Firewalls Don't Stop Dragons Podcast

We have relied on prophets and seers for most of human history, largely because humans are obsessed with the future – specifically their own. But prophecy has often been used to determine or at least influence the future, not just predict it. In her new book, Prophecy, Carissa Véliz explains the power and perils of prediction, from the Oracle of Delphi to modern AI, giving us some much-needed perspective on the dangers of chatbots and the people who are selling them to us as powerful tools that will either save or doom all of humanity. Interview Notes Prophecy: https://www.carissaveliz.com/prophecy  Privacy is Power: https://www.carissaveliz.com/books  The Power of Analogue (TEDx): https://www.youtube.com/watch?v=IvJeUQ9Egnk  How Privacy Can Save Your Life (TEDx): https://www.youtube.com/watch?v=xSPRouBvgFE  Here’s to the Crazy Ones (Steve Jobs): https://www.youtube.com/watch?v=mtftHaK9tYY  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:18: Intro 0:03:07: How is prediction used to determine the future? 0:08:09: Why are humans hard to predict? 0:12:34: What does AI predict about itself? 0:19:24: What are longtermism and effective altruism? 0:25:45: How does rationalism compare to empiricism with AI? 0:30:41: Why do humans believe numbers? 0:34:57: Are prediction markets ethical? 0:38:53: What do you tell policymakers? 0:41:51: How do we resist fear of the future? 0:47:11: Wrap up 0:49:45: Patron podcast preview 0:50:23: Looking ahead

Artificial Intelligence – in particular, Large Language Models (LLMs) or “chatbots” – are increasing in power at an astonishing pace. In fact, the latest models from Anthropic (Claude Mythos) and OpenAI (ChatGPT 5.4 Cyber) are so good at reading software code and finding vulnerabilities, that their makers have strictly limited initial access to manufacturers of the most popular software so that they have a head start in finding exploitable bugs. But it’s not all doom and gloom. I’ll highlight the promise of this powerful new technology, as well. Article Links Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.: https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2 Iran built a vast camera network to control dissent. Israel turned it into a targeting tool: https://apnews.com/article/iran-war-security-cameras-surveillance-5f9a1fe5845d94894f3edd50af560d3a Iranian hackers are targeting American critical infrastructure, US agencies warn: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device: https://thenextweb.com/news/linkedin-browsergate-extension-scanning-privacy-fingerprint The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine: https://www.secureworld.io/industry-news/pixel-marketing-pii-harvesting Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance: https://www.wired.com/story/republican-mutiny-sinks-trumps-push-to-extend-warrantless-surveillance India drops proposal to mandate national ID app Aadhaar on smartphones after pushback: https://www.reuters.com/world/china/india-drops-proposal-mandate-national-id-app-aadhaar-smartphones-after-pushback-2026-04-17 What I learned by vibe-coding my own word processor: https://www.fastcompany.com/91528164/claude-code-vibe-code-word-processor On Anthropic’s Mythos Preview and Project Glasswing: https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html Tip of the Week: https://firewallsdontstopdragons.com/ai-promise-peril/  Further Info Support the Internet Archive: https://www.savethearchive.com/authors/ or https://www.savethearchive.com/journalists/  Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:00:37: Internet Archive needs your help 0:02:00: Router ban update 0:02:33: News rundown 0:05:46: New EU age app has bugs 0:10:46: FBI extracts Signal messages 0:16:33: Iran public cameras hacked by Israel 0:22:46: Iran hackers target US, Israel 0:26:11: LinkedIn scans your devices 0:37:06: TikTok Meta pixel madness 0:43:25: Section 702 on the ropes 0:50:56: India drops ID app mandate 0:53:42: Vibe-coding my own word processor 1:04:07: Schneier on Mythos, Glasswing 1:07:37: Tip of the Week 1:21:59: Patron podcast preview 1:22:24: Looking ahead

There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards. Interview Notes Victory Medium (Zach): https://victorymedium.com/  Check My Ads (Iesha): https://checkmyads.org/  TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/  Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now  US v Google: https://www.usvgoogleads.com/  IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/  DROP portal: https://privacy.ca.gov/drop/  Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Apple’s Hide My Email: https://support.apple.com/en-us/105078  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:20: Intro 0:02:22: Learning the lingo 0:03:34: What identifiers are used to track us online? 0:12:00: How else are we being tracked? 0:23:20: How are we tracked in the physical world? 0:31:54: How do brick and mortar stores track us? 0:37:46: What if the data is wrong? 0:43:58: What if I’m okay with targetted ads? 0:49:14: How does my data overlap your data? 0:54:01: Can’t this tracking also be used to stop fraud? 0:58:08: Why can’t we just use contextual ads? 1:05:22: What can we do about this? 1:13:00: What does NOT work to stop tracking? 1:14:10: What’s next for you two? 1:17:43: Wrap-up 1:21:05: Patron podcast preview 1:21:56: Looking ahead

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain. In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case. Article Links Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25 Further Info Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/  Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:03: News rundown 0:03:17: Walmart buys Vizio for ads, data 0:08:57: Public Zoom calls secretly turned into podcasts 0:17:24: Navia leaks millions of SSNs 0:20:28: TP-Link router vulnerabilities 0:36:25: H&R Block’s horrific tax software 0:45:41: New Claude Mac feature is too dangerous 0:48:22: macOS 24 blocks ClickFix? 0:50:44: Facebook, Google lose huge lawsuit 0:54:22: Patron podcast preview 0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors. Interview Notes Privacy Guides: https://www.privacyguides.org/  The New Oil: https://thenewoil.org/  Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/ This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455  Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/  Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:18: Intro 0:02:11: Why did you get into privacy? 0:07:44: What’s the most enduring privacy myth? 0:14:13: Do you find people dislike the answer “it depends”? 0:16:50: How would you describe your target audience? 0:22:00: How do you evaluate privacy products? 0:27:59: What products have you unrecommended and why? 0:34:27: What are major privacy red flags? 0:43:09: What product do you use that you do not recommend to others? 0:48:05: How will you handle age checks or repeal of Section 230? 0:55:09: Who do you look to for privacy advice? 1:04:22: What’s next for you guys? 1:08:30: Wrap-up 1:10:46: Patron podcast preview 1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface. Article Links Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/ Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/ Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027 Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/ Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/ Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/ You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/  Further Info Greynoise IP Check: https://check.labs.greynoise.io/  Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026  CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services  CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:35: News rundown 0:03:41: Update your Asus routers 0:08:55: Instragram drops E2EE 0:12:57: Porn addiction app exposed user data 0:19:54: Dangers of age verification laws 0:30:45: Car surveillance mandatory in 2027 0:35:46: Cyberattack kills breathalizer-equipped cars 0:39:41: LLMs can deanonymize users 0:51:11: Chat Control defeated! 0:55:22: Firefox free VPN coming 0:59:05: New Apple security fix mechanism 1:03:14: Tip of the Week 1:09:09: More security tips 1:13:53: Patron podcast preview 1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening. Interview Notes Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/  Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/  Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo  Consumer Reports: https://www.consumerreports.org/  More Perfect Union: https://perfectunion.us/  Get involved: https://action.consumerreports.org/  Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/  Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/  Amazon price tracker: https://camelcamelcamel.com/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:02:44: What’s your background? 0:04:26: What triggered this study? 0:06:08: How did you test this theory? 0:09:25: How prevalent is this practice? 0:11:27: What is a “customer surplus”? 0:13:44: Did the pandemic exacerbate this? 0:15:08: Is this practice legal? 0:21:42: How do ESL’s work? 0:25:52: Are all the add-on fees legit? 0:28:01: Are the stores participating in this, too? 0:32:01: What do they learn from loyalty programs? 0:37:38: Are digital coupons dynamic, too? 0:41:07: Does this amount to price fixing? 0:44:21: What’s been the reaction to your report? 0:49:00: What will you study next? 0:53:04: What can we do about this? 0:58:39: How can we support your work? 1:00:39: Wrap-up 1:03:27: Patron podcast preview

Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to. In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource. Article Links Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/ Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/ Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.html What Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disaster New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/ Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/ Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/ Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillance Privacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10 Ente Locker – Safe space for your most important documents https://ente.io/locker/ Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/ Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:01:54: News rundown 0:03:36: Amazon wishlist change exposes your address 0:08:44: New iOS exploit kit leaks 0:14:21: Israel hacked traffic cams to kill Khamenei 0:17:19: Meta’s AI glasses privacy nightmware 0:22:32: AirSnitch WiFi attack 0:26:31: Microsoft AI bug exposes private emails 0:29:35: Discord backtracks on age verification 0:34:38: Senators reintroduce surveillance transparency bill 0:39:15: Call to remove hidden surveillance cameras 0:44:44: Ente Locker 0:47:51: Privacy Activist Toolbox 0:51:53: Tip of the Week 1:00:36: Patron podcast preview 1:02:15: Looking ahead

Cellular providers need to know your location in order to deliver calls and text message to your phone. But it turns out that they really don’t need to know who you are to give you that service. They only need to know how to bill you – and that information can be at little as knowing your ZIP+4 code. Why do we give so much personal information to our mobile service providers when we don’t have to? Today, Nick Merrill, founder of Phreeli, will explain how he can give you top notch cell service and know almost nothing about you. Interview Notes Phreeli: https://www.phreeli.com/  Double Blind Armadillo: https://www.phreeli.com/files/PhreeliDoubleBlindArmadilloWhitePaper.pdf  Wired article: https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/  Call Detail Record: https://en.wikipedia.org/wiki/Call_detail_record  2600 Magazine: https://www.2600.com/  Zero-Knowledge Proofs: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:12: Intro 0:02:25: Zero Knowledge Proofs! 0:03:35: Lingo 0:07:29: How did you come to found Phreeli? 0:15:08: Who is your target audience? 0:19:18: How can you get by with just ZIP+4? 0:24:10: Is Phreeli more private, say, Mint? 0:28:33: How do I recover my Phreeli acccount? 0:30:22: What identifiers are tied to cell phones? 0:37:12: Can Phreeli work law requires KYC? 0:41:09: How do you separate billing from service? 0:47:23: How can a cellular provider hide a user’s location? 0:51:44: Do telecom networks have inherent privacy problems? 0:55:30: How do you handle lawful intercept? 0:59:13: How do you convince the skeptics? 1:02:19: What’s the current feature roadmap? 1:04:19: Wrap-up 1:08:59: Patron podcast preview 1:10:35: Looking ahead

In my seemingly never-ending quest to replace all things Google, I’ve finally found some solid, private alternatives to Google Sheets and Google Forms. And we’ll also talk about how the EU is looking to create competing products to reduce their dependence on Big Tech from Silicon Valley. In the news: Australian drivers’ info exposed in breach; school admissions website leaked student data; Discord is rolling out age verification; more countries move to ban social media for kids; Big Tech companies volunteer data to DHS on anti-ICE users; Meta wanted to sneak out facial recognition; researchers find tricky bugs in password managers; DJI robovacs were wide open on the internet; Ring’s mass surveillance efforts garner blow back; Russia blocks WhatsApp and Telegram. Article Links More than 200,000 Australian drivers exposed in massive data breach https://www.drive.com.au/news/over-200000-driver-licences-hacked-in-massive-data-breach/ Bug in student admissions website exposed children’s personal information https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/ Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out These are the countries moving to ban social media for children https://techcrunch.com/2026/02/17/social-media-ban-children-countries-list/ Reddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users https://gizmodo.com/reddit-meta-and-google-voluntarily-gave-dhs-info-of-anti-ice-users-report-says-2000722279 Meta reportedly wants to add face recognition to smart glasses while privacy advocates are distracted https://www.theverge.com/tech/878725/meta-facial-recognition-smart-glasses-name-tag-privacy-advoates Password managers less secure than promised https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html The DJI Romo robovac had security so poor, this man remotely accessed thousands of them https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt With Ring, American Consumers Built a Surveillance Dragnet https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/ WhatsApp and Telegram blocked in Russia, Meta ‘extremist organization’ https://9to5mac.com/2026/02/12/whatsapp-and-telegram-blocked-in-russia-as-meta-designated-an-extremist-organization/ Europe is ready to ditch US tech for private alternatives https://proton.me/blog/european-alternative-us-tech-survey Tip of the Week: https://firewallsdontstopdragons.com/de-google-my-life-part-5/  Further Info Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time/  Try Mastodon! https://firewallsdontstopdragons.com/how-to-move-to-mastodon/   Proton referral link: https://pr.tn/ref/ZMNG3DNK  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:54: News rundown 0:04:27: 200k+ Australian drivers’ data exposed 0:08:08: Aadmissions site exposed children’s info 0:12:44: Discord to implement age checks 0:23:50: Countries looking to ban social media for kids 0:29:40: Meta, Google Gave DHS Info of Anti-ICE Users 0:32:37: Meta wants to add face recognition while privacy advocates are distracted 0:37:10: Password manager bugs fixed 0:39:57: DJI robovacs security flaw fixed 0:45:43: Ring’s new Search Party feature 0:56:36: Russia blocks Telegram, WhatsApp 0:59:15: Europe is ready to ditch US tech 1:04:26: Tip of the Week 1:08:07: Proton referral 1:08:50: Patron podcast preview 1:09:20: Looking ahead

Today I speak with Yahoo CISO Sean Zadig – aka, the Chief Paranoid. Sean has had a long and varied career in cybersecurity, working both in law enforcement (at NASA!) and working security for Big Tech. I’ll ask Sean how we can teach our kids about cybersecurity, and how to protect them from the worst of the internet without compromising anyone’s privacy. I’ll also get his perspective on the relationship between Big Tech, user data, law enforcement and the Fourth Amendment. Interview Notes The Paranoids (Yahoo): https://www.yahooinc.com/our-technology/paranoids  Suddenly a CISO: https://www.yahooinc.com/paranoids/suddenly-a-ciso-four-pieces-of-transitional-advice  Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:20: Lingo 0:02:06: How did you become CISO at Yahoo? 0:05:38: Has AI made you job harder? 0:08:54: What the Paranoid ethos? 0:11:49: What a kids taught about cybersecurity? 0:14:05: How do we interest kids in cybersecurity? 0:17:35: How do we get kids to care about privacy? 0:21:42: Can we verify age privately? 0:25:06: Should parents control content restrictions? 0:28:36: Are kids echewing tech today? 0:31:51: How do we combat CSAM? 0:40:31: What’s it like working in law enforement? 0:47:14: Can we get Big Tech to collect less private data? 0:52:19: Is law enforcement skirting the 4th Amendment? 0:58:14: What’s next for The Paranoids? 1:00:01: Wrap-up 1:00:12: Patron podcast preview 1:01:10: Survey highlights 1:05:40: 2026 Milestones 1:06:49: Looking ahead

