The Lockdown - Practical Privacy & Security – Détails, épisodes et analyse

In this episode, recorded on October 10, 2024, I dive into privacy and security during natural disasters, highlighting essential tools like iOS 18’s satellite messaging and Starlink for maintaining communication when traditional systems fail. Next I dive into self-hosting in depth, particularly focusing on Nextcloud for privacy-conscious file sync. The episode concludes with a detailed analysis of a critical vulnerability in Firefox and the merits of switching to LibreWolf for enhanced privacy and security.

In this week’s episode:

1. Privacy During Natural Disasters. Using of iOS 18’s satellite communication features for emergency contact, Starlink for off-grid internet access, and the importance of internet and Sudo phone numbers for safety without compromising privacy.
2. Bug out bags for emergency preparedness, the utility of Starlink and satellite phones for privacy in disaster zones.
3. Overview of the blog post on hosting Nextcloud, importance of cloud backups using Backblaze B2 and Restic, encrypting backups and maintaining data privacy within home networks.
4. Other Privacy Tools and Practices, including Blue Iris for managing surveillance cameras without internet access, use of Proxmox for virtual machines and running DNS servers with PiHole.
5. Analysis of the Firefox vulnerability (CVE 2024-9680), discussion on the benefits of LibreWolf as a more private alternative to Firefox.

Show Links:

• Self-hosting Nextcloud - https://www.psysecure.com/self-hosting-nextlcoud
• Starlink - https://www.starlink.com/
• Backblaze B2 - https://www.backblaze.com/cloud-storage
• Restic FAQ - https://restic.readthedocs.io/en/latest/faq.html
• Nextcloud End-to-End Encryption - https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html
• Firefox Users Fingerprinted via Cached Intermediate HTTPS Certificates - https://www.bleepingcomputer.com/news/security/firefox-users-fingerprinted-via-cached-intermediate-https-certificates/
• Certificate issue causing add-ons to be disabled or fail to install - https://discourse.mozilla.org/t/fixed-certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047
• Firefox CVE 2024-9680 - https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
• LibreWolf - https://librewolf.net/

- Sun Tzu

Podcast music: Recluse by Ray Heffer 

In this episode, we have a special guest, Tyler Murphy, co-founder of EasyOptOuts, a data removal service focused on helping people remove their personal information from publicly accessible people search sites. Tyler discusses the inspiration behind EasyOptOuts, the challenges of maintaining privacy in a world of constant data breaches, and offers insights into data removal from various brokers. This conversation is packed with advice for anyone looking to regain control over their online privacy.

In this week’s episode:

1. Tyler shares how EasyOptOuts was founded, the challenges faced, and their mission to make data removal accessible.
2. Discussion on the widespread availability of personal data on people search sites and the complexities of removing it.
3. Insights into how EasyOptOuts automates data removal, and comparisons with manual removal processes.
4. The challenges posed by bot detection, CAPTCHAs, and deceptive removal processes that often require membership or payment.
5. The potential implications of data breaches, evolving bot detection, and the future of digital identity verification.
6. Tyler shares his own privacy techniques, including the use of VPNs, alias names, and minimizing data exposure online.
7. EasyOptOuts approach to scaling their service, future plans for business and family tiers, and their commitment to remaining a two-person operation.

Show Links:
EasyOptOuts - https://www.easyoptouts.com/

Podcast music: Recluse by Ray Heffer

In this Friday Field Notes episode of The Lockdown, I share my experience with imposter syndrome, and compare practical privacy approaches with extreme measures, inspired by my move to the USA.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on January 31, 2024

1. Using alias names with food apps
2. More on practical privacy vs the extreme
3. My motivations for privacy after my move to the USA
4. Simplewall for Windows 10
5. Using Virtual Machines
6. Dual boot Windows for gaming vs productivity
7. Micro-segmentation strategies
8. Windows 10 LTSC for privacy?
9.  I'm the Imposter! 

