer & wash hands...
But when your customer is a government... they clap back. So Italy has been threatening to declassify things like Paragon's testimony to their intelligence oversight committee. Spicy.
BIG QUESTION
We're left with a big question: who's hacking European journalists with Paragon?
Who targeted Francesco & Ciro?
Right now they have no answers.
Bad look for Paragon. Bad look for Italy.
Curious what Paragon knows about that server...
BIG PICTURE
Paragon's marketing was the 'clean' & stealthy opposite of NSO Group.
Yet Paragon's Apple and Android tech got caught.
And they can't shake a spyware abuse scandal.
Conclusion: the problem isn't just a few bad apples, abuse is axiomatic.
And discovery is a matter of time.
APPLE USERS:
One bit of good news, Apple tells us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1.
That's #CVE-2025-43200 for the curious.
Make sure to keep your iPhones up to date. And get in touch if you get one of these advanced threat notifications.
OUR FULL REPORT: https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
Curious if nostr:nprofile1qqs9g69ua6m5ec6ukstnmnyewj7a4j0gjjn5hu75f7w23d64gczunmgpz4mhxue69uhhyetvv9ujumt0wd68ytnsw43q4gnztg hardenings would be susceptible to this and similar attacks by Pegasus and Paragon?
The state’s "anti-corruption" rhetoric is performative. Its very structure: taxation, conscription, and monopoly, relies on institutionalized corruption, protected by legal immunity.
We're going to be moving forward under the expectation that future Pixel devices may not meet the requirements to run #GrapheneOS (https://grapheneos.org/faq#future-devices) and may not support using another OS. We've been in talks with a couple OEMs about making devices and what it would cost.
In April 2025, we received leaked information about Google taking steps to strip down the Android Open Source Project. We were told the first step would be removal of device support with the launch of Android 16. We didn't get details or confirmation so we didn't prepare early.
We spent most of May preparing for the Android 16 release. Due to our extensive preparation work, our initial port to Android 16 has been completed and is being tested in the emulator. We could have published experimental releases yesterday if this was a regular AOSP release.
Due to AOSP no longer having device support, we need to build it ourselves. We can start from the Android 15 QPR2 device support, remove the outdated code and update the configurations. We have tooling to automate generating device support setups which will need major expansions.
Since our port to Android 16 is going to be delayed by a week or more, we're in the process of backporting the Android 16 firmware/drivers released on June 10 to the previous releases. This is not something we can do in general so we still need to port to Android 16 this month.
Despite our lead developer who has done 90% of the ports for several years being conscripted into an army, we were still able to complete the initial port to Android 16 in under 2 days, but without device support. Our extensive preparation in April and especially May paid off.
It's important to get an experimental release out quickly to begin extensive public testing. There are usually many issues found in testing. For a yearly release, we usually get out an experimental release in a day, an Alpha channel release in 2 days and need 4-6 more releases.
Google has released a statement claiming AOSP is not being discontinued. This should be taken with a grain of salt, especially considering that they made similar public statements recently followed by discontinuing significant parts of AOSP on June 10.
https://x.com/seangchau/status/1933029688202703062
Google is in the process of likely having the company broken up due to losing an antitrust lawsuit from the US government and being in the process of losing several more. There's a high chance of Google losing control of Android in the next couple years.
https://www.nytimes.com/2025/04/21/technology/google-search-remedies-hearing.html
The leaked information we received in April 2025 indicates that the reasoning they're making substantial cuts to Android is primarily cutting costs, perhaps in anticipation of it being split from Google. The courts should investigate Google's recent changes and cuts to Android.
I hope my next phone is not a google hardware! Looking forward to see what the hardware spec would look like from you.
Also, yet another state intervention that wreaks havoc...
With monopoly I mean the coersive exclusion of new entrepreneurs to provide a good or service.
The state has the monopoly to print fiat money, if there were no printing monopoly, everyone would print and the price of fiat would go towards the cost of production.
Cyberspace is a shatter zone where refugees gather.
Monopoly is the root of all evil.
Even if a majority votes to seize land or regulate labor, such acts violate the non-aggression principle and individual sovereignty.
If you could be more and better than you ever thought you could, would you do it?
The idea that "we are the government" in democracies is a logical trap. Majority rule doesn’t make expropriation voluntary.
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqklkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qq7hjgu We need our own hardware for multiple reasons. Being able to leverage it to get early access isn't one of the reasons we're talking about it here. It wouldn't give us early access direction, although being partnered with an OEM with early access could likely be used to get it ourselves. The main reason we need our own hardware is so we have a 2nd hardware platform meeting our requirements instead of only having a single option.
Very much looking forward to a hardware you design!
