Episodes
-
Russia has been hacking Ukraine for at least a decade now, but since the invasion of Ukraine in February of 2022, the cyber war has changed. Instead of being a tactical element, cyber war is now a full-fledged strategic aspect of the conflict, on both sides. At the outset, Ukraine put out an official call to enlist cyber warriors from around the globe to their cause in what's been called the IT Army of Ukraine. Today we'll look at how this group was formed, how it operates, and what we should all be learning from what's happening there. My guest is Dina Temple-Raston from The Record, the Click Here Podcast, and formerly NPR.
Interview Notes
Dina Temple-Raston at The Record: https://therecord.media/author/dina-temple-raston
Click Here podcast: https://therecord.media/podcast
Click Here, Episode 98: “Lessons from the world's first hybrid war”: https://podcasts.apple.com/us/podcast/click-here/id1225077306?i=1000639045741
NPR’s I’ll Be Seeing You: https://www.npr.org/series/760566025/ill-be-seeing-you
Operation Glowing Symphony: https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:04:50: How did you get into covering cybersecurity and cyber warfare?
0:06:48: When and how did Russian cyber attacks begin in Ukraine?
0:15:40: What is the IT Army of Ukraine and what is its origin?
0:20:47: Have we seen other cyberwar volunteer organizations?
0:23:05: How are information and communications being utilized by the IT Army?
0:26:53: How has Russia responded to this?
0:28:34: How are IT Army members recruited and vetted?
0:30:17: How are objectives coordinated?
0:31:20: Where are IT Army members coming from?
0:32:03: Do we know if Western military members are participating in the IT Army?
0:36:30: What are the military lessons to be learned here?
0:42:11: What should civilians be learning from all of this?
0:46:01: What's next for you and Click Here?
0:47:14: Wrap-up and looking ahead -
Google's Chrome browser has dominated the planet - both on desktop computers and mobile devices. Furthermore, many other popular web browsers are actually based on the same Google-made Chromium browser engine, including Microsoft Edge and Brave Browser. This gives Google an inordinate amount of influence on web standards, in particular preventing better privacy protections. We need to support privacy-forward alternatives lest they disappear.
In other news: US passes expanded mass surveillance policies instead of curbing them; TikTok ban bill becomes law giving Bytedance a year to sell it; UK's Investigatory Powers Bill amendment passes; photo-sharing app will use users' uploaded images to train AI; Health insurers Kaiser and Change Healthcare are hacked; antivirus software service installs malware on user's systems; FCC fines telecom's $200M; CISA director pushes for vendor accountability; CISA's proactive protection programs are making positive impacts; UK becomes first country to enforce strong and strict IoT security requirements; net neutrality is back; Google again delays killing third party cookies.
Article Links
[Electronic Frontier Foundation] U.S. Senate and Biden Administration Shamefully Renew and Expand FISA Section 702, Ushering in a Two Year Expansion of Unconstitutional Mass Surveillance https://www.eff.org/deeplinks/2024/04/us-senate-and-biden-administration-shamefully-renew-and-expand-fisa-section-702-0
[TechCrunch] Biden signs bill that would ban TikTok if ByteDance fails to sell the app https://techcrunch.com/2024/04/24/biden-signs-bill-that-would-ban-tiktok-if-bytedance-fails-to-sell-the-app/
[theregister.com] UK's Investigatory Powers Bill to become law despite tech world opposition https://www.theregister.com/2024/04/26/investigatory_powers_bill/
[TechCrunch] Photo-sharing community EyeEm will license users photos to train AI if they don’t delete them https://techcrunch.com/2024/04/26/photo-sharing-community-eyeem-will-license-users-photos-to-train-ai-if-they-dont-delete-them/
[TechCrunch] Health insurance giant Kaiser notifies millions of a data breach https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach/
[TechCrunch] Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/
[Ars Technica] Hackers infect users of antivirus service that delivered updates over HTTP https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/
[BleepingComputer] FCC fines carriers $200 million for illegally sharing user location https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/
[cybersecuritydive.com] CISA director pushes for vendor accountability and less emphasis on victims’ errors https://www.cybersecuritydive.com/news/cisa-highlights-vendors-errors/714300/
[therecord.media] More than 800 vulnerabilities resolved through CISA ransomware notification pilot https://therecord.media/vulnerabilities-resolved-through-cisa-pilot
[therecord.media] UK becomes first country to ban default bad passwords on IoT devices https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices
[WIRED] Net Neutrality Returns to a Very Different Internet https://www.wired.com/story/fcc-net-neutrality-rules-vote/
[Ars Technica] Google delays third-party cookie death again: Now scheduled for 2025 https://arstechnica.com/gadgets/2024/04/google-delays-third-party-cookie-death-again-now-scheduled-for-2025/
Tip of the Week: https://firewallsdontstopdragons.com/its-time-to-quit-chrome/
Further Info
Under New Management plugin: https://github.com/classvsoftware/under-new-management
Donate to Mozilla (Firefox): https://foundation.mozilla.org/en/donate/
Send me your questions! https://fdsd.me/qna -
Missing episodes?
-
AI has been grabbing all the tech headlines, but cryptocurrency is still innovating and changing. One of the primary goals of cryptocurrency was to be decentralized and therefore not controlled by governments like fiat currency. That is about to change. Central Bank Digital Currency (CBDC) is a new type of cryptocurrency that is created and governed by nation states, which comes with serious implications for privacy and global economics. Thankfully I've got cryptocurrency expert Seth for Privacy on the show to explain how CBDC works and how it will affect us.
