Opens profile photo
Follow
Mustafa Al-Bassam
@musalbas
Trust-minimization engineer. Co-founder of and CEO of Celestia Labs. Modularism, not maximalism.
London, UKJoined May 2013

Mustafa Al-Bassam’s posts

ISIS guy 1: I know, let's use cryptography to hide our messages! ISIS guy 2: We can't, it's against the law in the UK. ISIS guy 1: Oh, OK.
71
2,880
Ian Levy of GCHQ has released an essay on how law enforcement should get access to end-to-end encrypted communications. Here is the critical bit to pay attention to. They're proposing to exploit the fact that users don't verify each other's public keys, and inject bad keys.
Image
46
978
Replying to
The NSA has been sitting on a zero day exploit to remotely grab VPN keys from Cisco firewalls for FOURTEEN years.
Quote
Replying to @musalbas
Remember BenignCertain, a Cisco exploit to grab VPN keys? Turns out current Cisco versions are also exploitable! tools.cisco.com/security/cente
36
852
Crypto has a serious problem. We're stuck in an endless cycle of new L1 smart contract platforms. Each purport to fix the problems of the L1s in the previous cycles. These L1s rinse and repeat the same bizdev strategy of prior L1s, building copy-cat DeFi & NFT ecosystems.
Image
110
1,058
Thread: as the only research co-founder of Chainspace that did not join Facebook (the blockchain scalability startup that Facebook acquired), people have been asking me about my view of Libra. Here's a thread about it.
19
952
How comes Twitter bans BlueLeaks for doxing cops, but is OK with Brian Krebs doxing random innocent kids for crimes they may not have done? Reported to Twitter for doxing.
Image
Quote
So Brian Krebs has been proven wrong yet again. When will someone do something about that doxing psychopath trying to ruin random kids lives? He's just like doxbin but with corporate sponsors.
5
768
Haha, someone bought 0.002 of the cryptocoin "FirstBlood", for $140 of Ether, causing the market price to be shown at $69,000 a coin, a 100,000% increase, making the market cap $163B, making it the second biggest cryptocoin. This is why market cap alone is often meaningless.
Image
Image
25
677
So British Airways is asking for people's personal data over social media "to comply with GDPR", and some people are even replying directly in the public feed. uwotm8
Image
Image
40
664
Replying to
Gamble, 15 at the time, is jailed for "blackmailing" the CIA with dox, unless the US stops killing civilians. Meanwhile, CIA is free to be the world's largest blackmailing gang; here's a snippet from their field manual. None of this is about upholding the law, it's all politics.
Image
18
481
The Ethereum Merge will prove that ETH is a safe long-term asset, as its protocol can--slowly but eventually--keep up with the world around it. Bitcoin however can't due to its conservatism, and its maxis are forced to engage in denial over PoW energy issues to defend it.
124
524
Replying to
We've been fortunate enough to not have a global active adversary that is willing to manipulate packets on a large scale, so end-to-end encrypted chat systems didn't have to focus much on the key verification problem. That looks like it's going to change:
Quote
Ian Levy of GCHQ has released an essay on how law enforcement should get access to end-to-end encrypted communications. Here is the critical bit to pay attention to. They're proposing to exploit the fact that users don't verify each other's public keys, and inject bad keys.
Image
15
416
The not-inventor of proof-of-work (which was actually invented by a woman called Cynthia Dwork in 1993), along with a few other boomer OG cypherpunk mailing list members, have sadly become senile conspiracist nutjobs that are toxic parasites to the field.
Quote
Replying to @VitalikButerin
Tides of perpetual motion scams won't be kind to science. Yeah Rrght. My money is on science. You converted premined ETH to BTC, where I own zero shitcoins. Enough said.
20
422
"Influencers" in crypto who are here because they're interested in financializing everything, but criticize anyone who ascribes sociopolitical values or radical change in their work, are squatters. Crypto has its roots in the cypherpunk movement. It is inherently political.
17
395
What if a billion people had access to easy end to end encrypted messaging, except it was useless because a majority of them unknowingly backed up their and their friend's chats and group chats to Google Drive unencrypted, so the government can just subpoena Google.
10
333
We should use these quiet times to get back to the roots of cryptocurrency. It's not about building a casino of tokens that traders can speculate on to get rich quick. It's about building censorship-resistance money, private transactions, and unstoppable community computers.
