Zsubmariner

@GHOST is this on your radar? https://youtu.be/aeXIgKuX_zY

In a pair of remarkably similar attacks, Princeton and Harvard employees were socially engineered, granting access to DBs with PII on hundreds of thousands of alumni, donors, students, faculty, parents, and staff (November 10+18, 2025). One employee in each case was tricked into granting full access to Alumni/Development records. Names, emails, phones, addresses, fundraising/biographical data across unrelated groups. Full scope unknown, probes ongoing. Zsub fixes this. No more "one employee hands out a password and opens the floodgates." - No password to give out, can require multiple attestations with verifications to get credentialed. - Even if granted, fraudulent access contained: attestations tied to specific uses and expire automatically via rotation, blocking pivots to other data. Actually zero trust, just like Bitcoin. Not your keys, not your network. Read our white paper. https://zsubmesh.net

Sha1-Hulud malware compromised npm packages via phished maintainer creds, stealing developer tokens for repo alterations, propagating itself (November 21, 2025). Malware in preinstall scripts ran on install, scanned for GitHub/NPM/cloud creds, used them to inject code into victims' repos for propagation; hit 25k+ repos with theft, destruction, and supply-chain ripple. Zsub fixes this. No more scooping up loose credential and reusing them all over the place. - Phishing for creds much tougher: Requires user actions and multiple factors like device control, pins and physical taps. - Spread halts: Dedicated keys and real-time interactions contain the mess and limit chain reactions. - Even if a device gets fully owned and in-use keys stolen: They're limited to short-term use on specific connections, with automatic rotation expiring them quickly, stopping long-term abuse. Actually zero trust, just like Bitcoin. Not your keys, not your network. Read our white paper. https://zsubmesh.net

Love the spirit, but I don't think "just say no" is going to work against #DigitalID. I think we're going to have to build the thing that beats it. https://youtube.com/shorts/_UwHtxnRMCw

Chronic bad weather over nothing-to-see-here, I presume

Gm! ☕ Presented "Defeating Digital ID" to Bitdevs last night. Excellent reception! Here's the slides: https://zsubmesh.net/bitdevs/ In this talk we explain what Zsub is, how it works and how it stacks up as a #DigitalID killer, against the criteria for pefext SSI laid out in Christopher Allen's recent Tabconf talk. (Allen is the creator of DID and TLS.) Light bulbs we're going off all over the room! 💡⚡ insightful questions, pilot sign ups. Amazing. Best of all, I can tell some people actually read the whitepaper and got it. Read the white paper! https://zsubmesh.net/ Big thanks to everyone who came out. Zsub is something the world needs, the Internet needs, Bitcoin needs, and we're devoting our lives to it--but we can't do it alone.