Agorist. Counter-economist. Privacy maximalist. Student of OPSEC. Anti-authoritarian. Free speech absolutist. Logician. Ex-Darknet Vendor. Youtuber.

United States
Intel ME (Management Engine) runs below your OS with network access even when powered off. AMD PSP (Platform Security Processor) provides similar backdoor functionality.
85
467
4,088
243,788
The FBI runs more Tor exit nodes than any activist group ever will.
49
260
2,761
138,745
NEVER forget HONEY. Stop using VPNs recommended by retarded Youtubers.
Why is the Nord vpn app 426MB
52
147
2,552
129,781
Replying to @washghost1
Double bird hands means she's about to try and peck us to death with her explanation, which is actually backpedaling framed as 'let me explain because you're stupid, but actually I'm stupid and just don't know it'.
95
131
2,177
39,853
Why do cell towers triangulate your location even in airplane mode? The baseband processor runs independently from your main OS and can be remotely activated.
37
193
1,456
88,688
Every dependency you strip away is a chain broken. Every system you host yourself is territory reclaimed.
45
201
1,364
40,244
GrapheneOS removes Google's tracking while keeping Android app compatibility. Stock Android phones can report your location frequently when location services are enabled.
19
148
1,174
59,545
Border agents copy entire phone contents in seconds using Cellebrite devices. Full disk encryption only protects powered-off devices.
61
195
1,056
108,897
Brave Browser handles 94 million users monthly with zero dependency on Google or Microsoft servers, and Big Tech should be terrified of what this proves. sambent.com/monero-ring-size…
27
104
925
24,332
Why do free VPNs exist when servers cost money? Because they sell your browsing data to the same advertisers you're trying to avoid.
66
138
865
54,901
Mullvad VPN accepts cash payments and doesn't require email addresses. Most VPN companies want your payment details to build customer profiles.
28
77
775
53,478
Your printer adds invisible yellow dots to every page that encode serial numbers and timestamps. These 'Machine Identification Codes' track documents.
25
77
737
49,635
Feds always love talking about who it was that actually got taken down, or who's stuff they stole. It's interesting that there is ZERO mention of the 'who' in this.
The Secret Service dismantled a network of more than 300 SIM servers and 100,000 SIM cards in the New York-area that were capable of crippling telecom systems and carrying out anonymous telephonic attacks, disrupting the threat before world leaders arrived for the UN General Assembly. 📰 Read more about this at secretservice.gov/newsroom/r…
29
55
722
36,872
Whonix runs two virtual machines one for Tor gateway, one for applications. Even malware can't discover your real IP address.
15
92
697
41,512
Your smart TV is emitting ultrasonic beacons that your phone detects, linking viewing habits to your mobile identity WITHOUT YOUR KNOWLEDGE. Cross-device tracking through sound you can't even hear. Welcome to surveillance capitalism. Expose: piped.video/kDMfDN7iuQY
23
205
701
28,386
Here we discuss some basic methods of SSH hardening. SSH Hardening - The Basics A 🧵
15
104
667
86,984
Swapping SIM cards doesn’t hide your phone’s IMEI. Keep reusing the same device and you’re not a ghost, you’re a rerun.
22
90
653
53,468
Based @brave (it's for an article thumbnail coming out on Monday)
11
27
627
17,059
Proton sells “privacy” and kills accounts on a CERT tip. A complaint ≠ court order. Proton is Swiss, CERTs are advisories, not subpoenas. They suspend first, litigate never. They admit thousands of compliance actions. If they wanted to fight it they could, in turn forcing a court order. They didn’t. They folded, same as ALWAYS.
There ya go, @phrack Government complained. Proton complied because they're a legal company and have to remain in compliance.
17
73
560
39,293
piped.video/watch?v=pZiG8r-d… 𝗠𝘂𝗹𝗹𝘃𝗮𝗱 𝗛𝗶𝗱𝗲𝘀 𝗩𝗣𝗡 𝗧𝗿𝗮𝗳𝗳𝗶𝗰 𝗜𝗻𝘀𝗶𝗱𝗲 𝗛𝗧𝗧𝗣𝗦 𝗪𝗶𝘁𝗵 𝗤𝗨𝗜𝗖 𝗢𝗯𝗳𝘂𝘀𝗰𝗮𝘁𝗶𝗼𝗻
17
50
551
27,368
Get it?