The latest craze with artificial intelligence is agentic AI – exhibited most recently in the viral AI project called ClawdBot… or Moltbot… or OpenClaw. (The name has changed two times in less than a week.) You download this software, give it access to your AI chatbot accounts, and then give it full and complete access to your computer and online accounts. Why? So you can have an all-powerful assistant who can do real things in the real world as if they were you! What could go wrong? In other news: a new lawsuit claims Meta can read all your WhatsApp messages; an AI toy exposed chat transcripts of their toddler owners; another AI app leaks millions of private conversations; TikTok’s new terms of service are very scary; the US wants visitors to fork over tons of personal info; UK officials were hit by Volt Typhoon; the UK wants to increase facial recognition in public places; the FBI failed to unlock journalist’s iPhone with Lockdown Mode enabled; Google adds cool anti-theft features; CA town disables Flock cameras; Google cripples home proxy network; and Firefox adds one toggle to disable AI features. Article Links WhatsApp Encryption, a Lawsuit, and a Lot of Noise https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/ An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/ Massive AI Chat App Leaked Millions of Users Private Conversations https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/ TikTok’s New Terms of Service Has Raised Alarm Bells https://lifehacker.com/tech/tiktoks-new-ownership-tos-concerns The Trump Administration wants your DNA and social media https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media Hackers suspected of spying on UK officials’ calls for years https://www.theregister.com/2026/01/27/chinalinked_hackers_accused_of_yearslong/ Police to get 40 new live facial recognition vans and AI help in sweeping reforms https://news.sky.com/story/facial-recognition-technology-to-be-rolled-out-nationally-and-police-will-get-ai-support-13499172 FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/ Google Just Updated These Android Theft Protection Features https://lifehacker.com/tech/google-just-updated-these-android-theft-protection-features California city turns off Flock cameras after company shared data without authorization https://therecord.media/california-city-turns-off-flock-cameras-unauthorized-sharing Google cripples IPIDEA proxy network abused by crims https://www.theregister.com/2026/01/29/google_ipidea_crime_network/ Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html Tip of the Week: https://firewallsdontstopdragons.com/agents-of-misfortune/  Further Info TikTok’s Real Privacy Risks: https://internetsafetylabs.org/blog/research/tiktoks-real-privacy-risks/  Private TikTok viewer: https://sticktock.com/  EFF’s Atlas of Surveillance: https://www.atlasofsurveillance.org/  DeFlock: https://deflock.org/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:51: News rundown 0:02:51: WhatsApp encryption questioned 0:11:34: AI toy’s logs exposed 0:16:17: AI app leaks user data 0:19:27: TikTok gets worse for privacy 0:23:52: US demands more visitor data 0:30:41: UK hit by Salt Typhoon 0:33:47: UK proposes more mass surveillance 0:36:51: Lockdown Mode protects WaPo journalist iPhone 0:43:03: New Android anti-theft features 0:45:54: CA town shuts down Flock 0:49:07: Google hobbles bad proxy network 0:52:33: Firefox AI kill switch 0:55:18: Tip of the Week 1:02:08: Wrap-up 1:02:21: Patron podcast preview 1:02:30: Looking ahead

We’re all busy people with busy lives. We only have so much time and energy. So when security people dole out to-do lists, we really need to focus on the tips with the most bang for the buck. Conversely, we need to avoid wasting people’s precious resources on advice that is no longer valid or worth the effort. Today, we’ll debunk several of these “Hacklore” tips with security guru Bob Lord. Interview Notes Hacklore: https://www.hacklore.org/letter  Hacklore resources: https://www.hacklore.org/resources  Elevator (un)safety analogy: https://medium.com/@boblord/psa-elevator-un-safety-7ac69a9498de  DNC Security Checklist: https://democrats.org/security/  CISA Secure by Design: https://www.cisa.gov/securebydesign  MITRE’s 2007 Unforgivable Vulnerabilities (PDF): https://cwe.mitre.org/documents/unforgivable_vulns/unforgivable.pdf  Take 9: https://pausetake9.org/  Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/  EFF security planning: https://ssd.eff.org/module/your-security-plan  Removing online data: https://firewallsdontstopdragons.com/data-diet-introduction/  Generate passphrases with d20 dice! https://d20key.com/#/  Dragon coupons: https://fdsd.me/coupons/  Rafifi (film): https://www.imdb.com/title/tt0048021/  Xkcd password strength: https://xkcd.com/936/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:00:25: Survey, promo wrap-up 0:01:30: Interview setup 0:02:22: Lingo definitions 0:02:52: What drove you to launch Hacklore? 0:07:12: Is this advice truly wrong? 0:11:51: 1) Avoid public WiFi 0:17:38: 2) Never scan QR codes 0:22:43: 3) Never charge devices from public USB ports 0:24:38: 4) Turn off Bluetooth and NFC 0:28:25: 5) Regularly clear cookies 0:32:47: 6) Regularly change passwords 0:38:19: Why do we not have web password standards? 0:44:24: Any bad tips that didn’t make the cut? 0:45:53: WIll Hacklore be regularly updated? 0:46:32: What has been the response to Hacklore? 0:48:08: So what are the actual top security tips? 0:49:56: How do we shift the onus to software makers? 0:53:14: What other resources can you recommend? 0:55:40: What’s next for you? 0:56:53: Wrap-up 1:00:40: Generating passphrases 1:02:00: Accessing show notes 1:03:08: Dragon coupons 1:03:40: Patron podcast preview 1:04:24: Looking ahead

There exist many interesting technical tools which can greatly improve our privacy while still allowing us to use very personal data. In the next installment of my series on Privacy Enhancing Technologies, we’ll look at zero-knowledge proofs – what they are, how they work and what types of privacy problems they can address. Specifically, we’ll show how you can prove that you know a secret without actually revealing the secret. In other news: Florida may be implementing an age-gating law; the UK government is now considering a ban on VPNs; 17 more people browser plugins that steal your data; popular apps used to harvest data using real-time bidding; police unmask millions of surveillance targets due to Flock redaction failures; AI company sued for secretly scoring job seekers; Microsoft gives BitLocker keys to FBI; and the FTC finalizes restrictions on GM car data gathering and sharing. Article Links Oppose Florida’s AI age verification bill, protect your privacy https://www.miamitech.club/oppose-sb-482/ UK government targets VPNs in online safety consultation as Lords vote for ban https://www.techradar.com/vpn/vpn-privacy-security/uk-government-targets-vpns-in-new-online-safety-consultation-as-lords-vote-for-ban If You’ve Installed Any of These 17 Browser Extensions, Delete Them Now https://lifehacker.com/tech/delete-malicious-ghostposter-browser-extensions Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location https://www.wired.com/story/gravy-location-data-app-leak-rtb/ Police Unmask Millions of Surveillance Targets Because of Flock Redaction Error https://www.404media.co/police-unmask-millions-of-surveillance-targets-because-of-flock-redaction-error/ AI Company Eightfold Sued Helping Companies Secretly Score Job Seekers 2026 01 21 https://www.reuters.com/sustainability/boards-policy-regulation/ai-company-eightfold-sued-helping-companies-secretly-score-job-seekers-2026-01-21/ Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/ FTC Finalizes Order Settling Allegations that GM and OnStar Collected and Sold Geolocation Data Without Consumers’ Informed Consent https://www.ftc.gov/news-events/news/press-releases/2026/01/ftc-finalizes-order-settling-allegations-gm-onstar-collected-sold-geolocation-data-without-consumers Tip of the Week: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  Data Privacy Week: https://www.staysafeonline.org/data-privacy-week   HaveIBeenFlocked: https://haveibeenflocked.com/  404 Media FOIA Forum: https://www.404media.co/foia-forum-archive/  NextDNS: https://nextdns.io/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:51: Last call for survey, dragon coin 0:02:17: Winter storm 0:03:14: News preview 0:05:02: Proposed FL age-gating bill 0:11:33: UK government targets VPNs 0:15:42: More malicious browser extensions 0:21:22: Popular apps leaking personal info (again) 0:31:26: Have I Been Flocked? 0:41:37: AI company sued for secretly scoring job seekers 0:46:41: Microsoft give BitLocker keys to FBI 0:56:05: FTC restricts GM from selling car data 0:59:34: Tip of the Week 1:10:49: Wrap-up 1:12:16: Patron podcast preview 1:12:42: Looking ahead

Having data privacy laws are great. But if those laws can’t be practically enforced or your rights easily asserted, they’re not very useful. Modern cars are chock full of sensors, many of which are used to monitor the passengers and collect personal data. But cars are subject to privacy laws, too. Opting out of data collection or requesting data deletion should be straightforward. Andrea Amico and Merry Marwig from Privacy4Cars just completed a massive study on this, and the vast majority of auto brands had horrible user experiences for data management. They will share their findings with us on today’s show. Interview Notes Privacy4Cars: https://privacy4cars.com/  California UX whitepaper: https://privacy4cars.com/ux-california/  Vehicle Privacy Report tool: https://vehicleprivacyreport.com/  Company auto info: https://Privacy4Cars.com/CISO  GDPR auto info: https://Privacy4Cars.com/GDPR  Opt Out Code: https://optoutcode.com/ IoT on Wheels talk: https://instituteofprivacydesign.org/2025/08/11/cars-iot-endpoints-on-wheels-privacy-engineering-technology-education-discussion-peted-recording/  Data Diva car data graphic (slide 16): https://www.nist.gov/system/files/documents/2024/05/15/V3_2024_May_IoTAB%20%20-%20Monroney%20Sticker%20Presentation_Privacy_subteam_compressed%20508.pdf  IoT Advisory Board Report: https://www.nist.gov/system/files/documents/2024/10/21/The%20IoT%20of%20Things%20Oct%202024%20508%20FINAL_1.pdf  Enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:01:06: Listener survey reminder 0:01:53: Patron promo reminder 0:02:30: Lingo definitions 0:03:14: What’s changed since our last talk? 0:08:15: What data do cars collect? 0:12:56: How could car data affect my insurance rates? 0:15:51: What was the purpose of your recent study? 0:23:01: How do authorized agents work? 0:28:01: How does Opt Out Code work? 0:33:21: What’s the response been to your report? 0:36:13: How do we make car data more obvious? 0:40:23: Does GDPR apply to cars? 0:45:17: What are some other cases to consider? 0:48:45: What’s the EU Data Act? 0:54:08: How do I limit my auto data sharing? 0:56:44: How remove car data before selling? 0:59:56: What’s next for you? 1:01:43: Wrap-up 1:03:25: Enable Global Privacy Control 1:05:24: Patron podcast preview 1:06:52: Looking ahead

AI has many problems, but also has promise. Today I’m going to focus on one particular problem that has some viable solutions: privacy. Chat bots like ChatGPT, Gemini and Claude all require your queries to be processed in the cloud. All the personal questions we ask are probably being logged against our identity and could be used to train future AI models or to present us with targeted ads. But there are alternatives that protect your data – I’ll give you a handful of solid options. In other news: a Texas court has blocked the app store age verification law; Flock’s people-tracking cameras have horrible security; PornHub confirms data leak due to third party; stalkerware maker pleads guilty; Texas sues 5 TV makers over data collection; Wegman’s grocery using facial recognition in NYC; New York’s surveillance pricing transparency law goes into effect; DROP tool debuts in California for deleting broker data; two Chrome extensions caught stealing chat bot session text; ChatGPT rolls out new Health tool. Article Links Judge blocks Texas app store age verification law https://www.theverge.com/news/849752/texas-app-store-accountability-act-age-verification-injunction Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves https://www.404media.co/flock-exposed-its-ai-powered-cameras-to-the-internet-we-tracked-ourselves/ PornHub Confirms Premium User Data Exposure Linked to Mixpanel Breach https://thecyberexpress.com/pornhub-data-breach-premium-users/ Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software https://techcrunch.com/2026/01/06/founder-of-spyware-maker-pctattletale-pleads-guilty-to-hacking-and-advertising-surveillance-software/ Texas sues 5 smart TV manufacturers over data collection practices https://therecord.media/texas-sues-5-smart-tv-makers-over-acr-tech Popular grocery store chain uses biometric surveillance on shoppers, raising privacy concerns https://www.aol.com/articles/popular-grocery-store-chain-uses-130056099.html How New York’s Personalized Pricing Law Affects Consumers And Retailers https://www.forbes.com/sites/anishasircar/2025/12/03/new-yorks-algorithmic-pricing-law-what-it-does-and-why-it-matters/ This Tool Deletes Your Info From Data Broker Sites (If You Live in One State) https://lifehacker.com/tech/california-new-data-removal-tool Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html Why I Won’t Be Giving ChatGPT Health My Medical Records https://lifehacker.com/tech/dont-give-chatgpt-health-your-medical-records Tip of the Week: https://firewallsdontstopdragons.com/ai-chat-privacy/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  Flock You project: https://github.com/colonelpanichacks/flock-you  Shodan: https://www.shodan.io/dashboard  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro 0:00:36: Listener survey 0:01:24: Dragon coin promo 0:02:11: News rundown 0:04:00: Court blocks Texas app store age check 0:09:52: Flock exposed its AI cameras to internet 0:21:04: Some PornHub user data leaked 0:26:22: Stalkerware maker pleads guilty 0:33:57: Texas sues 5 TV makers over data collection 0:39:39: Wegmans grocery is using facial recognition 0:44:33: NY personalized pricing law goes into effect 0:47:28: CA tool mass-deletes broker data 0:50:49: Two Chrome extensions steal AI chat records 0:54:56: ChatGPT unveils new Health feature 0:58:25: Tip of the Week 1:07:28: Wrap up 1:07:47: Patron podcast preview 1:08:23: Looking ahead

