368 episodes

Every week, this podcast brings you the cybersecurity and privacy news you need, in a manner that's easy for anyone to understand and even entertaining! The host also interviews top industry leaders, to dig deeper into important topics and recent events. It all that weren't enough, the host also passes along top tips for defending your digital realm.

Firewalls Don't Stop Dragons Podcast Carey Parker

    • Technology
    • 4.9 • 48 Ratings

Every week, this podcast brings you the cybersecurity and privacy news you need, in a manner that's easy for anyone to understand and even entertaining! The host also interviews top industry leaders, to dig deeper into important topics and recent events. It all that weren't enough, the host also passes along top tips for defending your digital realm.

    Health Data Privacy

    Health Data Privacy

    The United States has no general data privacy laws. However, we do have some sector-specific regulations, including HIPAA for health data. But there are many misconceptions about HIPAA. For example, the "P" in HIPAA does not stand for Privacy - it stands for Portability. So, what information does HIPAA cover? Which healthcare and related service providers are governed by HIPAA? And most importantly, what can you do to protect your medical and health data? Today we'll dive deep into this subject with Kate Black, a data, privacy & health lawyer and a strategic advisor in the health data field.







    Interview Notes









    Kate Black: https://www.linkedin.com/in/kate-black-sfo/ 







    Washington’s My Health, My Data law: https://hintzelaw.com/blog/2023/4/9/wa-my-health-my-data-act-pt1-overview 







    HIPAA rights: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html 







    STAT medical news: https://www.statnews.com/ 









    Further Info









    Check out my dragon challenge coins! https://fdsd.me/coin2







    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 







    Generate secure passphrases! https://d20key.com/#/ 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:03:29: What is covered by HIPAA? What isn't covered?







    0:06:51: Can I sign away my HIPAA rights?







    0:08:08: Who in my medical provider's office can access my data?







    0:10:23: How audits HIPAA compliance?







    0:11:47: How is my health data shared between providers?







    0:14:49: Are certain types of health data treated differently?







    0:15:23: How does health privacy work for minors?







    0:16:53: Outside of health providers, who else can access my data?







    0:20:56: How does HIPAA compare to other sector-specific privacy laws?







    0:22:20: Do secondary providers share back with my primary care physician?







    0:24:42: Who stores and protects my digital medical records?







    0:27:46: How are third party providers audited for privacy and security?







    0:29:56: Are HIPAA security requirements keeping up with the times?







    0:33:13: Do I have full access to my complete medical record?







    0:36:52: How do marketers get my health data?







    0:39:51: What laws govern inferred health information?







    0:45:48: Do pharmacies sell health data to marketers?







    0:48:57: How private are online medical portals and checkin services?







    0:53:35: How concerned should we be about using DNA analysis services?







    0:59:17: How can we improve our health privacy laws?







    1:00:30: What are your personal tips for protecting health data?







    1:02:37: If I think someone has abused my data, what can I do?

    • 1 hr 8 min
    Backing Up 2FA Seeds

    Backing Up 2FA Seeds

    Two-factor authentication (2FA) is a fantastic way to improve the security of your online accounts. However, if you lose access to the device containing your authenticator app, you may lose access to your 2FA-protected accounts. You need to backup the seed codes used to set up each account. I'll give you several methods for doing this.







    In the news: FBI uses smartphone push notifications to track down criminals; Roku TVs block all access until users consent to force arbitration; cheap video doorbells have horrible security; AI can be used to determine where photos were taken; vending machine caught using facial recognition; what happens to your data when a data broker goes bankrupt; your personal information that is publicly available; New Jersey passes motor vehicle data deletion law; Proton Mail's new email aliasing feature; in Canada, police now need warrant to get a person's IP address; US cracks down on commercial spyware firm; NSO Group forced to hand over source code to Meta in legal case; Authy is shutting down its desktop app.







