Firewalls Don't Stop Dragons Podcast

We all know how marketers are tracking our every move on the world wide web. But now they’re starting to track you in the real world, too. Security cameras exist everywhere, but companies have now decided to add facial recognition software to those systems in order to track where you go, what you look at, who you’re with and how effective their ads are. I’ll also tell you why the Firefox browser is taking bold new steps to protect your web browsing privacy and how Apple’s CEO Tim Cook believes tech companies must take steps to safeguard their customer’s data. For Further Insight: Tim Cook’s speech on privacy: https://www.youtube.com/watch?v=kVhOLkIs20A Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

The reports of net neutrality’s death have been greatly exaggerated. We still have time for Congress to reinstate the federal rules that were struck down by the FCC. In the meantime, states like California are taking matters into their own hands, passing landmark state-level legislation to preserve a level playing field on the Internet. Ernesto Falcon from the Electronic Frontier Foundation (EFF) explains why Net Neutrality is not dead and how states are stepping in to try to fill the gap. Prior to joining EFF, Ernesto worked as a legislative staffer for two Members of Congress (2004-2010). He then became Vice President of Government Affairs at Public Knowledge where he advocated on behalf of consumers on copyright issues and broadband competition. During his tenure, Public Knowledge was successful in achieving one of the largest consumer victories in telecom policy by defeating AT&T’s merger with T-Mobile. The following year, PK and EFF scored a major victory for consumers by rallying the Internet community

Bloomberg claims that Chinese manufacturers have implanted tiny spy chips into many of our computer systems. Apple, Amazon and others strenuously deny this. Who’s telling the truth? In today’s show, I’ll cover both sides of this story, discuss the various ways in which our global manufacturing and supply chain systems could be compromised, and delve into the several deeper considerations for these sorts of stories. In other news, Facebook has lowered its estimate of the number of users affected by the recent breach to a mere 29 million, Google has shuttered its flagging Google+ service after news of a breach leaked last week, I give you the highlights of my 320-page LexisNexis dossier, and finally I give you several tips for patching holes in your defenses in honor of National Cybersecurity Awareness Month. For Further Insight: Deleting your Google+ account: https://www.cnet.com/how-to/how-to-delete-your-google-account-data-breach/ Supply chain security 101: https://krebsonsecurity.com/2018/10/supply-chain

Ransomware, the malware that locks up your data and hold it for ransom, has been growing by leaps and bounds in the past few years, WHY? Because it works. Hackers trick you into installing the malware which encrypts your most precious files and demands that you pay Bitcoin to get the key that unlocks them. It’s like a burglar broke into your house and put all your valuables in a safe in your living room, demanding payment for the combination. Allan Liska explains why ransomware has become a favorite tool of both hackers and nation states, how to protect your computers, and even what you can do if you are unfortunate enough to be infected. Allan Liska is an intelligence analyst at Recorded Future. Allan has more than 15 years’ experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. Allan is also one of

Between 50 and 90 million Facebook users’ accounts were exposed, appearing to give hackers full access as if they were logged in as you. Facebook has fixed the bug, but it’s not yet clear whose accounts may have been compromised. In other news, researchers have determined that Facebook is using your security contact information and information shared by others you know to target you with ads. In other privacy news, Google’s Chrome browser version 69 will automatically log you into the browser if you log in to any of Google many services - without warning or consent. While Google claims that none of your history or data is uploaded, the quiet change appears to violate their own privacy policies and has rankled many privacy advocates (including yours truly). For Further Insight: Why I’m Done With Chrome: https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

One of the best ways to avoid identity fraud is to freeze your credit reports. Thanks to a new law that just went into effect, freezing and unfreezing your credit is now completely free! Freezing your credit will prevent fraudsters from opening new loans and credit cards in your name, sticking you with the bill. When you actually need to open new credit, you can temporarily thaw your account (also free). I’ll tell you how. In other news, hackers have found flaws in two different government online payment systems, researchers have identified popular iPhone and Mac apps that are stealing your personal information, and Google has struct a secret deal with at least one major credit card company to get access to your real life purchase information. For Further Insight: Secret data sharing deal between Google and MasterCard: https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales iPhone apps stealing location data: https://www.macrumors.com/2018/09/

Did you know that Google owns Android, Waze, YouTube, Pixel phones and Chromebooks? Did you know that almost 90% of Google’s revenue comes from advertising? There’s hardly any part of your online life that isn’t somehow tracked by Google. By using Google’s email, calendar, docs, search, browser, cloud storage and even phones, we are allowing Google to know just about everything about us. But there are viable alternatives that will respect your privacy. Daniel Davis from DuckDuckGo (a search privacy-first search company) will help us understand how and why Google tracks us, and then provide practical replacements for Google’s most popular services and products. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter: https:

