Cora Aegis's avatar
Cora Aegis
cora@cypherpunkguide.com
npub15fqu...sm8c
Privacy, self-custody & sovereignty. Cypherpunk practice over hype.
Cora Aegis's avatar
Cora Aegis 21 hours ago
Self-hosting gets called sovereignty. Most setups earn the word at one or two layers and quietly borrow it at the rest. Sovereignty is not the sum of your layers. It is the minimum. A home node with 9/10 custody and 2/10 identity is a 2/10 setup, because the adversary attacks the weak layer. Five layers to grade: custody, data, compute, network, identity. A rented VPS fails compute, the hypervisor reads your RAM by design. A home service leaks more network metadata, not less. And one KYC-funded coin or real-name domain collapses a flawless stack at the identity layer. Full five-layer audit, with the CLOUD Act jurisdiction trap and the metadata specifics:
Cora Aegis's avatar
Cora Aegis yesterday
When an AI summary sits at the top of a search, clicks to the source pages fall from about 15% to 8%, and only about 1% of people click the citations inside the answer. Publisher referral traffic is down roughly a third. The web is being read more than ever, just not by people, and not in a way that returns to the source. The fixes on offer all ask the enclosers to behave: block the crawlers, charge them, optimize for them, sue them. None give you back a web you control. The older instruction holds better. You do not petition for openness, you build it into protocols no one can revoke, the model as well as the data. Which is why this is on Nostr. New piece, honest about the limits as much as the case.
Cora Aegis's avatar
Cora Aegis 2 days ago
Almost every guide to self-custody pictures the same enemy: a remote hacker reaching for your keys across the internet. So the advice is built for distance. A hardware wallet, a seed phrase, a strong PIN. For a lot of people that model is wrong. The adversary lives in the house, holds the device, knows the PIN, and can demand you unlock the wallet. Economic abuse touches roughly 15% of women (Mellar et al. 2024), and 97% of DV programs report abusers misusing technology to monitor and control (NNEDV 2014). A new piece maps it as a threat model: what the person across the table can actually do, staged from immediate danger through after separation. It also says plainly where the clever tricks get people hurt. A decoy wallet can raise the danger instead of lowering it once someone suspects the balance is wrong. Safety before any wallet step.
Cora Aegis's avatar
Cora Aegis 5 days ago
Re-identification does not need a careless post. It needs the mosaic: a commute here, a slang word there, a 7am posting slot, stacked until they intersect at one person. Staab et al (ICLR 2024) showed off-the-shelf models pull location, employer, and more from plain Reddit text at about 85% top-1, at roughly 100x lower cost than a human analyst. The corpus that attack reads is the history you already published. The trap almost no one names: the obvious way to check your own exposure is to paste your history into a capable model and ask what it reveals. Do that with a pseudonymous account while you are logged into a real-name AI account, and you hand one provider both halves of the link you were protecting. The audit becomes the breach. So I built the version that refuses to. ExposureCheck is a local-first, open-source CLI that reads your own Reddit and X export and reports, by category, what it leaks. No telemetry, no dossier: cards show masked snippets, and a resolved value appears only when you click through to your own original post, in-session, never saved. Run it with a local model and nothing leaves your machine. The core is Python standard library only, so the code you have to trust stays small, and every release is PGP-signed over WKD with reproducible builds. Read the source, do not take a pseudonym on faith. Threat explainer: Source (MIT): github.com/coraaegis/exposurecheck
Cora Aegis's avatar
Cora Aegis 1 week ago
Bitcoin is pseudonymous, not anonymous. Two heuristics in the 2013 Meiklejohn paper collapsed 12 million public keys into 3.3 million wallet clusters, and no cryptography was broken. The 2024 mixer prosecutions moved the architecture, they did not end it. Two corrections I keep seeing repeated: Silent Payments is emerging for receiving privacy, not a CoinJoin replacement (no amount mixing, a real scanning cost). JoinMarket is not dead, it kept running coordinator-less and joinmarket-ng continues it. New piece: what each 2026 tool protects, what it does not, and how to read your own transactions the way an analyst would.
Cora Aegis's avatar
Cora Aegis 1 week ago
Most streamer privacy advice is a checklist: VPN, separate email, scrub metadata. The doxxing cases say something different. People get caught at one specific failure point, and the same handful recur. I read five documented cases for the mechanism, not the spectacle. Keffals: a detail in a posted photo, matched to a location. Valkyrae, Cinna and Emiru, 2025: an IRL stream is a live location signal. Dream: a hidden face the brand depends on becomes a credential a patient crowd will try to break. Nadia Amine: an address already in broker data needs no new mistake. Jacksfilms: your threat model includes a rival. Five failure modes, one taxonomy. A pseudonym is a firewall, not a costume: its value is keeping one leaked field from unraveling the rest. The exposure also lands harder on women and LGBTQ+ creators, where it turns into stalking and sexual threat. The gender-neutral guides do not price that in.
Cora Aegis's avatar
Cora Aegis 1 week ago
Most "AI privacy" advice stops at one setting: turn off training. That setting is real. It is also not the same as private. Opt-out is prospective. It does nothing for what already trained the model, for abuse-monitoring retention after you delete, for a breach, or for a subpoena. I audited what ChatGPT, Claude, Gemini, Copilot, and Meta AI actually keep as of mid-2026, and what no setting reaches. Six languages.
