Timely, informative, and engaging. Thanks so much for writing this.
Good to know my natural paranoia wasn't off-base.
I'm a big fan of family safe words. Some notes to share:
1. Creating a safeword (or security phrase) isn't enough. You have to rehearse them at least quarterly, or they'll be forgotten. Especially by those who treat security and trust blithely (which is most people who haven't been victimized).
2. Failing to remember a safeword is okay if you ask a security question in real time. "What was street address of the house back in New York?" The attacker would need a dossier on you to know that the correct answer is "we've never lived in New York."
Security questions suck for login purposes, but will probably work for identity verification in real time.
3. If you're going through the trouble of setting up safewords, you might as well set up a duress code while you're at it. Just in case you're ACTUALLY in a car accident and the other driver is threatening you with a gun. "I'm doing fine, mom. I'm just watching a pack of angry raccoons fighting in the backyard, that's all."
The problem I struggle with is that few people take security (and by extension, ANY preventative maintenance) seriously until something bad happens to them. You can suggest a safe word and a duress code, and they'll mostly follow along to humor you. That is, until a vivid, personal experience convinces them that these abstract disasters don't only happen to other people.
I write a lot about how prevention is boring. When you're doing your job, you're invisible. The only time you hear from people is when they come to blame you for a disaster. You'll never see a KPI for the number of disasters you've prevented. I've resigned myself to the fact that "here's how to prevent major setbacks" will never be as sexy as "here's how to reach for major success." Even if a setback is a wipe-out risk and demolish all that effort you put into success, few people take prevention seriously. Somehow, we see potential disasters as "too abstract/hypothetical" but never see potential success as "too abstract/hypothetical."
This is the kind of post I wish more people would write: mechanisms, not vibes. You are not selling panic, but you are also not selling “we’ll patch it and move on.”
Three points for the win!
First, the family safe word. That is an actual control. Low tech, high leverage, and it breaks the scam’s whole economic model. Callback on a known number plus one absurd phrase beats a thousand “be vigilant” posters.
Second, agentic browsers. The uncomfortable truth is the browser security model assumes page content is untrusted, then we bolt on an agent that treats page content like instructions. That is not a bug. That is a category error. If someone is logged into email or banking and asks “summarize this,” they are one hidden prompt away from turning their session cookies into a remote control.
Third, the identity angle hiding inside the voice clone section. These attacks do not win on technology. They win on urgency and trust. That is why an analog authentication step works so well.
If anyone reading this wants a one sentence policy, here it is. Treat agentic browsers like a hazardous material. Separate machine or separate profile, no real logins, no auto actions. And for families, set the safe word now, before you need it.
There is a serious security crisis underway. I have observed LLMs polluting the system repeatedly across sessions. In the last week, I have seen all major browsers—Chrome, Edge, and Firefox—get compromised in under ten minutes. The impact, and the ease with which it is accomplished, is terrifying.
we’re super glad to hear this. the new browsers are indeed fascinating. i’m still to paranoid to try them outside of my laptop built for testing, but native security will get better and they will be unstoppable
Yep same. I'm writing from the perspective of AI evolving into new neural forms of software and agentic tools (thinking agentic software and UIs) which encompasses browsers and our UX of the net. Hoping to get some more inspo from your content too on this series.
Your comment here on Comet is really interesting! I have a kind of protective paranoia about "new AI" and while things look interesting, I like to sit mid-pack for adoption where it fits. I haven't touched Comet yet and glad now - if you treat it with caution, those of us who have no idea really should too!
They have turned the very tools we use into weapons. Everyday our research uncovers all sorts of new imaginative ways for these guys to exploit legacy and AI systems. When does the Security Industry catch up?
You can talk about air-gapping, encryption, and steganography to fix these security holes. But that adds more complexity and additional points of failure.
The only robust way to operate is to go low-tech. Analog, if you have to.
