Treat Plugins Like Apps

Firewalls Don't Stop Dragons Podcast

Player FM - Internet Radio Done Right

30 subscribers

Hozzáadva hét éve

A tartalmat a Carey Parker biztosítja. Az összes podcast-tartalmat, beleértve az epizódokat, grafikákat és podcast-leírásokat, közvetlenül a Carey Parker vagy a podcast platform partnere tölti fel és biztosítja. Ha úgy gondolja, hogy valaki az Ön engedélye nélkül használja fel a szerzői joggal védett művét, kövesse az itt leírt folyamatot https://hu.player.fm/legal.

The So What from BCG

1
Re-Recruiting and Other New HR Strategies You Can’t Ignore 18:09

7 napja18:09

Lejátszás később

Listák

Tetszik

Kedvelt

18:09

HR is no longer just about managing people—it’s about shaping the future of work. Jens Baier, BCG’s HR transformation expert, discusses how AI and shifting employee expectations are forcing companies to rethink talent strategies. From re-recruiting to upskilling employees, HR must adapt to a rapidly changing landscape. Learn More: Jens Baier: https://on.bcg.com/41ca7Gv BCG on People Strategy: https://on.bcg.com/3QtAjro Decoding Global Talent: https://on.bcg.com/4gUC4IT…

körülbelül egy éve 1:10:45

MP3•Epizód kép

In other news: The TikTok ban has been given a 75-day reprieve; the Trump administration fires scores of cybersecurity experts; Apple Intelligence will soon be enabled by default on iPhones and Macs; some clever researchers have hacked the iPhone USB-C connection; a tricky new smishing campaign tricks users into bypassing Apple protections; PowerSchool hack affects 62M students and 9M teachers; new AI took can identify where a photo was taken; Subaru hack exposes scary amount of location data collection; fuzzing tool find over 100 bugs in modern cellular network; Texas sues Allstate for using private car data; FTC to ban GM from sharing location info; exercise equipment collects lots of personal data; federal court finally rules that Section 702 FISA data access requires a warrant.

Article Links

[theverge.com] Trump signs order refusing to enforce TikTok ban for 75 days https://www.theverge.com/2025/1/20/24348213/trump-tiktok-ban-executive-order-sale-delay-china
[techcrunch.com] Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
[macrumors.com] macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically https://www.macrumors.com/2025/01/21/macos-sequoia-15-3-apple-intelligence-opt-out/
[9to5mac.com] Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams https://9to5mac.com/2025/01/14/security-vulnerability-in-iphones-usb-c-port-and-a-gotcha-with-imessage-scams/
[Tech Radar] PowerSchool hack keeps getting worse – 62 million students now thought to be affected https://www.techradar.com/pro/security/powerschool-hack-keeps-getting-worse-62-million-students-now-thought-to-be-affected
[404media.co] The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/
[wired.com] Subaru Security Flaws Exposed Its System for Tracking Millions of Cars https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
[The Hacker News] RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
[gizmodo.com] Texas Sues Allstate for Collecting Driver Data to Raise Premiums https://gizmodo.com/texas-sues-allstate-for-collecting-driver-data-to-raise-premiums-2000549878
[techcrunch.com] GM banned from sharing driving and location data with insurance companies https://techcrunch.com/2025/01/17/gm-banned-from-sharing-driving-and-location-data-with-insurance-companies/
[consumerreports.org] Your Exercise Bike Knows a Lot About You—and It Doesn’t Keep Every Secret https://www.consumerreports.org/health/health-privacy/exercise-machine-privacy-a3907557984/
[eff.org] VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional
Tip of the Week: Treat Extensions Like Apps: https://firewallsdontstopdragons.com/treat-extensions-like-apps/

Further Info

Data Privacy Week 2025: https://firewallsdontstopdragons.com/data-privacy-week-2025/
Private TikTok web app: https://www.sticktock.com/
Enabling Apple’s Advanced Data Protection: https://support.apple.com/en-us/108756
OSINT location analysis examples: https://gralhix.com/list-of-osint-exercises/osint-exercise-001/
Claw Your Data Back tool: https://cyd.social/
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Generate secure passphrases! https://d20key.com/#/

Use these timestamps to jump to a particular section of the show.

0:00:07: Intro
0:01:03: Listener survey ended
0:01:37: News preview
0:03:54: Trump signs order refusing to enforce TikTok ban for 75 days
0:10:02: Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision
0:14:50: macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically
0:21:51: Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams
0:24:51: Clever iPhone Smishing attack
0:28:35: PowerSchool hack keeps getting worse
0:32:55: The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds
0:43:37: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
0:49:28: 5G fuzzing
0:54:02: Allstate sued, FTC Bans GM data selling, fitness device data
0:56:52: FISA 702 court victory
1:01:23: Tip of the Week: Treat Plugins Like Apps
1:08:12: Wrap up and looking ahead

402 epizódok

#Carey Parker #Security #Tech #Software Development #Second Half

Treat Plugins Like Apps

Firewalls Don't Stop Dragons Podcast

30 subscribers

published körülbelül egy éve

Megosztás

MP3•Epizód kép

Article Links

[theverge.com] Trump signs order refusing to enforce TikTok ban for 75 days https://www.theverge.com/2025/1/20/24348213/trump-tiktok-ban-executive-order-sale-delay-china
[techcrunch.com] Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/
[macrumors.com] macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically https://www.macrumors.com/2025/01/21/macos-sequoia-15-3-apple-intelligence-opt-out/
[9to5mac.com] Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams https://9to5mac.com/2025/01/14/security-vulnerability-in-iphones-usb-c-port-and-a-gotcha-with-imessage-scams/
[Tech Radar] PowerSchool hack keeps getting worse – 62 million students now thought to be affected https://www.techradar.com/pro/security/powerschool-hack-keeps-getting-worse-62-million-students-now-thought-to-be-affected
[404media.co] The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/
[wired.com] Subaru Security Flaws Exposed Its System for Tracking Millions of Cars https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
[The Hacker News] RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html
[gizmodo.com] Texas Sues Allstate for Collecting Driver Data to Raise Premiums https://gizmodo.com/texas-sues-allstate-for-collecting-driver-data-to-raise-premiums-2000549878
[techcrunch.com] GM banned from sharing driving and location data with insurance companies https://techcrunch.com/2025/01/17/gm-banned-from-sharing-driving-and-location-data-with-insurance-companies/
[consumerreports.org] Your Exercise Bike Knows a Lot About You—and It Doesn’t Keep Every Secret https://www.consumerreports.org/health/health-privacy/exercise-machine-privacy-a3907557984/
[eff.org] VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional
Tip of the Week: Treat Extensions Like Apps: https://firewallsdontstopdragons.com/treat-extensions-like-apps/

Further Info

Data Privacy Week 2025: https://firewallsdontstopdragons.com/data-privacy-week-2025/
Private TikTok web app: https://www.sticktock.com/
Enabling Apple’s Advanced Data Protection: https://support.apple.com/en-us/108756
OSINT location analysis examples: https://gralhix.com/list-of-osint-exercises/osint-exercise-001/
Claw Your Data Back tool: https://cyd.social/
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Generate secure passphrases! https://d20key.com/#/

Use these timestamps to jump to a particular section of the show.

