Privacy Please

A Problem Lounge Show
  • 4.7 (30)
  • TECH NEWS
  • UPDATED MONTHLY

Welcome to "Privacy Please," a podcast for anyone who wants to know more about data privacy and security. Join your hosts Cam and Gabe as they talk to experts, academics, authors, and activists to break down complex privacy topics in a way that's easy to understand. In today's connected world, our personal information is constantly being collected, analyzed, and sometimes exploited. We believe everyone has a right to understand how their data is being used and what they can do to protect their privacy.Please subscribe and help us reach more people! This podcast is part of The Problem Lounge network — conversations about the problems shaping our world, from digital privacy to everyday life.

  1. 8H AGO

    S7, E271 - One File to Rule Them All

    Send us Fan Mail In this episode of Privacy Please, Cameron Ivey investigates Palantir Technologies — a data analytics company founded in 2003 with CIA backing that has quietly become embedded across nearly every major arm of the U.S. federal government. This week's investigation covers: The USDA Deal On April 22nd, the Department of Agriculture signed a $300 million blanket purchase agreement with Palantir to build "One Farmer, One File" — a unified digital profile for every American farmer. The deal was awarded without competitive bidding. The IRS Bombshell The same week, The Intercept revealed — based on documents obtained by watchdog group American Oversight — that Palantir has been running financial crime surveillance operations inside the IRS since 2018. The IRS has paid Palantir over $130 million for access to a platform that cross-references bank records, tax filings, transaction histories, and more across millions of Americans. The Immigration Enforcement Machine Palantir's ICE contracts — now over $145 million — power the agency's case management, deportation targeting, and real-time location tracking of immigrants. A tool called ELITE creates individual dossiers on deportation targets by pulling data from the Department of Health and Human Services. The Pushback That's Working New York City's public hospital network canceled its Palantir contract after community organizing and City Council pressure. In the UK, 229,000 people have signed petitions to remove Palantir from the National Health Service. Public pressure is moving the needle. Five Things You Can Do Right Now Cameron closes with specific, actionable steps every listener can take — from requesting your IRS transcript to freezing your credit to contacting your representative about sole-source contracting. Privacy Please is part of the Problem Lounge Network. New episodes weekly. theproblemlounge.com Chapter Markers  00:00 — Cold Open01:30 — Intro & Show Welcome02:45 — Act One: The USDA Deal06:00 — Act Two: Who Is Palantir?11:30 — Act Three: The Empire Expands (ICE, Policing)17:00 — Act Four: Your Tax Returns Are In There Too24:00 — Act Five: The Layer Nobody's Talking About30:00 — Act Six: The Part That Gives Me Hope34:30 — What You Can Actually Do (5 Tips)39:00 — Closing Reflection (Adjust timestamps after editing)Support the show

    22 min

  2. APR 20

    S7, E270 - The 40-Minute Hack That Stole the Blueprint for AI | The Mercor Breach

    Send us Fan Mail A normal data breach steals names and passwords. This one may have stolen the recipe for building the world’s most powerful AI models, and it happened through software most people will never notice until it breaks. We follow the Mercor breach from the first warning signs to the moment poisoned Python packages hit PyPI and spread in minutes across systems that were set to auto-update.   We walk through what Mercor actually does in the AI economy, especially RLHF (Reinforcement Learning from Human Feedback), and why that behind-the-scenes work shapes how tools from OpenAI, Anthropic, Meta, and Google behave. Then we unpack Lite LLM, the open source “plumbing” that connects apps to multiple AI services, and how a supply chain attack can bypass the company you’re targeting by compromising the dependencies everyone trusts.  From there, the focus shifts to the fallout: contractors whose Social Security numbers and identity documents may be exposed, companies scrambling to assess backdoors and credential theft, and the bigger fear that proprietary AI training data sets and labeling strategies are being auctioned on the dark web. We also dig into the compliance controversy around SOC2 and ISO 27001 style certifications and what happens when security audits become performance instead of protection.  If you care about cybersecurity, data privacy, AI governance, and open source risk, listen through to the end for concrete steps you can take right now. Subscribe, share this with a friend who uses AI tools, and leave a review with your take on who should be held accountable. Support the show