•  qView Image Viewer: https://interversehq.com/qview
• GPG4Win: https://www.gpg4win.org/download.html
• Windows 10 LTSC: https://www.cdw.com/search/?key=Windows%20LTSC
• Simplewall: https://github.com/henrypp/simplewall

-Oscar Wilde

Music: The Lockdown 

This week, I introduce Defensive OSINT, address privacy concerns while on the road, and examine the intricacies of alias usage and AI-based face morphing for photo alteration. Sharing insights from my recent travels, I highlight the need for vigilance and innovative strategies for maintaining privacy on the go. The episode explores the pros and cons of using alias names for hotel bookings, including the challenges of identity verification during check-in, while I discuss smart, alternative solutions for these scenarios. Join me as we navigate the complexities of preserving privacy in an era rife with survlleiance and data breaches, providing practical tips and advice for privacy-conscious travelers and digital citizens.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on January 27, 2024

1. Privacy on the road with hotels, VRBO rentals, and Uber
2. Why we do this, and the reasons behind our privacy lifestyle
3. A look at Defensive OSINT strategies
4. Face morphing our real photos for privacy
5. Location tracking on your phone
6. MySudo and pre-paid burner numbers
7. A surprise guest?

• Black Portable Hotel Door Lock: https://www.amazon.com/Portable-Security-Additional-Traveling-Apartment/dp/B0CFVS6NRN
• Python Script for ThisPersonDoesNotExist: https://github.com/locksec/tpdne_py
• Facemorph.me: https://facemorph.me
• Upscayl: https://www.upscayl.org
• File Optimizer: https://nikkhokkho.sourceforge.io/static.php?page=FileOptimizer

Intro voice-over: IRLRosie - Creative Commons Attribution license (reuse allowed)
Music: The Lockdown 

In this week's episode, it's time to wrap up 2023 with another look at Privacy.com, and my strategies for avoiding bank account lockout. I delve into the CIA Triad, breaking down its relevance to everyday privacy concerns. The episode also takes a practical turn with a guide on using FindMyDevice on GrapheneOS, and the FindMyDevice feature on the Garmin Instinct 2 watch for tracking lost phones.

I also tackle the debate between biometric authentication and passcodes, taking our threat model into consideration. For those interested in storage synchronization solutions, I discuss using Nextcloud for a variety of purposes, including photo backups, syncing Keepass, and markdown notes, highlighting its versatility for privacy.

Join me for an episode packed with valuable insights and tips for enhancing your digital privacy and security as we welcome in 2024!

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on January 03, 2024

In this week's episode:
1. Closing 2023 with Privacy.com
2. How the CIA Triad Relates to privacy
3. Tracking Lost Phones with FindMyDevice on GrapheneOS and a Garmin watch
4. Biometric authentication vs Passcodes
5. Using Nextcloud for photo backups, Keepass Sync, and taking notes in Markdown
6. Backups with Backblaze B2 and Restic

Show Links:
https://www.privacy.com
https://strongboxsafe.com
https://www.keepassdx.com
https://grapheneos.org
https://gitlab.com/Nulide/findmydevice
https://obsidian.md
https://www.backblaze.com/cloud-storage
https://restic.net
https://www.garmin.com/en-US/p/775697

Ray Ban Meta News: https://san.com/cc/investigation-into-new-meta-smart-glasses-brings-privacy-concerns

Music: The Lockdown

"We suffer more often in imagination than in reality." - Seneca

In this week’s show, Ray Heffer gives a farewell to Michael Bazzell's Privacy, Security, and OSINT show. Also, speculation about living in a faraday cage continues, and the reasons Firefox is still better than Brave for privacy and security. Ray also talks about when privacy techniques go wrong, with his lockout from Privacy.com.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on  November 22nd, 2023 

This week's episode:

1. Introduction
2. Notable mention for Michael Bazzell
3. New website and Twitter account
4. Why I don't use Brave and the reasons Firefox is still the best option
5. When Privacy Techniques Go Wrong

