Online Privacy Tools

Jack Dorsey, Founder of Twitter and current CEO of Block just launched a messaging app that runs without internet, SIM cards, or even user accounts 🤯 It’s called Bitchat - and it might just rewire how we think about communication. Built on a decentralized, serverless architecture, Bitchat lets users send encrypted messages peer-to-peer via Bluetooth mesh - no cloud, no cell service, no tracking. Coded with help from Goose, Block’s open-source AI “vibe coding” assistant. Here’s what it does: ✅ End-to-end encrypted messaging ✅ No servers, no metadata ✅ No phone numbers or logins ✅ Bluetooth Low Energy mesh (up to 300m range) ✅ Built on a new open-source protocol called Vibe Why it matters: In an era of centralised infrastructure and digital vulnerability, tools like this offer a radical alternative - ideal for blackouts, censorship zones, or off-grid communication. 🧠 Jack’s vision? "Resilient, private communication that doesn't depend on centralised infrastructure." Currently in closed beta via iOS TestFlight (10,000 testers – already full) Not security-audited yet, so use with caution. Still very early… but if it works, it could unlock a whole new category of communication tech. Definitely one to watch! 👀 #decentralization #startups #technews

🗞️ Needed report By CyberArk on a burning issue : identity security. A decisive element that will determine our ability to restore digital trust. 🔹 « Identity is now the primary attack surface. » Defenders must secure every identity — human and machine 🔹 with dynamic privilege controls, automation, and AI-enhanced monitoring 🔹and prepare now for LLM abuse and quantum disruption. Machine identities are the fastest-growing attack surface 🔹Growth outpaces human identities 45:1. 🔹Nearly half of machine identities access sensitive data, yet 2/3of organizations don’t treat them as privileged. Quantum readiness is urgent 🔹Quantum computing will break today’s cryptography (RSA, TLS, identity tokens). 🔹Transition planning to quantum-safe algorithms must start now, even before standards are finalized. Large Language Models include prompt injection, data leakage, and misuse of AI agents. So organizations must treat them as a new class of machine identity requiring monitoring, access controls, and secrets management. 🧰 What can we do? ⚒️ 1/ Implement Zero Standing Privileges (ZSP) • Remove always-on entitlements; grant access dynamically and just-in-time. • Minimize lateral movement by revoking privileges once tasks are complete 👥2/ Secure the full spectrum of identities • Differentiate controls for workforce, IT, developers, and machines. • Prioritize machine identities: vault credentials, rotate secrets, and eliminate hard-coded keys. 🛡️ 3/ Embed intelligent privilege controls • Apply session protection, isolation, and monitoring to high-risk access. • Enforce least privilege on endpoints; block or sandbox unknown apps. • Deploy Identity Threat Detection & Response (ITDR) for continuous monitoring. ♻️ 4/ Automate identity lifecycle management • Use orchestration to onboard, provision, rotate, and deprovision identities at scale. • Relieve staff from manual tasks, counter skill shortages, and improve compliance readiness. 5/ Align security with business and regulatory drivers • Build an “identity fabric” across IAM, PAM, cloud, SaaS, and compliance. • Tie metrics (KPIs, ROI, cyber insurance conditions) to board-level priorities. 6/ Prepare for next-generation threats • Establish AI/LLM security policies: control access, monitor usage, audit logs. • Begin phased adoption of post-quantum cryptography to protect long-lived sensitive data. Enjoy the read

You just had a HIPAA breach? Breathe.....then move fast! (Save this post for the future) When protected health info (PHI) leaks, the first 24 hours will most likely determine if you’ll be remembered for chaos or competence. So today, I have brought you a simple blueprint I'd follow 👇🏾 1. Quickly isolate the affected systems, lock down access, and kick off a forensic investigation so you know what, when, and how; before attackers erase the breadcrumbs. 2. Document the nature of the PHI, who touched it, whether it was actually viewed/acquired, and how much you’ve mitigated so far. If the probability of compromise isn’t “low,” it’s officially a reportable breach. 3. Notify every affected individual “without unreasonable delay” and absolutely no later than Day 60. If the breach hit 500+ people, please make sure to tell HHS and the media at the same time. If fewer than 500 were impacted by the breach, you'll only need to log it and include it in your annual HHS report. 4. HIPAA spells out the must‑haves: what happened, which data types were exposed, the steps people should take, what you’ve done to plug the hole, and a hotline/email for questions. Bonus points if you provide for free credit‑monitoring codes to those impacted. 5. Lastly, please patch the root cause, retrain staff, and update policies, then keep every action in a breach file. Good‑faith compliance radically lowers penalties and proves you’re serious about protecting patient trust. Remember that a clear, rehearsed response plan buys you time, credibility, and in many cases, millions in avoided fines. Check out #kiteworks full guide for more information. https://lnkd.in/em-zaBcs