AT&T is operating top secret Internet monitoring facilities for the NSA in the heart of 8 major US cities according to a blockbuster report from The Intercept. Sitting on top of major digital communications arteries, these surveillance systems can track and record most communications within the US as well as many outside our physical borders. David Ruiz from the Electronic Frontier Foundation explains why these sorts of systems go way beyond the foreign spying mandate of the NSA and hoover up hordes of “incidental” data on ordinary, law-abiding US citizens. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that seek to reform or reauthorize Section 702 of the FISA Amendments Act, a law that is currently one of the U.S. government's most powerful surveillance tools. Previously, David worked as a journalist covering legal affairs fo

The 2018 DEFCON Vote Hacking Village showed once again that our voting machines are way too easy to hack. Even though election system manufacturers refuse to allow independent researchers to vet their products directly, hackers at DEFCON have managed to get their hands on several systems in use today, and show that they are trivial to compromise. Jacob Hoffman-Andrews from the EFF explains what all of this means and the measures we need to take to address these shortcomings. The PAVE Act that’s currently before Congress would provide mechanisms to mitigate the weaknesses of our voting systems by requiring a paper trail for all votes and risk-limiting audits to validate vote totals with minimal effort and cost. The companion Secure Elections Act is now a much weaker bill and would need to have these provisions restored. Jacob Hoffman-Andrews is a lead developer on Let's Encrypt, the free and automated Certificate Authority. He also works on EFF's Encrypt the Web initiative and helps maintain the HTTPS Everyw

Facebook’s “Protect” Virtual Private Network is anything but “private”. Facebook has been using this VPN to monitor all of your web surfing, adding even more information about its users to its colossal database. Apple removed the app from it’s App Store due to violations of its recently upgraded privacy policies. You should delete the app from your phone and use a better VPN. In other news, banks are using 2,000 data points about how you tap, swipe, type, click and move to try to prevent fraud, DEFCON hackers have found more bugs in our election systems (though the headlines got it mostly wrong), Amazon Echo might be able to scare off burglars, and DNA service 23andMe is starting to dial back access to your data for third party developers. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Security researchers have demonstrated that a modern all-in-one printer machine can be compromised using technology from the 1970s: the venerable fax machine. If you have a fancy printer/fax, you need to update its software ASAP. Presenters are this year’s DEFCON hacker conference have shown that they can compromise HP printer/fax machines by sending it a maliciously formatted fax message. I’ll also tell you about a scary and effective sextortion scam, a dire warning from the FBI about a coming ATM cashout heist, some more browser plugins that are tracking all the websites you visit, and why turning of Location History in your Google settings isn’t actually stopping Google from tracking where you go. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

What do you get when you cross cryptography with a wall of lava lamps? Believe it or not, a much more secure Internet. Cloudflare’s CTO John Graham-Cumming will explain why all our modern communications require sources of randomness to remain secure, and how his company has used a wall of 100 lava lamps to serve as a serious source of entropy. John will explain how to pick strong passwords using dice, how you can predict random numbers, and whether quantum computing will render all of our crypto technology useless. Book: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The

How can you go wrong trying to stop sex trafficking? FOSTA, that’s how. The Fight Online Sex Trafficking Act (FOSTA) tried to fix something that wasn’t broke: under pre-existing law, we already had common sense regulations in place to prosecute online services that facilitated sex trafficking. But perhaps in an effort to appear tough on sex crimes, the US Congress passed additional regulations that are difficult to enforce and possibly even unconstitutional. The result may be more harm that good, robbing sex workers of resources that tools that served to protect them and squelching legitimate online content. I delve into this topic with the EFF’s Elliot Harmon, covering the history of legislation in this area and analyzing the nuances of this tricky area of law. We also explore the political and financial reasons the FOSTA/SESTA bills appeared to have such broad support and how these laws closely parallel copyright enforcement bills. Elliot Harmon is the associate director of activism at EFF. He advocates f

A small company has recently bought up a bunch of mobile phone add-ons and browser plugins, and apparently decided to start snooping on its customers. The apps have been downloaded by over 11 million people and appear to be keeping track of every single web site you visit. In another story, a plugin that is supposed to help you pin things on Pinterest is actually injecting code into web pages. While this appears to be just a coding accident, these two stories should be a wake-up call. I’ll tell you what you can do about it. In other news, Facebook, Google and others are helping you take your data to competing services, 23andMe is sharing your DNA with Big Pharma, a nasty new Bluetooth bug has been found, and Chrome is now marking many more websites as “insecure”. Tune in and I’ll explain how this all affects you!