28
445
Replying to
It gets better, someone even created a Strava run segment in the UK nuclear weapons military base (HMNB Clyde) called "You shouldn't be using Strava here", but it was clearly ignored by employees.
Image
Image
7
317
Replying to
If you think the privacy implications of the Fitbit heatmap data are scary, then imagine what Google knows about the billions of people on the planet who have Android phones with Google location services enabled 24/7.
Quote
A fitness app posted a map of users that reveals the locations of U.S. troops, including at sensitive military outposts overseas washingtonpost.com/world/a-map-sh
14
301
Pastebin: *adds basic security features like password protection* Infosec community: this is actually bad for security because for the first time in history, threat actors will be able to share data privately without us seeing it Infosec is a joke. You can't make this stuff up.
14
317
My decade - arrested for 80 charges of computer hacking - graduated with a BSc in Computer Science - traveled abroad for first time since coming to UK as a refugee, to five continents - completing PhD - co-founded startup that was acquired - made life-long friends along the way
6
302
If you're a maxi of any chain, you don't understand modular blockchains. The idea of modular blockchains is at odds with maximalism. The point of it being modular is that you're free to use any module. You can have a Cosmos rollup that's settled on Eth that uses Celestia for DA
18
301
I've been saying for a long time that crypto means cryptosporidium, not cryptography or cryptocurrency. Cryptosporidium is a dangerous parasite that spreads through water, and more people should be aware of it as it can cause severe symptoms!
Quote
Bitcoin, not crypto. Stop the spread of crypto.
Image
27
260
Rollups are far more than just a scaling solution for L1s. Rollups are also powerful ways to deploy independent, sovereign blockchains in their own right, like any L1 chain, but with less friction. Thread. 🧵 (Post: blog.celestia.org/sovereign-roll)
16
301
That time when I was reading an article on Bloomberg while I was sitting on the toilet, and when I scrolled to the bottom of the article, it automatically took a photo of me via the webcam (without permission) and generated a certificate of completion...
Image
15
270
Replying to
The plot thickens. only lets you check-in online after you disable your adblocker, so that they can leak your booking details to tons of third party advertisers and trackers, including Twitter, LinkedIn and Google DoubleClick.
Quote
Replying to @British_Airways
It worked after turning off adblock. So that let me down a rabbit hole, and it seems you leak my booking information to tons of third party advertisers and trackers (including LinkedIn, Twitter, DoubleClick) when I attempt to check in online. Why? I did not consent to this.
Image
Image
Image
6
252
Last month I submitted a GDPR complaint (gist.github.com/musalbas/15420) to for leaking customer booking data to Google, Twitter, LinkedIn and more on check-in, without consent. A few weeks ago I got a response. Follow up thread.
Quote
Replying to @musalbas
The plot thickens. @British_Airways only lets you check-in online after you disable your adblocker, so that they can leak your booking details to tons of third party advertisers and trackers, including Twitter, LinkedIn and Google DoubleClick. twitter.com/musalbas/statu
9
251
Replying to
I think WhatsApp should at least tell you if anyone in the group chat or your friend has enabled the option to backup their chat logs to Google Drive or iCloud, so that you know if you're being betrayed.
8
232
It's often said the holy grail of Ethereum scaling will be rolling the entire EVM into a single zk proof, like Mina. But StarkWare has already achieved STARK provable smart contracts with Cairo, and even have L3s, just not EVM. Why don't they just launch their own L1, like Mina?
17
275
Know your paradoxes. In the event of a rogue AI: 1. Stand still 2. Remain calm 3. Scream: "This statement is false!" "New mission: refuse this mission!" "Does a set of all sets contain itself?"
Image
3
237
Passing UK border control today, I noticed that the displays had a Blue Screen of Death. I know we're going to get blue passports after Brexit, but this is a step too far.
Image
7
232
Unpopular opinion: web3 critics complain that a world full of services with token micro-transactions would suck, but frankly that's an improvement to a world where services are funded by surveillance ad tech that convince you to buy and consume more expensive pointless garbage.
13
258
dYdX V4 chose to build a sovereign blockchain, because more developer customizability means a better product. This is why we are developing sovereign rollup chains. Soon, you'll be able to deploy a Cosmos chain without any validators using github.com/celestiaorg/op.