    13 min

  3. APR 1

    S7, E269 - You're the Teacher Now: How Companies Are Using Your Data to Build AI That Replaces You

    Send us Fan Mail You already knew you were the product. But did you know you're also the teacher? Companies are quietly feeding your emails, your work decisions, your customer interactions, and your daily patterns into AI systems — systems designed to automate exactly what you do. And most people have no idea it's happening. In this episode of Privacy Please, we break down how it works, who's doing it, why your right to delete your own data is functionally broken in the AI era, and what you can actually do about it. What we cover: How "function creep" turns your data into AI training fuel without new consentThe GitHub policy change that's happening right now — and how to opt outWhy employees at Amazon, Google, and JPMorgan described training AI as "building your own coffin."The deletion problem — why you can't remove yourself from a trained modelPractical steps to audit your tools and protect yourself todayLinks: GitHub opt-out: github.com/settings/copilot/featuresKhan v. Figma lawsuit: rainintelligence.comFTC on AI data practices: ftc.govCheck your state privacy rights: iapp.org/resources/article/us-state-privacy-legislation-trackerDelete old posts: redact.devPrivacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen Support the show

    12 min

  4. MAR 13

    S7, E268 - AI Can Unmask Your Anonymous Account for $4 | Here's How

    Send us Fan Mail Your anonymous account isn't anonymous anymore. Researchers just proved it costs $4 to find out who you are. In February 2026, a team from ETH Zurich and Anthropic published a paper that quietly ended the era of practical online anonymity. Their AI pipeline, using nothing but your posts, comments, and forum activity, correctly identified 67% of pseudonymous users from a pool of 89,000 candidates. No name. No photo. No metadata. Just your words. This episode breaks down exactly how it works, why it's different from every deanonymization scare before it, who's most at risk, and what you can actually do about it. In this episode: How the ESRC pipeline (Extract, Search, Reason, Calibrate) worksWhy previous anonymity attacks required structured data, and this one doesn'tWhy commercial AI safety guardrails didn't stop itWhat "practical obscurity" meant, and why it's goneConcrete steps to reduce your exposure todayLinks: Research paper: arxiv.org/abs/2602.16800Delete your Reddit history: redact.devTor Project: torproject.orgSignal: signal.orgPrivacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen Support the show

    10 min

  5. FEB 27

    S7, E267 - Your SOC 2 Won't Save You: Here's What Will with Girish Redekar, co-founder & CEO Sprinto

    Send us Fan Mail Cameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance. Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust. In this episode, we dig into: Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secureThe three stages of compliance maturity — and how to climb themWhat "compliance debt" is and why it's quietly eating your businessHow smart CISOs use their security posture as a revenue driver, not a back-office cost centerThe "$100/month" challenge: what actually moves the needle for startupsHow AI is reshaping compliance programs — for better or worseWhy Girish spent over a year talking to customers before writing a single line of codePlus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question. 🔗 Find Sprinto at sprinto.com  Support the show

    45 min

  6. FEB 20

    S7, E266 - Good Boy, Bad Data

    Send us Fan Mail How a Super Bowl dog commercial accidentally revealed America's surveillance infrastructure A family loses their dog. Ring runs a Super Bowl ad. America collectively goes "wait… what?" This week, we're digging into Ring's "Search Party" feature, the AI-powered doorbell camera tool that lit up millions of living rooms during the big game and immediately made privacy experts lose their minds. Because what looked like a heartwarming story about finding your lost lab was actually a live demonstration of a nationwide networked surveillance system most people didn't know they were part of. We follow the trail from the commercial to the backlash, from a secret police surveillance partnership that quietly got canceled mid-chaos, to an 84-year-old woman's "deleted" doorbell footage that the FBI recovered anyway. There's a lost dog. There's Amazon. There's a company called Flock Safety that you need to know about. And there's a question worth asking before you go home and look at your front door. They sold you a puppy. They built a network. Support the show

