Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton's CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the 'compromised machine' threat model. Interview Notes Proton Docs: https://proton.me/blog/docs-proton-drive  Proton Wallet: https://proton.me/blog/proton-wallet-launch  Proton Scribe: https://proton.me/blog/proton-scribe-writing-assistant  Proton Foundation: https://proton.me/blog/proton-non-profit-foundation  Techlore on Proton Wallet: https://www.youtube.com/watch?v=tESbBM2LZHM&t=1922s  Seth for Privacy’s Andy Yen interview: https://optoutpod.com/episodes/protonwallet-andy-yen/  My interview on Easy Prey Podcast: https://www.easyprey.com/firewalls-dont-stop-dragons-with-carey-parker/ Techlore: https://www.techlore.tech/ Privacy Guides: https://www.privacyguides.org/  The New Oil: https://thenewoil.org/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:18: Interview setup 0:04:18: Why did you release so many new products all at once? 0:05:53: Did you develop Proton Docs from scratch? Will we get Proton Sheets, too? 0:10:09: What drove you to add AI features? How do you maintain privacy with AI? 0:17:07: Why did Proton feel the need to create another cryptocurrency wallet? 0:21:37: Who is the target audience for Proton Wallet? 0:28:38: As a privacy company, why go with Bitcoin, which is not really private? 0:39:34: Will you support Monero or Zcash? 0:40:40: Why did you restructure Proton as a foundation? What's the impact of this? 0:45:41: How is this new foundation different from others like Mozilla or Tor? 0:47:59: Would Proton ever consider acquiring Mozilla to save Firefox? 0:55:43: Does TunnelVision affect Proton VPN? How can we improve VPNs generally? 1:01:35: Signal was bashed for not encrypting local keys. How does Proton handle this? 1:05:25: What's coming next from Proton? 1:07:48: Interview wrap-up 1:10:54: Couple updates on Wallet, Scribe availability 1:11:50: Recommending other great privacy resources and Proton discussions 1:12:53: Upcoming shows 1:14:29: Upcoming podcast awareness campaign

The headlines have been on fire with stories about 3 billion people's data being leaked from a company you've never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we're going to dive into what really happened and what you should do about it, whether your data was part of the breach or not. In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing" and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services. Article Links [Reuters] Illinois governor approves business-friendly overhaul of biometric privacy law https://www.reuters.com/legal/government/illinois-governor-approves-business-friendly-overhaul-biometric-privacy-law-2024-08-05/ [TechCrunch] US appeals court rules geofence warrants are unconstitutional https://techcrunch.com/2024/08/13/us-appeals-court-rules-geofence-warrants-are-unconstitutional/ [Electronic Frontier Foundation] To Fight Surveillance Pricing, We Need Privacy First https://www.eff.org/deeplinks/2024/08/fight-surveillance-pricing-we-need-privacy-first [ftc.gov] Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials https://www.ftc.gov/news-events/news/press-releases/2024/08/federal-trade-commission-announces-final-rule-banning-fake-reviews-testimonials [natlawreview.com] CFPB Forecasts New Rule Cracking Down on Consumer Data Sales https://natlawreview.com/article/cfpb-forecasts-new-rule-cracking-down-consumer-data-sales [Los Angeles Times] Hackers may have stolen the Social Security numbers of every American. How to protect yourself https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number [troyhunt.com] Inside the "3 Billion People" National Public Data Breach https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/ [consumerreports.org] Evaluating People-Search Site Removal Services https://innovation.consumerreports.org/new-report-data-defense-evaluating-people-search-site-removal-services/ Tip of the Week: OSINT Final Steps https://firewallsdontstopdragons.com/osint-final-steps/  Other Helpful Links Have I Been Pwned: https://haveibeenpwned.com/  NPD Data Breach search tool: https://npd.pentester.com/  Privacy Guides data removal tools: https://www.privacyguides.org/en/data-broker-removals/  Techlore video on data removal: https://www.youtube.com/watch?v=tESbBM2LZHM  Google’s Results About You: https://myactivity.google.com/results-about-you?pli=1  How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ How and why to plant your flag: https://firewallsdontstopdragons.com/why-you-need-to-plant-your-flag/  Strong passwords: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/   Backing up 2FA codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:00: News preview 0:06:33: Illinois governor approves business-friendly overhaul of biometric privacy law 0:11:18: US appeals court rules geofence warrants are unconstitutional ...

Finding your soul mate or even just a one-night stand can all be done digitally now - there's an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you're only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data... but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla's Privacy Not Included team who recently published a full report on this topic. Interview Notes Privacy Not Included report on dating apps: https://foundation.mozilla.org/en/privacynotincluded/articles/data-hungry-dating-apps-are-worse-than-ever-for-your-privacy/  Mozilla Foundation: https://foundation.mozilla.org/en/?form=donate-header  Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/  Falling out of love with dating apps: https://www.theguardian.com/lifeandstyle/2023/oct/28/its-quite-soul-destroying-how-we-fell-out-of-love-with-dating-apps  Using dating apps to locate someone: https://www.techradar.com/pro/privacy-flaw-in-top-dating-apps-could-have-revealed-user-location-down-to-2-metres  How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:57:02: Wrap-up and looking ahead 0:02:06: Freeze your credit! 0:04:19: How do modern dating apps work, exactly? 0:08:19: How do they find compatible matches? 0:10:34: Do these apps require constant access to your current location? 0:14:50: How much information used by these apps is inferred vs explicitly requested? 0:17:59: Do these apps use inferred data to weed out bad actors? 0:20:36: How did you decide which apps to evaluate? 0:23:54: What were your key takeaways and most alarming findings? 0:25:57: Do apps owned by the same parent company have similar privacy policies? 0:27:28: How transparent are these apps about sharing your data? 0:29:08: Was there any correlation between app cost and monetizing your data? 0:31:20: Are dating apps better about securing your personal data? 0:33:53: Do any of the dating apps offer end-to-end encryption of DMs? 0:35:40: Do these services try to keep you from leaving the app? 0:39:03: Once you find a match, can you get a refund for unused subscription time? 0:40:28: How do new AI features on dating apps affect your privacy? 0:43:30: Have there been any major dating service data breaches? 0:45:05: How bad are these apps for romance scams like 'big butchering'? 0:47:10: If I still want to use a dating app, how do I maximize my privacy? 0:51:19: Can I use a service on the web only (no app)? Can I delete my data? 0:54:20: How well do dating apps actually work, in terms of finding a mate?