Links mentioned in the show:
MITRE ATT&CK (Credentials from Web Browsers): https://attack.mitre.org/techniques/T1555/003/
MITRE ATT&CK (Password Managers): https://attack.mitre.org/techniques/T1555/005/
Tor Project Recommendations: https://support.torproject.org/tbb/tbb-9/
Brave (VPN Services) Issue: https://github.com/brave/brave-browser/issues/33726
Citi Virtual Credit Cards: https://www.cardbenefits.citi.com/Products/Virtual-Account-Numbers
Citi (True Name) Card: https://banking.citi.com/cbol/updatemyname/default.htm
IronVest (Formerly Abine Blur): https://ironvest.com/pricing/
Wise Virtual Card (UK): https://wise.com/gb/virtual-card/

Intro music: The Lockdown

"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

In this week’s FRIDAY FIELD NOTES, Ray Heffer discusses the Zero Trust security model, a framework that's revolutionizing how organizations protect their critical systems and data. Diving into the depths of cybersecurity, we clear up common myths and misinterpretations surrounding Zero Trust, illuminating its role as not just a defensive strategy but a comprehensive approach to modern threats.

Zero Trust operates on the principle of "never trust, always verify," but what does this mean in practice? Zero Trust doesn't just look outward; it recognizes that threats also come from the inside. By assuming that a breach is not just possible, but has already happened, Zero Trust strategies are uniquely positioned to mitigate damage by insiders, whether malicious or accidental.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on November 09, 2023

This week's episode:

1. Introduction and Brill is living in a Faraday cage
2. How we got to Zero Trust by understadning the Cyber Kill Chain
3. The Principals of Zero Trust
4. Recommended Zero Trust Frameworks

NIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/pubs/sp/800/207/final
CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model
Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Intro music: The Lockdown

"Security is always seen as too much until the day it is not enough." — William H. Webster

Welcome to episode four of The Lockdown - The Practical Privacy and Security podcast.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on November 06, 2023

This week's episode:
1. I'm back!
2. Traveling to London and Los Angeles
3. A major privacy invasion for Jennifer Lawrence
4. The Psychology of social engineering

Intro music: The Lockdown

"To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment." - Ralph Waldo Emerson

Welcome to episode three of The Lockdown - The Practical Privacy and Security podcast.

Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on April 09, 2023

This week's episode:
1. The case of Zachary McCoy
2. Why do all this?
3. The Apple Ecosystem
4. My experience with GrapheneOS

Get GrapheneOS: https://grapheneos.org/

The case of Zachary McCoy:
https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google

Tracking Phones, Google Is a Dragnet for the Police:
https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html

Denmark frees 32 inmates over flaws in phone geo-location evidence:
https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelations

Intro music: The Lockdown

"The rights of one are as sacred as the rights of a million." - Eugene V. Debs

Welcome to episode two of The Lockdown - Practical Privacy and Security podcast. In this episode I share the saga of the LastPass breach, and my thoughts on password managers and authenticator apps.
Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown

This episode was recorded on March 19, 2023

This week's episode:
1. The LastPass Breach
2. Password Managers: Dashlane, 1Password, BitWarden, and KeePassXC
3. Authenticator Apps: Google Authenticator, Aegis, and Authy.

Recommended Password Managers:
1. https://keepassxc.org (Desktop)
2. https://www.keepassdx.com (Android only)
3. https://strongboxsafe.com (iOS only)
4. https://bitwarden.com (Top recommendation for cloud hosted)
5. https://1password.com (Ease of use, and great option for cloud hosted)
6. https://www.dashlane.com (Expensive, no desktop app)

Recommended Authenticator Apps:
1. https://authy.com
2. https://getaegis.app (Android only)

Get Yubikey:
https://www.yubico.com

Intro music: The Lockdown

"In the long run, we will have to rebuild the universe of the online world to have security first and ease of use second." - Moxie Marlinspike