Stored Now; Decrypted Never
The primary motivation for the migration to Post-Quantum Cryptography is the risk of a nation state performing a “Store Now, Decrypt Later” attack.
(This sometimes gets phrased in other, sillier ways. I once read it as “Harvest Online, Decrypt Later” which I interpret as a backronym for “HODL”—a meme among blockchainiacs.)
One secondary motivation is the historic failure of the NSA to transition the industry off RSA and onto Elliptic Curve Cryptography. The sooner we start the PQ move, the better.
Post-Quantum Migration
One question that doesn’t come up nearly enough is, “What if a practical quantum computer never actually emerges?”
For flavor, compare the 2024 quantum landscape with the previous year’s to truly get an appreciation for how glacially paced the advancements in quantum computing really are. Scott Aaronson thinks that Google Willow might be a significant milestone towards progress.
But all of this might be missing the point! As Opal Wright wrote on the Trail of Bits blog post titled, Quantum is unimportant to post-quantum:
But even if a quantum computer is never built, new PQ standards are safer, more resilient, and more flexible than their classical counterparts.
And she’s completely correct.
I wrote a blog post last year titled, KEM Trails — Understanding Key Encapsulation Mechanisms, which discussed some of the ways that KEMs (which all of the post-quantum candidates to replace “public key encryption” can be classified as) are safer and easier to reason about.
But it’s not just KEMs. The post-quantum signatures are also safer in a way that I have to reach back to a 2020 blog post to explain: They’re hedged signatures!
Who Spies on the Spies?
The risk of nation state adversaries spying on us is exacerbated by how we develop software. Companies are voracious when it comes to your personal data. Finding good offline-first technology in 2025 is a rare and treasured experience.
What if, instead of encrypting data, it was simply never transmitted in the first place?
(It’s often said that “for sale: baby shoes, never worn” is the shortest story in the English language. This isn’t true, but it is often amusing to try to come up with shorter and more emotionally impactful stories. The subject line is a riff on this genre.)
It’s important for end-to-end encryption to exist in some contexts. I’d argue that enabling (especially marginalized) people to communicate privately is a net-positive for society.
However, a lot of managers in the technology space don’t think of encryption as a privacy technology, they instead think of it as an “access controls” technology. Who gets to decrypt? And for those types, it’s better that their computers starve than we try to play their games.
Just please let’s not create another overloaded use case for “hybrid”:
From The Interwebs
Technology Topics
Meta (owner of Facebook, Instragram, and Threads) has decided that it’s totally fine to say that all queer people are mentally ill.
As 404 media explains, this is not going well with its employees.
The Intercept obtained leaked copies of the updated memos, which proves that this decision is very deliberate. They know exactly what they’re doing, and they don’t care who they hurt.
Facebook (one of the Meta properties) has also decided to censor 404 media’s coverage of… (drumroll please)… Facebook’s censorship.
The story they’re censoring is about a critical post an employee made about Dana White being appointed to the board.
The EFF wrote about how behavioral ads fuel the surveillance industry.
They also botched their analysis of the Meta story above, which got them a severe clapback on the Fediverse.
You can crack a 512-bit RSA key (used for DMARC headers by email providers the world over) in the cloud for $8.
Pixelfed now has a mobile app. You can learn more here.
From Furries
The art site FurAffinity has implemented tag filtering. This feature has been requested for a very long time by a large number of users.
Zeiros Lion made me this cool fan art:
Zeiros Lion
Miscellaneous
Boring Keith created a video analysis a few months ago about a growing trend in the “content creator” space, wherein someone will infiltrate a predominantly queer community (such as furries) to try to get the “inside scoop” on what happens there, with a recent notable example. I highly recommend watching it.
If you want something a bit more light-hearted, here’s a funny story about Neon_Folf trying to come out as gay to his conservative grandma over Christmas.
Closing Thoughts
If you know anyone that seriously still uses Facebook or Threads, try to get them onto the Fediverse (or Bluesky) instead.
Seriously, Meta is bad news. It’s not just queer people on the chopping block. Remember the rest of the fucking poem.
If they’re instead on Instagram, push them towards Pixelfed.
Zuckerberg and Musk, or as I like to call them, trash and fasc. (Which is which is left as an exercise to the reader.)
Share This With A Friend
If you think anyone would enjoy this newsletter, share it with them. If your friend forwarded this to you, maybe consider subscribing yourself. :3