The Lockdown - Practical Privacy & Security

Ray Heffer

Welcome to The Lockdown. Privacy doesn’t have to be all-or-nothing. The inability to attain extreme levels of privacy shouldn’t deter one from taking any protective measures at all. The show is hosted by Ray Heffer, an expert in the field of privacy and cybersecurity, with each episode touching on a range of topics such as data privacy, password management, and secure browsing habits. Tin-foil hats are optional!

  1. AUG 11

    032 - No Salt Required: Listener Questions Before the Break

    In this episode I address listener feedback and questions, from clarifying my stance on the “Tea” controversy to sharing practical tips from the community about Privacy.com workarounds. This episode covers some loose ends before I take a brief hiatus. I also discuss why I won’t be at Black Hat this year, share thoughts on minimalism versus practicality in privacy, and reveal my favorite Indian restaurant in Vegas for those attending Black Hat! In this week’s episode: Addressing the “Tea” controversy and clarifying my positions on doxingCommunity solution for Privacy.com and Plaid privacy concernsContact information protection strategies when family uses social mediaFuture of capture-the-flag challenges and OSINT considerationsConference attendance updates and travelMatrix Community Rooms Matrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: Tea app leak article - https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/OSMOSIS Institute - https://osmosisinstitute.org/events/Privacy.com - https://privacy.com“There are no facts, only interpretations.”- Friedrich Nietzsche ★ Support this podcast on Patreon ★

    22 min

  2. AUG 4

    031 - When Privacy Tools Betray You, Safety Apps That Dox and Revoked Anonymous Payments

    In this episode, I discuss the challenges facing privacy-focused payment solutions like Privacy.com, exploring alternatives and the troubling rise of KYC requirements across the industry. I dive deep into the Switzerland privacy crisis that’s forcing Proton to consider relocating their infrastructure, and what this means for encrypted email providers globally. I also cover the catastrophic security failure at Tea, a women’s safety app that exposed 72,000 images including government IDs through basic incompetence, leading to harassment campaigns on 4chan. I wrap up with thoughts on vehicle tracking through DCM/Telematics modules, why buying older vehicles might be the better privacy-conscious choice, and how embracing the stoic lifestyle aligns with both privacy and my own philosophical principles. In this week’s episode: Privacy.com troubles: Account freezes, limited alternatives, and the KYC nightmareSwitzerland’s surveillance crisis: Why Proton is threatening to leave and relocating to Germany/NorwayEmail provider comparison: Proton vs Tutanota vs Atomic Mail, and understanding intelligence alliancesTea app breach: How 72,000 IDs and 1.1 million private messages ended up on 4chanVehicle tracking: DCM modules, telematics, and why your car is spying on youPhilosophy of privacy: Stoicism, minimalism, and why less is moreMatrix Community Rooms Matrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: Privacy.com - https://privacy.comCloaked.com - https://cloaked.comProton Warrant Canary - https://protonvpn.com/blog/transparency-report/Climate Activist Arrest - https://proton.me/blog/climate-activist-arrest and https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/Tuta Crypt - https://tuta.com/documents/tuta-crypt-spec.pdfProton elliptic curve cryptography - https://proton.me/blog/elliptic-curve-cryptographySimpleLogin - https://simplelogin.ioHashiCorp Vault - https://www.vaultproject.ioRAM IS SPYING ON YOU (Cozy Living Machine) - https://www.youtube.com/watch?v=0-Y1SUSRqNUMeditations by Marcus Aurelius - https://www.amazon.com/Meditations-New-Translation-Modern-Library-ebook/dp/B000FC1JAI“Very little is needed to make a happy life; it is all within yourself, in your way of thinking.”- Marcus Aurelius ★ Support this podcast on Patreon ★

    54 min

  3. JUL 18

    030 - Info Stealers, GrapheneOS Drama, and Why Video Games and Anti-Virus Are Spyware

