Firewalls Don't Stop Dragons Podcast

In the second half of my interview with the Tech Learning Collective, we delve into their course curriculum a bit, and then discuss why they teach what they teach and how they approach these topics in a unique and meaningful way. We also examine the notion of "ethical hacking" and how this term can be used to whitewash some truly unethical and immoral products and services. Finally, we discuss why it's important to know how to perform cyber attacks in order to properly defend against them. These classes are truly like nothing else you'll find online. Check out one of their workshops for yourself (and support their important work in the process)! Technology, taught collectively. Looking to get certified? Look elsewhere. Looking to spark a revolution? We’ll show you how to become more powerful than the most well-funded adversaries, including corporate- and government-backed opponents. Further Info Tech Learning Collective: https://techlearningcollective.com/ Support me on Patreon! https://www.patreon.c

I first learned of the Tech Learning Collective at a privacy conference in late 2020. I struck up a conversation with one of its representatives and ended up taking one of their wonderful workshops in January. The TLC offers some top-notch courses on computers with a focus on cybersecurity. Unlike college courses or cybersecurity certification courses, TLC offers eminently practical and affordable content, focused squarely on doing. It's like the difference between taking a karate class to earn colored belts and taking a personal self defense class to actually protect yourself. But it's also much more than that, and hard to describe. You'll have to listen to this interview to truly understand! From their website... Technology, taught collectively. Looking to get certified? Look elsewhere. Looking to spark a revolution? We’ll show you how to become more powerful than the most well-funded adversaries, including corporate- and government-backed opponents. Further Info Tech Learning Collective: https://

Ep207. Clearview AI - the company that has hoovered up every face it can find on the internet to create a creepy person identifying app - is back in the news. Canada and the EU have decided that Clearview has gone too far and needs to allow its users to opt out and even delete all the data they have, upon request. It's a welcome development, but unfortunately only available to California residents in the US (plus Canada and the EU). I'll tell you how to delete your data. In other news: Google uncovers a killer security feature in iOS 14 called BlastDoor; Amazon is expanding its "surveillance empire" in a massive and creepy way; someone "hacked" a water treatment plant in Florida trying (and failing) to poison its citizens; a bad bug has been found in a popular Wi-Fi iOT chip; a new phishing attack uses Morse code to hide its malicious web links; Facebook's "Supreme Court" has rendered its first set of rulings; and Clubhouse, the latest social media craze, is using some intrusive techniques to find more mem

Episode 206. The social media events around the January 6th storming of the US Capitol have sparked raging, divisive debates in the US. But the banning of individuals and the deplatforming of apps and groups are not new phenomenons. The Right of Free Speech that is enshrined in the First Amendment to the US Constitution is not limitless. It does have legal boundaries. And private companies, even monopolies, have the legal right to control access to their platforms. But does that make it right? Today, I will wade into this decidedly thorny issue with Troy Hunt, who brings a plethora of global technology and security experience to the debate. Troy Hunt is an Australian Microsoft Regional Director and a Most Valuable Professional awardee for Developer Security. He’s a blogger, international speaker and author of several online courses, and he runs the very valuable internet security service HaveIBeenPwned. Further Info Troy Hunt’s blog on deplatforming: https://www.troyhunt.com/weekly-update-226/ EFF's

Tracking and data mining has gotten way out of hand. We're not only being tracked online, we're now being tracked around the real world, too. We're truly living in a panopticon - and it's not good for us as individuals or as a democratic society. Today I'll cover several stories that make it clear that we've hit a tipping point. It has to stop. And it's going to require all of us putting pressure on our representatives to lay down some common sense rules to curb surveillance capitalism. In today’s news: One week left to send in your podcast listener survey; update all your iOS devices ASAP; Apple walks back a controversial OS change that would have allowed some Apple apps to bypass firewalls and VPNs; Microsoft is touting a new Edge browser feature that notifies you when your passwords have been breached; an innocuous-looking police robot is actually paving the way towards chilling mass surveillance; another US intelligence agency has been caught buying the location data of US citizens from data brokers; A

We all love to beat up on Facebook over user privacy, but the real granddaddy of them all is Google. Google is everywhere. And they almost surely know way more about you than any other company on the planet. In addition to all the "G" apps and services that you know about, Google also owns Android, Chrome browser, Waze, Nest and YouTube. It's extremely hard to avoid using Google. But there are alternatives that will respect your privacy - and today I'll give you a long list of viable options. And with international Data Privacy Day happening this week (Jan 28th), it's a great time to take back control of your data. In other news: Some malicious Chrome extensions have been scraping Facebook data, a man working for ADT has been caught spying on women using the security cameras he helped to install, Google seems to be dragging their heels on updating their iOS app privacy labels, Malwarebytes says they've been hacked by the same group behind the SolarWinds hacks, WhatsApp has upset many of their users with a