There are a ton of messaging apps on the market – and there are actually quite a few that are very secure and private. I would argue that there is no such thing as a “perfect” secure messaging app. There are several threat models to account for, each with different requirements. Today we’re going to talk about the pros and cons of decentralized messaging with the co-founder of Session, Kee Jeffreys. These messaging apps don’t rely on a set of servers hosted by the provider, but rather on a mesh of nodes run by hundreds or thousands of others. We’ll also discuss the importance of protecting metadata and the notion of “permissionless access”. Session just announced support for key features in the upcoming version 2 of their protocol, including Perfect Forward Secrecy (PFS) and post-quantum encryption. Interview Notes Get the Session app: https://getsession.org/  Session adds PFS, post-quantum crypto: https://getsession.org/blog/session-protocol-v2  xkcd $5 wrench (“Security”): https://xkcd.com/538/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://firewallsdontstopdragons.com/new-patron-promotion/ Generate passphrases using d02’s: https://d20key.com/#/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:12: Promotion teasers 0:01:54: Interview setup 0:03:33: Lingo 0:05:07: Why did you create Session? 0:11:01: How does the location of a company’s HQ matter? 0:18:58: Why do regular people need this level of security? 0:22:01: How does Session work? 0:29:59: Why does permissional account creation matter? 0:35:55: How does Session compare to other apps? 0:45:27: Why didn’t Session have Perfect Forward Secrecy originally? 0:53:50: When will PFS roll out? 0:58:37: How does cryptocurrency factor into Session’s network? 1:03:32: What happens if $SESH price goes way up or way down? 1:07:19: How does Session sustain itself? 1:13:34: Why is private messaging so important? 1:19:49: Wrap-up 1:22:34: Patron podcast preview 1:23:44: New patron promotion 1:27:14: Annual listener survey

Every week, I record a special, private bonus podcast for my patrons. Normally all of that content is restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Yael Grauer (Consumer Reports), Josh Summers (All Things Secured), Lisa LeVasseur (Internet Safety Labs), Josh Corman (UnDisruptable27), Andy Liddell (EdTech Law Center), Carissa Véliz (author, professor), Eamonn Maguire (Proton), Grace Menna & Adrien Ogee (Cyber Resilience Corps). Enjoy! Original Interview Links Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep420: Josh Summers: https://podcast.firewallsdontstopdragons.com/2025/03/17/all-things-secured/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep428: Josh Corman: https://podcast.firewallsdontstopdragons.com/2025/05/12/shelter-from-the-storm/  Ep426: Andy Liddell: https://podcast.firewallsdontstopdragons.com/2025/07/07/defending-student-privacy/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep453: Eamonn Maguire: https://podcast.firewallsdontstopdragons.com/2025/10/27/privacy-focused-ai/  Ep454: Grace Menna & Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Security Planner: https://securityplanner.consumerreports.org/  App Microscope: https://appmicroscope.org/  Take 9: https://pausetake9.org/  Meshtastic: https://meshtastic.org/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  CISA Bad Practices: https://www.cisa.gov/news-events/news/bad-practices-0 Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:03:55: Ep416: Yael Grauer 0:10:51: Ep420: Josh Summers 0:16:36: Ep422: Lisa LaVasseur 0:22:21: Ep428: Josh Corman 0:30:03: Ep426: Andy Liddell 0:35:49: Ep438: Deviant 0:41:55: Ep446: Carissa Veliz 0:47:12: Ep450: Jake Braun 0:52:55: Ep454: Grace Menna & Adrien Ogee 0:55:44: Wrap-up

I’m digging into the vault for a classic interview – a blast from the past! I’ve done 460 episodes over the last nearly 9 years, and some of the best old episodes still hold up well today. I first interviewed Troy Hunt, creator of Have I Been Pwned, in February of 2019. It was Episode 102 and it was entitled “You Must Stop Reusing Passwords”. In this episode we talk a little about the origins of HIBP, password security, data breaches and brokers, and how to keep our accounts secure. I’ve added some new commentary, but the original episode is preserved in all of its glory! Interview Notes Have I Been Pwned? https://haveibeenpwned.com/  NIST updated password guidelines:  https://pages.nist.gov/800-63-4/sp800-63c.html  Proton summary of NIST changes: https://proton.me/blog/nist-password-guidelines  Password haystacks: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  Choosing a strong PIN: https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Using passphrases: https://podcast.firewallsdontstopdragons.com/2021/05/24/how-when-to-use-a-passphrase/  On passkeys: https://podcast.firewallsdontstopdragons.com/2023/05/22/problems-with-passkeys/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:32: Interview setup 0:02:52: What is Have I Been Pwned? 0:05:37: What is a data breach? 0:06:42: Where do you get data breach records? 0:08:18: What is the “dark web”? 0:10:35: How do YOU get breach data? 0:11:43: What were some of the worst data breaches? 0:15:09: Who is behind these breaches? 0:17:03: How often are data brokers hacked? 0:19:47: Is it that hard to protect our data? 0:21:22: Is there no liability for not protecting data? 0:24:16: What about breach disclosure laws? 0:26:00: Do class action lawsuits provide accountability? 0:29:00: How can consumers evaluate a company’s data security? 0:32:35: Is data collection inherently bad? 0:34:43: How can we best use HIBP? 0:36:59: Should sites be rejecting known-bad passwords? 0:39:37: Why do some sites limit the use of special characters? 0:41:50: How up-to-date is HIBP data? 0:44:25: What does registering for notifications do? 0:45:39: What is your “opt out” feature? 0:46:25: Can hackers use HIBP for nefarious purposes? 0:48:16: Any other password advice? 0:50:27: Which services integrate with HIBP? 0:52:19: Wrap-up 0:54:52: New password guidelines 1:01:45: Patron podcast preview 1:02:12: Looking ahead

I’ve had some truly amazing interviews this past year. For your listening enjoyment, I’ve curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you’ve never listened to my podcast, this will give you a taste of what you’re missing! If you’re a regular listener, this will be a fun trip down memory lane, complete with new commentary. You’ll hear from Dr Paul Ashley (CEO/Founder of MySudo), Yael Grauer (Consumer Reports), Weld Pond (L0pht), Lisa LaVasseur (Internet Safety Labs), Zach Edwards (Silent Push), Bruce & Heidi Potter (Shmoocon), Deviant (physical security expert), Cory Doctorow (author, activist, EFF), Monique Priestley (VT State Rep), Carissa Véliz (author, professor), Adrian Ogee (CyberPeace Builders).Enjoy! Original Interview Links Ep414, Dr Paul Ashley: https://podcast.firewallsdontstopdragons.com/2025/02/03/controlling-your-digital-id/  Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep418: Chris Wysopal (Weld Pond): https://podcast.firewallsdontstopdragons.com/2025/03/03/back-to-the-l0pht/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep426: Zach Edwards: https://podcast.firewallsdontstopdragons.com/2025/04/28/riding-the-data-gravy-train/  Ep434: Bruce & Heidi Potter: https://podcast.firewallsdontstopdragons.com/2025/06/23/shmoocon-moose-you-already/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep440: Cory Doctorow: https://podcast.firewallsdontstopdragons.com/2025/08/04/tariffs-vs-ip-law/  Ep442: Monique Priestley: https://podcast.firewallsdontstopdragons.com/2025/08/18/im-just-a-privacy-bill/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep454: Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Best of 2025 blog/podcast: https://firewallsdontstopdragons.com/best-of-2025/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:04:42: Ep414: Dr Paul Ashley 0:09:44: Ep416: Yael Grauer 0:14:27: Ep418: Weld Pond 0:20:58: Ep422: Lisa LeVasseur 0:28:27: Ep426: Zach Edwards 0:34:38: Ep434: Bruce & Heidi Potter 0:38:36: Ep438: Deviant 0:42:51: Ep440: Cory Doctorow 0:51:10: Ep442: Monique Priestley 0:58:28: Ep446: Carissa Veliz 1:05:38: Ep454: Adrien Ogee 1:14:59: Wrap-up 1:15:40: Looking ahead

Way before the world wide web, computer enthusiasts were sharing information via digital bulletin board systems (BBS). This amounted to attaching a modem to your home computer and allowing other people to dial in from their computers (one at a time) to download “textfiles” and share “warez” – or cracked software applications, often games. This scene gave rise to several electronic “zines” that published articles on hacking and phone phreaking techniques. One of the most popular zines, Phrack, was started in 1985 and is still going strong forty years later. Today we’ll discuss the colorful and storied history of this pioneering zine with two Phrack editors, skyper and TMZ. Interview Notes Phrack magazine: https://phrack.org  Phrack Wikipedia page: https://en.wikipedia.org/wiki/Phrack  Hacker Manifesto: https://phrack.org/issues/7/3 Smashing the Stack for Fun and Profit (Aleph One): https://phrack.org/issues/49/14 E911 Document Leak: https://phrack.org/issues/24/5 Texfiles archive: http://www.textfiles.com/  DEF CON: https://www.youtube.com/watch?v=TW-D1I27E08  HOPE: https://www.youtube.com/live/7ZeN53mKhbE?t=26726s  WHY 2025 talk: https://www.youtube.com/watch?v=EtyzTsOtx4A  WHYcast: https://www.youtube.com/watch?v=nwY1q3aEFS0  Cap’N Crunch whistle: https://www.thingiverse.com/thing:3193749  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:31: Interview setup 0:03:13: Lingo definitions 0:05:32: How did Phrack Magazine start? 0:09:14: How did BBS systems give rise to phone phreaking? 0:15:59: How did Phrack compare to other zines? 0:19:35: How do you define “hacker”? 0:25:10: What goes into making an issue of Phrack? 0:30:00: What’s the story behind Phrack’s famous “hacker manifesto”? 0:33:32: Why was your E911 article so controversial? 0:36:27: What does it mean to “smash the stack”? 0:41:41: What are there ethical issues around releasing hacking tools? 0:45:46: Is the original hacker ethos still alive today? 0:50:18: How has hacking evolved in the last 40 years? 0:52:51: How will AI impact hacking? 0:54:24: Wrap-up 0:56:55: Patron podcast preview 0:57:39: Looking ahead

With the holiday season come holiday scams – and honestly, just more scammer activity across the board, in general. People are busy and buying lots of stuff, and it’s a time when we’re more vulnerable to schemes to take our money and infect our devices. Today we’ll talk about a few current scams going around and give some solid advice to avoid becoming a victim. In the news: FCC scraps cybersecurity rules for telcos; WhatsApp flaw exposed 3.5B phone numbers; ClickFix scam update; Border Patrol is monitoring US drivers for ‘suspicious’ travel patterns; a tricky Apple Support scam; USPS and EZ-Pass scams; a cool new tool for monitoring your home network for rogue devices; state and local cyber grant program to be renewed; airlines shut down program that sold your flight records; CA court ends electricity surveillance program; also, a few more holiday gift ideas! Article Links Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies https://techcrunch.com/2025/11/21/despite-chinese-hacks-trumps-fcc-votes-to-scrap-cybersecurity-rules-for-phone-and-internet-companies/ A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/ ClickFix may be the biggest security threat your family has never heard of https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/ Border Patrol is monitoring US drivers and detaining those with ‘suspicious’ travel patterns https://apnews.com/article/immigration-border-patrol-surveillance-drivers-ice-trump-9f5d05469ce8c629d6fecf32d32098cd ‘It made my blood run cold’: scammers are targeting Apple users with this devilishly clever trick – here’s how to stay safe https://www.techradar.com/computing/cyber-security/watch-out-apple-fans-this-scary-scam-is-stealing-personal-accounts-with-real-apple-support-tickets Scam USPS and E-Z Pass Texts and Websites – Schneier on Security https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html Your IP Address Might Be Someone Else’s Problem (And Here’s How to Find Out) https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem Full renewal of state and local cyber grants program passes in House https://therecord.media/state-local-cyber-grants-program-house-passage Airlines Will Shut Down Program That Sold Your Flights Records to Government https://www.404media.co/airlines-will-shut-down-program-that-sold-your-flights-records-to-government/ Victory! Court Ends Dragnet Electricity Surveillance Program in Sacramento https://www.eff.org/deeplinks/2025/11/victory-court-end-dragnet-electricity-surveillance-program-sacramento Best & Worst Gift Guide: https://firewallsdontstopdragons.com/best-worst-gifts-2025/  All my gift guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  Further Info EasyOptOuts 25% discount: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Consumer Reports $10 off: https://www.consumerreports.org/fdsd/  eBay AI settings:  https://accountsettings.ebay.com/ai-preferences My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:01:34: Quick tidbits 0:05:10: News preview 0:07:02: FCC scraps cybersecurity rules for telcos 0:11:02: WhatsApp Flaw Exposed 3.5B Phone Numbers 0:17:47: ClickFix scam 0:24:53: CBP is monitoring US drivers for ‘suspicious’ travel patterns 0:32:12: Clever Apple Support scam 0:38:05: More scams to watch for 0:40:19: Your IP Address Might Be Someone Else’s Problem 0:47:15: State and local cyber grant program to be renewed 0:49:13: Airlines Shut Down Program That Sold Your Flights Records 0:51:40: CA Court Ends Electricity Surveillance Program 0:55:27: Tip of the Week 1:03:53: Looking ahead 1:06:22: Patron podcast previews 1:07:42: Looking more ahead

