Episodi

  • The first episode of Firewalls Don't Stop Dragons Podcast aired on March 8, 2017 - almost 8 years ago now. Over that time, I've interviewed over 135 unique and amazing people, covered countless cybersecurity and privacy stories, and offered 100's of tips for protecting your devices and data. To celebrate this momentous occasion, world-renowned cryptography guru Bruce Schneier has returned to for our traditional Podcentennial interview! We discuss several timely topics including the Crowdstrike incident, the pager bombing and supply attacks more generally, US election security, the open market for cyber vulnerabilities, US intelligence agencies' focus on offense versus defense, how AI might actually benefit democracy and much more!



    Interview Notes




    Bruce Schneier’s blog:https://www.schneier.com/ 



    Inrupt’s Solid concept: https://www.inrupt.com/solid 



    Data and Goliath (book): https://www.schneier.com/books/data-and-goliath/ 



    Bruce’s NY Time article on pager bombs: https://www.schneier.com/essays/archives/2024/09/israels-pager-attacks-have-changed-the-world.html 



    Joseph Cox “Anom” interview: https://podcast.firewallsdontstopdragons.com/2024/06/10/anom-the-fbis-phone-company/ 



    WaPo detailed analysis of pager bomb attack: https://www.washingtonpost.com/world/2024/10/05/israel-mossad-hezbollah-pagers-nasrallah/ 



    Restoring Trust in Elections: https://podcast.firewallsdontstopdragons.com/2023/12/11/restoring-trust-in-elections/ 



    Hacking election systems w/ Harri Hursti: https://podcast.firewallsdontstopdragons.com/2021/11/08/restoring-trust-in-our-elections/ 



    Hacker Halted conference info: https://hackerhalted.com/agenda/#day-two-october-31st 




    Further Info




    Help me reach more people! https://fdsd.me/awareness2



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:03:53: Interview setup



    0:06:21: What should we have learned from the Crowdstrike incident?



    0:11:21: Why is it more profitable for products to be brittle?



    0:13:59: Do regulations stifle innovation?



    0:15:27: Should intelligence agencies focus more on cyber offense or defense?



    0:22:29: Should it be legal to buy and sell zero-days on the open market?



    0:26:44: How secure are our election systems today? How do we get people to trust the outcomes?



    0:35:41: What's your take on the arrest of Telegram's CEO?



    0:39:18: How do we convince lawmakers not to subvert encrypted communications?



    0:43:48: How did the exploding pager attack change our views of supply chain security?



    0:49:26: In what ways might AI actually benefit our democracy?



    0:58:03: Should there be any guardrails on AI systems?



    1:01:17: What's next for you? What's the latest on the Solid project?



    1:03:49: Interview wrap-up



    1:07:51: More info for new listeners



    1:13:38: Meet me at Hacker Halted Conference!



    1:14:14: Looking ahead

  • Artificial Intelligence (AI) is the buzzword of the day. There are many types of AI, but one particular flavor is getting a lot of press these days: chatbots. Formally referred to as Large Language Models (LLMs), chatbots like ChatGPT, Claude and Gemini are everywhere - either directly or integrated with other popular apps. This technology is real and it's here to stay, so it's important that we understand what it is, how it works, and what the limitations are. Today I'll explore some aspects of LLMs that you probably weren't aware of.In other news: critical, exploited Firefox bug is fixed (update now!); National Public Data files for bankruptcy after massive breach; hackers target Qualcomm chip zero-day used in many Android phones; China attackers exploit legally-mandated wiretapping backdoor in major telecom systems; new FIDO standard proposed for allowing passkeys to be exported and backed up; a PSA on why you shouldn't share personal information with AI chatbots.Article Links[The Hacker News] Mozilla Warns of Active Exploitation in Firefox, Urges Users to Update Immediately https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html[therecord.media] National Public Data files for bankruptcy, citing fallout from cyberattack https://therecord.media/national-public-data-bankruptcy-cyberattack[techcrunch.com] Hackers were targeting Android users with Qualcomm zero-day https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/[pluralistic.net] China hacked Verizon, AT&T and Lumen using the FBI’s backdoor https://pluralistic.net/2024/10/07/foreseeable-outcomes/[appleinsider.com] Future Passkeys will be able to be shared across platforms & password vaults https://appleinsider.com/articles/24/10/15/future-passkeys-will-be-able-to-be-shared-across-platforms-password-vaults[9to5mac.com] PSA: Here’s another reason not to include personal details in AI chats https://9to5mac.com/2024/10/17/psa-heres-another-reason-not-to-include-personal-details-in-ai-chats/Tip of the Week: Understanding AI ChatbotsFurther InfoHelp me reach more people! https://fdsd.me/awareness2Privacy Not Included chatbot privacy guide: https://foundation.mozilla.org/en/privacynotincluded/articles/how-to-protect-your-privacy-from-chatgpt-and-other-ai-chatbots/Gandalf AI game: https://gandalf.lakera.ai/baseline Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:01:01: Google finally killing uBlock Origin0:04:07: News preview0:05:54: Mozilla Warns of Active Exploitation in Firefox0:08:55: National Public Data files for bankruptcy0:14:42: Hackers were targeting Android users with Qualcomm zero-day0:19:14: China hacked Verizon, AT&T and Lumen using the FBI’s backdoor0:26:10: Future Passkeys will be able to be shared across platforms & password vaults0:31:08: Here’s another reason not to include personal details in AI chats0:37:40: Tip of the Week: Understanding Chatbots0:55:55: Wrapping up0:56:35: Celebrating 400 episodes!

  • Episodi mancanti?

    Fai clic qui per aggiornare il feed.

