Episodes
-
Have you ever searched for your personal information online? There are dozens of "people search sites" out there, but a simple Google search can also find information about you, too. Behind the scenes, there are hundreds if not thousands of data brokers who are scouring the web constantly for your info creating dossiers on all of us, for sale to anyone willing to pay. We have no federal privacy laws in the US, but even if you live in the EU (with GDPR) or a US state with some privacy protections (like California), you still may find your data online - because much it comes from public records, including voting records, property tax records, and legal filings. How do you find your data? Where did it come from? And more important, what can you do about it? Today will discuss this and more with Ben and Tyler, the founders of data deletion service EasyOptOuts.
Interview Notes
EasyOptOuts: https://easyoptouts.com/
Consumer Reports study: https://www.consumerreports.org/electronics/personal-information/services-that-delete-data-from-people-search-sites-review-a2705843415/
Brian Krebs on Radaris: https://krebsonsecurity.com/2024/03/a-close-up-look-at-the-consumer-data-broker-radaris/
My blog series on data removal: https://firewallsdontstopdragons.com/osint-reconnaissance/
Jason Edison OSINT interview: https://podcast.firewallsdontstopdragons.com/2024/07/22/open-source-intelligence/
Big Ass Data Broker Opt Out List: https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:04: Staying up to date during December
0:01:45: NPR shout out?
0:02:25: Interview setup
0:04:11: Why did you get into the data deletion business?
0:05:58: How does EasyOptOuts differentiate its service?
0:09:35: Where do these data brokers get all my information?
0:13:37: How often do you find errors in people's information on these sites?
0:15:36: What are the names of some of the top data brokers? Would we know them?
0:17:34: Will a credit freeze prevent data sharing?
0:19:02: What does it cost to get these people reports?
0:21:21: Have you tried deleting data from the recently breached National Public Data?
0:23:02: How do the various US state privacy laws impact our ability to delete our data?
0:27:52: How many data brokers operate in non-US/EU jurisdictions?
0:29:00: Who is selling my data that would surprise me?
0:31:26: How did we consent to this data sharing and can we opt out?
0:34:14: If I wanted to try to clean up my data myself, how would I go about that?
0:38:09: How do I avoid giving away more information while I try to prove my identity?
0:41:34: If I would rather use a deletion service, how does that work and what does it cost?
0:46:39: After deletion, will my data just be replenished after some amount of time?
0:48:01: Any final pro tips on reducing my public data?
0:51:02: Interview wrapup
0:53:26: Patron bonus content preview
0:54:05: Plan for December shows -
It's been too long since I've dipped into the listener mailbag, so today I'm going to answer a small selection of your questions on the air! Topics include privacy-respecting baby monitors, the "IoT network" on some Orbi routers, why you can't really use a computer monitor as a "dumb" TV, and whether browser privacy plugins work on first party tracking.
We'll also cover some news stories: why you shouldn't upload medical images to AI chatbots; the Fancy Bear "nearest neighbor" attack; Google's new website link overlays; the curious case of cutting undersea internet cables; Microsoft's new Windows Resiliency Initiative; mobile pay apps coming under regulatory scrutiny; iPhone's new tool to strip metadata from shared photos; and Google now warning you about suspicious apps.
Article Links
[techcrunch.com] PSA: You shouldn’t upload your medical images to AI chatbots https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/
[darkreading.com] Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network https://www.darkreading.com/cyberattacks-data-breaches/fancy-bear-nearest-neighbor-attack-wi-fi
[9to5google.com] Google’s iOS app now injects links on third-party websites that go back to Search https://9to5google.com/2024/11/25/google-ios-app-link-annotations-search/
[newsweek.com] Chinese Vessel Allegedly Drags Anchor, Severs Undersea Cable Links https://www.newsweek.com/chinese-vessel-allegedly-drags-anchor-severs-undersea-cable-links-1992580
[dw.com] Hybrid warfare on the seabed? https://www.dw.com/en/baltic-sea-underwater-cable-damage-highlights-hybrid-warfare-on-critical-infrastructure/a-70853706
[theverge.com] Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident https://www.theverge.com/2024/11/19/24299873/microsoft-windows-resiliency-initiative-crowdstrike-incident
[lifehacker.com] Venmo, Apple Pay, and Other Payment Apps Are About to Be More Regulated https://lifehacker.com/money/payment-apps-are-about-to-be-more-regulated
[lifehacker.com] Your iPhone Can Now Automatically Remove Location Data From Photos You Share Online https://lifehacker.com/tech/your-iphone-can-now-automatically-remove-location-data-from-photos-online
[lifehacker.com] The Google Play Store Will Soon Warn You Before You Download a Bad App https://lifehacker.com/tech/the-google-play-store-will-warn-you-bad-app
Further Info
ExifTool: https://exiftool.org/
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:51: Holiday PSA
0:02:12: News preview
0:03:59: PSA: You shouldn’t upload your medical images to AI chatbots
0:07:22: Fancy Bear 'Nearest Neighbor' Attack Uses Nearby Wi-Fi Network
0:12:59: Google’s iOS app now injects links on third-party websites that go back to Search
0:15:10: Chinese Vessel Allegedly Drags Anchor, Severs Undersea Cable Links
0:18:17: Hybrid warfare on the seabed?
0:27:19: Microsoft’s new Windows Resiliency Initiative aims to avoid another CrowdStrike incident
0:33:11: Venmo, Apple Pay, and Other Payment Apps Are About to Be More Regulated
0:36:30: Your iPhone Can Now Automatically Remove Location Data From Photos You Share Online
0:42:23: The Google Play Store Will Soon Warn You Before You Download a Bad App
0:46:20: Finding a private, secure baby monitor
0:50:44: IoT Network on Netgear Orbi routers?
0:52:50: Using a computer monitor as a dumb TV? -
Missing episodes?