Holiday shopping season is here! And that must mean that it’s time again for my annual Best & Worst Gift Guide! But this time I’ve recruited some top minds from Consumer Reports to lend their expertise and enlighten us with their tech gift-giving strategies! Yael Grauer, Stacey Higginbotham and Jeff Landale join me for a round table discussion of how to give tech gifts that won’t ruin the security and privacy of your recipients! Interview Notes $10 off Consumer Reports!! https://www.consumerreports.org/fdsd/  Consumer Reports: https://www.consumerreports.org/  Cyber Readiness Report: https://innovation.consumerreports.org/new-report-2025-consumer-cyber-readiness/  Security Planner: https://securityplanner.consumerreports.org/  Vulnerability Disclosure Programs: https://innovation.consumerreports.org/who-ya-gonna-call/  Give Dragon Coupons! https://firewallsdontstopdragons.com/give-the-gift-of-security-and-privacy/  Library Freedom Project: https://libraryfreedom.org/  Yael on spyware and iPhone 17: https://innovation.consumerreports.org/apples-new-iphone-memory-protections-safeguards-devices-against-sophisticated-attacks/  Yael interview (Security Planner): https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Stacey interview (software tethering): https://podcast.firewallsdontstopdragons.com/2024/11/11/cutting-the-software-tether/  iVerify interview: https://podcast.firewallsdontstopdragons.com/2023/11/13/securing-your-smartphone/  Further Info All my Best & Worst guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:15: Intro 0:02:18: What is your tech gift giving philosophy? 0:08:37: What are some worrying tech trends? 0:17:41: What are your tech gift horror stories? 0:22:09: What are your thoughts on giving tech gifts to kids? 0:29:52: What gifts are on your naughty list? 0:42:31: What’s on your nice tech gift list? 0:54:51: How should you handle receiving a bad gift? 1:07:06: Any other hot tips or advice? 1:11:08: What are some great non-tech gifts? 1:17:40: How can Consumer Reports help here? 1:20:39: Wrap-up 1:22:35: Dealing with phone spyware 1:24:35: Newsletter info 1:24:51: IoT vulnerability programs 1:25:04: Give Thanks 1:25:37: Patron podcast preview 1:26:28: Other gift ideas 1:27:27: EasyOptOuts and PayPal 1:28:12: Looking ahead

Data brokers are amassing tons of our personal information, often from public sources. You can try to find all of these brokers and request your data be deleted, but it’s a lot easier to deputize a trustworthy and affordable service to do all that work for you – and to do so on a regular basis. I’ll give you my easy button solution for this. Also in the news: Meta will use your AI sessions to target ads; Google is rolling out agentic AI shopping tools; OpenTable is gathering and sharing your dining habits; Amazon sues Perplexity over their agentic shopping tool; first ever reported AI-orchestrated hacking campaign; EU Commission looks to gut privacy laws; lawmakers want to ban all VPN use; US Senator uses opponents’ can VIN info against them; and new health privacy bill seeks to protect data in apps, smart watches. Article Links Meta won’t allow users to opt out of targeted ads based on AI chats https://arstechnica.com/tech-policy/2025/10/meta-wont-allow-users-to-opt-out-of-targeted-ads-based-on-ai-chats/ Google Is Rolling Out ‘Agentic Checkout’ to Make Your Purchases for You https://lifehacker.com/tech/google-is-rolling-out-agentic-checkout Texas Server Says Your Waitstaff Can Now See What Type Of Customer You Are If You Use OpenTable https://brobible.com/culture/article/opentable-ai-customer-profiling/ Amazon sues Perplexity over ‘agentic’ shopping tool https://www.reuters.com/business/retail-consumer/perplexity-receives-legal-threat-amazon-over-agentic-ai-shopping-tool-2025-11-04/ Disrupting the first reported AI-orchestrated cyber espionage campaign https://www.anthropic.com/news/disrupting-AI-espionage Civil society decries digital rights ‘rollback’ as European Commission pushes data protection changes https://therecord.media/civil-society-privacy-rollback Lawmakers Want to Ban VPNs https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing Senate Democrats seek to ‘get to bottom’ of Moreno’s car-data collection https://rollcall.com/2025/11/06/senate-democrats-seek-to-get-to-bottom-of-morenos-car-data-collection/ Health privacy bill seeks protections for data collected by apps, smartwatches https://therecord.media/health-privacy-bill-seeks-protections-apps-smartwatches Tip of the Week: Erasing Your Data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Further Info Ask ARC to delete data and stop sharing: https://www.404media.co/how-to-opt-out-of-airlines-selling-your-travel-data-to-the-government/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:45: News briefs 0:02:57: News preview 0:05:38: Meta won’t let you opt out of AI data gathering 0:15:05: Google Is Rolling Out ‘Agentic Checkout’ 0:20:13: OpenTable gathering and sharing your dining info 0:31:22: Amazon sues Perplexity over ‘agentic’ shopping tool 0:38:57: First reported AI-orchestrated cyber attack 0:51:33: European Commission pushes data protection changes 0:55:15: Lawmakers Want to Ban VPNs 1:04:03: Senator uses VIN info against opponents 1:10:38: Health privacy bill seeks protections for data collected by apps, smartwatches 1:12:43: Tip of the Week 1:16:26: Looking ahead

In the US alone, there are tens of thousands of small organizations that are responsible for critical infrastructure and vital community services. Most of them don’t have an IT department let alone a cyber security expert on staff. And yet these organizations are being attacked by cyber criminal gangs with ransomware and are also being targeted by foreign adversaries who would like the ability to disrupt our very civilization. While the US federal cyber agencies have not properly responded to these threats, a handful of volunteer organizations have emerged, organized under the Cyber Resilience Corps, to address these needs. Today I’ll speak with Michael Razeeq, Grace Menna, Adrien Ogee and Eric Franco about their much-needed efforts. Interview Notes Cyber Resilience Corps: https://cltc.berkeley.edu/program/cyber-resilience-corps/  Volunteer! https://cybervolunteers.us  Cyber Security Clinics: https://cybersecurityclinics.org/  The Ransomware Hunting Team: https://en.wikipedia.org/wiki/The_Ransomware_Hunting_Team  Roadmap to Cyber Defense: https://cltc.berkeley.edu/publication/roadmap-to-community-cybersecurity/  Path to Long-Term Cyber Resilience report: https://cltc.berkeley.edu/publication/a-path-to-long-term-cyber-resilience-for-under-resourced-organizations/  Grace Menna’s BSides LV talk: https://www.youtube.com/live/v20rxx_afw0?&t=1410   CISA Cybersecurity Resources for High-Risk Communities: https://www.cisa.gov/audiences/high-risk-communities/cybersecurity-resources-high-risk-communities  FBI InfraGuard: https://www.infragardnational.org/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:00:26: Couple announcements 0:01:09: Interview setup 0:03:38: Defining some terms 0:06:40: Introductions 0:07:51: What is the Cyber Resilience Corps? 0:13:59: What are some of the other affiliated cyber groups? 0:19:24: How do you reach organizations in need? 0:26:43: Do orgs ever resist or eschew your help? 0:34:22: How are these efforts funded? 0:42:14: is there agreement on where to focus efforts? 0:44:02: Which sectors are most important to secure? 0:51:11: Are there accepted standards for infrastructure security? 0:53:38: What are the requirements for volunteers? 1:04:19: How do match volunteers with needs? 1:08:28: How long do the support relationships last? 1:16:31: What key things have you learned from your initial work? 1:22:58: How do you scale this effort to address the massive need? 1:25:18: Shouldn’t Big Tech be doing more here? 1:33:49: How can we help? 1:37:28: If I’m an organization, how do I get help? 1:38:38: What’s next? 1:44:28: Wrap-up 1:47:59: Patron podcast preview 1:48:59: Looking ahead

Today we’ll wrap up my series of tips for enumerating all your old online accounts and deciding whether to delete them or just dumb down the personal data they have on you. There are several things to consider – we’ll go through them all! In other news: a study ranks the most private AI chatbots; LinkedIn is set to use your personal data to train their AI; ChatGPT has released an AI browser; new phishing scam for password manager creds; Gmail did not leak 183M passwords; man discovers his robot vacuum sharing lots of personal data; more info on Cellebrite’s mobile hacking abilities; Flock expanded its surveillance with Ring and drones; and group finds that half of our satellite communications are not encrypted. Article Links Which Generative AI Is Most Privacy-Respecting? https://www.obscureiq.com/which-generative-ai-is-most-privacy-respecting/ LinkedIn will use your data to train AI – how to opt out https://proton.me/blog/linkedin-ai-training Chatgpt Atlas Browser https://www.washingtonpost.com/technology/2025/10/22/chatgpt-atlas-browser/ Phishing scam uses fake death notices to trick LastPass users https://www.malwarebytes.com/blog/news/2025/10/phishing-scam-uses-fake-death-notices-to-trick-lastpass-users No, Gmail has not suffered a massive 183 million passwords breach https://www.techradar.com/pro/security/no-gmail-has-not-suffered-a-massive-183-million-passwords-breach-but-you-should-still-look-after-your-data Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House https://futurism.com/robots-and-machines/robot-vacuum-broadcasting Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/ Ring cameras are about to get increasingly chummy with law enforcement https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/ Exclusive: Flock Safety paid over $300 million for 17-month-old drone startup Aerodome https://techcrunch.com/2024/10/23/flock-safety-paid-over-300-million-for-17-month-old-drone-startup-aerodome/ Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted” https://www.pcmag.com/news/leak-from-the-sky-it-turns-out-a-lot-of-satellite-data-is-unencrypted Tip of the Week: https://firewallsdontstopdragons.com/removing-old-accounts/  Further Info Data Diet series: https://firewallsdontstopdragons.com/data-diet-introduction/  Backing up 2FA seed codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/  Using email aliases: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/  Claudito: https://github.com/micahflee/claudito  LM Studio: https://lmstudio.ai/  Dark Wire book: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:27: News briefs 0:01:49: News preview 0:03:53: Which AI Is Most Privacy-Respecting? 0:09:21: LinkedIn will use your data to train AI 0:14:23: ChatGPT’s new Altas browser 0:21:46: Phishing scam uses fake death notices 0:25:32: Gmail has NOT suffered a massive password breach 0:27:57: Man finds smart vacuum sending maps of home 0:33:41: More Cellebrite capability details leak 0:38:28: Flock inks deal with Ring cameras 0:42:57: Flock Safety buys drone company 0:46:52: Half of satellite comms are unencrypted 0:51:26: Tip of the Week 1:00:01: Patron podcast preview 1:00:18: Looking ahead 1:01:39: New patron promotion coming?

AI chatbots like ChatGPT have made quiet a splash. Companies are tripping all over themselves in a rush to add “AI” to everything, heedless of the security risks. But perhaps more insidious are the privacy risks. Most AI processing is done in the cloud, meaning that your queries and chats are subject to inspection, sharing, storing and monetizing. These AI systems are incredibly expensive to train and operate. And AI companies are desperate to feed them every scrap of data they can find. It’s a recipe for privacy disaster. But there are ways to make it more private and today we’ll discuss these approaches with Proton’s head of AI, Eamonn Maguire. Interview Notes Lumo privacy and security model: https://proton.me/blog/lumo-security-model  AI privacy concerns: https://proton.me/blog/ai-privacy-concerns  How to build a private AI: https://proton.me/blog/how-to-build-privacy-first-ai  LaTeX: https://en.wikipedia.org/wiki/LaTeX  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:12:22: Defining some terms 0:15:29: What are the main privacy issues with modern AI? 0:22:53: What are the dangers of training AI models on personal data? 0:27:57: How do we make AI chatbots safer to use? 0:35:31: What are Proton’s goals with Lumo? 0:42:41: How can Lumo protect a user’s privacy? 0:52:19: Can we do more to anoymize cloud LLM queries? 0:56:50: What can we do to increase trust and transparency with AI? 1:02:55: Where does Proton store and process AI data? 1:10:35: Which LLM models does Lumo use? 1:15:38: Will Proton offer a local-only version of Lumo? 1:20:36: What’s next for Lumo and AI at Proton? 1:27:59: Will Lumo ever be part of Proton pricing bundles? 1:31:24: Wrap-up 1:35:14: Patron podcast preview 1:36:04: Looking ahead

Now that we’ve tracked down all our old online accounts, it’s time to make them more secure and review the data they contain. We should download a copy of that data for safe keeping before we ultimately delete or suspend the accounts. We’ll discuss this next step in our journey of reducing our online data footprint – our Data Diet. In the news: Windows 10 support has officially ended; seniors targeted with malware from Facebook groups; Tile trackers can also track you; massive Salesforce data leaked after refusing to pay ransom; dangerous Discord breach; Apple, Google to reluctantly comply with new Texas age law; California enacts age-verification law; EU Chat Control defeated; California makes GPC universally available; largest CCPA fine to date levied against TSC. Article Links Windows 10 support “ends” today, but it’s just the first of many deaths https://arstechnica.com/gadgets/2025/10/windows-10-support-ends-today-but-its-just-the-first-of-many-deaths/ Seniors targeted in global Facebook scam spreading new Android malware https://therecord.media/seniors-targeted-facebook-android-malware-scam Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/ ShinyHunters Leak Data from Qantas, Vietnam Airlines and Others https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/ The Discord Hack is Every Users’ Worst Nightmare https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/ Apple and Google reluctantly comply with Texas age verification law https://arstechnica.com/tech-policy/2025/10/apple-and-google-reluctantly-comply-with-texas-age-verification-law/ California enacts its own internet age-gating law https://www.theverge.com/news/798871/california-governor-newsom-age-gating-ab-1043 Citizen Protest Halts Chat Control https://www.patrick-breyer.de/en/citizen-protest-halts-chat-control-breyer-celebrates-major-victory-for-digital-privacy/ California Governor signs first-in-the-nation privacy bill into law https://advocacy.consumerreports.org/press_release/california-governor-signs-first-in-the-nation-privacy-bill-into-law CPPA fines Tractor Supply Company $1.4 million for privacy violations https://therecord.media/ccpa-tractor-supply-privacy-fine Tip of the week: https://firewallsdontstopdragons.com/secure-old-accounts/  Further Info How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/  Setting up Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:28: News preview 0:02:31: Win10 support ended 0:08:19: Seniors targeted with malware from Facebook groups 0:12:00: Tile trackers can also track you 0:19:51: Massive Salesforce data leak 0:26:50: Dangerous Discord breach 0:32:35: Apple, Google to comply with new Texas age law 0:39:47: CA enacts age-verification law 0:44:56: EU Chat Control defeated! 0:49:33: CA makes GPC universally available 0:55:02: Largest CCPA fine to date 0:57:02: Tip of the Week 1:01:41: Wrapping up 1:02:29: Looking ahead

Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn’t done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the ‘cyber poverty line’. Today we’ll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help. Interview Notes DEF CON Franklin: https://defconfranklin.com/  For more info or help, email “defconfranklin” at gmail.com. Volt Typhoon: https://en.wikipedia.org/wiki/Volt_Typhoon  Initial Franklin trials: https://harris.uchicago.edu/news-events/news/first-water-utilities-take-volunteer-cyber-help  Franklin Almanac: https://defconfranklin.com/almanack.html  Franklin launch (DEF CON 32): https://www.youtube.com/watch?v=0TdY9JUaybc  DEF CON 33 Franklin update: https://defconfranklin.com/water_cybersec.html  Jake’s books: https://www.amazon.com/s?i=digital-text&rh=p_27%3AJake%2BBraun  More help: https://www.cybervolunteers.us/en  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:03:19: Why did you start the DEF CON Franklin project? 0:07:58: Why did you focus on protecting water systems? 0:12:41: Why target our water systems? 0:17:10: How do protect 50,000+ water facilities? 0:22:01: What are key takeaways from your first trials? 0:24:53: What are some of challenges you’ve faced? 0:29:13: Why did we ever put critical infrastructure on the internet? 0:31:05: Are there third parties involved in facility security, too? 0:32:45: How do you coordinate your efforts with other, similar orgs? 0:36:32: How do you know when your job is finished? 0:39:14: Are you getting support from the US government? 0:41:31: What’s next for Franklin? How can we help? 0:43:38: What’s the long term roadmap for Franklin? 0:45:00: Interview wrap-up 0:46:54: Patron podcast preview 0:47:52: Looking ahead 0:49:11: My other stuff

There are literally billions of devices connected to the internet today – many of them cheap, insecure IoT devices… smart thermostats, doorbell cameras, webcams, cheap WiFi routers and other smart appliances. As we like to say, the “S” in “IoT” is for security. And when insecure devices are no longer supported, the security bugs will never be fixed. We’ll discuss the implications of this growing problem and potential solutions with a passionate right-to-repair advocate and the founder of the Secure Resilient Future Foundation, Paul Roberts. Interview Notes Secure Resilient Future Foundation: https://secure-resilient.org/  The Security Ledger: https://securityledger.com/  Tech Timebombs: https://www.youtube.com/watch?v=koZERADCyug  Secure Repairs: https://securepairs.org/  Paul’s Congressional testimony: https://judiciary.house.gov/committee-activity/hearings/there-right-repair   FULU Foundation: https://fulu.org/  US PIRG: https://pirg.org/  Institute for Security and Technology: https://securityandtechnology.org/  NIST 800-232: https://csrc.nist.gov/pubs/sp/800/232/ipd  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:01:42: Interview terminology 0:03:22: How did you come to found SRFF? 0:08:24: Why are abandoned IoT devices “tech time bombs”? 0:16:53: What are the dangers of hacked IoT devices? 0:18:28: Is there any real liability for making insecure IoT devices? 0:23:36: How important is transparency to law making? 0:29:07: How does the right to repair interact with IoT security? 0:38:33: How should consumers be made aware of abandoned devices? 0:43:56: Can we rely on ISP’s to block insecure devices? 0:46:42: What other groups are working on improving IoT security? 0:52:24: Should the gov’t be funding research into securing IoT devices? 1:01:20: What can we do to help? 1:06:58: Patron podcast preview 1:07:31: Looking ahead

It’s rare these days to find a well-designed and useful application that was made to be private from the get-go. Too many apps today view your personal data as a cash cow to be mercilessly milked, claiming to value your privacy when they really value the extra revenue they can make off of your private data. When I find useful apps that are private by design, especially ones that can replace more popular apps that harvest our data, I like to call attention to them: in this case, Ente Photos. Today I’ll ask the founder and CEO why privacy is important to him and how it influenced his design approach. Interview Notes Ente Photo: https://ente.io/ Ente Auth: https://ente.io/auth/  Ente’s Machine Learning: https://ente.io/ml/  Ken Thompon’s lecture on trust: https://dl.acm.org/doi/10.1145/358198.358210  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:04:08: interview terminology 0:06:44: Why did you start Ente and why do you care about privacy? 0:15:23: Why should we trust Ente with our private data? 0:20:14: What private information does Ente collect? 0:25:12: How hard is it for 3rd party apps to integrate with the OS? 0:29:39: Is Ente more private than Apple Photos with ADP enabled? 0:31:40: How hard is it to migrate from Google or Apple Photos to Ente? 0:34:30: Is facial recognition metadata in a standard, portable format? 0:35:51: How hard is it to export photos from Ente? 0:37:57: Does Ente Auth allow for easy export and backup? 0:39:28: How do you backup your Ente photos? 0:41:12: How much of Ente’s AI photo processing is purely on-device? 0:45:51: How do you vet third party software libraries for privacy? 0:49:07: What data could Ente give, if required, to law enforcement? 0:52:43: How can we pass on our legacy of memories to our kids? 0:54:55: What’s next for Ente? 0:59:43: Interview wrap-up 1:00:56: Patron podcast preview 1:01:36: Looking ahead

In our quest to clean up and secure our data, today I will give you several clever and useful techniques for uncovering old, forgotten online accounts. We’ll scrape the bottom of the barrel to complete our list of accounts so that we can upgrade their security, see what data they have, and remove anything we no longer want floating around out there, waiting to be stolen or abused. In the news: Chat Control is up for a vote in the EU (time to contact your MEPs); Samsung to show ads on their smart refrigerators; new automated sextortion spyware; a third of UK firms spying on employees; airlines sells 5B flight records for warrantless searching; ICE signs $3M contract for phone hacking tool; ChatGPT to guess your age or require ID; Swiss government looks to enable mass surveillance; Google Pixel 10 adds C2PA support; Apple iPhone 17 includes killer hardware security feature. Article Links Chat Control: Can the EU Parliament save our encrypted chats? https://www.techradar.com/vpn/vpn-privacy-security/chat-control-can-the-eu-parliament-save-our-encrypted-chats Samsung confirms its $1,800+ fridges will start showing you ads https://www.androidauthority.com/samsung-confirms-smart-refrigerator-ads-are-coming-3598848/ Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn https://www.wired.com/story/stealerium-infostealer-porn-sextortion/ A third of UK firms using ‘bossware’ to monitor workers’ activity, survey reveals https://www.theguardian.com/world/2025/sep/14/uk-firms-bossware-monitor-workers-activity Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching https://www.404media.co/airlines-sell-5-billion-plane-ticket-records-to-the-government-for-warrantless-searching/ ICE unit signs new $3M contract for phone-hacking tech | TechCrunch https://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/ ChatGPT Will Guess Your Age and Might Require ID for Age Verification https://www.404media.co/chatgpt-will-guess-your-age-and-might-require-id-for-age-verification/ Swiss government looks to undercut privacy tech, stoking fears of mass surveillance https://therecord.media/switzerland-digital-privacy-law-proton-privacy-surveillance Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity https://thehackernews.com/2025/09/google-pixel-10-adds-c2pa-support-to.html The iPhone 17 memory shield will give spyware developers a hard time https://appleinsider.com/articles/25/09/11/the-iphone-17-memory-shield-will-give-spyware-developers-a-hard-time Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-2/  Further Info Fight Chat Control in EU: https://fightchatcontrol.eu/  ARC opt out: https://www2.arccorp.com/site-privacy-policy/#17  LinkedIn privacy settings to change: https://discuss.privacyguides.net/t/linkedin-change-of-tos-opt-out-before-november-3rd/31199  Privacy Guides: https://www.privacyguides.org/  Coalition for Content Provenance and Authenticity: https://c2pa.org/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:23: Few PSA’s 0:03:37: News preview 0:05:35: EU’s Chat Control vote coming soon 0:10:46: Samsung smart fridges to start showing ads 0:16:17: New automated sextortion malware 0:21:24: A third of UK companies spy on employees 0:25:51: Airlines sell 5B records for warrantless searches 0:31:44: ICE signs $3M contract for phone hacking tool 0:34:08: ChatGPT to guess your age or require ID 0:38:11: New Swiss law would uncut user privacy 0:42:46: Google Pixel 10 Adds C2PA Support 0:45:50: iPhone 17 adds killer new security feature 0:51:27: Tip of the Week 1:02:03: A note on upcoming shows 1:03:30: Looking ahead 1:04:53: My other stuff

Artificial Intelligence (AI) is the Big Tech buzzword of the day. Every company who wants investment (public or private) is scrambling to have an “AI story”, adding chatbots and ‘agentic’ features in their products wherever possible. The AI companies themselves are constantly expanding their models, ingesting as much data (including highly personal information) as possible. In this AI gold rush, companies are making flawed and often harmful products. Companies are firing workers and trying to replace them with AI bots. And it’s forcing us all to question what’s real, what has actual value, and what the impacts could and should be on society as a whole. Discussing deep questions like this is the purview of philosophers – and today I’ll be welcoming back someone uniquely and supremely qualified to address them, Carissa Véliz. Interview Notes Carissa Véliz: https://www.carissaveliz.com/  Privacy is Power: https://www.carissaveliz.com/books  Carissa’s research: https://www.carissaveliz.com/research  Moral Zombies: https://link.springer.com/article/10.1007/s00146-021-01189-x  ChatGPT suicide: https://www.nytimes.com/2025/08/26/technology/chatgpt-openai-suicide.html  TESCREAL: https://en.wikipedia.org/wiki/TESCREAL  John Oliver on AI Slop: https://www.youtube.com/watch?v=TWpg1RmzAbc  Proton Lumo: https://proton.me/blog/lumo-ai  EU’s “public good” LLM: https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:05:09: What does “artifical intelligence” really mean? 0:13:21: Should STEM degrees require ethics training? 0:17:20: Does anthropomorphising AI undermine our discourse? 0:22:35: What is the TESCREAL view of AI? 0:28:09: Can we infuse AI tools with human morality? 0:34:31: What are the dangers of training AI on copyrighted works? 0:42:16: What happens when AI starts ingesting it’s own output? 0:44:27: Can we make AI systems that are truly private? 0:48:08: How should we assign liability for AI harms? 0:51:06: Is AI eroding our ability to trust anything? 0:54:06: What happens when AI obviates the need to work at all? 1:00:00: How do we maximize the benefits and minimize the harms of AI? 1:03:20: Interview wrap-up 1:06:06: Patron podcast preview 1:07:08: Looking ahead

The next step in reducing our digital footprint is to identify all of our online accounts, including the long forgotten and unused ones. The easiest place to start is by using the tool we should already have: our password manager. By its very nature, it contains a list of all our accounts. You may have used your browser to remember your passwords, or you may have some other method… but it’s time to move to a real password manager. In other news: update your Android devices ASAP; Android malware spreading via Facebook ads; Google to make it harder to sideload Android apps; dashcam company cloud storage hacked; Anthropic to train model based on your chats; OpenAI sharing some GPT chats with law enforcement; ChatGPT getting parental controls after teen suicide; Microsoft Word will auto-save to OneDrive; Chrome VPN extension caught taking screenshots of sites you visit; US tells BigTech not to comply with DSA; and Flock pauses work with federal agencies. Article Links This Android Malware Is Spreading Through Facebook Ads https://lifehacker.com/tech/this-android-malware-is-spreading-using-meta-ads Android Is Making It More Difficult to Sideload Apps https://lifehacker.com/tech/android-is-making-it-more-difficult-to-sideload-apps This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In https://www.404media.co/this-company-turns-dashcams-into-virtual-cctv-cameras-then-hackers-got-in/ Anthropic will start training its AI models on chat transcripts https://www.theverge.com/anthropic/767507/anthropic-user-data-consumers-ai-models-training-privacy People Are Furious That OpenAI Is Reporting ChatGPT Conversations to Law Enforcement https://futurism.com/people-furious-openai-reporting-police OpenAI announces parental controls for ChatGPT after teen suicide lawsuit https://arstechnica.com/ai/2025/09/openai-announces-parental-controls-for-chatgpt-after-teen-suicide-lawsuit/ Microsoft Word now autosaves to OneDrive. Is your data safe? https://proton.me/blog/microsoft-word-autosave-onedrive-default Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit/ Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act https://www.wired.com/story/big-tech-companies-in-the-us-have-been-told-not-to-apply-the-digital-services-act/ License-plate reader company pauses work with federal agencies after backlash https://therecord.media/flock-license-plate-reader-pauses-federal-work Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-1/  Further Info Nexar CityStream live: https://livefeed.getnexar.com  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Become a patron! https://fdsd.me/patron/ Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:10: Update your Android devices 0:01:41: News preview 0:03:38: Android malware spread via Facebook ads 0:06:49: Android is making it harder to sideload apps 0:12:16: “Virtual CCTV” dashcam company is hacked 0:18:01: Anthropic to train AI based on your chats 0:22:33: OpenAI sharing some GPT chats with law enforcement 0:26:46: OpenAI accounces parental controls after teen suicide 0:33:41: Microsoft Word now autosaves to OneDrive 0:40:36: Chrome VPN extension screenshots sites you visit 0:45:18: US tells BigTech not to comply with DSA 0:51:08: Flock pauses work with federal agencies 0:53:38: Tip of the Week 1:01:22: Patron podcast preview 1:01:55: Looking ahead

