Writing
Things I found while building. Real data, real numbers, cited sources.
Where Stripe dispute evidence moves the needle
11 May 20263DS only covers fraud disputes. Most service-business disputes are not fraud. What moves a Stripe dispute outcome: consent records under EU CRD Art 16(m), service-completion evidence with timestamps, customer engagement count, and staying below the current network monitoring thresholds (Visa VAMP, Mastercard CMP). Plus the idempotent webhook handler pattern that survives retry storms.
notesRFC 6749 §4.1.3 in the wild: an OAuth code issued for a non-public hostname during Italy’s sovereign-cloud migration
15 Apr 2026Italy is migrating consular IT to Polo Strategico Nazionale, the national sovereign cloud. During the announced 13–14 April 2026 window, the OAuth handover briefly pointed at a PSN internal hostname. Why the flow completes correctly on the canonical host per RFC 6749 §4.1.3, plus the RFC 6066 SNI and RFC 6797 HSTS reasons hosts-file overrides don’t recover it, and a small detection shape any team can run during planned cutovers.
notesSame person, five data sources, zero ground truth
12 Apr 2026How threadr resolves identities across 17 OSINT plugins using a blocking index, Jaro-Winkler similarity, and Dempster-Shafer evidence fusion. From 499,500 comparisons to 5,000.
threadrPDF metadata removal misses embedded images. Here’s what’s still in the file.
7 Apr 2026PDF-level metadata stripping clears Title, Author, Creator. It doesn’t touch EXIF inside embedded JPEG/PNG streams. The data is in APP1/APP2/APP13 segments that pdf-lib can’t reach.
PDF ChangerHow much does a WHOIS match prove? Measuring attribution in bits
7 Apr 2026Domain attribution signals have measurable information content. Shared Cloudflare nameservers: 2.3 bits. Matching registrant email: 26 bits. Computed from population base rates with cited sources.
traceI audited my own OSINT tool and found a query injection
30 Mar 2026A self-audit of threadr found Cypher injection, uncapped graph expansion, plaintext API keys, and a predictable proxy hash. What I found, why it happened, and every fix.
threadrYour passport copy is sitting on someone’s Google Drive
23 Mar 2026How citizenship agencies handle your documents, why Google Drive and WhatsApp aren’t acceptable, and what client-side encryption means for sensitive file sharing.
vaultI scanned 15 Italian citizenship agencies for basic security. 14 scored F.
23 Mar 202687% have no DMARC enforcement. 87% have no Content-Security-Policy. 0 out of 15 have a security.txt. Real scan data, anonymised, with breach precedents.
beaconAre online PDF tools safe? I checked the network traffic
18 Mar 2026Network captures from iLovePDF, Smallpdf, and a client-side alternative. What Google Analytics knows about your merged tax return.
PDF ChangerHow anti-bot systems detect timing patterns
18 Mar 2026Poisson is detectable at p < 0.001. Lévy stable passes at p = 0.68. KS test results, Chambers-Mallows-Stuck sampling, and why the heavy tail matters.
threadr31.6 bits is enough to identify you. I measured how much your accounts leak.
18 Mar 2026Sweeney showed ZIP + DOB + sex uniquely identifies 87% of Americans. I built a tool that computes your actual exposure.
degaussHow private is Monero? Ring entropy says 1.5 bits, not 4
18 Mar 2026OSPEAD shows 80% of real spends are the newest ring member. Effective anonymity drops from 16 to ~3. Inverse-OSPEAD for better decoy selection.
ε-tx