Friendly Reminder : 🚨Awareness Training is Not Enough!🚨 Many companies invest heavily in cybersecurity awareness training, but if the organizational culture doesn't prioritize security or provide continuous education, these efforts may fall short. Cybersecurity isn't just about checking a box. It's about embedding security into the very fabric of our organizational culture. When security becomes a core value, it influences every decision, behavior, and practice within the company. 🔒 Key Points to Consider: 1. Beyond Training Sessions: Awareness training shouldn't be a one-time event. It requires continuous education and engagement to keep employees vigilant and informed about evolving threats. 2. Culture is Key: A strong security culture means that every employee, from the C-suite to the entry-level, understands the importance of cybersecurity and acts accordingly. It’s about creating an environment where security is everyone’s responsibility. 3. Practical Application: Employees should not only learn about cybersecurity in theory but also practice it in their daily activities. Real-world scenarios and hands-on experiences can reinforce the training material. 4. Leadership Involvement: Leadership must champion cybersecurity initiatives and lead by example. When leaders prioritize security, it sets a precedent for the rest of the organization. 5. Ongoing Communication: Keep the conversation about cybersecurity alive. Regular updates, reminders, and open discussions can help maintain a high level of awareness and preparedness. Let’s move beyond the checkbox mentality and build a robust cybersecurity culture that truly protects our organizations. What are your thoughts? How do you integrate cybersecurity into your company’s culture? Share your experiences and let’s discuss how we can enhance our training programs to be more effective! #Cybersecurity #AwarenessTraining #CyberCulture #SecurityFirst #ContinuousEducation #LinkedInCommunity #cybersecurityawareness

Decentralized Identity (DCI) systems are an innovative approach to managing personal data. By harnessing blockchain technology, they are designed to give individuals complete control over their identity information—a significant shift from traditional centralized systems in which entities like governments or corporations hold and manage personal data. This shift is crucial as it enhances privacy and transparency, allowing users to manage their data securely, and by utilizing blockchain technology, DCI systems ensure that data is secure, transparent, and tamper-proof. This technological foundation supports selective information sharing, where users can choose to share only the necessary data, thereby adhering to data minimization principles. Advanced encryption techniques within DCI systems protect user identities from theft and fraud, offering enhanced security and privacy. The global and interoperable framework of DCI systems allows for their application across various services, making them a versatile and user-friendly solution for managing personal identities in the digital age. #DecentralizedIdentity #DCI #blockchain #privacy #PersonalData

Paying online doesn’t have to mean typing in 16 digits and waiting five days for a refund. In the UK, millions of shoppers are using Pay by Bank instead. This TrueLayer report tracks what’s changed in Pay by Bank in 2025, what’s working, what’s growing, and what’s finally getting regulatory backing. Here are my key takeaways: 🔶 Monthly Pay by Bank transactions in the UK hit 27 million, up from 15 million just a year ago. Around 9 million people now use it each month. 🔶 80% of e-commerce brands making over £1M are planning to adopt Pay by Bank. For many, the main driver is reducing card fees and refund friction. 🔶 Refunds settle in seconds. Card fraud risk is near zero. And with pre-filled data, there’s less chance of mistypes or phishing. 🔶 The FCA is backing a major rollout of Variable Recurring Payments (VRP), with a new central operator in place. And real-world use cases, like subscriptions and utility bills, are expected to go live this year. 🔶 Most UK consumers are on board. 65% say they’d use Pay by Bank today. That number jumps to 76% for shoppers under 35. 🔶 Merchants like lastminute.com have seen a 20% increase in average order value since adopting Pay by Bank. Papa Johns now recovers failed payments and saves 40% in fees. 🔶 Pay by Bank doesn’t do chargebacks, and that’s intentional. It’s built around instant refunds, real-time settlement, and secure rails that don’t rely on card data. If your payment strategy still revolves around cards, you’re building on rails fewer people want to use. #payments #openbanking #fintech #checkout #couchonomics #payments #fintech #embeddedfinance #digitalassets #futureofmoney #futureoffinance NORBr Onalytica Favikon ⁠Global Finance & Technology Network Thinkers360 - ⁠- - - - - - - - - - - - - - - - - - - - - - - - - - - 👍 Hit like ♻️ Share it with your network 📢 Drop a comment 🎙️ Check out my podcast Couchonomics with Arjun on YouTube 📖 Get my weekly newsletter on LinkedIn: Couchonomics Crunch 🕺💃 In the MENA region? Join our Fintech Tuesdays community. 🤝 Let's connect! - ⁠- - - - - - - - - - - - - - - - - - - - - - - - - - -