    In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple’s private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it’s not hackers with Wireshark), and share my approach with aliases. I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google’s strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas. In this week’s episode: Clarifications and Corrections: Public Wi-Fi, MAC addresses, and alias managementMAC address randomization: GrapheneOS vs Apple’s implementationThe real threats of public Wi-Fi in 2025Info stealers and video games can be a privacy nightmareGrapheneOS controversy: Developer conscription, Google’s lockdown, and the future of custom ROMsWhy antivirus software might be the malware you’re trying to avoidMatrix Community Rooms Matrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: MAC Address Lookup - https://maclookup.app/OUI Lookup - https://oui.is/33mail - https://www.33mail.com/OpenSnitch - https://github.com/evilsocket/opensnitchPrivacy.com - https://privacy.comLithic - https://lithic.comKaspersky and Russian Government - https://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_governmentGoogle Not Killing AOSP - https://www.androidauthority.com/google-not-killing-aosp-3566882/GrapheneOS on Developer Conscription - https://grapheneos.social/@GrapheneOS/114359660453627718GrapheneOS on OEM Partnerships (June 19) - https://grapheneos.social/@GrapheneOS/114671100848024807GrapheneOS Response to Misinformation - https://grapheneos.social/@GrapheneOS/114825492698412916GrapheneOS on iPhone Security - https://grapheneos.social/@GrapheneOS/114824816120139544“Social engineering bypasses all technologies, including firewalls.”- Kevin Mitnick ★ Support this podcast on Patreon ★

    53 min

  4. JUL 7

    029 - Minimize not Militarize and Avoiding Surveillance with GrapheneOS

    In this episode, I explore the difference between the military mindset and the more stealth approach of minimization in cybersecurity. I share the results from the Ghost in the Source Capture the Flag (CTF) challenge, revealing how the winners cracked the AES encryption using dictionary attacks, keyword harvesting and the cipher tool hidden in robots.txt. I discuss why the “assume breach” mentality just leaves the doors wide open, using examples from Kevin Mitnick’s 1981 Pacific Bell infiltration to modern ransomware groups like Scattered Spider who breached MGM and Marks & Spencer through social engineering. I also cover practical tactics for using public Wi-Fi, data curation techniques, the invisible surveillance net including Stingray devices, and provide a deep dive into GrapheneOS covering user profiles, app sandboxing, network controls, sensor permissions, and the proper use of sandboxed Google Play services. In this week’s episode: Ghost in the Source Capture the Flag challenge resultsThe military mindset problem in cybersecurityStrategic use of public Wi-Fi for account creation and privacy techniquesData curation tactics, and “Minimizing What Can Be Known”Invisible surveillance net and Stingray devicesGrapheneOS discussion on user profiles, app sandboxing, network controls, sensors permissions, sandboxed Google Play services, and security architectureMatrix Community Rooms Matrix Community Space - https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: Noam Chomsky on Internet Privacyhttps://www.youtube.com/watch?v=QIWsTMcBrjQNoam Chomsky on Advertising - https://www.youtube.com/watch?v=PfIwUlY44CMTryHackMe Platform - https://tryhackme.comHack the Box - https://hackthebox.comWired Article on DNC Stingray Surveillance - https://www.wired.com/story/2024-dnc-cell-site-simulator-phone-surveillance/IntelTechniques Data Removal Guide - https://inteltechniques.com/workbook.htmlOptery Data Broker Removal - https://optery.comGraphene OS - https://grapheneos.org“We’re dragons. We’re not supposed to live by other people’s rules.”- Hajime Ryudo ★ Support this podcast on Patreon ★

    54 min
  5. 028 - Silence & Stealth - Mailbox, Email & Anti-KYC Phone Strategies

    JUN 20

    028 - Silence & Stealth - Mailbox, Email & Anti-KYC Phone Strategies

    In this episode, I discuss three key strategies for maintaining privacy and security across your physical mailbox, email, and phone. I discuss the growing Matrix community, explore alternative mailing solutions using co-working spaces, detail a four-tier email strategy, and examine the concerning spread of Flock ALPR cameras. I also share insights on anonymous eSIM options and answer listener questions about dealing with Know-Your-Customer requirements. In this week’s episode: Joining the Matrix community with ElementPhysical mailbox strategies: UPS stores, virtual CMRA addresses, and co-working spacesFour-tiered email approach using ProtonMail, Fastmail, SimpleLogin, and Gmail sock puppetMobile phone privacy with Mint Mobile and anonymous eSIM optionsThe Flock ALPR camera threat and how to protect yourselfListener questions: Australian SIM card strategies with KYC requirementsCapture the Flag challenge details for June 21stMatrix Community Rooms It seems on Element X, it doesn’t list the rooms associated with the Matrix space, so you can click on each of these links to join the rooms: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: Matrix Clients - https://matrix.org/clientsMatrix Community - https://matrix.to/#/#psysecure:matrix.orgSmarty Address Lookup - https://www.smarty.com/products/single-addressExpired Domains - https://www.expireddomains.net/Stealths.net (Anonymous eSIMs) - https://stealths.net/DeFlock.me (ALPR Camera Map) - https://deflock.me/Flock Safety Privacy Policy - https://www.flocksafety.com/privacy-policyEFF Article on DeFlock - https://www.eff.org/deeplinks/2025/02/anti-surveillance-mapmaker-refuses-flock-safetys-cease-and-desist-demandCTF Challenge Rules - https://psysecure.com/ctf “Imagine this situation where we have the huge electronic intercommunication so that everybody is in touch with everybody else in such a way that it reveals their inmost thoughts, and there is no longer any individuality. No privacy. Everything you are, everything you think, is revealed to everyone.” - “Future of Communications” Alan Watts Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