Interview Notes
Opt Out Podcast: https://optoutpod.com/
Freedom.Tech: https://freedom.tech/
Foundation.xyz: https://foundation.xyz/
CBDC tracker: https://cbdctracker.hrf.org/home
Buying Monero: https://freedom.tech/buying-monero-privately/
Samourai Wallet 1: https://freedom.tech/how-samourai-worked/
Samourai Wallet 2: https://freedom.tech/samourai-to-sparrow/
Cryptocurrency 101 interview: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/
Further Info
Treasure & Coin Promo: https://fdsd.me/promo424
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:30: Promo update
0:01:42: News preview
0:04:34: AT&T now says over 50M accounts were compromised
0:11:37: Apple password reset notification attack
0:16:04: Outlook is Microsoft’s new data collection service
0:22:40: Kobold letters
0:29:27: Backdoor in XZ Utils That Almost Happene
0:39:42: OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models
0:45:57: How to Turn Off Meta AI on their various apps
0:49:07: Vulnerabilities Identified in LG WebOS
0:52:14: Roku Says More Than 500,000 Accounts Were Compromised
0:56:05: X May Charge New Users a 'Small Fee' to Post, Like and Reply
1:00:04: DuckDuckGo Is Taking Its Privacy Fight to Data Brokers
1:04:19: Google Launches Android Find My Device Network
1:07:29: The CFPB wants to rein in data brokers
1:12:23: Tip of the Week: Freeze Your Credit
1:18:05: Wrap-up
1:19:06: Looking ahead -
You've heard people like me recommend this for years. It's time to just do it: freeze your credit report. There are really no downsides at this point. For example, it's now free everywhere in the US, by law. It's also free to temporarily "thaw" your credit. And it's gotten a lot easier to do, too. Freezing your credit is your main defense against financial identity theft. And with the sheer number of data breaches (like the recent massive AT&T leak), the personal information needed to commit identity theft is out there already.In other news: AT&T now says 51 million past and current customers' data were leaked; beware of a new password reset 'bomb' campaign; Microsoft is using Outlook to harvest and share your data; a new email scam alters their content after forwarding; a devious and devastating supply chain attack was thwarted in the nick of time; AI organizations are using sneaky techniques to train their models on your data; Meta is lacing its apps with AI, and there's not much you can do about it; LG TVs are hacked; Roku is breached again, this time affecting over 500,000 accounts; Twitter/X looking to charge new users a small fee to try to curb bot accounts; DuckDuckGo unveils trio of new for-pay privacy services; Google launches their own Find My network; and various US government agencies, lacking a real privacy law, attempt to curb privacy abuses using existing powers.Article Links[BleepingComputer] AT&T now says data breach impacted 51 million customers https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/[AppleInsider] If you're getting dozens of password reset notifications, you're being attacked https://appleinsider.com/articles/24/03/27/if-youre-getting-dozens-of-password-reset-notifications-youre-being-attacked[proton.me] Outlook is Microsoft’s new data collection service https://proton.me/blog/outlook-is-microsofts-new-data-collection-service[Lutra Security] Kobold letters https://lutrasecurity.com/en/articles/kobold-letters/[Schneier Blog] Backdoor in XZ Utils That Almost Happened https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html[Engadget] OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models https://www.engadget.com/openai-and-google-reportedly-used-transcriptions-of-youtube-videos-to-train-their-ai-models-163531073.html[Lifehacker] How to Turn Off Meta AI on Facebook, Instagram, Messenger, and WhatsApp https://lifehacker.com/tech/how-to-turn-off-meta-ai-on-facebook-instagram-messenger-whatsapp[bitdefender.com] Vulnerabilities Identified in LG WebOS https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/[Lifehacker] Roku Says More Than 500,000 Accounts Were Compromised in a Cyberattack https://lifehacker.com/tech/roku-cyberattack-compromises-accounts[MacRumors] X May Charge New Users a 'Small Fee' to Post, Like and Reply https://www.macrumors.com/2024/04/15/x-small-fee-new-users/[WIRED] DuckDuckGo Is Taking Its Privacy Fight to Data Brokers https://www.wired.com/story/duckduckgo-vpn-data-removal-tool-privacy-pro/[MacRumors] Google Launches Android Find My Device Network https://www.macrumors.com/2024/04/08/google-android-find-my-device-network-2/[ftc.gov] Proposed FTC Order will Prohibit Telehealth Firm from Using or Disclosing Sensitive Data for Advertising Purposes https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data[The Verge] The CFPB wants to rein in data brokers https://www.theverge.com/2024/4/15/24131354/cfpb-data-brokers-fair-credit-reporting-act[therecord.media] Automakers and FCC square off over potential regulations for connected cars https://therecord.media/fcc-automakers-connected-cars-regulation-mvnosTip of the Week: https://firewallsdontstopdragons.
-
There's a lot of nasty stuff online - things we would prefer our kids not see, at least not until they're mature enough to handle it. Our elected representatives have proposed various regulations to try to protect kids online, and while this is obviously a laudable goal, the devil is always in the details. Many of the proposed solutions have serious negative consequences for both kids and adults, chilling free speech and blocking useful content. I'll discuss the latest iteration of these proposed solutions in the US called the Kids Online Safety Act (KOSA) as well as the similar Online Safety Act in the UK. With me is Joe Mullin, senior policy analyst at the Electronic Frontier Foundation (EFF).
Interview Notes
Joe Mullin (EFF): https://www.eff.org/about/staff/joe-mullin
EFF on KOSA: https://www.eff.org/deeplinks/2024/02/dont-fall-latest-changes-dangerous-kids-online-safety-act
EFF on KOSA in depth: https://www.eff.org/deeplinks/2024/03/analyzing-kosas-constitutional-problems-depth
Contact Congress: https://www.eff.org/congress
EFF on CA ballot initiative: https://www.eff.org/deeplinks/2024/02/eff-opposes-california-initiative-would-cause-mass-censorship
EFF submission to Ofcom: https://www.eff.org/deeplinks/2024/03/effs-submission-ofcoms-consultation-illegal-harms
Santa Clara Principles for online content moderation: https://santaclaraprinciples.org/
Further Info
Treasure & Coin Promo: https://fdsd.me/promo424
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:56: Eclipse!
0:01:50: Treasure & Coin promo update
0:02:29: Interview preview
0:03:41: What are the primary concerns today with kids on the internet?
0:08:24: What laws already exist to protect kids online?
0:17:05: What are the key provisions of KOSA?
0:25:04: What content is KOSA trying to restrict based on age?
0:34:22: What did we learn from the UK's Online Safety Act?
0:38:47: Doesn't KOSA interfere with Section 230?
0:44:41: How does KOSA impact content access for adults?
0:50:17: Are our representatives seeking insights from groups like EFF?
0:54:58: Are there onlione safety regulations EFF could support?
0:58:55: Do you have any advice for parents on protecting their kids online?
