Firewalls Don't Stop Dragons Podcast

Carey Parker

A Podcast on Computer Security & Privacy for Non-Techies

  1. 4d ago

    Transaction Denied

    What would you do if you suddenly lost your bank account – and potentially access to all your funds? What about your credit cards? How long could your business stay afloat if you could no longer receive payments? Most of us take financial services for granted, but they can be taken away at any time – for almost any reason. And sometimes the reason is just that they don’t like you – or someone in power doesn’t like you, who can put pressure on the financial company. In many cases, this amounts to financial censorship. My guest today, Rainey Reitman, is the head of the Freedom of the Press Foundation and author of a book on this very subject called Transaction Denied. We’ll learn about how this happens, what the impacts are, and what we can do about it. Interview Notes Freedom of the Press Foundation: https://freedom.press/  EFF: https://www.eff.org/  Protect the Stack: https://protectthestack.org/  Pretty much infra: https://www.eff.org/deeplinks/2022/12/we-need-talk-about-infrastructure  Santa Clara Principles: https://santaclaraprinciples.org/  Cryptocurrency 101: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/  The Curse of Cash (book): https://www.amazon.com/Curse-Cash-Large-Denomination-Constrain-Monetary/dp/0691178364  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:02:45: Why did you start FPF? 0:08:25: What are some examples of financial censorship? 0:14:44: What are the impacts of this? 0:20:35: What can you do when this happens? 0:23:45: Are you entitled to know why you were cut off? 0:26:10: How do KYC laws impact your rights? 0:31:14: How might regulators infringe free speech? 0:35:56: How might my reputation after me here? 0:41:40: Should we codify banking rights? 0:46:21: What about using cash or cryptocurrency? 0:50:18: What bank practices should we change? 0:54:32: What should the government be doing here? 0:58:36: What’s next for you and FPF? 0:59:47: Wrap-up 1:02:40: Patron podcast preview 1:04:08: Looking ahead

    1h 5m

  2. Jun 1

    Verify Your Email Archive

    As part of my ongoing series on creating a full backup of all your old emails, we want to take some time to verify that we got everything okay. In today’s Tip of the Week, I’ll give you several pointers on how to go about doing this. In the last installment, we’ll make a couple backups and (optionally) delete everything from your email provider. In the news: AI firms want your financial data; Google Search moves to AI chat format; AI bots transcribing all your meetings; Mayo Clinic using AI to transcribe ER visits; CISA exposes credentials in massive screw up; school buses are being turned into mass surveillance machines; FBI wants access to all the license plate readers; some in Congress are trying to kill license plate readers. Article Links Experts warn of privacy risks as AI firms looks to connect to financial accounts: https://therecord.media/experts-warn-of-privacy-cyer-risks-ai-finance Google Search as you know it is over: https://techcrunch.com/2026/05/19/google-search-as-you-know-it-is-over You Are Being Recorded: https://blog.yaelwrites.com/you-are-being-recorded Mayo Clinic is Using AI to Listen to Emergency Room Visits: https://www.404media.co/mayo-clinic-is-using-ai-to-listen-to-emergency-room-visits US cyber agency CISA exposed reams of passwords and cloud keys to the open web: https://techcrunch.com/2026/05/19/us-cyber-agency-cisa-exposed-reams-of-passwords-and-cloud-keys-to-the-open-web ‘BusPatrol’ Put AI Cameras in Tens of Thousands of School Buses. Now They Want to Give Cops Access: https://www.404media.co/buspatrol-put-ai-cameras-in-tens-of-thousands-of-school-buses-now-they-want-to-give-cops-access The FBI Wants to Buy Nationwide Access to License Plate Readers: https://www.404media.co/the-fbi-wants-to-buy-nationwide-access-to-license-plate-readers A Bipartisan Amendment Would End Police License Plate Tracking Nationwide: https://www.wired.com/story/a-bipartisan-amendment-would-end-police-license-plate-tracking-nationwide Tip of the Week: https://firewallsdontstopdragons.com/verify-your-email-archive/  Further Info Privacy Guides (search engines): https://www.privacyguides.org/en/search-engines/  My Proton referral link: https://pr.tn/ref/ZMNG3DNK  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:07: Intro 0:00:47: News preview 0:02:13: AI financial advisors 0:08:42: Google Search making big changes 0:17:30: You are being recorded 0:25:07: Mayo Clinic ER AI transcripts 0:31:37: Major CISA credentials screwup 0:35:54: School bus surveillance 0:43:37: FBI wants nationwide ALPR access 0:49:04: Congress looks to ban ALPRs 0:53:19: Tip of the Week 1:00:32: Patron podcast preview 1:01:05: Looking ahead