Freedom means controlling your own data.
19
22
555
28,515
Why LibreWolf Destroys Chrome and Firefox for Operational Security sambent.com/why-librewolf-de…
36
61
535
35,050
Cloud password managers aren't protecting your data, they're collecting it for profit while making you the product in a surveillance economy that profits from your digital enslavement. sambent.com/vaultwarden-depl…
53
59
540
39,765
PERFECT Zcash post. "Look guys, I got a burrito, totally anonymously" Takes picture of self, with receipt, and puts it on social media. THIS is zcash level intelligence.
68
32
512
70,532
DMA attacks through Thunderbolt ports can read RAM contents directly. IOMMU protection must be enabled in BIOS to prevent PCIe device memory access.
15
73
512
29,560
Acoustic cryptanalysis extracts RSA keys from CPU fan noise during computation. Sound isolation doesn't help when the attack uses electromagnetic emanations.
18
71
518
35,832
Replying to @decoyposts
Unless it's Roof Top Koreans, then it's a win. BRING THEM BACK.
3
21
493
7,044
Your VPN promises no logs but hands data to feds, routes DNS through logged servers, and can't distinguish app traffic. TorVPN provides per-app circuits, virtual DNS endpoints, automatic bridge discovery, and decentralized trust. piped.video/WPwUIMrpQ_0
31
61
469
27,012
Tor exit nodes can see unencrypted traffic but not its source. HTTPS protects content while Tor protects identity, use both together.
13
68
479
20,155
Qubes OS isolates every application in separate virtual machines. One compromised browser can't access your password manager or files.
13
67
474
22,603
Tom didn't use a self-custody wallet. Don't be like Tom.
20
31
426
19,551
New submission. @phrack Congrats @ProtonPrivacy I know @TutaPrivacy will r/t lol. ==Phrack Inc.== Volume 0x11, Issue 0x49, Phile #0x09 of 0x12 |=------------------------------------------------=| |=--=[ PHRACK PROPHILE ON ProtonMail ]=--=| |=------------------------------------------------=| |=---------------=[ Phrack Staff ]=---------------=| |=------------------------------------------------=| |=---=[ Specs Name: Proton AG (formerly ProtonMail) Handle: ProtonMail, Proton Handle origin: "Proton" from CERN proximity marketing AKA: "Swiss Privacy Company" (contested) Country: Switzerland (incorporation) / Global (operations) Website: proton.me GitHub: ProtonMail (selectively open source) Founded: 2013 |=---=[ Background Proton Mail launched in 2013 riding the Snowden wave, marketing themselves as the "secure email" solution based in privacy-friendly Switzerland. Founded by CERN scientists, they leveraged that academic credibility hard. Initial crowdfunding raised $550k from privacy advocates who believed the pitch. The reality check started September 2021 when they logged French climate activist IP addresses for Swiss authorities, contradicting their "no logs" marketing. They retroactively edited their privacy policy after getting caught. Their defense? "We never said we don't log IPs under legal orders" - except they literally did in their marketing materials. |=---=[ Technical Architecture Client-side encryption using OpenPGP.js - except: - Webmail serves JavaScript that could be backdoored per-user - Mobile apps are closed source blobs - Bridge software for desktop clients: partially open - No reproducible builds for verification - Zero-access encryption claim relies on trusting their servers The "Swiss privacy" angle? Switzerland has mutual legal assistance treaties (MLATs) with 70+ countries. They're also not EU, meaning no GDPR protection. Their Zug incorporation is more about taxes than privacy. |=---=[ Compliance Track Record 2021: Logged French activist IPs, led to arrests 2022: Suspended accounts flagged by Europol without user notification 2023: Confirmed providing recovery emails to authorities 2024: Implemented automated scanning for "illegal content" 2025: Mass suspension of Korean journalists/whistleblowers (June) 2025: Account terminations without explanation (August-September) Pattern: Claim technical inability to comply, then comply anyway when pressured. Their transparency reports show thousands of data requests honored annually. |=---=[ The Whistleblower Problem August 15, 2025: Proton disables account used by anonymous source providing documentation about Korean government surveillance programs. August 16, 2025: Multiple journalists report suspended accounts after receiving leaked documents about Ministry of Unification operations. Proton's response: "Terms of Service violation" with zero specifics. Appeals process: Kafka-esque bureaucracy requiring government ID to restore "anonymous" accounts. The KISA (Korea Internet & Security Agency) connection appears in their compliance logs but Proton refuses to confirm or deny specific government requests. Classic transparency theater. |=---=[ Business Model Reality "Free" tier: You're the product being sold as "privacy-conscious users" Paid tiers: $120-360/year for basic functionality VPN bundle: Separate subscription because synergy is expensive Drive/Calendar: Half-baked addons to justify price increases Venture funding: $17M from Charles River Ventures and FONGIT Translation: Your "privacy company" answers to VCs who need ROI. Marketing budget dwarfs security audits 10:1. They spend more on YouTube sponsorships, than on reproducible build infrastructure. |=---=[ Security Theater Examples "End-to-end encrypted": Only between Proton users. External email? Plaintext. "Zero-access encryption": They generate and store your private keys. "Anonymous signup": Requires SMS or payment verification. "Onion site": Serves the same backdoorable JavaScript. "Open source": Core components only, apps remain closed. PGP implementation quirks that break compatibility with standard clients because "enhanced security" sounds better than vendor lock-in. |=---=[ Alternative Reality Check Proton positions itself as the privacy alternative while: - Operating centralized infrastructure (single point of failure/surveillance) - Requiring trust in their good intentions - Actively complying with government requests - Preventing users from verifying security claims - Marketing to dissidents while cooperating with their prosecutors Real alternatives require: - Self-hosted infrastructure - Federated protocols - Client-side encryption with user-controlled keys - No single entity controlling the service |=---=[ The 2025 Incident Analysis The pattern is clear: Proton receives government request, suspends accounts, claims ToS violation, provides no evidence, demands government ID for appeals. The infrastructure knows who you are (payment info, IP logs under "legal compulsion", device fingerprints) while marketing anonymity. When confronted, they pivot to legalese about Swiss law requirements while continuing to market themselves as the privacy solution. The cognitive dissonance is profitable. |=---=[ Bottom Line Proton Mail is security theater for people who want to feel protected without doing the work. They're a centralized email provider with good marketing and selective compliance with government requests. Using Proton for sensitive communications is like using a "privacy VPN" that logs everything - technically encrypted, practically surveilled, definitely not what was advertised. Want actual security? Run your own infrastructure. Can't? Then understand you're trusting someone else's promise, and Proton has repeatedly shown their promises are marketing copy, not operational reality. The Swiss privacy paradise is a myth. Proton is just Gmail with better marketing and higher prices. At least Google is honest about reading your email. |=---=[ References - Swiss Federal Act on International Mutual Assistance in Criminal Matters - Proton Transparency Reports (note the careful wording) - Case No. 2021/7689 (Paris Court of Appeal) - MLAT agreements database - Their own blog posts contradicting their marketing - Warrant canary: Conspicuously absent Kill the mythology. Email is fundamentally broken for privacy. Proton is just monetizing the cope. |=-------------------------------------------------=|
Hey @ProtonPrivacy, why are you cancelling journalists and ghosting us. Need help calibrating your moral compass❓ First therapy session is for free 😘 Regarding phrack.org/issues/72/7_md#ar…
21
103
444
42,269
Cloudflare sees more encrypted traffic than most governments.
6
38
433
25,103
Twitter for the Darknet. No bullshit ID rules apply. pitchprash4aqilfr7sbmuwve3pn… or pitchzzzoot5i4cpsblu2d5poifs…
10
48
424
26,584
This is one of the most Reddit things I've seen Reddit do.
Reddit just banned the "All Opinions Accepted" subreddit.
10
28
411
12,100
Replying to @LeadingReport
It's about time considering the fact that hundreds of them have been prosecuted for crimes while simultaneously never stopping a terrorist or criminal themselves.
6
2
420
34,116
Fuck that Use Monero.
our bitcoin for signal campaign has been a huge success - sparked imagination: bitcoin should be what powers freedom tech - proves that bitcoin use can be perfectly privacy-preserving - shows cashu engineering's excellence: we shipped a working demo for ios & android
13
23
408
27,577
These dudes sound like women. I was waiting for one of them to scream.
