Money Is Not Wealth: Computer Articles - By A.R. Miller
MONEY IS NOT WEALTH
Computers and Related Hardware,
Computer Studies, Computer Privacy/Security,
Free Open-Source Software (FOSS, Linux), Etc.:
Subsection 2 of Money Is Not Wealth.
Compare
Protection Across Browsers, Extensions, And AI Providers
(DuckDuckGo.com; updated twice per year)
Many browsers, browser extensions, and AI providers talk about how
they protect your privacy, but these claims don't always match the
out-of-the-box privacy protections you actually get. We made this chart to help you compare the protection
you're getting now and how protected you can be. We've
outlined which protections browsers, browser extensions, and AI
providers offer by default without requiring you to change
any settings after on-boarding, so you can decide which browser,
browser extension, or AI provider is best for you. NEW here on June
28, 2026 (because 11-months later, it's still the best we've read
on this now-timely topic.
Non-techies are invited to skip down to its Conclusion.):
Matthew Garrett: Secure-Boot
Certificate Rollover Is Real, But Probably Won't Hurt
You. (Dreamworth.org;
July 30, 2025) LWN wrote an article
which opens with the assertion, "Linux users who have
Secure Boot enabled on their systems knowingly or
unknowingly rely on a key from Microsoft that is set to
expire in September." This is, depending
on interpretation, either misleading or just plain wrong,
but also there's not a good source of truth here, so...
First, how does secure boot signing work? Every
system that supports UEFI Secure Boot ships with a set of
trusted certificates in a database called "db". Any binary signed
with a chain of certificates that chains to a root in db is
trusted, unless either the binary (via hash) or an intermediate
certificate is added to "dbx", a separate database of things whose
trust has been revoked. But, in general, the firmware doesn't care
about the intermediate or the number of intermediates or whatever
- as long as there's a valid chain back to a certificate
that's in db, it's going to be happy.
That's the conceptual version. What about the real-world
one? Most x86 systems that implement UEFI
secure boot have at least two root certificates in db - one called
"Microsoft Windows Production PCA 2011", and one called "Microsoft
Corporation UEFI CA 2011". The former is the root of a chain used
to sign the Windows bootloader, and the latter is the root used to
sign, well, everything else.
What is "everything else"? For people in the Linux
ecosystem, the most obvious thing is the Shim bootloader
that's used to bridge between the Microsoft root of trust and a
given Linux distribution's root of trust[2]. But that's
not the only third party code executed in the UEFI
environment. Graphics cards, network cards, RAID
and iSCSI cards and so on all tend to have their own unique
initialisation process, and need board-specific drivers.
...
Conclusion: Outside some corner cases,
1. The worst case is you might need to boot an old
Linux to update your trusted keys to be able to
install a new Linux.
2. No computer currently running Linux will break in any
way whatsoever.
NEW (and techie!): Dan Goodin:
A
Critical Deadline Is Approaching for Windows and Linux
Security. (Ars Technica; June
21, 2026) The cryptographic keys that secure your computer's boot
sequence will start to expire on June 24.
Here's what that means for you.
The clock is ticking for Windows and Linux users to update
cryptographic keys that protect their systems
against firmware-based UEFI infections,
a pernicious form of malware that loads before
operating system and anti-malware protections start.
Beginning June 24, three "certificates" - that
cryptographically verify each piece of firmware and
software that loads during system boot - will
expire. The Microsoft-signed certificates
are the linchpins of Secure Boot, a Microsoft-designed
chain of trust. Secure Boot checks the digital
signatures of all firmware that loads during system
startup to ensure it originates from a
trusted provider, such as the manufacturer of the
motherboard the system runs on. Secure Boot is designed to thwart UEFI bootkits, a
form of malware that alters the Unified Extensible Firmware
Interface, the successor to the BIOS, both of which
begin the initial boot sequence. Because
these bootkits load before the OS and most other code, they
can be difficult to detect. Once installed, they typically
load malware onto the OS that steals credentials,
backdoors the system, or performs other malicious actions.
Even when the OS is disinfected, the bootkit can reinfect
the system. Bootkits survive OS reinstallations as well.
Microsoft is in the process of updating
Windows 10 and Windows 11 machines. Linux distributors are also in the
process of updating "shims", a small,
first-stage UEFI bootloader that acts as a trusted bridge
between Secure Boot keys and the Linux bootloader. Machines that fail to update the Secure
Boot-related keys will continue to function, but
they will no longer be protected against new UEFI
threats. To be clear, they were already
vulnerable to new UEFI threats that exploited the industry-wide LogoFail
vulnerability. The key refresh is designed to mitigate that
risk and prevent unrelated UEFI attacks that may arise in the
future. To check the status of the keys: - Windows users can
open Windows Security settings > Device Security >
Secure Boot. A green checkmark means the update has been
completed. Most Windows machines automatically
update the keys during regular monthly patch distributions,
but older machines may require manual attention. - Linux users should watch
for the release of new shims. Thomas Germain: [Trump-and-Musk's]TikTok
Is Tracking You, Even If You Don't Use The App. Here's How
To Stop It. (BBC; February 11, 2026) TikTok is growing its data-harvesting empire, and avoiding
the app won't protect you – but some easy steps can keep
you safe. TikTok keeps track of everything you do on its app – no
surprises there. What's less obvious is how the company
follows you around other parts of the Internet that have
nothing to do with TikTok.
In fact, TikTok collects sensitive and
potentially-embarrassing information about you even if you've
never used the app. Over the past week, I've watched
websites sending TikTok data about cancer diagnoses, fertility and
even mental-health crises. It's part of a tracking empire that
extends far beyond the social-media platform. Now, thanks to a new
set of features, TikTok is poised to expand its network and see
even more details about your life. The change comes just weeks after the sale of TikTok's
U.S. operations to a group of companies with ties to U.S.
President Donald Trump. The deal has led to fresh privacy
concerns from some human-rights experts and users,
though TikTok says it has transparent guidelines on how it
responds to government requests for data.
Fortunately, this is a privacy story with a positive note. Some
easy steps you can take in about five minutes will help you keep
your information out of TikTok's hands.
