Episodes
Most major social media platforms are a hot mess. Your feed is filled with tons of crap you never asked to see and your data is mined mercilessly to serve you targeted ads. The promise of having a place to trade interesting posts with friends and family is now muddied up with sponsored content chosen by hidden algorithms optimized to keep you scrolling. It doesn't have to be that way. I've found something much better, and I'm inviting you to come join me.
In other news: Ticketmaster...
Published 06/03/24
Our privacy has never been more threatened. While some of us are vaguely aware of this, most of the rampant data collection and sharing is completely opaque. And the consequences are more dire than most of us realize. We can't afford to be complacent. We need to push back, to ask questions, and make better choices. Privacy-respecting apps and services do exist today. Making a deliberate and overt decision to use them will force the market (and our elected representatives) to take notice. My...
Published 05/27/24
Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing.
In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension...
Published 05/20/24
Russia has been hacking Ukraine for at least a decade now, but since the invasion of Ukraine in February of 2022, the cyber war has changed. Instead of being a tactical element, cyber war is now a full-fledged strategic aspect of the conflict, on both sides. At the outset, Ukraine put out an official call to enlist cyber warriors from around the globe to their cause in what's been called the IT Army of Ukraine. Today we'll look at how this group was formed, how it operates, and what we should...
Published 05/13/24
Google's Chrome browser has dominated the planet - both on desktop computers and mobile devices. Furthermore, many other popular web browsers are actually based on the same Google-made Chromium browser engine, including Microsoft Edge and Brave Browser. This gives Google an inordinate amount of influence on web standards, in particular preventing better privacy protections. We need to support privacy-forward alternatives lest they disappear.
In other news: US passes expanded mass...
Published 05/06/24
AI has been grabbing all the tech headlines, but cryptocurrency is still innovating and changing. One of the primary goals of cryptocurrency was to be decentralized and therefore not controlled by governments like fiat currency. That is about to change. Central Bank Digital Currency (CBDC) is a new type of cryptocurrency that is created and governed by nation states, which comes with serious implications for privacy and global economics. Thankfully I've got cryptocurrency expert Seth for...
Published 04/29/24
You've heard people like me recommend this for years. It's time to just do it: freeze your credit report. There are really no downsides at this point. For example, it's now free everywhere in the US, by law. It's also free to temporarily "thaw" your credit. And it's gotten a lot easier to do, too. Freezing your credit is your main defense against financial identity theft. And with the sheer number of data breaches (like the recent massive AT&T leak), the personal information needed to...
Published 04/22/24
There's a lot of nasty stuff online - things we would prefer our kids not see, at least not until they're mature enough to handle it. Our elected representatives have proposed various regulations to try to protect kids online, and while this is obviously a laudable goal, the devil is always in the details. Many of the proposed solutions have serious negative consequences for both kids and adults, chilling free speech and blocking useful content. I'll discuss the latest iteration of these...
Published 04/15/24
Today I answer some of the most interesting listener questions from the past several months, including: how to do you get SMS 2FA codes while traveling abroad; should I periodically change all my passwords; how do hackers attack IoT devices inside my home network; can a website fingerprint me based on a hardware security key; can you recommend an email client that protects your privacy; if I give my IoT device permission to see my local network, does that include the guest network; how to...
Published 04/08/24
Today I talk with Justin and Jodi Daniels about that state of privacy today, how we can help consumers and companies better understand the importance of privacy and security, and how companies are dealing with these aspects internally. We talk about the state of privacy regulations (or the lack thereof), why companies are failing to protect their customers, and what we can do about that.
Justin and Jodi host a podcast together called She Said Privacy, He Said Security. They've also...
Published 04/01/24
Passwords, two-factor authentication and even passkeys don't matter if you can access someone's account by answering three simple account recovery questions. Also, just about every account today has a way to reset your password, no matter how strong it is, if you can gain access to someone's email account. Until we can remove these weak links, it doesn't matter how secure our regular authentication schemes are.
In the news: old A&T breach data is making the rounds; Apple Silicon...
Published 03/25/24
The United States has no general data privacy laws. However, we do have some sector-specific regulations, including HIPAA for health data. But there are many misconceptions about HIPAA. For example, the "P" in HIPAA does not stand for Privacy - it stands for Portability. So, what information does HIPAA cover? Which healthcare and related service providers are governed by HIPAA? And most importantly, what can you do to protect your medical and health data? Today we'll dive deep into this...
Published 03/18/24
Two-factor authentication (2FA) is a fantastic way to improve the security of your online accounts. However, if you lose access to the device containing your authenticator app, you may lose access to your 2FA-protected accounts. You need to backup the seed codes used to set up each account. I'll give you several methods for doing this.
In the news: FBI uses smartphone push notifications to track down criminals; Roku TVs block all access until users consent to force arbitration; cheap...
