Firewalls Don't Stop Dragons Podcast

2019 has come and gone, and 2020 is upon us! You know what that means: New Years Resolutions! I've put together a Top Ten list of suggestions that will significantly improve your computer security and online privacy! Some of these are easy and some are going to require some effort... but you have a whole year to do them! This will also be a great episode to forward to friends and family, introduce them to the show and help build up our "herd immunity". Further Info 2020 New Years Resolutions blog: https://firewallsdontstopdragons.com/2020-new-year's-resolutions/Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/Key resources: https://firewallsdontstopdragons.com/resources/Terms and Conditions May Apply: http://tacma.net/tacma.php Support me! https://www.patreon.com/FirewallsDontStopDragons

We know that we're tracked, but what remains largely invisible is the massive economy working behind the scenes (or "mirror") to buy, sell, trade and bid on you and your data. I've seen estimates that claim there are up to 4000 data brokers in the US alone. And what's worse is that they are largely unregulated, making the data market a total free-for-all. What can you do to curb this tracking and selling of data? We'll discuss that in the conclusion of my interview with the EFF's Bennett Cyphers. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he's worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master's degree for wo

If you've listened to even a handful of my shows, you are well aware that you're being tracked around the web. But even I was surprised by some of the things I learned in the recent white paper from the Electronic Frontier Foundation entitled "Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance". One of the prime authors of this report, Bennett Cyphers, came on my show to walk us through the myriad and shocking ways that ad tech companies have found to identity us as we surf the web, use our smartphones, and even walk around the real world. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he's worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he

We don't often think about the security and privacy of our regular old "snail mail", but we need to. According to recent activity observed by researchers of the dark web, the bad guys have been regaining interest in identity theft schemes involving physical letters. And in many cases, they can steal your mail without ever opening your mailbox. I'll tell you what you can do to reduce your risk. In other news, thousands of Disney+ accounts were hacked on the first day, a massive data breach exposed over a billion user records, PayPal is set to acquire shopping platform Honey for $4B, and Avast and AVG browser extensions are spying on Chrome and Firefox users.

It's that time of year again - time to see which popular gifts make my privacy/security Naughty and Nice lists! You want to make sure that when you're giving gifts to your loved ones that you're not also giving gifts to hackers and data miners! I'll also start to catch you up on several of the news stories from the past few weeks including Google's access to private medical info of tens of millions of people, a researcher finding 146 different Android bugs coming right out of the box, more creepy updates on the Ring Doorbell, and a very welcome federal court ruling about your rights at the US border.

Today in part 2 of my deeply insightful interview with author Kris Shaffer, we discuss how marketers and foreign powers have been capturing our attention and even manipulating our responses. We'll discuss how these techniques were used in the 2016 US presidential election and in other critical voting situations. In many cases, it's sufficient to make people stay home or to sow doubt in the election results. But we'll also discuss whether some of these sames tools and techniques can be used to expose manipulation and tip the scales back in our favor. Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored "The Tactics and Tropes of the Internet Research Agency", a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, non-profits, and universities on matters related to digital disi

They say we are in the Information Age and that data is the new oil. But many (including my guest, Kris Shaffer) are saying that was is truly valuable today is attention, not information. Information is so plentiful now that it almost has no value. And because just about everything on the internet is free, we're paying for it with our attention. Marketers have gone to great lengths to study human behavior and they know exactly how to get and keep our attention. Unfortunately, these techniques can also be used to distract us and manipulate us. We'll discuss this and much more in today's interview (part 1 of 2). Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored "The Tactics and Tropes of the Internet Research Agency", a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, no

Marketing companies have come up with may clever ways to track our travels around the web, hoping to garner as much information about us as they can. At the same time, privacy-conscious organizations have given us tools to maintain our anonymity by countering these tracking technologies. It's the usual arms race - one that privacy advocates were mostly winning, with VPN's, blocking third party cookies, and privacy-enhancing browser plugins. But now we're faced with the nuclear option: browser fingerprinting. Our browsers cough up dozens of detailed bits of information about us: OS type and version, browser type and version, fonts and plugins installed, monitor resolution, and much more. When taken together, this information creates a fingerprint of our system - one that is often very unique. Preventing this sort of fingerprinting is extremely difficult, making most of the above privacy-enhancing techniques useless. I'll tell you how it works and what you can do to mitigate this. In other news: Facebook su