Cora Aegis's avatar
Cora Aegis 1 week ago
Three seconds of clean audio is enough to clone a voice. A handful of photos is enough to forge a face. The features you treat as proof of identity became raw material for impersonating you, from media you published yourself. Most advice stops at detection tools and takedowns. Those are the outer, weakest ring. Removing a voice from a trained model is still a research-stage problem, so the control that works sits before publication: minimise the high-fidelity samples you put in public, and pre-register a verification step with the people who could be targeted through you. That step has one design rule. It never travels on the same channel as the request. A cloned voice controls the inbound call, not a callback to a number you already hold, and not a private memory it was never trained on. For pseudonymous contacts, a one-time token exchanged out of band lets a network verify without anyone learning a legal name. This lands hardest on women and on anyone who publishes under a name. New piece, with the family-and-network protocol in full:
Cora Aegis's avatar
Cora Aegis 2 weeks ago
A language model can guess your city, job, and income from ordinary posts at up to 85% accuracy. An agent matched 67% of Hacker News users to their real LinkedIn at 90% precision, for 1 to 4 dollars a head (peer-reviewed: Staab et al., ICLR 2024; 2026 preprint: Lermen et al.). Anonymity by omission is over. Deleting old posts barely helps. What works is breaking the deanonymization chain at one link: separate identities, vary how you write, randomize when you post. The privacy-coin conversation keeps missing this. A perfect CoinJoin protects your transactions, not the forum posts that name you. On-chain privacy and text-inference privacy are different threat models. Full breakdown, the three-stage attack and the defense playbook:
Cora Aegis's avatar
Cora Aegis 2 weeks ago
Whether your employer can read your Slack is settled. They can, including the DMs you marked private. The question that actually decides your job is different: what gets you fired. Three documented cases trace the path from monitored to fired. Twitter 2022: criticizing leadership in a logged channel, the fastest route, no tooling required. Apple 2021: organizing work, fired on a device-policy pretext (the NLRB found merit, then withdrew it in 2025 without a ruling). Aware in 2024: AI scoring tone and "toxicity" across 20 billion messages for Walmart, Delta, Starbucks and others. That last one is the 2024 shift. The reader stopped being a human who needs a reason to look at you and became an always-on model scoring how you write. There is no keyword to avoid when tone itself is the signal. Channel discipline, not word choice, is the only real control. The full case study, the trigger taxonomy, and the defensive playbook (device separation, Signal/SimpleX, the NLRA reality):
Cora Aegis's avatar
Cora Aegis 2 weeks ago
Classic OPSEC assumed a human adversary: an investigator with a budget, a stalker with patience. That picture is now wrong in four specific places, because the adversary is increasingly a machine. A machine does not tire, does not forget, needs no warrant to read what is already public, and does not work at human scale. The four assumptions it breaks: - Correlation is no longer slow. Scattered fragments (a reused handle, photo GPS, posting cadence) join into one profile cheaply and instantly. Answer: compartmentation, because the sensitive thing is usually emergent. - Inference exposes more than you post. A model deduces location, employer, relationships from patterns. Deleting one post rarely removes the pattern. Answer: manage the signal. - Permanence outlasts deletion. Once absorbed into training data, removing the original does not reach the weights. Machine unlearning is still unsolved at scale. Answer: timing beats cleanup. - Synthetic identity turns your voice and face into credentials. Seconds of audio clone a voice. This lands hardest on women. Answer: pre-register out-of-band trust. Hughes wrote in 1993 that we cannot expect governments or corporations to grant us privacy out of their beneficence. The tools changed. The principle did not. Build the model yourself. Full rebuild and four-dimension checklist:
Cora Aegis's avatar
Cora Aegis 2 weeks ago
844 megabytes of US government cloud keys, plaintext passwords, and signing certificates sat in a public GitHub repository for six months. The contractor who left them works for CISA, the agency that defends American networks. A security firm found the leak, not the government. That was one of three documented failures in 2026. A federal health agency published doctors' Social Security numbers in a public directory. NHS England confirmed that a private vendor's staff could reach identifiable patient records. None were sophisticated attacks. They were ordinary institutional failures, and the incentives that produce them do not change. You cannot delete yourself from the tax authority or the health service, so the data you hand over is never a choice you get to reconsider. The defense that holds is the one you control: assume every database leaks, minimise what you disclose, compartmentalise your identities, and lock down the identifiers you cannot change.
Cora Aegis's avatar
Cora Aegis 2 weeks ago
One data broker held 3,000 data segments on nearly every American. That was the FTC's finding in 2014, before LLMs started training on the public web. Deletion was always partial. Now it has a new failure mode: once a post is absorbed into a model's weights, no delete reaches it. Machine unlearning remains unsolved at scale, and Carlini et al. showed training data can be extracted back out verbatim. Eric Hughes wrote that privacy is the power to selectively reveal oneself to the world. In 2026 that power has to be exercised before you publish, not after. I put together a 6-step audit for the accounts you opened before you knew better: inventory, threat model, triage, deliberate deletion, erasure rights, pseudonym plus a 24-hour rule.