    Article Links









    [The Washington Post] The FBI’s new tactic: Catching suspects with push alerts https://www.washingtonpost.com/technology/2024/02/29/push-notification-surveillance-fbi/







    [TechCrunch] Roku disables TVs and streaming devices until users consent to forced arbitration https://techcrunch.com/2024/03/05/roku-disables-tvs-and-streaming-devices-until-users-consent-to-forced-arbitration/







    [Consumer Reports] These Video Doorbells Have Terrible Security https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/







    [NPR] Artificial intelligence can find your location in photos, worrying privacy experts https://www.npr.org/2023/12/19/1219984002/artificial-intelligence-can-find-your-location-in-photos-worrying-privacy-expert







    [Ars Technica] Vending machine error reveals secret face image database of college students https://arstechnica.com/tech-policy/2024/02/vending-machine-error-reveals-secret-face-image-database-of-college-students/







    [The Markup] What Happens to Your Sensitive Data When a Data Broker Goes Bankrupt? – The Markup https://themarkup.org/privacy/2024/02/23/what-happens-to-your-sensitive-data-when-a-data-broker-goes-bankrupt







    [Lifehacker] All of Your Information That’s Publicly Available (and What You Can Do About It) https://lifehacker.com/tech/all-your-information-thats-publicly-available-what-to-do-about-it







    [privacy4cars.com] “Motor Vehicle Data Deletion Act” of New Jersey https://privacy4cars.com/nj-law/







    [Lifehacker] Proton Mail Now Lets You Hide Your Real Email Address https://lifehacker.com/tech/how-to-set-up-email-aliases-proton-mail







    [CBC] Police now need a warrant to get a person's IP address, Supreme Court rules https://www.cbc.ca/news/politics/supreme-court-privacy-ipaddress-1.7130727







    [The Hacker News] U.S. Cracks Down on Predatory Spyware Firm for Targeting Officials and Journalists https://thehackernews.com/2024/03/us-cracks-down-on-predatory-spyware.html







    [9to5Mac] iPhone spyware company NSO suffers major defeat in US court, in Meta lawsuit https://9to5mac.com/2024/03/01/iphone-spyware-company-nso-must-reveal-code/







    [The Verge] Authy is shutting down its desktop app https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down







    Tip of the Week: Backing Up Your 2FA Seed Codes https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/







    Command line tool to extract codes from Authy: https://gist.github.

    • 1 hr 6 min
    How Our Data is Abused

    How Our Data is Abused

    With the rise of IoT and tracking technologies (both online and in the real word), we are generating staggering amounts of highly personal information. This massive trove of juicy data has drawn the attention of several interested parties outside the realm of consumer marketing. Like chum in the water, it's created a feeding frenzy from data aggregators as well as from law enforcement and intelligence agencies, both foreign and domestic. The journalists at 404 Media have published several blockbuster articles on this data ecosystem which have triggered backlashes from lawmakers and consumers alike. Today I'll speak with two of the founders: Joseph Cox and Jason Koebler.







    Interview Notes









    404 Media: https://www.404media.co/ 







    404 Media podcast: https://www.404media.co/the-404-media-podcast/







    404 Media support: https://www.404media.co/faq/ 







    Formation of 404 Media: https://www.nytimes.com/2023/08/22/business/media/404-media-vice-motherboard.html 









    Further Info









    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Support our mission! https://fdsd.me/support 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:01:03: Interview setup







    0:02:45: How did 404 Media come to be?







    0:12:00: When do we think law enforcement started buying our data?







    0:15:39: What's up with companies listening to our conversations?







    0:23:01: Where does law enforcement go to get our data?







    0:27:46: How are video feeds being gathered and sold?







    0:34:23: Can't all this data also be used by "bad guys"?







    0:39:13: Is it legal for law enforcement to buy data from foreign sources?







    0:44:28: Have your stories triggered responses from the US government?







    0:50:01: Trust in media is low these days - how can we fix that?







    0:59:37: How can we support good work like yours?







    1:03:22: Wrap-up

    • 1 hr 7 min
    Mitigating AI Risks

    Mitigating AI Risks

    Artificial Intelligence is the buzzword of the day. Since the launch of ChatGPT in November 2022, there has been a flood of AI-based tools and services. Many tech firms are racing to build AI into their products without considering the consequences, let alone taking the time to build in guardrails for privacy and security. Today, I'll tell you about some of the risks, how to mitigate them and explain why you should spend some time playing with AI tools so we can understand how they do (and don't) work.







    In other news: Wyze home webcams had yet another security breach; Poland's PM calls out illegal use of Pegasus spyware by opposition party; US military finally notifies 20,000 of email data breach; Skiff was bought by Notion and will shut down services; FTC fines Avast antivirus $16.5M for mining user data; Backdoors in encryption violate human rights according to EU court; LockBit ransomware servers were taken over by multinational law enforcement efforts; Apple's iMessage gaining quantum computer resistant encryption; Signal finally allows users to hide cell phone numbers via usernames; new Android secure browsing features announced.







