Firewalls Don't Stop Dragons Podcast Carey Parker

Our privacy has never been more threatened. While some of us are vaguely aware of this, most of the rampant data collection and sharing is completely opaque. And the consequences are more dire than most of us realize. We can't afford to be complacent. We need to push back, to ask questions, and make better choices. Privacy-respecting apps and services do exist today. Making a deliberate and overt decision to use them will force the market (and our elected representatives) to take notice. My guest Naomi Brockwell from NBTV will make a compelling case for privacy and reclaiming control of our data, including several top notch tips for doing so.







Interview Notes









Naomi Brockwell’s NBTV: https://www.nbtv.media/  







A World Without Privacy: https://www.nbtv.media/episodes/a-world-without-privacy 







A Beginner’s Introduction to Privacy: https://www.amazon.com/Beginners-Introduction-Privacy-Naomi-Brockwell-ebook/dp/B0BQHS8MFS 







Who can access your car remotely? https://www.youtube.com/watch?v=Ff9pmaSdZV8 







Naomi Brockwell on All Things Secured: https://www.youtube.com/watch?v=D0WjIWBQEBM 







Michael Bazzell’s Extreme Privacy resources: https://inteltechniques.com/links.html 







Try Proton! https://firewallsdontstopdragons.com/its-time-to-try-proton/ 







Try Signal! https://firewallsdontstopdragons.com/how-to-switch-to-signal/ 









Further Info









Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







Subscribe to the newsletter: https://fdsd.me/newsletter 







Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







Give the gift of privacy and security: https://fdsd.me/coupons 







Generate secure passphrases! https://d20key.com/#/ 









Table of Contents







Use these timestamps to jump to a particular section of the show.









0:02:58: How did you become a privacy evangelist?







0:06:51: What are some of the most mind-blowing ways we leak personal data?







0:09:56: What were some of Orwell's most prescient predictions in 1984?







0:15:49: How is surveillance different in real life from 1984?







0:22:23: How does data collection skew the power balance between citizens and authorities?







0:26:36: How do you counter the "I have nothing to hide" argument?







0:29:55: Why is it so important to normalize the use of privacy tools?







0:33:46: What changes do you recommend and what are the impacts for making them?







0:45:48: If you've given away tons of personal data already, is it too late?







0:50:07: What can we do to push vendors to respect our privacy more?







0:57:49: What's the future of privacy look like?







1:00:15: Post-interview notes







1:06:11: Looking ahead

Security experts talk at length about how to choose a good password - but we don't often talk about how to choose a good PIN code. A recent analysis by a researcher shows popular patterns humans use when choosing PIN codes, and therefore what you should avoid doing.







In the news: MediSecure e-Rx firm hit by data breach; CISA warns of active D-Link router exploit; a couple cases of insecure APIs being abused; 53k Nissan employees' SSN's leaked; new macOS malware called Cuckoo; Ascension Healthcare suffers cyberattack; Proton user's poor OpSec gives him away; TunnelVision VPN attack exploits DHCP feature; Maryland & Vermont pass data privacy laws; tracker detection feature debuts on iPhone & Android.







Article Links









[BleepingComputer] MediSecure e-script firm hit by ‘large-scale’ data breach https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/







[The Hacker News] CISA Warns of Actively Exploited D-Link Router Vulnerabilities https://thehackernews.com/2024/05/cisa-warns-of-actively-exploited-d-link.html







[Ars Technica] How I upgraded my water heater and discovered how bad smart home security can be https://arstechnica.com/gadgets/2024/05/how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be/







[BleepingComputer] Dell API abused to steal 49 million customer records in data breach https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/







[infosecurity-magazine.com] 53,000 Nissan Employees' Social Security Numbers Exposed https://www.infosecurity-magazine.com/news/employees-social-security-nissan/







[Tom's Guide] New Cuckoo macOS malware can take over all Macs and steal your passwords https://www.tomsguide.com/computing/malware-adware/new-cuckoo-macos-malware-can-take-over-all-macs-and-steals-your-passwords-too-dont-fall-for-this