[MMS adds two browser extensions, DuckDuckGo
and Ghostery,
to the Mozilla Firefox included with Linux
Mint.] Abhinav Raj:
Your
SSD Will Outlive Your Entire PC, So Don't Overpay For A
Bigger One Right Now. (XDA;
Amid a steadily-worsening PC-hardware economy, NAND flash
prices seem to be the next in line to rise above the
threshold of affordability. Whenever a price rise hits the
consumer market, the natural instinct to hoard tends to
prevail. That's been true for RAM, GPUs, and entire consoles too,
so it feels reasonable to fill up your M.2 and SATA slots while
you can.
And in part, that's what the conventional wisdom floating around
on PC-building forums suggests as well. For the capacity
you actually need, that advice is sound. However, for
speculative future capacity like the extra terabyte or two
you may need eventually, it's a good
idea to rethink before you make a purchase. Your
SSDs will almost certainly be in great shape long after you've
swapped out most parts of your build, and overpaying for
storage you won't use for years is a worse financial
decision than it might seem,
especially when NAND prices are nearing an all-time high. NEW: Marcus Nestor: The
Final Release Of Firefox 153 Is Expected July 21st, 2026.
(9to5 Linux; June 17, 2026)
With the release of Firefox 152 rolling out to
all supported platforms, Mozilla promoted the next major
release, Firefox 153, to the beta channel for public testing,
so it's time to take a look at the new features and
improvements: The big news with Firefox 153 is that it will be the next Firefox
ESR (Extended-Support Release) series, supported for 15 months
with regular updates that coincide with new Firefox releases. Firefox
153 ESR will join the Firefox 140 ESR and
Firefox 115 ESR releases, the latter being retired in
September 2026. Firefox 153 also promises:
- a new "Pick a color" quick action that lets you pick and
copy a color from any web page by typing "pick color", "color
picker", or "eyedropper" in the address bar,
- improved support for videos with overlays, and
- the ability to quickly-open Firefox Labs by typing
"labs" or "experiment" in the address bar.
There are several improvements to how PDFs are handled,
such as:
- the ability to merge multiple PDFs by dragging a PDF in
the PDF sidebar,
- the ability to add images as new pages within PDFs, and
- the ability to highlight text selected in PDF files clearly,
like in normal web pages.
Among other noteworthy changes:
- Extensions will no longer be able to access local files by
default.
- The location-permission icon is now highlighted in red
whenever a website has access to your location, and
- Qualified Website Authentication Certificates (QWACs) will now
be displayed in accordance with eIDAS regulations. For Windows users, Firefox 153 promises support for High
Dynamic Range (HDR) videos on Windows 10 and 11 systems with a
supported HDR display connected to AMD and NVIDIA GPUs. For macOS users, it promises support for Apple’s
system-wide full-screen keyboard command (Globe-F). For web developers, Firefox 153 promises support for:
- a limited subset of the non-standard ::-webkit-scrollbar
pseudo-element.
- the popover=hint specification,
and
- support for the Error.stackTraceLimit property to set
the maximal depth of the captured JavaScript error stack.
Starting with this release, developers will be able to use the
text-import attribute to import text files using the module
system.
Firefox 153 also:
- updates the alignment-baseline property to support new
keywords alphabetic, ideographic, central, mathematical, and
hanging, and
- adds support for the closest-corner and farthest-corner
keywords to the circle() and ellipse() functions.
Last but not least, Firefox 153 promises to:
- update HTML parsing rules for < select >
elements to align with web standards for supporting future customizable
select drop-down features,
- implements Intl.LocaleInfo for querying locale information,
and
- updates the Picture-In-Picture API for user-agent
Picture-In-Picture functionality. Mozilla plans to release Firefox 153 on July 21st, 2026,
as the new ESR (Extended Support Release) series, along with
the Firefox 140.13 and Firefox 115.38.0 ESR releases. Until then,
you can download the latest beta version of Firefox 153
right now from the official website,
but keep in mind not to use it for production work. Marcus Nestor: Mozilla
Firefox 152 Is Now Available For Download. Here's What's
New. (9to5 Linux; June 15, 2026)
Today, Mozilla has published the final builds of the Firefox
152 web browser ahead of its official unveiling on June
16th, 2026, so it's time to take a look at the new features
and improvements. Highlights of Firefox 152 include:
- experimental support for the new JPEG XL image format in
Firefox Labs,
- support for widgets on the New Tab pages,
- and further modernization of the Firefox settings with a
brand-new look with streamlined organization, clearer groupings,
and improved navigation for easier customization.
On Linux and Windows systems, it is now possible to copy
links without switching to a tab via the Share > Copy
Link right-click tab context menu option. Even better,
it's possible to copy multiple links at once when multiple
tabs are selected.
On top of that, Firefox 152 adds support for:
- additional and smaller zooming increments when using the
keyboard or mouse to zoom sites,
- opening tabs in a new tab or a new container tab from the
context menu of the Tabs from Other Devices panel in the
sidebar,
- video controls like play, pause, full-screen, mute, and loop
in the right-click menu to more sites and
- muting Firefox from the address bar by typing "mute" (or
"shush" or "sssh") or by using a quick action in the address bar,
- opening downloaded PDF files in a background tab when
closing the original tab or when switching tabs,
- adds a new "Send tab" toolbar button, and
- action buttons for web notifications via a new "actions"
option.
The Private Browsing feature has been improved as well in
Firefox 152, to no longer break websites because of tracker
blocking. As such, Firefox will now show an info-bar
after a reload. Clicking the "Reload" button in the info-bar
will disable tracker blocking before reloading the page.