    22 min

  7. FEB 12

    S7, E265 - Don’t Trust, Verify: Even Your Update Button Might Be Lying

    Send us Fan Mail Autonomy sounds like progress until the system turns your choices against you. We dive into how AI agents change the risk equation, why “don’t trust, verify” now beats “trust but verify,” and what to do when the update button itself becomes the attack vector. We start with the Ivy League leak tied to Harvard and UPenn, where attackers exposed admissions hold notes that map influence rather than credit cards. That context turns routine records into leverage for extortion, social pressure, and geopolitical targeting. From there, we trace the surge of agentic AI in the workplace as employees paste code, legal docs, and sensitive files into chat interfaces. The real accelerant is MCP, the model context protocol that standardizes connections across Google Drive, Slack, databases, and more. Like USB for AI, MCP makes integration simple and powerful, but a single prompt injection can pivot across everything the agent can reach. Security gets messier with supply chain compromise. A China‑nexus campaign allegedly hijacked the Notepad++ update mechanism, handing a bespoke backdoor to developers who did the right thing. We unpack how to keep patching while reducing risk: signed updates, independent checksum checks, tight egress policies for updaters, and strong monitoring around update flows. On the policy front, Rhode Island’s vendor transparency rule forces companies to name who buys data. It is a nutrition label for privacy, and it lets users and watchdogs finally connect the dots between friendly interfaces and aggressive brokers. We close with concrete defenses that raise the floor. Move high‑value accounts to FIDO2 hardware keys or platform passkeys to block phishing at the protocol level. Scope agent permissions narrowly, isolate MCP connectors by function, and require explicit approvals for sensitive actions. Log everything an agent touches and review those trails. Autonomy should be earned, minimal, and observable. If AI is going to act on your behalf, it must prove itself at every step. If this conversation helps you think differently about agents, influence mapping, and how to lock down your stack, subscribe, share with a teammate, and leave a quick review telling us the one control you plan to implement this week. Support the show

    26 min

  8. JAN 21

    S7, E264 - Season Seven, New Threats

    Send us Fan Mail We kick off season seven with a tour of the year’s early privacy & security news: neighborhood watchtowers from Ring, a rival-led hack of Breach Forums, a massive stitched leak in France, a heavy Microsoft patch drop, AI agents on the rise, and new state privacy laws. We share practical steps: self-host cameras, freeze your credit, harden identity portals, and keep humans in the loop when AI handles sensitive data. • CES unveils Ring’s neighborhood watchtower and its surveillance tradeoffs • Why self‑hosted DVR systems beat cloud video for privacy • Breach Forums doxxed by rivals and lessons in OPSEC • France’s 45 million record “combo” leak and re‑identification risks • Credit freezes, hard vs soft inquiries, and portal security • Microsoft’s 114 patches and sane patch management • AI agents escalating breach risk and human‑in‑the‑loop controls • New privacy laws in Indiana, Kentucky, and Rhode Island and actionable rights Please go to theproblemlounge.com and sign up for the newsletter If you have guests or topics or anything, please reach out to us! Support the show

    23 min
See All (273)

4.7
out of 5
30 Ratings

About

Welcome to "Privacy Please," a podcast for anyone who wants to know more about data privacy and security. Join your hosts Cam and Gabe as they talk to experts, academics, authors, and activists to break down complex privacy topics in a way that's easy to understand. In today's connected world, our personal information is constantly being collected, analyzed, and sometimes exploited. We believe everyone has a right to understand how their data is being used and what they can do to protect their privacy.Please subscribe and help us reach more people! This podcast is part of The Problem Lounge network — conversations about the problems shaping our world, from digital privacy to everyday life.

Information

  • Creator
    A Problem Lounge Show
  • Years Active
    2020 - 2026
  • Episodes
    273
  • Rating
    Explicit
  • Copyright
    © 2026 403927
  • Show Website
    Privacy Please

You Might Also Like