[Dark Reading] Ascension Healthcare Suffers Major Cyberattack https://www.darkreading.com/cyberattacks-data-breaches/ascension-healthcare-hit-by-cyberattack







[restoreprivacy.com] Proton Mail Discloses User Data Leading to Arrest in Spain https://restoreprivacy.com/protonmail-discloses-user-data-leading-to-arrest-in-spain/







[Ars Technica] Novel attack against virtually all VPN apps neuters their entire purpose https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/







[mullvad.net] Evaluating the impact of TunnelVision https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision







[epic.org] Vermont Passes Landmark Data Privacy Bill https://epic.org/vermont-passes-landmark-data-privacy-bill/







[epic.org] Governor Moore Signs Maryland Online Data Privacy Act https://epic.org/governor-moore-signs-maryland-online-data-privacy-act/







[9to5Mac] Here’s how the new Cross-Platform Tracking Detection works https://9to5mac.com/2024/05/13/cross-platform-tracking-detection-ios-17-5/







Tip of the Week: How to Choose a PIN https://firewallsdontstopdragons.com/how-to-choose-a-pin/ 









Further Info









Send me your questions! https://fdsd.me/qna 







Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







Subscribe to the newsletter: https://fdsd.me/newsletter 







Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Russia has been hacking Ukraine for at least a decade now, but since the invasion of Ukraine in February of 2022, the cyber war has changed. Instead of being a tactical element, cyber war is now a full-fledged strategic aspect of the conflict, on both sides. At the outset, Ukraine put out an official call to enlist cyber warriors from around the globe to their cause in what's been called the IT Army of Ukraine. Today we'll look at how this group was formed, how it operates, and what we should all be learning from what's happening there. My guest is Dina Temple-Raston from The Record, the Click Here Podcast, and formerly NPR.







Interview Notes









Dina Temple-Raston at The Record: https://therecord.media/author/dina-temple-raston 







Click Here podcast: https://therecord.media/podcast 







Click Here, Episode 98: “Lessons from the world's first hybrid war”: https://podcasts.apple.com/us/podcast/click-here/id1225077306?i=1000639045741 







NPR’s I’ll Be Seeing You: https://www.npr.org/series/760566025/ill-be-seeing-you 







Operation Glowing Symphony: https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis 









Further Info









Send me your questions! https://fdsd.me/qna 







Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







Subscribe to the newsletter: https://fdsd.me/newsletter 







Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







Give the gift of privacy and security: https://fdsd.me/coupons 







Support our mission! https://fdsd.me/support 







Generate secure passphrases! https://d20key.com/#/ 









Table of Contents







Use these timestamps to jump to a particular section of the show.









0:04:50: How did you get into covering cybersecurity and cyber warfare?







0:06:48: When and how did Russian cyber attacks begin in Ukraine?







0:15:40: What is the IT Army of Ukraine and what is its origin?







0:20:47: Have we seen other cyberwar volunteer organizations?







0:23:05: How are information and communications being utilized by the IT Army?







0:26:53: How has Russia responded to this?







0:28:34: How are IT Army members recruited and vetted?







0:30:17: How are objectives coordinated?







0:31:20: Where are IT Army members coming from?







0:32:03: Do we know if Western military members are participating in the IT Army?







0:36:30: What are the military lessons to be learned here?







0:42:11: What should civilians be learning from all of this?







0:46:01: What's next for you and Click Here?







0:47:14: Wrap-up and looking ahead

Google's Chrome browser has dominated the planet - both on desktop computers and mobile devices. Furthermore, many other popular web browsers are actually based on the same Google-made Chromium browser engine, including Microsoft Edge and Brave Browser. This gives Google an inordinate amount of influence on web standards, in particular preventing better privacy protections. We need to support privacy-forward alternatives lest they disappear.







