There are two iron laws of security that are often tragically ignored:
I. “There is no abstract ‘security’ – only security from some specific threat”
II. “There is no security in obscurity.”
Bridgefy, an app that’s been billed as a way for protesters to communicate securely, illustrates both of them.
Bridgefy is an offline messaging tool – a mobile app that uses Bluetooth to pass encrypted messages around a crowd where there is no internet access.
It was originally billed as being useful for big festivals and concerts out in the countryside, where there were lots of people but little or no internet connectivity.
However, as protests have spread around the world, the company has promoted its product as a tool for at-risk protesters seeking to coordinate uprisings for which they might face severe retaliation, including imprisonment, torture and murder.
In April, a group of Royal Holloway researchers audited the app and found it severely unsuitable for these contexts, potentially exposing users to life-threatening hazards. They told the company about these flaws then, but have only now published their findings.
The researchers’ findings reveal that the threats to users from using the app at festivals are very different to the threats that protesters face in repressive regimes (“There is no abstract ‘security’ – only security from some specific threat”).
They also find that the product team made a bunch of mistakes that they overlooked, a common problem (it’s why I can’t find my own typos!) that exposed users to attacks from anyone who knew how to hunt for these errors (“There is no security in obscurity”).
For example, the app sends the ID of both the sender and recipient of every message “in the clear” (without encryption). That allows an attacker who intercepts this metadata to assemble social graphs: Alice knows Bob, Bob knows Carol.
This might expose concertgoers to some risk (for example, if Carol is arrested for selling drugs, Alice and Bob’s messages to her might put them under suspicion). But in a protest context, that exposes the whole movement to risk.
What’s more, the identifiers the app uses are tied to users’ phone numbers: an attacker at a concert would need access to a database that maps phone numbers to real identities. A state-level adversary can simply demand these connections from the phone company.
But not all the flaws in the system stem from the differences in threats at concerts and protests. Some of Bridefy’s flaws threaten users in ANY context, and stem from the developers’ own blind spots about errors in their thinking.
For example, the system doesn’t have any “out of band” way to initialize keys between users. That means that when Alice wants to send a secret message to Bob, she first announces to the whole network that she is Alice and this is her public key that Bob should use.
An attacker in the network can – rather than passing that message on – replace it with a message that substitutes their OWN key, and thereafter intercept, read, and relay all the messages from Alice to Bob (a “man in the middle” attack).
Worse than that, the actual encryption formatting used for the messages is PKCS #1, a system that has been deprecated since 1998 due to unsalvageable flaws.
The app also fails to do vital forms of input sanitization: it doesn’t check for “zip bombs” – small compressed files that, when decompressed, expand to junk files that are millions of times larger. These bombs could crash enough devices in the network to shut it down.
Though Bridgefy has known of the vulnerabilities since April, they are only now announcing them. They attribute the delay to their fruitless internal efforts to remediate these defects, and their ultimate conclusion that their system needs to be rebuilt from the ground up.
They say they are now doing that work, rebuilding the app around the Signal protocol, which is very robust and has been widely probed to identify and shore up weaknesses.
It’s good that they’re doing this. A third iron law of security is that “Security is a process, not a product” – that is, security is always contingent, and requires constant tending and upgrading to patch newly identified defects.
We can’t and shouldn’t expect products to be perfectly secure – all we can ask is that product teams are transparent about which threats they considered in their design, how their products work, and which defects have been identified in them.
Unfortunately, while Bridgefy is doing the right thing by acknowledging these bugs, thanking the reasearch team, and fixing the bugs, the rest of their conduct is less than exemplary.
It was wrong to promote an app designed for concerts as a tool for protesters without considering the differences in the threats to those user populations.
Worse, though the team has known of these defects since April, they didn’t start correcting the record on end-to-end encryption promises until June. And, as Dan Goodin points out on Ars Technica, their messaging continues to imply that it is safe to use.
Bridgefy: even worse than previously believed.
(They lost me at “must have Internet during installation” [link]; I didn’t even get as far as security.)
((*reads articles* wait, hang on, verification is optional now? did Bridgefy become an actual functional mesh system in December and not tell anyone?? Bridgefy: *better* than previously believed???))
