Applied mathematics. Tested code.

Maths background. I build security tools, data analysis systems, and production platforms where every claim has a number with units and a test that checks it. Information theory, statistical modeling, graph analysis - different problems, same method.

The open-source projects below cover cryptography, privacy quantification, entity resolution, and evidence fusion. The test suites verify mathematical properties, not just code paths.

I also run a production platform - three country sites on one backend, real payments through Stripe, real client data in Postgres. Scoring models, rolling-window monitoring, dispute evidence systems. Source is private; the thinking is at /writing/dispute-defense.

Stack

TypeScriptReact / Next.jsPostgresStripeSupabasePythonWeb CryptoCloudflare WorkersWebAuthn

Each chip → project or writing where the skill is shown.

How it fits together

Concepts × projects — where each primitive is actually shown11 × 7 · 23 edges
INFORMATION THEORYNON-PARAMETRIC STATISTICSEVIDENCE REASONINGGRAPH / SPECTRALCRYPTOGRAPHYShannon entropyheavy-tail / Boltzmanndifferential privacyKolmogorov-SmirnovFellegi-Sunter linkageJaro-Winkler similaritycalibrated scoringDempster-Shafer fusionspectral Laplacianmax-flow / graph algosWeb Crypto / HMAC / ECDSAPDF Changer1 primitivebeacon1 primitivetrace5 primitivesdegauss4 primitivesε-tx5 primitivesthreadr6 primitivesvault1 primitive
Each line connects a method to a project that implements it. Line colour follows the method’s category. 11 methods, 7 projects, 23 edges.

Featured

PDF Changer

pdfchanger.org

21 browser-only PDF tools. Nothing leaves the browser — CSP blocks all network access, three concurrent monitors feed a tamper-evident HMAC chain, and the VPE audit report is cryptographically signed. Passkey authentication, offline entitlements via ECDSA tokens.

21 tools299 tests29k lines

beacon

beacon.giuseppegiona.com

Security scanner for business websites. Seven scanners check TLS, headers, email authentication, exposed files, third-party tracking, forms, and cookies. Every finding maps to a documented breach — 115 precedents from ICO enforcement, FBI IC3, and court filings. Industry profiles adjust severity: no DMARC on an immigration agency is critical, not just high.

115 precedents65 tests5 industry profiles

Other projects

trace

Attribution investigation. Dempster-Shafer evidence fusion, Shannon entropy anonymity quantification, Fellegi-Sunter identity correlation. Court-ready forensic reports citing 12 UK statutes. 421 tests.

degauss

Identity exposure quantification. Shannon entropy, Fellegi-Sunter record linkage, data broker supply chain as a directed graph. 303 tests.

ε-tx

Cryptocurrency transaction privacy. Eight attack surfaces, Dempster-Shafer evidence fusion, inverse-OSPEAD for Monero ring analysis. Started as a maths dissertation. 364 tests, 18 papers cited.

threadr

OSINT reconnaissance tool. 17 data source plugins, spectral graph clustering, Lévy stable request timing to resist statistical detection. 331 tests.

vault

Encrypted document exchange. AES-256-GCM with HMAC key commitment (MEGA-class attack prevention), PBKDF2 passwords, AAD-bound metadata. Key in URL fragment. Nine research documents before code. 43 tests.

Writing

All posts
Where Stripe dispute evidence moves the needle
May 2026
Same person, five data sources, zero ground truth
Apr 2026
Your passport copy is sitting on someone’s Google Drive
Mar 2026
I scanned 15 Italian citizenship agencies for basic security. 14 scored F.
Mar 2026
Are online PDF tools safe? I checked the network traffic
Mar 2026
How anti-bot systems detect timing patterns
Mar 2026
31.6 bits is enough to identify you. I measured how much your accounts leak.
Mar 2026