It's time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I'll bring you my on-the-ground reporting from BSides and DEF CON. I'll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web. In the news this week: Vegas hotels search hacker's rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly. Article Links [404media.co] Hotel to Search Rooms During DEF CON Hacking Conference https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/ [AppleInsider] Apple has closed an ancient macOS Safari security hole https://appleinsider.com/articles/24/08/07/apple-has-closed-an-ancient-macos-safari-security-hole [therecord.media] NFL to roll out facial authentication software league-wide https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide [therecord.media] Ford wants patent for tech allowing cars to surveil and report speeding drivers https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police [The New York Times] Automakers Sold Driver Data for Pennies, Senators Say https://www.nytimes.com/2024/07/26/technology/driver-data-sold-for-pennies.html [9to5Mac] Border agents cannot search smartphones without a warrant, rules federal court https://9to5mac.com/2024/07/29/cannot-search-smartphones-without-a-warrant/ [AppleInsider] Judge rules Google is a search and advertising monopoly https://appleinsider.com/articles/24/08/05/judge-rules-that-google-is-a-search-and-advertising-monopoly Tip of the Week: OSINT Remediation https://firewallsdontstopdragons.com/osint-remediation/  Further Info BSides Las Vegas: https://bsideslv.org/  DEF CON 32: https://defcon.org/html/defcon-32/dc-32-index.html UnDisruptible27:  https://securityandtechnology.org/undisruptable27/ Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:26: Summer Camp Highlights 0:10:25: Hotel to Search Rooms During DEF CON 0:15:14: Apple has closed an ancient macOS Safari security hole 0:20:00: NFL to roll out facial authentication software league-wide 0:26:25: Ford wants patent for tech allowing cars to surveil and report speeding drivers 0:29:38: Automakers Sold Driver Data for Pennies, Senators Say 0:32:46: Border agents cannot search smartphones without a warrant, 0:36:44: Judge rules Google is a search and advertising monopoly 0:40:52: Tip of the Week: OSINT Remediation 0:54:25: EFF Tech Trivia update

Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we'll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he's seen them change over the years, and how hackers and their conferences are vastly different than the others. Interview Notes Jack Daniel: https://www.linkedin.com/in/jackadaniel/  BSides official site: https://bsides.org/  BSides Las Vegas (part of hacker summer camp): https://bsideslv.org/  InfoSecMap: https://infosecmap.com/  Cult of the Dead Cow interview: https://podcast.firewallsdontstopdragons.com/2023/08/07/cult-of-the-dead-cow/  Jeff Moss interview #1: https://podcast.firewallsdontstopdragons.com/2021/08/16/on-a-dark-tangent/  Jeff Moss interview #2: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/  CackalackyCon: https://cackalackycon.org/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:49: Interview lingo 0:04:05: How did you get into the world of cybersecurity and hacking? 0:12:40: Why did you start BSides? 0:17:43: What were some of the first BSides talks like? 0:21:42: What are the founding principles of BSides? 0:28:00: What approval do you need to start a BSides conference? 0:34:44: How have other hacker conferences influenced BSides and vice versa? 0:36:53: Is there a beef between BSides and Black Hat? 0:38:58: What's your connection with ShmooCon? 0:42:42: How have hackers and these conferences changed since the old days? 0:47:40: Discussion on responsible disclosure 0:50:39: Two different kinds of presenters 0:54:02: You might be a hacker if... 1:01:30: What's the best way to find a local hacker conference? 1:06:50: BSides is about community 1:08:29: Interview wrap-up 1:11:19: Patron content 1:11:53: Looking ahead

Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I'm not going to hold my breath. I'll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future. In other news: Google finally throws in the towel on blocking third-party cookies; a private organization claims to have gained access to advertising-based location data on Trump's shooter; Republican VP candidate JD Vance forgets to make his Venmo data private; leaked docs show what phones Cellebrite can and can't hack; Meta takes down thousands of accounts related to sextortion ring; and for my Tip of the Week, we'll tackle part 1 of my article on deleting your public data from the web. Article Links [AppleInsider] Google gives up on Chrome plan to ditch third-party cookies https://appleinsider.com/articles/24/07/23/google-gives-up-on-chrome-plan-to-ditch-third-party-cookies [404media.co] Heritage Foundation Claims to Use Location Data to Track Trump Shooter's Movements https://www.404media.co/heritage-foundation-claims-to-use-location-data-to-track-trump-shooters-movements/ [9to5Mac] J.D. Vance Venmo connections public, as privacy failing still in place six years later https://9to5mac.com/2024/07/19/jd-vance-venmo-connections-public/ [404media.co] Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/ [The Washington Post] Meta takes down thousands of Facebook, Instagram accounts running sextortion scams from Nigeria https://www.washingtonpost.com/business/2024/07/24/meta-nigeria-sextortion-scam-instagram-facebook/fce496c6-49b8-11ef-9149-c75da5dd9201_story.html [Schneier Blog] The CrowdStrike Outage and Market-Driven Brittleness https://www.schneier.com/blog/archives/2024/07/the-crowdstrike-outage-and-market-driven-brittleness.html Tip of the Week:OSINT Reconnaissance:  https://firewallsdontstopdragons.com/osint-reconnaissance/  Further Info Book surge results: https://fdsd.me/booksurge  Moxie Marlinspike (Signal) on Cellebrite vulnerabilities: https://signal.org/blog/cellebrite-vulnerabilities/  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:51: AT&T breach update 0:01:44: News rundown 0:03:56: Google gives up on Chrome plan to ditch third-party cookies 0:08:28: Group Claims to Use Location Data to Track Trump Shooter's Movements 0:13:42: J.D. Vance Venmo connections public 0:19:28: Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock 0:27:35: Meta takes down thousands of accounts running sextortion scams 0:31:21: Lessons from the CrowdStrike Outage 0:44:52: Tip of the Week: OSINT Reconnaissance 0:55:20: Book surge report 0:57:06: More help will be needed 0:58:10: Looking ahead

If someone decided to dig into your life - perhaps even try to 'dox' you - how might they go about doing that? What could they find about you right now on the internet? You might be surprised at how much information is readily available from public sources, including your local government agencies and state databases. Today I'll be talking with Jason Edison from Intel Techniques whose day job is using open source intelligence, or OSINT, to find suspected criminals and whose night job is helping people remove that same information to protect their privacy and even personal security. Interview Notes Intel Techniques: https://inteltechniques.com/  Data Removal Guide: https://inteltechniques.com/workbook.html  Data Removal Workbook (PDF): https://inteltechniques.com/data/workbook.pdf  Credit Freeze Guide: https://inteltechniques.com/freeze.html  MySudo privacy app: https://mysudo.com/ SimpleLogin (Proton) email aliases: https://simplelogin.io/ Private credit cards: https://privacy.com/   Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:41: Interview setup 0:02:34: What do you do for your day job in law enforcement? 0:05:17: What is open source intelligence, exactly? 0:08:41: What are your primary sources for OSINT? 0:12:01: What is doxing and how might it impact someone? 0:14:56: How does an OSINT specialist also value personal privacy? 0:22:36: How do others in law enforcement view data collection and privacy? 0:28:36: When emotional cases arise, do officials favor privacy rights over catching bad guys? 0:33:32: How do we balance privacy rights vs public safety? 0:39:19: How would you do a full workup on someone? 0:45:18: Where do people overshare or give away the most personal information? 0:52:31: How much of my personal information is available via public records? 0:56:43: Will tooks like AI help us find the needles in the haystacks? 1:00:56: What about data deletion services - are they worth it? 1:07:51: How useful are email and phone aliases for privacy? 1:11:17: How do you prove your identity to deletion sites without giving more info? 1:17:10: What tools can I find at Intel Techniques? 1:19:00: My data deletion journey

Ads on the web are beyond annoying - they are actually a threat to your privacy and sometimes even your security. Ads pay for a lot of the "free" web content we consume, but until ad networks stop tracking us and selling ad space to phishing and malware groups, we need tools to block them. Today I'll give you two solid options for doing so. In the news: Australian man charged for WiFi scam on flights; Airbnb reveals 35,000 complaints about hidden cameras; Linksys routers expose WiFi credentials; a massive new hacker list contains 10 billion unique passwords; a new AT&T call and text records data breach; Signal gets flak for response to storing encryption keys in the clear; Mozilla launches "privacy-preserving" ad attribution system (on by default); Proton launches encrypted Google Docs competitor. Article Links [The Hacker News] Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights https://thehackernews.com/2024/07/australian-man-charged-for-fake-wi-fi.html [9to5Mac] 35,000 complaints about hidden cameras in Airbnb properties https://9to5mac.com/2024/07/10/hidden-cameras-in-airbnb-properties/ [stackdiary.com] Linksys Velop routers send Wi-Fi passwords in plaintext to US servers https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/ [cybernews.com] RockYou2024: 10 billion passwords leaked in the largest compilation of all time https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ [TechCrunch] What the AT&T call records data breach means for you https://techcrunch.com/2024/07/12/what-the-att-call-records-data-breach-means-for-you/ [stackdiary.com] Signal under fire for storing encryption keys in plaintext https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/ [Mozilla] Privacy-Preserving Attribution https://support.mozilla.org/en-US/kb/privacy-preserving-attribution [Lifehacker] Why You Should Consider Proton Docs Over Google https://lifehacker.com/tech/why-you-should-consider-proton-docs-over-google Tip of the Week: How & Why to Block Ads https://firewallsdontstopdragons.com/how-and-why-to-block-ads/  Further Info Enter the DEF CON 32 ticket raffle: send email to dc24@firewallsdontstopdragons.com Techlore NextDNS tutorial: https://www.youtube.com/watch?v=WUG57ynLb8I Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:21: Book surge report 0:03:00: News rundown 0:05:06: Australian Man Charged for Fake Wi-Fi Scam on Domestic Flights 0:09:50: 35,000 complaints about hidden cameras in Airbnb properties 0:15:31: Linksys Velop routers send Wi-Fi passwords in plaintext to US servers 0:20:29: 10 billion passwords leaked in the largest compilation of all time 0:26:51: What the AT&T call records data breach means for you 0:32:37: Signal under fire for storing encryption keys in plaintext 0:47:24: Mozilla's new Privacy-Preserving Attribution 0:58:58: New: Proton Docs! 1:00:18: Tip of the Week: How & Why to Block Ads 1:12:41: Wrap up 1:13:01: Book surge report 1:15:25: DEF CON 32 ticket raffle! 1:17:48: Looking ahead

