Firewalls Don't Stop Dragons Podcast – Details, episodes & analysis

Today we'll wrap up my series of tips for enumerating all your old online accounts and deciding whether to delete them or just dumb down the personal data they have on you. There are several things to consider - we'll go through them all! In other news: a study ranks the most private AI chatbots; LinkedIn is set to use your personal data to train their AI; ChatGPT has released an AI browser; new phishing scam for password manager creds; Gmail did not leak 183M passwords; man discovers his robot vacuum sharing lots of personal data; more info on Cellebrite's mobile hacking abilities; Flock expanded its surveillance with Ring and drones; and group finds that half of our satellite communications are not encrypted. Article Links Which Generative AI Is Most Privacy-Respecting? https://www.obscureiq.com/which-generative-ai-is-most-privacy-respecting/ LinkedIn will use your data to train AI – how to opt out https://proton.me/blog/linkedin-ai-training Chatgpt Atlas Browser https://www.washingtonpost.com/technology/2025/10/22/chatgpt-atlas-browser/ Phishing scam uses fake death notices to trick LastPass users https://www.malwarebytes.com/blog/news/2025/10/phishing-scam-uses-fake-death-notices-to-trick-lastpass-users No, Gmail has not suffered a massive 183 million passwords breach https://www.techradar.com/pro/security/no-gmail-has-not-suffered-a-massive-183-million-passwords-breach-but-you-should-still-look-after-your-data Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House https://futurism.com/robots-and-machines/robot-vacuum-broadcasting Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/ Ring cameras are about to get increasingly chummy with law enforcement https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/ Exclusive: Flock Safety paid over $300 million for 17-month-old drone startup Aerodome https://techcrunch.com/2024/10/23/flock-safety-paid-over-300-million-for-17-month-old-drone-startup-aerodome/ Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted” https://www.pcmag.com/news/leak-from-the-sky-it-turns-out-a-lot-of-satellite-data-is-unencrypted Tip of the Week: https://firewallsdontstopdragons.com/removing-old-accounts/  Further Info Data Diet series: https://firewallsdontstopdragons.com/data-diet-introduction/  Backing up 2FA seed codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/  Using email aliases: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/  Claudito: https://github.com/micahflee/claudito  LM Studio: https://lmstudio.ai/  Dark Wire book: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:27: News briefs 0:01:49: News preview 0:03:53: Which AI Is Most Privacy-Respecting? 0:09:21: LinkedIn will use your data to train AI 0:14:23: ChatGPT's new Altas browser 0:21:46: Phishing scam uses fake death notices 0:25:32: Gmail has NOT suffered a massive password breach 0:27:57: Man finds smart vacuum sending maps of home 0:33:41: More Cellebrite capability details leak 0:38:28: Flock inks deal with Ring cameras 0:42:57: Flock Safety buys drone company 0:46:52: Half of satellite comms are unencrypted 0:51:26: Tip of the Week 1:00:01: Patron podcast preview 1:00:18: Looking ahead 1:01:39: New patron promotion coming?

AI chatbots like ChatGPT have made quiet a splash. Companies are tripping all over themselves in a rush to add "AI" to everything, heedless of the security risks. But perhaps more insidious are the privacy risks. Most AI processing is done in the cloud, meaning that your queries and chats are subject to inspection, sharing, storing and monetizing. These AI systems are incredibly expensive to train and operate. And AI companies are desperate to feed them every scrap of data they can find. It's a recipe for privacy disaster. But there are ways to make it more private and today we'll discuss these approaches with Proton's head of AI, Eamonn Maguire. Interview Notes Lumo privacy and security model: https://proton.me/blog/lumo-security-model  AI privacy concerns: https://proton.me/blog/ai-privacy-concerns  How to build a private AI: https://proton.me/blog/how-to-build-privacy-first-ai  LaTeX: https://en.wikipedia.org/wiki/LaTeX  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:12:22: Defining some terms 0:15:29: What are the main privacy issues with modern AI? 0:22:53: What are the dangers of training AI models on personal data? 0:27:57: How do we make AI chatbots safer to use? 0:35:31: What are Proton's goals with Lumo? 0:42:41: How can Lumo protect a user's privacy? 