0:00:07: Intro
0:01:03: Listener survey ended
0:01:37: News preview
0:03:54: Trump signs order refusing to enforce TikTok ban for 75 days
0:10:02: Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision
0:14:50: macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically
0:21:51: Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams
0:24:51: Clever iPhone Smishing attack
0:28:35: PowerSchool hack keeps getting worse
0:32:55: The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds
0:43:37: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
0:49:28: 5G fuzzing
0:54:02: Allstate sued, FTC Bans GM data selling, fitness device data
0:56:52: FISA 702 court victory
1:01:23: Tip of the Week: Treat Plugins Like Apps
1:08:12: Wrap up and looking ahead

402 epizódok

#Carey Parker #Security #Tech #Software Development #Second Half

Minden epizód

1
Back to The L0pht 1:03:21

1 day1:03:21

1:03:21

Today, we travel back in time and back to The L0pht with one of the original founders of L0pht Heavy Industries, Weld Pond (aka Chris Wysopal). We’ll talk about how hacker culture has impacted modern technology, cybersecurity practices and digital rights, while sprinkling in some classic and hilarious stories from hacker history by someone who lived them. Interview Notes Veracode: https://www.veracode.com/ L0pht.com: https://l0pht.com/ L0pht Congressional testimony 1998: https://www.youtube.com/watch?v=VVJldn_MmMY DEF CON 26 reunion panel: https://archive.org/details/youtube-noE4o-roAWM MIT Lockpicking guide: https://archive.org/details/mit-guide-to-lock-picking-v05/mode/2up The Open Organisation Of Lockpickers (TOOOL): https://toool.us/ 2600: https://www.2600.com/ Classic engineering references: https://bitsavers.org/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:16: intro 0:00:40: Interview setup 0:03:19: How did you come to be in The L0pht? 0:08:36: How did meeting in real life as well as online affect L0pht’s dynamics? 0:09:34: How did you find so much free and adandoned computer hardware? 0:13:44: How did you manage to just drive your van in the NSA parking lot? 0:19:20: What has been the lasting impact of your Congressional testimony in 1998? 0:21:45: How did you come to invite cyber czar Richard Clarke to The L0pht? 0:27:17: How have hackers pushed back against overreach from corporations? 0:36:05: Why are lockpicking and computer hacking so closely related? 0:40:55: Is it easier or harder to be a hacker today versus when you started? 0:45:56: Are we still fighing the Crypto Wars of the 90s? Are we winning? 0:51:17: Are there any glaring misconceptions about The L0pht you’d like to fix? 0:55:16: Where are The L0pht folks now and what are they up to? 0:57:51: Interview wrap-up 1:00:59: Patron bonus preview 1:01:35: Looking ahead…

1
Onion Routing 1:13:45

8 napja1:13:45

1:13:45

Not all Privacy Enhancing Technologies are new – but this one is probably new to you. Onion routing was developing in the 1990’s by the US government and is the basis for the Tor Network. Onion routing does one thing very well: it masks your actual IP address. While you can use a VPN for this purpose, onion routing adds a different layer of anonymity – and it’s just a cool technology. Today I’ll explain how it works, how to use it, and the pros and cons of doing so. In other news: Bitly is leveraging its URL-shortening empire to monetize your links; a major car company is experimenting with in-car pop up ads; a cautionary tale about law enforcement’s access to private phone data; Russian spies are using a clever new phishing technique to gain access to Microsoft 365 accounts; Apple pulls its Advanced Data Protection feature from the UK market in response to demands to ‘backdoor’ its encryption; and whatever your political beliefs, the chaos and careless changes made by the DOGE group are seriously undermining national security. Article Links [tedium.co] Broken Bits https://tedium.co/2025/02/07/bitly-terms-of-service-change/ [techstory.in] Stellantis Introduces Pop-Up Ads in Vehicles, Sparking Outrage Among Owners https://techstory.in/stellantis-introduces-pop-up-ads-in-vehicles-sparking-outrage-among-owners/ [arstechnica.com] No warrant or crimes—but Oregon woman’s nudes were shared after illegal phone search https://arstechnica.com/tech-policy/2025/02/no-warrant-or-crimes-but-oregon-womans-nudes-were-shared-after-illegal-phone-search/ [arstechnica.com] Russian spies use device code phishing to hijack Microsoft accounts https://arstechnica.com/information-technology/2025/02/russian-spies-use-device-code-phishing-to-hijack-microsoft-accounts/ [bbc.com] Apple pulls data protection tool after UK government security row https://www.bbc.com/news/articles/cgj54eq4vejo [schneier.com] DOGE as a National Cyberattack https://www.schneier.com/blog/archives/2025/02/doge-as-a-national.html Tip of the Week: How Onion Routing Works: https://firewallsdontstopdragons.com/how-onion-routing-works/ Further Info Safe link shortener: https://kutt.it/ Read before using the Tor Browser: https://www.privacyguides.org/en/tor/ Tor Browser: https://www.torproject.org/download/ Onion sites that don’t suck: https://github.com/neilzone/onion-sites-that-dont-suck My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: News preview 0:02:19: Broken Bits 0:13:50: Stellantis Introduces Pop-Up Ads in Vehicles 0:20:28: Oregon woman’s nudes were shared after illegal phone search 0:28:03: Russian spies use device code phishing to hijack Microsoft accounts 0:35:07: Apple pulls data protection tool after UK government security row 0:45:58: DOGE as a National Cyberattack 0:59:54: Tip of the Week: Onion Routing 1:11:53: Wrap-up…