(((of course the *other* part of my misgivings about them were vague shady-corporation vibes, which have now intensified)))
Tags:
#promoted the above from a tag ramble because I thought it ought to be fully part of the thread #and also to be able to include that very relevant and timely link #101 Uses for Infrastructureless Computers #reply via reblog #oh look an update
wait what the- i just posted my- but instead it just posted the ask again??? or- no, the dash is showing an old post, what in the hell…?
is anyone else seeing this:
instead of how it shows on my blog:
? refreshing the dash doesn’t seem to fix it on my end, and idk if this is a problem with how tumblr’s serving the data or if it’s something funky on the client end
I was seeing posts in scrambled order too. Checked in a couple of times over the course of the evening to see if it had sorted itself out yet (it hadn’t), until eventually it occurred to me: “hang on, is Tumblr fucking around with that ~best-stuff-first~ shit again?”
And, yeah, they were. There’s a toggle in the Dashboard section of the settings.
Tags:
#reply via reblog #The Great Tumblr Apocalypse #Tumblr: a User’s Guide #PSA #bluespace
I mean, I’m primarily leaving because of the rents, with a secondary helping of excessive low level disorder and general shittiness. but the coronavirus response makes clear that neither the government nor the people is able to make anything better.
at this point the primary argument in favor of sticking it out a bit is that I think new york got rolled hard enough on the first wave that we won’t have a substantial second one. but I was planning on this being my last year and I don’t think I’ll change that.
I enjoyed living here, and I’m glad I moved to new york when I did. but it’s time to go.
that’s the big q! I’m almost certainly staying in the US long term – all of my friends and family are here and it’s still the richest place on the earth, despite its various problems – so that narrows the options a lot. I’m getting to the point in life where I’m about ready to settle down, so ideally wherever I move is a strong contender for decades of residence.
I want to live near at least a mid size city, because I enjoy the products of modern civilization. on the east coast, the only city with a climate that is even borderline habitable is Boston.
the west coast is about to fall into the ocean but with some forethought it seems reasonable to bet on it staying attached for 30 years. and they have great weather patterns, so that’s the vague direction of attention. I have gut feelings about west coast cities but honestly should do some more research.
tbh I really wish america had a city that had tall buildings, decent weather, and wasn’t totally falling apart, but it really doesn’t. actually not sure if there are any cities in the world that meet all three criteria tbh
there are no cities in america that meet all three criteria, but there are plenty of cities in europe that do. if you relax your definition of “tall”. western europe isn’t a good long-term bet, but bremen has tallish buildings and decentish weather – it still gets too hot sometimes, but it’s not as bad as boston, which despite being so far north by american standards (it’s actually on about the same latitude as istanbul and madrid) gets hellish in the summer – and isn’t falling apart yet.
i don’t know what a good place would be for long-term settlement. in the absence of a better idea i’m inclined to stay in the still-habitable parts of the mid-atlantic – somewhere between martinsburg and westminster, probably. but given indefinite time and funds to investigate places to move, and safe air travel, i’d probably want to check out, like, boise.
if it doesn’t sound bad, it probably is bad – the point is that generic urbanites should stay out. many fleeing californians, new yorkers, etc. won’t learn from their mistakes, and will push for the same damn things in texas and virginia. some people who really ought to know better fled to austin, and i’ll try to be polite about it when they flee again.
if you relax your definition of “tall”. western europe isn’t a good long-term bet
yeah, I’m prepared to do this, since America only has two cities with tall buildings and they’re both falling apart and have subpar climates. north/western europe has good weather – it is the environment for which this particular ape is adapted. the problem with europe is money – afaict if I lived there I should expect a much lower salary and a generally lower standard of living. having lots of money lets you buy your way out of a lot of social problems, so I’d rather just do that and also live within a couple time zones of my friends and family.
boston, which despite being so far north by american standards (it’s actually on about the same latitude as istanbul and madrid)
Fake, Madrid is closer to parallel with New York. for Boston a better parallel would be Sofia or Bishkek
boise
if you think Boston is hellish in the summer I’ve got bad news for you about the entire continental interior. Boise’s not too humid in summer so I guess you can go outside at night, but you might want to look further north
anyway long term settlement isn’t real. ruining a place is a long term process, if it’s fine when you get there it’ll probably last long enough to make it work for you
The traditional place for people sick of the United States’ bullshit to fuck off to is southern Canada, and there are many good reasons for that. You can usually get the same timezone you were in before, you can visit the Old Country via land transport, the culture shock is pretty mild, you get used to the winter cold after a few years (it took me about six years to reach a point where -10C wasn’t a big deal anymore, and you can usually arrange to not go outside when it occasionally hits -20) and the summers rarely go above 85F or so, often spending long stretches in the 70s.