    1h 2m

  3. May 25

    Bossware & Boundaries

    When you’re working for your employer, no matter where you are, you’re on company time, using company equipment. Your employer has a responsibility to protect their assets – not just their equipment and facilities, but their data, as well. That gives employers several reasons to monitor you and any devices you might be using for work – including your mobile phone, potentially. While your rights to privacy are limited, they’re not eliminated. Today I’ll ask Jodi Daniels (Red Clover Advisors) and Jan Rosenfeld (iVerify) to help us understand what personal information might be gathered, how it might be used, and what we should do to protect ourselves. Interview Notes iVerify (Jan Rosenfeld): https://iverify.io/  Red Clover Advisors (Jodi Daniels): https://redcloveradvisors.com/our-team/jodi-daniels/  Microsoft Recall: https://support.microsoft.com/en-us/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c  WiFi Pineapple: https://shop.hak5.org/products/wifi-pineapple  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:20: Intro 0:01:54: Lingo 0:03:45: Why do employers monitor employees? 0:10:23: What privacy rights do employees have? 0:17:27: How do employers monitor mobile phones? 0:24:07: What can be learned using mobile profiles? 0:30:27: How are laptops monitored? 0:34:31: Can employers monitor encrypted traffic? 0:36:17: What are the privacy risks for computor monitoring? 0:41:41: How else might I be tracked at work? 0:48:05: How might my data be correlated with my colleagues? 0:52:38: What about job applicant privacy? 0:55:59: What happens when I leave a company? 1:02:15: How can we best protect employment data? 1:05:22: How do I handle privacy violations? 1:06:55: Wrap-up 1:10:49: Patron podcast preview 1:11:25: Looking ahead