How are our identities stolen? What happens to our identity information after its been stolen? Once we realize we've been hacked, what can we do to mitigate the damage and recover from the consequences? I'll discuss this and much more with Amyn Gilani from 4iQ - including why you shouldn't be participating in all those fun social media quizzes. Amyn Gilani leads strategy and product at 4iQ. Previously, he was a Chief Technologist at Booz Allen Hamilton where he provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting, and cybersecurity operations engineering. Prior to joining Booz Allen, Amyn was a Vice President in Information Security at Goldman Sachs where he led Red Team Operations and emulated sophisticated attacks against securities trading platforms and payment systems. He began his career serving in the United States Air Force as an intelligence analyst and was on detail at National Security Agency and United States Cyber Command. Further In

I've been a Dropbox user for many, many years. But recently, they've gotten really pushy - trying to get me to save all my photos and docs there, integrating with MS Office when I didn't ask it to, and pushing me to upgrade. Now it tells me I need to deactivate all but three devices (I have probably 7-8). I've been looking for a secure and (more importantly) private alternative for a while now, and this pushed me to move. Today I'll compare several cloud sync services and tell you why I picked Sync.com. In other news: Firefox keeps delivering excellent privacy features and gets top ranks in two new reports; NordVPN was "hacked" but you shouldn't be worried; ISP are lobbying hard to stop DNS over HTTPS in browsers; some clever researchers show how to create legitimate Amazon Echo and Google Home apps that can eavesdrop and phish for passwords; and macOS Catalina arrives with several bugs but also several welcome new security features. Further Info: Sign up for Sync.com (referral gets us both 1GB extra

You've got ransomware! Now what? If you had the foresight to create safe backups, you can restore your data and move on. Sometimes the hackers screw up and you can actually recover your files directly without paying for the key. But in many cases, you have no real choice but to pay. Cyber insurance can not only help you cover those costs, but insurers can deal directly with the hackers for you and help you with the restoration process. Joshua Motta is the CEO and Co-founder of Coalition, the fastest-growing provider of cyber insurance for small to medium sized businesses. Having worked at the intersection of the intelligence, finance, and technology sectors at the CIA, Goldman Sachs, and most recently as an early employee and CxO of Cloudflare, he gained valuable insights into the minds of hackers and how — and why — they target specific organizations, as well as how organizations can most effectively manage cyber risk. He founded Coalition to provide a better way to protect small and midsize businesses fr

As our world becomes increasingly technical and interconnected, we become more susceptible to technical misfortunes and feel more impact when they inevitably occur. In the first half of my interview with Joshua Motta, we'll talk about the recent rise in ransomware attacks: how people and companies get infected, what we know about the hackers, and why ransomware is such an effective and debilitating attack. Joshua will even explain how ransomware has become a cottage industry unto itself. Joshua Motta is the CEO and Co-founder of Coalition, the fastest-growing provider of cyber insurance for small to medium sized businesses. Having worked at the intersection of the intelligence, finance, and technology sectors at the CIA, Goldman Sachs, and most recently as an early employee and CxO of Cloudflare, he gained valuable insights into the minds of hackers and how — and why — they target specific organizations, as well as how organizations can most effectively manage cyber risk. He founded Coalition to provid

What happens to all the files, photos, songs and other data on your devices when you resell them or throw them away? Well, if you don't do anything, all that data is still there, waiting for someone else to access it. A recent study showed that 60% of used hard drives still had accessible data on them. Today I'll tell you how to properly wipe the data from your smartphones and computers before you get rid of them. And there were a lot of other news items this week, including severe bugs in both Apple and Android smartphones, Cloudflare's wonderful new free mobile VPN app called Warp, a bug in WhatsApp that could allow complete takeover of your device, how to pronounce "GIF", the SIMJacker hack that affects well over a billion phones, and yet around call by the government to "backdoor" our encrypted communications. Further Info: Hope to Wipe Your Data: https://firewallsdontstopdragons.com/wipe-data-before-dumping-devices/Windows 10 privacy settings: https://spreadprivacy.com/windows-10-privacy-tips/