4
371
8,929
Your phone's accelerometer data reveals what you're typing through vibration patterns. Apps can read keystrokes without accessing your keyboard.
13
55
374
17,346
Your smart TV records conversations and sends them to manufacturers. Roku, Samsung, and LG privacy policies admit to 'improving voice recognition.'
21
81
376
20,835
Replying to @klaw1991
There were no weapons jackass. NOBODY says there were. Not Israel, and not US Intelligence. Ton's of people hate the US, it's not a justification for anything.
3
9
351
7,087
Researchers extracted 2048-bit RSA keys using ONLY fan noise recordings. Not theoretical: PROVEN. A few minutes of acoustic data = your encryption keys compromised. The crypto wars just got acoustic. Mind-blowing proof: piped.video/kDMfDN7iuQY
26
73
361
34,407
Replying to @LubaRaphael
20
18
338
24,905
Have fun with that.
26
36
345
10,635
I figured @ProtonPrivacy CEO/Founder would be able to at least point out how I was misinformed. Nope. Calls it ridiculous (not wrong lol), and hides behind ToS. CERTs have zero legal authority. GovCERT.ch's own site says 'coordination and support'.... they cannot compel action. You voluntarily complied. You don't even know if it was 'spam or malware' , that 'or' exposes you took CERT's word without verification. (or made this post with no clue) Your transparency reports omit CERT-triggered terminations. You're hiding government-prompted takedowns from the exact report meant to track them. @phrack says they tried appealing repeatedly and were met with silence. Where's their appeal record? 'We investigated' without proof while the CEO can't specify the actual violation lol.
Honestly, this is a ridiculous take. We investigated, verified the tip, and enforced our ToS. For example, spamming or sending malware is against our ToS, if you do it, we have to shut you down, even if nobody went to court against you.
12
36
345
63,636
Replying to @blader
Proving that political parties are fucking retarded. It's not red vs blue it's the state vs you.
3
7
342
16,305
Email headers contain your IP address, mail client, and routing information. Even encrypted emails leak metadata about sender and recipient.
9
45
335
17,225
I've said it before and I'll say it again:
🚨🇺🇸 Alleged Sale of 348,000,000+ Discord Scraped Messages A threat actor claims to be selling a massive dataset of over 348.3 million scraped records from Discord servers, primarily affecting users in the United States, France, and Russia. The alleged leak consists of 348,392,718 entries and includes fields such as user_id, username, display_name, nickname, message, guild_id, channel_id, message_id, reply_id, and timestamp. The data spans from April 2024 to February 2025.
30
40
314
93,937
Why do privacy coins get delisted while surveillance coins get ETFs
34
27
314
18,789
Your phone's Bluetooth and WiFi can detect nearby devices and be used to track social interactions. Apps can map your relationships through various sensors.
5
61
329
16,468
I2P is vastly underused. It enables anonymous hosting. It strengthens darknet routes. It avoids clearnet leaks. #I2P #Darknet #Anonymity
16
37
320
13,814
A black market will be created, and it will become 100x more profitable. That's how it works when you make things illegal that many people want. In unrelated news: congrats to drugs in winning the war on itself the Regan introduced.
Total porn ban proposed by Michigan lawmakers The bill also includes a section that takes aim at transgender individuals by prohibiting material > "that includes an individual of 1 biological sex imitating, depicting, or representing himself or herself to be of the other biological sex."
21
49
326
12,077
Your car's GPS system stores every location you've visited. Newer vehicles upload this data to manufacturers who sell it to insurance companies.
28
87
312
19,357
Hardware wallets still leak transaction data through node connections.
13
32
326
27,005
Hardware wallets keep crypto keys offline but still leak transaction data to blockchain explorers. Use coin mixers before and after storage.