(I switched measurement systems in the middle there because I find that moving to a cooler climate and switching measurement systems at the same time helps you cultivate a useful double standard. 10C *feels warmer* than 50F, and just because -10C doesn’t seem so bad anymore doesn’t mean 14F will be fine (likewise, 90F being okay doesn’t mean 32C will be).)
My dad fucked off to Canada after seeing how badly the U.S. was handling the aftermath of 9/11, taking his family with him, and every so often I’m like “have I thanked you lately for getting me here?”.
(He’s said his second choice was New Zealand, but living upside-down would take a lot more getting used to, and while people on isolated islands are doing great right *now* it’s not *always* a plus.)
—
OP draws a weird dichotomy of people who don’t want to move being “people who base their entire personal identity on emotional attachment to a place”.
I wouldn’t say I strongly identify with this specific place, but I *do* strongly want *somewhere* decent to put down roots. My reluctance to move is primarily a reluctance to move *in full generality*, rather than a reluctance to move *away from here*.
(I feel kind of bad sometimes about not having done more exploration before settling down to exploit, but exploration of living-place options is expensive in more ways than one. I doubt I would find anything *enough* better to justify all the unpleasantness of instability, especially since I accidentally hit an area with a reputation for plentiful jobs in my field on the first try.)
Tags:
#reply via reblog #our home and cherished land #home of the brave #covid19 #illness tw? #weather
and that captcha thing where it never explicitly tells you if you succeeded or not, so you’re never sure if it’s making you do it like six times because you suck or because it’s just Like That
it reliably makes me do more on my browser With Adblock And Shit, whereas my chrome sellout browser just lets me press the button, so I figure it’s just like that
anyway with the fade out / in buses I think I noticed it doesn’t start the fade in until you focus the tab again, which is Hell
Yeah, in some ways having to do it like six times is a sign that I’ve *succeeded*: not at finding buses, but at preventing Google from tracking my identity.
I don’t think I’ve ever unfocused the tab, so I hadn’t noticed that part.
Update: on multiple occasions reCAPTCHA *has* now explicitly claimed that I failed to find all the crosswalks, and refused to let me through until I agreed to lie and say that those pictures that were clearly *rumble strips* were actually crosswalks. There was likewise an occasion where it wouldn’t let me through until I agreed to claim that an RV was a bus.
(if they’re using this as some kind of self-driving-car training program I shudder to think how that’s going)
to be honest I’m getting pretty annoyed that recaptcha now seems to be the only captcha service in use
It is awfully pervasive, yeah, though I still see a *few* others.
(The update post was inspired by me changing my email addresses to custom domains this week: the “telling all my various accounts to use the new email” process involved filling out a *lot* of captchas.)
Tags:
#disappointed permanent resident of The Future #reply via reblog #I’m increasingly sick of Google’s shit #for my next smartphone I’m getting a fucking Lineage #(I don’t think I’m *quite* hardcore enough for Replicant or /e/ but ask me again in a few years)
not a big fan of that captcha thing where you gotta wait 30 minutes for google to decide if it wants to show you another bus
and that captcha thing where it never explicitly tells you if you succeeded or not, so you’re never sure if it’s making you do it like six times because you suck or because it’s just Like That
it reliably makes me do more on my browser With Adblock And Shit, whereas my chrome sellout browser just lets me press the button, so I figure it’s just like that
anyway with the fade out / in buses I think I noticed it doesn’t start the fade in until you focus the tab again, which is Hell
Yeah, in some ways having to do it like six times is a sign that I’ve *succeeded*: not at finding buses, but at preventing Google from tracking my identity.
I don’t think I’ve ever unfocused the tab, so I hadn’t noticed that part.
Update: on multiple occasions reCAPTCHA *has* now explicitly claimed that I failed to find all the crosswalks, and refused to let me through until I agreed to lie and say that those pictures that were clearly *rumble strips* were actually crosswalks. There was likewise an occasion where it wouldn’t let me through until I agreed to claim that an RV was a bus.