We're generating a ridiculous amount of data every day. Much of it is highly personal and that's dangerous. But there are actually several Privacy Enhancing Technologies that may allow us to use this personal data to improve our collective quality of life without ruining the privacy of the data subjects. I'll be discussing these PETs with Irene Knapp who spent five years working in the privacy department at Google. I will also spend a good bit of time asking them about what it's like working at Google and get some insights about the company's approach to privacy from the inside. (Spoiler: it's not good.) Interview Notes Internet Safety Labs: https://internetsafetylabs.org/about-us/  Irene’s Google departure post: https://medium.com/@Irenes/on-the-occasion-of-leaving-google-b8c7029c8d8b  Coworker.org: https://coworker.org  Google loses privacy chief: https://www.techspot.com/news/103268-google-privacy-chief-head-competition-law-leaving-not.html  Further Info BOOK SURGE!! https://fdsd.me/booksurge  Send me your questions! https://fdsd.me/qna  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:40: Interview setup 0:03:56: What is Internet Safety Labs and what do you do there? 0:05:45: Why do we not have liability in the software industry? 0:07:02: How did you come to work for Google and what was your experience like there? 0:07:58: What caused you to eventually leave? 0:10:26: How did private policy evolve while you were at Google? 0:12:36: What was happening in Google that impeded your efforts? 0:19:19: How does Google compare to other companies like Facebook? 0:20:56: What's your take on Google's new Privacy Sandbox technology? 0:27:24: Can we do some good with all the data we're collecting? 0:33:51: From where do we derive a legal right to privacy? 0:35:10: How does differential privacy work? 0:38:49: Where might we use differential privacy? 0:41:59: What is homomorphic encryption and how does it work? 0:44:47: Are there any other promising PETs? 0:46:49: How do zero knowledge proofs work? 0:49:20: Which of the PETs seem most promising right now? 0:51:20: Do we need privacy regulations to save us here? 0:56:19: What's next for you? 0:58:31: Interview wrap-up 1:00:52: BOOK SURGE!!

We've talked about how to backup your local device data and how to back up data that is primarily stored in the cloud. But there's a lot of important, irreplaceable data we take for granted: data owned by others. This might be shared online photo albums, cloud document collaborations, eBooks and other digital media, and even websites you frequently rely on. Today we'll talk about how you can make local copies of these files in case they should ever go offline. In other news: European politicians' personal details exposed online; Proton transitions to non-profit corporate structure; lawsuit claims Microsoft tracked sex toy purchases; online ID verification service exposed drivers licenses; new Mac info-stealer served up by Google Ads; law enforcement is spying on Americans' mail; new ALPR vulnerabilities prove it's a public safety threat; UK hospital hack leaks 300M patient records; US bans Kaspersky software; Sonos removes promise not to sell its users' data; Mozilla buys a 'privacy-centric' ad firm. Article Links [proton.me] Cyber house of cards – Politicians’ personal details exposed online https://proton.me/blog/politicians-exposed-dark-web [proton.me] Proton is transitioning towards a non-profit structure https://proton.me/blog/proton-non-profit-foundation [404media.co] Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/ [404media.co] ID Verification Service for TikTok, Uber, X Exposed Driver Licenses https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/ [Ars Technica] Mac users served info-stealer malware through Google ads https://arstechnica.com/security/2024/06/mac-info-stealer-malware-distributed-through-google-ads/ [The Washington Post] Law enforcement is spying on thousands of Americans’ mail, records show https://www.washingtonpost.com/technology/2024/06/24/post-office-mail-surveillance-law-enforcement/ [Electronic Frontier Foundation] New ALPR Vulnerabilities Prove Mass Surveillance Is a Public Safety Threat https://www.eff.org/deeplinks/2024/06/new-alpr-vulnerabilities-prove-mass-surveillance-public-safety-threat [TechCrunch] US bans sale of Kaspersky software citing security risk from Russia  https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/ [AppleInsider] Sonos removes a promise to not sell personal data, gets busted by users https://appleinsider.com/articles/24/06/15/sonos-removes-a-promise-to-not-sell-personal-data-gets-busted-by-users [theregister.com] What's up with Mozilla buying ad firm Anonym? It's all about 'privacy-centric advertising' https://www.theregister.com/2024/06/18/mozilla_buys_anonym_betting_privacy/ Tip of the Week: Backing Up Other Data https://firewallsdontstopdragons.com/how-to-backup-other-data/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:25: Book blitz coming soon 0:00:55: Dear Carey reminder 0:01:38: Bitwarden bug fixed 0:02:28: News rundown 0:04:22: EU politicians’ personal details exposed online 0:10:37: Proton adopts non-profit structure 0:15:15: Lawsuit Claims Microsoft Tracked Sex Toy Shoppers 0:19:28: ID Verification Service Exposed Driver Licenses 0:27:38: Mac users served info-stealer malware through Google ads