1
Security Planner 58:34

15 napja58:34

58:34

Generic security advice is good, but tailored advice is much better. Everyone’s situation is a little different. What are you trying to protect? Who or what are you trying to protect it from? What are the consequences of failure? This is called threat modeling. And thankfully, the wonderful folks at Consumer Reports have a free, easy-to-use Security Planner tool that will help anyone do this assessment and provide custom solutions. My guest today is Yael Grauer, who will help us understand how to think about our security and how the CR tool can help you protect your data and devices. Interview Notes Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/ Yael’s website: https://yaelwrites.com/ Big Ass Data Broker Opt Out List (BADBOOL): https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List Consumer Reports advocacy: https://advocacy.consumerreports.org/ CR’s Digital Standard: https://thedigitalstandard.org/ CR’s Consumer Readiness Report 2024 (PDF): https://innovation.consumerreports.org/wp-content/uploads/2024/09/2024-Consumer-Cyber-Readiness-Report.pdf How to choose a PIN code: https://firewallsdontstopdragons.com/how-to-choose-a-pin/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:07: Interview setup 0:02:35: Yael introduction 0:04:19: What questions should we answer to get useful security advice? 0:06:41: How does Security Planner work? 0:08:03: How does Security Planner tailor its suggestions? 0:10:58: How do you decide what the most important factors are for security? 0:15:11: What might trigger me to re-run this tool and get a fresh report? 0:17:18: How does Consumer Reports research its recommendations? 0:19:59: How does CR vet the products and services that it recommends? 0:23:18: How do you weight things like convenience and ease of use? 0:27:34: Is it okay to make people pay for basic security features? 0:35:08: What role should government play in pushing for better security? 0:36:55: How important is transparency for driving better security? 0:39:15: What did the CR Cyber Readiness survey reveal? 0:43:22: Why do we choose bad passwords? 0:45:55: Why don’t companies provider better support for security problems? 0:51:39: What’s next for you and CR? How do we get updates? 0:53:43: Interview wrap-up 0:56:20: Patron bonus content preview 0:57:06: Looking ahead…

1
Crypto Wars 2.0 1:08:30

22 napja1:08:30

1:08:30

Privacy is a human right – and you don’t have to justify rights, you just have them. That’s kinda the whole point. But you do need to exercise them and defend them sometimes. It has been leaked that the UK is telling Apple to reveal the encrypted data of every single one of their users to the UK government under the auspices of the Investigatory Powers Act (and its recent controversial Amendment). This would be a privacy and security disaster, and we were not even supposed to know about it. In other news: Netgear warns of serious router bugs (so update your firmware now); DeepSeek AI app has serious security and privacy problems, but the AI model has real promise in other ways; AngelSense personal customer data exposed; Cybercrime groups exploit 7-Zip app flaws to bypass Windows protections; some clever Mac and iOS malware making the rounds; new Android Identity Check feature released, and I introduce some Privacy Enhancing Technologies. Article Links [Bleeping Computer] Netgear warns users to patch critical WiFi router vulnerabilities https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-critical-wifi-router-vulnerabilities/ [krebsonsecurity.com] Experts Flag Security, Privacy Risks in DeepSeek AI App https://krebsonsecurity.com/2025/02/experts-flag-security-privacy-risks-in-deepseek-ai-app/ [techcrunch.com] AngelSense exposed location data and personal information of tracked users https://techcrunch.com/2025/01/30/angelsense-exposed-location-data-and-personal-information-of-tracked-users/ [The Hacker News] Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html [appleinsider.com] New macOS malware disguises itself as Chrome & Zoom installers https://appleinsider.com/articles/25/02/04/new-macos-malware-disguises-itself-as-chrome-zoom-installers [macrumors.com] Apple Removed Apps Infested With Screen Reading Malware https://www.macrumors.com/2025/02/06/apple-removed-screen-reading-malware-apps/ [Bleeping Computer] New Android Identity Check locks settings outside trusted locations https://www.bleepingcomputer.com/news/security/new-android-identity-check-locks-settings-outside-trusted-locations/ [theverge.com] Apple ordered to open encrypted user accounts globally to UK spying https://www.theverge.com/news/608145/apple-uk-icloud-encrypted-backups-spying-snoopers-charter Tip of the Week: https://firewallsdontstopdragons.com/privacy-enhancing-technologies-pet/ Further Info Securing your router: https://firewallsdontstopdragons.com/secure-your-network-4-remediate/ Objective-See tools: https://objective-see.org/ Recommend news stories: send to news [at] firewallsdontstopdragons.com Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:06: Intro 0:00:20: Tax scams, ID.me 0:02:54: News preview 0:05:01: Netgear router vulnerabilities 0:08:17: DeepSeek AI has security problems, but also shows promise 0:19:36: AngelSense exposed personal information of tracked users 0:26:23: Russian Cybercrime Groups Exploiting 7-Zip Flaw 0:35:44: macOS stealer malware disguises itself as fake installer 0:42:30: New Apple malware uses OCR to mine secrets 0:46:00: New Android Identity Check locks settings outside trusted locations 0:49:10: Apple ordered to open encrypted user accounts globally to UK spying 1:04:56: Tip of the Week: Privacy Enhancing Technologies 1:06:36: Looking ahead…