1:06:55: Interview wrap-up
1:08:59: Patron bonus content
1:09:28: Looking ahead -
Today I answer some of the most interesting listener questions from the past several months, including: how to do you get SMS 2FA codes while traveling abroad; should I periodically change all my passwords; how do hackers attack IoT devices inside my home network; can a website fingerprint me based on a hardware security key; can you recommend an email client that protects your privacy; if I give my IoT device permission to see my local network, does that include the guest network; how to hackers find vulnerabilities and figure out how to attack them; why can't I use my VPN on an airplane to stream Netflix; how can I protect my cryptocurrency and smartphone. Also, I give my take on the crazy TikTok ban legislation.LinksNew Year’s Resolutions for 2024: https://firewallsdontstopdragons.com/new-years-resolutions-for-2024/ GRC’s Shields Up! Tool: https://www.grc.com/shieldsup Secure your home network: https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/ My Take on TikTok Ban: https://firewallsdontstopdragons.com/my-take-on-tiktok-ban/The TikTok Situation is a Mess: https://lifehacker.com/tech/the-tiktok-situation-is-a-mess EFF on TikTok: https://www.eff.org/deeplinks/2024/03/5-big-unanswered-questions-about-tiktok-bill The US Wants to Ban TikTok: https://www.404media.co/the-u-s-wants-to-ban-tiktok-for-the-sins-of-every-social-media-company/ Further InfoSend me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:38: Couple quick updates0:02:37: Getting SMS 2FA codes while traveling abroad0:07:37: Should I periodically change all my passwords?0:13:23: How do hackers attack IoT devices inside my home network?0:19:10: Can a website fingerprint me based on a hardware security key?0:24:42: Can you recommend an email client that protects your privacy?0:29:30: If I give my IoT device permission to see my local network, does that include the guest network?0:33:18: How to hackers find vulnerabilities and figure out how to attack them?0:37:35: Why can't I use my VPN on an airplane to stream Netflix?0:43:57: How can I protect my cryptocurrency and smartphone?0:50:05: AT&T breach update0:50:56: My Take on TikTok0:57:28: Wrap-up
-
Today I talk with Justin and Jodi Daniels about that state of privacy today, how we can help consumers and companies better understand the importance of privacy and security, and how companies are dealing with these aspects internally. We talk about the state of privacy regulations (or the lack thereof), why companies are failing to protect their customers, and what we can do about that.
Justin and Jodi host a podcast together called She Said Privacy, He Said Security. They've also co-written a book called "Data Reimagined: Building trust one byte at a time".
Interview Notes
Justin & Jodi Daniels’ podcast: https://redcloveradvisors.com/podcasts/
Justin Daniels: https://www.linkedin.com/in/justinsdaniels/
Jodi Daniels: https://www.linkedin.com/in/jodihoffmandaniels/
Red Clover Advisors: https://redcloveradvisors.com/
Baker Donelson: https://www.bakerdonelson.com/
Data Reimagined book: https://redcloveradvisors.com/book-sales/
International Association of Privacy Professionals (IAPP): https://iapp.org/
Information Commissioner’s Office (ICO): https://ico.org.uk/
YourAdChoices (AboutAds.info): https://youradchoices.com/
How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/
Jeff Jockisch top 10: https://www.linkedin.com/posts/jozian_privacypodcast-peopleschoice-privacyawards-activity-7155591864593637376-Q3bi/
Further Info
Coin & Treasure Promo: https://fdsd.me/promo424
Send me your questions: https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:33: Interview setup
0:03:31: Tell me about your podcast and how you got into this space.
0:06:40: How do you explain privacy to regular, everyday people?
0:09:37: How can we help people better understand the need for privacy?
0:11:10: What are the newest threats to our privacy?
0:14:58: So how do we know what to trust?
0:17:07: What mistakes do companies make when crafting and implementing privacy policies?
0:21:37: How should companies embrace privacy?
0:25:51: What's life like for a Chief Privacy Officer today?
0:30:22: Can we blame companies for monetizing our data since it's legal to do so?
0:34:01: How do we combat privacy problems with security tech?
0:37:11: Why can't the US government pass a federal privacy law?
0:42:54: Would it help to pass laws that mandate transparency?
0:46:11: What about a universal opt-out mechanism?
0:47:24: Is mainstream media covering privacy and security properly?
0:49:36: What are some promising Privacy Enhancing Technologies?
0:53:50: What are some of your top resources to learn more about privacy?
0:56:09: Any final thoughts?
0:57:30: Interview follow-up
0:59:25: Looking ahead -
Passwords, two-factor authentication and even passkeys don't matter if you can access someone's account by answering three simple account recovery questions. Also, just about every account today has a way to reset your password, no matter how strong it is, if you can gain access to someone's email account. Until we can remove these weak links, it doesn't matter how secure our regular authentication schemes are.In the news: old A&T breach data is making the rounds; Apple Silicon chips have a security flaw baked into the hardware; two very popular digital safe locks come with backdoor codes; Twitter/X is failing to properly check posted links that redirect to scam sites; a court rules that external continuous camera surveillance of your house doesn't require a warrant; searches for VPNs spike after PornHub pulls out of Texas; a blockbuster NY Times article brings much needed attention to data collection in cars; AirBnB implements a blanket camera ban.And I announce a killer new patron promotion! Click this link! https://fdsd.me/promo424 Article Links[restoreprivacy.com] AT&T Investigating Potential Breach Following Leak of 73.4 Million Records https://restoreprivacy.com/att-investigating-breach-following-leak-of-73-4-million-records/HaveIBeenPwned.com: https://haveibeenpwned.com/ [9to5Mac] Unpatchable security flaw in Apple Silicon Macs breaks encryption https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/[404media.co] Massively Popular Safe Locks Have Secret Backdoor Codes https://www.404media.co/massively-popular-safe-locks-have-secret-backdoor-codes/[Lifehacker] It's Not Safe to Click Links on X https://lifehacker.com/tech/its-not-safe-to-click-links-on-x[Gizmodo] The Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court https://gizmodo.com/feds-can-film-your-front-porch-without-warrant-1851352414[CNN] Searches for VPNs spike in Texas after Pornhub pulls out of the state https://www.cnn.com/2024/03/15/tech/vpn-searches-spike-texas-pornhub[The New York Times] Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html[Lifehacker] Airbnb's New Security Camera Ban Is a Big Deal https://lifehacker.com/tech/airbnbs-new-security-camera-banTip of the Week: https://firewallsdontstopdragons.com/account-security-is-broken/Further InfoBecome a Patron! (promo): https://fdsd.me/promo424 Lock & Code Podcast: https://www.malwarebytes.com/blog/podcast/2024/03/securing-your-home-network-is-long-tiresome-and-entirely-worth-it-with-carey-parker-lock-and-code-s05e07Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:04:05: News preview0:06:12: AT&T Investigating Potential Breach Following Leak of 73.4 Million Records0:11:24: Unpatchable security flaw in Apple Silicon Macs breaks encryption0:16:34: Massively Popular Safe Locks Have Secret Backdoor Codes0:21:57: It's Not Safe to Click Links on X0:30:28: The Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court0:33:28: Searches for VPNs spike in Texas after Pornhub pulls out of the state0:38:35: Automakers Are Sharing Consumers’ Driving Behavior With Insurance0:47:36: Airbnb's New Security Camera Ban Is a Big Deal0:49:57: Tip of the Week: Account Security is Broken0:55:49: Dragon Coin promotion details
-
The United States has no general data privacy laws. However, we do have some sector-specific regulations, including HIPAA for health data. But there are many misconceptions about HIPAA. For example, the "P" in HIPAA does not stand for Privacy - it stands for Portability. So, what information does HIPAA cover? Which healthcare and related service providers are governed by HIPAA? And most importantly, what can you do to protect your medical and health data? Today we'll dive deep into this subject with Kate Black, a data, privacy & health lawyer and a strategic advisor in the health data field.
