Anti-Social 2026: Summer Edition
I've been reading Jason Li's Anti-Social email newsletter, which beautifully summarizes his social media posts for people to read at their own pace, so we can all "spend a little less time on those cursed tech platforms." He encouraged people to follow in his footsteps.
While I definitely spend too much time on the socials, I love the idea of offering a recap for those of us who are wiser and more disciplined. Here's a roundup of what's been going on in my socials April through June.
I Got Laid Off And Then Won A Pulitzer
After losing my job after six years at Consumer Reports, I learned that an Associated Press package I spent three years working on with an extraordinary team won the 2026 Pulitzer Prize Winner in International Reporting. We also won an Overseas Press Club award and a SOPA award. You can read all the stories in the package, and check out some media around that, including a Q&A in the Study Hall newsletter and a Study Hall podcast with lead writer Dake Kang. Over at MuckRock, there's a great post on how public records were used in this year's Pulitzer-recognized journalism, which is also worth a read.
I've Been Writing About AI
One silver lining of no longer having a day jerb is that it opened up time and energy to write for The Verge, aka the sexiest site in tech.


I Wrote About Weird Meetings
One of my most popular posts on LinkedIn was one I wrote after taking 96 meetings in 10 weeks. I found myself craving weirder meetings, and started thinking about putting constraints on them.
Maybe I make sure half are face-to-face. Maybe more of them are completely non-transactional, with zero agenda beyond a deeper understanding. Maybe one is to discuss what music to blast when we're falling asleep but absolutely need to stay awake. We can have a normal work meeting, but only after trading stories about the day we thought we were going to die but survived. We agree to meet at some ungodly hour to play VR games so we only worry about how bad we are at them rather than our sound, lighting, and outfits. We can meet but the price of entry for both of us is challenge coin show-and-tell (I promise not to share my goatse coin). Or we have to share our current favorite magnetic nail polish. We can meet and train the cameras on our pets. (My chiweenie is way cuter than me, anyway.)
We can meet to nerd out about the weird time signature changes in What It Sounds Like. We meet but we have to answer an inappropriate icebreaker, like the best and worst thing about one of our exes, or who we'd throw food on and what kind of food we'd throw. We meet but we get to discuss our last, or current, illness or injury. We meet to share unsolicited advice, brainstorming without the appropriate context, because maybe that'll shake something new loose. (Or maybe it won't, but it's good to take chances.)
We meet to discuss the one conspiracy theory we want to believe in, which usually leads to me talking about things that seem like conspiracies but weren't (MKUltra). We meet to admit the one non-scientific health thing we're still going to do. We meet to tell each other to stop downplaying our accomplishments, and practice what that sounds like. Or maybe we meet for an inappropriately long time, on purpose. No cancels, no early departures. I went to a late-night lecture a few weeks back, where we all ate a million chocolates and argued about AI til the wee morning hours. Nobody was on their phone.
I Was On Some Podcasts
I was also on the Cyber Mettle podcast talking about data brokers, doxing and digital privacy with Alyson and Omar, and on the Easy Prey podcast with Chris Parker.
Since then, I've gotten a fancy new mic, so hopefully there will be more podcasts soon.
I Shared Some Free Advice for PR Folks
I want journalists to feel less alienated, but the added bonus is that this will improve the hit rate for people's pitches. (Especially if they spell our names right.)
Note that this is meant kindly and not directed at the PR folks who I am desperately reaching out to for comment. They should write a list of tips for me.
These were the tips I gave:
1. Don't write "It was great to meet you at X event last week." Namedropping an event makes a journalist think you're putting them on a list. Nobody wants to be on a list. They want to develop a relationship (assuming there's a reason for it, like if you genuinely connect on something). If you actually had a memorable conversation and something you discussed was meaningful or resonant, lead with that.
2. Don't write "I'd love to tell you about our company and CEO." Nobody cares about your company and CEO without any story, news, or reason it matters to their beat. We get tons of these and they usually get deleted. (My joke is that I only want to talk to people that don't want to talk to me.)
3. Don't write "our executive can be a strong resource for you." We don't actually know you/them yet so we don't really have a reason to believe you, and you're asking us to do homework to vet this new person. We don't want to invest time on the promise that something might someday be useful, or different than our current sources.
4. Don't write "our exec has deep visibility into (whatever) or unique perspective on (whatever)." We don't know what that means; nothing shows they actually know something. We don't have time to tell this person apart from the 500 other PRs making the same claim. Please just send a concrete surprising data point that would make me care, or a reason why the person's perspective is so unique.
5. Don't ask people to get on brief intro calls. We are on calls all day. We don't have time for more calls without a payoff, so we may not agree to a call unless someone is super compelling, in which case we will drop things for that intro call.
6. Overall: please send fewer emails without evidence you've read something, anything, the person wrote. Then you'll know if/how your exec's expertise would apply to what they're actually covering. At least skim a recent piece and explain why it's relevant. This is table stakes. We all want to feel like our work matters; make us feel that. Bonus points if the source you're pitching ACTUALLY read the piece AND liked it for a specific reason you can articulate.
7. (Also, we can tell when you outsource this to an LLM without fact-checking, I say, after fielding a dozen emails citing my non-existent Substack newsletter and subreddit.)
The version that works: "Your piece on X made me think you'd want to know Y," where Y is one concrete thing, and you actually read X. I promise you that something this simple will make you stand out. Not every pitch will land, and not every call will lead to a quote or a story, but this kind of email gets attention because it is so rare.
I Made A Few Resources
I'm still regularly updating BADBOOL, and I fixed my RSS configuration. I also made a laid off playlist on Spotify (but also have it on a few other spots!)
I also vibe coded a calculator to evaluate different grant and fellowship opportunities and to estimate the actual hourly pay. $40,000 grant can pay a lower hourly rate than a $5,000 one; sometimes the big awards work out to a lower rate than smaller ones once you account for expenses, taxes, and the hours involved. I made this in Claude and ran a security check for injection vulnerabilities, external calls, remote scripts, unsafe use of array indices, etc. It said it fixed those but I got paranoid anyway and put it in Sheets instead. And I threw in generic examples for anyone who uses this to tweak. Make a copy and use it for your own project evaluations.
Last but not least, over at Lockdown Systems we've launched Cyd for Mobile for Android (and soon, it'll be on iOS). This can help you automatically back up and delete your old Bluesky posts, likes, and other data, while leaving up what you actually want people to see when they look up your account.
I Wrote Some Other Posts on Here
In case you missed them, I wrote about reading the comments, always-on transcription bots, and Google Workspace's [security warning] sales pitch. I also wrote about keeping the feds out of your Signal messages, and about what my privacy and security stack actually looks like. I broke down how the article sausage is made. And I wrote about scams not exploiting ignorance, but rather being human.
I've Been Reading About AI
In particular, I enjoyed Cory Doctorow's post, No One Wants To Read Your AI Slop. I've also been reading about water implications of AI, fraudulent citations in research studies, about how asking AI for advice could make you a worse person. I also followed Tate Jarrow's instructions on turning off ChatGPT's new ad tracking, which I was not aware of, and Lorenzo Franceschi-Bicchierai's guide to phone and app features to protect from spyware, which are the same as the ones I recommend.
I've Been Reading Books
Dungeon Crawler Carl is on my recommendation list, along with everyone else's. I also really enjoyed Yahoo Boys: Love, Deception, and the Real Lives of Nigeria's Romance Scammers by Carlos Barragán. I've also been reading and enjoying Rebel with a Clause: Tales and Tips from a Roving Grammarian by Ellen Jovin, after seeing the documentary in Sedona.
I've Been Traveling
I went to New York for an awards ceremony, to St. Paul, MN to give a talk about scams at SecretCon (bless the tall dude seated in front of me who did not recline), and to San Francisco to work on a project with Eva Galperin at the Electronic Frontier Foundation. More on that soon!