Among other note-worthy changes, this release improves:
- GTK support by fixing the direction of word-based selection
commands in RTL (right-to-left) text fields,
- improves the About Mozilla Firefox dialog for multi-monitor
setups so that it will open more reliably on the monitor
with the most-recently-used Firefox window,
- fixes a bug that caused the Paste option to be missing from
the context menus when editing content on sites like eBay,
LinkedIn, and Squarespace,
- adds built-in dictionary support for the Firefox
spellchecker on the Firefox builds in Croatian, English
(UK), Georgian, Persian, Slovenian, Tajik, Tamil, Tibetan,
Turkish, Welsh, and Xhosa languages. For Android users, Firefox 152:
- improves the sharing of remote PDF documents by sharing the
file itself instead of its URL ( which you can still share
by copying it from the awesome-bar of the Firefox for Android
app), and
- optimizes the performance when pinch-zooming web pages,
especially on lower-spec devices. For macOS users, Firefox 152:
- improves the reliability of saving images when dragging them
to the desktop or Finder windows,
- correctly places images where they are dropped,
- improves support for more advanced cursor-movement commands,
and
- fixes several text-editing commands involving arrow keys
in setups using right-to-left (RTL) languages.
For developers, Firefox 152 introduces:
- an option in DevTools to toggle the display of comment nodes
in the Inspector,
- support for the field-sizing property,
- support for the WebAuthn Related Origin Request feature,
and
- support for the unadjustedMovement option in the Pointer
Lock API. As mentioned before, Mozilla plans to release Firefox 152 on
June 16th, 2026, along with the Firefox 140.12 and Firefox
115.31.0 ESR (Extended Support Release) releases. Until
then, you can download the binaries for 64-bit, 32-bit, and ARM64
systems, or the source tarball, right now from the Mozilla
website.
[Or, after any fine-tuning by the OS you use, from the OS
website.] Ella Adams and Sam Drysdale, State House News Service: Massachusetts
House Unanimously Passes Data-Privacy Bill.(WBUR
News; June 5, 2026)
Yesterday, the Massachusetts House unanimously passed a
major data-privacy bill that would:
- give consumers new rights and
- impose restrictions on companies' use of personal
information. Representatives voted 146-0 in favor of the bill, which would: - require affirmative consent before
sensitive information can be sold or shared, - ban the sale of precise geo-location data, - create special protections for minors,
and - authorize enforcement by the Attorney-General
and, in some cases, private individuals.
The bill's passage sets the stage for an effort to form a
consensus bill with the Senate, which passed its version
of the bill (S 2619) by a 40-0 vote in September. "Data privacy is the under-pinning of all future tech bills.
We have to do data privacy first", Rep. Tricia
Farley-Bouvier, Co-Chair of Advanced Information Technology,
the Internet and Cybersecurity Committee, told reporters
when asked about where the proposal lands in the larger
environment of tech bills, including ones the House has
passed regulating artificial intelligence in campaign
advertisements and youth social media.
During floor remarks, Farley-Bouvier framed the bill as the
latest chapter in a Massachusetts privacy tradition dating back
to Samuel Warren and future U.S. Supreme Court Justice Louis
Brandeis, who argued in an influential 1890 Harvard Law Review
article that Americans have a "right to be let alone".
She said the legislation responds to a modern economy
built on the collection and sale of personal data and puts
consumers at the center of decisions about how that
information is used.
[Bravo, Massachusetts State House - and onward! (We are the COMMONwealth
of Massachusetts.)] Dan Goodin: Websites
Have A New Way To Spy On Visitors: Analyzing Their SSD
Activity.(Ars Technica; May 27, 2026)
Telltale solid-state-drive activity can be measured in the browser
using simple JavaScript.
Over the decades, there has been no shortage of sites using
clever techniques to covertly track visitors' browsing histories,
device fingerprints, and keystrokes and mouse movements in real
time. Even Meta and Yandex were recently
caught joining in the privacy-invasive free-for-all. Now sites have a new way to spy on their visitors: measuring
subtle interactions with their solid-state drives. The technique,
named FROST (fingerprinting remotely using OPFS-based
SSD timing), allows sites to monitor other sites
a visitor is viewing and what apps are open on their
devices.
Mark Rasch: It's
Not The Computer, Stupid. It's The Information In It. Two
Recent Indictments Stretch The Limits Of "Theft" Of
Information. (Security Boulevard, April 30,
2026) We continue to talk about "computer crime" as if the
computer were the thing we are trying to protect. It is
not. The real object of protection is information - its
confidentiality, its integrity, and its availability.
The computer is merely the medium. The law, however, still
speaks in the language of theft, conversion, and fraud -
concepts developed for tangible property - and then struggles
to apply those concepts to something that can be copied,
transmitted, and retained simultaneously by multiple parties
without depletion.
Two recent federal indictments illustrate the problem with unusual
clarity. One involves a U.S. Army insider (the Van Dyke matter), and
the other charges the Southern Poverty Law Center (SPLC)
with, among other things, participating in the acquisition and
copying of internal documents from an extremist organization. The
charging documents themselves are available from the Department
of Justice. What is striking about both is not simply the
conduct alleged, but the legal theory underlying the
allegations. Luci Stanescu: AppArmor
Vulnerability Fixes Available. (Canonical/Ubuntu,
March 12, 2026) Qualys discovered several vulnerabilities in the AppArmor
code of the Linux kernel. These are being referred to as CrackArmor,
while CVE IDs have not been assigned yet. All of the vulnerabilities
require unprivileged local user access. The impact of these
vulnerabilities ranges from denial of service to kernel memory
information leak, removing security controls, and local privilege
escalation to root user.Ubuntu releases are affected
differently and this is detailed in the corresponding sections
below. Linux kernel fixes for the supported Ubuntu releases are being
made available as security updates by the Canonical
Kernel Team. Furthermore, our security team has provided
user-space mitigations in the form of security updates, for all
affected Ubuntu releases. Our recommendation is that
you apply both user-space mitigations AND Linux-kernel security
updates. AppArmor is a Mandatory Access Control (MAC) Linux
Security Module that provides an additional layer of security
on Ubuntu systems, and supplements the traditional Discretionary
Access Control (DAC) module. In addition to being enabled by
default on Ubuntu releases, AppArmor is also used by
other Linux distributions. Michael Larabel: Intel's
"Clear Linux" Website Is No Longer Online.