Building the Second Realm requires a deep understanding of the state's mechanisms of control and the development of effective counter-strategies.
One proxy merchant gets you a long way!
You can just do 50 things.
Pay by sticker…
#nostr #safebox
https://video.nostr.build/9c34eca57abb96a761d1f4f7e2c6f815c0311c53169366ecc5cabd04c644f73e.mp4
Cypherpunk future is now.
GM
Bitcoin im Wandel: Cryptoeconomics und die Geldkandidaten der Zukunft (mit nostr:nprofile1qqst0mtgkp3du662ztj3l4fgts0purksu5fgek5n4vgmg9gt2hkn9lqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhszrnhwden5te0dehhxtnvdakz72agcaj)
Im ersten Teil besprechen Max und Manu das Buch Cryptoeconomics. Im zweiten Teil ab ca. Minute 44 geht es dann um folgende Geldkandidaten:
#Bitcoin
#Tether
#Monero
#Digitaler Euro
Wer macht das Rennen die nächsten Jahre und welche Probleme ergeben sich?
Viele spannende Fragen, viel Spaß beim Hören
Danke für das Gespräch, ist immer gut über Cryptoeconomics zu sprechen!
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq2rrvutnfeu9677d4yjytypqccjn0njnm6zkx2j6xyn2uqfw02ldsl7kgqj nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqwsv8hw7e6vprpjl47rfq7k8qsrlscnm7vzkwlzf3kvyf8xnmk4cqnpm40s We didn't make a bridge. We plan to eventually make a Nostr account but lack the time to deal with another platform.
I guess most of the engagement of the Graphene account is actually coming from nostr.
There's no need for you to post on nostr too, that gets handled automagically by the existing bridge.
What is missing however is a lightning address for easy donations on each post. nostr:nprofile1qqsqgc0uhmxycvm5gwvn944c7yfxnnxm0nyh8tt62zhrvtd3xkj8fhgprdmhxue69uhkwmr9v9ek7mnpw3hhytnyv4mz7un9d3shjqghwaehxw309aex2mrp0yh8qunfd4skctnwv46z7qgewaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmp033tada is there a way to do this for a bridged account?
The gold standard is a relic of the past, abandoned by governments seeking more control over the economy and the value of money, but at what cost?
Central banks have flooded the market with newly printed money, diluting its value and sparking inflation, a silent tax on citizens' savings.
The rise of fiat currency has given governments unprecedented power to shape and manipulate the economy.
The tax system is a labyrinth of complexity, with governments using tax policies to influence behavior and redistribute wealth.
Do you know any saw players on here nostr:nprofile1qqswavgevxe9gs43vwylumr7h656mu9vxmw4j6qkafc3nefphzpph8spzdmhxue69uhhwmm59e6hg7r09ehkuef0xszpr6 nostr:nprofile1qqsgsp3h9t6329dlfthcqu53h9jg06scymykdf2ed09gv6tmtk9j80qpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhs6ktqes nostr:nprofile1qqstn5pvhr7aavv3wq0vqeywxlk376hm5f37qps0cpsfnf3g28f9upqpzdmhxue69uhhwmm59e6hg7r09ehkuef0g7g4vh?
The war on cash is a war on freedom. It's a attempt to force us into a digital straitjacket, where every transaction is tracked and controlled.
The state doesn’t create wealth, it appropriates it. Bureaucratic redistribution drains society, funding wars and surveillance instead of public needs.
The modern gentleman carries a powerbank instead of a handkerchief.
Crimes should be met with restitution and punishment that is proportional to the offense.
First Nostr message. In here because of nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt
You can get a lightning invoice for example at npub.cash and add it in your nostr profile to receive zaps from people who like your content.
First Nostr message. In here because of nostr:npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vt
Great to see you here Dendi!
Feel free to write a post with some of your backstory and #introduction, lots of people are watching this hashtag to welcome new nostriches.
nostr:nprofile1qqsg8kve59yxyhpa9wupntesvnq0dgfd0k5g769jc6fzrua8gct36xgpz9mhxue69uhkummnw3ezuamfdejj7wag4rv SEC05 is happening Sep 01 - Oct 10, sign up and join the pirate gathering!
I kinda want to keep the conversation more focused on nostr, that hasn't been mentioned on his show so far.
This is what I wrote about back in 2021 if you want to take a look: https://rossulbricht.medium.com/decentralize-social-media-cc47dcfd4f99
The basic idea is that users would pay for content delivery, but it would happen under the hood at the protocol level and be super cheap and plentiful because of node competition (I called them "content servers" back then). Your average user wouldn't know or care about it, wouldn't have to shop around for private nodes or run their own.