    Article Links









    [Lifehacker] Wyze Had a Security Breach (Again) https://lifehacker.com/tech/wyze-security-breach-again







    [The Associated Press] Poland’s prime minister says authorities widely used spyware under the previous government https://apnews.com/article/poland-government-pegasus-spyware-tusk-duda-78420fc7099401926d28b5be98669192







    [TechCrunch] US military notifies 20,000 of data breach after cloud email leak https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/







    [The Cut] The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html



    https://pluralistic.net/2024/02/05/cyber-dunning-kruger/ 











    [restoreprivacy.com] Skiff Mail Shutting Down in 6 Months (Try These Alternatives) https://restoreprivacy.com/skiff-shutting-down-alternatives-to-skiff-mail/







    [404media.co] FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus https://www.404media.co/impact-ftc-fines-avast-16-5-million-for-selling-browsing-data-harvested-by-antivirus/







    [Ars Technica] Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/







    [Ars Technica] LockBit ransomware group taken down in multinational operation https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/







    [WIRED] Apple’s iMessage Is Getting Post-Quantum Encryption https://www.wired.com/story/apple-pq3-post-quantum-encryption/







    [signal.org] Keep your phone number private with Signal usernames https://signal.org/blog/phone-number-privacy-usernames/







    [Lifehacker] These New Android Features Will Keep You Safer Online https://lifehacker.com/tech/android-safer-browsing-and-live-threat-detection-rolling-out







    Tip of the Week: Mitigating AI Risks https://firewallsdontstopdragons.com/how-to-mitigate-the-risks-of-ai/









    Further Info









    Send me your questions! https://fdsd.me/qna 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Become a patron! https://www.patreon.com/FirewallsDontStopDragons 

    • 1 hr 5 min
    Car Privacy is Horrid

    Car Privacy is Horrid

    Modern cars are chock full of sensors and connected to the internet via built-in cellular modems. That's a recipe for massive data collection. Last September, Mozilla's Privacy Not Included team released a blockbuster report how much data our cars were gathering and it was absolutely staggering. According to the hard-to-find privacy policies, your car can collect extremely personal information including precise location, contact lists from your phone, call and message data, and - believe it or not - even "sexual activity". Today, I'll walk through this report and its implications with the head of Mozilla's Privacy Not Included project, Jen Caltrider.







    Interview Notes









    Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/ 







    Mozilla’s car report: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/ 







    Mozilla's report on AI chatbots: https://foundation.mozilla.org/en/privacynotincluded/articles/happy-valentines-day-romantic-ai-chatbots-dont-have-your-privacy-at-heart/ 







    Donate to Mozilla Foundation: https://donate.mozilla.org/ 







    Mozilla layoffs: https://techcrunch.com/2024/02/13/mozilla-downsizes-as-it-refocuses-on-firefox-and-ai-read-the-memo/ 







    Sign the petition to stop car data gathering! https://foundation.mozilla.org/en/privacynotincluded/articles/car-companies-stop-your-huge-data-collection-programs-en/ 







    Bruce Schneier article in Slate: https://slate.com/technology/2023/12/ai-mass-spying-internet-surveillance.html 









    Further Info









    Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 







    Give the gift of privacy and security: https://fdsd.me/coupons 







    Send me your questions! https://fdsd.me/qna 







    Support our mission! https://fdsd.me/support 







    Subscribe to the newsletter: https://fdsd.me/newsletter 







    Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book 









    Table of Contents







    Use these timestamps to jump to a particular section of the show.









    0:02:39: What were some top finding from your car privacy report?







    0:05:14: Which cars did you review and how did you evaluate them?







    0:09:44: How was I notified and how did I consent to my car's privacy policy?







    0:10:39: What are cars tracking? Are electric cars any worse than gas cars?







    0:13:55: What third party data mining is going on in my car?







    0:20:41: Is there a way to opt out of data sharing?







    0:24:10: Is less data collected in Europe?







    0:26:02: Where is all my data stored? Locally, in the cloud, or both?







    0:28:52: Is the data at least secured?







    0:29:48: Can dealerships access my data? What about law enforcement?







    0:32:28: What about rental or fleet cars? What about passengers?







    0:37:24: Do car dealers disclose this data collection to shoppers?







    0:39:11: What are some of the security problems with this data collection?







    0:45:55: How did car makers and legislators respond to your report?







    0:48:36: Do modern privacy laws cover auto data?







    0:50:48: So what can we do about this today?