In other news: US passes expanded mass surveillance policies instead of curbing them; TikTok ban bill becomes law giving Bytedance a year to sell it; UK's Investigatory Powers Bill amendment passes; photo-sharing app will use users' uploaded images to train AI; Health insurers Kaiser and Change Healthcare are hacked; antivirus software service installs malware on user's systems; FCC fines telecom's $200M; CISA director pushes for vendor accountability; CISA's proactive protection programs are making positive impacts; UK becomes first country to enforce strong and strict IoT security requirements; net neutrality is back; Google again delays killing third party cookies.







Article Links









[Electronic Frontier Foundation] U.S. Senate and Biden Administration Shamefully Renew and Expand FISA Section 702, Ushering in a Two Year Expansion of Unconstitutional Mass Surveillance https://www.eff.org/deeplinks/2024/04/us-senate-and-biden-administration-shamefully-renew-and-expand-fisa-section-702-0







[TechCrunch] Biden signs bill that would ban TikTok if ByteDance fails to sell the app https://techcrunch.com/2024/04/24/biden-signs-bill-that-would-ban-tiktok-if-bytedance-fails-to-sell-the-app/







[theregister.com] UK's Investigatory Powers Bill to become law despite tech world opposition https://www.theregister.com/2024/04/26/investigatory_powers_bill/







[TechCrunch] Photo-sharing community EyeEm will license users photos to train AI if they don’t delete them https://techcrunch.com/2024/04/26/photo-sharing-community-eyeem-will-license-users-photos-to-train-ai-if-they-dont-delete-them/







[TechCrunch] Health insurance giant Kaiser notifies millions of a data breach https://techcrunch.com/2024/04/25/kaiser-permanente-health-plan-millions-data-breach/







[TechCrunch] Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/







[Ars Technica] Hackers infect users of antivirus service that delivered updates over HTTP https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/







[BleepingComputer] FCC fines carriers $200 million for illegally sharing user location https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/







[cybersecuritydive.com] CISA director pushes for vendor accountability and less emphasis on victims’ errors https://www.cybersecuritydive.com/news/cisa-highlights-vendors-errors/714300/







[therecord.media] More than 800 vulnerabilities resolved through CISA ransomware notification pilot https://therecord.media/vulnerabilities-resolved-through-cisa-pilot







[therecord.media] UK becomes first country to ban default bad passwords on IoT devices https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices







[WIRED] Net Neutrality Returns to a Very Different Internet https://www.wired.com/story/fcc-net-neutrality-rules-vote/







[Ars Technica] Google delays third-party cookie death again: Now scheduled for 2025 https://arstechnica.

AI has been grabbing all the tech headlines, but cryptocurrency is still innovating and changing. One of the primary goals of cryptocurrency was to be decentralized and therefore not controlled by governments like fiat currency. That is about to change. Central Bank Digital Currency (CBDC) is a new type of cryptocurrency that is created and governed by nation states, which comes with serious implications for privacy and global economics. Thankfully I've got cryptocurrency expert Seth for Privacy on the show to explain how CBDC works and how it will affect us.







Interview Notes









Opt Out Podcast: https://optoutpod.com/ 







Freedom.Tech: https://freedom.tech/ 







Foundation.xyz: https://foundation.xyz/ 







CBDC tracker: https://cbdctracker.hrf.org/home 







Buying Monero: https://freedom.tech/buying-monero-privately/







Samourai Wallet 1: https://freedom.tech/how-samourai-worked/ 







Samourai Wallet 2: https://freedom.tech/samourai-to-sparrow/







Cryptocurrency 101 interview: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/ 









Further Info









Treasure & Coin Promo: https://fdsd.me/promo424 







Send me your questions! https://fdsd.me/qna 







Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







Subscribe to the newsletter: https://fdsd.me/newsletter 







Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







Give the gift of privacy and security: https://fdsd.me/coupons 







Support our mission! https://fdsd.me/support 







Generate secure passphrases! https://d20key.com/#/ 









Table of Contents







Use these timestamps to jump to a particular section of the show.