Every day, we generate tons of digital exhaust: our web browsing, GPS location, online and in-store purchases, emails and messages, social media posts and feed viewing habits, and much, much more. Online marketers and data brokers have been living off these breadcrumbs for years. The intelligence and law enforcement agencies have found this data to be incredibly revealing, and they can buy most of this data on the open market without requiring any sort of warrant - and they have. This has important implications for democratic societies that value privacy and freedom. I'll discuss how this mass surveillance works and what it means for all of us with Byron Tau, author of the book "Means of Control". Interview Notes Means of Control: https://www.amazon.com/Means-Control-Alliance-Government-Surveillance/dp/0593443225  Byron Tau at NOTUS: https://www.notus.org/byron-tau  Puking Monkey’s DEF CON presentation: https://www.youtube.com/watch?v=T43Ti7c11lY  Make your EZ Pass “moo”: https://hackaday.com/2013/09/16/modified-e-zpass-detects-reads-far-from-toll-booths/  Official US policy on collecting public info on citizens: https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2024/3815-odni-releases-ic-policy-framework-for-commercially-available-information  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:58: Update your Windows PCs 0:01:32: Interview setup 0:04:59: How might the collection of online data impact a regular person? 0:10:13: What sorts of things can all this data reveal about us? 0:15:44: How much can we learn by tracking a person's location? 0:17:38: What is 'gray data'? 0:22:40: Our data can be saved virtually forever - what are the ramifications? 0:26:30: How are data gathering rules different for law enforcement vs intelligence agencies? 0:32:54: When did data brokers start selling our info to government agencies? 0:39:22: Is it legal for these agencies to act as data brokers themselves? 0:42:12: What laws have impacted this sort of data collection in the US? 0:44:49: How and why do these agencies hide this data collection? 0:51:02: Are governments sharing data to skirt local restrictions? 0:54:54: How have these spy programs evolved since 9/11? 1:00:28: Have government agencies lobbied Congress against federal privacy laws?? 1:03:20: How can we limit data collection and increase our privacy? 1:06:24: Could the Big Tech backlash help get a privacy law passed? 1:08:33: What are you working on next? 1:09:59: Interview follow-up 1:11:36: Looking ahead

Until recently, most of our important data lived primarily on our devices. Backing up that data often meant choosing a cloud backup service. But today, many of our most important photos and files are actually stored in the cloud. While cloud servers are supposed to be more robust than home computers with flaky hard drives and smartphones that get lost or stolen, it also means that someone else is in control of that data. Cloud services go offline, get bought out or even shut down. We now need to be sure to back up our cloud data, too. In other news: 23andMe breach under investigation by US and Canada; cops release personal location info to FOIA request; hacker gains access to Tile customer data; more car privacy updates; Microsoft Recall backlash highlights our distrust; report shows Microsoft favoring profits over security; Mac Bartender app shadily changes ownership; new Apple privacy features coming. Article Links [malwarebytes.com] 23andMe data breach under joint investigation in two countries https://www.malwarebytes.com/blog/news/2024/06/23andme-data-breach-under-joint-investigation-in-two-countries [theregister.com] Crooks threaten to leak 3B personal records 'stolen from background check firm' https://www.theregister.com/2024/06/03/usdod_data_dump/ [404media.co] Cops Released a Car’s Travel History to a Total Stranger https://www.404media.co/cops-released-a-cars-travel-history-to-a-total-stranger/ [404media.co] Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/ [The New York Times] Is Your Driving Being Secretly Scored? https://www.nytimes.com/2024/06/09/technology/driver-scores-insurance-data-apps.html [Windows Central] A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back https://www.windowscentral.com/software-apps/windows-11/microsoft-has-lost-trust-with-its-users-windows-recall-is-the-last-straw [ProPublica] Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers [AppleInsider] Adobe's new terms of service unacceptably gives them access to all of your projects, for free https://appleinsider.com/articles/24/06/06/adobes-new-terms-of-service-unacceptably-gives-them-access-to-all-of-your-projects-for-free [MacRumors] PSA: Bartender Mac App Under New Ownership, But Lack of Transparency Raises Concerns https://www.macrumors.com/2024/06/04/bartender-mac-app-new-owner/ [9to5Mac] iOS 18 includes these new privacy features: Lock and hide apps, improved contact permissions, more https://9to5mac.com/2024/06/10/ios-18-includes-these-new-privacy-features-lock-and-hide-apps-improved-contact-permissions-more/ Tip of the Week: Backup Your Cloud Data: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/  Further Info Under New Management plugin: https://github.com/classvsoftware/under-new-management Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:52: News preview 0:03:11: 23andMe data breach under joint investigation in two countries 0:07:01: Crooks threaten to leak 3B personal records 'stolen from background check firm' 0:09:52: Cops Released a Car’s Travel History to a Total Stranger

Encrypted communications are important for everyone, even if you have nothing to hide. But they're also important when you're trying to hide global criminal operations. Drug smugglers and money launderers have special needs when it comes to secure messaging. Several phone companies were created to address this market. Unfortunately for the criminals, the most popular one - Anom - was secretly run by the FBI. Today Joseph Cox from 404 Media will tell us about this astoundingly audacious sting operation, which is the basis for his book, Dark Wire. Interview Notes Order Dark Wire: https://a.co/d/h9o7ump Anom website (right before take down): https://web.archive.org/web/20210507151115/http://anom.io/  Phantom Secure website (circa 2017): https://web.archive.org/web/20170330122723/http://phantomsecure.com/  Vice Anom story: https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor  Anom phone video: https://www.youtube.com/watch?v=EA1KS-xh0n0  Operation Trojan Shield: https://en.wikipedia.org/wiki/Operation_Trojan_Shield  Trojan Shield press conference: https://www.youtube.com/watch?v=S89O0nis_ss  Encrochat: https://en.wikipedia.org/wiki/EncroChat  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:54: Migrating to Mastodon 0:02:24: Embracing the dark... mode 0:02:45: Countdown to 400 0:03:28: Interview setup 0:04:30: How did this all start with you on an obscure forum for criminals? 0:08:34: What was Operation Trojan Shield? 0:10:49: How did the FBI start a secure phone company? 0:12:41: What were some of Anom's key tech features? 0:15:26: Where did they get the Arcane Operating System? 0:17:56: How did the 'duress' feature work? 0:20:18: How did Anom copy encrypted messages without being detected? 0:24:35: How were these phones marketed to criminals? 0:28:10: What does these phones cost? 0:30:09: What were the legal aspects for this multi-national operation? 0:34:49: How did they use this intelligence without revealing the source? 0:39:38: Did the criminals ever suspect the phones? 0:42:04: How did this all come to an end? 0:46:14: So, are we 'going dark' or not? 0:49:27: What lessons did the FBI take away from all this? 0:51:36: Can we still trust things like Signal and Proton? 0:55:39: What's your next big story or book? 0:58:09: Interview end notes 1:03:12: Looking ahead