-
Privacy has been defined in many ways. The right to tell your story your own way. The right to have control over your personal information. The right to be left alone. There's a reason we have T-shirts that say "dance like no one is watching". We censor ourselves when we're being watched. But if knowledge is power, then asymmetries in knowledge must lead to asymmetries in power. Privacy is a human right but it's also a collective good - something we need to respect and support, even if we do not personally feel the need to exercise it. Today I'll explore why privacy is essential, how it is being threatened, and what we can do to reclaim it with Carissa Véliz, a professor of philosophy and author of the wonderful and important book, Privacy is Power.
Interview Notes
Carissa’s website: https://www.carissaveliz.com/
Privacy is Power: https://www.penguinrandomhouse.com/books/673341/privacy-is-power-by-carissa-veliz/
My review of her book: https://firewallsdontstopdragons.com/privacy-is-power-review/
The Ethics of Privacy and Surveillance: https://www.oxford-aiethics.ox.ac.uk/blog/new-book-ethics-privacy-and-surveillance
TEDx: The Case for Ending Data Economy: https://www.youtube.com/watch?v=luCXlPYrTP4
Google’s Don’t Be Evil motto history: https://en.wikipedia.org/wiki/Don't_be_evil
Give Thanks & Donate! https://firewallsdontstopdragons.com/give-thanks-donate/
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:31: Give Thanks & Donate!
0:01:27: Follow me on Bluesky
0:02:06: Interview setup
0:04:17: What inspired you to write this book?
0:07:04: What impacts has your book had? Did any response surprise you?
0:10:01: When researching the book, what surveillance methods most surprised you?
0:13:31: How and when did all this surveillance start?
0:15:40: Are behavior ads really more effective than contextual ads?
0:19:04: Is it possible to have privacy and still target ads?
0:22:08: What's your take on Google's Privacy Sandbox concept?
0:23:57: Why is the 'notice and consent' model such a failure?
0:28:14: What's your take on the notion of data sovereignty?
0:30:09: Why is privacy a collective good that we all need to protect?
0:32:12: How does asymmetry in knowledge lead to asymmetry in power?
0:34:06: Are we at risk of normalizing surveillance for future generations?
0:37:09: What will it take to trigger a surveillance backlash?
0:40:21: What can we learn from history about overzealous data collection?
0:43:35: How will AI technology impact our privacy?
0:49:30: Can we reap the benefits of our data without giving up privacy?
0:52:45: How do we manifest a society that values and respects privacy?
0:56:15: Interview wrap-up
0:58:36: Still celebrating 400th episode!
0:59:02: Looking ahead -
Holiday shopping season is here! And today I'll give you the highlights of my annual Best & Worst Gift Guide for 2024, with regard to privacy and security. The worst offenders may not surprise you, though some have actually gotten worse since just last year. And I have a few new suggestions for people on your nice list!In the news this week: another popular browser extension has gone rogue; Mozilla laid off 30% of their staff; FBI warns that bad guys are filing fraudulent emergency data requests to steal your private info; Apple quietly introduces a brilliant security feature that is frustrating cops; Microsoft will stop providing security updates for Windows 10 next October; a free decryptor was released for ShrinkLocker ransomware; Signal offers new call link feature; an air fryer app is sending your data to China; and Apple announces feature to share AirTag location with others including airlines to help find lost luggage.Article Links[cyberinsider.com] Popular Chrome Extension to Hide YouTube Shorts Turned Malicious https://cyberinsider.com/popular-chrome-extension-to-hide-youtube-shorts-turned-malicious/[Tech Crunch] Mozilla Foundation lays off 30% staff, drops advocacy division https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/ [Tech Crunch] FBI says hackers are sending fraudulent police data requests to tech giants to steal people’s private information https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/[404media.co] Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops https://www.404media.co/apple-quietly-introduced-iphone-reboot-code-which-is-locking-out-cops/[blog.0patch.com] Long Live Windows 10... With 0patch https://blog.0patch.com/2024/06/long-live-windows-10-with-0patch.html[The Hacker News] Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html[signal.org] Improving Private Signal Calls: Call Links & More https://signal.org/blog/call-links/[malwarebytes.com] Air fryers are the latest surveillance threat you didn’t consider https://www.malwarebytes.com/blog/news/2024/11/air-fryers-are-the-latest-surveillance-threat-you-didnt-consider[macrumors.com] Apple Announces iOS 18.2's New AirTag Location Sharing Feature Coming to These 15+ Airlines https://www.macrumors.com/2024/11/11/apple-announces-airtag-location-sharing/Best & Worst Gift Guide 2024! https://firewallsdontstopdragons.com/best-worst-gifts-2024/ Further InfoHelp me reach more people! https://fdsd.me/awareness2Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:50: Update Android phones0:01:23: News preview0:03:23: Popular Chrome Extension to Hide YouTube Shorts Turned Malicious0:10:30: Mozilla Foundation lays off 30% staff, drops advocacy division0:14:06: FBI says hackers are sending fraudulent police data requests to steal people’s private info0:19:59: Apple Quietly Introduced iPhone Reboot Code Which is Locking Out Cops0:29:46: Long Live Windows 10... With 0patch0:39:54: Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims0:42:45: Improving Private Signal Calls: Call Links & More0:45:23: Air fryers are the latest surveillance threat you didn’t consider...
-
Device manufacturers are breathing new life into old mundane products by connecting them to the internet, giving us the ability to monitor and control them from anywhere. However, this connection to the cloud works both ways. Not only do device makers now have unprecedented access to our usage and personal information, but they can hobble or limit our use of these devices at their whim. Today I'll speak with IoT expert Stacey Higginbotham who is working with Consumer Reports and other consumer rights groups to bring more transparency to the smart device industry, and hopefully allow us to regain control over the devices we purchase.