So I want to switch to a new, privacy-respecting email service. How do I even do that? What happens to all the email I have now? What about my calendar and contacts? Am I going to have to change my email address every time I change email providers? In part 2 of my interview with Fastmail's COO Helen Horstmann-Allen, we'll answer these questions and also address the thorny issue of privileged access by law enforcement. Helen Horstmann-Allen is the Chief Operating Officer at Fastmail where she provides overall business strategy and product direction for Fastmail and its suite of products. Before Fastmail, she ran her company, Pobox, an email forwarding service, for 20 years before Fastmail acquired it in 2015. Helen graduated from the Wharton School of Business and currently serves on several nonprofit boards in the Philadelphia area. Further Info 2021 Listener Survey: http://bit.ly/Firewalls-survey-2021 New Year’s Resolutions 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/ No Mo

What could I learn about you if I read all your emails? Like, all of them. Since you started sending email. Beyond private conversations, I would also likely know every web site you have a relationship or account with, every online purchase you've made, every club or organization you've been a part of, and all the appointments you've made. I can also make a pretty comprehensive list of everyone you know. And that's just the tip of the iceberg. If I analyze the content of your emails, I could almost certainly determine your political leanings, sexual preferences, religion, income, location(s), and more. So why don't we put more thought into choosing our email provider? In part one of my interview with Fastmail's COO, Helen Horstmann-Allen, we'll discuss how email privacy really works and why it's so crucially important. Helen Horstmann-Allen is the Chief Operating Officer at FastMail where she provides overall business strategy and product direction for Fastmail and its suite of products. Before Fastmail, s

The Russian SVR has had backdoor access to hundreds if not thousands of government and corporate networks for nearly nine months. And if not for private security firm FireEye, we might never have known. The SolarWinds supply chain hack may be the biggest, most consequential cybersecurity event ever. And it will literally be years before we understand the full impacts. However, from what we know so far, this was not an "attack" or "act of war" ... it was straight-up espionage, which is widely accepted as normal during peacetime. The US does this all the time, as do all modern nations. And yet, espionage and infiltration are the first steps in any actual attack. It's a fine line. We'll discuss it today. In other news: Adobe Flash is finally dead - it's time to remove it; Facebook is being sued by almost all 50 states and the Federal Trade Commission; butt-flap pajamas flooded internet ads; GoDaddy plays a cruel Christmas prank on its employees; Microsoft, McAfee and many others have joined forces to fight ra

The dumpster fire that was 2020 is almost behind us, and it's time to look forward to a brighter future in 2021! By a stroke of fortuitous coincidence, this is also my 200th podcast! To celebrate these two important milestones, we have a world-renowned security guru for our guest, Bruce Schneier, and I'll be giving away over $1800 worth of great stuff to help you improve your privacy and security in 2021! And if all of that weren't enough, I'll also be sharing with you several top-notch to-do list ideas for your 2021 New Year's resolutions - not just from myself, but from several top industry experts! It's an amazing star-studded, prize-riddled, info-packed podcast! Special Guest Appearances By: Bruce Schneier (Chief of Security Architecture at Inrupt)Dr Ann Cavoukian (Executive Director at Global Privacy & Security by Design Centre)Dr Andy Yen (CEO/Co-Founder ProtonMail)Cory Doctorow (author & activist)David Ruiz (Malwarebytes)Helen Horstmann-Allen (COO Fastmail)Beah Burger-Lenehan (Director, Product

I've painstakingly scoured the last 50 episodes to select the best of the best, the cream of the crop, the top tips for the year 2020! If you're already a subscriber, this will be a great refresher - and maybe give you a chance to do some of those things you had meant to do but somehow never got around to doing it! And if you're a new subscriber, then you can catch up on some of what you missed! This would also be a great episode to share with friends and family who you feel might also benefit from improving their cyber security and data privacy! Enjoy! And Happy Holidays!! Further Info Don't miss the HUGE 200th episode next week! https://firewallsdontstopdragons.com/200th-podcast-a-brighter-future/Follow me on Facebook!! https://bit.ly/Firewalls-Facebook Follow me on YouTube!! https://bit.ly/Firewalls-YouTube

One today's show, Ben Moskowitz from Consumer Reports will tell us about an extremely useful tool they've created to help you improve your personal security and privacy, customized to your particular needs, called the Security Scanner. Just answer a few simple questions and it will give you a checklist of specific ways to be more secure, ranked by time, effort and cost. Consumer Reports is also pioneering a comprehensive, open-source program that will allow consumers, manufacturers, advocacy organizations, and more to formally evaluate the privacy and security aspects of products and services. This will allow buyers to compare products more accurately and give manufacturers incentives to make better products. Benjamin Moskowitz is the Director of Consumer Reports’ Digital Lab, a major initiative to expand CR’s work on privacy, digital security, and emerging concerns in digital consumer protection. Previously, he served as Director of Development for Innovation for the International Rescue Committee, w

Are consumers really concerned about security and privacy in the products they buy? And if so, how could manufacturers capitalize on these attributes to sell more of their products? Consumer Reports has recently published an important, comprehensive study of consumer attitudes towards privacy and security, including the historical evolution of these feelings. The result is a roadmap which companies can use to better serve this fast-growing market. Today we'll discuss this study and its implications with Ben Moskowitz from CR's Digital Lab. Benjamin Moskowitz is the Director of Consumer Reports' Digital Lab, a major initiative to expand CR’s work on privacy, digital security, and emerging concerns in digital consumer protection. Previously, he served as Director of Development for Innovation for the International Rescue Committee, where he secured more than $29 million in funding as a founding member of the Airbel Center—a research and development unit that designs, tests, and scales life-changing solutions