    1h 12m

  4. May 18

    Download All Your Emails

    In the next phase of withdrawing our email data from the cloud, we’re going to download a complete archive of every email we’ve ever sent. It’s not as easy as it should be, but it’s also not that difficult. I’ll give you an overview in today’s Tip of the Week, but you should read the full blog for detailed steps. In the news: Venmo finally makes transactions private by default; FCC extends software update window for banned routers; Meta employees push back on surveillance; Proton Mail adds post-quantum crypto; turn off ChatGPT ad tracking; AI chatbots giving out people’s real phone numbers; Canada’s updated surveillance bill is still bad; Utah wants to effectively ban anonymous VPN use; LLMs want access to your health records; Microsoft Edge is a poor password manager; Canvas hacked during finals; Chrome installing a 4GB AI model on everyone’s computers. Article Links Venmo privacy finally being fixed eight years after ‘alarming’ fails: https://9to5mac.com/2026/05/11/venmo-privacy-finally-being-fixed-eight-years-after-alarming-fails US: FCC Relaxes Foreign-Made Router Ban to Allow for Security Updates: https://www.infosecurity-magazine.com/news/us-fcc-relaxes-foreign-router-ban Meta employees launch protest against mouse-tracking tech at US offices: https://www.reuters.com/sustainability/society-equity/meta-us-employees-organize-protest-against-mouse-tracking-tech-2026-05-12 Proton Mail introduces post-quantum encryption: https://proton.me/blog/introducing-post-quantum-encryption Turn Off ChatGPT’s New Ad Tracking: https://onlinesafety.substack.com/p/turn-off-chatgpts-new-ad-tracking AI chatbots are giving out people’s real phone numbers: https://www.technologyreview.com/2026/05/13/1137203/ai-chatbots-are-giving-out-peoples-real-phone-numbers Canada’s Bill C-22 Is a Repackaged Version of Last Year’s Surveillance Nightmare: https://www.eff.org/deeplinks/2026/05/canadas-bill-c-22-repackaged-version-last-years-surveillance-nightmare Utah’s New Law Targeting VPNs Goes Into Effect May 6th: https://www.eff.org/deeplinks/2026/04/utahs-new-law-regulating-vpns-goes-effect-next-week A.I. Chatbots Want Your Health Records. Tread Carefully.: https://www.nytimes.com/2026/03/12/technology/personaltech/microsoft-copilot-health-ai-chatbots.html Microsoft Edge security alert: All saved passwords unencrypted: https://proton.me/business/blog/microsoft-edge-passwords-exposed ‘The Biggest Student Data Privacy Disaster in History’: Canvas Hack Shows the Danger of Centralized EdTech: https://www.404media.co/the-biggest-student-data-privacy-disaster-in-history-canvas-hack-shows-the-danger-of-centralized-edtech Chrome silently installs a 4 GB local LLM on your computer: https://www.theregister.com/ai-and-ml/2026/05/07/chrome-silently-installs-a-4-gb-local-llm-on-your-computer/5230893 Tip of the Week: https://firewallsdontstopdragons.com/download-all-emails/  Further Info PG’s Data Protection Authority: https://www.privacyguides.org/en/activism/legal/dpa-directory/  Donate to Session: https://getsession.org/donate  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:19: News tidbits 0:02:53: News rundown 0:05:21: Venmo finally private by default 0:08:57: Banned router updates extended 0:11:28: Meta employees protest surveillance 0:15:47: Proton Mail gets post-quantum crypto 0:19:44: ChatGPT’s new ad tracking 0:24:37: Chatbots giving our people’s phone numbers 0:28:57: Canada C-22 bill still a privacy nightmare 0:32:49: Utah VPN law delayed 0:40:47: AI wants your health info 0:48:14: Edge decrypts all saved passwords 0:53:40: Canvas hit with ransomware 0:56:08: Chrome silently installs 4GB LLM 1:01:06: Tip of the Week 1:09:28: Patron podcast preview 1:09:55: Looking ahead

    1h 11m

  5. May 11

    Cindy Cohn: Privacy’s Defender

    Cindy Cohn has been on the front lines, defending your digital rights, for three decades. With the Electronic Frontier Foundation (EFF), she has litigated several seminal legal cases that have directly impacted the lives of all Americans. As she retires from her role as Director of the EFF, she’s written a memoir about her time there and documents several of these legal fights called Privacy’s Defender. Today I’ll ask Cindy about the key parts of these cases, how we interpret our rights in the digital realm, and what we can do to ensure a free and open internet. Interview Notes Cindy Cohn: https://www.eff.org/about/staff/cindy-cohn  Privacy’s Defender: https://mitpress.mit.edu/9780262051248/privacys-defender/  Give thanks (donate): https://firewallsdontstopdragons.com/give-thanks-donate/  Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip  Secure Drop: https://securedrop.org/  Geofence warrants case: https://www.eff.org/press/releases/eff-supreme-court-shut-down-unconstitutional-geofence-searches  404 Media’s FOIA Forum: https://www.404media.co/foia-forum-archive/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:15: Intro 0:01:13: Lingo 0:03:52: What if you had lost the Bernstein case? 0:09:18: What re-ignited the Crypto Wars? 0:13:54: Can we prevent all crime with surveillance? 0:16:37: How do our rights apply in the digital world? 0:21:29: Should national security trump our rights? 0:26:58: Can’t courts handle secret evidence? 0:29:20: How does loss of privacy create a power imbalance? 0:35:02: How does privacy improve democracy? 0:36:54: How to you translate technogy to law? 0:40:49: Are we losing online anonymity? 0:44:13: How important are whistleblowers? 0:47:08: How can we protect privacy from the next crisis? 0:54:24: How do we avoid burnout and keep fighting? 0:57:47: How do we get a federal privacy law? 1:02:37: What’s next for you and the EFF? 1:06:48: Wrap-up 1:08:37: Donate to rights organizations 1:10:27: Patron podcast preview 1:11:05: Looking ahead

