Firewalls Don't Stop Dragons Podcast

Modern cars are more like smartphones on wheels. Like our cell phones, they are chock full of sensors, computer chips and software, and they're connected to the internet 24/7 via cellular modems. What data is being collected? Who owns this data? How secure is your data? Who is it being shared with? And most importantly, what - if anything - can you do about it? Since we last spoke with Privacy4Car's Andrea Amico, his company has released a powerful new Vehicle Privacy Report tool that aims to answer at least some of these questions and help you to be a more informed car buyer. Today we'll delve into the murky world of car data collection and privacy. Andrea Amico is one of the nation’s leading authorities on vehicle privacy and cybersecurity. He is also the founder of Privacy4Cars, the first and only privacy-tech company focused on identifying the challenges posed by vehicle data. Interview Notes Privacy4Cars: https://privacy4cars.com/  Vehicle Privacy Report tool: https://vehicleprivacyreport.com/  Assert your data rights: https://privacy4cars.com/personal-use/assert-your-data-rights/  Previous interview: Driving Data Privacy for Cars https://podcast.firewallsdontstopdragons.com/2021/09/13/driving-data-privacy-for-cars/  New privacy rules will impact your shop: https://www.autoserviceworld.com/new-privacy-rules-will-impact-your-shop/  Who Is Collecting Data From Your Car? https://themarkup.org/the-breakdown/2022/07/27/who-is-collecting-data-from-your-car  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:38: What has happened with Privacy4Cars since we last spoke? 0:06:17: Why are cars collecting so much data? How private is this data? 0:09:31: You say cars are "cell phones on wheels" - what does that mean? 0:10:24: Are cars connected even when turned off? 0:11:55: What types of data is my car collecting? 0:14:16: Do electric cars gather more data than regular cars? 0:16:54: Do cameras built into your car represent a privacy risk? 0:21:51: Who can access my car's data? Can I access it myself? 0:27:25: Who owns the data in rental or fleet cars? What about wrecked cars? 0:32:24: Cars now have smartphone apps - what data are they collecting? 0:37:18: How do I know if I've opted in to data collection? 0:40:42: Can I opt of of data collection? If so, how? 0:44:20: What about Apple's CarPlay or Google's Android Auto? 0:49:37: How do I know which cars best respect my privacy? 0:55:08: How does the Vehicle Privacy Report tool work? 0:57:14: What does this tool tell me about a car? 1:00:43: What's the value of this tool for car makers and dealerships? 1:06:09: What's next for your company and the reporting tool? 1:09:49: Interview follow-up notes

Everyone hates dealing with passwords. This has led to a mad search for 'password-killer' technology. After several failed attempts, there's finally a worthy contender: passkeys. The technology has been around for years - it's the basis for hardware keys like YubiKey. But no one wanted to have to carry the little things all the time. With passkeys, you get the same phishing-proof, passwordless goodness but tied to a device you always have: your smartphone. Websites are slowly rolling out the ability to secure your accounts with passkeys, and Apple, Google and Microsoft are building support for passkeys into their operating systems. But I would caution you to wait a bit before jumping on the bandwagon - I'll explain why in today's show. In other news: update all your Apple devices; FBI and NSA break the notorious Snake malware; Intel deploys microcode security update; location data on 2M Toyoya customers exposed for years; new .zip and .mov domains are dangerously ambiguous; new crafty Chinese router malware; online age verification will cause serious problems; Apple will allow you to 'bank' your voice soon. Article Links [Tom's Guide] Apple issues urgent fix to block zero-day attacks — update your iPhone and Mac now https://www.tomsguide.com/news/apple-issues-urgent-fix-to-block-zero-day-attacks-update-your-iphone-and-mac-now [tech.co] FBI & NSA Cut the Head Off Notorious Russian Snake Malware https://tech.co/news/nsa-fbi-russian-snake-malware [Tom's Hardware] Intel Deploys Undisclosed Microcode Security Update For CPUs Going Back To Coffee Lake https://www.tomshardware.com/news/intel-microcode-security-update [BleepingComputer] Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/ [Digital Trends] Hackers are using a devious new trick to infect your devices https://www.digitaltrends.com/computing/hackers-are-abusing-zip-mov-domain-names/ [9to5mac.com] Researchers find security flaw in Wemo Smart Plug, Belkin says it won’t release a patch https://9to5mac.com/2023/05/16/wemo-smart-plug-security-flaw-no-patch-coming/ [Ars Technica] Malware turns home routers into proxies for Chinese state-sponsored hackers https://arstechnica.com/information-technology/2023/05/malware-turns-home-routers-into-proxies-for-chinese-state-sponsored-hackers/ [Electronic Frontier Foundation] Age Verification Mandates Would Undermine Anonymity Online https://www.eff.org/deeplinks/2023/03/age-verification-mandates-would-undermine-anonymity-online [9to5mac.com] Everyone should use Personal Voice; it does in 15 minutes what currently takes several weeks https://9to5mac.com/2023/05/19/everyone-should-use-personal-voice/ Tip of the Week: The Pros & Cons of Passkeys https://firewallsdontstopdragons.com/the-pros-and-cons-of-passkeys/ Further Info Meross MSS115 Matter-enabled smart plug: https://shop.meross.com/products/meross-matter-smart-wi-fi-plug-mini-mss115 Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:10: Update on new location tracker spec 0:02:52: News preview 0:05:30: FBI & NSA Cut the Head Off Notorious Russian Snake Malware 0:07:27: Intel Deploys Undisclosed Microcode Security Update 0:11:12: Toyota location data of 2M customers exposed for years