Published 03/11/24
With the rise of IoT and tracking technologies (both online and in the real word), we are generating staggering amounts of highly personal information. This massive trove of juicy data has drawn the attention of several interested parties outside the realm of consumer marketing. Like chum in the water, it's created a feeding frenzy from data aggregators as well as from law enforcement and intelligence agencies, both foreign and domestic. The journalists at 404 Media have published several...
Published 03/04/24
Artificial Intelligence is the buzzword of the day. Since the launch of ChatGPT in November 2022, there has been a flood of AI-based tools and services. Many tech firms are racing to build AI into their products without considering the consequences, let alone taking the time to build in guardrails for privacy and security. Today, I'll tell you about some of the risks, how to mitigate them and explain why you should spend some time playing with AI tools so we can understand how they do (and...
Published 02/26/24
Modern cars are chock full of sensors and connected to the internet via built-in cellular modems. That's a recipe for massive data collection. Last September, Mozilla's Privacy Not Included team released a blockbuster report how much data our cars were gathering and it was absolutely staggering. According to the hard-to-find privacy policies, your car can collect extremely personal information including precise location, contact lists from your phone, call and message data, and - believe it...
Published 02/19/24
It's tax time here again in the USA, and therefore it's also time for tax scams. I'll explain how to recognize common tax scams, how to respond to them, how to prevent scammers from taking over your IRS account and even filing fraudulent tax returns in your name.
In other news: the Mother of All Breaches (MOAB) contains 26 billion records; 23andMe is in trouble after massive data breach and pending class action lawsuits; a viral story about a smart toothbrush botnet isn't true... but...
Published 02/12/24
Are Macs really safer than PCs? What should you do to make your Mac more secure? How do you know if your Mac has a virus? And how do you know which security apps you can trust? I'll dig into all of these questions and more today with Mac security guru Patrick Wardle.
Patrick Wardle is the founder of the Objective-See Foundation. Having worked at NASA and the NSA, as well as presented at countless security conferences Patrick is passionate about all things related to macOS security,...
Published 02/05/24
While every week is Data Privacy Week here at Firewalls Don't Stop Dragons, the rest of the world stops to join us in focusing on how and why to protect your personal data. I'll give you some of my top privacy tips and refer you to a lot of top privacy resources.
In the news: Microsoft executives' emails are hacked by a nation-state actor; Facebook is gathering even more data with the help of other companies; a company is using real-time bidding to track us and sell to intelligence...
Published 01/29/24
Drones are everywhere today. Cheap and tiny accelerometers, gyroscopes and processors have allowed us to create drones that anyone can afford and everyone can fly. Drones have been used by law enforcement and military forces, as well - for surveillance but also for killing. With the rapid development of AI technologies, what happens when we make these drones autonomous? What are the implications for privacy and security? I'll discuss this and more with Nick Weaver, computer and cybersecurity...
Published 01/22/24
The new year is here! And I've got a handful of solid tips for you that you should absolutely plan to accomplish in 2024! I also have a lot of news to catch you up on:
23andMe blames its customers for their data breach; Burger King in Brazil using facial recognition to offer discounts based on how hungover you look; Russian agents hack live webcams to hone in on targets in Ukraine; fake celebrity ads for medicare scam on YouTube; Facebook's Link History is a confusing new tracking...
Published 01/15/24
Data breaches are usually produced by hackers looking for financial gain. Data leaks, on the other hand, are usually published by whistleblowers or perhaps accidentally disclosed via negligence. Journalists today are inundated by such data leaks - to the point where specialized tools and techniques are required to parse through the piles of digital detritus to ascertain the value and import that they may represent. Micah Lee has been performing this function for The Intercept for many years,...
Published 01/08/24
Every week, I record a special, private bonus podcast for my patrons. Until today, all of that content was restricted to my supporters. But today I've got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests, along with an episode of my more-technical bonus series I call Merlin's Musings. You'll hear from Josh Corman (CISA and I Am the Cavalry), Ernesto Falcon (EFF and CA Senate candidate), Omega and Deth Veggie (Cult of the Dead Cow), Michael Littman...
Published 01/01/24
Today, I dip back into the archives to bring you a classic interview from the first year of this podcast. In Episode 21 (Aug 2017) I interviewed Ladar Levison, the founder of the secure email service Lavabit. He started Lavabit in 2004 as one of the first truly secure, end-to-end encrypted email services focused on the privacy of users, almost ten years before Proton Mail launched. But when the FBI came (literally) knocking in 2013 asking him to subvert the encryption so that they could...
Published 12/25/23
I've culled through the podcasts from the last year and put together an hour's worth of the best content! Here's a nice little charcuterie sampler of the top interview segments from 2023.
Episode Links
Ep347 (Oct 16) What’s Your Threat Model? https://podcast.firewallsdontstopdragons.com/2023/10/16/whats-your-threat-model/
Ep342 (Sep 18) Your Face Belongs to Us https://podcast.firewallsdontstopdragons.com/2023/09/18/your-face-belongs-to-us/
Ep336 (Aug 7) Cult of...
Published 12/18/23