We take our cell phones with us everywhere – which makes them the perfect tracking device. Just walking around with your device will give your location away in multiple ways. But even if you had no apps on your phone, the cellular chips in our devices will constantly be interacting with every cell tower that’s in range, negotiating the best tower to talk to, whether to use 5G or something else, and authenticating to the network – even in Airplane Mode. Cell site simulators (aka Stingrays or IMSI catchers) can be used to trick your phone into give away your location. The Electronic Frontier Foundation (EFF) has developed a cheap, easy-to-setup device that can try to discover and report these devices. Today I interview an expert panel about the clever Rayhunter project: Cooper Quintin, The Gibson, and OopsBagel. Interview Notes Rayhunter announcement: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying  EFF’s Rayhunter project: https://efforg.github.io/rayhunter/  Submitting logs to EFF: https://efforg.github.io/rayhunter/support-feedback-community.html  DEF CON talk on Rayhunter: https://spectra.video/w/jt9rZHCU51Rh58cBD8oiP3  Buy yourself an Orbic hotspot: https://www.ebay.com/sch/i.html?_nkw=orbic+rc400l  Gotta Catch ‘Em All: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks  iPhone/Android fake cell site protections: https://www.eff.org/deeplinks/2023/09/apple-and-google-are-introducing-new-ways-defeat-cell-site-simulators-it-enough  Meshtastic: https://meshtastic.org/docs/getting-started/  Veilid: https://veilid.com/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Table of Contents 0:00:00: Intro 0:02:26: Interview setup 0:06:18: How did you become in involved with Rayhunter? 0:12:08: What is a cell site simulator? 0:14:01: What does a CSS look like and how are they deployed? 0:16:55: How is a CSS used for surveillance? 0:20:31: Can cell site simulaters work with modern protocols like 5G? 0:24:09: What information can you sniff from the cellular network? 0:27:41: Is there any transparency around the use of CSS’s? 0:30:02: How did Rayhunter evolve from previous work? 0:35:00: How do I make a Rayhunter device? 0:41:45: I’ve create a Rayhunter… now what? 0:46:10: How can I protect myself against CSS surveillance? 0:49:38: Does Airplane Mode really disable your cellular radio? 0:52:22: How else might I defeat mass surveillance tech? 0:54:46: What’s next for everyone? 1:00:53: Interview wrap-up 1:03:36: Meshtastic 1:04:49: Patron podcast preview 1:05:26: Looking ahead

The world wide web, as we know it today, has been around for over 30 years. In that time, most of us have created many dozens, perhaps hundreds, of online accounts. How many of those accounts are still alive somewhere? What data do they hold? And how good are the passwords you used? Today we’re going to start on the path to finding all those accounts which could drastically improve our privacy and security. In the news: millions of Dell laptops have critical security flaws you need to patch now; Facebook may be secretly scanning your phone’s images; National Public Data is back and you should delete your data; data brokers are flouting privacy laws; Ionic 5 owners in the UK will have to pay for a security fix; Flipper Zero devices are being (wrongly) blamed for auto thefts; the US Supreme Court allows Mississippi social media law to go into effect; data brokers are hiding their opt-out pages; app TeaOnHer exposed users’ data; UK backs down from Apple backdoor demand; and now is the time for EU residents to speak out against Chat Control. Article Links Millions of Dell laptops hit by ‘critical’ security vulnerability https://www.pcworld.com/article/2870014/millions-of-dell-laptops-hit-by-critical-security-vulnerability.html Meta might be secretly scanning your phone’s camera roll – how to check and turn it off https://www.zdnet.com/article/meta-might-be-secretly-scanning-your-phones-camera-roll-how-to-check-and-turn-it-off/ You Should Remove Your Info From the Rebooted National Public Data Site https://lifehacker.com/tech/remove-your-info-from-rebooted-national-public-data-site Data Brokers Are Ignoring Privacy Law. We Deserve Better. https://www.eff.org/deeplinks/2025/08/data-brokers-are-ignoring-privacy-law-we-deserve-better Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole https://www.theverge.com/news/757205/hyundai-ioniq-5-security-upgrade-fix-game-boy-device-attacks Can Flipper Zero really steal your car? (Spoiler: NO) https://blog.flipper.net/can-flipper-zero-steal-your-car/ Supreme Court allows Mississippi social media law to go into effect https://www.npr.org/2025/08/14/nx-s1-5482925/scotus-netchoice Data Brokers Are Hiding Their Opt-Out Pages From Google Search https://www.wired.com/story/data-brokers-hiding-opt-out-pages-google-search/ How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes | TechCrunch https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/ UK blinks, backs down from its Apple backdoor encryption demand https://appleinsider.com/articles/25/08/19/uk-blinks-backs-down-from-its-apple-backdoor-encryption-demand Worried about Chat Control? This website can help you get your say https://www.techradar.com/computing/cyber-security/worried-about-chat-control-this-website-can-help-you-get-your-say Tip of the Week: Data Diet Introduction: https://firewallsdontstopdragons.com/data-diet-introduction/  Further Info Cory Doctorow on age verification: https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers  Fight EU’s Chat Control: https://fightchatcontrol.eu/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:37: News preview 0:05:00: Millions of Dell laptops hit by ‘critical’ security vulnerability 0:06:44: Meta might be secretly scanning your phone’s camera roll 0:12:00: You Should Remove Your Info From National Public Data 0:15:39: Data Brokers Are Ignoring Privacy Law 0:19:06: Hyundai wants Ioniq 5 owners to pay for security fix 0:22:43: Can Flipper Zero really steal your car? (No.) 0:30:38: Supreme Court allows Mississippi social media law to go into effect 0:34:35: Data Brokers Are Hiding Their Opt-Out Pages 0:43:35: We found TeaOnHer spilling users’ info in less than 10 minutes 0:49:17: UK backs down from its Apple backdoor demand 0:53:38: Having your say about Chat Control 0:58:41: Tip of the Week: Data Diet, Intro 1:02:52: Merlin’s Musings preview 1:04:21: Looking ahead

Why don’t we have meaningful privacy laws in the US? While we haven’t been able to pass federal privacy legislation, many states have managed to pass laws protecting our data and establishing some basic privacy rights. Vermont House Representative Monique Priestley led a Herculean effort to pass privacy legislation in her state last year. While managing to get a solid bill through the House and Senate, the bill was ultimately vetoed by the governor and the Senate failed to override it. But along the way, Monique learned valuable lessons about dealing with Big Tech lobbyists. Today we’ll follow the journey of the Vermont Data Privacy Act of 2024 and what lessons we should learn for future attempts at privacy legislation. Interview Notes Monique Priestley: https://mepriestley.com/  Vermont State Representative site: https://priestleyvt.com/  Vermont Committee Zoom call: https://www.youtube.com/watch?v=RfvAteuwRCA  Age Appropriate Design Code: https://epic.org/epic-applauds-passage-of-vermont-age-appropriate-design-code/  Big Tech Tried to Kill My State’s Privacy Bill. Here’s What I Learned. https://www.techpolicy.press/big-tech-tried-to-kill-my-states-privacy-bill-heres-what-i-learned/  The man quietly rewriting American privacy law https://www.politico.com/news/2024/09/17/andrew-kingman-data-privacy-lobbying-00179630  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:36: Interview setup 0:05:45: How did you get into privacy politics? 0:08:44: Who drafts the initial bill? 0:12:25: How are initial bills modified during this process? 0:17:08: When and how do lobbyists get involved? 0:22:34: Are lobbyists transparent about who they represent? 0:30:42: What are the most controversial elements of a privacy bill? 0:34:16: How are privacy laws limited by scope? 0:39:11: Why is the privacy right of action so important? 0:43:37: How do lobbyists kill privacy bills? 0:49:05: Do legislators collaborate across states? 0:55:19: How did the Vermont privacy bill get killed? 0:57:55: What are your key takeaways from this experience? 1:02:12: What’s the current status of privacy legislation? 1:04:57: How can we help? 1:06:57: Wrap-up 1:09:38: Patron podcast preview 1:10:18: Looking ahead

It’s early August, which means it’s time for BSides Las Vegas and DEF CON, part of the trio of conferences that make up “hacker summer camp” (the other being Black Hat, which I don’t attend). It’s been a crazy, chaotic week – as usual – but in almost completely good ways. After the regular news, I’ve got some mini interviews with Jake Braun (DEF CON Franklin), Stacey Higginbotham (Consumer Reports), Cooper Quitin (EFF) and The Gibson (Veilid and hackers.town). In other news: Tea app users file a class action lawsuit over massive breach; ChatGPT sessions may be searchable by anyone; US government launches initiative to centralize health data for use by tech companies; Australia rolls out age verification for search engines; Grok AI is now in Teslas; China-backed hackers exploit horrific Microsoft bug; Dropbox ends its password manager service. Article Links Tea User Files Class Action After Women’s Safety App Exposes Data https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/ ChatGPT users shocked to learn their chats were in Google search results https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/ Trump administration is launching a new private health tracking system with Big Tech’s help https://apnews.com/article/trump-ai-rfk-jr-health-tech-fa73703bd1fd557c787ef0b590e151f1 Australia is quietly rolling out age checks for search engines like Google https://www.abc.net.au/news/2025-07-11/age-verification-search-engines/105516256 Grok is now in Tesla cars, but not in the way you think https://mashable.com/article/grok-tesla China-backed hackers used Microsoft flaw in attacks https://www.washingtonpost.com/technology/2025/07/21/china-hackers-microsoft-sharepoint/ Users left scrambling for a plan B as Dropbox drops Dropbox Passwords https://www.theregister.com/2025/07/30/dropbox_drops_dropbox_passwords/ Tip of the Week: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/  Further Info Top hacker interviews: https://fdsd.me/hackers   DEF CON Franklin: https://defconfranklin.com/ EFF: https://www.eff.org/ Veilid: https://veilid.com/ Consumer Reports: https://securityplanner.consumerreports.org/ My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:02:24: News preview 0:03:31: Tea User Files Class Action Lawsuit 0:06:24: ChatGPT users shocked to learn their chats were in Google search results 0:11:11: Trump administration is launching a new private health tracking system 0:17:52: Australia is quietly rolling out age checks for search engines 0:22:56: Grok is now in Tesla cars, but not in the way you think 0:25:29: China-backed hackers used Microsoft flaw in attacks 0:29:50: Dropbox drops Dropbox Passwords 0:32:20: Tip of the Week 0:36:27: Hacker Summer Camp Extras! 0:42:53: SNIPPET: Stacey Higginbotham 0:47:03: SNIPPET: Jack Braun 0:50:18: SNIPPET: Cooper Quintin and Gibson 0:55:04: Wrapup

Cory Doctorow has garnered a lot of needed attention to the decline of modern online platforms, including Google Search, Facebook and Twitter. Much of this is a result of coining the now-viral term Enshittification. Today we’ll talk about how the internet was broken and who’s to blame. We’ll also discuss the lack of privacy laws and the threats of AI to tech workers and copyrighted works. Finally, we’ll discuss Cory’s novel proposal for how countries could respond to US tariffs by ripping up intellectual property agreements, changing the power dynamic of the Big Tech industry and hopefully benefiting consumers in the process. Interview Notes Cory’s blog (Pluralistic): https://pluralistic.net/  Canada shouldn’t retaliate with US tariffs: https://pluralistic.net/2025/01/15/beauty-eh/#its-the-only-war-the-yankees-lost-except-for-vietnam-and-also-the-alamo-and-the-bay-of-ham  Who Broke the Internet? https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor  Enshittification book (coming Oct 2025): https://us.macmillan.com/books/9780374619329/enshittification/  Regex: https://en.wikipedia.org/wiki/Regular_expression  Copyright and AI: https://www.technologyreview.com/2025/07/01/1119486/ai-copyright-meta-anthropic/  Further Info Humble Bundle: https://www.humblebundle.com/books/security-apress-books  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:02:07: Humble Bundle! 0:03:09: Interview preview 0:06:52: Has coining the term Enshittification helped to raise awareness? 0:11:08: Who broke the internet? 0:20:15: Will AI reduce tech workers’ power? 0:27:21: Why can we not get privacy laws? 0:35:21: How should countries respond to US tariffs? 0:39:57: Do DRM protections incentize creators? 0:44:37: What’s your take on the Anthropic AI copyright decision? 0:55:03: What’s next for you? 0:56:04: Interview wrap-up 0:57:27: Hacker summer camp 0:59:28: Patron podcast preview 1:00:24: Looking ahead

We take our phones with us everywhere. And they contain, or have cloud access to, pretty much all of our personal information and online accounts. While phone makers have made it difficult for thieves to resell a stolen phone, anyone with physical access to your device may be able to extract its data or access all your accounts. Thankfully, Apple (iOS) and Google (Android) have recently introduced several features that can significantly increase your device’s physical security and privacy. We’ll discuss some of them today. In the news: VPN signups in UK spike after age verification law kicks in; Tea app data breach includes IDs; Amazon buys Bee AI wearable; your power meter is a surveillance tool; Amazon’s Ring returns to sharing video with police; startup sells hacked data to debt collectors; Gemini AI on Android to get third party app access; Brave blocks Windows Recall; UK backs down on Apple back door; Apple to make passkeys portable; two new AI chatbots that are truly open and private. Article Links Proton VPN Signups in UK Surge 1,400% After Online Safety Act Comes Into Force https://cyberinsider.com/proton-vpn-signups-in-uk-surge-1400-after-online-safety-act-comes-into-force/ I Knew the Viral ‘Tea’ App Was Trouble, but I Didn’t Expect a Data Breach https://lifehacker.com/tech/i-knew-the-viral-tea-app-was-trouble-but-i-didnt-expect-a-data-breach  Amazon buys Bee AI wearable that listens to everything you say https://www.theverge.com/news/711621/amazon-bee-ai-wearable-acquisition When Your Power Meter Becomes a Tool of Mass Surveillance https://www.eff.org/deeplinks/2025/07/when-your-power-meter-becomes-tool-mass-surveillance Amazon’s Ring goes full founder mode, taking the company back to its crime-fighting roots https://www.businessinsider.com/amazon-ring-founder-mode-jamie-siminoff-crime-fighting-roots-2025-7 A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/ Unless users take action, Android will let Gemini access third-party apps https://arstechnica.com/security/2025/07/unless-users-take-action-android-will-let-gemini-access-third-party-apps/ Brave blocks Windows Recall from screenshotting your browsing activity https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/ UK backing down on Apple encryption backdoor after pressure from US https://arstechnica.com/tech-policy/2025/07/uk-backing-down-on-apple-encryption-backdoor-after-pressure-from-us/ Passkey portability is finally here in iOS 26 and macOS Tahoe 26 https://9to5mac.com/2025/07/12/passkey-portability-is-finally-here-in-ios-26-and-macos-tahoe-26/ Introducing Lumo, the AI where every conversation is confidential https://proton.me/blog/lumo-ai A language model built for the public good https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html Tip of the Week: https://firewallsdontstopdragons.com/physical-phone-security/  Further Info Hacker Plants Computer ‘Wiping’ Commands in Amazon’s AI Coding Agent https://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:47: DEF CON update 0:01:47: News preview 0:04:06: Proton VPN use surges in UK 0:08:13: Data breach at viral Tea app 0:19:36: Amazon buys Bee AI wearable 0:26:47: Using power meters for surveillance 0:30:48: Ring again sharing video with police 0:34:57: Startup selling hacked data to debt collectors 0:42:29: Android lets Gemini access 3rd party apps 0:48:31: Brave blocks Windows Recall 0:53:14: UK backs down on Apple back door 0:57:46: Apple to support passkey portability 1:01:41: Proton’s new AI: Lumo 1:07:20: A language model built for the public good 1:08:58: Tip of the Week 1:17:01: Looking ahead 1:17:55: Merlin’s Musing preview