(if they’re using this as some kind of self-driving-car training program I shudder to think how that’s going)
Tags:
#AIs being Wrong on the Internet #oh look an update #reply via reblog #disappointed permanent resident of The Future
Depends on the context! You need enough chuggas to establish that we are on a steam train before it makes sense to your audience that you are blowing a steam whistle – so if you’re at a bar and people have been talking about “chugging” beer all night, you may need several chuggas to get the btrain going in the right direction but if you’re already on a train you can just do the arm motion and say “choo choo” without even a single chugga.
I said this ditty to myself to see what I did and I produced *four* chuggas before the choo choo. Any fewer chuggas than that seems insufficient; and more than four is certainly acceptable, although with much more than four you start to bore your audience.
if your number of chuggas isn’t divisible by 4 then what the hell are you doing
I agree that no chuggas are required if you are already on a train (and similarly trainful situations like “pointing at a train”), but for other circumstances:
There’s a use/mention distinction. When *mentioning* “chugga chugga choo choo” it’s two chuggas, but when *using* it it’s eight chuggas.
(This is probably because of the same fundamental psychological reasons that cause there to be eight “nana”s before “Batman”.)
Tags:
#(*semi*-serious) #reply via reblog #oral culture #trains #Batman
I can’t trust any take on Disney from someone so clearly ignorant of what he’s talking about that he can say this with a straight face:
“That is because in normal times you must choose perhaps four or five big rides, each lasting mere minutes, and spend hours waiting in line to be admitted to each.”
Dude, just showing up at a major Disney ride and expecting to be seated is like just showing up at a fancy restaurant and expecting to be seated: in both cases *you are supposed to make a reservation*. When I went in the autumn of 2015, ride reservations (“FastPasses”) were quite flexible (one-hour usage window) and very often available on a same-day basis: while we *had* reservations months in advance, we made last-minute adjustments to them pretty much every day (you can do this on your phone, thanks to the complimentary Wi-Fi [link]).
(Also a part of me is going “you’re complaining about how expensive everything is and yet you stayed at the fucking *Contemporary*??”, while another part goes “why did the Atlantic send some poor dude with a COVID-19-naive immune system to fucking *Florida*? they’re a bunch of Americans in the summer of 2020: did they *seriously* not have anybody who’d had it already that they could send instead?”)
Still, it’s interesting to hear some reporting from the field. Just…with some caveats.
That is all relatively recent, though. Fastpass was introduced in 1999; I definitely remember the process he describes from when I was growing up. And the author is of course describing how Disney “usually” is off of secondhand reports, since he’s never been before.
But yeah, the article is great as a description of how Disney is now. And the observations about it as being part of the American civic religion aren’t original but they are fairly good points.
I *suppose* you could call 21 years relatively recent compared to the total span of Disney World’s existence, but it’s simultaneously a long time.
I guess a generational thing does add another layer to the bit about his parents refusing to go there: *I* grew up hearing Dad complain about “standing in line for hours for every five minutes of ride” as the reason he refused to go to *Six Flags*, and perhaps even specifically as a reason why Disney was better than Six Flags.
(A bit of context: I was born in 1993 to a family that *was* upper-middle-class at the time and a mom that loves Disney World. I’ve been five times: 1998, 2000, 2001 (we were there on 9/11, it was a hell of a thing), 2004, and 2015. Our trips were generally around 1.5 – 2 weeks long: trying to cram everything into a long weekend is a recipe for exhaustion and FOMO.)
—
In additional to the description of how things were going on the ground, I thought the bits about the Disney World government having legitimacy in the eyes of its constituents, in a way the American government does not, were an interesting way of looking at it.
Yeah, I think there’s something of a generational thing going on there maybe?
I was born 1986 and we went to Disney World like eight or ten times when I was a kid/teenager. I think we might have gone there, one way or another, every year from 95 or 96 to 2000 or 2001 or something like that? And then I wound up there again in 2004.
(And then I also went to Disneyland in August 2004 because it was effectively a compulsory part of college orientation, long story. I used my deep knowledge of Disney World to go around with a couple friends and maximize the time we could spend in air conditioning. I think we rode Small World multiple times becuase it was shady, air conditioned, and had short lines.)
Fastpass was introduced toward the end of that, so I definitely remember it as “that new thing they just rolled out that makes the lines easier to deal with”. But by the time they’d introduced it I was absolutely fucking sick of going to Disney World.