    • 1 hr 4 min
    Avoiding Tax Scams

    Avoiding Tax Scams

    It's tax time here again in the USA, and therefore it's also time for tax scams. I'll explain how to recognize common tax scams, how to respond to them, how to prevent scammers from taking over your IRS account and even filing fraudulent tax returns in your name.







    In other news: the Mother of All Breaches (MOAB) contains 26 billion records; 23andMe is in trouble after massive data breach and pending class action lawsuits; a viral story about a smart toothbrush botnet isn't true... but could have been; a clever hack of older computer TPM modules could expose encrypted hard drive data (but it's not easy to do); Malwarebytes has issued their 2024 malware report; the FBI and CISA are raising the alarm over Chinese hackers and key US infrastructure, as well as taking action to prevent it; you might want to consider creating a family password to defeat voice clone scams; Mozilla has released a new data deletion service; and Privacy4Cars has an interesting new mechanism for universally opting out of data collection.







    Article Links









    [cybernews] Mother of all breaches reveals 26 billion records https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/







    [Fast Company] 23andMe at risk of being delisted from the Nasdaq as lawsuits mount https://www.fastcompany.com/91020738/23andme-risk-delisted-nasdaq-class-action-lawsuits







    [404media.co] The Viral Smart Toothbrush Botnet Story Almost Certainly Isn't Real https://www.404media.co/the-viral-toothbrush-ddos-botnet-story-almost-certainly-isnt-real/







    [Tom's Hardware] YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico







    [9to5Mac] Report: Mac security threats on the rise, here’s what to watch out for https://9to5mac.com/2024/02/06/report-mac-security-threats-on-the-rise/







    [NBC News] FBI director to warn Chinese hackers aim to 'wreak havoc' on US critical infrastructure https://www.nbcnews.com/politics/national-security/fbi-director-warn-chinese-hackers-aim-wreak-havoc-us-critical-infrastr-rcna136524







    [Ars Technica] Chinese malware removed from SOHO routers after FBI issues covert commands https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/







    [cisa.gov] CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-and-fbi-release-secure-design-alert-urging-manufacturers-eliminate-defects-soho-routers







    [9to5Mac] FCC outlaws voice cloning robocalls after AI-generated voice claimed to be President Biden https://9to5mac.com/2024/02/08/voice-cloning-robocalls/







    [Electronic Frontier Foundation] Worried about AI voice clone scams? Create a family password https://www.eff.org/deeplinks/2024/01/worried-about-ai-voice-clone-scams-create-family-password







     [The Verge] Firefox maker Mozilla has a new subscription to keep your info out of data brokers’ clutches https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests







    [optoutcode.com] A Privacy4Cars Universal Opt-Out Concept https://optoutcode.com/







    Tip of the Week: Avoiding Tax Scams https://firewallsdontstopdragons.com/how-to-avoid-tax-scams/









    Further Info









    Secure Your Network: https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/ 

    • 53 min

Customer Reviews

4.9 out of 5
48 Ratings

48 Ratings

Lisbon P ,

Knowledgeable and so very helpful

I listen to Carey every night , so much insight to all this security ,this elderly person couldn’t believe it. I have your latest book and absolutely love it and pass lots of info to my friends .your book is a must read for everyone and your podcast is must hear.Thank you Carey

Signed Lisbon

Marc601 ,

My favorite

My favorite cyber security, privacy podcast. Mr. Parker is very knowledgeable, clean, and leaves politics out of the discussion. He explains things in easy to understand ways. His book is wonderful too. Thanks Mr. Parker, you’re the best.

Rerye1 ,

My new go-to privacy and security spot

Stumbled on FDSG from Lock and Code podcast. So helpful to listen to well-researched info while doing house chores! Join me in donating, as this podcast is produced at cost. At highest risk are Seniors— learn more at AARP. I know too many completely unaware— or admittedly lazy — or both, about protecting themselves. I know a senior who handed all her passwords over to a scammer. I warned her before she went ahead, but she would not believe me. Still does not, with scammers laughing all the way to the bank.

Top Podcasts In Technology

All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Lex Fridman Podcast
Lex Fridman
Hard Fork
The New York Times
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Conviction | Pod People
TED Radio Hour
NPR
Acquired
Ben Gilbert and David Rosenthal

You Might Also Like

Surveillance Report
Techlore & The New Oil
Techlore Talks
Challenging the Tech Around Us
Darknet Diaries
Jack Rhysider
Smashing Security
Graham Cluley & Carole Theriault
Hacking Humans
N2K Networks
The 404 Media Podcast
404 Media