Interview Notes
Stacey Higginbotham: https://www.linkedin.com/in/staceyhigginbotham/
Consumer Reports’ FTC filing on software tethering: https://advocacy.consumerreports.org/press_release/ftc-software-tethering/
Who Ya Gonna Call? https://innovation.consumerreports.org/who-ya-gonna-call/
Spotify Cancels Car Thing: https://innovation.consumerreports.org/how-to-kill-a-smart-device-spotify-car-thing-post-mortem/
When Will Your Smart Appliance Turn Dumb? https://innovation.consumerreports.org/when-will-your-smart-appliance-turn-dumb/
CR’s Permission Slip: https://www.permissionslipcr.com/
CR’s Security Planner: https://securityplanner.consumerreports.org/
My interview with Cory Doctorow on adversarial interoperability: https://podcast.firewallsdontstopdragons.com/2020/02/17/adversarial-interoperability-part-1/
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:54: Chevron deference
0:01:48: US election impacts
0:03:15: Interview setup
0:03:55: What does it mean for devices to be 'software tethered'?
0:09:23: How might software tethering affect resale of smart devices?
0:13:52: What are the impacts on security and privacy?
0:15:20: How did we agree to these limitations?
0:17:13: 1. Require disclosure of guaranteed minimum support time
0:23:55: 2. Eensure core functionality will work offline or after support ends
0:27:50: What devices might fail to work when offline?
0:30:19: 3. Encourage tools that enable reuse if support ends
0:34:24: 4. Protect adversarial interoperability
0:39:05: What happened to Amazon Dash buttons?
0:40:03: 5. Educate manufacturers on ways to build longevity into designs
0:46:28: Is it easier to get FTC rulings than new regulations?
0:51:29: Does the DMCA still apply to abandoned products?
0:53:13: Should we force companies to escrow software for release if they fail?
0:56:06: What should we be doing as consumers to further this cause?
0:57:39: What's next for your FTC filing?
0:59:55: Interview wrap-up
1:01:28: Patron bonus preview
1:02:19: Looking ahead -
Our location is being tracked mercilessly today, in several ways. In the digital age, location data is among the most sensitive information we share, providing a record of our daily lives that can reveal where we live, who we associate with, and our personal routines. For app developers, marketers, and even law enforcement, this data is a goldmine for the ‘app economy’. Today I’ll talk about the most common sources of location data and give you some tips for limiting the tracking.
In other news: the FTC files rule that requires canceling be just as easy as subscribing; CFPB takes action against worker surveillance; macOS Sequoia's tightened app security may be annoying to some; it's now legal to hack McFlurry machines to fix them; the EU makes vendors liable for software bugs; city sues Flock saying license plate readers are Unconstitutional; tracking world leaders with a fitness app; smartphone location tracking is out of control.
Article Links
[theverge.com] The FTC is finally making it easier to cancel your gym membership https://www.theverge.com/2024/10/16/24271649/ftc-click-to-cancel-subscriptions-final-rule
[consumerfinance.gov] CFPB Takes Action to Curb Unchecked Worker Surveillance https://www.consumerfinance.gov/about-us/newsroom/cfpb-takes-action-to-curb-unchecked-worker-surveillance/
[appleinsider.com] What's changed in runtime protection for macOS Sequoia https://appleinsider.com/inside/macos-sequoia/tips/whats-changed-in-runtime-protection-for-macos-sequoia
[404media.co] It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/
[Risky Business] The EU will make vendors liable for bugs https://news.risky.biz/risky-biz-news-the-eu-will-make-vendors-liable-for-bugs/
[404media.co] Lawsuit Argues Warrantless Use of Flock Surveillance Cameras Is Unconstitutional https://www.404media.co/lawsuit-argues-warrantless-use-of-flock-surveillance-cameras-is-unconstitutional/
[schneier.com] Tracking World Leaders Using Strava https://www.schneier.com/blog/archives/2024/10/tracking-world-leaders-using-strava.html
[arstechnica.com] Location tracking of phones is out of control. Here’s how to fight back. https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/
Tip of the Week: https://firewallsdontstopdragons.com/how-to-curb-location-tracking/
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:03:06: News preview
0:04:41: FTC is finally making it easier to cancel your gym membership
0:07:19: CFPB Takes Action to Curb Unchecked Worker Surveillance
0:14:23: What's changed in runtime protection for macOS Sequoia
0:21:57: It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them
0:28:15: The EU will make vendors liable for bugs
0:33:00: Lawsuit Argues Warrantless Use of Flock Surveillance Cameras Is Unconstitutional
0:41:09: Tracking World Leaders Using Strava
0:42:38: Location tracking of phones is out of control. Here’s how to fight back.
0:49:56: Tip of the Week: Curbing Location Tracking
1:00:57: Looking ahead -
The first episode of Firewalls Don't Stop Dragons Podcast aired on March 8, 2017 - almost 8 years ago now. Over that time, I've interviewed over 135 unique and amazing people, covered countless cybersecurity and privacy stories, and offered 100's of tips for protecting your devices and data. To celebrate this momentous occasion, world-renowned cryptography guru Bruce Schneier has returned to for our traditional Podcentennial interview! We discuss several timely topics including the Crowdstrike incident, the pager bombing and supply attacks more generally, US election security, the open market for cyber vulnerabilities, US intelligence agencies' focus on offense versus defense, how AI might actually benefit democracy and much more!
Interview Notes
Bruce Schneier’s blog:https://www.schneier.com/
Inrupt’s Solid concept: https://www.inrupt.com/solid
Data and Goliath (book): https://www.schneier.com/books/data-and-goliath/
Bruce’s NY Time article on pager bombs: https://www.schneier.com/essays/archives/2024/09/israels-pager-attacks-have-changed-the-world.html
Joseph Cox “Anom” interview: https://podcast.firewallsdontstopdragons.com/2024/06/10/anom-the-fbis-phone-company/
WaPo detailed analysis of pager bomb attack: https://www.washingtonpost.com/world/2024/10/05/israel-mossad-hezbollah-pagers-nasrallah/
Restoring Trust in Elections: https://podcast.firewallsdontstopdragons.com/2023/12/11/restoring-trust-in-elections/
Hacking election systems w/ Harri Hursti: https://podcast.firewallsdontstopdragons.com/2021/11/08/restoring-trust-in-our-elections/
Hacker Halted conference info: https://hackerhalted.com/agenda/#day-two-october-31st
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:03:53: Interview setup
0:06:21: What should we have learned from the Crowdstrike incident?