But yeah, if you asked me what Disney World was like, my gut reaction was “Standing in these awful lines constantly, although I think they did a thing to make that better recently.” Also, I don’t know how the system works now, but when Fastpass was new you could only have one at a time. So you’d get a Fastpass for a long-line ride like Space Mountain or something, and then you’d go stand in long lines for other attractions while you waited for your time to come around. So it let you do more things but still the dominant experience was “standing in line”.
But yeah, the bits about Disney’s “governmental” legitimacy were really interesting. I kept using the phrase “American Singapore” to a Disneyphile friend today, who eventually responded: “I think there’s a limit to my appreciation of the dystopian artwork in which we find ourselves.”
As of 2015, there were three tiers of ride and you started off with one reservation in each tier. There were circumstances (I’m not sure of the exact rules now) where you could snap up extra FastPasses that other people had abandoned (and/or perhaps that Disney had added upon seeing the ride wasn’t full enough), and I remember them being fairly easy to find. But OTOH this *was* September, a month so slow that Disney bribed us with a free meal plan to schedule our trip for that time period.
(Joke’s on them: we were planning to go for September anyway. That meal plan was great: more credits than we could possibly use (presumably it was aimed to accommodate people with much higher appetites), and with prices denoted simply in “meals” and “snacks” rather than dollars. Being 100% price-insensitive in your food-buying decisions is a wonderfully liberating experience.)
Tags:
#reply via reblog #Disney #politics cw #illness tw #covid19 #home of the brave #food #adventures in human capitalism #disordered eating?
I can’t trust any take on Disney from someone so clearly ignorant of what he’s talking about that he can say this with a straight face:
“That is because in normal times you must choose perhaps four or five big rides, each lasting mere minutes, and spend hours waiting in line to be admitted to each.”
Dude, just showing up at a major Disney ride and expecting to be seated is like just showing up at a fancy restaurant and expecting to be seated: in both cases *you are supposed to make a reservation*. When I went in the autumn of 2015, ride reservations (“FastPasses”) were quite flexible (one-hour usage window) and very often available on a same-day basis: while we *had* reservations months in advance, we made last-minute adjustments to them pretty much every day (you can do this on your phone, thanks to the complimentary Wi-Fi [link]).
(Also a part of me is going “you’re complaining about how expensive everything is and yet you stayed at the fucking *Contemporary*??”, while another part goes “why did the Atlantic send some poor dude with a COVID-19-naive immune system to fucking *Florida*? they’re a bunch of Americans in the summer of 2020: did they *seriously* not have anybody who’d had it already that they could send instead?”)
Still, it’s interesting to hear some reporting from the field. Just…with some caveats.
That is all relatively recent, though. Fastpass was introduced in 1999; I definitely remember the process he describes from when I was growing up. And the author is of course describing how Disney “usually” is off of secondhand reports, since he’s never been before.
But yeah, the article is great as a description of how Disney is now. And the observations about it as being part of the American civic religion aren’t original but they are fairly good points.
I *suppose* you could call 21 years relatively recent compared to the total span of Disney World’s existence, but it’s simultaneously a long time.
I guess a generational thing does add another layer to the bit about his parents refusing to go there: *I* grew up hearing Dad complain about “standing in line for hours for every five minutes of ride” as the reason he refused to go to *Six Flags*, and perhaps even specifically as a reason why Disney was better than Six Flags.
(A bit of context: I was born in 1993 to a family that *was* upper-middle-class at the time and a mom that loves Disney World. I’ve been five times: 1998, 2000, 2001 (we were there on 9/11, it was a hell of a thing), 2004, and 2015. Our trips were generally around 1.5 – 2 weeks long: trying to cram everything into a long weekend is a recipe for exhaustion and FOMO.)
—
In additional to the description of how things were going on the ground, I thought the bits about the Disney World government having legitimacy in the eyes of its constituents, in a way the American government does not, were an interesting way of looking at it.
P.S. Oh, also we homeschooled, which meant we could arrange to go during the school year (usually in autumn, sometimes winter). So come to think of it, that’s another reason why my experience of Disney would paint it as less crowded (and with less miserable weather!) than many people claim.