1
Controlling Your Digital ID 1:09:26

29 napja1:09:26

1:09:26

In the real world, we present different aspects of ourselves in different environments: home, work, family, friends, school, etc. Why can’t we do this in the virtual world, as well? While marketers love to identify us with unique identifiers so they can track us mercilessly, there are tools we can use that will allow us to compartmentalize our digital lives just like we can in the real world. Today we’ll discuss the notion of decentralized identity with Dr. Paul Ashley, CTO of Anonyome Labs who runs the MySudo service. Interview Notes MySudo: https://anonyome.com/individuals/mysudo/ Anonyome Labs: https://anonyome.com/ Open Wallet Foundation: https://openwallet.foundation/ Verifiable Credentials (W3C): https://www.w3.org/TR/vc-data-model/ Privacy is Power interview: https://podcast.firewallsdontstopdragons.com/2024/11/25/privacy-is-power-2/ EFF on digital wallets: https://www.eff.org/deeplinks/2024/09/digital-id-isnt-everybody-and-thats-okay Further Info Recommend news stories: send to news [at] firewallsdontstopdragons.com Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:14: Intro 0:00:38: Getting more non-US news stories 0:02:44: Still waiting on big winner to reply 0:03:15: Intervew setup 0:05:23: How did Anonyome Labs get started? 0:12:20: Which identifiers are most valuable for tracking people? 0:15:19: Can you explain “de-centralized IDs ” and “identity wallets”? 0:24:28: Are there open standards for digital ID? 0:29:20: Can digital ID be used to privately verify your age online? 0:32:18: Can email relay companies see all your emails? 0:36:31: How about using a custom domain for creating email aliases? 0:38:50: Don’t a lot of sites reject email and phone numbers from alias services? 0:43:17: Do social media companies allow you to have multiple accounts? 0:46:37: What about ad ID’s and fingerprinting? 0:51:21: What happens if your virtual ID company goes bad or goes dark? 0:55:36: Can I trust the virtual ID companies with my privacy? 0:59:07: Are there downsides or gotchas to using services like these? 1:00:51: How can we convince companies to respect our privacy? 1:04:48: What else is MySudo working on? 1:07:41: Interview wrap-up 1:08:17: Patron preview 1:08:42: Looking ahead…

1
Treat Plugins Like Apps 1:10:45

5 weeks1:10:45

1:10:45

Software plugins allow you to add functionality to existing applications. Web browsers commonly use these extensions to add functionality like shopping helpers, password managers, ad blockers and much, much more. In a way, these add-ons are like “apps” for the browser. Like apps, they can view and manipulate your data. In the browser, they may alter the web page, track pages you visit, and even mine any data you might enter into web forms. Also like apps, plugins can have permissions which you must agree to when you install them. Therefore, we need to be very careful which plugins we install and make sure we trust the maker. Today I’ll explain how to audit your plugins. In other news: The TikTok ban has been given a 75-day reprieve; the Trump administration fires scores of cybersecurity experts; Apple Intelligence will soon be enabled by default on iPhones and Macs; some clever researchers have hacked the iPhone USB-C connection; a tricky new smishing campaign tricks users into bypassing Apple protections; PowerSchool hack affects 62M students and 9M teachers; new AI took can identify where a photo was taken; Subaru hack exposes scary amount of location data collection; fuzzing tool find over 100 bugs in modern cellular network; Texas sues Allstate for using private car data; FTC to ban GM from sharing location info; exercise equipment collects lots of personal data; federal court finally rules that Section 702 FISA data access requires a warrant. Article Links [theverge.com] Trump signs order refusing to enforce TikTok ban for 75 days https://www.theverge.com/2025/1/20/24348213/trump-tiktok-ban-executive-order-sale-delay-china [techcrunch.com] Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decision/ [macrumors.com] macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically https://www.macrumors.com/2025/01/21/macos-sequoia-15-3-apple-intelligence-opt-out/ [9to5mac.com] Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams https://9to5mac.com/2025/01/14/security-vulnerability-in-iphones-usb-c-port-and-a-gotcha-with-imessage-scams/ [Tech Radar] PowerSchool hack keeps getting worse – 62 million students now thought to be affected https://www.techradar.com/pro/security/powerschool-hack-keeps-getting-worse-62-million-students-now-thought-to-be-affected [404media.co] The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/ [wired.com] Subaru Security Flaws Exposed Its System for Tracking Millions of Cars https://www.wired.com/story/subaru-location-tracking-vulnerabilities/ [The Hacker News] RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html [gizmodo.com] Texas Sues Allstate for Collecting Driver Data to Raise Premiums https://gizmodo.com/texas-sues-allstate-for-collecting-driver-data-to-raise-premiums-2000549878 [techcrunch.com] GM banned from sharing driving and location data with insurance companies https://techcrunch.com/2025/01/17/gm-banned-from-sharing-driving-and-location-data-with-insurance-companies/ [consumerreports.org] Your Exercise Bike Knows a Lot About You—and It Doesn’t Keep Every Secret https://www.consumerreports.org/health/health-privacy/exercise-machine-privacy-a3907557984/ [eff.org] VICTORY! Federal Court (Finally) Rules Backdoor Searches of 702 Data Unconstitutional https://www.eff.org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searches-702-data-unconstitutional Tip of the Week: Treat Extensions Like Apps: https://firewallsdontstopdragons.com/treat-extensions-like-apps/ Further Info Data Privacy Week 2025: https://firewallsdontstopdragons.com/data-privacy-week-2025/ Private TikTok web app: https://www.sticktock.com/ Enabling Apple’s Advanced Data Protection: https://support.apple.com/en-us/108756 OSINT location analysis examples: https://gralhix.com/list-of-osint-exercises/osint-exercise-001/ Claw Your Data Back tool: https://cyd.social/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:03: Listener survey ended 0:01:37: News preview 0:03:54: Trump signs order refusing to enforce TikTok ban for 75 days 0:10:02: Trump administration fires members of cybersecurity review board in “horribly shortsighted” decision 0:14:50: macOS Sequoia 15.3 and iOS 18.3 Enable Apple Intelligence Automatically 0:21:51: Security vulnerability in iPhone’s USB-C port, and a gotcha with iMessage scams 0:24:51: Clever iPhone Smishing attack 0:28:35: PowerSchool hack keeps getting worse 0:32:55: The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds 0:43:37: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars 0:49:28: 5G fuzzing 0:54:02: Allstate sued, FTC Bans GM data selling, fitness device data 0:56:52: FISA 702 court victory 1:01:23: Tip of the Week: Treat Plugins Like Apps 1:08:12: Wrap up and looking ahead…

