Control vs. Local: Privacy, AI, and the new gates on software

Today’s picks: hardware attestation’s rise as a potential gate, why local models should be the default, and three security vignettes that matter to developers and users.

In Brief

Satirical Incident Report: CVE-2024-YIKES

Why this matters now: The fictional supply‑chain tale in the incident report shows how weak maintainer hygiene and transitive dependencies can turn tiny mistakes into mass compromise risks for developer infrastructure.

The post is satire, but its anatomy of failure—phished credentials, a trojaned npm package, a postinstall exfiltration hook and a payload that “only activates on Tuesdays”—reads disturbingly plausible. It’s a compact checklist for hardening real projects: artifact signing, stronger 2FA, dependency auditing, and no blind auto-merges. Take it as a darkly funny wake‑up call: a small human slip can cascade across ecosystems.

"The payload’s reverse shell 'only activates on Tuesdays' — 'It is a Tuesday.'"

Read the full fictional incident and the checklist lessons in the original post.

Obsidian plugin abused to deploy a RAT

Why this matters now: A targeted campaign used shared vault invites and plugin sync to push a remote access trojan, demonstrating how trust and collaboration features can become an attack surface for high‑value targets — especially in finance and crypto.

Researchers detail how attackers convinced victims to enable community plugin sync in Obsidian and then used otherwise legit plugins to run system scripts that dropped the PHANTOMPULSE RAT. The malware even resolves its C2 via the Ethereum blockchain, which makes takedowns harder and the infrastructure unusually resilient. Obsidian’s CEO has promised a major plugin‑security update; the broader debate is about plugin permissions, sandboxing, and product design that assumes plugins deserve full app privileges. More detail in the research writeup.

Mythos audits curl — one real CVE, lots of nuance

Why this matters now: Anthropic’s security model Mythos flagged multiple issues in curl, but after human triage only one low‑severity CVE remained — a useful reality check on AI security tooling limits and strengths.

The curl team found about twenty useful bug reports and a single confirmed CVE from Mythos’s run; many items were false positives or informational. As curl’s lead put it bluntly, and perhaps uncomfortably for hype cycles:

"My personal conclusion … [is] that the big hype around this model so far was primarily marketing"

Read the full post from curl and the Mythos experiment notes to see where automated auditing fits into real‑world security workflows.

Deep Dive

Hardware attestation as a monopoly enabler

Why this matters now: The GrapheneOS thread warns that Apple's and Google's expanding use of hardware‑based attestation (Play Integrity, App Attest, web Privacy Pass efforts) may be used to gate apps and web services to vendor‑approved devices and builds, risking vendor lock‑in and reduced competition.

Hardware attestation promises better security: a server can verify that a client request came from an approved device and unmodified software. In practice, the current attestation designs tie attestations back to a device identity and a vendor’s signing keys. That linkage makes it trivial for services to require “attested” clients as a condition of access — and those attestations are controlled by the silicon or OS vendor.

This is both a technical and political problem. Technically, the lack of blind signatures or strong anonymous attestation in many systems means attestations can be correlated to devices and users, degrading privacy. Politically, requiring attestation becomes a simple policy lever: services can exclude unofficial OS builds or third‑party app stores by demanding vendor-issued attestations. As one Hacker News commenter put it, framing the issue as "Google will decide what you can do with your phone" triggers immediate outrage — because it cuts to control, not just security.

What can change it? There are a few paths: adopt cryptographic primitives that enable anonymous or unlinkable attestations, design attestation that respects user choice (e.g., user‑controlled keys), or pursue regulatory limits on when vendors can enforce attestation as an access gate. Practically, developers and privacy advocates should watch for increasing reliance on Play Integrity, App Attest, and related web APIs, and push for attestation modes that preserve interoperability and privacy. See the GrapheneOS post and the linked discussion for technical details and community reactions.

Local AI needs to be the norm

Why this matters now: A strong case on unix.foo argues that sending routine user data to cloud models is a bad default — local models should be the developer’s first choice when the task allows it.

The core argument is simple and practical: for many transformation tasks (summaries, extractors, classifiers), modern on‑device models are "good enough" and win on privacy, latency, resilience and cost predictability. The author shows a real‑world iOS app that runs summaries with Apple's FoundationModels and returns typed Swift structs, turning AI into a stable, testable subsystem rather than a flaky text blob.

There are tradeoffs. High‑end, frontier models still live in the cloud for capability and scale. But developers should separate two decisions: whether a problem needs frontier reasoning, and whether the data requires leaving the device. For the latter — personal notes, drafts, local file transforms — the default should be local inference.

A quick technical note: one enabler here is quantization, which squeezes model weights into smaller representations so they fit and run efficiently on phones. Quantized local models can lose some fidelity, but for many UI and automation tasks they perform well.

If you design software today, start with an on‑device path: prefer typed outputs, make models swap‑outtable, and reserve cloud calls for tasks demonstrably beyond local capacity. Read the original argument and the Brutalist Report example at unix.foo.

Closing Thought

The headline tension today is control versus autonomy: hardware attestations promise security but can become policy levers; AI promises productivity but where it runs reshapes privacy and resilience. Watch for defensive patterns — anonymous attestation research and on‑device AI tooling — and push for defaults that favor user control.