  • L0pht Heavy Industries (pronounced "loft") was one of the most influential hacker groups in history. Unlike many others, L0pht carefully cultivated a relationship with mass media, sold profitable products, started businesses, and even testified before the US Senate. Cris Thomas, aka Space Rogue, was one of the earliest members of the L0pht and he recently published a book chronicling the groups long and storied history called Space Rogue: How the Hackers Known As L0pht Changed the World. Today I sit down with Cris to discuss that history and the impacts that the L0pht and other hacker groups have had on all of us.



    Interview Notes




    Space Rogue’s website: https://www.spacerogue.net/



    L0pht homepage: https://l0pht.com/ 



    L0phtCrack: https://www.l0phtcrack.com/ 



    Textfiles.com: http://textfiles.com/ 



    L0phy testimony: https://www.youtube.com/watch?v=VVJldn_MmMY 



    Charlie Rose “Hackers” interview: https://www.youtube.com/watch?v=zbTkOuPv2fo 



    PicoCTF: https://www.picoctf.org/ 



    Hack the Box: https://help.hackthebox.com/en/articles/5200851-introduction-to-ctfs 




    Further Info




    Help me reach more people! https://fdsd.me/awareness2



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:23: Episode 400 coming soon!



    0:01:16: Interview setup



    0:03:49: Tell us about your book



    0:04:52: What is your origin story? How'd you get into hacking?



    0:08:15: How often did you meet your fellow hackers in person?



    0:10:49: How did the L0pht get started?



    0:15:39: What was the reaction when you "come out" as a hacker to friends and family?



    0:20:02: How much did different hacker groups interact back in the day?



    0:23:19: L0pht cultivated a relationship with the media - how did that affect the dynamic?



    0:28:19: What's the history behind the infamous L0phtCrack password tool?



    0:35:36: What was it like testifying in front of the US Senate?



    0:38:32: How did you get away with testifying under your hacker names?



    0:45:29: How did Hacker News Network come to be?



    0:52:06: How did we avoid a hacker cyber war against China in the late 90s?



    0:57:15: Which of L0pht's many achievements are you most proud of?



    0:59:40: What advice would you give to someone wanting to get into cybersecurity?



    1:05:39: What's next for you?



    1:06:23: Patron bonus content preview



    1:06:52: Post-interview notes



    1:08:36: Looking ahead

  • Sometimes it’s obvious when your accounts are hacked. Maybe your money is gone. Maybe you can no longer log in using the password you know is correct. Maybe everyone you know has gotten a scam email from you that you didn’t send. But sometimes bad guys aren’t so obvious. They may lurk around in your accounts to gather information for identity theft or in hopes of gaining access to other more lucrative accounts. I'll tell you how to find out.In other news: CA governor vetoes opt-out signal bill but signs car privacy bill; 23andMe is in trouble and your data may be, too; PayPal opted you into data sharing without asking; Kaspersky deletes itself and installs UltraAV without asking; 100 million Americans had background data leaked; researchers add facial recognition tech to Meta's smart glasses; NIST updates password rules to with common sense changes; US & Microsoft seize 100+ web domains used by Russian hackers.Article Links[Ars Technica] Calif. Governor vetoes bill requiring opt-out signals for sale of user data https://arstechnica.com/tech-policy/2024/09/calif-gov-vetoes-attempt-to-require-new-privacy-option-in-browsers-and-oses/ [Teach Privacy] Bankruptcy Sale of DNA Data: From Toysmart to 23andMe https://teachprivacy.com/bankruptcy-sale-of-dna-data-from-toysmart-to-23andme/ [404 Media] Paypal Opted You Into Sharing Data Without Your Knowledge https://www.404media.co/paypal-personalized-shopping-opt-out/ [Bleeping Computer] Kaspersky deletes itself, installs UltraAV antivirus without warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ [Tom’s Guide] 100 million Americans just had their background check data exposed https://www.tomsguide.com/computing/online-security/100-million-americans-just-had-their-background-check-data-exposed-online-how-to-stay-safe [404 Media] Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers https://www.404media.co/someone-put-facial-recognition-tech-onto-metas-smart-glasses-to-instantly-dox-strangers/ [Ars Technica] NIST proposes barring some of the most nonsensical password rules https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ [The Record] California passes car data privacy law to protect domestic abuse survivors https://therecord.media/california-car-data-privacy-law-domestic-abuse-tracking [Semafor] US, Microsoft seize more than 100 websites used by Russian hackers https://www.semafor.com/article/10/03/2024/us-microsoft-seize-more-than-100-websites-used-by-russian-hackers Tip of the Week: Indicators of Account Compromise: https://firewallsdontstopdragons.com/indicators-of-account-compromise/ Further InfoHelp me reach more people! https://fdsd.me/awareness2Treasure Chest promotion: https://firewallsdontstopdragons.com/treasure-coin-promo/ How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ My article on removing your data from the web: https://firewallsdontstopdragons.com/osint-remediation/ CISA Cybersecurity Awareness Month resources: https://www.cisa.gov/resources-tools/resources/secure-our-world-resources-cybersecurity-awareness-month-2024-toolkit Stay Safe Online CAM site: https://staysafeonline.org/programs/cybersecurity-awareness-month/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents

  • Two security researchers showed how many modern VPN services are vulnerable to malicious misconfiguration, exposing some or all of your internet traffic. While this is not likely to impact most of us, it does expose the limitations of Virtual Private Networks and why they are not silver bullets for security of privacy - despite many marketing claims to the contrary. Today we'll discuss how TunnelVision works, how it can be mitigated, and how this affects different privacy threat models with the two researchers from Leviathan Security, Dani Cronce and Lizzie Moratti.