Interview Notes
Kate Black: https://www.linkedin.com/in/kate-black-sfo/
Washington’s My Health, My Data law: https://hintzelaw.com/blog/2023/4/9/wa-my-health-my-data-act-pt1-overview
HIPAA rights: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
STAT medical news: https://www.statnews.com/
Further Info
Check out my dragon challenge coins! https://fdsd.me/coin2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:03:29: What is covered by HIPAA? What isn't covered?
0:06:51: Can I sign away my HIPAA rights?
0:08:08: Who in my medical provider's office can access my data?
0:10:23: How audits HIPAA compliance?
0:11:47: How is my health data shared between providers?
0:14:49: Are certain types of health data treated differently?
0:15:23: How does health privacy work for minors?
0:16:53: Outside of health providers, who else can access my data?
0:20:56: How does HIPAA compare to other sector-specific privacy laws?
0:22:20: Do secondary providers share back with my primary care physician?
0:24:42: Who stores and protects my digital medical records?
0:27:46: How are third party providers audited for privacy and security?
0:29:56: Are HIPAA security requirements keeping up with the times?
0:33:13: Do I have full access to my complete medical record?
0:36:52: How do marketers get my health data?
0:39:51: What laws govern inferred health information?
0:45:48: Do pharmacies sell health data to marketers?
0:48:57: How private are online medical portals and checkin services?
0:53:35: How concerned should we be about using DNA analysis services?
0:59:17: How can we improve our health privacy laws?
1:00:30: What are your personal tips for protecting health data?
1:02:37: If I think someone has abused my data, what can I do?
1:04:13: Interview wrap-up
1:06:49: Looking ahead -
Two-factor authentication (2FA) is a fantastic way to improve the security of your online accounts. However, if you lose access to the device containing your authenticator app, you may lose access to your 2FA-protected accounts. You need to backup the seed codes used to set up each account. I'll give you several methods for doing this.
In the news: FBI uses smartphone push notifications to track down criminals; Roku TVs block all access until users consent to force arbitration; cheap video doorbells have horrible security; AI can be used to determine where photos were taken; vending machine caught using facial recognition; what happens to your data when a data broker goes bankrupt; your personal information that is publicly available; New Jersey passes motor vehicle data deletion law; Proton Mail's new email aliasing feature; in Canada, police now need warrant to get a person's IP address; US cracks down on commercial spyware firm; NSO Group forced to hand over source code to Meta in legal case; Authy is shutting down its desktop app.
Article Links
[The Washington Post] The FBI’s new tactic: Catching suspects with push alerts https://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/
[TechCrunch] Roku disables TVs and streaming devices until users consent to forced arbitration https://techcrunch.com/2024/03/05/roku-disables-tvs-and-streaming-devices-until-users-consent-to-forced-arbitration/
[Consumer Reports] These Video Doorbells Have Terrible Security https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
[NPR] Artificial intelligence can find your location in photos, worrying privacy experts https://www.npr.org/2023/12/19/1219984002/artificial-intelligence-can-find-your-location-in-photos-worrying-privacy-expert
[Ars Technica] Vending machine error reveals secret face image database of college students https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/
[The Markup] What Happens to Your Sensitive Data When a Data Broker Goes Bankrupt? – The Markup https://themarkup.org/privacy/2024/02/23/what-happens-to-your-sensitive-data-when-a-data-broker-goes-bankrupt
[Lifehacker] All of Your Information That’s Publicly Available (and What You Can Do About It) https://lifehacker.com/tech/all-your-information-thats-publicly-available-what-to-do-about-it
[privacy4cars.com] “Motor Vehicle Data Deletion Act” of New Jersey https://privacy4cars.com/nj-law/
[Lifehacker] Proton Mail Now Lets You Hide Your Real Email Address https://lifehacker.com/tech/how-to-set-up-email-aliases-proton-mail
[CBC] Police now need a warrant to get a person's IP address, Supreme Court rules https://www.cbc.ca/news/politics/supreme-court-privacy-ipaddress-1.7130727
[The Hacker News] U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html
[9to5Mac] iPhone spyware company NSO suffers major defeat in US court, in Meta lawsuit https://9to5mac.com/2024/03/01/iphone-spyware-company-nso-must-reveal-code/
[The Verge] Authy is shutting down its desktop app https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down
Tip of the Week: Backing Up Your 2FA Seed Codes https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/
Command line tool to extract codes from Authy: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93
Further Info
Check out my dragon challenge coins! https://fdsd.me/coin2
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! -
With the rise of IoT and tracking technologies (both online and in the real word), we are generating staggering amounts of highly personal information. This massive trove of juicy data has drawn the attention of several interested parties outside the realm of consumer marketing. Like chum in the water, it's created a feeding frenzy from data aggregators as well as from law enforcement and intelligence agencies, both foreign and domestic. The journalists at 404 Media have published several blockbuster articles on this data ecosystem which have triggered backlashes from lawmakers and consumers alike. Today I'll speak with two of the founders: Joseph Cox and Jason Koebler.