1
Reclaiming Data Privacy 1:00:50

6 weeks1:00:50

1:00:50

There are way too many data brokers and they have way too much of our data. We’ve talked a lot lately about what you can do to reclaim your privacy and claw back some of that data and today I’m going to give you yet another interesting tool for your privacy toolbox: Permission Slip. This app and the related service, brought to you by Consumer Reports, will work on your behalf to request that these data brokers relinquish your information, or at least suppress the sharing of that data to the extent that’s legally possible. The tool has some helpful and interesting features that you may not find on other, similar services. Sukhi Gulati GIlbert is my guest today and will explain why you should consider using this tool and how it supports the overall effort to rein in dangerous business of data mining. Interview Notes Permission Slip app: https://permissionslipcr.com/ Protecting Your Privacy Online: https://www.consumerreports.org/electronics/privacy/from-our-president-protecting-your-privacy-online-a1603013649/ Digital Security & Privacy: https://www.consumerreports.org/digital-security-privacy/ CR Report on data deletion services (PDF): https://innovation.consumerreports.org/wp-content/uploads/2024/08/Data-Defense_-Evaluating-People-Search-Site-Removal-Services-.pdf California data broker registry: https://cppa.ca.gov/data_broker_registry/ How to download the Vermont data broker list (which doesn’t seem to work): https://www.muckrock.com/foi/vermont-80/vermont-data-broker-db-107096/ My article series on data deletion: https://firewallsdontstopdragons.com/osint-reconnaissance/ Further Info Annual listener survey!! https://fdsd.me/survey2025 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:12: Intro 0:00:51: Couple quick news notes 0:01:45: Last call: listener survey 0:02:47: Interview setup 0:03:48: What brought you to Consumer Reports and the Permission Slip app? 0:07:19: How does Permission Slip compare to other data deletion services? 0:14:17: Where are the data brokers getting so much of our personal info? 0:17:00: How do I use Permission Slip? 0:21:47: What info does Permission Slip give to brokers? 0:24:42: Is it more effective to request data deletion yourself versus using a service? 0:31:12: What level of success should I expect when deleting my data? 0:33:16: Are there any limitations or exclusions for data deletion? 0:38:19: What if you live in a state or country with no privacy laws? 0:39:44: Can we limit access to our public data records? 0:41:24: Does freezing your credit do anything to limit data sharing? 0:43:53: How broken is the ‘notice and consent’ model for privacy? 0:45:57: Would it help to actively spread incorrect personal info? 0:48:31: How else can we reduce our data footprint? 0:50:04: What’s next for Consumer Reports in terms of privacy? 0:53:46: What does Permission Slip Pro cost? 0:55:19: Interview wrap-up 0:59:11: Patron content preview 0:59:50: Looking ahead…

1
New Year’s Resolutions 2025! 1:05:57

7 weeks1:05:57

1:05:57

The start of a new year is always a good time to add some big juicy goals to your to-do list – call them New Year’s Resolutions, if that works for you, but really it’s just about making up your mind to tackle some important personal objectives. Today I’ll give you several ideas to improve your privacy and security in 2025, and those around you. In the news: dozens of malicious Chrome Browser extensions identified; net neutrality is dead, again, and probably for good this time; Apple to pay a meager $95M to settle a Siri privacy class action suit; Apple’s new Enhanced Visual Search is enabled by default and sending data to Apple; proposed ban on TP-Link routers is missing the real problem; Google’s change in its Privacy Sandbox policy seems to now allow the use of device fingerprinting; proposed HIPAA amendments will close major health data security gaps. Article Links [Ars Technica] Time to check if you ran any of these 33 malicious Chrome extensions https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/ Terms of service study: https://www.helpnetsecurity.com/2016/07/14/agree-terms-conditions-lie/ [nytimes.com] Net Neutrality Rules Struck Down by Appeals Court https://www.nytimes.com/2025/01/02/technology/net-neutrality-rules-fcc.html [reuters.com] Apple to pay $95 million to settle Siri privacy lawsuit https://www.reuters.com/legal/apple-pay-95-million-settle-siri-privacy-lawsuit-2025-01-02/ [macrumors.com] Apple Says Siri Data Has Never Been Sold or Used for Marketing https://www.macrumors.com/2025/01/06/apple-siri-data-not-sold-for-marketing/ [9to5mac.com] Enhanced Visual Search shares your photos with Apple by default, to identify landmarks https://9to5mac.com/2024/12/30/enhanced-visual-search-shares-your-photos-with-apple-by-default-to-identify-landmarks/ [csoonline.com] No evidence that TP-Link routers are a Chinese security threat https://www.csoonline.com/article/3504775/no-evidence-that-tp-link-routers-are-a-chinese-security-threat.html [Lukasz Olejnik blog] Biggest Privacy Erosion in 10 Years? On Google’s Policy Change Towards Fingerprinting https://blog.lukaszolejnik.com/biggest-privacy-erosion-in-10-years-on-googles-policy-change-towards-fingerprinting/ [Dark Reading] Proposed HIPAA Amendments Will Close Healthcare Security Gaps https://www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps Tip of the Week: https://firewallsdontstopdragons.com/new-years-resolutions-2025/ Further Info Annual listener survey!! https://fdsd.me/survey2025 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:01:24: News preview 0:02:59: Time to check if you ran any of these 33 malicious Chrome extensions 0:12:51: Net Neutrality Rules Struck Down by Appeals Court 0:16:49: Apple to pay $95 million to settle Siri privacy lawsuit 0:19:02: Apple Says Siri Data Has Never Been Sold or Used for Marketing 0:26:29: Enhanced Visual Search shares your photos with Apple by default 0:35:23: No evidence that TP-Link routers are a Chinese security threat 0:47:01: Biggest Privacy Erosion in 10 Years? On Google’s Policy Change Towards Fingerprinting 0:53:08: Proposed HIPAA Amendments Will Close Healthcare Security Gaps 0:57:16: Tip of the Week: New Years Resolutions for 2025! 1:04:53: Wrap-up…