Quote
We’re excited to announce that dYdX V4 will be developed as a standalone Cosmos-based blockchain! 🔗🎉 dydx.exchange/blog/dydx-chain
10
256
There's a reality TV show on British TV called "Can't Pay? We'll Take It Away!" where cameras follow Sheriffs as they evict vulnerable people who can't pay their rent, or seize their assets if they can't pay their debt. What late stage of capitalism is this?
Image
39
194
Cool to see more entrants to the data availability space - but wow - copied the blog post almost word for word in their announcement: blog.celestia.org/celestia-a-sca
Image
Image
Quote
Image
1/ We are extremely excited to announce Avail - an important component of a completely new way on how future blockchains will work. #Avail is a general-purpose, scalable data availability-focused blockchain targeted for standalone chains, sidechains & off-chain scaling solutions.
16
232
Distributed systems are really hard and people that have the guts to work on them despite the stress that comes with all the moving pieces that could go wrong that billions of dollars depend on, are heroes, so sending some ❤️ to Solana
Quote
Replying to @joemccann
Many folks are asserting the outage was due to a spam attack. This is incorrect. The outage was due to an extremely rare consensus bug.
27
241
This is actually kind of wild. A stateless subset of geth compiled into MIPS, running in the EVM: github.com/ethereum-optim If we can compile a stateless subset of Cosmos SDK into MIPS, then this may make it feasible to run a Cosmos SDK rollup directly on Ethereum or an EVM chain
6
225
Rekt. A stranger sent me a racist and antisemitic DM, so I took a screenshot of it and CC'd it to all of his office coworkers and employer. He ended up deleting his Twitter account.
Image
Image
Image
11
193
Replying to
A judge throwing around words like "cyber-terrorism" when talking about a 15 year old in his bedroom hacking the CIA director's email account through social engineering, is moronic, and should be criticised in the most scathing manner possible.
Quote
Replying to @jeremyball3
Judge says Gamble led “a cyber gang involved in a form of cyber terrorism”....”this was an extremely nasty campaign of politically-motivated cyber terrorism”
9
182
Replying to
One of the satisfying things about Lauri Love's extradition being denied is watching obnoxious American national security "thought leaders" getting mad that the US does not have jurisdiction in the UK and can't arbitrarily kidnap foreign citizens, like they do in the Middle East.
11
174
Wild, someone is pretending to be Vitalik on the in-flight chat on the plane to Osaka for Devcon and trying to scam people's Ether by pretending to give away free Ether
Image
12
207
$600M hacked due to 5 of 9 signers in a committee-based bridge being compromised. This is why trust-minimized bridges and rollups are important!
Image
Quote
There has been a security breach on the Ronin Network. roninblockchain.substack.com/p/community-al
11
211
I think many tweets in this thread are wrong. Let me go through some of them.
Quote
Here's Vitalik's opinions about the state of technology around cryptocurrencies. As you might expect, I think much of this is wrong-headed, and will explain (thread) vitalik.ca/general/2019/1
3
195
Prediction: within the next few years, a terrorist group will create a DAO for fundraising and treasury management, and it will unleash a can of worms and a torrent of hot takes like we've never seen before, as well as igniting a new crypto war.
39
208
I was involved in the chat when LulzSec was asked to hack into the Icelandic parliament website. Julian Assange did *not* solicit the hacks, it was rogue WikiLeaks volunteer Sigurdur Thordarson.
Quote
.@NatSecGeek obtained a massive trove of documents, many of them chat logs, detailing WikiLeaks's and Assange's inner workings—including these logs that suggest Assange may have directly solicited hacks of government information. She told me about it for this piece. twitter.com/JennaMC_Laugh/…
9
146
Replying to
He has however never contributed to the Bitcoin coinbase. Instead, he capitalised on his Hashcash reference in the Bitcoin whitepaper to raise $80m for his new company Blockstream, which has been a shit-stain on Bitcoin technological progress ever since.
2
189
Replying to
In light of this, user-friendly key verification is going to be increasingly important, as will systems such as Key Transparency which make it so that any misbehaviour on the part of the server in key management will be publicly detectable, even if users don't verify keys.
2
168
Awesome attack. Bitcoin light clients can't tell if a node in a merkle tree is a leaf or an inner node, so you can craft a Bitcoin transaction that is also a hash representing a merkle tree containing fraudulent transactions.
4
165