I'm a Computer Science Graduate from Oxford University, England. After deciding to leave Oxford at the start of my 4th year to do something more interesting, and just stick with a BA, for one year I worked for 4 days a week as a software engineer at a Semmle (a company that does some cool source code analysis for a few big tech companies, including NASA, Dell, and Dropbox), and also taught Computer Science at a school for students on the autistic spectrum once a week. I now work full time at Semmle as Lead Developer on

During my time at Oxford, I have been both the Secretary and the President of the Oxford University Computer Society, and also the IT Rep for the JCR at St. Catherine's College. In addition, I was involved in 3 separate "Learn to Code" courses for students, including one of which I organised, ran and co-wrote the content for. I also volunteered as a helper at my local CoderDojo for some time.

Inside the software field, my main interests are in Communication & Networking (in particular mesh networks), Security, Cryptography (especially usability), Anonymity, and Censorship Resistance. I do like to periodically get away from technology however, and outside of that I have quite a bit of interest in political / social structure (completely re-factoring it, that is), and generally doing my part to help bring about a better world.

If you want to get in touch, your best bet is probably via twitter.

Recent Blog Posts

The WhatsApp Non-Backdoor

Jan 12, 2017

The Guardian have just released an article supposedly revealing a Backdoor in WhatsApp that allows snooping of users' messages. That's what I'll be addressing here...

I'd like to start out by saying that this is a very technically accurate and concise article. While reading it, I found that all the questions I would have had as someone in the security community were answered. However, it is sensationalist, in particular the headline.

Backdoors are traditionally discreet and unnoticeable, you would sneak it in, and certainly not see anything in the UI. In this instance however, it is completely observable in the UI (if you have the security notifications enabled), although if you aren't keeping a close eye, it may be difficult to determine exactly which messages were re-sent to the new key.

So this is not a backdoor, at least I wouldn't call it that, I would call it a design flaw... a design flaw with security consequences. But some wouldn't even consider it something as severe as that, to some this is working as intended.

Back when this behaviour / flaw was first talked about in April 2016, Facebook responded with:

[...] We were previously aware of the issue and might change it in the future, but for now it's not something we're actively working on changing." [...]

And Facebook are likely to come out with a similar (perhaps more fluffy) response now that this is being re-hashed in the mainstream media.

Read More…

The Tor and CloudFlare Problem

Mar 06, 2016

For a while, users of Tor have been exposed to a great deal of frustration while browsing the web; when visiting websites that are using CloudFlare, they are presented with a Captcha before being able to load the website. (for every, single new website they navigate to in a single session).

This makes navigating the web a particularly tiresome experience, especially as so much of the web is protected by CloudFlare's services.

Right now, there is an ongoing discussion on the Tor Project's ticket system regarding this problem, inviting anyone to propose potential solutions to the problem. There have been a few potential solutions discussed, but ultimately nothing that solves all the problems for all concerned parties.

Over the course of this ticket being open though, CloudFlare's CTO has been very active in this thread, and CloudFlare now provides the option for its customers to decide on how to treat tor traffic, specifically, it allows customers to whitelist Tor exit nodes. This is great news and shows CloudFlare's willingness to discuss and come to a solution with the community.

In this post I propose a take a critical approach to discussing the existing suggestions and propose a new potential solution.

Read More…
View All Posts…

Sam Lanning

Sam Lanning

Studied Computer Science @ Oxford University. Interested in Communication, Security, Privacy, Anonymity, P2P, E2E, Mesh, Censorship Resistance etc...

Oxford - UK