1
ALPRs Are Everywhere 1:03:45

8 weeks1:03:45

1:03:45

There are many ways in which we are tracked in the real world, but one of the most ubiquitous and insidious technologies is Automated License Plate Readers. These camera systems are deployed in just about every city by both public and private organizations. Furthermore, the third parties who sell and operate these systems collect and collate data from around the country, making it available to law enforcement and marketing firms. Because these systems capture images of your car, they can also document the make, model and color, any distinguishing marks, and even bumper stickers. Today we’ll discuss how and where these systems are deployed, who has access to the data, the repercussions of this mass surveillance and how it can go horribly wrong with my guests Adam Schwartz and Gowri Nayar from the Electronic Frontier Foundation. Interview Notes Donate to the EFF: https://supporters.eff.org/donate/join-eff-today The Human Toll of ALPR Errors: https://www.eff.org/deeplinks/2024/11/human-toll-alpr-errors EFF’s Street Level Surveillance: https://sls.eff.org/ Community Control of Police Surveillance (CCOPS): https://www.eff.org/issues/community-control-police-surveillance-ccops US 100-mile “border zone” facts: https://www.aclu.org/know-your-rights/border-zone Flock camera map: https://www.404media.co/the-open-source-project-deflock-is-mapping-license-plate-surveillance-cameras-all-over-the-world/ DeFlock: https://deflock.me Flock transparency page example: https://transparency.flocksafety.com/riverside-county-ca-sd Further Info Annual listener survey!! https://fdsd.me/survey2025 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:20: Intro 0:01:24: Listener survey and book giveaway 0:03:16: ShmooCon in DC this weekend 0:04:21: Interview setup 0:05:27: What prompted you to write about ALPRs? 0:08:11: How do ALPRs work and what info can they capture? 0:10:14: How long have ALPRs been around and how is EFF tracking their use? 0:11:34: Where are these systems deployed? How do we recognize them? 0:14:19: How does mobile ALPR data collection work? 0:15:58: Are police departments transparent about the use of ALPRs? 0:18:09: Is there a way know where ALPR systems are deployed? 0:20:46: How accurate are ALPRs? What are the consequences of failure? 0:22:37: Are license plate “hot lists” shared across jurisdictions? 0:25:41: Where is ALPR data stored? For how long? Who has access? 0:27:40: Is ALPR data shared among local and federal agencies? How often is the data abused? 0:31:04: Do the ALPR system operators sell this data to anyone else? 0:36:04: What legal expectation of privacy do I have in public spaces? 0:42:57: How does the legal “third party doctrine” apply to ALPR data? 0:45:01: How do we balance the need to catch bad guys with the use of surveillance tech? 0:50:18: Is there any surveillance tech that EFF feels should be banned outright? 0:52:17: Does EFF consult with law enforcement on deployment of surveillance tech? 0:53:05: If we’re concerned about surveillance tech being deployed, what can we do? 0:58:19: Interview wrap-up 0:59:29: Notes on the “border zone” width in the US 1:01:09: Patron preview 1:02:01: Survey reminder 1:02:50: Looking ahead…

1
Best of Bonus 2024! 54:02

9 weeks54:02

54:02

Every week, I record a special, private bonus podcast for my patrons. Until today, all of that content was restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Micah Lee (author, journalist), Nick Weaver (cybersecurity researcher), Kate Black (health data specialist), Jason Edison (OSINT expert), Dani Cronce and Lizzie Moratti (TunnelVision hack), Bruce Schneier (cryptographer, author), and Carissa Véliz (author, professor). Original Interview Links Ep358: Micah Lee https://podcast.firewallsdontstopdragons.com/2024/01/08/investigating-data-leaks/ Ep360: Nick Weaver https://podcast.firewallsdontstopdragons.com/2024/01/22/rise-of-the-slaughterbots/ Ep368: Kate Black https://podcast.firewallsdontstopdragons.com/2024/03/18/health-data-privacy/ Ep386: Jason Edison https://podcast.firewallsdontstopdragons.com/2024/07/22/open-source-intelligence/ Ep388: Jack Daniel https://podcast.firewallsdontstopdragons.com/2024/08/05/catch-you-on-the-bside/ Ep396: Dani Cronce & Lizzie Moratti https://podcast.firewallsdontstopdragons.com/2024/09/30/tunnelvision-vpns-and-you/ Ep400: Bruce Schneier https://podcast.firewallsdontstopdragons.com/2024/10/28/episode-400-special/ Ep404: Carissa Véliz https://podcast.firewallsdontstopdragons.com/2024/11/25/privacy-is-power-2/ Related Links Micah’s book: https://hacksandleaks.com/ Nick Weaver: https://www1.icsi.berkeley.edu/~nweaver/ Security BSides: https://bsides.org/w/page/12194156/FrontPage Frankie’s Tiki Room (Las Vegas): https://frankiestikiroom.com/ Intel Techniques: https://inteltechniques.com/ TunnelVision: https://www.tunnelvisionbug.com/ Schneier Blog: https://www.schneier.com/ Privacy is Power: https://www.penguinrandomhouse.com/books/673341/privacy-is-power-by-carissa-veliz/ Further Info Check out my book, Firewalls Don’t Stop Dragons : https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:24: New Years coming up 0:00:48: Show preview 0:02:33: Ep358: Micah Lee – the Snowden docs 0:11:48: Ep360: Nick Weaver – other types of killer drones 0:18:02: Ep368: Kate Black – how do you know if a site or app respects health privacy? 0:20:22: Ep386: Jason Edison – what’s it like trying to protect the privacy of celebrities? 0:26:53: Ep388: Jack Daniel – the story of the Les Pukelele 0:33:39: Ep396: Dani Cronce & Lizzie Moratti – getting into hacking 0:42:08: Ep400: Bruce Schneier – can we ever make our devices secure out of the box? 0:48:01: Ep404: Cariss Veliz – should STEM students be required to take ethics classes? 0:53:05: Wrap-up…

1
Replay: Golden Age of Surveillance 42:21

10 weeks42:21

42:21

I'm digging into the vault for a classic replay! I first interviewed Phil Zimmermann, creator of Pretty Good Privacy (PGP), on May 7, 2018. It was Episode 63 (we're now at 408) and it was entitled "We Now Live in the Golden Age of Surveillance". In this episode we talk a little about the origins of PGP in the 1990's and what he feels about the FBI's claims that we're "going dark" due to strong end-to-end encrypted communications. I've added some new commentary, but the original episode is preserved in all of its original glory! Interview Notes Original Ep63 interview: https://podcast.firewallsdontstopdragons.com/2018/05/07/we-now-live-in-the-golden-age-of-surveillance/ Ep214: Social Media is Ruining Society https://podcast.firewallsdontstopdragons.com/2021/04/05/social-media-is-ruining-society/ Ep243: Through the Past, Privately: PGP Turns 30 https://podcast.firewallsdontstopdragons.com/2021/10/25/through-the-past-privately-pgp-turns-30/ Phil Zimmermann’s website: https://philzimmermann.com/ Further Info Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Flashback setup 0:02:18: Original intro 0:03:20: What drove you to create PGP? 0:06:32: Why were you prosecuted for PGP? 0:13:08: Isn't banning cryptography like trying to ban math? 0:15:13: What's the difference between security and privacy? 0:17:04: Is it possible to be truly anonymous online today? 0:19:06: How is the average person tracking online today? 0:21:49: What are the most private ways to communicate online? 0:24:44: How do we identify trustworthy attachments? 0:25:30: How secure is SMS (texting)? 0:29:41: Are we "going dark"? 0:32:44: Can we escape mass surveillance? 0:36:35: What's next for you? 0:38:09: Original interview wrap-up 0:40:38: Flashback wrap-up 0:41:00: ShmooCon 2025 0:41:56: Looking ahead…