    1h 12m

  6. May 4

    Withdraw Your Email Data

    Probably the oldest online data you have – like, still have out there right now – is your emails. Did you have an AOL account? Or email through your internet service provider (ISP)? Statistically speaking, you probably have a Gmail, Yahoo Mail or Outlook (previously HotMail) account. Unless you explicitly closed those accounts or deleted those emails, they’re still there. Emails are less like letters in an envelope and much more like postcards, unless you made a point of encrypting them. So today we’ll start a multi-step process to download that email history so that we can delete the online data before it’s slurped into some AI model training or leaked in a data breach. In other news: Met Police win suit to use live facial recognition; Australian teens work around social media ban; big tech is ignoring your do-not-track signals; Meta threatens to leave New Mexico over AG demands; Meta is training AI on their employees; doctors are using AI to take session notes; Mythos suffers ‘unauthorized access’; AI agent deletes companies databases; and AI is empowering script kiddies. Article Links Challenge over Met Police’s use of live facial recognition lost: https://www.bbc.com/news/articles/cq59x4vv954o Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs: https://www.yahoo.com/news/articles/most-australian-teens-admit-social-111400429.html Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit: https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you-opt-out-according-to-an-independent-audit Meta threatens to pull its apps from New Mexico if forced to make ‘technologically impractical’ changes: https://www.theverge.com/policy/921557/meta-threatens-leaving-new-mexico Meta is tracking employees for AI training data: https://proton.me/business/blog/meta-ai-training-employee-data Why your doctor’s AI recorder can be bad for your health (and privacy): https://this.weekinsecurity.com/why-your-doctors-ai-recorder-can-be-bad-for-your-health-and-privacy Anthropic’s most dangerous AI model just fell into the wrong hands: https://www.theverge.com/ai-artificial-intelligence/916501/anthropic-mythos-unauthorized-users-access-security An AI agent allegedly deleted a startup’s production database: https://mashable.com/article/ai-agent-deletes-data-30-hour-service-outage-pocketos Attack of the killer script kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai Tip of the Week: https://firewallsdontstopdragons.com/withdraw-your-data-email/  Further Info Enable and verify GPC flag: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball  AI doctor privacy newsletter: https://buttondown.com/maiht3k/archive/why-you-should-refuse-to-let-your-doctor-record/  Attack of the Script Kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai  Zero Day Clock: https://zerodayclock.com/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:07: News bites 0:01:59: News rundown 0:04:17: Met Police win face recognition suit 0:09:10: Australia social media ban update 0:13:16: Google, Meta, Microsoft ignoring GPC 0:20:40: New Mexico AG has demands for Meta 0:26:28: Meta tracking employees to train AI 0:32:36: Doctors using AI to take notes 0:39:45: Mythos unauthorized access 0:43:39: AI agent deletes company databases 0:49:25: Attack of the killer script kiddies 1:02:29: Tip of the Week 1:11:45: Patron podcast preview 1:11:54: Looking ahead

