Systems rolling out age assurance are creating an invaluable dataset of verifiable identities of people who are susceptible to scams.

@funnymonkey no truer words

Living on the East Coast means my radio-controlled atomic wall clock is completely deaf to the atomic (WWVB) signal from Colorado. In the attached video, I am using my smartphone to force the clock to sync to exact Internet time via a clever hardware hack. 1/4

Standard smartphones cannot broadcast a 60 kHz radio wave. But if you play a 20 kHz square wave at max volume, the physical distortion in the analog amplifier generates a 60 kHz harmonic. The speaker's voice coil acts as a localized magnetic transmitter. 2/4

I wrote a deep dive into the physics of this hack, the challenges of low-frequency radio propagation, and how our methods of measuring time have evolved from maritime sand-glasses to digital synchronization. Read the full post here: https://josephhall.org/blog/texture-of-time-wwvb/

The clock's internal ferrite rod antenna is deaf to the loud 20 kHz audio but perfectly resonates with the faint 60 kHz magnetic pulse. Because it relies on near-field magnetic induction, the phone must be very close the clock to overcome the rapid cubic signal drop-off. 3/4

@darkuncle that's a great point and I think we are very far from "fixing human" ::) (I'd be interested in your thoughts on the full piece if you have time)

At NDSS 2026, @dwallach outlined DARPA's plan to solve memory safety bugs using AI. But the real rabbit hole is what happens next: securing hardware against physical decay. My new post on scaling election security principles to the global Internet: https://josephhall.org/blog/wallach-mem-safety-sw-independence/ 1/6

Watching Dan's keynote brought me back to our days at the NSF ACCURATE center. Our work in election verification relied on Rivest and Wack's "software independence": the principle that a system must be structurally verifiable because software itself cannot be trusted. 2/6

Now at DARPA, Dan is scaling software independence to the entire Internet. The TRACTOR program is tackling the legacy C/C++ bottleneck, using advanced AI to translate unsafe code into structurally verified, idiomatic Rust without crushing performance overhead. 3/6

We are moving past the era of patching buffer overflows. By enforcing structural verification in software and physical verification in hardware, we are building infrastructure where trust is mathematically and physically guaranteed. More: https://josephhall.org/blog/wallach-mem-safety-sw-independence/ 6/6

But perfect code exposes a deeper crisis. What happens when flawless software runs on imperfect, degrading hardware? As chips shrink and age, we see a rise in Silent Data Corruptions (SDCs) where hyperscale silicon confidently returns the wrong math. 4/6

To survive hardware betrayal, DARPA's COOP program treats the processor as a black box. By monitoring physical exhaust like power fluctuations and EM emissions, COOP uses the analog signature of the chip as an undeniable oracle for digital correctness. 5/6

The Chinese Government Just Got the World’s Largest Digital Rights Conference Canceled https://www.wired.com/story/the-chinese-government-pressured-zambia-to-cancel-the-worlds-largest-digital-rights-conference/

The Global Encryption Coalition, and the Internet Society as a founding member, urges the Canadian government to withdraw Bill C-22. Imposing backdoors on services jeopardizes our digital security. 1/

While Bill C-22 aims to make Canadians safer, Part 2 forces services to install technical capabilities to access sensitive data. There is no way to provide backdoor access to encrypted data without compromising the security of millions. 2/

Mandating backdoors exposes Canadians to foreign surveillance and privacy threats. With new AI systems collapsing the timeline from discovery to exploitation to mere hours, adversaries will weaponize these flaws almost instantly. 3/

Want to take action? Write a letter to your MP and ask them to reject Bill C-22: https://www.internetsociety.org/our-work/internet-policy/keep-canada-protected/ 5/

Our open letter asks the government to withdraw C-22 and conduct an Internet Impact Assessment. Experts and organizations can sign until May 12, 2026. Read and sign: https://www.globalencryption.org/2026/04/open-letter-on-bill-c-22-an-act-respecting-lawful-access/ 4/

@adamshostack @SteveBellovin I spent six months working through an issue like this with CDT and then ISOC newsletters; it is hopeless. Certain services like Salesforce encode a bunch of totally uninteresting stuff in there... But it of course works exactly like a tracking pixel and who knows what the actual uses are

@zackwhittaker "I helping"