(Phoronix, March 1, 2026) Last July, Intel sadly ended its Clear Linux
distribution amid cost-cutting measures at the
company. Clear Linux for a decade served at the forefront
of Linux performance innovations and was consistently the
fastest out-of-the-box Linux x86_64 distribution until Intel
ended the Linux distribution without any advanced notice for
its users. Intel had kept up the ClearLinux.org
website online to download the final releases and access
other technical content and forum discussions, etc. Sadly, that
too was recently taken offline. NEW: Alex Diaz-Kokaisl: How
To Clean The Ports On Your Electronic Device (IFixIt,
Feb. 12, 2026)
If your device isn't registering something being plugged into a
port, like a USB flash drive, that port may be dirty and require
cleaning. The cleaning procedures for each type of port follow the same
progression: - cleaning with air, - a brush, - and finally a cotton swab with isopropyl alcohol.
Although similar, the procedures do vary slightly, and you
should read the steps for the type of port you're cleaning. Notepad++
(For Microsoft Windows) Was Hijacked By State-Sponsored
Hackers. (Notepad++ News, February 2, 2026)
Following the
security disclosure published in the v8.8.9 announcement,
the investigation has continued in collaboration with external
experts and with the full involvement of my (now former)
shared-hosting provider.
According to the analysis provided by the security experts, the
attack involved infrastructure-level compromise that allowed
malicious actors to intercept and redirect update-traffic
destined for notepad-plus-plus.org. The exact technical
mechanism remains under investigation, though the compromise
occurred at the hosting provider level rather than through
vulnerabilities in Notepad++ code itself. Traffic from
certain targeted users was selectively redirected to attacker-controlled
malicious-update manifests. The incident began in June 2025. Multiple
independent security researchers have assessed that the
threat actor is likely a Chinese state-sponsored group,
which would explain the highly-selective targeting observed during
the campaign.
[Notepad++ is a popular free alternative to Microsoft's
own Notepad source-code editor for Windows;
this will NOT endanger Linux
operations.] Emanuel Maiberg: Massive
AI-Chat App Leaked Millions Of Users' Private Conversations.
(46-min. YouTube video; 404 Media
podcast, January 29, 2026) Chat & Ask AI, which claims 50-million users,
exposed private chats about suicide and making meth. Jim Fisher: Barring
A Christmas Miracle, A DJI Drone Ban Looks Inevitable.
Here's What That Means For You. (PC Mag, December 16,
2025)
On Dec. 23, DJI drones are set to be pulled from the US market
unless a security audit is completed. There's been no audit thus
far, so the ban is all but certain. What does this mean for anyone
who flies drones or makes content with them? Let's break it down.
DJI is mere days away from getting the Huawei-ZTE treatment from the
FCC. Its drones and cameras are set to be added to the agency's
covered list on Dec. 23, and the only thing that can save it is
a security audit, and no agency has taken up the task. This
comes after a year in which DJI has faced significant challenges
with US customs, that have delayed product launches and
re-stocks. Recent releases, including the Neo 2, have
skipped the U.S. market - and others, like the Mini 5 Pro,
have faced delays and limited retail availability. Read on to
find out what's going on with DJI drones in the US, and why the
situation could soon get much worse.
DJI announced several products this year, but all have faced delays
or haven't been released in the US at all. In a blog post, DJI
places the blame on US Customs and Border Protection (CBP),
while CBP cites violations of the Uyghur Forced Labor
Prevention Act as the reason to hold imports. DJI
denies violating this law. Regardless of who you believe, it's
been feast or famine when shopping for DJI gear all year - there
were times when you could get pretty much any product delivered in a
day, and others when everything from DJI was sold out.
Meanwhile, DJI faces a potential blanket ban on marketing future
releases in the US. The 2024 National Defense
Authorization Act (NDAA) requires a security
audit of the company's product line. If it's not performed by
Dec. 23, DJI will be added to the FCC Covered List, which means
that it will be unable to introduce new products into the US at
all. While most associate the brand with its drones, DJI
also makes cameras and smartphone gimbals under its Osmo
imprint, as well as cinema equipment under the Ronin
banner. As for items you already own and use, the FCC prohibitions
are about sale, not use. Your DJI drone, camera,
or gimbal will continue to work just as before.
However, you may have a difficult time getting it repaired,
and will need to consider another brand when it's time to
replace your equipment.
When it comes to consumer drones, there's DJI, and then
there's everyone else. DJI beats other brands in
camera quality and safety features, so losing access to
its products will simply be devastating for drone enthusiasts,
vloggers, filmmakers, and others who use DJI gear for aerial
video and photography. The closest I've tried - the Potensic
Atom 2 - is a good performer among budget drones, but I
haven't seen any competitors match the Mini 4 Pro or Mavic
3 Pro in terms of camera quality or aerial performance.
Professionals who rely on drones for business, farmers who use
them to monitor fields, and law enforcement officers who use them
for search and rescue are left in a similar lurch.DJI's
Welsh tells me that around 450,000 US individuals use DJI
drones to earn a living; it's estimated to be a $116-Billion
industry. Those jobs are in jeopardy, and a survey of members
of the Drone Service Providers Alliance shows that two-thirds
of its membership expect to go out of business without access to
DJI drones. NEW: Kevin Klangman: Burn-My-Windows
Extension Is Available For Linux-Mint v.22 Cinnamon.
(CinnamonBurnMyWindows, 2025-11-10) Window open, close, minimize and un-minimize effects, for the Cinnamon
desktop. This is a Cinnamon port of the Gnome
extension Burn-my-Windows, by Simon Schneegans:
"Disintegrate your windows with style!" (See its 2-min. YouTube
demo video and more.) It also includes a port of the Gnome
Magic Lamp effect.
Please go to the above links and support their projects,
since this is merely a port of their fine work! But DO NOT use
these Github links to report issues.
Note: This extension needs the Cinnamon.GLSLEffect
class, which is only available in Cinnamon 6.2 (Mint 22) or
newer.
[One of thousands of examples of volunteers creating
open-source extensions, and other volunteers modifying
them for our favorite flavors of open-source Linux!] Aaron Krolik and David Bolaños: How
A Cryptocurrency Helps Criminals Launder Money And Evade
Sanctions. Through Layers Of Intermediaries, Stablecoins
Can Be Moved, Swapped And Mixed Into Pools Of Other Funds In
Ways That Are Difficult To Trace, Experts Say. (10-min.
podcast; New York Times, December 7, 2025) Smugglers, money launderers and people facing sanctions once
relied on diamonds, gold and artwork to store illicit fortunes.
