Complete static archive of GigaTap articles about VPN, privacy, OPSEC, and security.
- Digital security in war and conflict: what civil society needs to prioritize - Access Now’s webinar announcement reflects a wider shift: digital harms are increasingly treated as part of conflict protection work. Here is what that fra
- ghostcp (GhosTCP) Beginner Guide: Hardening TCP Connections on Windows - Learn how to install and configure ghostcp (GhosTCP) on Windows to reduce TCP interference using WinDivert and simple rules.
- Malicious NuGet packages impersonate Chinese .NET libraries to deliver an infostealer - Socket reports five NuGet packages that mimic Chinese .NET UI/infrastructure libraries while shipping a .NET Reactor–protected stealer. The campaign uses u
- Malicious Ruby Gems and Go Modules Mimic Dev Tools to Steal Secrets and Tamper With CI - Socket reports a coordinated cluster of Ruby gems and Go modules published from a single GitHub account that looked like routine developer tooling, then la
- OpenSSF on the Hidden Costs of Running Package Registries - A brief note on OpenSSF’s argument that package registries are critical infrastructure with real, recurring operational and security costs—and what teams s
- Stateless Tor Relays: Why Tor Wants Seized Servers to Remember Nothing - Tor’s stateless relay model aims to make confiscated hardware far less useful by removing disk state from the trust equation.
- Surveillance for Sale Threatens Press Freedom - When agencies buy app-derived location data, they don’t just dodge warrants—they gain a map to journalists’ sources.
- Brave Brings Its “Shred” Site-Data Wipe Feature to Android - Brave for Android 1.89 adds a per-site “Shred” button and Auto Shred automation to delete site-stored data that can be used to re-identify you across visit
- Georgia’s media freedom crisis: what the latest warning says, and what to verify next - MFRR partners warn that press freedom in Georgia has deteriorated rapidly since the contested October 2024 elections. The available excerpt is sparse, so h
- pnpm 11 turns on default supply-chain protections - pnpm 11 makes safer installs the default with a 24-hour release delay, blocked exotic subdependencies, and clearer build-script controls.
- Psiphon How-To: Censorship Circumvention Basics for Privacy-Minded Users - Learn how to install and use Psiphon to bypass network censorship, understand what it protects (and what it doesn’t), and avoid common OPSEC mistakes.
- PyPI Fixed High-Severity Access Control Bugs Found in a Warehouse Security Audit - A Trail of Bits audit of PyPI’s Warehouse reported two high-severity access-control issues and an OIDC Trusted Publishing replay edge case. PyPI says it fi
- zapret2 (anti-DPI) Beginner Guide: Install, Intercept, and Apply Strategies Safely - A beginner-friendly zapret2 guide: install it, redirect only the right packets, and apply anti-DPI strategies on Linux/Windows.
- Section 702 Renewal and VPN Users: The Practical Surveillance Risk Nobody Should Ignore - Section 702 renewal could widen surveillance risk for VPN users if their traffic or identity is treated as foreign under US law.
- How Governments Weaponize 'Safety' Laws to Silence Activists and Journalists - EFF exposes the global pattern: governments mask censorship as cybercrime prevention, targeting human rights defenders under the guise of online safety.
- AdGuardHome: Block Ads & Trackers Across Your Network - Learn how to quickly set up AdGuardHome to block ads and trackers network-wide—safer, faster browsing for every device on your network.
- Xray-core Guide: Proxy Access, VLESS, REALITY, and XTLS - A practical Xray-core guide covering VLESS, REALITY, XTLS, proxy access patterns, client setup, and common network troubleshooting.
- Family & Team Security Baseline - Guide: shared minimum security rules for households and small teams with clear ownership.
- AI Privacy Practical Risks - Overview: where AI systems leak sensitive signals and which mitigations pay off first.
- Browser Hardening Without Breakage - Practical tutorial: browser setup in 30 minutes with minimal breakage and stable privacy gains.
- OPSEC for Everyday Use - Practical guide: daily OPSEC routines that reduce accidental identity leaks without hurting usability.
- Threat Modeling for Regular Users - Guide: build a personal threat model in one session and choose controls that match real risk.
- Password Manager + MFA in One Day - Tutorial: deploy a robust account security baseline in one day, with migration checklist.
- Phishing 2026 Survival Guide - Guide: modern phishing patterns and response playbook for individuals and small teams.