And practice secrecy. If no one knows, it'll never end up in an AI's training data.
it’s true. complex solutions can work but require smart people maintaining them and constant vigilance. and even then complacency sets in over the years for many places and people.
I have to say though, I think you should prefer a live Tails system (https://tails.net/) over Whonix. The latter relies on virtualisation, which is inherently insecure.
Theo de Raadt's opinion about this on the OpenBSD mailing lists is worth reading:
totally agree. i have an opsec tutorial im working on. i do use tails for anything i consider risky, i have a separate computer and everything for it. but this needed a love demo so whonix was easier to record on!
This is brilliant, Tox. Sorry I missed the live, but thanks for this curation. Please keep these coming, as it's a really helpful addendum to the work that you and Leor are doing.
I had no idea about the triangulation of my location from windows. Thankfully, I stream from either my office, which only has a skylight, or my gym/storage room, which has no windows. Looks like I'm safe.
On a more serious note, digital identity is something that I've been worrying a lot about recently. To some extent, I wonder if the systems that are used on our banking apps are actually becoming less secure rather than more because of the technology that's developing.
Works really well, man, and also the transcripts that Substack provides are absolutely clutch. I don't always have time to watch or listen to videos or recordings, but I can always read through the transcripts. Especially when there's such gold lying there just waiting for me to pick it up. 🙏
Timely, informative, and engaging. Thanks so much for writing this.
Good to know my natural paranoia wasn't off-base.
I'm a big fan of family safe words. Some notes to share:
1. Creating a safeword (or security phrase) isn't enough. You have to rehearse them at least quarterly, or they'll be forgotten. Especially by those who treat security and trust blithely (which is most people who haven't been victimized).
2. Failing to remember a safeword is okay if you ask a security question in real time. "What was street address of the house back in New York?" The attacker would need a dossier on you to know that the correct answer is "we've never lived in New York."
Security questions suck for login purposes, but will probably work for identity verification in real time.
3. If you're going through the trouble of setting up safewords, you might as well set up a duress code while you're at it. Just in case you're ACTUALLY in a car accident and the other driver is threatening you with a gun. "I'm doing fine, mom. I'm just watching a pack of angry raccoons fighting in the backyard, that's all."
this is a fantastic set of practices that would be really useful for anyone to add. great points here, really appreciate the contribution.
The problem I struggle with is that few people take security (and by extension, ANY preventative maintenance) seriously until something bad happens to them. You can suggest a safe word and a duress code, and they'll mostly follow along to humor you. That is, until a vivid, personal experience convinces them that these abstract disasters don't only happen to other people.
I write a lot about how prevention is boring. When you're doing your job, you're invisible. The only time you hear from people is when they come to blame you for a disaster. You'll never see a KPI for the number of disasters you've prevented. I've resigned myself to the fact that "here's how to prevent major setbacks" will never be as sexy as "here's how to reach for major success." Even if a setback is a wipe-out risk and demolish all that effort you put into success, few people take prevention seriously. Somehow, we see potential disasters as "too abstract/hypothetical" but never see potential success as "too abstract/hypothetical."
You call it hope, I call it willful blindness.
This is the kind of post I wish more people would write: mechanisms, not vibes. You are not selling panic, but you are also not selling “we’ll patch it and move on.”
Three points for the win!
First, the family safe word. That is an actual control. Low tech, high leverage, and it breaks the scam’s whole economic model. Callback on a known number plus one absurd phrase beats a thousand “be vigilant” posters.
Second, agentic browsers. The uncomfortable truth is the browser security model assumes page content is untrusted, then we bolt on an agent that treats page content like instructions. That is not a bug. That is a category error. If someone is logged into email or banking and asks “summarize this,” they are one hidden prompt away from turning their session cookies into a remote control.
Third, the identity angle hiding inside the voice clone section. These attacks do not win on technology. They win on urgency and trust. That is why an analog authentication step works so well.
