Firewalls Don't Stop Dragons Podcast

There are estimated to be 2500-4000 data brokers in the United States who are collecting, buying and selling your information. Vermont has become the first state to pass laws to regulate this data mining that is largely working in the dark with zero accountability. We need more laws like this and I’ll tell you what you can do in the meantime to take more control over your personal and private data. Also in the news, Apple has announced some fantastic new security and privacy features for it’s upcoming iOS and macOS releases, Facebook has screwed up again, turning posts from 14M people public when they were supposed to be private, and My Heritage DNA service annouces that its 92M customer passwords were stolen. For Further Insight: Opting out of data collection: https://www.stopdatamining.me/opt-out-list/ Opting out of marketing, phone calls: https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs/  Know that they have on you: https://www.aboutthedata.com/portal/registration/step1 

When is a Virtual Private Network (VPN) not really private? Answer: When your VPN provider tracks where you go and sells that information to someone else. Today we’ll talk about a recent study that shows that many of the top free VPN services make their money by collecting and selling your browsing information. That seems to violate the “P” part of “VPN”, but let’s face it: if the product is free, then you are probably the product. I’ll help you find a VPN service that is truly private. In other news, Amazon’s Echo was recently caught recording a private conversation and sending it to a seemingly random person - should you be worried? Also, I’ll explain why shouting at your hard drives can cause corruption and tell you about a great new feature of the Privacy Badger browser plugin that will stop Facebook from tracking you. For Further Insight: Don’t shout at your hard drives: https://www.youtube.com/watch?v=tDacjrSCeq4 Choosing a truly private VPN: https://www.privacytools.io/#vpn Help me to help you! Visit

Summer is upon us and for many of us that means travel - but before you even pack your bags, you need to listen to this podcast! In my interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! I also tell you why everyone needs to reboot their WiFi routers - by request of the FBI, no less! A Russian-made piece of malware called VPNFilter has infected half a million routers world-wise, and the remedy in most cases is simply to power-cycle or reboot your router. It’s easy to do and we should also take a few minutes to do it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and ou

On May 25th, the European Union will begin enforcing the GDPR - a sweeping set of regulations designed to return control of user data back to the users. These rules apply to EU people, not EU companies - so if you have a business or website that deal with folks from the EU, then you need to comply with these rules. Note that even if it’s just a newsletter, you could be on the hook for damages if you didn’t obtain proper consent from your subscribers. Ruth Carter is an Arizona attorney and an authority on intellectual property, business startups, contracts, and internet law. She is an American Bar Association Legal Rebel, a Phoenix Business Journal 40 Under 40, and a Super Lawyers Southwest Rising Star. Ruth also wrote three best-selling books on guerrilla marketing and social media law including The Legal Side of Blogging: How Not to get Sued, Fired, Arrested, or Killed. Ruth is also a professional speaker and has spoken at South by Southwest, Content Marketing World, Intelligent Content Conference, Women in

Ever since WhatsApp was acquired by Facebook in 2014 for a staggering $19B, the extremely popular global messaging app has been losing its focus on privacy. WhatsApp co-founder Jan Koum (who grew up in the Soviet Union) has now left Facebook, and with him WhatsApp may have lost its last hope for retaining the user protections Koum carefully put in place. If you even considered leaving Facebook, you should consider leaving WhatsApp. In the news, we’ll talk about a software bug that may leave 350,000 internal defibrillators to hacking, the looming hail-Mary chance to save net neutrality, a new credit bureau you might want to freeze, more computer CPU chip bugs coming, a Twitter password change requirement, new iOS and Firefox privacy features, and getting into your next concert using just your face. For Further Insight:  Everything you need to know about credit freezes: https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/  Freezing your credit at NCTUE: 866-349-5355 Save Net Neut

Phil Zimmermann fought a multi-year court battle and risked years in jail in order to defend your right to privacy. Phil created an email encryption system called Pretty Good Privacy (PGP) in 1991 that is still the gold standard for private email today. I sat down with Phil to discuss his legacy and why we are truly in the Golden Age of Surveillance, despite claims by law enforcement that all communications are “going dark”. Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software

Our electronics and appliance manufacturers are desperately trying to turn all of their “dumb” products into “smart” ones by connecting them to the Internet - the new Internet of Things (IoT). And while dialing down your thermostat from the office and asking your portable speaker for today’s forecast is great, how can you trust that these devices aren’t spying on you or going rogue? In most cases, you can’t - which is why you need to wall them off from your computers Today I’ll tell you how everyone can segregate these insecure devices using the WiFi router you already own. I’ll also tell you about a promising new project from Microsoft that may make future IoT devices much more secure, how Facebook is moving 1.5B users out from under GDPR protections, how services like 23andMe and Ancestry.com can be used to catch serial killers, and why the FBI may be lying about information “going dark”. For Further Insight: How to put your IoT devices on the guest network: http://firewallsdontstopdragons.com/the-s-in-io

