April C Wright

Data leeks are a major problem in #infosec

Hey, Max, look how cute my human is!

Risk from defunding #cybersecurity advice agencies (I’m not talking about the surveillance ones) is a threat to nearly everyone on the planet because global security #supplychain is volatile, at best @NCSC @ACSC @ASDGovAu @cybercentre_ca @ownyouronline @ncsc_nz @CISACyber #finalcyberstand

How I imagine @CISAgov @CISACyber for the past year+

@UK_Daniel_Card @cyber_scrutiny Maybe @CISA is attempting to produce some esoteric advice before they maybe get defunded…? While I dread that, I am here for the “Fuck it” energy

@cyber_scrutiny Bad it doesn’t say don’t sue public WiFi or juice jacking and does say use encrypted comms eg signal And does say enable lockdown mode 🥳

Cyber Tweeps, check this out: From CISA, Mobile Communications Best Practice Guidance 'Do not use a personal virtual private network (VPN). Personal VPNs simply shift residual risks from the internet service provider (ISP) to the VPN provider, often increasing the attack surface. Many free and commercial VPN providers have questionable security and privacy policies. However, if your organization requires a VPN client to access its data, that is a different use case.' cisa.gov/sites/default/…

@imecge @ProtonMail Oh no… A small correction that got lost in the edits: You want to send the pastebin/link and the email via separate via TWO diff platforms And I don’t mean one via insta and one via facebook because (both Meta) Do NOT send them both via email. Nor both via telegram, eg.

You can use one of these services to share a secret separate from an encrypted string with someone How it works (either order) Send encrypted message via email or whatev Send the secret via a pastebin-like link The encrypted text and secret aren’t connected, unless you or your recipient’s end nodes is compromised onetimesecret.com Privnote.com privatebin.info If you will be sharing secrets regularly with this entity, use a password manager. They can basically all do this now. Pro tips (for the truly paranoid): Send the message and pastebin-like link with the secret more than a few minutes apart. This helps potentially limit correlation via an ISP compromise or similar (AI could otherwise easily think “this person send a link and an encrypted string immediately after, so they’re probably related!”) Use different VPNs / separate no-log VPN IPs to send both messages What NOT to do: Do not send a photo of the written secret (AI can read handwriting) Do not allow the pastebin link to be accessed by an end user more than once

PSA: You can send end-to-end encrypted emails to non-Proton users. Just add a password, they’ll use it to open the message securely.

This tip for sending messages securely, I caveat, is for some of the truly, most paranoid people… Spy shit. This sounds like the same trope we all know (nothing is safe), but here’s the “intel agency real pro tip”: The reason steganography has been so popular for hundreds of years is that “hiding in plain sight” is sometimes better than looking like an outlier to an algorithm or to a human. I pose a paranoid challenge: Who do you think the police or AI are going to investigate harder from CCTV: 1) the person with the anti-surveillance mask, a hat with an LED, and anti-night vision reflective clothing? Or 2) the soccer mom with a stroller (which is actually full of ordinance and messages)? Not everything needs to be AES-900000 encrypted. Consider the dreidel and other low tech devices for communication and sharing secrets and ideas This likely does not apply to you or anyone you know today, but it’s worth noting for the record: Outliers get attention And I looove me some @ProtonPrivacy - I know exactly what encryption means for individuals and society. I believe in you! #Privacy is like, my whole thing. I’m just sayin’. “Spy shit” exists because nothing is infallible When you can’t trust *gestures vaguely at the entire world* anymore, we do what we have to do to communicate

@aprilwright I wish I could hang and watch you do it.

I spend like 30% of most days trying to actually make AI hallucinate on purpose Important and wonderful, but deeply weird work Sometimes it’s fun:

It’s been 14 years and I STILL want to get off Mr Bones Wild Ride. But the ride never ends, does it… C’est la rollercoaster of life

@SweetJMichael really tho, I’m happy to share any insights into AI prompt engineering but I warn you: I can go tangential in like .02 seconds and there’s no turning back

@SweetJMichael LOL it’s only Thursday but I wish you luck for your epic weekend plans 🫡

@infosec_fox It’s a phase called “I don’t have a cat with light colored fur, so I can wear dark colors without showing errant cat hair” I wish this on nobody. Always have a cat nearby with any state of fur color. If you can’t ruin a nice, dark top via cat hair, what are we even doing here.

Whats the phase called when you start wearing all black?

@ArtByAlida We can still blame the Pixar version of BnL’s DNS somehow

@aprilwright Was the cannabis responsible for the bad gateway?

Anyone who says ADHD isn’t real is a liar …3 hours Enter a 1yo @LastWeekTonight about AI (10min remain) During which, I published a blog better explaining AI slop, analyzed cannibalism on the WALL-E Axiom… A 30 minute alleged “comedy” turned into hyperfocus / deep analysis, content generation for the greater good, and a dark understanding of earlier Pixar architectsecurity.org/2026/03/ai-slo…

And finally, the original story which made me question whether @LastWeekTonight fully understands “slop” vs “art” vs “disinformation”. Or just simplified it for the audience into a fun four letter word. youtube.com/watch?v=TWpg1R…

I’m just saying…. You can’t survive for 700 years in space without eating a few humans vocal.media/geeks/pixar-th…

Today we continue our #eli5AI series by explaining AI "slop" vs "AI art" What's the difference? Isn't all Ai output the same? In summary: No. architectsecurity.org/2026/03/ai-slo… (ELi5ai= explain it like i am 5: AI)