Most major social media platforms are a hot mess. Your feed is filled with tons of crap you never asked to see and your data is mined mercilessly to serve you targeted ads. The promise of having a place to trade interesting posts with friends and family is now muddied up with sponsored content chosen by hidden algorithms optimized to keep you scrolling. It doesn't have to be that way. I've found something much better, and I'm inviting you to come join me. In other news: Ticketmaster breach leaks data on half a billion users; the iOS bug that resurrected deleted photos explained; GPT-4 can write working malware based only on CVE bug descriptions; Slack customers upset to learn that their data was being used to train AI systems; WiFi location service can be used to track mobile routers; police are trialing new devices that can track and identify you based on multiple electronic signals; new Windows AI feature records everything you do on your PC; Microsoft rolling out welcome changes to admin privilege use; Google adding several privacy and security features to Android 15; and iVerify how has an Android app. Article Links [Mashable] Ticketmaster hacked. Breach affects more than half a billion users. https://mashable.com/article/ticketmaster-data-breach-shinyhunters-hack [9to5Mac] Security Bite: Here’s the iOS 17.5 bug that resurfaced deleted photos https://9to5mac.com/2024/05/26/security-bite-heres-the-ios-17-5-bug-that-resurfaced-deleted-photos/ [Dark Reading] GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories https://www.darkreading.com/threat-intelligence/gpt-4-can-exploit-most-vulns-just-by-reading-threat-advisories [securityweek.com] User Outcry as Slack Scrapes Customer Data for AI Model Training https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/ [9to5Mac] Apple Location Services vulnerability can enable troop movements to be tracked https://9to5mac.com/2024/05/24/apple-location-services-vulnerability/ [Forbes] New Police Tech Can Detect Phones, Pet Trackers And Library Books In A Moving Car https://www.forbes.com/sites/thomasbrewster/2024/05/14/police-car-surveillance-tech-uncovers-phones-pet-trackers-and-library-books/ [Ars Technica] New Windows AI feature records everything you’ve done on your PC https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/ [PCWorld] Microsoft battens security hatches on Windows admin accounts https://www.pcworld.com/article/2344405/microsoft-battens-security-hatches-on-oft-used-windows-admin-accounts.html [Lifehacker] Google Is Rolling Out Some Great Privacy Features to Android This Year https://lifehacker.com/tech/google-is-rolling-out-some-great-privacy-features-with-android-15 [iverify.io] iVerify Basic is now on Android! https://www.iverify.io/post/iverify-basic-is-now-on-android Tip of the Week: Move to Mastodon https://firewallsdontstopdragons.com/how-to-move-to-mastodon/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:34: Ticketmaster hacked, breach affects more than half a billion users 0:05:59: Here’s the iOS 17.5 bug that resurfaced deleted photos 0:12:28: GPT-4 Can Exploit Most Vulns Just by Reading Threat Advisories 0:17:36: User Outcry as Slack Scrapes Customer Data for AI Model Training 0:23:12: Apple Location Services vulnerability can enable troop movements ...

Our privacy has never been more threatened. While some of us are vaguely aware of this, most of the rampant data collection and sharing is completely opaque. And the consequences are more dire than most of us realize. We can't afford to be complacent. We need to push back, to ask questions, and make better choices. Privacy-respecting apps and services do exist today. Making a deliberate and overt decision to use them will force the market (and our elected representatives) to take notice. My guest Naomi Brockwell from NBTV will make a compelling case for privacy and reclaiming control of our data, including several top notch tips for doing so. Interview Notes Naomi Brockwell’s NBTV: https://www.nbtv.media/   A World Without Privacy: https://www.nbtv.media/episodes/a-world-without-privacy  A Beginner’s Introduction to Privacy: https://www.amazon.com/Beginners-Introduction-Privacy-Naomi-Brockwell-ebook/dp/B0BQHS8MFS  Who can access your car remotely? https://www.youtube.com/watch?v=Ff9pmaSdZV8  Naomi Brockwell on All Things Secured: https://www.youtube.com/watch?v=D0WjIWBQEBM  Michael Bazzell’s Extreme Privacy resources: https://inteltechniques.com/links.html  Try Proton! https://firewallsdontstopdragons.com/its-time-to-try-proton/  Try Signal! https://firewallsdontstopdragons.com/how-to-switch-to-signal/  Further Info Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:58: How did you become a privacy evangelist? 0:06:51: What are some of the most mind-blowing ways we leak personal data? 0:09:56: What were some of Orwell's most prescient predictions in 1984? 0:15:49: How is surveillance different in real life from 1984? 0:22:23: How does data collection skew the power balance between citizens and authorities? 0:26:36: How do you counter the "I have nothing to hide" argument? 0:29:55: Why is it so important to normalize the use of privacy tools? 0:33:46: What changes do you recommend and what are the impacts for making them? 0:45:48: If you've given away tons of personal data already, is it too late? 0:50:07: What can we do to push vendors to respect our privacy more? 0:57:49: What's the future of privacy look like? 1:00:15: Post-interview notes 1:06:11: Looking ahead

Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing. In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user's poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android. Article Links [BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/ [The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html [Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/ [BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ [infosecurity-magazine.com] 53,000 Nissan Employees' Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/ [Tom's Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this [Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack [restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/ [Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ [mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision [epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/ [epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/ [9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/ Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:34: Update Apple devices, Chrome 0:01:16: A note on supporting Firefox 0:03:48: News preview 0:07:00: MediSecure hit by large-scale data breach 0:09:01: CISA Warns of Actively Exploited D-Link Router Vulnerabilities 0:13:14: How I upgraded my water heater and discovered how bad smart home securi...

Russia has been hacking Ukraine for at least a decade now, but since the invasion of Ukraine in February of 2022, the cyber war has changed. Instead of being a tactical element, cyber war is now a full-fledged strategic aspect of the conflict, on both sides. At the outset, Ukraine put out an official call to enlist cyber warriors from around the globe to their cause in what's been called the IT Army of Ukraine. Today we'll look at how this group was formed, how it operates, and what we should all be learning from what's happening there. My guest is Dina Temple-Raston from The Record, the Click Here Podcast, and formerly NPR. Interview Notes Dina Temple-Raston at The Record: https://therecord.media/author/dina-temple-raston  Click Here podcast: https://therecord.media/podcast  Click Here, Episode 98: “Lessons from the world's first hybrid war”: https://podcasts.apple.com/us/podcast/click-here/id1225077306?i=1000639045741  NPR’s I’ll Be Seeing You: https://www.npr.org/series/760566025/ill-be-seeing-you  Operation Glowing Symphony: https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:50: How did you get into covering cybersecurity and cyber warfare? 0:06:48: When and how did Russian cyber attacks begin in Ukraine? 0:15:40: What is the IT Army of Ukraine and what is its origin? 0:20:47: Have we seen other cyberwar volunteer organizations? 0:23:05: How are information and communications being utilized by the IT Army? 0:26:53: How has Russia responded to this? 0:28:34: How are IT Army members recruited and vetted? 0:30:17: How are objectives coordinated? 0:31:20: Where are IT Army members coming from? 0:32:03: Do we know if Western military members are participating in the IT Army? 0:36:30: What are the military lessons to be learned here? 0:42:11: What should civilians be learning from all of this? 0:46:01: What's next for you and Click Here? 0:47:14: Wrap-up and looking ahead

Google's Chrome browser has dominated the planet - both on desktop computers and mobile devices. Furthermore, many other popular web browsers are actually based on the same Google-made Chromium browser engine, including Microsoft Edge and Brave Browser. This gives Google an inordinate amount of influence on web standards, in particular preventing better privacy protections. We need to support privacy-forward alternatives lest they disappear. In other news: US passes expanded mass surveillance policies instead of curbing them; TikTok ban bill becomes law giving Bytedance a year to sell it; UK's Investigatory Powers Bill amendment passes; photo-sharing app will use users' uploaded images to train AI; Health insurers Kaiser and Change Healthcare are hacked; antivirus software service installs malware on user's systems; FCC fines telecom's $200M; CISA director pushes for vendor accountability; CISA's proactive protection programs are making positive impacts; UK becomes first country to enforce strong and strict IoT security requirements; net neutrality is back; Google again delays killing third party cookies. Article Links [Electronic Frontier Foundation] U.S. Senate and Biden Administration Shamefully Renew and Expand FISA Section 702, Ushering in a Two Year Expansion of Unconstitutional Mass Surveillance https://www.eff.org/deeplinks/2024/04/us-senate-and-biden-administration-shamefully-renew-and-expand-fisa-section-702-0 [TechCrunch] Biden signs bill that would ban TikTok if ByteDance fails to sell the app https://techcrunch.com/2024/04/24/biden-signs-bill-that-would-ban-tiktok-if-bytedance-fails-to-sell-the-app/ [theregister.com] UK's Investigatory Powers Bill to become law despite tech world opposition https://www.theregister.com/2024/04/26/investigatory_powers_bill/ [TechCrunch] Photo-sharing community EyeEm will license users photos to train AI if they don’t delete them https://techcrunch.com/2024/04/26/photo-sharing-community-eyeem-will-license-users-photos-to-train-ai-if-they-dont-delete-them/ [TechCrunch] Health insurance giant Kaiser notifies millions of a data breach https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach/ [TechCrunch] Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/ [Ars Technica] Hackers infect users of antivirus service that delivered updates over HTTP https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/ [BleepingComputer] FCC fines carriers $200 million for illegally sharing user location https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/ [cybersecuritydive.com] CISA director pushes for vendor accountability and less emphasis on victims’ errors https://www.cybersecuritydive.com/news/cisa-highlights-vendors-errors/714300/ [therecord.media] More than 800 vulnerabilities resolved through CISA ransomware notification pilot https://therecord.media/vulnerabilities-resolved-through-cisa-pilot [therecord.media] UK becomes first country to ban default bad passwords on IoT devices https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices [WIRED] Net Neutrality Returns to a Very Different Internet https://www.wired.com/story/fcc-net-neutrality-rules-vote/ [Ars Technica] Google delays third-party cookie death again: Now scheduled for 2025 https://arstechnica.com/gadgets/2024/04/google-delays-third-party-cookie-death-again-now-scheduled-for-2025/ Tip of the Week: https://firewallsdontstopdragons.com/its-time-to-quit-chrome/  Further Info Under New Management plugin: https://github.com/classvsoftware/under-new-management  Donate to Mozilla (Firefox): https://foundation.mozilla.org/en/donate/  Send me your questions! https://fdsd.me/qna