The luxury goods could help hide wealth, but were cumbersome to
move and hard to spend.
Now, criminals have a far-more-practical alternative: stablecoins,
a cryptocurrency tied to the U.S. dollar that exists largely
beyond traditional financial oversight.
These digital tokens can be bought with a local currency and
moved across borders almost instantly. Or they can be returned to
the traditional banking system - including by converting funds
into debit cards - often without detection, a New York
Times review of corporate filings, online forum messages and
blockchain data shows.
A report released in February from Chainalysis, a
block-chain analysis firm, estimated that up to $25-Billion in
illicit transactions involved stablecoins last year. And as
more Russian oligarchs, Islamic State leaders and others have begun
using the cryptocurrency, the rise of these dollar-linked tokens
threatens to undermine one of America's most potent foreign
policy tools: cutting adversaries off from the dollar and the
global banking system. Governments are racing to contain the activity. Late last
month, Britain arrested members of a billion-dollar
money-laundering network that purchased a bank in Kyrgyzstan in
order to help evade sanctions and facilitate payments in support
of Russian military efforts. For a fee, Britain's National
Crime Agency said, the launderers would convert money,
often generated from the drug trade, firearm sales and human
trafficking, to Tether, the most popular stablecoin. "These 'cash-to-crypto' swaps are an integral part of a
global criminal ecosystem", said Sal Melki, deputy
director for economic crime at the National Crime Agency. For decades, the Treasury Department has relied on banks and
credit card companies to root out illicit financial activity,
requiring them to spend billions on compliance measures that track
and block groups that are subject to government sanctions - or face
enormous fines. Since most of the world's dollar-denominated
trade flows through these regulated channels, transacting with
those facing sanctions has been extraordinarily difficult. Stablecoins bypass this system entirely. Through
layers of intermediaries, digital dollars can be moved, swapped and
mixed into pools of other funds in ways that are more difficult for
the authorities to trace.
To test just how easily crypto can slip between the cracks of
banking controls, I found a crypto A.T.M. in Weehawken, N.J., to
convert cash into stablecoins. Soon after I fed two $20 bills into
the machine, I received a notification on my phone that crypto had
arrived in my digital wallet. A Telegram bot then guided
me through the next step: using the stablecoins to generate a Visa
payment-card number with a balance that I could spend anywhere. The
card I was issued did not require me to provide an address or
identity check of any kind - in effect creating a degree of
anonymity for my spending.
My experiment was perfectly legal, despite anti-money-laundering
laws in the United States that require banks to scrutinize the
identity of an account holder and the source of funds before issuing
credit, debit and payment cards.
The Telegram bot that issued my card was run by WantToPay,
a company that advertises Visas and Mastercards to Russians who want
to shop abroad or make purchases online but are blocked by U.S.
sanctions. Because of sanctions tied to the invasion of Ukraine,
many American companies cannot process payments from most Russian
banks. In its ads, on WantToPay’s website and on
its Telegram channel, the company promises instant
issuance without any of the traditional customer checks
that banks must perform. WantToPay is incorporated
in Hong Kong, although a Russian entrepreneur in
Thailand leads the company, corporate records show.
Hundreds of reviews on Russian-language online forums describe using
the cards to circumvent restrictions and pay for services such as ChatGPT,
Netflix and other online platforms that Russians cannot
otherwise use. WantToPay did not respond to multiple requests for comment.
After I contacted the company, references to Visa and Mastercard
disappeared from its website, and it posted a notice on Telegram
that it was no longer issuing cards. WantToPay, however, was only one link in a
chain of financial intermediaries I encountered. While it
marketed my card to me, I learned that WantToPay used
another company to generate it. I soon traced my Visa
to Dock, a Brazilian financial-technology firm that
issues cards for companies such as WantToPay. Dock is one of many financial firms that help
companies issue Visa and Mastercard cards through
banks, but are themselves not a regulated financial
institution, meaning they are not subject to the same
compliance standards as their banking partners. Dock
denied any relationship with WantToPay.
The growing chain of custody of my card illustrated how illicit
actors can use crypto to exploit gaps between companies responsible
for issuing cards and those responsible for enforcing
financial rules.
On Telegram and elsewhere, I was able to identify 24
additional companies advertising anonymous Visa and Mastercard
products funded by stablecoins, with spending limits up to
$30,000. The companies are incorporated in countries
across the globe, including Costa Rica, Malta, Georgia, Kazakhstan
and Russia, according to corporate filings and government
records. Most rely on automated Telegram bots to manage
customer sign-ups and transactions.
In July, President Trump signed the GENIUS Act, which was described
as the United States' first major piece of crypto legislation. It
established a federal regulatory system for stablecoins, defined
rules to ensure financial stability and created compliance programs
intended to combat illegal activity and sanctions violations. Circle,
the second-largest issuer of stablecoins, praised the law, saying it
showed the federal government was modernizing anti-money-laundering
rules for the digital era.
A spokesperson for Tether said in a statement that criticisms
related to illicit finance overlooked the fact that blockchain
transactions were far more traceable than cash, and that most
illicit activity occurred in secondary markets outside its
control. The company emphasized that it worked closely
with global law-enforcement agencies, and that it had helped to
freeze more than $3.4-Billion in illicit funds. But critics argue the law has limits. The regulations apply
primarily to U.S.-based exchanges such as Coinbase,
which must verify customers and monitor transactions. Yet funds
can still move freely through offshore platforms, unregulated
coins and decentralized finance systems that face none of those
requirements. Tether, which has over $180-Billion worth of
stablecoins in circulation, is based in El Salvador and
would not be covered by the new rules. The company holds
more than $112-Billion in U.S. Treasuries, and any
law-enforcement action against Tether could potentially risk
destabilizing important financial markets.