0:11:21: Why is it more profitable for products to be brittle?
0:13:59: Do regulations stifle innovation?
0:15:27: Should intelligence agencies focus more on cyber offense or defense?
0:22:29: Should it be legal to buy and sell zero-days on the open market?
0:26:44: How secure are our election systems today? How do we get people to trust the outcomes?
0:35:41: What's your take on the arrest of Telegram's CEO?
0:39:18: How do we convince lawmakers not to subvert encrypted communications?
0:43:48: How did the exploding pager attack change our views of supply chain security?
0:49:26: In what ways might AI actually benefit our democracy?
0:58:03: Should there be any guardrails on AI systems?
1:01:17: What's next for you? What's the latest on the Solid project?
1:03:49: Interview wrap-up
1:07:51: More info for new listeners
1:13:38: Meet me at Hacker Halted Conference!
1:14:14: Looking ahead -
Artificial Intelligence (AI) is the buzzword of the day. There are many types of AI, but one particular flavor is getting a lot of press these days: chatbots. Formally referred to as Large Language Models (LLMs), chatbots like ChatGPT, Claude and Gemini are everywhere - either directly or integrated with other popular apps. This technology is real and it's here to stay, so it's important that we understand what it is, how it works, and what the limitations are. Today I'll explore some aspects of LLMs that you probably weren't aware of.In other news: critical, exploited Firefox bug is fixed (update now!); National Public Data files for bankruptcy after massive breach; hackers target Qualcomm chip zero-day used in many Android phones; China attackers exploit legally-mandated wiretapping backdoor in major telecom systems; new FIDO standard proposed for allowing passkeys to be exported and backed up; a PSA on why you shouldn't share personal information with AI chatbots.Article Links[The Hacker News] Mozilla Warns of Active Exploitation in Firefox, Urges Users to Update Immediately https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html[therecord.media] National Public Data files for bankruptcy, citing fallout from cyberattack https://therecord.media/national-public-data-bankruptcy-cyberattack[techcrunch.com] Hackers were targeting Android users with Qualcomm zero-day https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/[pluralistic.net] China hacked Verizon, AT&T and Lumen using the FBI’s backdoor https://pluralistic.net/2024/10/07/foreseeable-outcomes/[appleinsider.com] Future Passkeys will be able to be shared across platforms & password vaults https://appleinsider.com/articles/24/10/15/future-passkeys-will-be-able-to-be-shared-across-platforms-password-vaults[9to5mac.com] PSA: Here’s another reason not to include personal details in AI chats https://9to5mac.com/2024/10/17/psa-heres-another-reason-not-to-include-personal-details-in-ai-chats/Tip of the Week: Understanding AI ChatbotsFurther InfoHelp me reach more people! https://fdsd.me/awareness2Privacy Not Included chatbot privacy guide: https://foundation.mozilla.org/en/privacynotincluded/articles/how-to-protect-your-privacy-from-chatgpt-and-other-ai-chatbots/Gandalf AI game: https://gandalf.lakera.ai/baseline Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:01:01: Google finally killing uBlock Origin0:04:07: News preview0:05:54: Mozilla Warns of Active Exploitation in Firefox0:08:55: National Public Data files for bankruptcy0:14:42: Hackers were targeting Android users with Qualcomm zero-day0:19:14: China hacked Verizon, AT&T and Lumen using the FBI’s backdoor0:26:10: Future Passkeys will be able to be shared across platforms & password vaults0:31:08: Here’s another reason not to include personal details in AI chats0:37:40: Tip of the Week: Understanding Chatbots0:55:55: Wrapping up0:56:35: Celebrating 400 episodes!
-
L0pht Heavy Industries (pronounced "loft") was one of the most influential hacker groups in history. Unlike many others, L0pht carefully cultivated a relationship with mass media, sold profitable products, started businesses, and even testified before the US Senate. Cris Thomas, aka Space Rogue, was one of the earliest members of the L0pht and he recently published a book chronicling the groups long and storied history called Space Rogue: How the Hackers Known As L0pht Changed the World. Today I sit down with Cris to discuss that history and the impacts that the L0pht and other hacker groups have had on all of us.
Interview Notes
Space Rogue’s website: https://www.spacerogue.net/
L0pht homepage: https://l0pht.com/
L0phtCrack: https://www.l0phtcrack.com/
Textfiles.com: http://textfiles.com/
L0phy testimony: https://www.youtube.com/watch?v=VVJldn_MmMY
Charlie Rose “Hackers” interview: https://www.youtube.com/watch?v=zbTkOuPv2fo
PicoCTF: https://www.picoctf.org/
Hack the Box: https://help.hackthebox.com/en/articles/5200851-introduction-to-ctfs
Further Info
Help me reach more people! https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:23: Episode 400 coming soon!
0:01:16: Interview setup
0:03:49: Tell us about your book
0:04:52: What is your origin story? How'd you get into hacking?
0:08:15: How often did you meet your fellow hackers in person?
0:10:49: How did the L0pht get started?
0:15:39: What was the reaction when you "come out" as a hacker to friends and family?
0:20:02: How much did different hacker groups interact back in the day?
0:23:19: L0pht cultivated a relationship with the media - how did that affect the dynamic?
0:28:19: What's the history behind the infamous L0phtCrack password tool?
0:35:36: What was it like testifying in front of the US Senate?
0:38:32: How did you get away with testifying under your hacker names?
0:45:29: How did Hacker News Network come to be?
0:52:06: How did we avoid a hacker cyber war against China in the late 90s?
0:57:15: Which of L0pht's many achievements are you most proud of?