22
32
317
26,103
Blocking @SimpleXChat here's why: I spent days breaking down federal surveillance laws with them in the comments, many of you know this already. Hours explaining how they work in court. Real statutes, with how things play out IRL. They said: "There are no laws that criminalize privacy." I documented them. They called me: "An enemy of privacy." because I disagreed with them. A privacy company denied these laws exist, then attacked me for proving they do, after they told others to 'get educated' to the fact they don't exist. They said: "None of your examples are laws." U.S. Code sections, federal statutes they're literally laws, once they get logically stomped out they move on to the next thing they can comment on only to have the same thing happen. They claimed I said "executive orders are laws" and "guidelines are laws." I asked for screenshots. Never provided them because I never said it. They invented arguments to attack, this has been there MO from the get go. They said: "There are no laws that criminalize privacy." Then: "Of course there are myriad of laws trying to restrict it." Days of good faith effort. Citations, explanations for things you don't see like how they weaponize conspiracy charges (I had them), and they would simply say that I was wrong and run away. When a privacy company attacks you for exposing privacy threats they claim don't exist, the conversation is over. I'm not wasting any more time explaining things to someone who doesn't want to understand them.
37
29
329
36,897
SimpleX Chat uses temporary anonymous identities for each conversation. No phone numbers, usernames, or permanent identifiers required.
10
54
317
16,651
Zcash VS Monero in a picture. What are YOU choosing?
42
13
303
34,119
KYC exchanges are honeypots with withdrawal fees.
13
47
294
12,346
Why You Never Rob Cancer Patients in Front of the Internet, AND Why Steam Sucks, And the People Who Hunted the Thief down piped.video/watch?v=dOrjOPBR… Wall of hero's/hunters at: sambent.com/why-you-never-ro… or (all of the following had a hand in being awesome, and the best part of humanity in general: @vxunderground @downsin @C4L38 @John5725424446 @andreee_eeeeee @escrow_ @zachxbt @SolJakey @notsoeasymoney
13
50
305
13,569
Your WiFi name broadcasts your router model to everyone in range. Default names like 'NETGEAR-5G' tell attackers exactly which exploits to try. Change it.
10
38
302
19,793
Replying to @Dexerto
It's about control not fake child abuse. That same talking point is so worn out now even the normies don't buy it.
5
8
291
28,687
I2P vs Tor: Why Garlic Routing Offers Better Anonymity for Darknet Markets sambent.com/i2p-vs-tor-why-g…
8
57
296
14,221
TEMPEST attacks read electromagnetic emissions from your keyboard cables. Shielded USB cables reduce this attack vector but fiber optic connections eliminate it entirely.
8
37
296
12,174
Replying to @TaraBull
DID THE FARMER WHO GREW THE FOOD GET A TIP? DID THE SLAUGHTERHOUSE PACKAGER? DID THE TRUCK DRIVER? No. But the bitch who walks with it for 15 feet thinks she's 'entitled' to someone else's money. "Serving" is your job - if you don't like the pay, find another job.
71
7
293
8,412
Use X without an account. xcancel.com/ #osint #x #twitter
17
47
291
20,700
Your "zero-access design" claim is a lie, you absolutely can see account content when emails arrive from non-Proton users, which is the majority of email traffic, But I'll get back to that in a minute... @phrack has been around longer than Google, and are OG's in the hacking scene that predate even social media wtf did you think would happen? You're CEO responded earlier, so there 100% was a 'chance to respond' so that's another lie, also it's not like all this came about 10 minutes ago. The CERT excuse is hollow, CERTs issue advisories, they don’t order account suspensions as they are not law enforcement. By you're own admission you killed the accounts because CERT complained, and that's even worse, IF you couldn't see the context of the messages. Proton chose to act on an unverified tip and then tried to frame it as an unavoidable mandate. You scan, filter, and process plaintext messages before encryption, giving you complete visibility into correspondence from Gmail, Outlook, and every other external provider. Your spam filtering system literally requires reading message content to function, proving you have routine access to user communications. Stop hiding behind "zero-access" marketing when you demonstrably possess the technical capability to read most emails passing through your servers, the same capability you just used to identify and disable accounts based on their activity patterns.
Proton sells “privacy” and kills accounts on a CERT tip. A complaint ≠ court order. Proton is Swiss, CERTs are advisories, not subpoenas. They suspend first, litigate never. They admit thousands of compliance actions. If they wanted to fight it they could, in turn forcing a court order. They didn’t. They folded, same as ALWAYS.
5
44
292
16,375
fuck off.
14
23
285
9,971
"nothing at all" Correction: nothing for you.
I have two Amazon Echos that I never use, but they apparently burn gigabytes a day of bandwidth doing nothing at all...