Looking for fun gifts that won't also be gifts to hackers and data miners? In today's show, I'll list off the top products and services from my annual Naughty & Nice gifts guide! Every year, I review several popular gifts and give you my recommendations on which ones to buy and which ones to avoid like the plague (or the pandemic?). In other news: Spotify has been hacked and you should change your password; Google is looking to add end-to-end encryption to its new Android RCS messaging system; an important new IoT security bill is waiting for the President's signature; 27.7M Texans' driver's license info has been stolen; the IRS and the US military have been doing an end run around the US Constitution to obtain location information on thousands of people including US citizens without a warrant; Apple lowers its App Store commission to 15% for the vast majority of developers; Apple has responded to the blow back concerning its security validation on macOS Big Sur; and now is the time to download and enable

So, what can we do about these dark patterns? Are there technical solutions to this problem? Or will this require regulations? Or perhaps we just need to train our engineers and consumers better? In part 2 of my interview with Dr. Colin Gray of Purdue University, we talk about some possible solutions to the dark patterns problem, as well as tips and tricks for avoiding them. Colin also shares several interesting resources for further study. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in Educational Technology from University of South Carolina, and a MA in Graphic Design from Savannah College of Art & Design. He has worked as an art director, contract designer, and trainer, and his involvement in design work informs his research on design activity and how design

Are you tired of being pestered to allow notifications or access to your location? Do you wonder why you have to give your credit card number in order to sign up for "free" trials? Why weren't you told about the shipping costs until the very last screen in the purchase process? Are you sure that you didn't intend to sign up for all those newsletters? You're not alone, and you're not simply being subjected to clever marketing. You've been the victim of dark patterns: specific, scientifically-proven techniques designed to favor shareholder value over user value. In part 1 of my interview with Dr. Colin Gray, we'll discuss all the ways in which we're being manipulated and why, as mere humans, we're horribly outmatched. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in

Zoom went from an obscure teleconferencing company to a household word when the pandemic hit. Zoom wasn’t the best videoconferencing app by any means. But it was dead simple to use and kinda fun to say. For better or worse, it became the de facto tool for many of us to keep in touch. Over that time, Zoom has made many important improvements. This week it has finally rolled out what appears to be true end-to-end encryption (E2EE). Today I'll tell you how to enable this new feature. In other news: Be sure to update your iPhones to iOS 14.2; also be sure to keep Google Chrome and Windows 10 up to date; Adobe Flash is finally almost gone; police in Jackson, Mississippi are trialing a program to directly tap into people's private security cameras like Ring video doorbells; the NSA and FBI have been burned by the very backdoors they added; and California's Prop 24 passes, beefing up privacy protections for its citizens (and probably for all of us). Further Info (for podcast page) How to enable Zoom end-to-

For better or for worse, the internet today is funded by advertising. While ads can be annoying, the real issue isn't having to watch ads - it's when then ads watch us. AdTech today is premised on invasive personal data collection. Companies like Google and Facebook amass voluminous dossiers on each of us, and sell highly-targeted ads based on our income, gender, age, location, buying habits, personal interests, sexual orientation, and much, much more. But it doesn't have to be that way. And Cloudflare is going to show us how. Today, I'll talk again with the CTO, John Graham-Cumming, about Cloudflare Radar and much more. John Graham-Cumming is a British software engineer and writer best known for starting a successful petition to the Government of the United Kingdom asking for an apology for its persecution of Alan Turing. As of 2020, he serves as Chief Technology Officer (CTO) at Cloudflare. Further Info: Cloudflare Radar: Election 2020 https://radar.cloudflare.com/election-2020Cloudflare 1.1.1.1 DN

In the second half of my interview with the EFF’s Lindsay Oliver and Jason Kelley, we talk about how these draconian surveillance systems put several students at a distinct disadvantage and how the teacher themselves feel about all of this. How might all of this normalize surveillance for young people? Can the invisible hand of the market resolve some of these issues? What should the policies be around proctoring and the use of these surveillance apps? How can we push back and demand change most effectively? Lindsay Oliver is the Project Manager for EFF’s activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: VOTE! https://www.vote.org/ Cybersecurity & Infrastructure Security Agency tip sheets: https://www.cisa.gov/national-cybersecurity

In this time of COVID19, we've all had to learn to work and learn from home. But how do our bosses know we're not screwing around instead of working? How do our teachers know we're not cheating? It turns out that they're both willing to go to extremely intrusive measures to try to figure that out. Home and mobile device surveillance technology is booming thanks to this global pandemic, as we will learn from talking to the EFF's Lindsay Oliver and Jason Kelley. They have been investigating the serious impacts these products and services are having on our privacy and overall fairness for students and employees. Lindsay Oliver is the Project Manager for EFF's activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: Surveillance Self Defense