0:59:40: What advice would you give to someone wanting to get into cybersecurity?
1:05:39: What's next for you?
1:06:23: Patron bonus content preview
1:06:52: Post-interview notes
1:08:36: Looking ahead -
Sometimes it’s obvious when your accounts are hacked. Maybe your money is gone. Maybe you can no longer log in using the password you know is correct. Maybe everyone you know has gotten a scam email from you that you didn’t send. But sometimes bad guys aren’t so obvious. They may lurk around in your accounts to gather information for identity theft or in hopes of gaining access to other more lucrative accounts. I'll tell you how to find out.In other news: CA governor vetoes opt-out signal bill but signs car privacy bill; 23andMe is in trouble and your data may be, too; PayPal opted you into data sharing without asking; Kaspersky deletes itself and installs UltraAV without asking; 100 million Americans had background data leaked; researchers add facial recognition tech to Meta's smart glasses; NIST updates password rules to with common sense changes; US & Microsoft seize 100+ web domains used by Russian hackers.Article Links[Ars Technica] Calif. Governor vetoes bill requiring opt-out signals for sale of user data https://arstechnica.com/tech-policy/2024/09/calif-gov-vetoes-attempt-to-require-new-privacy-option-in-browsers-and-oses/ [Teach Privacy] Bankruptcy Sale of DNA Data: From Toysmart to 23andMe https://teachprivacy.com/bankruptcy-sale-of-dna-data-from-toysmart-to-23andme/ [404 Media] Paypal Opted You Into Sharing Data Without Your Knowledge https://www.404media.co/paypal-personalized-shopping-opt-out/ [Bleeping Computer] Kaspersky deletes itself, installs UltraAV antivirus without warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ [Tom’s Guide] 100 million Americans just had their background check data exposed https://www.tomsguide.com/computing/online-security/100-million-americans-just-had-their-background-check-data-exposed-online-how-to-stay-safe [404 Media] Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers https://www.404media.co/someone-put-facial-recognition-tech-onto-metas-smart-glasses-to-instantly-dox-strangers/ [Ars Technica] NIST proposes barring some of the most nonsensical password rules https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules/ [The Record] California passes car data privacy law to protect domestic abuse survivors https://therecord.media/california-car-data-privacy-law-domestic-abuse-tracking [Semafor] US, Microsoft seize more than 100 websites used by Russian hackers https://www.semafor.com/article/10/03/2024/us-microsoft-seize-more-than-100-websites-used-by-russian-hackers Tip of the Week: Indicators of Account Compromise: https://firewallsdontstopdragons.com/indicators-of-account-compromise/ Further InfoHelp me reach more people! https://fdsd.me/awareness2Treasure Chest promotion: https://firewallsdontstopdragons.com/treasure-coin-promo/ How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ My article on removing your data from the web: https://firewallsdontstopdragons.com/osint-remediation/ CISA Cybersecurity Awareness Month resources: https://www.cisa.gov/resources-tools/resources/secure-our-world-resources-cybersecurity-awareness-month-2024-toolkit Stay Safe Online CAM site: https://staysafeonline.org/programs/cybersecurity-awareness-month/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of Contents
-
Two security researchers showed how many modern VPN services are vulnerable to malicious misconfiguration, exposing some or all of your internet traffic. While this is not likely to impact most of us, it does expose the limitations of Virtual Private Networks and why they are not silver bullets for security of privacy - despite many marketing claims to the contrary. Today we'll discuss how TunnelVision works, how it can be mitigated, and how this affects different privacy threat models with the two researchers from Leviathan Security, Dani Cronce and Lizzie Moratti.
Interview Notes
Lizzie Moratti: https://www.linkedin.com/in/lmoratti/
Dani Cronce: https://www.linkedin.com/in/danicronce/
TunnelVision: https://www.tunnelvisionbug.com/
ProtonVPN threat model: https://protonvpn.com/blog/threat-model
Dani’s GitHub: https://github.com/superit23
Leviathan Security blog: https://www.leviathansecurity.com/blog
Veilid: https://veilid.com/
Willy Wonka scene: https://www.youtube.com/watch?v=pvS3j8VtanM
Linux network namespaces: https://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
What is DeFi? https://www.investopedia.com/decentralized-finance-defi-5113835
Further Info
Help me brainstorm ways to reach more people!: https://fdsd.me/awareness2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:23: Reminder: brainstorming survey
0:01:47: Podcast chapter markers!
0:02:54: Interview setup
0:05:55: What is a VPN and what isits intended purpose?
0:10:27: If most connections are secured today, why do we need a VPN?
0:12:40: Why do we trust a VPN provider more than our internet access provider?
0:17:40: What are you trying to do with a VPN?
0:19:13: Who can see my internet traffic?
0:25:30: What is TunnelVision and what are the implications for VPN users?
0:29:42: What's a less technical way to understand TunnelVision?
0:33:06: Why might I not want all my traffic to go through the VPN?
0:35:02: How dangerous is TunnelVision for the average person?
0:42:30: How did the VPN companies respond?
0:51:19: What VPN features can mitigate the risk?
0:57:42: Have any VPN makers fixed this problem? Do OS vendors have responsibility here?
1:02:11: Do you have recommendations for VPNs? Is there new tech that might help here?
1:04:00: Would privacy regulations help here?
1:06:24: What are you working on next?
1:08:51: Interview wrap-up
1:13:31: Looking ahead -
We often think of malware as a problem for our computers and perhaps our smartphones. But bad guys love to hack our home routers and IoT devices, as well. Thankfully, purging malware from those types of devices can usually be done just by rebooting them. (There's a reason tech support always asks you to try turning your device off and back on again.) I'll explain why this works and what you should do to protect your connected devices.
In other news: I explain why most people are not in danger of their devices blowing up; a new Windows phishing campaign uses fake CAPTCHAs and PowerShell; LinkedIn started training their AI on your data before telling you how to opt out; Oracle's CEO touts his vision of ubiquitous AI surveillance; Ford seeks a patent to show you ads in your vehicle based on your conversations and other private data; Meta admits to scraping public Instagram and Facebook posts to train its AI; four great new iOS 18 privacy and security features; Apple Intelligence servers are very basic, for a reason; and the FBI shuts down a massive Chinese botnet.
Article Links
[WIRED] Your Phone Won’t Be the Next Exploding Pager https://www.wired.com/story/exploding-pagers-hezbollah-phones/
[briankrebs] This Windows PowerShell Phish Has Scary Potential https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
[404media.co] LinkedIn Is Training AI on User Data Before Updating Its Terms of Service https://www.404media.co/linkedin-is-training-ai-on-user-data-before-updating-its-terms-of-service/
[theregister.com] Ellison declares Oracle 'all in' on AI mass surveillance https://www.theregister.com/2024/09/16/oracle_ai_mass_surveillance_cloud/
[therecord.media] Ford seeks patent for tech that listens to driver conversations to serve ads https://therecord.media/ford-patent-application-in-vehicle-listening-advertising
[9to5Mac] Meta scraped all public Facebook and Instagram posts since 2007 for AI training https://9to5mac.com/2024/09/11/meta-scraped-all-public-facebook-and-instagram-posts-since-2007-for-ai-training/
[TechRadar] I'm a privacy expert—here are the 4 iOS 18 features I'm excited about https://www.techradar.com/phones/im-a-privacy-experthere-are-the-4-ios-18-features-im-excited-about
[9to5Mac] Apple Intelligence servers are really basic, says Craig Federighi – and that’s deliberate https://9to5mac.com/2024/09/12/apple-intelligence-servers-are-really-basic-says-craig-federighi-and-thats-deliberate/
[Gizmodo] FBI Shuts Down Botnet Run by Beijing-Backed Hackers That Hijacked Over 200,000 Devices https://gizmodo.com/fbi-shuts-down-botnet-run-by-beijing-backed-hackers-that-hijacked-over-200000-devices-2000500627
Tip of the Week: Malware Reboot Remedy
Further Info
Awareness Campaign Phase 2!: https://fdsd.me/awareness2
LinkedIn privacy settings: https://www.linkedin.com/mypreferences/d/categories/privacy
Test your ad blocker(s): https://d3ward.github.io/toolz/adblock.html
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:31: Update Apple devices
0:01:36: Awareness Campaign teaser
0:02:04: News rundown
0:04:08: Your Phone Won’t Be the Next Exploding Pager
0:08:00: This Windows PowerShell Phish Has Scary Potential
0:12:34: LinkedIn Trains AI on Your Data Before Updating Its ToS
0:16:41: Ellison declares Oracle 'all in' on AI mass surveillance
0:20:15: Ford seeks patent for tech that listens to ... -
You may be vaguely aware of the term 'quantum computing' from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We'll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections.
Interview Notes
Try Tuta! https://tuta.com/
Tuta’s quantum-safe crypto: https://tuta.com/blog/post-quantum-cryptography
Quantum mechanics: https://en.wikipedia.org/wiki/Quantum_mechanics
Schrödinger's cat: https://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat
NIST post-quantum standards: https://csrc.nist.gov/projects/post-quantum-cryptography
NSA pays RSA to weaken encryption?: https://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220/
Longer passwords are better: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/
Privacy Guides on Proton Wallet: https://www.privacyguides.org/articles/2024/09/08/proton-wallet-review/#why-does-this-exist
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:02:50: Some terminology first
0:07:33: What is quantum computing and what's it good for?
0:16:25: What are the currrent capabilities of quantum computers?
0:22:02: How long have we been working on quantum computers?
0:25:01: If QC is still so far off, why do we need to prepare now?
0:30:53: How do we design encryption to make it safe against quantum computers?
0:36:10: How can we be sure that the NSA isn't buillding backdoors into these algorithms?
0:41:11: Will post-quantum algorithms replace current ones or augment them?
0:45:51: How soon will quantum-safe crypto be roled out?
0:52:42: Who will be able to own and operate these quantum computers?
0:54:45: Are law enforcement agencies pushing back against quantum-safe crypto?
1:00:34: Who is more likely to win: coder makers or code breakers?
1:04:24: Wrap-up
1:05:55: Looking ahead -
Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase - like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread.
In other news: Telegram's CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it's really not; if you think ads and tracking are bad now, wait till you hear all the ways modern TVs are monetizing their users; sextortion scams are using some new techniques to scam their victims; consumer groups have lobbied the FTC to create clear guidance on 'software tethering'; and California just approved a new privacy bill that will finally require companies to honor universal opt-out signals from apps and browsers.
Article Links
BBC] Telegram CEO Pavel Durov arrested at French airport https://www.bbc.com/news/articles/ckg2kz9kn93o
[blog.cryptographyengineering.com] Is Telegram really an encrypted messaging app? https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
[Ars Technica] Your TV set has become a digital billboard. And it’s only getting worse. https://arstechnica.com/gadgets/2024/08/tv-industrys-ads-tracking-obsession-is-turning-your-living-room-into-a-store/
[briankrebs] Sextortion Scams Now Include Photos of Your Home https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
[advocacy.consumerreports.org] Consumer Reports, U.S. PIRG, and 15 other groups call on FTC to create clear guidance for ‘software tethering’ https://advocacy.consumerreports.org/press_release/ftc-software-tethering/
[Dark Reading] California Approves Privacy Bill Requiring Opt-Out Tools https://www.darkreading.com/data-privacy/california-privacy-bill-require-opt-out-tools
Tip of the Week: Spotting Fake News https://firewallsdontstopdragons.com/the-truth-is-out-there/
Further Info
My series on deleting your public data online: https://firewallsdontstopdragons.com/osint-reconnaissance/
Enabling Global Privacy Control (GPC): https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:02:14: News preview
0:05:22: Telegram CEO Pavel Durov arrested at French airport
0:09:47: Is Telegram really an encrypted messaging app?