0:00:30: Promo update







0:01:42: News preview







0:04:34: AT&T now says over 50M accounts were compromised







0:11:37: Apple password reset notification attack







0:16:04: Outlook is Microsoft’s new data collection service







0:22:40: Kobold letters







0:29:27: Backdoor in XZ Utils That Almost Happene







0:39:42: OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models







0:45:57: How to Turn Off Meta AI on their various apps







0:49:07: Vulnerabilities Identified in LG WebOS







0:52:14: Roku Says More Than 500,000 Accounts Were Compromised







0:56:05: X May Charge New Users a 'Small Fee' to Post, Like and Reply







1:00:04: DuckDuckGo Is Taking Its Privacy Fight to Data Brokers







1:04:19: Google Launches Android Find My Device Network







1:07:29: The CFPB wants to rein in data brokers







1:12:23: Tip of the Week: Freeze Your Credit







1:18:05: Wrap-up







1:19:06: Looking ahead

You've heard people like me recommend this for years. It's time to just do it: freeze your credit report. There are really no downsides at this point. For example, it's now free everywhere in the US, by law. It's also free to temporarily "thaw" your credit. And it's gotten a lot easier to do, too. Freezing your credit is your main defense against financial identity theft. And with the sheer number of data breaches (like the recent massive AT&T leak), the personal information needed to commit identity theft is out there already.







In other news: AT&T now says 51 million past and current customers' data were leaked; beware of a new password reset 'bomb' campaign; Microsoft is using Outlook to harvest and share your data; a new email scam alters their content after forwarding; a devious and devastating supply chain attack was thwarted in the nick of time; AI organizations are using sneaky techniques to train their models on your data; Meta is lacing its apps with AI, and there's not much you can do about it; LG TVs are hacked; Roku is breached again, this time affecting over 500,000 accounts; Twitter/X looking to charge new users a small fee to try to curb bot accounts; DuckDuckGo unveils trio of new for-pay privacy services; Google launches their own Find My network; and various US government agencies, lacking a real privacy law, attempt to curb privacy abuses using existing powers.







Article Links









[BleepingComputer] AT&T now says data breach impacted 51 million customers https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/







[AppleInsider] If you're getting dozens of password reset notifications, you're being attacked https://appleinsider.com/articles/24/03/27/if-youre-getting-dozens-of-password-reset-notifications-youre-being-attacked







[proton.me] Outlook is Microsoft’s new data collection service https://proton.me/blog/outlook-is-microsofts-new-data-collection-service







[Lutra Security] Kobold letters https://lutrasecurity.com/en/articles/kobold-letters/







[Schneier Blog] Backdoor in XZ Utils That Almost Happened https://www.schneier.com/blog/archives/2024/04/backdoor-in-xz-utils-that-almost-happened.html







[Engadget] OpenAI and Google reportedly used transcriptions of YouTube videos to train their AI models https://www.engadget.com/openai-and-google-reportedly-used-transcriptions-of-youtube-videos-to-train-their-ai-models-163531073.html







[Lifehacker] How to Turn Off Meta AI on Facebook, Instagram, Messenger, and WhatsApp https://lifehacker.com/tech/how-to-turn-off-meta-ai-on-facebook-instagram-messenger-whatsapp







[bitdefender.com] Vulnerabilities Identified in LG WebOS https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/







[Lifehacker] Roku Says More Than 500,000 Accounts Were Compromised in a Cyberattack https://lifehacker.com/tech/roku-cyberattack-compromises-accounts







[MacRumors] X May Charge New Users a 'Small Fee' to Post, Like and Reply https://www.macrumors.com/2024/04/15/x-small-fee-new-users/







[WIRED] DuckDuckGo Is Taking Its Privacy Fight to Data Brokers https://www.wired.com/story/duckduckgo-vpn-data-removal-tool-privacy-pro/







[MacRumors] Google Launches Android Find My Device Network https://www.macrumors.com/2024/04/08/google-android-find-my-device-network-2/







[ftc.gov] Proposed FTC Order will Prohibit Telehealth Firm from Using or Disclosing Sensitive Data for Advertising Purposes https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data