AI has been grabbing all the tech headlines, but cryptocurrency is still innovating and changing. One of the primary goals of cryptocurrency was to be decentralized and therefore not controlled by governments like fiat currency. That is about to change. Central Bank Digital Currency (CBDC) is a new type of cryptocurrency that is created and governed by nation states, which comes with serious implications for privacy and global economics. Thankfully I've got cryptocurrency expert Seth for Privacy on the show to explain how CBDC works and how it will affect us. Interview Notes Opt Out Podcast: https://optoutpod.com/  Freedom.Tech: https://freedom.tech/  Foundation.xyz: https://foundation.xyz/  CBDC tracker: https://cbdctracker.hrf.org/home  Buying Monero: https://freedom.tech/buying-monero-privately/ Samourai Wallet 1: https://freedom.tech/how-samourai-worked/  Samourai Wallet 2: https://freedom.tech/samourai-to-sparrow/ Cryptocurrency 101 interview: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/  Further Info Treasure & Coin Promo: https://fdsd.me/promo424  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:30: Promo update 0:01:42: News preview 0:04:34: AT&T now says over 50M accounts were compromised 0:11:37: Apple password reset notification attack 0:16:04: Outlook is Microsoft’s new data collection service 0:22:40: Kobold letters 0:29:27: Backdoor in XZ Utils That Almost Happene 0:39:42: OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models 0:45:57: How to Turn Off Meta AI on their various apps 0:49:07: Vulnerabilities Identified in LG WebOS 0:52:14: Roku Says More Than 500,000 Accounts Were Compromised 0:56:05: X May Charge New Users a 'Small Fee' to Post, Like and Reply 1:00:04: DuckDuckGo Is Taking Its Privacy Fight to Data Brokers 1:04:19: Google Launches Android Find My Device Network 1:07:29: The CFPB wants to rein in data brokers 1:12:23: Tip of the Week: Freeze Your Credit 1:18:05: Wrap-up 1:19:06: Looking ahead

You've heard people like me recommend this for years. It's time to just do it: freeze your credit report. There are really no downsides at this point. For example, it's now free everywhere in the US, by law. It's also free to temporarily "thaw" your credit. And it's gotten a lot easier to do, too. Freezing your credit is your main defense against financial identity theft. And with the sheer number of data breaches (like the recent massive AT&T leak), the personal information needed to commit identity theft is out there already. In other news: AT&T now says 51 million past and current customers' data were leaked; beware of a new password reset 'bomb' campaign; Microsoft is using Outlook to harvest and share your data; a new email scam alters their content after forwarding; a devious and devastating supply chain attack was thwarted in the nick of time; AI organizations are using sneaky techniques to train their models on your data; Meta is lacing its apps with AI, and there's not much you can do about it; LG TVs are hacked; Roku is breached again, this time affecting over 500,000 accounts; Twitter/X looking to charge new users a small fee to try to curb bot accounts; DuckDuckGo unveils trio of new for-pay privacy services; Google launches their own Find My network; and various US government agencies, lacking a real privacy law, attempt to curb privacy abuses using existing powers. Article Links [BleepingComputer] AT&T now says data breach impacted 51 million customers https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/ [AppleInsider] If you're getting dozens of password reset notifications, you're being attacked https://appleinsider.com/articles/24/03/27/if-youre-getting-dozens-of-password-reset-notifications-youre-being-attacked [proton.me] Outlook is Microsoft’s new data collection service https://proton.me/blog/outlook-is-microsofts-new-data-collection-service [Lutra Security] Kobold letters https://lutrasecurity.com/en/articles/kobold-letters/ [Schneier Blog] Backdoor in XZ Utils That Almost Happened https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html [Engadget] OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models https://www.engadget.com/openai-and-google-reportedly-used-transcriptions-of-youtube-videos-to-train-their-ai-models-163531073.html [Lifehacker] How to Turn Off Meta AI on Facebook, Instagram, Messenger, and WhatsApp https://lifehacker.com/tech/how-to-turn-off-meta-ai-on-facebook-instagram-messenger-whatsapp [bitdefender.com] Vulnerabilities Identified in LG WebOS https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/ [Lifehacker] Roku Says More Than 500,000 Accounts Were Compromised in a Cyberattack https://lifehacker.com/tech/roku-cyberattack-compromises-accounts [MacRumors] X May Charge New Users a 'Small Fee' to Post, Like and Reply https://www.macrumors.com/2024/04/15/x-small-fee-new-users/ [WIRED] DuckDuckGo Is Taking Its Privacy Fight to Data Brokers https://www.wired.com/story/duckduckgo-vpn-data-removal-tool-privacy-pro/ [MacRumors] Google Launches Android Find My Device Network https://www.macrumors.com/2024/04/08/google-android-find-my-device-network-2/ [ftc.gov] Proposed FTC Order will Prohibit Telehealth Firm from Using or Disclosing Sensitive Data for Advertising Purposes https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data [The Verge] The CFPB wants to rein in data brokers https://www.theverge.com/2024/4/15/24131354/cfpb-data-brokers-fair-credit-reporting-act [therecord.media] Automakers and FCC square off over potential regulations for connected cars https://therecord.media/fcc-automakers-connected-cars-regulation-mvnos Tip of the Week: https://firewallsdontstopdragons.