If you are a commenter on this blog, you may have recently received some crypto-related spam in the comments that appears to have come from me. If you look closely at the comment, you’ll see that it was a bot, which created a fake account, stole my picture and then added an extra i to the username (so it was foiiagras instead of foiagras). My account (foiagras) is fine.

Annoying. I’m reporting this to Substack - clearly they need to improve some of their bot detection and impersonation technology.

Anyway, here’s proof the spammer was not me. I’ve banned them and deleted all their comments.

Anyway, rest assured that FOIA Gras was not hacked - I am super paranoid about operational security and have 2-factor authentication on everything, from my Gmail account down to my Substack. I’m not perfect but I do everything I can possibly do to protect information of my readers and sources.

I use a Yubikey hardware 2-factor key for almost everything. I recommend you buy one!

If you’re bored and want to learn more about information security and two factor authentication, here’s a presentation I like to give called the “Saga of John Podesta” regarding the 2016 hack of the Clinton campaign. That hack was really a doozy.