Most people judge an email service by what they can see: the inbox, the buttons, the way a message looks when it lands. But the part of an email platform that actually protects your privacy is usually the part you never notice. It works quietly in the background, before a message is ever shown to … Read more
GitHub confirmed on May 20, 2026 that a malicious VS Code extension on an employee device led to the exfiltration of roughly 3,800 internal repositories. The breach reveals less about one compromised endpoint than about the structural costs of platform centralization.
On May 12, 2026, a researcher published YellowKey, a Windows Recovery Environment bypass allowing physical-access attackers to unlock BitLocker-protected drives on Windows 11 systems. The vulnerability exposes the difference between cryptographic strength and systemic trust architecture.
On May 15, Mozilla submitted a response to a UK government consultation that proposes age-restricting VPNs. The submission argues that such measures address symptoms rather than root causes of online harm.
Bill C-22, introduced to Canadian Parliament in March 2026, mandates metadata retention for up to one year and grants the Minister of Public Safety broad power to compel technical capabilities from electronic service providers – including encryption circumvention.
Meta ended optional end-to-end encryption on Instagram DMs on May 8, 2026. TikTok confirmed in March it will never offer it. The Take It Down Act takes effect May 19. These three facts are connected, and the connection matters more than any single one of them. What just happened On May 8, 2026, Meta removed … Read more
Why we’re talking about ML-KEM and ML-DSA only now, when our PQCServer platform has been live and open source for two months. The context On May 5, 2026, Proton Mail announced support for post-quantum cryptography for emails between Proton users. It’s an important move and deserves recognition: the email industry needed to see a mainstream … Read more