    Interview Notes




    Lizzie Moratti: https://www.linkedin.com/in/lmoratti/ 



    Dani Cronce: https://www.linkedin.com/in/danicronce/ 



    TunnelVision: https://www.tunnelvisionbug.com/ 



    ProtonVPN threat model: https://protonvpn.com/blog/threat-model 



    Dani’s GitHub: https://github.com/superit23 



    Leviathan Security blog: https://www.leviathansecurity.com/blog 



    Veilid: https://veilid.com/ 



    Willy Wonka scene: https://www.youtube.com/watch?v=pvS3j8VtanM 



    Linux network namespaces: https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/ 



    What is DeFi? https://www.investopedia.com/decentralized-finance-defi-5113835 




    Further Info




    Help me brainstorm ways to reach more people!: https://fdsd.me/awareness2 



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:01:23: Reminder: brainstorming survey



    0:01:47: Podcast chapter markers!



    0:02:54: Interview setup



    0:05:55: What is a VPN and what isits intended purpose?



    0:10:27: If most connections are secured today, why do we need a VPN?



    0:12:40: Why do we trust a VPN provider more than our internet access provider?



    0:17:40: What are you trying to do with a VPN?



    0:19:13: Who can see my internet traffic?



    0:25:30: What is TunnelVision and what are the implications for VPN users?



    0:29:42: What's a less technical way to understand TunnelVision?



    0:33:06: Why might I not want all my traffic to go through the VPN?



    0:35:02: How dangerous is TunnelVision for the average person?



    0:42:30: How did the VPN companies respond?



    0:51:19: What VPN features can mitigate the risk?



    0:57:42: Have any VPN makers fixed this problem? Do OS vendors have responsibility here?



    1:02:11: Do you have recommendations for VPNs? Is there new tech that might help here?



    1:04:00: Would privacy regulations help here?



    1:06:24: What are you working on next?



    1:08:51: Interview wrap-up



    1:13:31: Looking ahead

  • We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices.



    In other news: I explain why most people are not in danger of their devices blowing up; a new Windows phishing campaign uses fake CAPTCHAs and PowerShell; LinkedIn started training their AI on your data before telling you how to opt out; Oracle's CEO touts his vision of ubiquitous AI surveillance; Ford seeks a patent to show you ads in your vehicle based on your conversations and other private data; Meta admits to scraping public Instagram and Facebook posts to train its AI; four great new iOS 18 privacy and security features; Apple Intelligence servers are very basic, for a reason; and the FBI shuts down a massive Chinese botnet.



    Article Links




    [WIRED] Your Phone Won’t Be the Next Exploding Pager https://www.wired.com/story/exploding-pagers-hezbollah-phones/



    [briankrebs] This Windows PowerShell Phish Has Scary Potential https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/



    [404media.co] LinkedIn Is Training AI on User Data Before Updating Its Terms of Service https://www.404media.co/linkedin-is-training-ai-on-user-data-before-updating-its-terms-of-service/



    [theregister.com] Ellison declares Oracle 'all in' on AI mass surveillance https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/



    [therecord.media] Ford seeks patent for tech that listens to driver conversations to serve ads https://therecord.media/ford-patent-application-in-vehicle-listening-advertising



    [9to5Mac] Meta scraped all public Facebook and Instagram posts since 2007 for AI training https://9to5mac.com/2024/09/11/meta-scraped-all-public-facebook-and-instagram-posts-since-2007-for-ai-training/



    [TechRadar] I'm a privacy expert—here are the 4 iOS 18 features I'm excited about https://www.techradar.com/phones/im-a-privacy-experthere-are-the-4-ios-18-features-im-excited-about



    [9to5Mac] Apple Intelligence servers are really basic, says Craig Federighi – and that’s deliberate https://9to5mac.com/2024/09/12/apple-intelligence-servers-are-really-basic-says-craig-federighi-and-thats-deliberate/



    [Gizmodo] FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627



    Tip of the Week: Malware Reboot Remedy




    Further Info




    Awareness Campaign Phase 2!: https://fdsd.me/awareness2 



    LinkedIn privacy settings: https://www.linkedin.com/mypreferences/d/categories/privacy 



    Test your ad blocker(s): https://d3ward.github.io/toolz/adblock.html 



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:31: Update Apple devices



    0:01:36: Awareness Campaign teaser



    0:02:04: News rundown



    0:04:08: Your Phone Won’t Be the Next Exploding Pager



    0:08:00: This Windows PowerShell Phish Has Scary Potential



    0:12:34: LinkedIn Trains AI on Your Data Before Updating Its ToS



    0:16:41: Ellison declares Oracle 'all in' on AI mass surveillance



    0:20:15: Ford seeks patent for tech that listens to ...

  • You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We'll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections.



    Interview Notes




    Try Tuta! https://tuta.com/ 



    Tuta’s quantum-safe crypto: https://tuta.com/blog/post-quantum-cryptography 



    Quantum mechanics: https://en.wikipedia.org/wiki/Quantum_mechanics 



    Schrödinger's cat:  https://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat 



    NIST post-quantum standards: https://csrc.nist.gov/projects/post-quantum-cryptography 



    NSA pays RSA to weaken encryption?: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/ 



    Longer passwords are better: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/ 



    Privacy Guides on Proton Wallet: https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/#why-does-this-exist 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:02:50: Some terminology first



    0:07:33: What is quantum computing and what's it good for?



    0:16:25: What are the currrent capabilities of quantum computers?



    0:22:02: How long have we been working on quantum computers?



    0:25:01: If QC is still so far off, why do we need to prepare now?



    0:30:53: How do we design encryption to make it safe against quantum computers?



    0:36:10: How can we be sure that the NSA isn't buillding backdoors into these algorithms?



    0:41:11: Will post-quantum algorithms replace current ones or augment them?



    0:45:51: How soon will quantum-safe crypto be roled out?



    0:52:42: Who will be able to own and operate these quantum computers?



    0:54:45: Are law enforcement agencies pushing back against quantum-safe crypto?