What you're describing is very similar to NIP90 data vending machines:
"This NIP defines the interaction between customers and Service Providers for performing on-demand computation.
Money in, data out."
All acts serve the self, even charity. Denying this breeds hypocrisy, not virtue.
Test altruism: live wholly for others. The crushing guilt and exhaustion will reveal its lie.
Never threaten, act. Silent efficiency terrifies them more than bluster. Let results speak.
Research on the benefits of cross input signature aggregation.
https://hrf.org/latest/cisa-research-paper/
• CISA lets multiple Schnorr signatures from different inputs be combined into a single signature, significantly cutting transaction size and saving fees.
• By making multi-input transactions cheaper, CISA incentivizes and normalizes usage of collaborative privacy tools like CoinJoin and PayJoin instead of normal transactions, strengthening user anonymity while also improving network efficiency.
• Businesses can enjoy significant savings particularly for consolidation transactions which should counteract UTXO set growth and speed up adoption by exchanges and ecommerce.
• There is no singular CISA concept, there are different aggregation modes (full and half aggregation) and scopes (transaction-wide and block-wide) and their trade-offs need to be weighed for an upcoming proposal.
• CISA requires a soft fork and further cryptographic research is needed for a proposal that maximizes the benefits for the network.
Introducing Nostringer - unlinkable ring signatures (SAG) for Nostr pubkeys.
Instead of doing some Ghibli stuff I implemented a prototype of unlinkable ring signatures for Nostr.
It's using Monero style Spontaneous Anonymous Group signatures (SAG).
What does it enable ?
Ring signatures allow multiple members of a group to sign a message without revealing which member actually signed it.
I explored this after chatting with nostr:nprofile1qqsydl97xpj74udw0qg5vkfyujyjxd3l706jd0t0w0turp93d0vvungpzpmhxue69uhkummnw3ezumt0d5hszythwden5te0dehhxarj9emkjmn99ujcnqad who wants to use this concept for WalletScrutiny. Basically his idea would be to let users write reviews as accredited wallet developers. Because of the competition between wallets it's better to not disclose who posted a review.
It would be sufficient to know that it was posted from someone belonging to a group of accredited developers.
Checkout the demo and repo in the links below.
Live demo: https://nostringer.starknetonbitcoin.com
What's the signature size for different ring sizes?
Via duplication and redundancy, let 1000 TAZ bloom
Heroes don’t follow orders—they resist them.
Modern pollen analysis can geo-locate within 10 square kilometers. Regularly vacuum car interiors and change HVAC filters during migrations.
Legal minimalism prevents overreach. Define essential rules, then let practice refine applications case by case.
Rulers hate cyberspace, the first realm where their permits hold no power.
An objective ethics based on human nature supports individual rights and freedoms, opposing state coercion.
Amnesty International’s Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. #GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them much earlier.
Each of these is an upstream Linux kernel vulnerability:
* CVE-2024-53104: heap overflow in a Linux kernel USB webcam driver
* CVE-2024-53197: heap overflow in a Linux kernel USB sound card driver
* CVE-2024-50302: uninitialized heap memory in a Linux kernel USB touchpad driver
GrapheneOS blocks reaching any of these vulnerabilities for locked devices through our USB-C port and pogo pins control feature disabling new connections at a hardware level and a software level after locking along with disabling USB data in hardware too:
https://grapheneos.org/features#usb-c-port-and-pogo-pins-control
CVE-2024-50302 is benign on GrapheneOS. For both the kernel and the rest of the OS, we use the combination of use zero-on-free and either zero-on-allocate or a write-after-free check at allocation time. On devices with hardware memory tagging (MTE), it's done as part of tagging.
CVE-2024-53104 and CVE-2024-53197 are both kernel heap overflows in slab allocations. We provide improved defenses against these attacks in multiple ways covered in the kernel section at https://grapheneos.org/features#exploit-mitigations. Our defenses in userspace are far stronger due to hardened_malloc.
We recently enabled hardware memory tagging (MTE) for Linux kernel after over a year of deploying it for userspace via hardened_malloc. It provides an approximation of memory safety which can be improved over time. It requires hardware support exclusive to 8th/9th gen Pixels.
GrapheneOS shipped patches for these 3 vulnerabilities significantly before the stock Pixel OS or inclusion in an Android Security Bulletin through shipping the latest Linux kernel GKI LTS releases. However, what really matters is we prevented them being used before discovery.
We have a recent post at https://grapheneos.social/@GrapheneOS/113961075324902277 covering how we've significantly improved our defenses against forensic data extraction since January 2024. It covers a lot more than what we talked about here and we recommend reading it along with our features page covering more.
Solid work guys!