Google truly does know everything. Law enforcement is now turning to the search company to locate potential crime suspects. Google owns Android and Waze, along with several other smartphone apps - many of which have full access to your whereabouts. Police are now asking Google for lists of users who were near crimes when they occurred in hopes of finding suspects.  How does this jibe with our Fourth Amendment rights and what can we do to protect our privacy in the Golden Age of Surveillance? I have an eye-opening conversation with Nathan Freed Wessler of the ACLU on how courts and lawmakers are struggling to deal with demands for data from Google and other sources by law enforcement agencies anxious to make use of the treasure trove of personal information they’re amassing. Nathan Freed Wessler is a staff attorney with the ACLU Speech, Privacy, and Technology Project, where he focuses on litigation and advocacy around surveillance and privacy issues, including government searches of electronic devices, requ

Chairman Ajit Pai and the FCC voted to gut net neutrality late last year - but the fight is not over. The United States Senate can overturn these rule changes with a simple majority of 51 votes. Right now, we have 50. We need just one more vote. This process has a 60-day deadline, which is April 23rd. We have one week left to reverse these changes and preserve Net Neutrality. If you have a Republican Senator, now is the time to call them and express your support! I’ll discuss the new “multi-breach” of Sears, Kmart, Delta and MyFitnessPal, including what you need to do if you were affected. I’ll talk about Facebook CEO’s Mark Zuckerberg’s testimony in front of Congress and why most of the Congress folks completely missed the point. And while all of that was going on, Facebook was working in the background to severely weaken data collection regulations. For Further Insight: Delta.com breach info: https://www.delta.com/response  Sears/Kmart breach info: https://searsholdings.com/update  Save Net Neutral

Would you take your computer in for repair if you knew the technicians would be scanning your hard drive looking for anything suspicious while they had the hood up? It’s something that apparently we all need to be considering now. A recent lawsuit against a California doctor has revealed that the FBI has been paying Best Buy Geek Squad technicians to search for illegal content on the computers that were sent in for repairs. The relationship appears to go back at least 10 years. Today I speak with Aaron Mackey, a staff attorney at the Electronic Frontier Foundation - the organization who discovered this connection through the use of Freedom of Information Act queries. I’ll also briefly update on the latest Facebook scandals and their attempts to address the massive privacy issues. Aaron Mackey joined EFF in 2015 after moving from Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representatio

At Facebook, it’s critically important to remember that you are not the customer, you’re the product. None of Facebook’s users pay a dime for its service and yet Facebook makes tens of billions of dollars a year. Facebook makes money off of you and your data. And as we’ve seen in the last two weeks, that business model is ripe for abuse. It’s long since time that we, as consumers, reject the current Internet business model: the collection and sale of phenomenal amounts of highly personal data. In today’s episode, I’ll discuss the Cambridge Analytica scandal and why a Facebook VP believes that growth is good at any cost. I’ll spell out all the reasons why I’m deleting my Facebook account - and why you should strongly consider doing the same. At the very least, you should see what information Facebook has on you, so you can make an informed decision - I’ll tell you how to do that, too. For Further Insight: Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Further Reading: https://firewa

Your privacy and 4th amendments rights were dealt another blow last week, while no one was really looking. Congress opened the door to more warrantless surveillance by tacking on a little-known, unvetted bill to the monster spending legislation passed last week. This bill, benignly titled the Clarifying Overseas Use of Data (“CLOUD”) Act, removes the need for foreign countries to obtain a search warrant before demanding data from US companies. This bill was never debated. It wasn’t reviewed or marked up by a single committee. There were no hearings. But it is now law. David Ruiz, from the Electronic Frontier Foundation, helps us to understand the stark implications of this new law and together we explore how it can be used to completely circumvent your 4th Amendment rights. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that se

Have you ever really stopped to consider the sheer amount of data Facebook has on you? How long have you had your Facebook account? How many pictures have you posted and tagged? How many relationships have you had? Facebook has all that data, and much more - all your posts, your messages, your status changes, your likes, your comments, your profile (every version), your photos and videos… Facebook knows all. Do you have the Facebook app on your smartphone? Then it probably also has all of your phone contacts, ever. What many people don’t know is that you can actually download your entire Facebook dossier, and it’ll blow your mind. I’ll tell you how. In other news, Intel has fixes coming soon for its chips while AMD chips have several newly discovered vulnerabilities. Alexa has been laughing at some of you, Apple has a nice web page to help you control what your kids can access, PayPal shares your data with over 600 companies, and the Geek Squad has been snooping around on your computers for the FBI. For Fur