    1:00:34: Who is more likely to win: coder makers or code breakers?



    1:04:24: Wrap-up



    1:05:55: Looking ahead

  • Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase - like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread.



    In other news: Telegram's CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it's really not; if you think ads and tracking are bad now, wait till you hear all the ways modern TVs are monetizing their users; sextortion scams are using some new techniques to scam their victims; consumer groups have lobbied the FTC to create clear guidance on 'software tethering'; and California just approved a new privacy bill that will finally require companies to honor universal opt-out signals from apps and browsers.



    Article Links




    BBC] Telegram CEO Pavel Durov arrested at French airport https://www.bbc.com/news/articles/ckg2kz9kn93o



    [blog.cryptographyengineering.com] Is Telegram really an encrypted messaging app? https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/



    [Ars Technica] Your TV set has become a digital billboard. And it’s only getting worse. https://arstechnica.com/gadgets/2024/08/tv-industrys-ads-tracking-obsession-is-turning-your-living-room-into-a-store/



    [briankrebs] Sextortion Scams Now Include Photos of Your Home https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/



    [advocacy.consumerreports.org] Consumer Reports, U.S. PIRG, and 15 other groups call on FTC to create clear guidance for ‘software tethering’ https://advocacy.consumerreports.org/press_release/ftc-software-tethering/



    [Dark Reading] California Approves Privacy Bill Requiring Opt-Out Tools https://www.darkreading.com/data-privacy/california-privacy-bill-require-opt-out-tools



    Tip of the Week: Spotting Fake News https://firewallsdontstopdragons.com/the-truth-is-out-there/ 




    Further Info




    My series on deleting your public data online: https://firewallsdontstopdragons.com/osint-reconnaissance/



    Enabling Global Privacy Control (GPC): https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ 



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:02:14: News preview



    0:05:22: Telegram CEO Pavel Durov arrested at French airport



    0:09:47: Is Telegram really an encrypted messaging app?



    0:19:57: Your TV set has become a digital billboard. And it’s only getting worse.



    0:41:25: Sextortion Scams Now Include Photos of Your Home



    0:48:06: Consumer groups call on FTC to create clear guidance for ‘software tethering’



    0:54:33: California Approves Privacy Bill Requiring Opt-Out Tools



    0:59:22: Tip of the Week: Dealing with Misinformation



    1:11:36: Looking ahead

  • Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the 'compromised machine' threat model.



    Interview Notes




    Proton Docs: https://proton.me/blog/docs-proton-drive 



    Proton Wallet: https://proton.me/blog/proton-wallet-launch 



    Proton Scribe: https://proton.me/blog/proton-scribe-writing-assistant 



    Proton Foundation: https://proton.me/blog/proton-non-profit-foundation 



    Techlore on Proton Wallet: https://www.youtube.com/watch?v=tESbBM2LZHM&t=1922s 



    Seth for Privacy’s Andy Yen interview: https://optoutpod.com/episodes/protonwallet-andy-yen/ 



    My interview on Easy Prey Podcast: https://www.easyprey.com/firewalls-dont-stop-dragons-with-carey-parker/



    Techlore: https://www.techlore.tech/



    Privacy Guides: https://www.privacyguides.org/ 



    The New Oil: https://thenewoil.org/ 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:01:18: Interview setup



    0:04:18: Why did you release so many new products all at once?



    0:05:53: Did you develop Proton Docs from scratch? Will we get Proton Sheets, too?



    0:10:09: What drove you to add AI features? How do you maintain privacy with AI?



    0:17:07: Why did Proton feel the need to create another cryptocurrency wallet?



    0:21:37: Who is the target audience for Proton Wallet?



    0:28:38: As a privacy company, why go with Bitcoin, which is not really private?



    0:39:34: Will you support Monero or Zcash?



    0:40:40: Why did you restructure Proton as a foundation? What's the impact of this?



    0:45:41: How is this new foundation different from others like Mozilla or Tor?



    0:47:59: Would Proton ever consider acquiring Mozilla to save Firefox?



    0:55:43: Does TunnelVision affect Proton VPN? How can we improve VPNs generally?



    1:01:35: Signal was bashed for not encrypting local keys. How does Proton handle this?



    1:05:25: What's coming next from Proton?



    1:07:48: Interview wrap-up



    1:10:54: Couple updates on Wallet, Scribe availability



    1:11:50: Recommending other great privacy resources and Proton discussions



    1:12:53: Upcoming shows



    1:14:29: Upcoming podcast awareness campaign

  • The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not.



    In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing" and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services.



    Article Links




    [Reuters] Illinois governor approves business-friendly overhaul of biometric privacy law https://www.reuters.com/legal/government/illinois-governor-approves-business-friendly-overhaul-biometric-privacy-law-2024-08-05/



    [TechCrunch] US appeals court rules geofence warrants are unconstitutional https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/



    [Electronic Frontier Foundation] To Fight Surveillance Pricing, We Need Privacy First https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first



    [ftc.gov] Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials



    [natlawreview.com] CFPB Forecasts New Rule Cracking Down on Consumer Data Sales https://natlawreview.com/article/cfpb-forecasts-new-rule-cracking-down-consumer-data-sales



    [Los Angeles Times] Hackers may have stolen the Social Security numbers of every American. How to protect yourself https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number



    [troyhunt.com] Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/



    [consumerreports.org] Evaluating People-Search Site Removal Services https://innovation.consumerreports.org/new-report-data-defense-evaluating-people-search-site-removal-services/



    Tip of the Week: OSINT Final Steps https://firewallsdontstopdragons.com/osint-final-steps/ 




    Other Helpful Links




    Have I Been Pwned: https://haveibeenpwned.com/ 



    NPD Data Breach search tool: https://npd.pentester.com/ 



    Privacy Guides data removal tools: https://www.privacyguides.org/en/data-broker-removals/ 



    Techlore video on data removal: https://www.youtube.com/watch?v=tESbBM2LZHM 



    Google’s Results About You: https://myactivity.google.com/results-about-you?pli=1 



    How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/



    How and why to plant your flag: https://firewallsdontstopdragons.com/why-you-need-to-plant-your-flag/ 



    Strong passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  



    Backing up 2FA codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/ 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:04:00: News preview



    0:06:33: Illinois governor approves business-friendly overhaul of biometric privacy law



    0:11:18: US appeals court rules geofence warrants are unconstitutional
    ...

  • Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla's Privacy Not Included team who recently published a full report on this topic.



    Interview Notes




    Privacy Not Included report on dating apps: https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/ 



    Mozilla Foundation: https://foundation.mozilla.org/en/?form=donate-header 



    Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/ 



    Falling out of love with dating apps: https://www.theguardian.com/lifeandstyle/2023/oct/28/its-quite-soul-destroying-how-we-fell-out-of-love-with-dating-apps 



    Using dating apps to locate someone: https://www.techradar.com/pro/privacy-flaw-in-top-dating-apps-could-have-revealed-user-location-down-to-2-metres 



    How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:57:02: Wrap-up and looking ahead



    0:02:06: Freeze your credit!



    0:04:19: How do modern dating apps work, exactly?



    0:08:19: How do they find compatible matches?



    0:10:34: Do these apps require constant access to your current location?



    0:14:50: How much information used by these apps is inferred vs explicitly requested?



    0:17:59: Do these apps use inferred data to weed out bad actors?



    0:20:36: How did you decide which apps to evaluate?



    0:23:54: What were your key takeaways and most alarming findings?



    0:25:57: Do apps owned by the same parent company have similar privacy policies?



    0:27:28: How transparent are these apps about sharing your data?



    0:29:08: Was there any correlation between app cost and monetizing your data?



    0:31:20: Are dating apps better about securing your personal data?



    0:33:53: Do any of the dating apps offer end-to-end encryption of DMs?



    0:35:40: Do these services try to keep you from leaving the app?



    0:39:03: Once you find a match, can you get a refund for unused subscription time?



    0:40:28: How do new AI features on dating apps affect your privacy?



    0:43:30: Have there been any major dating service data breaches?



    0:45:05: How bad are these apps for romance scams like 'big butchering'?



    0:47:10: If I still want to use a dating app, how do I maximize my privacy?



    0:51:19: Can I use a service on the web only (no app)? Can I delete my data?



    0:54:20: How well do dating apps actually work, in terms of finding a mate?

  • It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web.



    In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly.



    Article Links




    [404media.co] Hotel to Search Rooms During DEF CON Hacking Conference https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/



    [AppleInsider] Apple has closed an ancient macOS Safari security hole https://appleinsider.com/articles/24/08/07/apple-has-closed-an-ancient-macos-safari-security-hole



    [therecord.media] NFL to roll out facial authentication software league-wide https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide



    [therecord.media] Ford wants patent for tech allowing cars to surveil and report speeding drivers https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police



    [The New York Times] Automakers Sold Driver Data for Pennies, Senators Say https://www.nytimes.com/2024/07/26/technology/driver-data-sold-for-pennies.html



    [9to5Mac] Border agents cannot search smartphones without a warrant, rules federal court https://9to5mac.com/2024/07/29/cannot-search-smartphones-without-a-warrant/



    [AppleInsider] Judge rules Google is a search and advertising monopoly https://appleinsider.com/articles/24/08/05/judge-rules-that-google-is-a-search-and-advertising-monopoly



    Tip of the Week: OSINT Remediation https://firewallsdontstopdragons.com/osint-remediation/ 




    Further Info




    BSides Las Vegas: https://bsideslv.org/ 



    DEF CON 32: https://defcon.org/html/defcon-32/dc-32-index.html



    UnDisruptible27:  https://securityandtechnology.org/undisruptable27/



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:01:26: Summer Camp Highlights



    0:10:25: Hotel to Search Rooms During DEF CON



    0:15:14: Apple has closed an ancient macOS Safari security hole



    0:20:00: NFL to roll out facial authentication software league-wide



    0:26:25: Ford wants patent for tech allowing cars to surveil and report speeding drivers



    0:29:38: Automakers Sold Driver Data for Pennies, Senators Say



    0:32:46: Border agents cannot search smartphones without a warrant,



    0:36:44: Judge rules Google is a search and advertising monopoly



    0:40:52: Tip of the Week: OSINT Remediation



    0:54:25: EFF Tech Trivia update

  • Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different than the others.



    Interview Notes




    Jack Daniel: https://www.linkedin.com/in/jackadaniel/ 



    BSides official site: https://bsides.org/ 



    BSides Las Vegas (part of hacker summer camp): https://bsideslv.org/ 



    InfoSecMap: https://infosecmap.com/ 



    Cult of the Dead Cow interview: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/ 



    Jeff Moss interview #1: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/ 



    Jeff Moss interview #2: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/ 



    CackalackyCon: https://cackalackycon.org/ 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:01:49: Interview lingo



    0:04:05: How did you get into the world of cybersecurity and hacking?



    0:12:40: Why did you start BSides?



    0:17:43: What were some of the first BSides talks like?



    0:21:42: What are the founding principles of BSides?



    0:28:00: What approval do you need to start a BSides conference?



    0:34:44: How have other hacker conferences influenced BSides and vice versa?



    0:36:53: Is there a beef between BSides and Black Hat?



    0:38:58: What's your connection with ShmooCon?



    0:42:42: How have hackers and these conferences changed since the old days?



    0:47:40: Discussion on responsible disclosure



    0:50:39: Two different kinds of presenters



    0:54:02: You might be a hacker if...