0:52:19: Can we do more to anoymize cloud LLM queries? 0:56:50: What can we do to increase trust and transparency with AI? 1:02:55: Where does Proton store and process AI data? 1:10:35: Which LLM models does Lumo use? 1:15:38: Will Proton offer a local-only version of Lumo? 1:20:36: What's next for Lumo and AI at Proton? 1:27:59: Will Lumo ever be part of Proton pricing bundles? 1:31:24: Wrap-up 1:35:14: Patron podcast preview 1:36:04: Looking ahead

The world wide web, as we know it today, has been around for over 30 years. In that time, most of us have created many dozens, perhaps hundreds, of online accounts. How many of those accounts are still alive somewhere? What data do they hold? And how good are the passwords you used? Today we're going to start on the path to finding all those accounts which could drastically improve our privacy and security. In the news: millions of Dell laptops have critical security flaws you need to patch now; Facebook may be secretly scanning your phone's images; National Public Data is back and you should delete your data; data brokers are flouting privacy laws; Ionic 5 owners in the UK will have to pay for a security fix; Flipper Zero devices are being (wrongly) blamed for auto thefts; the US Supreme Court allows Mississippi social media law to go into effect; data brokers are hiding their opt-out pages; app TeaOnHer exposed users' data; UK backs down from Apple backdoor demand; and now is the time for EU residents to speak out against Chat Control. Article Links Millions of Dell laptops hit by ‘critical’ security vulnerability https://www.pcworld.com/article/2870014/millions-of-dell-laptops-hit-by-critical-security-vulnerability.html Meta might be secretly scanning your phone's camera roll - how to check and turn it off https://www.zdnet.com/article/meta-might-be-secretly-scanning-your-phones-camera-roll-how-to-check-and-turn-it-off/ You Should Remove Your Info From the Rebooted National Public Data Site https://lifehacker.com/tech/remove-your-info-from-rebooted-national-public-data-site Data Brokers Are Ignoring Privacy Law. We Deserve Better. https://www.eff.org/deeplinks/2025/08/data-brokers-are-ignoring-privacy-law-we-deserve-better Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole https://www.theverge.com/news/757205/hyundai-ioniq-5-security-upgrade-fix-game-boy-device-attacks Can Flipper Zero really steal your car? (Spoiler: NO) https://blog.flipper.net/can-flipper-zero-steal-your-car/ Supreme Court allows Mississippi social media law to go into effect https://www.npr.org/2025/08/14/nx-s1-5482925/scotus-netchoice Data Brokers Are Hiding Their Opt-Out Pages From Google Search https://www.wired.com/story/data-brokers-hiding-opt-out-pages-google-search/ How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/ UK blinks, backs down from its Apple backdoor encryption demand https://appleinsider.com/articles/25/08/19/uk-blinks-backs-down-from-its-apple-backdoor-encryption-demand Worried about Chat Control? This website can help you get your say https://www.techradar.com/computing/cyber-security/worried-about-chat-control-this-website-can-help-you-get-your-say Tip of the Week: Data Diet Introduction: https://firewallsdontstopdragons.com/data-diet-introduction/  Further Info Cory Doctorow on age verification: https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers  Fight EU’s Chat Control: https://fightchatcontrol.eu/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:37: News preview 0:05:00: Millions of Dell laptops hit by ‘critical’ security vulnerability 0:06:44: Meta might be secretly scanning your phone's camera roll 0:12:00: You Should Remove Your Info From National Public Data 0:15:39: Data Brokers Are Ignoring Privacy Law 0:19:06: Hyundai wants Ioniq 5 owners to pay for security fix 0:22:43: Can Flipper Zero really steal your car? (No.) 0:30:38: Supreme Court allows Mississippi social media law ...