The picture is further complicated by political
and financial ties surrounding Tether. The company has
close connections to the family of
Commerce Secretary Howard Lutnick, who is responsible
for restricting exports of sensitive U.S. technology -
restrictions that people can try to sidestep by making
transactions with stablecoins like Tether. One of
Mr. Lutnick's sons, Brandon, is the chairman of Cantor
Fitzgerald, which provides services to Tether, placing the family in a position where the
company behind the world's largest offshore dollar token
intersects with a key federal enforcement role.
Another son, Kyle, is executive vice chairman of the firm.
Cantor Fitzgerald and the Commerce Department
declined to comment. Efforts to police the offshore crypto ecosystem have
repeatedly fallen short. A Kyrgyz company this year
introduced dollar-backed Visas and Mastercards
bought with stablecoins pegged to the ruble. Even after
the United States and Europe placed sanctions on the
ruble-pegged coin, known as A7A5, and its issuer, supporting
banks, exchanges and the oligarch tied to its development,
the token continues to circulate. Shortly before
U.S. authorities placed sanctions this year on the
main exchange that traded A7A5, it quietly transferred
tens-of-millions of dollars in stablecoins to new wallets
that had not been identified by the authorities to be seized under
the sanctions.
["What is this thing you call money?" It's a convenient
way to enable inflation, to make the rich richer and the poor
poorer - and now you don't have to be a Native America to
question its value.] Addie LaMarr: How to Become
Invisible Online in 2026. (14-min.
YouTube video; Mykajabi, December 6, 2025)
Download the Beginner's
Privacy Action Toolkit (.pdf):
- Includes a 24-hour quick-start, identifier fixes, browser
isolation, and data-broker protection.
- Built for beginners who want simple, high-impact privacy steps.
- Why most people disappear wrong in 2026 (and how the internet
still finds you).
- How to break the system that keeps rebuilding your identity,
even after you delete everything.
Most people will tell you to use a VPN, delete all your accounts,
and switch to Tor. That advice barely works in 2026. Not when the
real tracking happens underneath your browser, in the data you never
meant to give away. In this video, I break down the surveillance
architecture that keeps regenerating your identity even after you
try to disappear, and the steps that actually work for the world we
live in now.
I have spent more than 15 years in cyber-security, cryptography, and
threat-modeling. My job is to show you what protects you today. If
you are burned-out, neuro-divergent, self-taught, or tired of ending
up inside datasets you never agreed to, this is the clarity you have
been waiting for. By the end, you will understand not only how the
internet tracks you, but how to break its ability to follow you.
What you will learn in this video:
- How identity-reconstruction works after deletion, and why it is so
aggressive in 2026.
- What actually shrinks your digital shadow, and what is a complete
waste of time.
- How device-fingerprinting works, in plain English.
- How data brokers rebuild you, even if you vanish.
- Why VPNs, Tor, and account-deletion barely matter anymore.
- How to break the five identifiers that define your online
identity.
- The blueprint for compartmentalization and un-mergeable
behavior in 2026.
Want extra content? Inside the Cyber Resistance Club,
you get the research books, citations, and breakdowns that take you
from beginner to fully-informed. This video covers only the surface
level. The CRC includes:
- Weekly GHOST reports, with the research I cannot share on YouTube.
- The entire library of privacy and surveillance deep-dives.
- Cited books and frameworks that teach cyber-security in real-world
context.
- A 12-minute bonus video with my full opinions.
- Huge breakdowns of the forces that shape modern tracking.
- The technology, the incentives, and the counter-measures that work
in 2026.
[Enticing; is it trustworthy?] NEW: Ashwin: Dell
Says The Transition To Windows 11 Is Slower Than Windows 10.
(GHacks, November 27, 2025) Microsoft suggested that users trade or recycle their old PCs,
and buy new ones that support Windows 11.
Are people doing that? Dell says its PC sales have slowed
down, due to the transition to Windows 11.
When asked about Windows End-of-Life upgrades, Jeff Clarke, COO,
Dell Technologies said, "We have not completed the Windows 11
transition. In fact, if you were to look at it relative to the
previous OS in the service, we are 10-12 points behind at that point
with Windows 11 than we were the previous generation."
In case you forgot, Microsoft pulled the plug on Windows 10
on October 14, 2025. There are ways to extend security
updates for free on Windows 10. Since it's only been a month since
Windows 10 reached end-of-life, it's too early to expect most users
to buy new PCs to upgrade to Windows 11. But, the fact that a top
executive at a PC manufacturing company said that the Windows 11
adoption rate is slow, is pretty important.
According to StatCounter, 41.74% of desktops were running on Windows
10 in October. Windows 11 had a market share of 55.18% in the same
period. Now, when we compare this data to that from a year ago,
Windows 10 had 60.95% of the market in October 2024, while Windows
11 held 35.58%. That difference is massive, and you might think that
Windows 11 is rising in popularity. However, when you look at the
recent numbers, the trend has slowed down considerably. Windows 10
dropped by just 2% in September 2025, while Windows 11 managed to
see a 3% increase.
Why? Millions of PCs worldwide cannot be upgraded to Windows
11 due to strict hardware requirements. These are likely
the numbers that contribute to the large chunk of Windows 10 users
out there. They're stranded on Windows 10; some of those
users may have drifted over to Linux or Mac, and some users
may have opted not to upgrade to Windows 11 because of concerns
about bloat, performance degradation, and privacy. Some
people may have just stayed on Windows 10 because it works,
why risk upgrading?
Clarke also said that "the installed base is roughly
1.5-billion (Dell) PCs. We have about 500-million of them
capable of running Windows 11 that have not been upgraded.
We have another 500-million (that are four years old or more)
that cannot run Windows 11."
Dell foresees big profits, but we also need to factor end-users. I'm
not sure AI is going to drive PC sales; most AI services are
cloud-powered, all you need to use them is a browser or a desktop
app. Not a lot of people are going to get a PC specifically for AI
purposes. There are Copilot+ PCs, but those may not seem like an
attractive option to the average buyer, who may just need a reliable
computer.