If a vote falls in a ballot box, but there’s no one there to see it - does it count? Marian Schneider, President of Verified Voting, explains why so many of our national voting systems have absolutely no way of being audited. Digital technology has been a wonderful boon for this world, but when it comes to something as fundamental to democracy as casting a vote, you simply must have a physical record that you can verify by hand if necessary. It may already be too late for the 2018 midterm elections, but we simply must have this fixed for 2020. We’ll tell you how you can get involved and make a real difference. This is a non-partisan issue that affects us all. As the President of Verified Voting, Marian Schneider brings a strong grounding in the legal and constitutional elements governing voting rights and elections, as well as experience in election administration at the state level. Immediately before becoming President of Verified Voting, Marian served as Special Advisor and Deputy Secretary for Elections

Facebook has wants your face. Guess we should have seen that coming. While Facebook has been using face recognition for years now, it began notifying users in December of much broader use of this technology. Of course, they will tell you that you are the prime beneficiary, but by accepting this new feature you may be enabling Facebook to do much more. Tune in and I’ll tell you all about it, including how to turn it off! We’ll also discuss how Apple is taking heat for moving some of its iCloud customers’ encryption keys to China, some great new privacy features coming soon to both Firefox and Android, and how you can see all your snail mail online (and maybe others can, too). For Further Insight:  How to turn off FB facial recognition: https://mashable.com/2018/02/28/how-to-turn-off-facebook-face-recognition/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Should you cover your webcam? Is anti-virus software worth the money? How do you know if you’ve been hacked? How do you know what software you can trust? We’ll cover all of these topics and more with Patrick Wardle, a computer security expert and ex-NSA hacker. While Patrick’s focus is Mac security, we also discuss PCs and mobile devices, and much more! Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users. For Further Insight: Website: https://objective-see.com/ Twitter URL: https://twitter.com/patrickwardle Optional guest headshot: https://2016.zeronights.org/wp-content/uploads/2016/09/Patrick_Wardle.jpeg

You know the best way to limit what malware can do on your system? Limit what YOU can do! Software on computers generally inherits the privileges of the current user. The problem is that the default account that comes with all computers has full administrator privileges - you can do anything. And whatever you can do, malware can also do. The solution is to always have a non-admin account that you use for day-to-day activities, reserving your admin account for very special tasks. According to experts, using a non-admin account could have mitigated 80% of critical Microsoft bugs in 2017. I’ll also talk about Chrome’s new “ad filter” that falls well short, a bug on Apple devices that will allow a single character to crash your messaging apps, a new “turducken” Microsoft vulnerability, a nasty Skype bug that Microsoft claims takes “too much effort to fix”, and a new Facebook app feature called “protect” that should really be called “spy”. For Further Insight: How to set up non-admin accounts: http://firewallsdo

Do you know where your software’s been? If you’re downloading your apps and driver software from third parties, you may be getting more than you bargained for. Software download sites may be attaching unwanted extras to your installers in order to make money. And bad guys are also hacking these sites to trick you into downloading malware. I’ll tell you how to ensure your software is pristine. In other news, Equifax admits that it lost even more sensitive information in the massive hack that affected over 145 million customers last year. Some key Apple source code in revealed that may help hackers attack your iPhone. And Lenovo announces critical bugs in the WiFi software on many of its ThinkPad laptops.

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? CLICK FOR FULL TRANSCRIPT OF INTERVIEW Today we discuss these topics and more with Daniel Davis from DuckDuckGo - a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet

It's that time of year again: tax time. And that means it's also high season for identity thieves and scammers. Millions of people are affected by fake tax return filings every year. Phone and email scams lure unsuspecting victims to give away their money or identity. In today’s episode, I’ll tell you how to protect yourself. In this week’s news, we’ll talk about why California won’t let you cover your license plate while parked, discuss yet another Adobe Flash bug, and explain how fitness trackers may be revealing covert military sites around the world. For Further Insight:  Full blog article on tax return fraud: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/ Think someone filed a fraudulent tax return in your name? Check this article: https://krebsonsecurity.com/2018/01/file-your-taxes-before-scammers-do-it-for-you/ Set up your MySSA account, even if you’re years away from retirement: https://www.ssa.gov/myaccount/ Help me to help you! Visit: https://patreon.com/FirewallsDontSt