So, there's been a very stupid development from a blog post I wrote years ago.

The Bi-Symmetric Encryption Fraud was a blog post I wrote in 2021 to study the claims made by CEW Systems about their so-called post-quantum encryption scheme. It's a wild ride.

Behold, the front page of their website (which is showing up in my referrer logs today): https://web.archive.org/web/20250102180928/https://www.cew-s.com/

The quoted excerpt:

A firrst draft copy of Dr. Coupal's paper was given to a potential client (who signed an NDA), whose employee decided to have a secret third-party evaluation done. He transmitted the paper, without approval, to a hacker blogger who only goes by an online pseudonym (hereby referred to as the blogger).

False.

Nobody forwarded a copy of Dr. Coupal's paper to me. I found it on CEW System's own fucking website.

Nobody ever decided to have a "secret third-party evaluation" after signing an NDA.

People do ask me all the time to provide third-party evaluations of people's products and services.

This happens regularly enough for me to have put an offering online for it: https://soatok.com/critiques

But that wasn't something I considered in 2021, when the blog post was written.

And nobody is violating their fucking employer's NDA to share something with a furry blogger. Sorry, that's bonkers.

I did email Dr. Coupal to inquire about his involvement with CEW Systems' fraud. Twice. He did not respond.

I did email the InfoQ editors to inquire about a deleted article by Dr. Coupal that promoted the CEW Systems fraud. They did not respond.

Those are the only emails that were exchanged about it.

That being said: If you or your employer has NOT signed an NDA, and someone is trying to sell you something suspicious, please do let me know about it.

If it fails the smell test, I will probably point and laugh at it publicly.

@soatok
I have to wonder what goes in the mind of such people. First they say you obtained the paper without an approval and right after that they post a link to your blog post where all sources are mentioned and archived.
As well interesting to accuse you of being a secret 3rd party when they don't know who you are and call you just "hacker blogger" instead (as if you have stolen the paper by hacking their website or something).

@rengyr "I'm selling a security tool but also hackers are bad" - fools

@soatok Congratulations, "the blogger”

@offby1 @soatok Soatok "The Blogger" Dreamseeker

@soatok lol this seems like a preshared key proposal. A bad one.

Also, what the hell is "quasi quantum resistant". I've been working on PQC for years now, never heard that one before.

@soatok There seems to be a lot of typographical errors in their page, which inspires confidence in their product that requires attention to detail...

@offby1 @soatok I just heard this post as if you were saying "The Blogger" like the title screen of PlayStation 2 launch title "The Bouncer."

https://youtu.be/A8FTfSjocq0?si=jVMeVcHIq_0r1Nwv

@soatok if you want a bottomless well of "it's only not fraud because I can't prove intent" material, look into quantum random number generators.

My favorite rebuttal there has always been "if I write a secret number on a piece of paper, set it on fire, and give you the ashes, and you can tell me the number, then I will buy your magical quantum thing"

@soatok The best part is they're too cheap to even pay for the cheapest Wix plan at $17/month to remove the branding.

@soatok hacker blogger

all up in their Gibsons

@soatok any cryptosystem that fails kerkhoff’s principle should be treated as “the guy selling it to you has a backdoor”

@charlotte Yes!

@soatok

@soatok So, I'm not a lawyer, but this page kind of look like all that one would need to establish criminal intent. They acknowledge that they have read your blog, they call the vulnerabilities so, and seem to have known about them before.

@NohatCoder Hmm... @BoozyBadger any thoughts?

@soatok "... who only goes by an online pseudonym"

Bro your About Us is password protected. As far as I can tell, there are no names of anyone working for CEW Systems on the entire website. Unless you are a potential client, I guess. Admittedly I didn't crawl it.

@soatok *skims the website*
*immediately finds a typo*

@darkrat @soatok it took me thirty seconds to find five

@niko @darkrat @soatok
They were in such a hurry to do damage control, they didn't run the spell check.