1
Best of 2024! 1:32:29

11 weeks1:32:29

1:32:29

I've had some truly amazing interviews this past year. For your listening enjoyment, I've curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you've never listened to my podcast, this will give you a taste of what you're missing! If you're a regular listener, this will be a fun trip down memory lane, complete with a little new commentary. Enjoy! Original Interview Links Ep362: Patrick Wardle https://podcast.firewallsdontstopdragons.com/2024/02/05/securing-your-mac/ Ep364: Jen Caltrider https://podcast.firewallsdontstopdragons.com/2024/02/19/car-privacy-is-horrid/ Ep366: 404 Media https://podcast.firewallsdontstopdragons.com/2024/03/04/how-our-data-is-abused/ Ep375: Dina Temple-Raston https://podcast.firewallsdontstopdragons.com/2024/05/13/inside-ukraines-it-army/ Ep378: Naomi Brockwell https://podcast.firewallsdontstopdragons.com/2024/05/27/why-privacy-matters/ Ep380: Joseph Cox https://podcast.firewallsdontstopdragons.com/2024/06/10/anom-the-fbis-phone-company/ Ep382: Byron Tau https://podcast.firewallsdontstopdragons.com/2024/06/24/means-of-control/ Ep386: Jason Edison https://podcast.firewallsdontstopdragons.com/2024/07/22/open-source-intelligence/ Ep392: Andy Yen https://podcast.firewallsdontstopdragons.com/2024/09/02/crazy-proton-summer/ Ep398: Space Rogue (Cris Thomas) https://podcast.firewallsdontstopdragons.com/2024/10/14/l0pht-heavy-industries/ Ep400: Bruce Schneier https://podcast.firewallsdontstopdragons.com/2024/10/28/episode-400-special/ Ep402: Stacey Higginbotham https://podcast.firewallsdontstopdragons.com/2024/11/11/cutting-the-software-tether/ Ep404: Carissa Veliz https://podcast.firewallsdontstopdragons.com/2024/11/25/privacy-is-power-2/ Related Links Objective-See: https://objective-see.org/ 404 Media: https://www.404media.co/ Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/ Click Here: https://therecord.media/podcast NBTV: https://www.nbtv.media/ Dark Wire: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/ Means of Control: https://www.penguinrandomhouse.com/books/706321/means-of-control-by-byron-tau/ Intel Techniques: https://inteltechniques.com/ Proton: https://proton.me/ Space Rogue book: https://www.amazon.com/Space-Rogue-Hackers-Known-Changed-ebook/dp/B0BRQWPBGL Schneier Blog: https://www.schneier.com/ Privacy is Power: https://www.penguinrandomhouse.com/books/673341/privacy-is-power-by-carissa-veliz/ Further Info Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Show preview 0:02:22: Ep362: Patrick Wardle - Mac hardening 0:05:55: Ep364: Jen Caltrider - Car privacy not included 0:11:13: Ep366: 404 Media - abuse of public camera data 0:21:35: Ep375: Dina Temple-Raston - what we should learn from the cyber war in Ukraine 0:30:41: Ep378: Naomi Brockwell - fighting for our privacy 0:36:40: Ep380: Joseph Cox - what did law enforcement learn from Anom? 0:39:22: Ep382: Byron Tau - how law enforcement hides their data gathering 0:45:43: Ep386: Jason Edison - how does law enforcement view mass surveillance? 0:57:10: Ep392: Andy Yen - why Proton embraced AI tech 1:04:08: Ep398: Space Rogue (Cris Thomas) - do you need a college degree to work in cybersecurity? 1:11:05: Ep400: Bruce Schneier - how AI will change politics and law 1:19:02: Ep402: Stacey Higginbotham - escrowing money to address I...…

1
Deleting Your Data 56:44

12 weeks56:44

56:44

Have you ever searched for your personal information online? There are dozens of "people search sites" out there, but a simple Google search can also find information about you, too. Behind the scenes, there are hundreds if not thousands of data brokers who are scouring the web constantly for your info creating dossiers on all of us, for sale to anyone willing to pay. We have no federal privacy laws in the US, but even if you live in the EU (with GDPR) or a US state with some privacy protections (like California), you still may find your data online - because much it comes from public records, including voting records, property tax records, and legal filings. How do you find your data? Where did it come from? And more important, what can you do about it? Today will discuss this and more with Ben and Tyler, the founders of data deletion service EasyOptOuts. Interview Notes EasyOptOuts: https://easyoptouts.com/ Consumer Reports study: https://www.consumerreports.org/electronics/personal-information/services-that-delete-data-from-people-search-sites-review-a2705843415/ Brian Krebs on Radaris: https://krebsonsecurity.com/2024/03/a-close-up-look-at-the-consumer-data-broker-radaris/ My blog series on data removal: https://firewallsdontstopdragons.com/osint-reconnaissance/ Jason Edison OSINT interview: https://podcast.firewallsdontstopdragons.com/2024/07/22/open-source-intelligence/ Big Ass Data Broker Opt Out List: https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List Further Info Help me reach more people! https://fdsd.me/awareness2 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:04: Staying up to date during December 0:01:45: NPR shout out? 0:02:25: Interview setup 0:04:11: Why did you get into the data deletion business? 0:05:58: How does EasyOptOuts differentiate its service? 0:09:35: Where do these data brokers get all my information? 0:13:37: How often do you find errors in people's information on these sites? 0:15:36: What are the names of some of the top data brokers? Would we know them? 0:17:34: Will a credit freeze prevent data sharing? 0:19:02: What does it cost to get these people reports? 0:21:21: Have you tried deleting data from the recently breached National Public Data? 0:23:02: How do the various US state privacy laws impact our ability to delete our data? 0:27:52: How many data brokers operate in non-US/EU jurisdictions? 0:29:00: Who is selling my data that would surprise me? 0:31:26: How did we consent to this data sharing and can we opt out? 0:34:14: If I wanted to try to clean up my data myself, how would I go about that? 0:38:09: How do I avoid giving away more information while I try to prove my identity? 0:41:34: If I would rather use a deletion service, how does that work and what does it cost? 0:46:39: After deletion, will my data just be replenished after some amount of time? 0:48:01: Any final pro tips on reducing my public data? 0:51:02: Interview wrapup 0:53:26: Patron bonus content preview 0:54:05: Plan for December shows…