Interview Notes
404 Media: https://www.404media.co/
404 Media podcast: https://www.404media.co/the-404-media-podcast/
404 Media support: https://www.404media.co/faq/
Formation of 404 Media: https://www.nytimes.com/2023/08/22/business/media/404-media-vice-motherboard.html
Further Info
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:03: Interview setup
0:02:45: How did 404 Media come to be?
0:12:00: When do we think law enforcement started buying our data?
0:15:39: What's up with companies listening to our conversations?
0:23:01: Where does law enforcement go to get our data?
0:27:46: How are video feeds being gathered and sold?
0:34:23: Can't all this data also be used by "bad guys"?
0:39:13: Is it legal for law enforcement to buy data from foreign sources?
0:44:28: Have your stories triggered responses from the US government?
0:50:01: Trust in media is low these days - how can we fix that?
0:59:37: How can we support good work like yours?
1:03:22: Wrap-up -
Artificial Intelligence is the buzzword of the day. Since the launch of ChatGPT in November 2022, there has been a flood of AI-based tools and services. Many tech firms are racing to build AI into their products without considering the consequences, let alone taking the time to build in guardrails for privacy and security. Today, I'll tell you about some of the risks, how to mitigate them and explain why you should spend some time playing with AI tools so we can understand how they do (and don't) work.In other news: Wyze home webcams had yet another security breach; Poland's PM calls out illegal use of Pegasus spyware by opposition party; US military finally notifies 20,000 of email data breach; Skiff was bought by Notion and will shut down services; FTC fines Avast antivirus $16.5M for mining user data; Backdoors in encryption violate human rights according to EU court; LockBit ransomware servers were taken over by multinational law enforcement efforts; Apple's iMessage gaining quantum computer resistant encryption; Signal finally allows users to hide cell phone numbers via usernames; new Android secure browsing features announced.Article Links[Lifehacker] Wyze Had a Security Breach (Again) https://lifehacker.com/tech/wyze-security-breach-again[The Associated Press] Poland’s prime minister says authorities widely used spyware under the previous government https://apnews.com/article/poland-government-pegasus-spyware-tusk-duda-78420fc7099401926d28b5be98669192[TechCrunch] US military notifies 20,000 of data breach after cloud email leak https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/[The Cut] The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.htmlhttps://pluralistic.net/2024/02/05/cyber-dunning-kruger/ [restoreprivacy.com] Skiff Mail Shutting Down in 6 Months (Try These Alternatives) https://restoreprivacy.com/skiff-shutting-down-alternatives-to-skiff-mail/[404media.co] FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus https://www.404media.co/impact-ftc-fines-avast-16-5-million-for-selling-browsing-data-harvested-by-antivirus/[Ars Technica] Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/[Ars Technica] LockBit ransomware group taken down in multinational operation https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/[WIRED] Apple’s iMessage Is Getting Post-Quantum Encryption https://www.wired.com/story/apple-pq3-post-quantum-encryption/[signal.org] Keep your phone number private with Signal usernames https://signal.org/blog/phone-number-privacy-usernames/[Lifehacker] These New Android Features Will Keep You Safer Online https://lifehacker.com/tech/android-safer-browsing-and-live-threat-detection-rolling-outTip of the Week: Mitigating AI Risks https://firewallsdontstopdragons.com/how-to-mitigate-the-risks-of-ai/Further InfoSend me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:44: AT&T outage, hot take0:03:08: News rundown0:04:44: Wyze Had a Security Breach (Again)0:07:27: Poland’s PM says authorities used spyware under the previous government
-
Modern cars are chock full of sensors and connected to the internet via built-in cellular modems. That's a recipe for massive data collection. Last September, Mozilla's Privacy Not Included team released a blockbuster report how much data our cars were gathering and it was absolutely staggering. According to the hard-to-find privacy policies, your car can collect extremely personal information including precise location, contact lists from your phone, call and message data, and - believe it or not - even "sexual activity". Today, I'll walk through this report and its implications with the head of Mozilla's Privacy Not Included project, Jen Caltrider.
Interview Notes
Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/
Mozilla’s car report: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/
Mozilla's report on AI chatbots: https://foundation.mozilla.org/en/privacynotincluded/articles/happy-valentines-day-romantic-ai-chatbots-dont-have-your-privacy-at-heart/
Donate to Mozilla Foundation: https://donate.mozilla.org/
Mozilla layoffs: https://techcrunch.com/2024/02/13/mozilla-downsizes-as-it-refocuses-on-firefox-and-ai-read-the-memo/
Sign the petition to stop car data gathering! https://foundation.mozilla.org/en/privacynotincluded/articles/car-companies-stop-your-huge-data-collection-programs-en/
Bruce Schneier article in Slate: https://slate.com/technology/2023/12/ai-mass-spying-internet-surveillance.html
Further Info
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Support our mission! https://fdsd.me/support
Subscribe to the newsletter: https://fdsd.me/newsletter
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:02:39: What were some top finding from your car privacy report?
0:05:14: Which cars did you review and how did you evaluate them?
0:09:44: How was I notified and how did I consent to my car's privacy policy?
0:10:39: What are cars tracking? Are electric cars any worse than gas cars?
0:13:55: What third party data mining is going on in my car?
0:20:41: Is there a way to opt out of data sharing?
0:24:10: Is less data collected in Europe?
0:26:02: Where is all my data stored? Locally, in the cloud, or both?
0:28:52: Is the data at least secured?
0:29:48: Can dealerships access my data? What about law enforcement?
0:32:28: What about rental or fleet cars? What about passengers?
0:37:24: Do car dealers disclose this data collection to shoppers?
0:39:11: What are some of the security problems with this data collection?
0:45:55: How did car makers and legislators respond to your report?
0:48:36: Do modern privacy laws cover auto data?
0:50:48: So what can we do about this today?
0:54:30: What will Privacy Not Included tackle next?
