Holiday shopping season is here! And today I'll give you the highlights of my annual Best & Worst Gift Guide for 2024, with regard to privacy and security. The worst offenders may not surprise you, though some have actually gotten worse since just last year. And I have a few new suggestions for people on your nice list! In the news this week: another popular browser extension has gone rogue; Mozilla laid off 30% of their staff; FBI warns that bad guys are filing fraudulent...

Device manufacturers are breathing new life into old mundane products by connecting them to the internet, giving us the ability to monitor and control them from anywhere. However, this connection to the cloud works both ways. Not only do device makers now have unprecedented access to our usage and personal information, but they can hobble or limit our use of these devices at their whim. Today I'll speak with IoT expert Stacey Higginbotham who is working with Consumer Reports and other...

Our location is being tracked mercilessly today, in several ways. In the digital age, location data is among the most sensitive information we share, providing a record of our daily lives that can reveal where we live, who we associate with, and our personal routines. For app developers, marketers, and even law enforcement, this data is a goldmine for the ‘app economy’. Today I’ll talk about the most common sources of location data and give you some tips for limiting the tracking. In...

The first episode of Firewalls Don't Stop Dragons Podcast aired on March 8, 2017 - almost 8 years ago now. Over that time, I've interviewed over 135 unique and amazing people, covered countless cybersecurity and privacy stories, and offered 100's of tips for protecting your devices and data. To celebrate this momentous occasion, world-renowned cryptography guru Bruce Schneier has returned to for our traditional Podcentennial interview! We discuss several timely topics including the...

Artificial Intelligence (AI) is the buzzword of the day. There are many types of AI, but one particular flavor is getting a lot of press these days: chatbots. Formally referred to as Large Language Models (LLMs), chatbots like ChatGPT, Claude and Gemini are everywhere - either directly or integrated with other popular apps. This technology is real and it's here to stay, so it's important that we understand what it is, how it works, and what the limitations are. Today I'll explore some aspects...

L0pht Heavy Industries (pronounced "loft") was one of the most influential hacker groups in history. Unlike many others, L0pht carefully cultivated a relationship with mass media, sold profitable products, started businesses, and even testified before the US Senate. Cris Thomas, aka Space Rogue, was one of the earliest members of the L0pht and he recently published a book chronicling the groups long and storied history called Space Rogue: How the Hackers Known As L0pht Changed the World....

Sometimes it’s obvious when your accounts are hacked. Maybe your money is gone. Maybe you can no longer log in using the password you know is correct. Maybe everyone you know has gotten a scam email from you that you didn’t send. But sometimes bad guys aren’t so obvious. They may lurk around in your accounts to gather information for identity theft or in hopes of gaining access to other more lucrative accounts. I'll tell you how to find out. In other news: CA governor vetoes opt-out...

Two security researchers showed how many modern VPN services are vulnerable to malicious misconfiguration, exposing some or all of your internet traffic. While this is not likely to impact most of us, it does expose the limitations of Virtual Private Networks and why they are not silver bullets for security of privacy - despite many marketing claims to the contrary. Today we'll discuss how TunnelVision works, how it can be mitigated, and how this affects different privacy threat models with...

We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices. In other news: I explain why most people are not in...

You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our...

Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase - like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread. In other news: Telegram's CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it's really not; if you think ads and tracking are bad now,...

Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy...

The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not. In other news: Illinois waters down its landmark biometric information law; US court rules...

Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my...

It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web. In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but...

Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different...

Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I'm not going to hold my breath. I'll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future. In other news: Google finally throws in the towel on blocking...

If someone decided to dig into your life - perhaps even try to 'dox' you - how might they go about doing that? What could they find about you right now on the internet? You might be surprised at how much information is readily available from public sources, including your local government agencies and state databases. Today I'll be talking with Jason Edison from Intel Techniques whose day job is using open source intelligence, or OSINT, to find suspected criminals and whose night job is...

Ads on the web are beyond annoying - they are actually a threat to your privacy and sometimes even your security. Ads pay for a lot of the "free" web content we consume, but until ad networks stop tracking us and selling ad space to phishing and malware groups, we need tools to block them. Today I'll give you two solid options for doing so. In the news: Australian man charged for WiFi scam on flights; Airbnb reveals 35,000 complaints about hidden cameras; Linksys routers expose WiFi...

We're generating a ridiculous amount of data every day. Much of it is highly personal and that's dangerous. But there are actually several Privacy Enhancing Technologies that may allow us to use this personal data to improve our collective quality of life without ruining the privacy of the data subjects. I'll be discussing these PETs with Irene Knapp who spent five years working in the privacy department at Google. I will also spend a good bit of time asking them about what it's like working...

We've talked about how to backup your local device data and how to back up data that is primarily stored in the cloud. But there's a lot of important, irreplaceable data we take for granted: data owned by others. This might be shared online photo albums, cloud document collaborations, eBooks and other digital media, and even websites you frequently rely on. Today we'll talk about how you can make local copies of these files in case they should ever go offline. In other news: European...

Every day, we generate tons of digital exhaust: our web browsing, GPS location, online and in-store purchases, emails and messages, social media posts and feed viewing habits, and much, much more. Online marketers and data brokers have been living off these breadcrumbs for years. The intelligence and law enforcement agencies have found this data to be incredibly revealing, and they can buy most of this data on the open market without requiring any sort of warrant - and they have. This has...

Until recently, most of our important data lived primarily on our devices. Backing up that data often meant choosing a cloud backup service. But today, many of our most important photos and files are actually stored in the cloud. While cloud servers are supposed to be more robust than home computers with flaky hard drives and smartphones that get lost or stolen, it also means that someone else is in control of that data. Cloud services go offline, get bought out or even shut down. We now need...

Encrypted communications are important for everyone, even if you have nothing to hide. But they're also important when you're trying to hide global criminal operations. Drug smugglers and money launderers have special needs when it comes to secure messaging. Several phone companies were created to address this market. Unfortunately for the criminals, the most popular one - Anom - was secretly run by the FBI. Today Joseph Cox from 404 Media will tell us about this astoundingly audacious sting...