(Florida in the autumn is basically the same as New Jersey in the summer: my body was already adapted to that temperature and humidity range in general, and in most cases had the advantage of having *recently used* said adaptations (since New Jersey summer had only just ended). (Though in 2015, when I’d spent the last eight years in Canada, I was pleasantly surprised by how intact my heat tolerance was. My body walked out of the airport into the 95F-and-very-humid dusk, went “Oh hey, it’s summer! I remember summer! I haven’t had summer in *years*!”, flicked a few settings, and happily continued on its way.))
Tags:
#reply via reblog #my childhood #Disney #politics cw #illness tw #home of the brave #covid19 #homeschool #weather
I can’t trust any take on Disney from someone so clearly ignorant of what he’s talking about that he can say this with a straight face:
“That is because in normal times you must choose perhaps four or five big rides, each lasting mere minutes, and spend hours waiting in line to be admitted to each.”
Dude, just showing up at a major Disney ride and expecting to be seated is like just showing up at a fancy restaurant and expecting to be seated: in both cases *you are supposed to make a reservation*. When I went in the autumn of 2015, ride reservations (“FastPasses”) were quite flexible (one-hour usage window) and very often available on a same-day basis: while we *had* reservations months in advance, we made last-minute adjustments to them pretty much every day (you can do this on your phone, thanks to the complimentary Wi-Fi [link]).
(Also a part of me is going “you’re complaining about how expensive everything is and yet you stayed at the fucking *Contemporary*??”, while another part goes “why did the Atlantic send some poor dude with a COVID-19-naive immune system to fucking *Florida*? they’re a bunch of Americans in the summer of 2020: did they *seriously* not have anybody who’d had it already that they could send instead?”)
Still, it’s interesting to hear some reporting from the field. Just…with some caveats.
That is all relatively recent, though. Fastpass was introduced in 1999; I definitely remember the process he describes from when I was growing up. And the author is of course describing how Disney “usually” is off of secondhand reports, since he’s never been before.
But yeah, the article is great as a description of how Disney is now. And the observations about it as being part of the American civic religion aren’t original but they are fairly good points.
I *suppose* you could call 21 years relatively recent compared to the total span of Disney World’s existence, but it’s simultaneously a long time.
I guess a generational thing does add another layer to the bit about his parents refusing to go there: *I* grew up hearing Dad complain about “standing in line for hours for every five minutes of ride” as the reason he refused to go to *Six Flags*, and perhaps even specifically as a reason why Disney was better than Six Flags.
(A bit of context: I was born in 1993 to a family that *was* upper-middle-class at the time and a mom that loves Disney World. I’ve been five times: 1998, 2000, 2001 (we were there on 9/11, it was a hell of a thing), 2004, and 2015. Our trips were generally around 1.5 – 2 weeks long: trying to cram everything into a long weekend is a recipe for exhaustion and FOMO.)
—
In additional to the description of how things were going on the ground, I thought the bits about the Disney World government having legitimacy in the eyes of its constituents, in a way the American government does not, were an interesting way of looking at it.
Tags:
#reply via reblog #Disney #politics cw #illness tw #covid19 #home of the brave
I can’t trust any take on Disney from someone so clearly ignorant of what he’s talking about that he can say this with a straight face:
“That is because in normal times you must choose perhaps four or five big rides, each lasting mere minutes, and spend hours waiting in line to be admitted to each.”
Dude, just showing up at a major Disney ride and expecting to be seated is like just showing up at a fancy restaurant and expecting to be seated: in both cases *you are supposed to make a reservation*. When I went in the autumn of 2015, ride reservations (“FastPasses”) were quite flexible (one-hour usage window) and very often available on a same-day basis: while we *had* reservations months in advance, we made last-minute adjustments to them pretty much every day (you can do this on your phone, thanks to the complimentary Wi-Fi [link]).
(Also a part of me is going “you’re complaining about how expensive everything is and yet you stayed at the fucking *Contemporary*??”, while another part goes “why did the Atlantic send some poor dude with a COVID-19-naive immune system to fucking *Florida*? they’re a bunch of Americans in the summer of 2020: did they *seriously* not have anybody who’d had it already that they could send instead?”)
Still, it’s interesting to hear some reporting from the field. Just…with some caveats.
Tags:
#Disney #reply via reblog #covid19 #home of the brave #politics cw? #illness tw
Brinens and Things - Tumblr Mirror 