0:58:40: Wrap-up -
It's tax time here again in the USA, and therefore it's also time for tax scams. I'll explain how to recognize common tax scams, how to respond to them, how to prevent scammers from taking over your IRS account and even filing fraudulent tax returns in your name.In other news: the Mother of All Breaches (MOAB) contains 26 billion records; 23andMe is in trouble after massive data breach and pending class action lawsuits; a viral story about a smart toothbrush botnet isn't true... but could have been; a clever hack of older computer TPM modules could expose encrypted hard drive data (but it's not easy to do); Malwarebytes has issued their 2024 malware report; the FBI and CISA are raising the alarm over Chinese hackers and key US infrastructure, as well as taking action to prevent it; you might want to consider creating a family password to defeat voice clone scams; Mozilla has released a new data deletion service; and Privacy4Cars has an interesting new mechanism for universally opting out of data collection.Article Links[cybernews] Mother of all breaches reveals 26 billion records https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/[Fast Company] 23andMe at risk of being delisted from the Nasdaq as lawsuits mount https://www.fastcompany.com/91020738/23andme-risk-delisted-nasdaq-class-action-lawsuits[404media.co] The Viral Smart Toothbrush Botnet Story Almost Certainly Isn't Real https://www.404media.co/the-viral-toothbrush-ddos-botnet-story-almost-certainly-isnt-real/[Tom's Hardware] YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico[9to5Mac] Report: Mac security threats on the rise, here’s what to watch out for https://9to5mac.com/2024/02/06/report-mac-security-threats-on-the-rise/[NBC News] FBI director to warn Chinese hackers aim to 'wreak havoc' on US critical infrastructure https://www.nbcnews.com/politics/national-security/fbi-director-warn-chinese-hackers-aim-wreak-havoc-us-critical-infrastr-rcna136524[Ars Technica] Chinese malware removed from SOHO routers after FBI issues covert commands https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/[cisa.gov] CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-and-fbi-release-secure-design-alert-urging-manufacturers-eliminate-defects-soho-routers[9to5Mac] FCC outlaws voice cloning robocalls after AI-generated voice claimed to be President Biden https://9to5mac.com/2024/02/08/voice-cloning-robocalls/[Electronic Frontier Foundation] Worried about AI voice clone scams? Create a family password https://www.eff.org/deeplinks/2024/01/worried-about-ai-voice-clone-scams-create-family-password [The Verge] Firefox maker Mozilla has a new subscription to keep your info out of data brokers’ clutches https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests[optoutcode.com] A Privacy4Cars Universal Opt-Out Concept https://optoutcode.com/Tip of the Week: Avoiding Tax Scams https://firewallsdontstopdragons.com/how-to-avoid-tax-scams/Further InfoSecure Your Network: https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/ Davos speech, original: https://www.youtube.com/watch?v=fJoEPRQMBuY Davos speech, translated: https://www.youtube.com/live/6Fwv9Cek2F4?feature=shared&t=98How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ How to send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/ Send me your questions! https://fdsd.
-
Are Macs really safer than PCs? What should you do to make your Mac more secure? How do you know if your Mac has a virus? And how do you know which security apps you can trust? I'll dig into all of these questions and more today with Mac security guru Patrick Wardle.
Patrick Wardle is the founder of the Objective-See Foundation. Having worked at NASA and the NSA, as well as presented at countless security conferences Patrick is passionate about all things related to macOS security, writing books on macOS malware, and releasing free open-source security tools to protect Mac users.
Interview Notes
Objective See (free Mac tools): https://objective-see.org/
The Art of Mac Malware (book): https://taomm.org/
Objective by the Sea conference: https://objectivebythesea.org/
Apple’s Malware protections: https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1
Reinstall macOS in Recovery Mode: https://support.apple.com/en-us/HT204904
Jamf presentation on Apple anti-malware tools: https://www.jamf.com/resources/videos/a-closer-look-at-macos-built-in-security-tools/
Further Info
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Send me your questions! https://fdsd.me/qna
Support our mission! https://fdsd.me/support
Subscribe to the newsletter: https://fdsd.me/newsletter
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:45: Interview setup
0:04:06: What have you been up to since we last had you on the show?
0:13:40: Are Macs safer than PCs?
0:17:34: How effective are modern antivirus programs?
0:22:25: Which are the better AV software programs?
0:24:45: Tell us about the Mac security apps that you created
0:27:53: How does Lulu differ from a regular firewall?
0:32:00: How do you know which security software you can trust?
0:38:00: How do we combat security fatigue?
0:43:22: Does the Apple App Store protect me from bad apps?
0:52:09: What's your take on Apple's new Lockdown Mode?
0:53:34: How do I know if my computer is infected with malware?
0:58:03: What should I do to protect my brand new Mac?
1:01:23: What worries you most right now? What gives you hope?
1:04:43: What's next for you?
1:10:31: Wrap-up -
While every week is Data Privacy Week here at Firewalls Don't Stop Dragons, the rest of the world stops to join us in focusing on how and why to protect your personal data. I'll give you some of my top privacy tips and refer you to a lot of top privacy resources.
In the news: Microsoft executives' emails are hacked by a nation-state actor; Facebook is gathering even more data with the help of other companies; a company is using real-time bidding to track us and sell to intelligence agencies; Mozilla outlines how incumbent browser owners tilt the playing field in favor of the owner; the EU is driving major changes to how iOS will work (but only in the EU); Brave browser simplifies its anti-fingerprinting options; Facebook limits how adult strangers can DM minors; FTC brings actions against GoodRx and Intuit; Samsung matches Google's 7-year OS update update promise; and Apple rolls out Stolen Device Protection feature.
