We have finished rolling out post-quantum key exchange across all three of our NNTP server regions: news.newsdemon.com (US East), uswest.newsdemon.com (US West), and eu.newsdemon.com (EU). Every SSL connection to NewsDemon now supports quantum-resistant encryption.

What Changed

All NewsDemon servers now use X25519MLKEM768 for key exchange. This is a hybrid scheme that pairs two algorithms together: X25519, the elliptic-curve key exchange you have been using and trusting for years, and ML-KEM 768, a lattice-based algorithm that is resistant to attacks from quantum computers. You get the proven security of today's best cryptography combined with protection against tomorrow's quantum threat.

ML-KEM (formerly known as CRYSTALS-Kyber) was selected by NIST in 2024 as the standard for post-quantum key encapsulation. It is the same algorithm that Google, Cloudflare, and Signal have adopted. The hybrid approach means that even if one algorithm were somehow compromised, the other still protects your connection.

Nothing Changes on Your End

If your Usenet client or operating system runs OpenSSL 3.5.0 or newer, the post-quantum key exchange happens automatically. No configuration changes, no new settings, no software to install. Your newsreader connects the same way it always has. The handshake just got stronger.

If your system is on an older version of OpenSSL, your connection still works fine. It will use standard X25519 key exchange, the same encryption you have been using. There is zero disruption either way.

Why This Matters Now

There is a concept in the security world called Q-Day: the point at which a quantum computer becomes powerful enough to break the public-key encryption that protects most internet traffic today. Nobody knows exactly when Q-Day will arrive, but the timeline is getting shorter. NIST and the NSA have warned it could come as early as 2030. Google announced in March 2026 that they are targeting 2029 to have all their systems migrated to post-quantum cryptography.

The more immediate concern is something called "harvest now, decrypt later." An adversary captures your encrypted traffic today and stores it. It costs almost nothing to record network data. Then, years from now, when quantum computers can crack today's encryption, they decrypt everything they collected. This is not a theoretical scenario. Intelligence agencies and security researchers have been warning about it for years, and some governments are believed to be actively stockpiling encrypted data right now.

Privacy Is Not Just About Today

Here is the thing that does not get discussed enough: nobody knows what the legal landscape will look like in five or ten years. Privacy protections that exist today could be weakened, rewritten, or repealed entirely. Activities that are perfectly legal today may be viewed differently tomorrow. The strongest protection against that uncertainty is ensuring the data cannot be read in the first place, no matter who ends up holding it, no matter what rules change between now and then.

That is the real value of post-quantum encryption. It is not just about some distant sci-fi scenario with quantum computers. It is about making sure that traffic captured today stays private permanently.

Our Approach to Privacy

We have always believed the best way to handle privacy concerns is to invest in the infrastructure that makes privacy real. Posting encryption on a webpage is one thing. Actually deploying it across every server, testing it under production load, and making sure it works seamlessly for every customer is something else entirely.

NewsDemon has offered 256-bit SSL encryption on all connections since day one. We include a free VPN with every account. We operate our own independent backbone so your traffic never touches a third-party reseller network. And now we have added post-quantum key exchange on top of all of that.

Technical Details

For those who want the specifics:

  • Key Exchange: X25519MLKEM768 (hybrid: X25519 + ML-KEM 768)
  • Standard: NIST FIPS 203 (ML-KEM), RFC 7748 (X25519)
  • Servers: news.newsdemon.com, uswest.newsdemon.com, eu.newsdemon.com
  • Ports: 443 and 563 (SSL/TLS)
  • Client Requirement: OpenSSL 3.5.0+ for post-quantum; older versions fall back to X25519 gracefully
  • Cipher Suites: TLS 1.3 with AES-256-GCM and ChaCha20-Poly1305

You can verify the post-quantum handshake on your connection using:

openssl s_client -connect news.newsdemon.com:563 -groups X25519MLKEM768

If the connection succeeds and the output shows X25519MLKEM768 in the key exchange line, you are using post-quantum encryption.

What Comes Next

Deploying post-quantum key exchange is not the finish line. As the standards evolve and new algorithms are finalized, we will continue updating our infrastructure. We are also monitoring the development of post-quantum signature algorithms, which will be the next major step in the migration.

If you have any questions about this update or want to verify your connection, open a chat with our support team. We are available 24/7.

Your Usenet access just got future-proof. As always, your plans and pricing stay the same.