So what happens when your face print (or any biometric info) is stolen from a server? You can't change your face like you can change your password. Is there anything you can do to avoid your face being scanned or prevent your face from being recognized? What can you do right now to halt the use of facial recognition technologies while we sort out all the social implications? The answers to these questions and more in the second half of my interview with EPIC's Jeramie Scott! Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of "Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Pr

Use of facial recognition technology (FRT) is exploding around the globe. While touted as a convenience for checking in for a flight or crossing the border, the opportunities for abuse are staggering. People act differently when they feel they're being watched. There's a reason we have sayings like "dance like no one is watching". But US agencies like TSA and CBP have gained access to treasure troves of faces from DMV and passport databases, without ever asking our permission, and they're rolling out FRT across the nation. There are no laws or regulations on the use of this technology, and little thought being given to how constant, mass surveillance will affect our democratic and human rights. In the first part of my two-part interview with Jeremie Scott (EPIC), we'll discuss how we got here. Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, A

No doubt sensing the impending US privacy regulations, Google has released a plan to "enhance" user privacy... by finding different ways to track you. Instead of relying on cookies and fingerprinting, Google proposes that we just come out in the open and formalize tracking technologies. While that could give users more transparency and a modicum of control, the bottom line is that Google is really just trying desperately to save its business model (ads based on tracking). While there are actually some good ideas in their proposal, many of the technologies they're putting forward could be even worse for your privacy than the current schemes. Today I'll walk through the EFF's excellent analysis of these propositions and give my own take. Further Info: EFF: Don't Play in Google's Privacy Sandbox: https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1 EFF's Panopticlick tool: https://panopticlick.eff.org/

Today we speak with EFF's Matthew Guariglia about the creepy new partnership between Amazon's Ring Doorbell division and local law enforcement. Recent disclosures reveal that Amazon has partnered with over 400 police agencies to market their product and share surveillance footage. While these footage requests can supposedly be refused by the Ring owners, there appear to be circumstances where Amazon will provide footage without consent. The marketing of Ring has changed from convenience to an automated neighborhood watch program, where the police have been coached in how to drum up interest in the product and to assuage fears over sharing their private footage. Matthew Guariglia is a policy analyst for surveillance and privacy at the Electronic Frontier Foundation. He is also a visiting research scholar at the University of California-Berkeley and holds a PhD in U.S. history. His work focuses on the relationship between race, immigration, policing and government surveillance in the past and present. You ca

Evaluating VPN providers on privacy is really, really hard. Even if you read all their privacy claims, how do you know if they're telling the truth? I've read many reviews on many sites, but the recent review from The Wirecutter is the most comprehensive and helpful review I've ever come across. It focused first and foremost on privacy - something many other reviews fail to do, instead focusing on more readily verifiable aspects like speed, number of servers, and cost. In recent years, some top VPN providers have turned to third party, independent auditors to verify their privacy claims and published the results. This is what allows for a truly privacy-focused review. Many top contenders like ExpressVPN and NordVPN didn't make the cut due to lack of transparency compared to the providers that topped Wirecutter's list. Who won? Listen to today's show to find out. In other news, iPhones have been vulnerable to some nasty website hacks for several years, Facebook finally releases a tool to manage your "off-Fa

In the second half of my interview with EFF's Aaron Mackey, we'll discuss why our federal agencies are not enforcing the laws already on the books that should be protecting your privacy, the real implications of tracking someone's location, other ways in which we're tracked, and how you - as a consumer and citizen - can best defend yourself and advocate for better enforcement and protections. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown Law. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergra

In January 2019, Motherboard broke a story about how cellular providers were allowing your location information to be sold to several third parties, effectively allowing anyone to buy the real-time location of any cell phone. The Electronic Frontier Foundation has brought a suit against AT&T and others, claiming that this practice broke several state and federal laws. Today in part one of my interview with the EFF's Aaron Mackey, we'll discuss this case and why our location data can expose so much about us. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown La