I can be contacted via email using the following addresses:
Note on confidentiality
Please note that, as most other people and organizations, I use a 3rd party Mail Service Provider. The staff who work at the provider are technically able to read all my incoming and outgoing mail. This is by definition of how email infrastructure work, and it is irrelevant whether SSL or other encryption is used between email clients and corresponding email servers. If you have something confidential, please use PGP/GPG encryption to secure our communication (see keys.md for info how to obtain and verify my GPG keys).
Note on integrity of my emails
All email sent by me from the above-mentioned email addresses should be digitally signed with my email keys.
Other notes on emailing me
I get lots of emails. This means I might not find time to respond to your email. In some cases, although rarely, I might not read through the whole message. Please understand that I would also like to have life outside of my email VM…
Please do not write to me personally asking questions about Qubes OS – instead, please write to one of our mailing lists.
I can only read email in English or Polish.
Please don’t write asking me for advise about how to become a “hacker”, or “security researcher”.
I strongly prefer plaintext emails. If you send me an HTML-formatted message I will still be viewing it as plaintext, and so I might be missing on some of the extra information you put there, such as markings done with differently colored fonts, etc.
Phone, Skype, etc.
I don’t believe phone (or similar means of communication) are that great for technical discussions. My experience shows that phone-based conversations lack technical depth, and are prone to misunderstandings, especially pronounced when talking over VoIP connection across the Atlantic. Additionally, they require fixed time slots allocations, suitable for both parties, which is generally a PITA. In most cases discussions are clearer, faster, and more comfortable using email! Not to mention they could be much more secure if GPG is used also.
That being said, I’m available for scheduled phone or conference calls. Please notice that I live in Warsaw, Poland, which is in UTC +1 (Winter) and UTC +2 (Summer) Time Zone. I’m a late sleeper, and usually cannot do a phone call before 1100 hrs of my local time.
Note on Skype
As a matter of principle I don’t use Skype. It’s not because Skype does not offer any meaningful security or privacy (which I believe it indeed does not offer) – I have no illusions that other global PSTN or cellular telephony does not offer it either. It’s rather because Skype is a closed communication system based on proprietary protocol.
We should be discouraging businesses and governments from forcing us into closed systems. Imagine a road system that allowed only one select make of cars to be driven – would that be fun?
It is also possible to engage with me in public conversations via:
Policy on LinkedIn
I don’t use LinkedIn anymore, I have deleted my account some time ago. The stream of invites from total strangers, inability to verify trust, all makes LinkedIn and similar platforms rather meaningless, IMO.
Please do not send me LinkedIn or similar invites. These will be reported as spam.