    45 min

  6. JUN 13

    027 - Stop Playing the Game, Join The New Matrix Privacy Community

    In this episode, I discuss breaking free from the Apple ecosystem, the dangers of social media oversharing, and introduce our new Matrix community. I also cover the upcoming capture the flag challenge, share thoughts on the OSINT Defense & Security Framework progress, and rant about security theater at airports and online services that block VPNs. In this week’s episode: Apple’s $95 million lawsuit and the ecosystem lock-in problemWhy people overshare on social media and how OSINT can exploit itIntroduction to the Matrix communityCapture the Flag challenge launching June 21st!Progress update on the OSINT Defense & Security Framework (ODSF)Security theater: VPN blocking and other pointless security measuresAlternative YouTube clients for privacy (GrayJay and NewPipe)Show Links: Matrix Community - https://matrix.to/#/#psysecure:matrix.orgCTF Challenge - https://psysecure.com/ctfGrayJay (by Futo) - https://grayjay.appNewPipe - https://newpipe.netWiFi Pineapple - https://shop.hak5.org/products/wifi-pineappleSystem76 Laptops - https://system76.com/laptopsLittle Snitch (macOS Firewall) - https://www.obdev.at/products/littlesnitch/“I hope for nothing. I fear nothing. I am free.”- Nikos Kazantzakis Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

    44 min

  7. MAY 31

    026 - Ghost in the Source (Announcement)

    In this brief episode between travels, I announce the “Ghost in the Source” capture the flag challenge, a cryptographic hunt on my website starting June 21st, 2025. At the end of June I will pick 3 lucky winners which will receive a 6-month TryHackMe subscription voucher. I also provide an update on our new Matrix community. In this week’s episode: Announcing the “Ghost in the Source” CTF challengeChallenge details and rulesPrize information: 3 x 6-month TryHackMe vouchers!Matrix community update for listener interactionFuture plans for OSINT CTF challengesShow Links: CTF Challenge Page - https://psysecure.com/ctf/“When I float weightless back to the surface, I’m imagining I’m becoming someone else.”- Motoko Kusanagi Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

    8 min

  8. MAY 26

    025 - AI Privacy Concerns with ChatGPT and Claude

    In this episode, I explore the privacy implications of using AI apps like ChatGPT and Claude on mobile devices. I discuss why ChatGPT’s requirement for Google Play Store login and audio recording storage led me to Claude on my GrapheneOS device. I also cover my daily app setup, Windows telemetry blocking with SimpleWall, macOS privacy with Little Snitch, and the potential of System76 Linux laptops. In this week’s episode: Privacy comparison between ChatGPT and Claude AI appsChatGPT’s audio recording storage and data export concernsGrapheneOS setup without Google Play Store loginUsing FUTO Keyboard and FUTO Voice for local transcriptionEssential privacy tools: SimpleWall for Windows and Little Snitch for macOSWindows Subsystem for Linux (WSL) for developersSystem76 Linux laptops as a privacy-focused alternativeShow Links: Anthropic Claude.ai Encryption - https://privacy.anthropic.com/en/articles/10458704...Duck.ai - https://duck.aiFuto Keyboard & Voice - https://futo.org/Aurora Store - https://auroraoss.com/aurora-storeSimpleWall (Windows Firewall) - https://github.com/henrypp/simplewallLittle Snitch (macOS) - https://www.obdev.at/products/littlesnitch/GeoSpy (OSINT Tool) - https://geospy.netSystem76 Linux Laptops - https://system76.com/Mental Outlaw YouTube Channel - https://www.youtube.com/@MentalOutlawDaVinci Resolve - https://www.blackmagicdesign.com/products/davinciresolveOSINT Defense & Security Framework - https://psysecure.com/services/odsf/“██████REDACTED███”- █████████ Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

    39 min
See All (34)

4.8
out of 5
25 Ratings

About

Welcome to The Lockdown. Privacy doesn’t have to be all-or-nothing. The inability to attain extreme levels of privacy shouldn’t deter one from taking any protective measures at all. The show is hosted by Ray Heffer, an expert in the field of privacy and cybersecurity, with each episode touching on a range of topics such as data privacy, password management, and secure browsing habits. Tin-foil hats are optional!

Information

You Might Also Like