CISOs must look for these 5 things in a Cyber Awareness Platform. Awareness must be continuous, unlimited, measurable & role-specific. A good cyber awareness platform must include: 𝟭/ 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗮𝘁𝘁𝗮𝗰𝗸 𝘀𝗶𝗺𝘂𝗹𝗮𝘁𝗶𝗼𝗻𝘀 - Testing employees in practical scenarios - Simulated phishing, vishing & smishing attacks - Adaptive difficulty based on employee responses - Specific phishing exercises for high-risk users 𝟮/ 𝗖𝘂𝘀𝘁𝗼𝗺𝗶𝘇𝗲𝗱 𝘁𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗽𝗿𝗼𝗴𝗿𝗮𝗺𝘀 - Built for your unique infrastructure - Department-specific assessments to tailor learning - Industry-specific cyber threat modules - Gamified learning for making it interesting rather than a chore 𝟯/ 𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗲𝗱 𝗹𝗲𝗮𝗿𝗻𝗶𝗻𝗴 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝘀𝘆𝘀𝘁𝗲𝗺 (𝗟𝗠𝗦) - Engaging and effective training - Short, interactive microlearning sessions - Scenario-based training for better retention - Automated reminders for unfinished modules 𝟰/ 𝗗𝗮𝘁𝗮-𝗱𝗿𝗶𝘃𝗲𝗻 𝗿𝗶𝘀𝗸 & 𝗹𝗲𝗮𝗿𝗻𝗶𝗻𝗴 𝗮𝗻𝗮𝗹𝘆𝘁𝗶𝗰𝘀 - Measuring progress and effectiveness - Individual and team-based risk scoring - Reports on behavior trends and training impact - Actionable insights for security teams 𝟱/ 𝗕𝘂𝗶𝗹𝘁-𝗶𝗻 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 & 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝗺𝗲𝗰𝗵𝗮𝗻𝗶𝘀𝗺𝘀 - Enabling fast employee action - One-click reporting button for suspicious emails - Automated feedback on reported threats - Incident response playbooks for employees Cyber awareness must be ongoing, measurable and integrated into daily workflows. If your current awareness platform doesn't meet these standards, we can help recommend one that does. One that costs less than a large pizza per employee per year! And gives you flexibility of unlimited training & simulations. DM me & my team will help setup a demo & discovery call for your team. ---- Hi, I’m Rajeev Mamidanna. I help mid-market CISOs strengthen their Cyber Immunity

How Ransomware Almost Stole My Spotlight A few years ago, while on a routine business trip to Kuala Lumpur, I was giving a company presentation when I realised that my greatest risk was not forgetting my words but rather my digital security. Seated at a cramped desk in my hotel room, I rehearsed my presentation with my laptop connected to the hotel's public Wi-Fi, navigating each slide as though I had delivered it a thousand times. All my meticulous work resided solely on the notebook's hard drive. I was ignorant of the hidden dangers of that unsecured network. While setting up at the regional conference, a fellow speaker's laptop fell victim to a ransomware attack. Within minutes, their slides were sealed behind an encrypted vault. I watched the organisers frantically attempt to salvage the session, my heart pounding as I imagined the same disaster befalling me. Determined never to experience such anxiety again, I developed a speaker-specific cybersecurity routine based on simple daily habits. Pre-trip organisation Before every journey, I tidy and organise my laptop by backing up crucial data to a secure cloud vault and external storage, retaining only essential files, and removing any unused applications that have not been used for more than three months. Secure connections Whenever I use airport or hotel Wi-Fi, I first connect to a VPN so that every keystroke, file transfer and message remains encrypted. Strict wireless management I disable Bluetooth when I'm not using it and disable Wi-Fi auto-connect to prevent unauthorised networks or headsets from connecting. Multiple backups I keep copies of my slides in protected cloud storage as well as on a trusted thumb drive so that I never rely on a single source. Post-trip sanitisation After each trip, I forget all saved Wi-Fi networks, clear cached credentials, and either archive or delete files I no longer need while backing up the rest to both the cloud and an external hard drive. I know this sounds like a lot of work, but each habit is now as natural as my morning cup of tea. It may add minutes to my prep, but it saves me hours of panic and ensures no malware or ransomware ever steals the spotlight from my presentations. Over to you Which cyber-hygiene habit do you rely on most when presenting or travelling? Share your tip below and help us create a collective checklist so that every speaker can step into the spotlight with confidence. #alvinsratwork ✦ #ExecutiveDirector ✦ #cybersecurity ✦ #cyberhygiene ✦ #Cyberawareness ✦ #BusinessTechnologist ✦ #Cyberculture 

#blockchain :A Survey on the Applications of Zero-Knowledge Proofs. Zero-knowledge proofs (ZKPs) represent a revolutionary advance in computational integrity and privacy technology, enabling the secure and private exchange of information without revealing underlying private data. ZKPs have unique advantages in terms of universality and minimal security assumptions when compared to other privacy-sensitive computational methods for distributed systems, such as homomorphic encryption and secure multiparty computation. Their application spans multiple domains, from enhancing privacy in blockchain to facilitating confidential verification of computational tasks. This survey starts with a high- level overview of the technical workings of ZKPs with a focus on an increasingly relevant subset of ZKPs called zk-SNARKS. While there have been prior surveys on the algorithmic and theoretical aspects of ZKPs, this report is distinguished by providing a broader view of practical aspects and describing many recently-developed use cases of ZKPs across various domains. These application domains span blockchain #privacy , scaling, storage, and interoperability, as well as non-blockchain applications like voting, authentication, timelocks, and machine learning.