    1:01:30: What's the best way to find a local hacker conference?



    1:06:50: BSides is about community



    1:08:29: Interview wrap-up



    1:11:19: Patron content



    1:11:53: Looking ahead

  • Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I'm not going to hold my breath. I'll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future.In other news: Google finally throws in the towel on blocking third-party cookies; a private organization claims to have gained access to advertising-based location data on Trump's shooter; Republican VP candidate JD Vance forgets to make his Venmo data private; leaked docs show what phones Cellebrite can and can't hack; Meta takes down thousands of accounts related to sextortion ring; and for my Tip of the Week, we'll tackle part 1 of my article on deleting your public data from the web.Article Links[AppleInsider] Google gives up on Chrome plan to ditch third-party cookies https://appleinsider.com/articles/24/07/23/google-gives-up-on-chrome-plan-to-ditch-third-party-cookies[404media.co] Heritage Foundation Claims to Use Location Data to Track Trump Shooter's Movements https://www.404media.co/heritage-foundation-claims-to-use-location-data-to-track-trump-shooters-movements/[9to5Mac] J.D. Vance Venmo connections public, as privacy failing still in place six years later https://9to5mac.com/2024/07/19/jd-vance-venmo-connections-public/[404media.co] Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/[The Washington Post] Meta takes down thousands of Facebook, Instagram accounts running sextortion scams from Nigeria https://www.washingtonpost.com/business/2024/07/24/meta-nigeria-sextortion-scam-instagram-facebook/fce496c6-49b8-11ef-9149-c75da5dd9201_story.html[Schneier Blog] The CrowdStrike Outage and Market-Driven Brittleness https://www.schneier.com/blog/archives/2024/07/the-crowdstrike-outage-and-market-driven-brittleness.htmlTip of the Week:OSINT Reconnaissance: https://firewallsdontstopdragons.com/osint-reconnaissance/ Further InfoBook surge results: https://fdsd.me/booksurge Moxie Marlinspike (Signal) on Cellebrite vulnerabilities: https://signal.org/blog/cellebrite-vulnerabilities/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:51: AT&T breach update0:01:44: News rundown0:03:56: Google gives up on Chrome plan to ditch third-party cookies0:08:28: Group Claims to Use Location Data to Track Trump Shooter's Movements0:13:42: J.D. Vance Venmo connections public0:19:28: Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock0:27:35: Meta takes down thousands of accounts running sextortion scams0:31:21: Lessons from the CrowdStrike Outage0:44:52: Tip of the Week: OSINT Reconnaissance0:55:20: Book surge report0:57:06: More help will be needed0:58:10: Looking ahead

  • If someone decided to dig into your life - perhaps even try to 'dox' you - how might they go about doing that? What could they find about you right now on the internet? You might be surprised at how much information is readily available from public sources, including your local government agencies and state databases. Today I'll be talking with Jason Edison from Intel Techniques whose day job is using open source intelligence, or OSINT, to find suspected criminals and whose night job is helping people remove that same information to protect their privacy and even personal security.



    Interview Notes




    Intel Techniques: https://inteltechniques.com/ 



    Data Removal Guide: https://inteltechniques.com/workbook.html 



    Data Removal Workbook (PDF): https://inteltechniques.com/data/workbook.pdf 



    Credit Freeze Guide: https://inteltechniques.com/freeze.html 



    MySudo privacy app: https://mysudo.com/



    SimpleLogin (Proton) email aliases: https://simplelogin.io/



    Private credit cards: https://privacy.com/  




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:41: Interview setup



    0:02:34: What do you do for your day job in law enforcement?



    0:05:17: What is open source intelligence, exactly?



    0:08:41: What are your primary sources for OSINT?



    0:12:01: What is doxing and how might it impact someone?



    0:14:56: How does an OSINT specialist also value personal privacy?



    0:22:36: How do others in law enforcement view data collection and privacy?



    0:28:36: When emotional cases arise, do officials favor privacy rights over catching bad guys?



    0:33:32: How do we balance privacy rights vs public safety?



    0:39:19: How would you do a full workup on someone?



    0:45:18: Where do people overshare or give away the most personal information?



    0:52:31: How much of my personal information is available via public records?



    0:56:43: Will tooks like AI help us find the needles in the haystacks?



    1:00:56: What about data deletion services - are they worth it?



    1:07:51: How useful are email and phone aliases for privacy?



    1:11:17: How do you prove your identity to deletion sites without giving more info?



    1:17:10: What tools can I find at Intel Techniques?



