In the spirit of my 2020 recap, I thought it’d be fun to look back at everything that happened on this blog in 2021.

Controversy Strikes

The year opened with my most controversial blog post to date–assuming the number of hate comments and death threats I’ve received, fake dating profiles created using my email Address, and attempts to hack my Social Media accounts are a reliable metric for controversy.

After the attempted coup on January 6, I had used a really obvious and trivial technique to learn the real (non-CloudFlare) IP address of TheDonald.win, which I then published. This IP address leak identified that the “proud American patriots” were hosting their servers with OVH in Canada; a fact that was covered by Montreal’s CBC News.

Now, this wasn’t exactly a sophisticated technique (and their reliance on reCAPTCHA already leaks their server’s real IP address to Google, which law enforcement can then subpoena), nor was it doxing, but it pissed a lot of the worst kinds of right-wing idiots off.

But as the inaugural blog post for 2021, it did set the tone for many posts that followed throughout this year. If you threaten me, I will just increase the thing you didn’t like.

Other Notable Blog Posts in 2021

As the year progressed, I decided to use rudimentary computer security skills, basic cryptography knowledge, and basic critical thinking skills to criticize a number of crooks, crackpots, and cretins.

• Terra Quantum AG (crackpot, possibly run by crooks)
• Zed Shaw (toxic cretin; author)
• Allen Gwinn (crackpot, published in The Hill)
• CEW Systems (Chad E. Wanless, James Castle, et al.) (at minimum, crackpots; likely also crooks)
• CJ Hankins, on behalf of Foxy Games, an ElectraWorks Limited and Entain Group property (crooks; soliciting an illegal form of Native Advertisements)

Right-wingers and grifters are rarely separated by a great distance, after all. (Why else would they pitch Ivermectin to people who haven’t been vaccinated against COVID-19?)

As the year went on, I also published some social media design criticism and security research:

• Critical flaws in the design of Twitter’s “Birdwatch” project to fight misinformation
  • Twitter’s Product VP acknowledged my criticism publicly, but did not commit to any specific changes
• Furry Amino is so bad at art attribution that they accused me of stealing my own fursona
  • Their response to my criticism was to make Furry Amino private, rather than correct course or acknowledge their mistakes
• Cryptography and privacy weaknesses with Safer Illinois and the Safer Community apps
  • Their subsequent response to the issues I disclosed was so poor that the Journal Star published a story about it.
• An interesting timing attack on SQL queries in Lobste.rs’ password reset feature
  • It turns out, the reason their response was delayed is that the admin thought the impact of my discovery was even worse than I imagined, and had been researching and prepping a larger fix.
• Cryptography weaknesses in Threema, that contradict their overzealous marketing claims
  • Threema’s only response (posted on Reddit rather than anywhere official) was mostly dismissive and hand-wavy

This was all interleaved with my usual subjects of interest (being shamelessly gay and furry; real-world cryptography; opposition to excessive gatekeeping, willful ignorance, and cryptocurrency-assisted scams; etc.).

Other Happenings

Fursuit Acquisition

In 2021, I also acquired a [partial] fursuit (albeit not for my dhole fursona), which I revealed at Halloween. Say hello to Circinus:

I started with the fursuit head, which I won from a Dealer’s Den auction by @craftycovenco in August and then decided to turn it into a Frankenstein-partial for Halloween.

• The handpaws came from Crinsy.
• The wolf tail and arm sleeves both came from Pawstar.
• The footpaws and leggings both came from Lemonbrat.

For my Halloween costume, I also got a rainbow cyber visor from IllumiCyberwear, and a LARP cloak from ChowsEmporium.

All together, it looks like this:

As an assembled-by-parts partial fursuit in the spirit of Frankenstein’s monster, it isn’t form-fitted like a custom commissioned piece would be, but it’s still super fluffy and I’m extremely happy with the quality of the pieces.

Recruiters Aren’t Shy of Furries

I haven’t really talked about this at all (mostly because I don’t want to call anyone out), but I’ve received a handful of invitations to apply to jobs via Twitter DM and email in 2021.

To be clear, these invitations were sent to my furry accounts, not professional ones.

Needless to say, this came as a bit of a surprise, given that the purpose of this blog was entirely for entertainment rather than career advancement.

Last year, I had written a series to help furries get into the tech industry for as close to $0 as possible, with no prior experience. I had heard a few people anguish over whether or not to hide their furry fandom participation from prospective employers. My advice for anyone in a vulnerable position was, and still is, to practice compartmentalizing their hobbies from their work profiles… but maybe times are changing, and I’ll be able to amend that advice in the near future.

Quick Stats for 2021

• Total number of blog posts: 38 (including this one)
  • Most popular: No, You’re Not a “Sigma Male”
  • Least popular: World Dhole Day 2021
• Blog comments (not counting hate or pingbacks): 91
• Ad revenue: Still $0
• Zero-days published: 10
  • Five in Threema (the most impactful being the Invisible Salamanders attack against Group Messaging)
  • Two in Safer Illinois
  • Two in Zed Shaw’s implementation of SRP
  • One against TheDonald (although it’s just an IP address leak)
• Hate emails/tweets/DMs/comments/etc. received: At least 100
• People who became cool with furries after interacting with me on social media (after other users failed to troll me) and subsequently admitted this to me privately: 1
• Furries I’ve inspired to make a dhole fursona (that I’m aware of): 2
• Fursuits acquired: 1 (partial) (hopefully in 2022)
• Amount spent on art commissions specifically for blog posts/series: $600
• Bad puns and wordplay-based jokes:

Compare with last year’s quick stats breakdown.

Soatok’s Goals for 2022

So what’s in store for this blog next year? More of the good stuff, I hope. I’m tired of thinking about the COVID-19 pandemic, and my country’s moronic Response to it. I’m sure you’re tired of reading about it.

I plan to continue to discredit fraudsters as I encounter them, and to publish weaknesses in products and services that boast security claims that their implementations don’t meet.

I also plan to write about a bunch of cryptography topics, from the performance and safety of bignum implementations, to explorations of more cryptographic primitives and protocols, to some hotly debated topics with post-quantum cryptography.

But 2022 feels like a year of experimentation, to me. Future blog posts may include some of my own sketches and diagrams, just to spice things up.

I’d also like to add some video content to the fold, now that I have a partial fursuit and a webcam. (Don’t worry; they’ll never be autoplayed, and watching them will never be essential to understanding the writing that the videos accompany.)

Header art is a collage of many artists’ works: creeps, Vega Deftwing / Talon Creations, DumbWeasel, TyTheSaber / Isabel9819, GoldenDruid.