8
24
284
13,179
Tor is broken at the infrastructure level. Princeton researchers have proven that BGP routing attacks can unmask millions of users, and Tor still hasn't addressed the issue 9 years later. Watch how your anonymity dies: piped.video/XDsLDhKG8Cs #Tor #Privacy #BGP #Anonymity #InfoSec
17
49
274
17,512
Replying to @Cobratate
7
16
298
46,391
Remember when the CIA recommended using Signal (quote on blog)? That was fun. Signal just launched paid backups designed by Facebook's former surveillance architect. The same company that stored desktop keys in plaintext for 6 years now wants $1.99/month to store your messages on their servers. piped.video/lxNOpIwjTxo
21
39
274
17,873
sambent.com/tor-browser-15-s… Tor Browser 15 Strips AI, Patches Critical Exploits
10
36
270
10,321
Monero's ring signatures mix your transaction with 10 others by default. (can't wait for FCMP++)
14
24
265
14,620
Tor Browser 14.5.8 shipped with critical security fixes backported from Firefox 144, plus updates to core anonymity infrastructure. The Tor Project released the update on its download page and distribution directory. sambent.com/tor-browser-14-5…
2
32
264
8,547
Time to stop using Discord
21
35
254
28,299
Replying to @IceSolst
You can ban anything, and people will comply. They banned going out of your own house during COVID and the the sheep did as they were told.
7
2
264
7,798
BITCOIN HOLDERS WILL GO TO JAIL
9
22
259
13,927
it saves everything in plain text. also anything anyone sends, you automatically download.
this looks very cool: tryquiet.org/
15
20
263
14,995
Garlic routing in I2P uses multiple layers of encryption per packet, unlike Tor's onion routing. Each 'garlic clove' contains multiple messages to obscure traffic patterns.
10
43
259
7,800
While Google Docs reads everything you type, CryptPad's XSalsa20-Poly1305 encryption and Nakamoto-style consensus protocol ensure the server never decrypts your documents. sambent.com/cryptpad-zero-kn…
9
45
264
10,297
Hey, here is how clueless you are. This is the first marketing EVER done by Monero. People in Monero, that have been using for years don't care about 'investors' or 'feelings' or pumps or ANY of that surface level nonsense. They care about privacy. It's that simple.
9
34
265
12,613
Replying to @elonmusk
Left vs right is tribalism that panders to the class of people one step above gangs. It's why you see billionaires, and the actual Politian's switch sides, be everyone else is supposed to be loyal. It's a fake choice.
27
22
251
66,239
Bisq enables peer-to-peer Bitcoin trading without KYC requirements. Centralized exchanges report every transaction to tax authorities worldwide.
14
31
260
12,283
Haveno enables peer-to-peer Monero trading without centralized exchanges. No KYC requirements or transaction monitoring systems.
9
56
351
13,303
Replying to @DarkWebInformer
Watch it be more malware lmfao
4
236
46,889
OnionMasq creates VPN-like behavior by trapping applications in kernel-isolated sandboxes where only Tor-routed network interfaces exist, eliminating the bypass vulnerabilities that plague proxy-based solutions. Based. sambent.com/onionmasq-tors-e…
5
43
245
11,291
Replying to @White_Ghost187
Dude just tried to extort you and your shaking his fucking hand and calling him 'bro'. Delusional.
7
3
226
5,458
IPFS creates decentralized file storage that can't be censored or taken down. Your files distribute across thousands of nodes worldwide.
18
39
244
9,536
Replying to @wilderko
Criminalizing privacy is criminal.
6
16
229
3,770
VPN kill switches fail during timing windows while DNS leaks occur through multiple system-level bypass mechanisms. sambent.com/the-technical-re…
17
35
237
16,932
Syncthing connects your devices directly to each other, eliminating corporate surveillance while navigating complex network security challenges that most users never consider. sambent.com/syncthing-mesh-s…
6
38
234
9,092
Replying to @g_abe0
It's not paranoia, if you have seen it used as an exploit. (it has been) The difference is between knowing and not knowing.
10
9
252
41,809
Monero's stealth addresses generate unique payment addresses for each transaction. Bitcoin address reuse links all your payments together forever.
7
39
231
9,372