There's something else to consider. RAM prices have gone through the
roof, which in turn will affect computer sales. If you look at the
overall market, it's pretty bad right now. Console prices have
increased significantly this year. A lot of these have been
influenced by tariff policies.
[Before abandoning your existing computer(s), try them out
running a
stable Linux operating system, such as Linux Mint, oft-times
offering better performance, and with in-computer access to vast
amounts of reliable and well-supported Free, Open-Source
Software (FOSS)! Want help? You'll find many Linux websites, local and online Linux
user groups (ours is NatickFOSS.org)
and Linux consulting firms (we run Miller Microcomputer Services,
near Boston MA, USA).] Stop The
Spying! Fix It With A Raspberry Pi + Pi-Hole
+ Unbound (Complete Guide) (16-min. YouTube
video; Dad, The Engineer, December 4, 2025) In this full tutorial, I walk you through installing Pi-hole
on a Raspberry Pi - and then leveling up with Unbound,
a local recursive DNS resolver that gives you actual
privacy from ISPs, apps, Smart TVs, and advertisers. The
full install should take less than 20 minutes! Download the Worksheet HERE.
The companion worksheet includes:
- All commands copy/paste-ready.
- Setup checklist.
- Spaces to record hostnames, IPs, passwords.
- Maintenance notes.
- Backup reminders.
This walk-through is designed for complete beginners, and
yes - even if you've never touched Linux, you can follow
this. If you can follow a recipe, you can build a DNS
filtering system.
By the end of this video, you'll have:
- A Raspberry Pi running Pi-hole.
- Network-wide DNS filtering.
- Optional Unbound for 100% local recursive DNS.
- Fewer ads.
- Less tracking.
- More privacy.
- And way more confidence in your home network. Hardware Needed:
- Raspberry Pi 3B or newer (Ethernet recommended),
- microSD card (8GB or larger),
- SD card reader,
- Computer (Windows/macOS/Linux),
- Router admin access. Chapters:
00:00 – The problem everyone hopes you ignore
00:23 – Take control of your privacy with Pi-hole + Unbound
01:47 – The game plan
02:20 – GET THE WORKSHEET!!!!!!
03:00 – What you need
03:31 – Step 1: Flash the RPi OS to an SD card
05:14 – Step 2: Update your RPi
06:17 – Step 3: Give the RPi a static IP address
06:58 – Step 4: Install Pi-hole
08:39 – Step 5: Set your router to use Pi-hole
09:35 – Step 6: Adding Unbound & configuring Pi-Hole (OPTIONAL)
12:20 – Do you want a redundant, high up-time Pi-hole video?
13:38 – Maintenance and backup (what most tutorials don't mention)
14:19 – Ask for help, if you need it; that's what dads are for!
[These appear to be good instructions for one of the options in his
prior video (below).] NEW: Your
ISP Is Watching Everything - Fix It With DNS
Filtering! (17-min. YouTube video; Dad, The
Engineer, November 18, 2025) DNS filtering sounds boring, but it quietly
kills 70–90% of the junk your devices are constantly trying to
talk to:
- tracking servers,
- advertising servers,
- telemetry,
- data brokers,
- Smart TV ACR endpoints,
- botnet callbacks,
- malware domains, and
- other nonsense that has nothing to do with what you're
doing.
If your Smart TV is spying on you, your phone is narcing, and your
ISP is selling your secrets… this video is for you.
And the best part? I have solutions for every skill level. NEW: America's
First VPN Ban: What Comes Next? (12-min.
YouTube video; Techlore, November 18, 2025) U.S. states including Wisconsin (AB105/SB130) and Michigan are
pushing to ban Virtual Private Networks as part of
age-verification laws that compromise digital privacy for
everyone. This video explains why these bills:
- are technically impossible to implement,
- threaten journalists and abuse survivors who rely on VPNs, and
- mirror censorship tactics.
Microsoft Windows 11 Fails On Millions Of PCs: Ashwin: Microsoft
Says Windows 11 Updates Could Break The Taskbar, Start Menu,
Explorer And More On Enterprise PCs. (GHacks,
December 4, 2025)
Microsoft has published a support document that says that Windows 11
updates might cause several system apps to stop working. These
issues seem to affect enterprise PCs.
This is what the support page says: "After provisioning a PC
with a Windows 11, version 24H2 or a Windows 11,
version 25H2 monthly cumulative update released on or
after July 2025 (such as KB5062553 or KB5065789), XAML-dependent
modern apps such as Explorer, the Start menu, SystemSettings,
Taskbar and Windows Search might experience difficulties."
It mentions some scenarios where:
- Explorer may crash on start.
- Windows may log on to a black screen.
- The Taskbar may fail to appear/render/display on the desktop.
- The Start Menu may fail to open, and display a critical error
message.
- ShellHost.exe could crash.
- XAML-dependent apps like Consent.exe, which is used for the User
Account Control UI, may crash or fail to start.
- The System Settings page, i.e. Start>Settings>System may
fail to open.
- Apps may crash when initializing XAML views. NEW: Sayan Sen: Microsoft
Confirms Windows 11 Is About To Change Massively, Gets Enormous
Backlash. (Windows-11 wallpaper - with
thumbs-down emoji; Neowin, November 13, 2025)
Recently, Neowin published an interview with AMD wherein the company
suggested that its processors would be compatible with the next
generation of Windows. The chip maker stated that its Ryzen AI PCs
would be "not only compatible with future Windows capabilities, but
optimized for them".
One of the reasons for mentioning Ryzen AI is because of how Windows
itself is about to change in a really big way such that it
already requires AI-specific hardware for certain features to work.
Microsoft's Windows chief Pavan Davuluri had earlier hinted at such
plans already about how the next evolution of OS will make it
capable enough to "semantically understand you" as Windows will get
"more ambient, more pervasive, more multi-modal". Using features
like Copilot Vision it will be able to "look at your screen" and do
more.
The company is working on Model Context Protocol (MCP) for Windows
11 in an effort to help it become the Agentic OS that essentially
will turn Windows into an AI OS.
Here is how Microsoft puts it: "MCP on Windows offers a standardized
framework for AI agents to connect with native Windows apps,
enabling them to easily participate in agentic interactions on
Windows. Windows apps can expose specific functionality to augment
the skills and capabilities of agents installed locally on a Windows
PC."