We talk a lot about digital or online security. Today we’re going to focus on physical security and the general ethos of “be prepared”. There are many situations in life when you will find yourself wishing you had had the foresight to acquire certain things or establish certain professional relationships before you actually needed them. Deviant Ollam is a physical penetration specialist. His job is to find and fix weaknesses in physical things… buildings, locks, safes, etc. And along the way he has learned some important lessons for all of us. Today he will share his wisdom with us. Interview Notes Deviant’s website: https://deviating.net/  Lawyer,Passport, Locksmith, Gun talk: https://www.youtube.com/watch?v=6ihrGNGesfI  Attacking Classified Safes & Vaults: https://www.youtube.com/watch?v=-Z_Jv7vuiqg  Red Team Alliance: https://shop.redteamalliance.com/  Red Team Tools: https://www.redteamtools.com/  CackalackyCon: https://www.cackalackycon.org/  Shut the F**k Up PSA: https://www.youtube.com/watch?v=nWEpW6KOZDs  Home lock – Schlage Primus: https://commercial.schlage.com/en/products/key-systems/primus-security-upgrade.html  Padlock – Pacific Lock (PACLOCK): https://paclock.com/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:04:27: What is a physical entry specialist? 0:08:47: How would you describe the prepper ethos? 0:12:21: What are common mistakes for disaster prep? 0:15:52: What should everyone have a passport? 0:20:32: Why should everyone have an established lawyer? 0:28:55: What other professionals should I have at the ready? 0:34:09: What locks should I use or avoid? 0:40:39: Do any movies and TV shows portray lock picking correctly? 0:43:36: What is ‘responsible disclosure’ like for physical vulnerabilities? 0:47:44: Do you tell companies when you stumble on physical vulnerabilities? 0:51:41: What documents should we have physical copies of? 0:55:27: If I’m politically active, how can I minimize my digital footprint? 0:59:10: Why should we use secure, private communications? 1:02:34: What’s next for you? 1:06:05: Wrap-up 1:08:45: Patron podcast preview

Your cell phone number uniquely identifies you. Many companies rely on this 1-to-1 relationship to authenticate you to their systems. So if someone were to somehow manage to steal your mobile phone number – a hack called SIM swapping – they could use that to impersonate you and compromise any of your accounts that are validated via SMS or phone call. There’s a new tool to combat this scam that’s better than the old-style account PIN codes. I’ll explain how it works. In the news: many Brother printers have serious cyber vulnerabilities; Belkin in abandoning Wemo smart devices next January; Xfinity’s WiFi routers can detect motion in your entire home; Bluesky is rolling out age verification in the UK; California is using drones to catch the use of illegal fireworks; McDonald’s AI hiring bot was hacked to expose millions of applicants’ data; Mexican drug cartel hacked FBI phone to catch informants; US strikes blow against North Korean fake worker scams; Denmark is looking to ditch Microsoft products. Article Links New Vulnerabilities Expose Millions of Brother Printers to Hacking https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/  Belkin pulls the plug on Wemo smart home products which will stop working in 2026 https://9to5google.com/2025/07/10/belkin-wemo-smart-home-shutdown-list/  Using WiFi Motion in the Xfinity app https://www.xfinity.com/support/articles/wifi-motion  Bluesky is rolling out age verification in the UK https://www.theverge.com/news/704468/bluesky-age-verification-uk-online-safety-act  Huge fines coming for Californians caught by drone with illegal fireworks https://www.sfgate.com/bayarea/article/california-drones-illegal-fireworks-20629637.php  McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/  Drug cartel hacked FBI official’s phone to track and kill informants https://arstechnica.com/security/2025/06/mexican-drug-cartel-hacked-fbi-officials-phone-to-track-informant-report-says/  Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams https://www.wired.com/story/identities-of-80-plus-americans-stolen-for-north-korean-it-worker-scams/  Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux https://www.zdnet.com/article/why-denmark-is-dumping-microsoft-office-and-windows-for-libreoffice-and-linux/  Tip of the Week: https://firewallsdontstopdragons.com/freezing-your-mobile-account/  Further Info Tom’s Hardware on WiFi Motion: https://www.tomshardware.com/networking/routers/new-xfinity-router-motion-detecting-feature-stokes-privacy-fears-feature-powered-by-wi-fi-signals  RockYou password list: https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/  LibreOffice: https://www.libreoffice.org/discover/libreoffice/  Eurostack: https://eurostack.eu/  Running Linux in a VM on Windows: https://itsfoss.com/install-linux-mint-in-virtualbox/  Age verification: https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:17: DEF CON coming up fast 0:03:34: News preview 0:06:31: New Vulnerabilities Expose Millions of Brother Printers to Hacking 0:11:51: Belkin pulls the plug on Wemo smart home products 0:14:25: Using WiFi Motion in the Xfinity app 0:21:19: Bluesky is rolling out age verification in the UK 0:26:49: Huge fines coming for Californians caught by drone with illegal fireworks 0:29:36: McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data 0:35:31: Drug cartel hacked FBI official’s phone to track and kill informants 0:39:54: Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams 0:48:33: Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux 0:55:48: Tip of the Week 1:01:37: Merch reminder 1:02:12: Patron podcast preview 1:02:45: Looking ahead

Privacy risks are bad enough for adults – but it’s much worse for our kids, particularly as students. Who provides notice and obtains consent for minors at school? In many cases it’s not the parents, let alone the students – it’s the school system. Not only are they opting the students into invasive data collection by profit-driven third parties, but they often also bind them to mandatory arbitration clauses, neutering their ability to seek legal redress for the inevitable violations. Today I’ll discuss this horrid state of affairs with someone who is on the front lines of this battle for our children’s right to privacy: co-founder of the EdTech Law Center, Andy Liddell. Interview Notes EdTech Law Center: https://edtech.law/about-us/  EdTech current cases: https://edtech.law/cases/  Internet Safety Labs: https://internetsafetylabs.org/  The Right to Oblivion (book): https://www.hup.harvard.edu/books/9780674260528  ACLU, Digital Dystopia: https://www.aclu.org/publications/digital-dystopia-the-danger-in-buying-what-the-edtech-surveillance-industry-is-selling  The Markup, College Prep Software Naviance Is Selling Advertising Access to Millions of Students: https://themarkup.org/machine-learning/2022/01/13/college-prep-software-naviance-is-selling-advertising-access-to-millions-of-students  Proton blog on EdTech and privacy: https://proton.me/blog/ed-tech-trackers  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:02:48: What’s your mission at the EdTech Law Center? 0:05:20: What are the unique privacy threats for students? 0:09:46: What privacy laws are there for minors? 0:12:05: How are these laws enforced and litigated? 0:18:21: How does notice and consent work for students? 0:27:05: What rights do the kids have in these situations? 0:29:38: How are these EdTech companies? 0:31:40: Which apps and tools are most problematic and why? 0:37:20: Should minors’s data be deleted when they reach adulthood? 0:40:15: Are school systems equipped to understand these contracts? 0:42:35: What about privacy issues with EdTech hardware? 0:45:50: What have we already learned via discovery or reporting? 0:50:01: As a parent, who do I talk to about my child’s privacy risks at school? 0:54:16: What are some red flags to look out for? 0:57:10: What responsibilities do school systems have here? 1:00:57: So what can we do? When should we reach out to you? 1:05:02: Interview follow-up 1:06:26: Patron podcast preview 1:07:19: Looking ahead

Do you realize that you’re not always using your chosen mobile web browser or your network privacy features? Many mobile apps have their own in-app browser that can gather your data and even inject ads and trackers into any web links you click. I’ll explain how this works and what you can do about it. In the news: 23andMe bankruptcy ombudsman argues for user consent to data; Meta AI app privacy nightmare; Amazon, Roku sharing users for ads; WhatsApp launches in-app ads; healthcare sites are sharing your data; ICE seeks powerful new surveillance tool; Austrian government wants your encrypted data; new US visa rules require social media posts; Scattered Spider targeting insurance info; VT governor signs child data privacy law; Flock blocks access to some US states; Microsoft offers 1-year security updates for Win10 users; new Android 16 security features; Denmark’s answer to deepfakes; cleaner Google search results; ChatGPT user info reports. Article Links [therecord.media] 23andMe privacy ombudsman recommends company obtains consent for sale of customer data https://therecord.media/23andme-privacy-ombudsman-recommends-consent-sale [techcrunch.com] The Meta AI app is a privacy disaster https://techcrunch.com/2025/06/12/the-meta-ai-app-is-a-privacy-disaster/ [variety.com] Amazon, Roku Strike Deal to Pool Connected-TV Audiences for Advertisers https://variety.com/2025/tv/news/amazon-roku-pool-connected-tv-audiences-advertising-deal-1236432579/ [9to5mac.com] WhatsApp just launched ads for all users https://9to5mac.com/2025/06/16/whatsapp-just-launched-ads-for-all-users-here-are-the-details/ [The Markup] This Is How You Stop Data Trackers From Sucking up Your Health Data https://themarkup.org/the-breakdown/2025/06/17/this-is-how-you-stop-data-trackers-from-sucking-up-your-health-data [fedscoop.com] ICE seeks proprietary data and tech to monitor up to a million people  https://fedscoop.com/ice-seeks-proprietary-data-and-tech-to-monitor-up-to-a-million-people/ [reuters.com] Austrian government agrees on plan to allow monitoring of secure messaging https://www.reuters.com/world/austrian-government-agrees-plan-allow-monitoring-secure-messaging-2025-06-18/ [The Hacker News] New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public https://thehackernews.com/2025/06/new-us-visa-rule-requires-applicants-to.html [therecord.media] Scattered Spider hackers targeting insurance industry following retail hits, Google warns https://therecord.media/scattered-spider-targeting-insurance-sector-following-retail-attacks [epic.org] EPIC Applauds Vermont Governor Phil Scott for Signing Age-Appropriate Design Code into Law https://epic.org/epic-applauds-vermont-governor-phil-scott-for-signing-age-appropriate-design-code-into-law/ [404media.co] Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed https://www.404media.co/flock-removes-states-from-national-lookup-tool-after-ice-and-abortion-searches-revealed/ [techradar.com] Windows 10 users who don’t want to upgrade to Windows 11 get new lifeline from Microsoft https://www.techradar.com/computing/windows/windows-10-users-who-dont-want-to-upgrade-to-windows-11-get-new-lifeline-from-microsoft [androidauthority.com] Android 16 introduces Advanced Protection mode to fortify your phone against threats https://www.androidauthority.com/android-16-advanced-protection-mode-2-3566064/ [theguardian.com] Denmark to tackle deepfakes by giving people copyright to their own features https://www.theguardian.com/technology/2025/jun/27/deepfakes-denmark-copyright-law-artificial-intelligence [tedium.co] Does One Line Fix Google? https://tedium.co/2024/05/17/google-web-search-make-default/ [schneier.com] What LLMs Know About Their Users https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html Tip of the Week: https://firewallsdontstopdragons.com/the-in-app-switcheroo/ Further Info Delete your 23andMe data: https://www.eff.org/deeplinks/2025/03/how-delete-your-23andme-data Clean Google Search: https://udm56.com/  Other Google udm codes: https://serpapi.com/blog/every-google-udm-in-the-world/  My book: https://fdsd.me/book  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:51: News preview 0:03:14: 23andMe ombudsman recommends gaining consent for sale of data 0:07:46: The Meta AI app is a privacy disaster 0:11:04: Amazon, Roku Strike Deal to Pool Audiences for Ads 0:14:19: WhatsApp just launched ads for all users 0:17:03: Data Trackers Are Sucking Up Your Health Data 0:21:37: ICE seeks proprietary data and tech to monitor up to a million people 0:27:29: Austrian government agrees on plan to allow monitoring of secure messaging 0:30:27: New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public 0:34:09: Scattered Spider hackers targeting insurance industry 0:38:31: VT Governor Phil Scott Signs Age-Appropriate Design Code into Law 0:41:17: Flock Removes States From National Lookup Tool 0:44:02: Windows 10 users get new lifeline from Microsoft 0:47:21: Android 16 introduces Advanced Protection mode 0:50:38: Denmark to tackle deepfakes by giving people copyright to their own features 0:53:50: Does One Line Fix Google? 0:59:06: What LLMs Know About Their Users 1:01:28: Tip of the Week 1:09:03: Hacker Summer Camp news 1:11:18: Looking ahead

On January 12th, 2025, the ShmooCon hacker conference held it’s 20th and final gathering. I was lucky enough to be able to not only attend the final show but also to interview the founders, Heidi and Bruce Potter. We talk about how it all got started, what made this hacker con so special and beloved, and hear some hilarious stories from the past twenty years of hacker shenanigans in Washington D.C. Interview Notes ShmooCon: https://www.shmoocon.org/  ShmooCon 2025 sessions: https://www.youtube.com/playlist?list=PLnKSfJ5rXw95HSPVl5L7dqhKpVAx3q_j0  Turngate: https://www.turngate.io/  HOPE conference: https://www.hope.net/  BSides: https://bsides.org/  Cackalackycon: https://cackalackycon.org/  Thotcon: https://www.thotcon.org/  SummerCon: https://www.summercon.org/  PancakesCon: https://pancakescon.com/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:03:43: How and why did you start ShmooCon? 0:11:05: Why are hacker conferences so different from regular trade shows? 0:17:19: Why limit attendence and how did this give rise to LobbyCon? 0:21:52: What makes a good con? What’s your post-con recovery like? 0:27:26: Why did you decide to end the con? 0:29:54: How have other cons influenced ShmooCon? 0:33:16: Why is it important to be so transparent about your con? 0:37:38: What are your favorite ShmooCon stories? 0:44:54: What’s it like running a conference as a married couple? 0:49:39: What are you most proud of with ShmooCon? 0:52:13: Was there anything you wish you had done but didn’t? 0:56:07: Did you ever consider handing ShmooCon off to someone else? 0:58:13: So what now? 1:00:58: What are some ShmooCon alternatives? 1:06:36: Wrap-up 1:08:07: Attend a hacker con! 1:09:35: Patron bonus preview 1:10:24: Looking ahead