Article Links
[msrc.microsoft.com] Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
[Consumer Reports] Each Facebook User Is Monitored by Thousands of Companies https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/
[404media.co] Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
[Mozilla] Platform Tilt: Documenting the Uneven Playing Field for an Independent Browser Like Firefox https://blog.mozilla.org/netpolicy/2024/01/19/platform-tilt
[MacRumors] Here Are All the iPhone Changes Coming to EU Users by March 6 https://www.macrumors.com/2024/01/26/iphone-changes-coming-to-eu-users/
[brave.com] Brave browser simplifies its fingerprinting protections https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
[9to5Mac] Adult strangers won’t be able to send DMs to teens on Instagram or Facebook https://9to5mac.com/2024/01/25/teens-on-instagram-safeguards/
[ftc.gov] FTC Statement on Intuit TurboTax Case https://www.ftc.gov/news-events/news/press-releases/2024/01/statement-samuel-levine-director-ftc-bureau-consumer-protection-regarding-commissions-order-opinion
[ftc.gov] FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising https://www.ftc.gov/news-events/news/press-releases/2023/02/ftc-enforcement-action-bar-goodrx-sharing-consumers-sensitive-health-info-advertising
[9to5Google] Samsung Galaxy S24 follows Google Pixel 8’s lead with 7 years of Android updates https://9to5google.com/2024/01/17/samsung-galaxy-s24-android-updates-policy/
[AppleInsider] How to use Stolen Device Protection https://appleinsider.com/articles/24/01/23/how-to-use-stolen-device-protection
Tip of the Week: Data Privacy Checklist https://fdsd.me/dpc
Further Info
Carey’s Data Privacy Checklist (just updated!): https://fdsd.me/dpc
Proton’s mention: https://www.linkedin.com/posts/protonprivacy_protonprivacyreadinglist-activity-7155246272273170432-XlM0
Jeff Jockisch’s Best Privacy Podcast results: https://www.linkedin.com/posts/jozian_privacypodcast-peopleschoice-privacyawards-activity-7146196804940820481-yB-P
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:29: Recent accolades -
Drones are everywhere today. Cheap and tiny accelerometers, gyroscopes and processors have allowed us to create drones that anyone can afford and everyone can fly. Drones have been used by law enforcement and military forces, as well - for surveillance but also for killing. With the rapid development of AI technologies, what happens when we make these drones autonomous? What are the implications for privacy and security? I'll discuss this and more with Nick Weaver, computer and cybersecurity expert, and chief mad scientist at Skerry Technologies.
Interview Notes
Nick Weaver: https://www1.icsi.berkeley.edu/~nweaver/
NYPD drone use: https://www.washingtonpost.com/nation/2023/09/01/drones-labor-day-parties-new-york/
AI drone “kills” its operator: https://www.reuters.com/article/factcheck-ai-drone-kills/fact-check-simulation-of-ai-drone-killing-its-human-operator-was-hypothetical-air-force-says-idUSL1N38023R/
The Future of Drone Warfare: https://www.schneier.com/blog/archives/2023/10/the-future-of-drone-warfare.html
Betaflight: https://github.com/betaflight/betaflight
Ardupilot: https://github.com/ArduPilot/ardupilot
PX4: https://github.com/PX4/PX4-Autopilot
Small Business Innovation Research: https://www.sbir.gov/
Further Info
Data Privacy Week: https://staysafeonline.org/programs/data-privacy-week/
Carey’s Data Privacy Checklist (just updated!): https://fdsd.me/dpc
Nominate someone for a challenge coin: https://fdsd.me/quest
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Support our mission! https://fdsd.me/support
Subscribe to the newsletter: https://fdsd.me/newsletter
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:00:21: Data Privacy Week teaser
0:01:11: Apple backdoor clarification
0:03:14: Interview setup
0:07:15: What first got you interested in autonomous drone technology?
0:10:27: What technologies have enabled the explosion of cheap drones?
0:15:22: What are the capabilities of modern consumer drones?
0:17:54: Are there any legal restrictions on flying drones?
0:20:44: Are there privacy laws around drone surveillance?
0:22:24: How are drones used by law enforcement?
0:25:14: How are drones being used for criminal purposes?
0:27:12: What level of autonomy or AI can be found in consumer drones today?
0:29:41: How hard is it to turn a DJI drone into an autonomous killbot?
0:35:49: What sorts of countermeasures have we developed against drones?
0:45:11: What roles have drones played in modern warfare?
0:48:40: Can you detect drones on radar?
0:50:22: Have drones influenced modern military tactics?
0:52:33: Are there treaties restricting automomous killing machines?
0:55:51: What's the future of automonous drone tech?
0:58:46: Is it difficult today to make your own drone?
1:06:24: Interview wrap-up
1:09:08: Annual listener survey update -
The new year is here! And I've got a handful of solid tips for you that you should absolutely plan to accomplish in 2024! I also have a lot of news to catch you up on:23andMe blames its customers for their data breach; Burger King in Brazil using facial recognition to offer discounts based on how hungover you look; Russian agents hack live webcams to hone in on targets in Ukraine; fake celebrity ads for medicare scam on YouTube; Facebook's Link History is a confusing new tracking feature; FTC orders location data broker to stop selling your info; Google new location history changes may spell the end for geofence warrants; AirDrop anonymity cracked by China; well-hidden iPhone backdoor discovered by Kaspersky; UK tries to further expand surveillance capabilities; the Beeper Mini messaging saga is over; and a marketing company is offering to listen in on real time conversations to target ads.Article Links[TechCrunch] 23andMe tells victims it’s their fault that their data was breached https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/[Dark Reading] Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv https://www.darkreading.com/ics-ot-security/russian-agents-use-residential-webcams-to-gather-info-for-missile-attack-on-kyiv[404media.co] Deepfaked Celebrity Ads Promoting Medicare Scams Run Rampant on YouTube https://www.404media.co/joe-rogan-taylor-swift-andrew-tate-ai-deepfake-youtube-medicare-ads/[Gizmodo] Meet ‘Link History,’ Facebook’s New Way to Track the Websites You Visit https://gizmodo.com/meet-link-history-facebook-s-new-way-to-track-the-we-1851134018[ftc.gov] FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data https://www.ftc.gov/news-events/news/press-releases/2024/01/ftc-order-prohibits-data-broker-x-mode-social-outlogic-selling-sensitive-location-data[Electronic Frontier Foundation] Is This the End of Geofence Warrants? https://www.eff.org/deeplinks/2023/12/end-geofence-warrants[9to5Mac] AirDrop cracked by China, revealing phone number and email address of sender https://9to5mac.com/2024/01/09/airdrop-cracked-by-china/[Schneier Blog] New iPhone Exploit Uses Four Zero-Days https://www.schneier.com/blog/archives/2024/01/new-iphone-exploit-uses-four-zero-days.htmlSecurity Now, Ep955: https://youtu.be/fJHzq4YOv68?si=WTdyr5LCXV4xJh-k&t=2105 [POLITICO Europe] Britain’s got some of Europe’s toughest surveillance laws. Now it wants more https://www.politico.eu/article/uk-bulking-up-spying-regime-breakneck-speed/[MacRumors] Beeper Mini Resorts to Jailbreaking iPhones to Rescue Blue Bubbles https://www.macrumors.com/2023/12/21/beeper-mini-jailbroken-iphones-rescue-imessage/[404media.co] Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads https://www.404media.co/cmg-cox-media-actually-listening-to-phones-smartspeakers-for-ads-marketing/Tip of the Week: https://firewallsdontstopdragons.com/new-years-resolutions-for-2024/ Further InfoTake the annual listener survey! https://fdsd.me/survey2024 Send me your questions! https://fdsd.me/qna Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book Subscribe to the newsletter: https://fdsd.me/newsletter Become a patron! https://www.patreon.com/FirewallsDontStopDragons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Give the gift of privacy and security: https://fdsd.me/coupons Support our mission! https://fdsd.me/support Generate secure passphrases! https://d20key.com/#/ Table of ContentsUse these timestamps to jump to a particular section of the show.0:00:38: Listener survey0:01:57: News rundown0:04:35: 23andMe blames victims for their data breach0:09:39: Russian Agents Hack Webcams to Guide Missile Attacks on Kyiv0:15:19: Deepfaked Celebrity Ads Promoting Medicare Scams ...