    1:19:00: My data deletion journey

  • Ads on the web are beyond annoying - they are actually a threat to your privacy and sometimes even your security. Ads pay for a lot of the "free" web content we consume, but until ad networks stop tracking us and selling ad space to phishing and malware groups, we need tools to block them. Today I'll give you two solid options for doing so.In the news: Australian man charged for WiFi scam on flights; Airbnb reveals 35,000 complaints about hidden cameras; Linksys routers expose WiFi credentials; a massive new hacker list contains 10 billion unique passwords; a new AT&T call and text records data breach; Signal gets flak for response to storing encryption keys in the clear; Mozilla launches "privacy-preserving" ad attribution system (on by default); Proton launches encrypted Google Docs competitor.Article Links[The Hacker News] Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights https://thehackernews.com/2024/07/australian-man-charged-for-fake-wi-fi.html[9to5Mac] 35,000 complaints about hidden cameras in Airbnb properties https://9to5mac.com/2024/07/10/hidden-cameras-in-airbnb-properties/[stackdiary.com] Linksys Velop routers send Wi-Fi passwords in plaintext to US servers https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/[cybernews.com] RockYou2024: 10 billion passwords leaked in the largest compilation of all time https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/[TechCrunch] What the AT&T call records data breach means for you https://techcrunch.com/2024/07/12/what-the-att-call-records-data-breach-means-for-you/[stackdiary.com] Signal under fire for storing encryption keys in plaintext https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/[Mozilla] Privacy-Preserving Attribution https://support.mozilla.org/en-US/kb/privacy-preserving-attribution[Lifehacker] Why You Should Consider Proton Docs Over Google https://lifehacker.com/tech/why-you-should-consider-proton-docs-over-googleTip of the Week: How & Why to Block Ads https://firewallsdontstopdragons.com/how-and-why-to-block-ads/ Further InfoEnter the DEF CON 32 ticket raffle: send email to [email protected] NextDNS tutorial: https://www.youtube.com/watch?v=WUG57ynLb8I Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:21: Book surge report0:03:00: News rundown0:05:06: Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights0:09:50: 35,000 complaints about hidden cameras in Airbnb properties0:15:31: Linksys Velop routers send Wi-Fi passwords in plaintext to US servers0:20:29: 10 billion passwords leaked in the largest compilation of all time0:26:51: What the AT&T call records data breach means for you0:32:37: Signal under fire for storing encryption keys in plaintext0:47:24: Mozilla's new Privacy-Preserving Attribution0:58:58: New: Proton Docs!1:00:18: Tip of the Week: How & Why to Block Ads1:12:41: Wrap up1:13:01: Book surge report1:15:25: DEF CON 32 ticket raffle!1:17:48: Looking ahead

  • We're generating a ridiculous amount of data every day. Much of it is highly personal and that's dangerous. But there are actually several Privacy Enhancing Technologies that may allow us to use this personal data to improve our collective quality of life without ruining the privacy of the data subjects. I'll be discussing these PETs with Irene Knapp who spent five years working in the privacy department at Google. I will also spend a good bit of time asking them about what it's like working at Google and get some insights about the company's approach to privacy from the inside. (Spoiler: it's not good.)



    Interview Notes




    Internet Safety Labs: https://internetsafetylabs.org/about-us/ 



    Irene’s Google departure post: https://medium.com/@Irenes/on-the-occasion-of-leaving-google-b8c7029c8d8b 



    Coworker.org: https://coworker.org 



    Google loses privacy chief: https://www.techspot.com/news/103268-google-privacy-chief-head-competition-law-leaving-not.html 




    Further Info




    BOOK SURGE!! https://fdsd.me/booksurge 



    Send me your questions! https://fdsd.me/qna 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:01:40: Interview setup



    0:03:56: What is Internet Safety Labs and what do you do there?



    0:05:45: Why do we not have liability in the software industry?



    0:07:02: How did you come to work for Google and what was your experience like there?



    0:07:58: What caused you to eventually leave?



    0:10:26: How did private policy evolve while you were at Google?



    0:12:36: What was happening in Google that impeded your efforts?



    0:19:19: How does Google compare to other companies like Facebook?



    0:20:56: What's your take on Google's new Privacy Sandbox technology?



    0:27:24: Can we do some good with all the data we're collecting?



    0:33:51: From where do we derive a legal right to privacy?



    0:35:10: How does differential privacy work?



    0:38:49: Where might we use differential privacy?



    0:41:59: What is homomorphic encryption and how does it work?



    0:44:47: Are there any other promising PETs?



    0:46:49: How do zero knowledge proofs work?



    0:49:20: Which of the PETs seem most promising right now?



    0:51:20: Do we need privacy regulations to save us here?



    0:56:19: What's next for you?



    0:58:31: Interview wrap-up



    1:00:52: BOOK SURGE!!

  • We've talked about how to backup your local device data and how to back up data that is primarily stored in the cloud. But there's a lot of important, irreplaceable data we take for granted: data owned by others. This might be shared online photo albums, cloud document collaborations, eBooks and other digital media, and even websites you frequently rely on. Today we'll talk about how you can make local copies of these files in case they should ever go offline.



    In other news: European politicians' personal details exposed online; Proton transitions to non-profit corporate structure; lawsuit claims Microsoft tracked sex toy purchases; online ID verification service exposed drivers licenses; new Mac info-stealer served up by Google Ads; law enforcement is spying on Americans' mail; new ALPR vulnerabilities prove it's a public safety threat; UK hospital hack leaks 300M patient records; US bans Kaspersky software; Sonos removes promise not to sell its users' data; Mozilla buys a 'privacy-centric' ad firm.



    Article Links




    [proton.me] Cyber house of cards – Politicians’ personal details exposed online https://proton.me/blog/politicians-exposed-dark-web



    [proton.me] Proton is transitioning towards a non-profit structure https://proton.me/blog/proton-non-profit-foundation



    [404media.co] Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/



    [404media.co] ID Verification Service for TikTok, Uber, X Exposed Driver Licenses https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/



    [Ars Technica] Mac users served info-stealer malware through Google ads https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/



    [The Washington Post] Law enforcement is spying on thousands of Americans’ mail, records show https://www.washingtonpost.com/technology/2024/06/24/post-office-mail-surveillance-law-enforcement/



    [Electronic Frontier Foundation] New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat https://www.eff.org/deeplinks/2024/06/new-alpr-vulnerabilities-prove-mass-surveillance-public-safety-threat



    [TechCrunch] US bans sale of Kaspersky software citing security risk from Russia  https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/



    [AppleInsider] Sonos removes a promise to not sell personal data, gets busted by users https://appleinsider.com/articles/24/06/15/sonos-removes-a-promise-to-not-sell-personal-data-gets-busted-by-users



    [theregister.com] What's up with Mozilla buying ad firm Anonym? It's all about 'privacy-centric advertising' https://www.theregister.com/2024/06/18/mozilla_buys_anonym_betting_privacy/