0:19:57: Your TV set has become a digital billboard. And it’s only getting worse.
0:41:25: Sextortion Scams Now Include Photos of Your Home
0:48:06: Consumer groups call on FTC to create clear guidance for ‘software tethering’
0:54:33: California Approves Privacy Bill Requiring Opt-Out Tools
0:59:22: Tip of the Week: Dealing with Misinformation
1:11:36: Looking ahead -
Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the 'compromised machine' threat model.
Interview Notes
Proton Docs: https://proton.me/blog/docs-proton-drive
Proton Wallet: https://proton.me/blog/proton-wallet-launch
Proton Scribe: https://proton.me/blog/proton-scribe-writing-assistant
Proton Foundation: https://proton.me/blog/proton-non-profit-foundation
Techlore on Proton Wallet: https://www.youtube.com/watch?v=tESbBM2LZHM&t=1922s
Seth for Privacy’s Andy Yen interview: https://optoutpod.com/episodes/protonwallet-andy-yen/
My interview on Easy Prey Podcast: https://www.easyprey.com/firewalls-dont-stop-dragons-with-carey-parker/
Techlore: https://www.techlore.tech/
Privacy Guides: https://www.privacyguides.org/
The New Oil: https://thenewoil.org/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:18: Interview setup
0:04:18: Why did you release so many new products all at once?
0:05:53: Did you develop Proton Docs from scratch? Will we get Proton Sheets, too?
0:10:09: What drove you to add AI features? How do you maintain privacy with AI?
0:17:07: Why did Proton feel the need to create another cryptocurrency wallet?
0:21:37: Who is the target audience for Proton Wallet?
0:28:38: As a privacy company, why go with Bitcoin, which is not really private?
0:39:34: Will you support Monero or Zcash?
0:40:40: Why did you restructure Proton as a foundation? What's the impact of this?
0:45:41: How is this new foundation different from others like Mozilla or Tor?
0:47:59: Would Proton ever consider acquiring Mozilla to save Firefox?
0:55:43: Does TunnelVision affect Proton VPN? How can we improve VPNs generally?
1:01:35: Signal was bashed for not encrypting local keys. How does Proton handle this?
1:05:25: What's coming next from Proton?
1:07:48: Interview wrap-up
1:10:54: Couple updates on Wallet, Scribe availability
1:11:50: Recommending other great privacy resources and Proton discussions
1:12:53: Upcoming shows
1:14:29: Upcoming podcast awareness campaign -
The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not.
In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing" and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services.
Article Links
[Reuters] Illinois governor approves business-friendly overhaul of biometric privacy law https://www.reuters.com/legal/government/illinois-governor-approves-business-friendly-overhaul-biometric-privacy-law-2024-08-05/
[TechCrunch] US appeals court rules geofence warrants are unconstitutional https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/
[Electronic Frontier Foundation] To Fight Surveillance Pricing, We Need Privacy First https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first
[ftc.gov] Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials
[natlawreview.com] CFPB Forecasts New Rule Cracking Down on Consumer Data Sales https://natlawreview.com/article/cfpb-forecasts-new-rule-cracking-down-consumer-data-sales
[Los Angeles Times] Hackers may have stolen the Social Security numbers of every American. How to protect yourself https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number
[troyhunt.com] Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/
[consumerreports.org] Evaluating People-Search Site Removal Services https://innovation.consumerreports.org/new-report-data-defense-evaluating-people-search-site-removal-services/
Tip of the Week: OSINT Final Steps https://firewallsdontstopdragons.com/osint-final-steps/
Other Helpful Links
Have I Been Pwned: https://haveibeenpwned.com/
NPD Data Breach search tool: https://npd.pentester.com/
Privacy Guides data removal tools: https://www.privacyguides.org/en/data-broker-removals/
Techlore video on data removal: https://www.youtube.com/watch?v=tESbBM2LZHM
Google’s Results About You: https://myactivity.google.com/results-about-you?pli=1
How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/
How and why to plant your flag: https://firewallsdontstopdragons.com/why-you-need-to-plant-your-flag/
Strong passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/
Backing up 2FA codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:04:00: News preview
0:06:33: Illinois governor approves business-friendly overhaul of biometric privacy law
0:11:18: US appeals court rules geofence warrants are unconstitutional
... -
Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla's Privacy Not Included team who recently published a full report on this topic.
Interview Notes
Privacy Not Included report on dating apps: https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/
Mozilla Foundation: https://foundation.mozilla.org/en/?form=donate-header
Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/
Falling out of love with dating apps: https://www.theguardian.com/lifeandstyle/2023/oct/28/its-quite-soul-destroying-how-we-fell-out-of-love-with-dating-apps
Using dating apps to locate someone: https://www.techradar.com/pro/privacy-flaw-in-top-dating-apps-could-have-revealed-user-location-down-to-2-metres
How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:57:02: Wrap-up and looking ahead
0:02:06: Freeze your credit!
0:04:19: How do modern dating apps work, exactly?
0:08:19: How do they find compatible matches?
0:10:34: Do these apps require constant access to your current location?
0:14:50: How much information used by these apps is inferred vs explicitly requested?
0:17:59: Do these apps use inferred data to weed out bad actors?
0:20:36: How did you decide which apps to evaluate?
0:23:54: What were your key takeaways and most alarming findings?
0:25:57: Do apps owned by the same parent company have similar privacy policies?
0:27:28: How transparent are these apps about sharing your data?
0:29:08: Was there any correlation between app cost and monetizing your data?
0:31:20: Are dating apps better about securing your personal data?
0:33:53: Do any of the dating apps offer end-to-end encryption of DMs?
0:35:40: Do these services try to keep you from leaving the app?
0:39:03: Once you find a match, can you get a refund for unused subscription time?
0:40:28: How do new AI features on dating apps affect your privacy?