1
Letters from the Mailbag 1:03:36

13 weeks1:03:36

1:03:36

It's been too long since I've dipped into the listener mailbag, so today I'm going to answer a small selection of your questions on the air! Topics include privacy-respecting baby monitors, the "IoT network" on some Orbi routers, why you can't really use a computer monitor as a "dumb" TV, and whether browser privacy plugins work on first party tracking. We'll also cover some news stories: why you shouldn't upload medical images to AI chatbots; the Fancy Bear "nearest neighbor" attack; Google's new website link overlays; the curious case of cutting undersea internet cables; Microsoft's new Windows Resiliency Initiative; mobile pay apps coming under regulatory scrutiny; iPhone's new tool to strip metadata from shared photos; and Google now warning you about suspicious apps. Article Links [techcrunch.com] PSA: You shouldn’t upload your medical images to AI chatbots https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/ [darkreading.com] Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network https://www.darkreading.com/cyberattacks-data-breaches/fancy-bear-nearest-neighbor-attack-wi-fi [9to5google.com] Google’s iOS app now injects links on third-party websites that go back to Search https://9to5google.com/2024/11/25/google-ios-app-link-annotations-search/ [newsweek.com] Chinese Vessel Allegedly Drags Anchor, Severs Undersea Cable Links https://www.newsweek.com/chinese-vessel-allegedly-drags-anchor-severs-undersea-cable-links-1992580 [dw.com] Hybrid warfare on the seabed? https://www.dw.com/en/baltic-sea-underwater-cable-damage-highlights-hybrid-warfare-on-critical-infrastructure/a-70853706 [theverge.com] Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident https://www.theverge.com/2024/11/19/24299873/microsoft-windows-resiliency-initiative-crowdstrike-incident [lifehacker.com] Venmo, Apple Pay, and Other Payment Apps Are About to Be More Regulated https://lifehacker.com/money/payment-apps-are-about-to-be-more-regulated [lifehacker.com] Your iPhone Can Now Automatically Remove Location Data From Photos You Share Online https://lifehacker.com/tech/your-iphone-can-now-automatically-remove-location-data-from-photos-online [lifehacker.com] The Google Play Store Will Soon Warn You Before You Download a Bad App https://lifehacker.com/tech/the-google-play-store-will-warn-you-bad-app Further Info ExifTool: https://exiftool.org/ Help me reach more people! https://fdsd.me/awareness2 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:51: Holiday PSA 0:02:12: News preview 0:03:59: PSA: You shouldn’t upload your medical images to AI chatbots 0:07:22: Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network 0:12:59: Google’s iOS app now injects links on third-party websites that go back to Search 0:15:10: Chinese Vessel Allegedly Drags Anchor, Severs Undersea Cable Links 0:18:17: Hybrid warfare on the seabed? 0:27:19: Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident 0:33:11: Venmo, Apple Pay, and Other Payment Apps Are About to Be More Regulated 0:36:30: Your iPhone Can Now Automatically Remove Location Data From Photos You Share Online 0:42:23: The Google Play Store Will Soon Warn You Before You Download a Bad App 0:46:20: Finding a private, secure baby monitor 0:50:44: IoT Network on Netgear Orbi routers? 0:52:50: Using a computer monitor as a dumb TV?…

1
Privacy is Power 1:01:33

14 weeks1:01:33

1:01:33

Privacy has been defined in many ways. The right to tell your story your own way. The right to have control over your personal information. The right to be left alone. There's a reason we have T-shirts that say "dance like no one is watching". We censor ourselves when we're being watched. But if knowledge is power, then asymmetries in knowledge must lead to asymmetries in power. Privacy is a human right but it's also a collective good - something we need to respect and support, even if we do not personally feel the need to exercise it. Today I'll explore why privacy is essential, how it is being threatened, and what we can do to reclaim it with Carissa Véliz, a professor of philosophy and author of the wonderful and important book, Privacy is Power. Interview Notes Carissa’s website: https://www.carissaveliz.com/ Privacy is Power: https://www.penguinrandomhouse.com/books/673341/privacy-is-power-by-carissa-veliz/ My review of her book: https://firewallsdontstopdragons.com/privacy-is-power-review/ The Ethics of Privacy and Surveillance: https://www.oxford-aiethics.ox.ac.uk/blog/new-book-ethics-privacy-and-surveillance TEDx: The Case for Ending Data Economy: https://www.youtube.com/watch?v=luCXlPYrTP4 Google’s Don’t Be Evil motto history: https://en.wikipedia.org/wiki/Don't_be_evil Give Thanks & Donate! https://firewallsdontstopdragons.com/give-thanks-donate/ Further Info Help me reach more people! https://fdsd.me/awareness2 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Give Thanks & Donate! 0:01:27: Follow me on Bluesky 0:02:06: Interview setup 0:04:17: What inspired you to write this book? 0:07:04: What impacts has your book had? Did any response surprise you? 0:10:01: When researching the book, what surveillance methods most surprised you? 0:13:31: How and when did all this surveillance start? 0:15:40: Are behavior ads really more effective than contextual ads? 0:19:04: Is it possible to have privacy and still target ads? 0:22:08: What's your take on Google's Privacy Sandbox concept? 0:23:57: Why is the 'notice and consent' model such a failure? 0:28:14: What's your take on the notion of data sovereignty? 0:30:09: Why is privacy a collective good that we all need to protect? 0:32:12: How does asymmetry in knowledge lead to asymmetry in power? 0:34:06: Are we at risk of normalizing surveillance for future generations? 0:37:09: What will it take to trigger a surveillance backlash? 0:40:21: What can we learn from history about overzealous data collection? 0:43:35: How will AI technology impact our privacy? 0:49:30: Can we reap the benefits of our data without giving up privacy? 0:52:45: How do we manifest a society that values and respects privacy? 0:56:15: Interview wrap-up 0:58:36: Still celebrating 400th episode! 0:59:02: Looking ahead…

Üdvözlünk a Player FM-nél!

A Player FM lejátszó az internetet böngészi a kiváló minőségű podcastok után, hogy ön élvezhesse azokat. Ez a legjobb podcast-alkalmazás, Androidon, iPhone-on és a weben is működik. Jelentkezzen be az feliratkozások szinkronizálásához az eszközök között.