| Website | https://nts.bio |
| https://twitter.com/grittygrease |
News!
I’ll be joining the Internet Architecture Board (IAB) starting March 2026 at IETF 125 in Shenzhen (which I will be attending remotely). The IAB is part of the @ietf ecosystem. It looks across internet protocol work to provide architecture-level oversight to help ensure the standards process stays healthy.
Also, sign up for my upcoming mailing list! Occasional, high-signal updates: https://tally.so/r/2EBz4D
Tomorrow on USENIX Security’s Enigma track, I’ll unveil Venom, a new framework to sting back at rogue AI web crawlers with some adversarial mischief. If you’re around Seattle, come say hi or ping me!
https://www.usenix.org/conference/usenixsecurity25/presentation/sullivan
Security isn't just confidentiality—availability matters too. That's why I'm joining @CenDemTech part-time as a Visiting Fellow to work on censorship resistance and privacy online. I’ve been turning my literature review into a podcast with help from AI if you want to follow along.
This podcast series examines how internet censorship shapes global access to information and the technical safeguards needed to ensure a free and open web. We dive into the mechanics of filtering, circumvention strategies, and the role of internet protocol...
We’re doing another SplinterCon, this time in Berlin on December 9-11! If you’re not familiar, this is an event in which participants discuss the increasing balkanization of the internet and the tools that help keep these splintered networks connected.
If you’re interested in getting started in cryptography, check out the crypto 101 course by Dr. Alfred Menezes from UWaterloo.
He’s planning on publishing the lectures from his Applied Cryptography course, which was my introduction to the field. Highly recommended.
What necromancy is this?
https://medium.com/clog/rebooting-san-francisco-royalty-emperor-norton-meets-genai-b28a5874e1a7
This was fun for me: I just found out that my name is used by Merriam-Webster as an example of how to use the term "cryptographer" correctly!
I'm excited to share a new proposal to improve privacy online: privacy.txt
This new format aims to standardize the presentation of web privacy policies, making them transparent and machine-readable, much like "robots.txt" for search engines. Louise Van der Peet, Georgios Smaragdakis, Brien Colwell and I put together this proposal to help both consumers and researchers easily understand and act on their privacy rights.
Read the draft here:
https://www.privacytxt.dev/
This proposal outlines a new file format called privacy.txt. It follows similar placement on a web server as robots.txt https://datatracker.ietf.org/doc/html/rfc9309 , security.txt https://datatracker.ietf.org/doc/html/rfc9116 , or ads.txt https://iabtechlab.com/ads-txt/ , in the / directory or /.well-known directory. The file format adds structured data for three areas: 1. A machine parsable and complete privacy policy 2. Consumer actions under their privacy rights 3. Cookie disclosures