0:43:30: Have there been any major dating service data breaches?
0:45:05: How bad are these apps for romance scams like 'big butchering'?
0:47:10: If I still want to use a dating app, how do I maximize my privacy?
0:51:19: Can I use a service on the web only (no app)? Can I delete my data?
0:54:20: How well do dating apps actually work, in terms of finding a mate? -
It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web.
In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly.
Article Links
[404media.co] Hotel to Search Rooms During DEF CON Hacking Conference https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/
[AppleInsider] Apple has closed an ancient macOS Safari security hole https://appleinsider.com/articles/24/08/07/apple-has-closed-an-ancient-macos-safari-security-hole
[therecord.media] NFL to roll out facial authentication software league-wide https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide
[therecord.media] Ford wants patent for tech allowing cars to surveil and report speeding drivers https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police
[The New York Times] Automakers Sold Driver Data for Pennies, Senators Say https://www.nytimes.com/2024/07/26/technology/driver-data-sold-for-pennies.html
[9to5Mac] Border agents cannot search smartphones without a warrant, rules federal court https://9to5mac.com/2024/07/29/cannot-search-smartphones-without-a-warrant/
[AppleInsider] Judge rules Google is a search and advertising monopoly https://appleinsider.com/articles/24/08/05/judge-rules-that-google-is-a-search-and-advertising-monopoly
Tip of the Week: OSINT Remediation https://firewallsdontstopdragons.com/osint-remediation/
Further Info
BSides Las Vegas: https://bsideslv.org/
DEF CON 32: https://defcon.org/html/defcon-32/dc-32-index.html
UnDisruptible27: https://securityandtechnology.org/undisruptable27/
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:26: Summer Camp Highlights
0:10:25: Hotel to Search Rooms During DEF CON
0:15:14: Apple has closed an ancient macOS Safari security hole
0:20:00: NFL to roll out facial authentication software league-wide
0:26:25: Ford wants patent for tech allowing cars to surveil and report speeding drivers
0:29:38: Automakers Sold Driver Data for Pennies, Senators Say
0:32:46: Border agents cannot search smartphones without a warrant,
0:36:44: Judge rules Google is a search and advertising monopoly
0:40:52: Tip of the Week: OSINT Remediation
0:54:25: EFF Tech Trivia update -
Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different than the others.
Interview Notes
Jack Daniel: https://www.linkedin.com/in/jackadaniel/
BSides official site: https://bsides.org/
BSides Las Vegas (part of hacker summer camp): https://bsideslv.org/
InfoSecMap: https://infosecmap.com/
Cult of the Dead Cow interview: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/
Jeff Moss interview #1: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/
Jeff Moss interview #2: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/
CackalackyCon: https://cackalackycon.org/
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:49: Interview lingo
0:04:05: How did you get into the world of cybersecurity and hacking?
0:12:40: Why did you start BSides?
0:17:43: What were some of the first BSides talks like?
0:21:42: What are the founding principles of BSides?
0:28:00: What approval do you need to start a BSides conference?
0:34:44: How have other hacker conferences influenced BSides and vice versa?
0:36:53: Is there a beef between BSides and Black Hat?
0:38:58: What's your connection with ShmooCon?
0:42:42: How have hackers and these conferences changed since the old days?
0:47:40: Discussion on responsible disclosure
0:50:39: Two different kinds of presenters
0:54:02: You might be a hacker if...
1:01:30: What's the best way to find a local hacker conference?
1:06:50: BSides is about community
1:08:29: Interview wrap-up
1:11:19: Patron content
1:11:53: Looking ahead -
Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I'm not going to hold my breath. I'll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future.In other news: Google finally throws in the towel on blocking third-party cookies; a private organization claims to have gained access to advertising-based location data on Trump's shooter; Republican VP candidate JD Vance forgets to make his Venmo data private; leaked docs show what phones Cellebrite can and can't hack; Meta takes down thousands of accounts related to sextortion ring; and for my Tip of the Week, we'll tackle part 1 of my article on deleting your public data from the web.Article Links[AppleInsider] Google gives up on Chrome plan to ditch third-party cookies https://appleinsider.com/articles/24/07/23/google-gives-up-on-chrome-plan-to-ditch-third-party-cookies[404media.co] Heritage Foundation Claims to Use Location Data to Track Trump Shooter's Movements https://www.404media.co/heritage-foundation-claims-to-use-location-data-to-track-trump-shooters-movements/[9to5Mac] J.D. Vance Venmo connections public, as privacy failing still in place six years later https://9to5mac.com/2024/07/19/jd-vance-venmo-connections-public/[404media.co] Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/[The Washington Post] Meta takes down thousands of Facebook, Instagram accounts running sextortion scams from Nigeria https://www.washingtonpost.com/business/2024/07/24/meta-nigeria-sextortion-scam-instagram-facebook/fce496c6-49b8-11ef-9149-c75da5dd9201_story.html[Schneier Blog] The CrowdStrike Outage and Market-Driven Brittleness https://www.schneier.com/blog/archives/2024/07/the-crowdstrike-outage-and-market-driven-brittleness.htmlTip of the Week:OSINT Reconnaissance: https://firewallsdontstopdragons.com/osint-reconnaissance/ Further InfoBook surge results: https://fdsd.me/booksurge Moxie Marlinspike (Signal) on Cellebrite vulnerabilities: https://signal.org/blog/cellebrite-vulnerabilities/ Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:51: AT&T breach update0:01:44: News rundown0:03:56: Google gives up on Chrome plan to ditch third-party cookies0:08:28: Group Claims to Use Location Data to Track Trump Shooter's Movements0:13:42: J.D. Vance Venmo connections public0:19:28: Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock0:27:35: Meta takes down thousands of accounts running sextortion scams0:31:21: Lessons from the CrowdStrike Outage0:44:52: Tip of the Week: OSINT Reconnaissance0:55:20: Book surge report0:57:06: More help will be needed0:58:10: Looking ahead
- Show more