If anyone reading this wants a one sentence policy, here it is. Treat agentic browsers like a hazardous material. Separate machine or separate profile, no real logins, no auto actions. And for families, set the safe word now, before you need it.
thanks again for your support Mark! i fully support people doubling down as treating agent browsers as hazardous materials.
also yeah, the safe word works! we are seeing anecdotal evidence of people using this
The Internet framework is DOA.
There is a serious security crisis underway. I have observed LLMs polluting the system repeatedly across sessions. In the last week, I have seen all major browsers—Chrome, Edge, and Firefox—get compromised in under ten minutes. The impact, and the ease with which it is accomplished, is terrifying.
yeah they are for sure polluting basically everything.
Not me posting recently about how agentic browsers are the next AI wave - https://99fold.substack.com/p/your-internet-browser-is-dying-agents?utm_source=share&utm_medium=android&r=734bz9
But great points in your article. Just came across your page, your content is super. Informative and timely. Subbed.
we’re super glad to hear this. the new browsers are indeed fascinating. i’m still to paranoid to try them outside of my laptop built for testing, but native security will get better and they will be unstoppable
Yep same. I'm writing from the perspective of AI evolving into new neural forms of software and agentic tools (thinking agentic software and UIs) which encompasses browsers and our UX of the net. Hoping to get some more inspo from your content too on this series.
that’s awesome. fascinating topic, i’ll follow you back. i bet we can draw some mutual inspiration!
Your comment here on Comet is really interesting! I have a kind of protective paranoia about "new AI" and while things look interesting, I like to sit mid-pack for adoption where it fits. I haven't touched Comet yet and glad now - if you treat it with caution, those of us who have no idea really should too!
Love the safe phrase mention. We have one too.
that’s awesome glad to see you have one. yeah i only use it on a dedicated “this is dangerous” computer lol!
They have turned the very tools we use into weapons. Everyday our research uncovers all sorts of new imaginative ways for these guys to exploit legacy and AI systems. When does the Security Industry catch up?
we are trying haha. the dev space is so fast east time we catch up there are new spaces to secure
You can talk about air-gapping, encryption, and steganography to fix these security holes. But that adds more complexity and additional points of failure.
The only robust way to operate is to go low-tech. Analog, if you have to.
And practice secrecy. If no one knows, it'll never end up in an AI's training data.
it’s true. complex solutions can work but require smart people maintaining them and constant vigilance. and even then complacency sets in over the years for many places and people.
Fascinating stuff, thanks for sharing.
I have to say though, I think you should prefer a live Tails system (https://tails.net/) over Whonix. The latter relies on virtualisation, which is inherently insecure.
Theo de Raadt's opinion about this on the OpenBSD mailing lists is worth reading:
https://marc.info/?l=openbsd-misc&m=119318909016582
totally agree. i have an opsec tutorial im working on. i do use tails for anything i consider risky, i have a separate computer and everything for it. but this needed a love demo so whonix was easier to record on!
This is brilliant, Tox. Sorry I missed the live, but thanks for this curation. Please keep these coming, as it's a really helpful addendum to the work that you and Leor are doing.
I had no idea about the triangulation of my location from windows. Thankfully, I stream from either my office, which only has a skylight, or my gym/storage room, which has no windows. Looks like I'm safe.
On a more serious note, digital identity is something that I've been worrying a lot about recently. To some extent, I wonder if the systems that are used on our banking apps are actually becoming less secure rather than more because of the technology that's developing.
thanks a ton Sam! so many of us are going live now it’s hard to keep up honestly! it was a great convo. trying to get the chats distilled here haha
Works really well, man, and also the transcripts that Substack provides are absolutely clutch. I don't always have time to watch or listen to videos or recordings, but I can always read through the transcripts. Especially when there's such gold lying there just waiting for me to pick it up. 🙏
transcripts -> highlight key points is great. i’m super impressed with substack lately