Mike Gerwitz

Free Software Hacker+Activist

Latest Posts

Webmasters: Please, Don’t Block Tor

Tor is a privacy and anonymity tool that helps users to defend themselves against traffic analysis online. Some people, like me, use it as an important tool to help defend against various online threats to privacy. Others use it to avoid censorship, perhaps by the country in which they live. Others use it because their lives depend on it—they may live under an oppressive regime that forbids access to certain information or means of communication.

Unfortunately, some people also hide behind Tor to do bad things, like attack websites or commit fraud. Because of this, many website owners and network administrators see Tor as a security threat, and choose to block Tor users from accessing their website.

Posted on 2018-10-05. Read more »

The Surreptitious Assault on Privacy, Security, and Freedom

Watch LibrePlanet 2017 Talk

Older Posts

When Talking About Mobile Tracking, Don’t Veil Bad Actors With Blanket Statements

It’s difficult to have useful conversations about mobile tracking when someone says “your phone / mobile device tracks you”; such statements don’t often lead to constructive conversation because they are too vague and therefore easily dismissed as sensationalism or paranoia. And they are all too often without substance because, while users do have legitimate concerns, they aren’t necessarily aware of the specific problems contributing to those concerns.

Posted on 2018-04-15. Read more »

Meltdown/Spectre and the Web

The recently-released Meltdown and Spectre CPU timing attacks affect virtually every user in some way; the consequences are profound. There are plenty of good write-ups on the topic, so I don’t feel the need to re-iterate the technical details here. (See an easily digestible one from the Raspberry Pi project, and an in-depth analysis from Project Zero.)

What I do want to draw attention to is that these attacks are exploitable via web browsers.

Posted on 2018-01-08. Read more »

The Ethics Void: Join Me at LibrePlanet 2018!

I got word today that I’ll be speaking again at this year’s LibrePlanet! I was going to attend even if I were not speaking, but I’m very excited to be able to continue to build off of last year’s talk and further my activism on these topics.

The title of this year’s talk is The Ethics Void. Here’s a rough abstract:

Posted on 2018-01-05. Read more »

Russia wants to review source code of Western security software

Reuters released an article entitled “Under pressure, Western tech firms bow to Russian demands to share cyber secrets”. Should Russia be permitted to do so? Should companies “bow” to these demands?

I want to draw a parallel to another highly controversial case regarding access to source code: the Apple v. FBI case early last year. For those who don’t recall, one of the concerns was the government trying to compel Apple to make changes to iOS to permit brute forcing the San Bernardino attacker’s PIN; this is a violation of First Amendment rights (compelled speech), and this afforded Apple strong support from even communities that otherwise oppose them on nearly all other issues. The alternative was to have the FBI make changes to the software instead of compelling Apple to do so, which would require access to the source code of iOS.

Posted on 2017-06-24. Read more »

GNU is more than a collection of software

GNU is more than just a collection of software; it is an operating system:


Many hackers and activists within the free software community don’t understand this well, and it’s a shame to see attacks on GNU’s relevance (as measured by programs written by GNU on a given system) going unchallenged. Software for GNU was written by the GNU Project when a suitable free program was not available. It wouldn’t have made sense to write everything from scratch if free programs already solved the problem.

Posted on 2017-06-03. Read more »

View all posts