    1h 13m

  7. Apr 27

    The Power of Prophecy

    We have relied on prophets and seers for most of human history, largely because humans are obsessed with the future – specifically their own. But prophecy has often been used to determine or at least influence the future, not just predict it. In her new book, Prophecy, Carissa Véliz explains the power and perils of prediction, from the Oracle of Delphi to modern AI, giving us some much-needed perspective on the dangers of chatbots and the people who are selling them to us as powerful tools that will either save or doom all of humanity. Interview Notes Prophecy: https://www.carissaveliz.com/prophecy  Privacy is Power: https://www.carissaveliz.com/books  The Power of Analogue (TEDx): https://www.youtube.com/watch?v=IvJeUQ9Egnk  How Privacy Can Save Your Life (TEDx): https://www.youtube.com/watch?v=xSPRouBvgFE  Here’s to the Crazy Ones (Steve Jobs): https://www.youtube.com/watch?v=mtftHaK9tYY  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:18: Intro 0:03:07: How is prediction used to determine the future? 0:08:09: Why are humans hard to predict? 0:12:34: What does AI predict about itself? 0:19:24: What are longtermism and effective altruism? 0:25:45: How does rationalism compare to empiricism with AI? 0:30:41: Why do humans believe numbers? 0:34:57: Are prediction markets ethical? 0:38:53: What do you tell policymakers? 0:41:51: How do we resist fear of the future? 0:47:11: Wrap up 0:49:45: Patron podcast preview 0:50:23: Looking ahead

    51 min

  8. Apr 20

    AI’s Promise and Peril

    Artificial Intelligence – in particular, Large Language Models (LLMs) or “chatbots” – are increasing in power at an astonishing pace. In fact, the latest models from Anthropic (Claude Mythos) and OpenAI (ChatGPT 5.4 Cyber) are so good at reading software code and finding vulnerabilities, that their makers have strictly limited initial access to manufacturers of the most popular software so that they have a head start in finding exploitable bugs. But it’s not all doom and gloom. I’ll highlight the promise of this powerful new technology, as well. Article Links Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.: https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2 Iran built a vast camera network to control dissent. Israel turned it into a targeting tool: https://apnews.com/article/iran-war-security-cameras-surveillance-5f9a1fe5845d94894f3edd50af560d3a Iranian hackers are targeting American critical infrastructure, US agencies warn: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device: https://thenextweb.com/news/linkedin-browsergate-extension-scanning-privacy-fingerprint The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine: https://www.secureworld.io/industry-news/pixel-marketing-pii-harvesting Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance: https://www.wired.com/story/republican-mutiny-sinks-trumps-push-to-extend-warrantless-surveillance India drops proposal to mandate national ID app Aadhaar on smartphones after pushback: https://www.reuters.com/world/china/india-drops-proposal-mandate-national-id-app-aadhaar-smartphones-after-pushback-2026-04-17 What I learned by vibe-coding my own word processor: https://www.fastcompany.com/91528164/claude-code-vibe-code-word-processor On Anthropic’s Mythos Preview and Project Glasswing: https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html Tip of the Week: https://firewallsdontstopdragons.com/ai-promise-peril/  Further Info Support the Internet Archive: https://www.savethearchive.com/authors/ or https://www.savethearchive.com/journalists/  Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:00:37: Internet Archive needs your help 0:02:00: Router ban update 0:02:33: News rundown 0:05:46: New EU age app has bugs 0:10:46: FBI extracts Signal messages 0:16:33: Iran public cameras hacked by Israel 0:22:46: Iran hackers target US, Israel 0:26:11: LinkedIn scans your devices 0:37:06: TikTok Meta pixel madness 0:43:25: Section 702 on the ropes 0:50:56: India drops ID app mandate 0:53:42: Vibe-coding my own word processor 1:04:07: Schneier on Mythos, Glasswing 1:07:37: Tip of the Week 1:21:59: Patron podcast preview 1:22:24: Looking ahead

    1h 24m
See All (484)

4.9
out of 5
67 Ratings

About

A Podcast on Computer Security & Privacy for Non-Techies

Information

You Might Also Like