I've Been Reading Some Great Content
Melanie Ensign’s written testimony in support of S.71 (Vermont’s data privacy and online surveillance law) exposes the big tech lobbying playbook. Good Luck Opting Out: Manipulative Design Patterns in Opt-Out Processes by Justin Sherman and Caroline Kraczon, looks at how difficult it is for consumers to exercise their opt-0ut rights.
I've Been Doomscrolling
Polymarket paid creators to make fake bets. Great investigation by the Wall Street Journal. The Pentagon apparently knew enemies could track troops' phones for years. Now they are, Wired reports. A CISA admin leaked AWS govcloud keys on Github. About a third of America's Fortune 100 companies do not have a simple way to report security flaws. I read about police using surveillance tech to stalk love interests. And while it's not as bad as...pointing everywhere...I found myself citing an 11-year old article on manels because people are still doing them.

We're Looking For The Worst Articles
Every year, David Huerta and I do a "Worst of Cybersecurity Reporting" talk at CactusCon. Our first annual grill covered articles published in 2019, and we keep getting invited back. We work on this talk all year long, discussing candidates in a shared doc, and then narrow them down to the worst of the worst (that we can fit in 20 minutes).
The year is half over and we are a little low on candidates. We'd love your help. If there's an article that made you cringe or throw your laptop across the room, please let us know and we'll consider it for inclusion! It has to be a news article, not an op-ed, not a stand-alone social media post, not broadcast/audio news, and not marketing materials published by brands.
Good News
Credit where it's due: Google and Apple Google rolling out E2EE encrypted messaging for RCS is 😍, as is WhatsApp shutting down NSO phishing attempts and supporting the Spyware Accountability Initiative. Hopefully they will keep doing awesome things even without Will Cathcart at the helm.
It also looks like Microsoft isn't pursuing action against security researchers after all, and that the government is no longer holding Anthropic's fable model hostage. Yes, these are wins. The bar is in hell.
The largest bitcoin ATM operator, Bitcoin Depot, filed for bankruptcy. My favorite story on bitcoin ATMs is in ICIJ. My favorite part is the guy who tried to set up an industry self-regulation group but next to nobody wanted to join.

Off-Topic
This piece on finding the colors your screen can't show you, this comedy podcast episode on how to pretend you understand the World Cup, this older McSweeney's post asking if you are playing D&D or just doing your taxes.
I learned recently that people in my circle are unfamiliar with the tragedy of the commons, the concept of malicious compliance, and character alignment options in Dungeons & Dragons. I myself learned about queueing theory and Dr. Queue. In the Smithsonian, I learned that female octopuses throw things at male harassers. That makes sense.
Last but not least, I always love reading about Chris Kluwe. Gift link below.
The Best Corrections