A few days ago, Davuluri shared his excitement about it on his
official X handle. He seemed very eager to reveal what the company
has in mind at the upcoming Ignite event regarding the agentic OS
plans.
Unfortunately for Microsoft and Davuluri, the response has been
overwhelmingly negative, so much so that the comments on that X post
have now been disabled. Interestingly, several of them have been
heavily upvoted so it clearly shows many people do not like the
sound of Windows becoming an agentic OS.
"How about making Windows fast ? Not agentic", said one user clearly
hoping Windows acted and felt faster than it now does. Another user
said "You can't even correctly implement small taskbar icons, which
is something users actually want. You are getting overwhelmingly
negative feedback about all this AI stuff. And yet you persevere.
Why?"
A user also suggested that all these extra features meant Windows
would get more bloaty as they wrote "Sounds like more bloat
incoming? Have you considered making an OS that is performant and as
bug free as possible? ... You guys seem to think everyone wants a
hundred always on permanantly in beta features running and phoning
home, eating up processing.."
Some of the commenters have also said that they are leaving Windows
and Microsoft 365 products due to the overwhelming implementation of
features that they may not want.
The comments on the thread have now been disabled as mentioned
above, but you can tell your own thoughts about it in the article
comments down below.
[Don't buy a new computer for Microsoft. Discover Linux and
other Free, Open-Source software, instead!]
New To Linux? To Get The Benefits, Learn The Differences! NEW: Void
Linux Explained: The Most-Unique Linux Distro! (5-min.
YouTube video; VS Tech, November 25, 2025)
In this video, we explore Void
Linux. Unlike Ubuntu, Arch, Fedora, or Debian,
Void is built completely from scratch, featuring the
light-weight runit init system, the powerful XBPS
package manager, and optional musl builds for maximum
performance and efficiency. We'll cover performance,
customization, package management, rolling release updates,
installation experience, pros and cons, and who should use Void
Linux in 2025.
If you love minimal, fast, systemd-free Linux distros, this
video is for you!
[Remember: Back Up BEFORE installing and running new
software.] NEW: Rubab: I Tried The
Top-5 Linux Distros Of 2026 – The Results Will SHOCK You!
(6-min. YouTube video; RM Tech, October 20, 2025)
In this deep dive, we unveil the Top 5 Linux Distros set to
dominate 2026 - from Linux Mint to Fedora, Pop!_OS, Zorin OS, and
openSUSE. Discover how these open-source operating systems
are redefining performance, privacy, and sustainability while
challenging Windows and macOS dominance. Whether you're a
beginner or a pro, this Linux Revolution guide will help you choose
the best distro for your digital future. NEW: Jorge Aguilar: 5
Reasons You Should Move To Linux Instead Of Windows
11. (Slashgear, September 29, 2025)
You've likely heard people talking about Linux as a more stable,
secure, and customizable operating system than Windows 11.
That might be hard to believe, but in many cases, it's true. If
you're tired of Windows' endless updates and slowdowns, you should
consider taking a look at Linux, which has never been easier to
download and run. The whole Windows vs. Linux debate is about way more
than just technical details: It's about two different ways
of using a computer. I'm fairly new to Linux, as I first
installed it about a year ago, but I've already abandoned Windows
almost entirely, with just one of my five computers running Windows
10. I did this because I wanted:
- a less-bloated OS
- better performance on older hardware
- no licensing fees, and
- more control of my privacy settings.
By the end of this article, you should understand why so many
(myself included) consider Linux a great alternative to Windows
11. We'll go over the real-world benefits an average user
could reasonably experience, focusing on how this OS can save
you time and money.
[Excellent article; almost as good as asking users of a good
beginner's Linux to show you how - as MMS has done for decades. We
recommend Ubuntu Linux, Linux Mint and, for some, LMDE.] NEW: Dominic Humphries: (Linux Is Not
Windows)
(Linux.oneandoneis2, May 6, 2024)
If you've been pointed at this page, then the chances are you're a
relatively new Linux user who's having some problems making
the switch from Windows to Linux. Many individual issues
arise from single problems, so the page is broken down into multiple
problem areas.
Problem #1: Linux isn't exactly the same as Windows.
Many people come to Linux, expecting to find essentially a free,
open-source version of Windows. However, it's a paradoxical hope.
People try Linux because they hope Linux will be better than
Windows. Common yardsticks for measuring success are cost, choice,
performance, and security. There are many others. But every Windows
user who tries Linux, does so because they hope it will be better
than what they've got. Linux can only better if it's NOT the same. A
perfect copy may be equal, but it can never surpass.
So when you give Linux a try in hopes that it will be better,
you are inescapably hoping that it will be different.
Too many people ignore this fact, and hold up every difference
between the two OSes as a Linux failure. Linux is not interested in market share. Linux does not have
customers. Linux does not have shareholders, or a responsibility
to the bottom line. Linux was not created to make money. Linux
does not have the goal of being the most popular and widespread OS
on the planet. All the Linux community wants is to create a really good,
fully-featured, free operating system. The point is to make
Linux the best OS that the community is capable of making. Not
for other people; for itself. The oh-so-common threats
of "Linux will never take over the desktop unless it does
such-and-such" are simply irrelevant: The Linux community isn't
trying to take over the desktop. They really don't care if it gets
good enough to make it onto your desktop, so long as it stays good
enough to remain on theirs.
That's what the Linux community wants: an OS that can be installed
by whoever really wants it. So if you're considering switching to
Linux, first ask yourself what you really want.
---
If you want to leave any feedback about this article, comment on my
blog. Creative Commons License: This work is copyright 24/05/06 and
belongs to Dominic Humphries. It may be redistributed under a
Creative Commons License: The following URL must supplied in
attribution:
<http://linux.oneandoneis2.org/LNW.htm>
[That's a condensed version of his Problem #1 for un-clued Linux
beginners. He has more; they're all apt to change the approach for
users of monopolistic software systems - and that CAN make it easy!] Return to main section of Money Is Not Wealth.