Your online account credentials have two parts: a user name and a password. Today, most online providers force you to use your email address for your user name. This gives the service provider a guaranteed way to contact (and spam) their users, but it also means that bad guys know half of all your credentials and data brokers have a unique ID to track you across all your accounts. Today I'll explain the value of using email aliases for your online user names. In other news: Iranian hackers attack US water plant; CISA launches program to address critical infrastructure threats; Google Drive users report missing data; Plex users fear new feature will leak p0rn watching habits; several articles on the ease of using data broker tools to spy on just about anyone, creating privacy and national security problems; smart mattress company CEO inadvertently reveals extent of data collection; concerns about IoT device sold with a home; overblown fears over Apple's new NameDrop feature; Zelle offering refunds to some scam victims; and Malwarebyte's survey of people's security practices (spoiler: it's bad). Article Links [The Hacker News] Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S. https://thehackernews.com/2023/11/iranian-hackers-exploit-plcs-in-attack.html [Dark Reading] CISA Launches Pilot Program to Address Critical Infrastructure Threats https://www.darkreading.com/ics-ot/cisa-launches-pilot-program-critical-infrastructure-threats [AppleInsider] Google Drive users complain of missing files, months of data disappearing https://appleinsider.com/articles/23/11/27/google-drive-users-complain-of-missing-files-months-of-data-disappearing [404media.co] Plex Users Fear New Feature Will Leak Porn Habits to Their Friends and Family https://www.404media.co/plex-users-fear-discover-together-week-in-review-feature-will-leak-porn-habits-to-their-friends-and-family/ [Rolling Stone] We Spied on Trump’s ‘Southern White House’ From Our Couches https://www.rollingstone.com/culture/culture-features/data-brokers-trump-tech-spying-privacy-threat-1234897098/ [9to5mac.com] Data brokers selling even more sensitive info; national security risk, says report https://9to5mac.com/2023/11/14/data-brokers-sensitive-info/ [MIT Technology Review] The US military’s privacy problem in three charts https://www.technologyreview.com/2023/11/13/1083262/the-us-militarys-privacy-problem-in-three-charts/ [therecord.media] Court rules automakers can record and intercept owner text messages https://therecord.media/class-action-lawsuit-cars-text-messages-privacy [404media.co] CEO Reminds Everyone His Company Collects Customers' Sleep Data to Make Zeitgeisty Point About OpenAI Drama https://www.404media.co/ceo-reminds-everyone-eightsleep-pod-collects-sleep-data-to-make-zeitgeisty-point-about-openai-drama/ [sdmmag.com] Who Is Gonna “Own” the IoT? https://www.sdmmag.com/articles/93730-who-is-gonna-own-the-iot [TechRadar] NameDrop in iOS 17 doesn’t have to be a privacy nightmare – here’s how to control it https://www.techradar.com/phones/ios/namedrop-in-ios-17-doesnt-have-to-be-a-privacy-nightmare-heres-how-to-control-it [9to5mac.com] Zelle scams: App now starting limited refunds, under pressure from lawmakers https://9to5mac.com/2023/11/13/zelle-scams/ [malwarebytes.com] 3 crucial security steps people should do, but don't https://www.malwarebytes.com/blog/news/2023/10/the-3-crucial-security-steps-people-should-do-but-dont OwnCloud hack: https://www.helpnetsecurity.com/2023/11/28/cve-2023-49103/  Pros & Cons of Antivirus Software: https://firewallsdontstopdragons.com/the-pros-and-cons-of-anti-virus-software/  Tip of the Week: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/ Further Info Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support 

City governments are relying more and more on a vast network of sensors to tell them what's going on: stop light cameras, gunshot detectors, air quality sensors, license plate readers, automated toll booths, and much more. While these technologies can help the powers that be allocate precious resources and gain helpful insights, they can also lead to over-policing, chilling of free speech and mass warrantless surveillance. Today I'll discuss the dangers of smart cities with Eleni Manis from the Surveillance Technology Oversight Project (STOP). Interview Notes Surveillance Technology Oversight Project: https://www.stopspying.org/  S.T.O.P.'s Beginner’s Guide to the All-Too-Dumb World of Smart Cities: www.justcities.tech  CCOPS laws: https://www.eff.org/issues/community-control-police-surveillance-ccops  Further Info Best & Worst Gifts for 2023: https://firewallsdontstopdragons.com/best-worst-gifts-2023/ Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:38: What got you into researching smart cities? 