Artificial Intelligence is taking over. But I don’t mean that in a Skynet kinda way. It’s simply becoming ubiquitous because companies are insisting on inserting the technology into all their products, even if it’s not useful – or not even safe. Unfortunately, the breathless reporting on dangers of AI is also getting way out of hand, including stories of AI systems ‘blackmailing’ their designers. Today I’ll try to bring us back to reality a bit. Also in the news: Billions of session login cookies up for grabs; Meta and Yandex cheat in order to track you around the web; Qualcomm fixes three zero-day bugs being actively exploited; Apple releases transparency report on push notification data requests; LAPD using Waymo for gathering video evidence; another massive AT&T user data leak includes SSNs; AI system appears to try to blackmail its owner; judge grants preliminary injunction on DOGE data grab; and we’ll check in on your 2025 New Year’s Resolutions! Article Links [theregister.com] Billions of cookies up for grabs as experts warn over session security https://www.theregister.com/2025/05/29/billions_of_cookies_available/ [arstechnica.com] Meta and Yandex are de-anonymizing Android users’ web browsing identifiers https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/ More info: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could   [techcrunch.com] Phone chipmaker Qualcomm fixes three zero-days exploited by hackers https://techcrunch.com/2025/06/03/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers/ [404media.co] Apple Gave Governments Data on Thousands of Push Notifications https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/ [404media.co] LAPD Publishes Crime Footage It Got From a Waymo Driverless Car https://www.404media.co/lapd-publishes-crime-footage-it-got-from-a-waymo-driverless-car/ [cyberinsider.com] AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs https://cyberinsider.com/att-investigating-new-leak-of-86-million-customer-records-with-decrypted-ssns/ [bbc.com] AI system resorts to blackmail if told it will be removed https://www.bbc.com/news/articles/cpqeng9d20go [eff.org] Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit https://www.eff.org/press/releases/privacy-victory-judge-grants-preliminary-injunction-opmdoge-lawsuit Tip of the Week: https://firewallsdontstopdragons.com/2025-resolutions-check-in/  Further Info 2025 New Year’s Resolutions: https://firewallsdontstopdragons.com/new-years-resolutions-2025/  Privacy Guides: https://www.privacyguides.org/articles/  EFF’s Rayhunter project: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:50: A note on protest privacy 0:04:32: News preview 0:06:43: Billions of cookies up for grabs as experts warn over session security 0:18:27: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers 0:25:59: Phone chipmaker Qualcomm fixes three zero-days exploited by hackers 0:27:51: Apple Gave Governments Data on Thousands of Push Notifications 0:33:25: LAPD Publishes Crime Footage It Got From a Waymo Driverless Car 0:37:39: AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs 0:41:51: AI system resorts to blackmail if told it will be removed 0:51:40: Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit 0:56:04: Tip of the Week 0:58:13: Wrapup 0:58:30: Merlin’s Musings preview 0:59:10: Looking ahead

Debbie Reynolds (aka, The Data Diva) has been working in the privacy realm for many years, as a privacy consultant, speaker, advisor and podcaster. She and I have been running in the same circles on LinkedIn for a while now, and we finally decided it was time to be a guest on each other’s shows. Today Debbie and I will discuss the dangers of privacy in the realm of IoT devices (including her contributions on the US Department of Commerce’s IoT Advisory Board), vehicles, and AI. I’ll ask about her experiences advising corporations on privacy issues with emerging technologies and how she advocates for less data gathering and more transparency. Interview Notes Debbie Reynolds consulting: https://www.debbiereynoldsconsulting.com/  Data Diva podcast: https://www.debbiereynoldsconsulting.com/podcast  My interview on Debbie’s podcast: https://www.debbiereynoldsconsulting.com/podcast/e228-carey-parker  The Right to Privacy book (1995): https://www.amazon.com/Right-Privacy-Caroline-Kennedy/dp/0679419861  IoT Advisory Board report: https://www.debbiereynoldsconsulting.com/iot-advisory-board  Shodan search: https://www.shodan.io/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:27: During your privacy career, how have privacy changed? 0:05:59: How do you define privacy? 0:08:51: What were your contributions on the IoT Advisory Board? 0:12:54: Who was the primary audience for that report? 0:15:49: Which IoT devices have the worst privacy? 0:19:33: How bad are modern cars in terms of privacy? 0:29:50: How does AI threaten our privacy today? 0:33:30: How can we mitigate AI privacy risks? 0:40:11: How can we convince companies to truly embrace user privacy? 0:45:36: What are some of the biggest privacy mistakes companies make? 0:49:34: Why can’t we have a global tracking opt-out signal? 0:53:52: What can we learn from the EU’s GDPR? 0:58:35: So what can we do to improve our privacy? 1:00:50: Patron preview 1:01:21: Looking ahead

Tracking our faces and whereabouts is getting out of control. It’s a mass surveillance infrastructure that keeps growing in Borg-like fashion. Facial recognition and license plate readers are proliferating at a stupefying pace and companies like Flock are consolidating the collected data and packaging it up for sale to law enforcement agencies. Even if no human in these agencies were to abuse this data, it’s creating an irresistible target for scheming hackers and nation states keen on espionage. The longer we let this go, the harder it will be to stop. In today’s news: Asus routers are being hacked and you need to take action; 23andMe has been sold, along with its users’ genetic data; AI-generated videos have just become way more realistic; US government taps surveillance company to centralize all its citizen data; CFPB regulation limiting data brokers is axed; Kroger is packaging and selling its customer loyalty data; automated license plate reader data use is expanding in scary ways; Android phones gain key new security feature; EU court rules that real-time bidding data gathering is illegal; Montana is first state to plug data broker loophole; and I relate my recent privacy experience at the US border. Article Links [LifeHacker.com] If You Have an Asus Router, You Need to Check If It’s Been Hacked https://lifehacker.com/tech/asus-routers-hacked  [404media.co] 23andMe Sale Shows Your Genetic Data Is Worth $17 https://www.404media.co/23andme-sale-shows-your-genetic-data-is-worth-17/ [lifehacker.com] You Are Not Prepared for This Terrifying New Wave of AI-Generated Videos https://lifehacker.com/tech/you-are-not-prepared-for-this-new-wave-of-ai-generated-videos [nytimes.com] Trump Taps Palantir to Compile Data on Americans https://www.nytimes.com/2025/05/30/technology/trump-palantir-data-americans.html [techcrunch.com] White House scraps plan to block data brokers from selling Americans’ sensitive data https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/ [therecord.media] Consumer Reports: Kroger using loyalty program to package, sell customer data https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data [404media.co] A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion https://www.404media.co/a-texas-cop-searched-license-plate-cameras-nationwide-for-a-woman-who-got-an-abortion/ [404media.co] License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/ [arstechnica.com] Android phones will soon reboot themselves after sitting unused for 3 days https://arstechnica.com/gadgets/2025/04/android-phones-will-soon-reboot-themselves-after-sitting-unused-for-3-days/ [signal.org] By Default, Signal Doesn’t Recall https://signal.org/blog/signal-doesnt-recall/ [therecord.media] EU court rules that tracking-based online ads are illegal https://therecord.media/eu-court-rules-tracking-based-ads-illegal [eff.org] Montana Becomes First State to Close the Law Enforcement Data Broker Loophole https://www.eff.org/deeplinks/2025/05/montana-becomes-first-state-close-law-enforcement-data-broker-loophole Tip of the Week: https://firewallsdontstopdragons.com/border-insecurity-update/  The Atlantic: How to Disappear https://www.theatlantic.com/ideas/archive/2025/05/extreme-personal-data-privacy-protection/682867/  BADBOOL data removal service list: https://docs.google.com/spreadsheets/d/115L6LpQg_UX638IyUfdwGhRS7dIU3lKwz6fjAcDtE-0/edit?gid=0#gid=0  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:50: Josh Corman interview promotion 0:03:04: How to Disappear 0:03:49: News rundown 0:07:32: If You Have an Asus Router, You Need to Check If It’s Been Hacked 0:19:01: 23andMe Sale Shows Your Genetic Data Is Worth $17 0:23:22: You Are Not Prepared for This Terrifying New Wave of AI-Generated Videos 0:28:42: Trump Taps Palantir to Compile Data on Americans 0:35:04: White House scraps plan to block data brokers from selling Americans’ sensitive data 0:38:08: Kroger using loyalty program to package, sell customer data 0:46:23: A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion 0:49:43: License Plate Reader Company Flock Is Building a Massive People Lookup Tool 0:55:15: Android phones will soon reboot themselves after sitting unused for 3 days 0:59:25: By Default, Signal Doesn’t Recall 1:03:13: EU court rules that tracking-based online ads are illegal 1:06:07: Montana Becomes First State to Close the Law Enforcement Data Broker Loophole 1:09:28: Tip of the Week: my border experience 1:22:30: Wrap up 1:24:10: Patron podcast preview 1:24:39: Looking ahead

VPNs were not invented for privacy, despite the name – they were invented for security. Nevertheless, in recent years, they have been touted as privacy tools to thwart rampant and fanatical data gathering. With a regular VPN, this really just means you’re shifting your trust from your internet service provider to your VPN provider. But what if your encrypted data traffic was actually divided between two separate companies? The split trust model is a powerful way to protect your privacy and it’s the key technology behind new services like Apple’s Private Relay and Obscura VPN. Today we’ll discuss the benefits of this approach with Obscura’s founder, Carl Dong. Interview Notes Obscura VPN: https://obscura.net/ Wireguard: https://en.wikipedia.org/wiki/WireGuard  Obscura Wireguard configuration tool: https://obscura.net/#faq-wireguard-config  QUIC explainer video: https://www.youtube.com/watch?v=HnDsMehSSY4  Masque: https://datatracker.ietf.org/wg/masque/about/  Privacy Pass: https://privacypass.github.io/  Anubis: https://anubis.techaro.lol/docs/design/how-anubis-works/  How Onion Routing Works: https://firewallsdontstopdragons.com/how-onion-routing-works/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:01:16: Interview setup 0:04:46: Lingo definitions 0:09:48: Why do we need yet another VPN? 0:15:00: How does Obscura differ from Apple Private Relay and Tor? 0:21:59: How little info can you give to set up an Obscura account? 0:25:33: What is the Bitcoin Lightning Network? 0:27:30: How can we know how much logging a VPN provider is doing? 0:35:04: Does Obscura have the same quirks as regular VPNs? 0:42:10: How vulnerable are you to being taken down by governments? 0:46:11: What are the core technologies in Obscura? 0:50:49: What do you think about Safing’s IP-per-connection idea? 0:54:00: Are you planning to expand your partner VPNs? 0:56:41: How does Obscura handle the TunnelVision problem? 0:59:57: What is the roadmap for supporting other operating systems? 1:03:14: What’s next for Obscura? 1:04:32: Interview wrap-up 1:09:19: Patron podcast preview 1:09:50: Looking ahead

There are way too many messenger apps today. It’s a sad state of affairs and I don’t see it getting better anytime soon. But the real problem (for me) is that almost all of the popular messenger apps aren’t really that secure and private. Most do not have end-to-end encryption (E2EE) at all or it’s not turned on by default. And frankly even the apps with E2EE are run by companies whose revenue model is based on monetizing your personal data. I’m going to suggest you try Signal. In other news: study finds Canadian’s health data being sold to drug makers; DOGE worker’s computer has been hacked; airlines are selling your data to ICE; a massive proxy botnet has been shut down; Google pays $1.4B to Texas over unauthorized tracking and data collection; Denver decides to stop using license plate readers of privacy concerns; jury orders NSO Group to pay hundreds of millions of dollars for hacking WhatsApp users. Article Links [cbc.ca] Millions of Canadians’ health data available for sale to pharmaceutical industry, study shows https://www.cbc.ca/news/health/health-data-records-pharmaceutical-private-clinics-1.7529955 [micahflee.com] DOGE bro Kyle Schutt’s computer infected by malware, credentials found in stealer logs https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/ [jacobin.com] Airlines Are Selling Your Data to ICE https://jacobin.com/2025/05/airlines-data-ice-trump-immigration/ [The Hacker News] BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html [The Hacker News] Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html [9news.com] Denver will stop using license plate reader cameras amid privacy worries https://www.9news.com/article/news/local/local-politics/license-plate-reader-camera-data-security-concerns/73-9c570252-9d1c-4e5c-b042-c12392aa1081 [arstechnica.com] Jury orders NSO to pay $167 million for hacking WhatsApp users https://arstechnica.com/security/2025/05/jury-orders-nso-to-pay-167-million-for-hacking-whatsapp-users/ Tip of the Week: Slay Snoopers: https://firewallsdontstopdragons.com/dragon-hacks-slay-snoopers/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Recommend news stories: send to news [at] firewallsdontstopdragons.com  Send me your questions! https://fdsd.me/qna  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:00: Intro 0:00:43: News preview 0:02:53: Millions of Canadians’ health data available for sale to pharmaceutical industry 0:08:39: DOGE engineer’s computer infected by malware 0:14:38: Airlines Are Selling Your Data to ICE 0:22:05: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in US, Dutch Operation 0:28:04: Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection 0:30:21: Denver will stop using license plate reader cameras amid privacy worries 0:34:54: Jury orders NSO to pay $167 million for hacking WhatsApp users 0:39:17: Tip of the Week: Slay Snoopers 0:44:31: Wrap-up