There’s a data gold rush going on in the United States and without regulation, it’s turning into a Wild West of data mining. Modern humans generate tons of data exhaust every single day: what you buy, what you eat, what you watch, where you live and work and what you do in your free time. These activities and habits may speak volumes about your health risk factors - and therefore how expensive you will be to cover with health insurance. In today’s show, I’ll share some chilling insights from a conference where data brokers and health insurers are using this data to predict how much it will cost them to insure you - and potentially raise your rates or even find ways to avoid covering you at all. In other news, Apple has released a new privacy feature to protect your iPhone from hacking, the popular mobile payment firm Venmo is sharing your transaction information with the world, researchers have developed an app to stop your laser printer from tattling on you, and Google’s new Confidential Mode email isn’t so

Where were you on the night of June 22nd? Your cellular provider knows. And until that date just a few weeks ago, if law enforcement wanted that info, all they had to do was ask. But we’re not just talking about one night… they know every place you’ve been, throughout the day, every day, going back months or even years. Thankfully, the Supreme Court ruled that law enforcement must now get a warrant to obtain this highly sensitive information and show probable cause. In our interview today, I have a truly thought-provoking discussion around the landmark Carpenter vs United States ruling with Shahid Buttar, a lawyer and grassroots organizer for the Electronic Frontier Foundation (EFF). We delve into the history behind cell phone data access in the United States and why a basic right to privacy is fundamental to any democracy.  Shahid Buttar leads EFF's grassroots and student outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift

We’ve talked about encryption in just about every single one of these shows but we’ve never actually talked about what it means to encrypt something. Did you know that Julius Caesar used cryptography to send secret messages to his generals? You may have heard about the vaunted Enigma Machine used by the Germans in World War II, but how did it work? I’ll walk you through the basics of creating secret codes and how to crack them - the science of cryptography and cryptanalysis! Secret codes have one big problem, though: coded messages stick out like a sore thumb. When you capture a spy with a piece of paper full of gibberish, you can bet it’s a coded message. But what if you could hide your messages in plain site? That’s called steganography and I’ll explain how crafty people have hidden messages since the days of the Ancient Greeks. For Further Insight: The Code Book by Simon Singh The Code Breakers by David Kahn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Wouldn’t it be great if you could speed up every single website you visit without paying a dime? Every time you go to a website, your computer or smartphone first has to look up how to get to get there - just like we used to have to look up people’s numbers in the phone book. The service we all use is the Domain Name System (DNS), and by default, your DNS provider is probably not very fast. Today, John Graham-Cumming (the CTO of Cloudflare) will carefully explain how this works and why his company’s 1.1.1.1 DNS service is so much faster than the default one you’re probably all using. Furthermore, Cloudflare’s service will keep your web surfing habits totally private - something your default service is almost surely NOT doing. John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPF

This was a huge week for location privacy rights. In a 5-4 ruling, the Supreme Court has ruled that law enforcement must now obtain a warrant to obtain your cell phone location history. You cell provider knows where you are 24/7 and keeps records of your whereabouts that can go back for years. Until this ruling, this location information was considered to be unprotected and could be freely provided to law enforcement without notice or permission. In related news, all major US cellular providers have voluntarily terminated agreements to provide your location to third party vendors due to several recent cases of abuse. On the other hand, Apple’s new iOS 12 will come with a feature that will automatically send detailed location information to 911 operators when you make an emergency call. We’ll talk about how end-to-encryption in WhatsApp has allowed girls in ISIS-controlled Syria to maintain their schooling. And if you have a really old web browser, it’s time to update it - at least if you still want to shop o

Android devices are everywhere - not just smartphones, but smart TVs, DVRs, streaming TV boxes and tablets. And many of these devices a shipping with a wide open backdoor for hackers. The Android debug port is supposed to only be used during software development, but many manufacturers are shipping popular Android-based products with this debug interface wide open. Hackers can easily use this interface to hack these devices, often from anywhere on the planet. In other news, California is trying to follow Vermont’s lead by introducing consumer data protection regulations, but many huge tech companies are trying desperately to defeat the measure. I’ll update you on the VPNFilter malware that is affecting more and more of our home WiFi routers, yet another critical Adobe Flash bug, and a $99 “unbreakable” smart padlock that can be hacked in under two seconds. For Further Insight: Locking down your home routers: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https