0:09:03: What are the positive aspects of smart cities? 0:13:06: How ubiquitous are these smart city technologies? 0:15:32: What are some of the most concerning smart city technologies? 0:16:45: is this data being shared between local and federal agencies? 0:19:14: Can students opt out of school surveillance? 0:20:48: How can the police access footage from video doorbells? 0:24:20: How is this tech used for predictive policing? 0:26:31: Do these predictive policing systems actually work? 0:27:29: How does this mass surveillance affect people? 0:28:58: What about use of surveillance tech in neighborhoods? 0:33:56: Who operates these sensor networks? Who can access the data? 0:37:49: Is it possible to anonymize this data properly? 0:42:06: Can government agencies access our cellular data? 0:45:22: Can you refuse to hand your cell phone over to authorities? 0:48:04: Can we find ways to collect this data without ruining privacy? 0:49:42: How do I find out what smart city tech is being used in my area? 0:53:29: Wrap-up 0:54:57: Preview of upcoming shows

The holiday gift-giving season is upon us - and therefore it's time for my annual guide on the best and worst gifts for your loved ones, at least in terms of security and privacy. There are some perennial favs on the nice and naughty lists, but there are some newcomers, as well. And I've got some top tips for how to shop for privacy-respecting, security-protecting products! I've even got some ideas for free and helpful stocking stuffers. In the news: FCC tried to protect consumers from SIM-swap attacks; cheap children's tablet came with malware and data mining software; medical transcription service has data of 9M patients exposed; hackers hold data from plastic surgeon patients for ransom, including nude photos; FTC filing in Kochava case unsealed showing 'staggering' amount of data for sale; Bitwarden announces support for passkeys; Article 45 of eIDAS 2.0 bill will completely undermine internet security in the EU. Article Links [The Hacker News] FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html [TechCrunch] Children’s tablet has malware and exposes kid’s data, researcher finds https://techcrunch.com/2023/11/16/childrens-tablet-has-malware-and-exposes-kids-data-researcher-finds/ [BleepingComputer] PJ&A says cyberattack exposed data of nearly 9 million patients https://www.bleepingcomputer.com/news/security/pj-and-a-says-cyberattack-exposed-data-of-nearly-9-million-patients/ [8newsnow.com] Hackers target Las Vegas plastic surgeons, post patient information, naked photos online https://www.8newsnow.com/investigators/hackers-target-las-vegas-plastic-surgeons-post-patient-information-naked-photos-online/ [Ars Technica] Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing https://arstechnica.com/tech-policy/2023/11/data-brokers-staggering-sale-of-sensitive-info-exposed-in-unsealed-ftc-filing/ [bitwarden.com] Bitwarden launches passkey management https://bitwarden.com/blog/bitwarden-launches-passkey-management/ [Electronic Frontier Foundation] Article 45 Will Roll Back Web Security by 12 Years https://www.eff.org/deeplinks/2023/11/article-45-will-roll-back-web-security-12-years Best & Worst Gifts for 2023: https://firewallsdontstopdragons.com/best-worst-gifts-2023/  Further Info Give Thanks!: https://firewallsdontstopdragons.com/give-thanks-donate/  Consumer Reports Naughty List: https://foundation.mozilla.org/en/privacynotincluded/articles/our-longest-naughty-list-ever-the-2023-holiday-buyers-guide-is-here/  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:37: News run-down 0:03:18: FCC Enforces Stronger Rules to Protect Against SIM Swapping 0:06:39: Children’s tablet has malware and exposes kid’s data 0:11:22: Cyberattack exposed data of nearly 9 million patients 0:15:16: Hackers target plastic surgeons, post patient info, naked photos online 0:22:37: Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing 0:27:10: Bitwarden launches passkey management 0:30:45: Article 45 Will Roll Back Web Security by 12 Years 0:39:00: Best & Worst Gifts for 2023 0:42:38: The Naughty List 0:47:50: The Nice List 0:59:14: Give thanks! 1:00:03: FDSD Merch sale! 1:00:25: Upcoming shows & promotion

Today there is a thriving market for legal, for-profit smartphone spyware (aka mercenary spyware). Companies like the NSO Group are free to create and sell highly sophisticated, zero-click malware such as Pegasus which has been used to spy on dissidents, politicians, activists and journalists around the world. There are also several apps available to parents to track their children, but are often used to abuse or stalk adult partners or ex-lovers. Today I'll discuss the state of these malicious apps, ways to protect our smartphones and even detect such spyware after the fact with the co-founders of iVerify, Danny Rogers and Rocky Cole. Interview Notes iVerify app: https://www.iverify.io/consumer xkcd “Security” cartoon: https://xkcd.com/538/  Moxie Marlinspike (Signal) on Cellebrite tool: https://signal.org/blog/cellebrite-vulnerabilities/  Further Info Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:38: Interview setup 0:03:08: How does iVerify work and why did you create it? 0:07:10: What sort of people need protection like iVerify? 0:11:07: How do you know that you can trust a security app? 0:14:54: What do MDM profiles do to my phone? Is it reversible? 0:20:37: How dangerous are third-party app stores, compared to Apple/Google? 0:27:37: If an app I've installed is pulled from the app store, will I be notified? 0:28:50: How hard is it today to jailbreak a phone? 0:31:49: How do you tell if a phone has been hacked? 0:33:21: Can you detect if an app has escaped its sandbox? 0:38:09: What is the marketplace like for spyware? 0:41:36: Are phones getting harder to hack? 0:44:16: Is it possible to detect or prevent hacking via physical access? 0:49:11: How do Apple and Google phones compare on security? 0:52:08: How does Apple's Lockdown Mode work? 0:54:47: Should governments outlaw the sale of mercenary spyware? 1:01:10: Should governments hoard 0-days or disclose them? 1:03:31: What are your top security tips for regular users? 1:05:44: What's next for iVerify? 1:07:28: Wrap-up

Connecting all our stuff to the internet – making devices “smart” – brings with it a lot of risks. Besides the more obvious cybersecurity vulnerabilities, these devices are also collecting a lot of personal data, offsetting razor thin profit margins by monetizing our data. In most cases, we can limit this data exfiltration using outbound firewalls and DNS services, or just by disconnecting the devices from the internet altogether. But lately I've been seeing devices coming configured with cellular data connections, which would effectively bypass your home network entirely - and therefore your ability to block or control the data flow. In other news: 1Passwords discloses security breach; Drug makers to pay 23andMe for access to your DNA; EFF publishes guidance for 23andMe customers after further data breach; Apple's private Wi-Fi MAC address feature has never worked right, until now; Hackers find side-channel attack on Apple Silicon to pull private data from Safari browsers; Windows PCs targeted with new malware; YouTube is waging a new way on ad blockers; Apple's iMessage has new method to thwart 'ghost' listeners; the White House releases sweeping executive order on AI; Pew publishes new study on data privacy views. Article Links [BleepingComputer] 1Password discloses security incident linked to Okta breach https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/ [Bloomberg] Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA https://www.bloomberg.com/news/articles/2023-10-30/23andme-will-give-gsk-access-to-consumer-dna-data [Electronic Frontier Foundation] What to Do If You're Concerned About the 23andMe Breach https://www.eff.org/deeplinks/2023/10/what-do-if-youre-concerned-about-23andme-breach [AppleInsider] Apple's private Wi-Fi MAC addresses were security theater until iOS 17.1 https://appleinsider.com/articles/23/10/27/apples-private-wi-fi-mac-addresses-were-security-theater-until-ios-171 [Ars Technica] Hackers can force iOS and macOS browsers to divulge passwords and much more https://arstechnica.com/security/2023/10/hackers-can-force-ios-and-macos-browsers-to-divulge-passwords-and-a-whole-lot-more/ [TechRadar] Windows PCs are being targeted with a nasty new malware - here's what you need to know https://www.techradar.com/pro/security/windows-pcs-are-being-targeted-with-a-nasty-new-malware-heres-what-you-need-to-know [404media.co] YouTube's 'War' on Adblockers Shows How Google Controls the Internet https://www.404media.co/youtubes-war-on-adblockers-shows-how-google-controls-the-internet/ [9to5mac.com] iMessage Contact Key Verification blocks the ‘ghost proposal’ plan by government spy agency https://9to5mac.com/2023/10/30/imessage-contact-key-verification-reason/ [Mashable] White House drops an AI regulation bombshell: 10 new mandates that'll shake up the industry https://mashable.com/article/white-house-drops-ai-regulation-bombshell [pewresearch.org] How Americans View Data Privacy https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/ Tip of the Week: The Rise of Cellular IoT https://firewallsdontstopdragons.com/the-rise-of-cellular-iot/   Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:56: News rundown 0:03:11: 1Password discloses security incident linked to Okta breach 0:06:09: Drugmakers Are Set to Pay 23andMe Millions to Access Consumer DNA 0:10:08: What to Do If You're Concerned About t...