    Tip of the Week: Backing Up Other Data https://firewallsdontstopdragons.com/how-to-backup-other-data/ 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:25: Book blitz coming soon



    0:00:55: Dear Carey reminder



    0:01:38: Bitwarden bug fixed



    0:02:28: News rundown



    0:04:22: EU politicians’ personal details exposed online



    0:10:37: Proton adopts non-profit structure



    0:15:15: Lawsuit Claims Microsoft Tracked Sex Toy Shoppers



    0:19:28: ID Verification Service Exposed Driver Licenses



    0:27:38: Mac users served info-stealer malware through Google ads



  • Every day, we generate tons of digital exhaust: our web browsing, GPS location, online and in-store purchases, emails and messages, social media posts and feed viewing habits, and much, much more. Online marketers and data brokers have been living off these breadcrumbs for years. The intelligence and law enforcement agencies have found this data to be incredibly revealing, and they can buy most of this data on the open market without requiring any sort of warrant - and they have. This has important implications for democratic societies that value privacy and freedom. I'll discuss how this mass surveillance works and what it means for all of us with Byron Tau, author of the book "Means of Control".



    Interview Notes




    Means of Control: https://www.amazon.com/Means-Control-Alliance-Government-Surveillance/dp/0593443225 



    Byron Tau at NOTUS: https://www.notus.org/byron-tau 



    Puking Monkey’s DEF CON presentation: https://www.youtube.com/watch?v=T43Ti7c11lY 



    Make your EZ Pass “moo”: https://hackaday.com/2013/09/16/modified-e-zpass-detects-reads-far-from-toll-booths/ 



    Official US policy on collecting public info on citizens: https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2024/3815-odni-releases-ic-policy-framework-for-commercially-available-information 




    Further Info




    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:58: Update your Windows PCs



    0:01:32: Interview setup



    0:04:59: How might the collection of online data impact a regular person?



    0:10:13: What sorts of things can all this data reveal about us?



    0:15:44: How much can we learn by tracking a person's location?



    0:17:38: What is 'gray data'?



    0:22:40: Our data can be saved virtually forever - what are the ramifications?



    0:26:30: How are data gathering rules different for law enforcement vs intelligence agencies?



    0:32:54: When did data brokers start selling our info to government agencies?



    0:39:22: Is it legal for these agencies to act as data brokers themselves?



    0:42:12: What laws have impacted this sort of data collection in the US?



    0:44:49: How and why do these agencies hide this data collection?



    0:51:02: Are governments sharing data to skirt local restrictions?



    0:54:54: How have these spy programs evolved since 9/11?



    1:00:28: Have government agencies lobbied Congress against federal privacy laws??



    1:03:20: How can we limit data collection and increase our privacy?



    1:06:24: Could the Big Tech backlash help get a privacy law passed?



    1:08:33: What are you working on next?



    1:09:59: Interview follow-up



    1:11:36: Looking ahead

  • Until recently, most of our important data lived primarily on our devices. Backing up that data often meant choosing a cloud backup service. But today, many of our most important photos and files are actually stored in the cloud. While cloud servers are supposed to be more robust than home computers with flaky hard drives and smartphones that get lost or stolen, it also means that someone else is in control of that data. Cloud services go offline, get bought out or even shut down. We now need to be sure to back up our cloud data, too.



    In other news: 23andMe breach under investigation by US and Canada; cops release personal location info to FOIA request; hacker gains access to Tile customer data; more car privacy updates; Microsoft Recall backlash highlights our distrust; report shows Microsoft favoring profits over security; Mac Bartender app shadily changes ownership; new Apple privacy features coming.



    Article Links




    [malwarebytes.com] 23andMe data breach under joint investigation in two countries https://www.malwarebytes.com/blog/news/2024/06/23andme-data-breach-under-joint-investigation-in-two-countries



    [theregister.com] Crooks threaten to leak 3B personal records 'stolen from background check firm' https://www.theregister.com/2024/06/03/usdod_data_dump/



    [404media.co] Cops Released a Car’s Travel History to a Total Stranger https://www.404media.co/cops-released-a-cars-travel-history-to-a-total-stranger/



    [404media.co] Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/



    [The New York Times] Is Your Driving Being Secretly Scored? https://www.nytimes.com/2024/06/09/technology/driver-scores-insurance-data-apps.html



    [Windows Central] A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw



    [ProPublica] Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers



    [AppleInsider] Adobe's new terms of service unacceptably gives them access to all of your projects, for free https://appleinsider.com/articles/24/06/06/adobes-new-terms-of-service-unacceptably-gives-them-access-to-all-of-your-projects-for-free



    [MacRumors] PSA: Bartender Mac App Under New Ownership, But Lack of Transparency Raises Concerns https://www.macrumors.com/2024/06/04/bartender-mac-app-new-owner/



    [9to5Mac] iOS 18 includes these new privacy features: Lock and hide apps, improved contact permissions, more https://9to5mac.com/2024/06/10/ios-18-includes-these-new-privacy-features-lock-and-hide-apps-improved-contact-permissions-more/



    Tip of the Week: Backup Your Cloud Data: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/ 




    Further Info




    Under New Management plugin: https://github.com/classvsoftware/under-new-management



    Send me your questions! https://fdsd.me/qna 



    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 



    Subscribe to the newsletter: https://fdsd.me/newsletter 



    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 



    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 



    Give the gift of privacy and security: https://fdsd.me/coupons 



    Support our mission! https://fdsd.me/support 



    Generate secure passphrases! https://d20key.com/#/ 




    Table of Contents



    Use these timestamps to jump to a particular section of the show.




    0:00:52: News preview



    0:03:11: 23andMe data breach under joint investigation in two countries



    0:07:01: Crooks threaten to leak 3B personal records 'stolen from background check firm'



    0:09:52: Cops Released a Car’s Travel History to a Total Stranger