-
Data breaches are usually produced by hackers looking for financial gain. Data leaks, on the other hand, are usually published by whistleblowers or perhaps accidentally disclosed via negligence. Journalists today are inundated by such data leaks - to the point where specialized tools and techniques are required to parse through the piles of digital detritus to ascertain the value and import that they may represent. Micah Lee has been performing this function for The Intercept for many years, including analyzing the Snowden documents. And he has just released a book that outlines the tools, techniques and procedures he uses for this arduous process. Today we discuss the importance and impact of whistleblowers, the state of data leaks today, and how it has impacted modern journalism.
Interview Notes
Micah’s book: https://hacksandleaks.com/
Excerpt article: https://theintercept.com/2023/12/16/hacked-datasets-verification/
Micah’s GIthub project: https://github.com/micahflee/hacks-leaks-and-revelations
COINTELPRO documentary: https://en.wikipedia.org/wiki/1971_(2014_film)
“The Burglary” book: https://www.amazon.com/Burglary-Discovery-Edgar-Hoovers-Secret/dp/0307962954
EFF’s Surveillance Self-Defense Guide: https://ssd.eff.org/
Further Info
Take the annual listener survey! https://fdsd.me/survey2024
Vote for my show as the best privacy podcast! http://tinyurl.com/PPPCAwards2024
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:01:29: Pre-show notes
0:03:32: Interview prep
0:05:57: Tell us more about the book and why you wrote it.
0:08:11: What's the difference between a data breach and a data leak?
0:10:02: What are some of history's most importank leaks?
0:16:14: How do journalists typically obtain leaked data?
0:22:04: You've just obtained a massive blob of data. How do you analyze it?
0:27:05: How do you handle leaked data ethnically?
0:30:14: Do you warn the owners of leaked data before you reveal it?
0:32:23: I want to blow the whistle? What should I do? What shoudn't I do?
0:36:28: I've extracted my data. How do I securely share it with a journalist?
0:38:57: What are the legal ramifications of whistleblowing?
0:41:57: How hard is it to analyze digital data? What tools do you use?
0:44:39: Are there dangers to analyzing leaked data?
0:46:43: How do organizations try to identify data leakers?
0:49:42: Will AI tools like ChatGPT help to analyze data leaks?
0:52:19: What can the average person take away from all of this?
0:54:15: How do you know which news sources you can trust today?
0:56:08: Interview wrap-up
0:57:10: Micah blocked on Twitter?
0:57:55: Text parsing tools
0:58:30: Show links
0:58:53: Bonus podcast preview
0:59:42: Annual listener survey raffle info -
Every week, I record a special, private bonus podcast for my patrons. Until today, all of that content was restricted to my supporters. But today I've got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests, along with an episode of my more-technical bonus series I call Merlin's Musings. You'll hear from Josh Corman (CISA and I Am the Cavalry), Ernesto Falcon (EFF and CA Senate candidate), Omega and Deth Veggie (Cult of the Dead Cow), Michael Littman (AI expert from Brown Univ) and Cory Doctorow (author and activist), plus the strange story of the ProxyHam.
Podcast Links
These are links to the public podcasts associated with the bonus clips I played today along with some related links.
Ep332, Josh Corman: https://podcast.firewallsdontstopdragons.com/2023/07/10/national-cyber-strategy/
Cyberattacks on hospitals are growing threats to patient safety, experts say : https://abcnews.go.com/Health/cyberattacks-hospitals-growing-threats-patient-safety-experts/story?id=99115898
Ep334, Ernesto Falcon: https://podcast.firewallsdontstopdragons.com/2023/07/24/the-politics-of-privacy/
Ep336, Cult of the Dead Cow: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/
Ep338, Michael Littman: https://podcast.firewallsdontstopdragons.com/2023/08/21/demystifying-ai/
Ep348, Cory Doctorow: https://podcast.firewallsdontstopdragons.com/2023/10/30/reclaiming-the-internet/
Wired article on ProxyHam: https://www.wired.com/2015/07/online-anonymity-project-proxyham-mysteriously-vanishes/
Hackaday ProxyHam: https://hackaday.com/tag/proxyham/
ProxyGambit: https://github.com/samyk/proxygambit
Further Info
Become a patron! https://www.patreon.com/FirewallsDontStopDragons
Send me your questions! https://fdsd.me/qna
Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book
Subscribe to the newsletter: https://fdsd.me/newsletter
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Give the gift of privacy and security: https://fdsd.me/coupons
Support our mission! https://fdsd.me/support
Generate secure passphrases! https://d20key.com/#/
Table of Contents
Use these timestamps to jump to a particular section of the show.
0:02:41: Josh Corman: analog back and sci-fi table top exercises
0:12:51: Ernesto Falcon: raising money and CA influence
0:19:19: Cult of the Dead Cow: Agent Steal
0:23:44: Michael Littman: Superintelligent AI risks vs reality
0:33:03: Cory Doctorow: Burning Man
0:41:00: Merlin's Musings: ProxyHam
0:53:37: Wrapup & patron perks - Show more
