Giuseppe Giona
Maths background. I build security and privacy tools where the claims are testable — information-theoretic bounds, not marketing copy. Most of the interesting work sits at the intersection of cryptography, graph analysis, and document processing.
Everything is open source. The test suites verify the mathematical properties, not just the code paths.
Featured
21 browser-only PDF tools. Nothing leaves the browser — CSP blocks all network access, three concurrent monitors feed a tamper-evident HMAC chain, and the VPE audit report is cryptographically signed. Passkey authentication, offline entitlements via ECDSA tokens.
Security scanner for business websites. Seven scanners check TLS, headers, email authentication, exposed files, third-party tracking, forms, and cookies. Every finding maps to a documented breach — 115 precedents from ICO enforcement, FBI IC3, and court filings. Industry profiles adjust severity: no DMARC on an immigration agency is critical, not just high.
Other projects
Identity exposure quantification. Shannon entropy, Fellegi-Sunter record linkage, data broker supply chain as a directed graph. 303 tests.
Cryptocurrency transaction privacy. Eight attack surfaces, Dempster-Shafer evidence fusion, inverse-OSPEAD for Monero ring analysis. Started as a maths dissertation. 340 tests, 18 papers cited.
OSINT reconnaissance tool. 17 data source plugins, spectral graph clustering, Lévy stable request timing to resist statistical detection. 282 tests.
Encrypted document exchange. Client-side AES-256-GCM, key in the URL fragment (never sent to server). Nine research documents written before any code.