What happened to the internet? It had so much promise. Social media and search results are full of stuff we never wanted to see. Surveillance capitalism is monetizing our most private information to serve us so many ads that we can never seem to consume the actual content. And if we're all so unhappy with the incumbents, where are the competitors offering better service? Cory Doctorow helps us understand how the internet got so crappy and what we can do to fix it. Cory Doctorow is a science fiction author, activist, journalist and blogger at the site Pluralistic. He has written a bunch of great books, both fiction and non, including Little Brother, Red Team Blues and Chokepoint Capitalism. Interview Notes TikTok’s Ensh*tification: https://pluralistic.net/2023/01/21/potemkin-ai/#hey-guys  Cory’s blog: https://pluralistic.net/ Cory at DEF CON 31: https://www.youtube.com/watch?v=rimtaSgGz_4  The Internet Con: https://craphound.com/category/internetcon/  Chokepoint Capitalism: https://chokepointcapitalism.com/  Red Team Blues: https://craphound.com/category/novels/redteamblues/   Saving the News from Big Tech: https://www.eff.org/deeplinks/2023/04/saving-news-big-tech  Tracking Exposed: https://tracking.exposed/  Further Info Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:55: Defining some terms 0:03:57: Swear warning 0:04:25: What have you been up to since we last had you on the show? 0:07:58: What is ensh*tification? How does it work? 0:18:26: Have any companies actually completed the ensh*tification cycle? 0:22:36: Do we have concrete examples of interoperability breaking this cycle? 0:29:07: What percentage of oday are not what we asked for? 0:37:04: What happens to DRM'd content when the licencing company goes away? 0:39:19: How can we reverse engineer these algorithms? 0:41:04: How is social media promotion like a big carnival teddy bear? 0:44:28: Whatever happened to the Amazon Smile program? 0:45:58: What do you mean by the End-to-End Principle? 0:51:53: Isn't ensh*tification just a natural result of modern capitalism? 0:54:02: Doesn't capitalism require rules (aka regulations)? 0:57:18: So what are the solutions? How do we fix the internet? 1:02:46: Did we undermine antitrust by lowering the bar of consumer harm? 1:04:25: What can we do to help, as consumers and citizens? 1:07:06: Wrap-up 1:07:50: Looking ahead

Email is old and was never built for security and privacy. Thankfully there are several modern secure email services. My personal favorite is Proton Mail and I'll explain to you today why you should really give it a try. I will also (finally) answer several interesting "Dear Carey" questions from listeners. In other news: If you use WinRAR, you need to update right away; hackers are targeting a company that brokers Emergency Data Requests between law enforcement and Big Tech companies; Google is forced to reveal user search history in a CO court case; Google is making passkeys the default, but you may want to wait; EFF asks MasterCard to stop selling our data; and Bruce Schneier has an insightful article around the rather heated discussions over the benefits and dangers of artificial intelligence. Article Links [Gizmodo] You Need to Update WinRAR, Right Now https://gizmodo.com/you-need-to-update-winrar-right-now-1850939201 [404media.co] Hackers Target Company That Vets Police Data Requests for Tech Giants https://www.404media.co/hackers-target-kodex-accounts-edrs/ [TechSpot] Google forced to reveal user search history in Colorado court ruling https://www.techspot.com/news/100529-google-forced-reveal-users-search-queries-colorado-court.html [blog.google] Passwordless by default: Make the switch to passkeys https://blog.google/technology/safety-security/passkeys-default-google-accounts/ [Electronic Frontier Foundation] Mastercard Should Stop Selling Our Data https://www.eff.org/deeplinks/2023/10/mastercard-should-stop-selling-our-data [Schneier Blog] AI Risks https://www.schneier.com/blog/archives/2023/10/ai-risks.html Tip of the Week: Try Proton https://firewallsdontstopdragons.com/its-time-to-try-proton/  Further Info De-Googling Your Life: https://firewallsdontstopdragons.com/reducing-my-google-footprint/  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:12: News rundown 0:02:38: You Need to Update WinRAR, Right Now 0:05:10: Hackers Target Company That Vets Police Data Requests for Tech Giants 0:11:22: Google forced to reveal user search history in Colorado court ruling 0:15:59: Google: Passwordless by default 0:21:48: EFF: Mastercard Should Stop Selling Our Data 0:25:59: Bruce Schneier: AI Risks 0:33:12: Mailbag!! 0:42:28: Tip of the Week: Try Proton 0:54:25: Wrap up, look ahead