In the book "1984" (published in 1949), George Orwell envisioned a Big Brother that would control the media and dictate what was "truth". But Orwell didn't predict that "telescreens" would fit in our pockets or that we would willingly carry them with us 24/7, even to the bathroom. He also didn't foresee that we would willingly subscribe to sources of mis- and disinformation in the form of social media. Today I speak with the co-author of the book "Ministry of Truth", Vincent Hendricks, about the current state of social media and its influence on democracy and society. Vincent F. Hendricks, author of THE MINISTRY OF TRUTH: BigTech's Influence On Facts, Feelings And Fictions, is Professor of Formal Philosophy at the University of Copenhagen. He is the Director of the Center for Information and Bubble Studies (CIBS) funded by the Carlsberg Foundation. Interview Notes “Ministry of Truth” book: https://www.vince-inc.com/vincent/?p=7625  “1984” by George Orwell: https://en.wikipedia.org/wiki/Nineteen_Eighty-Four "Reality Lost" (free PDF book): https://link.springer.com/book/10.1007/978-3-030-00813-0 Vincent Hendricks website: https://www.vince-inc.com/vincent/ More from Vincent: https://www.oecd-forum.org/users/vincent-f-hendricks Blocking Google popups (and other annoyances): https://firewallsdontstopdragons.com/how-to-block-google-popups/ Further Info Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest   Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:23: Pre-inteview notes 0:03:51: Why did you write this book? 0:06:06: What is the current state of social media content moderation? 0:10:41: How equally are moderation rules applied to all users? 0:12:44: Do algorithms just feed our desire for stuff that's not good for us? 0:16:39: Are things really worse today or just different? 0:21:21: Do private companies have a moral duty to support a "public square"? 0:26:23: Are social media companies warping the public discourse? 0:28:58: Is TikTok really more of a threat than Facebook or Twitter? 0:31:15: Are any of the proposed TikTok solutions viable? 0:35:41: Why can't the US Congress pass a real privacy law? 0:38:00: Can we fix some key social media ills by adding some friction? 0:41:10: How will AI systems like ChatGPT impact disinformation? 0:44:15: Can AI also have positive impacts on social media? 0:48:10: How are social media platforms like casinos? 0:50:28: How are social media platforms like Orwell's Ministry of Truth? 0:51:34: How much responsibility do we have here? 0:57:42: What tips do you have for using social media today? 1:02:59: Interview wrap-up 1:03:28: Privacy and security book club 1:04:37: Patron perks 1:05:02: Preview of upcoming shows

Have you noticed Google getting really pushy lately with offers to "sign in with Google"? You're not alone. Many websites offer the ability to create a free account so that you can "personalize your experience", but lately Google has been popping up an very annoying window to prompt you to create this account by signing in with your Google account. First of all, you almost never need to create an account to view the site. But second, even if you do want to create an account, you shouldn't be linking that account with Google. You're creating a data sharing arrangement that is completely unnecessary and not in your best interests. I'll explain how to block these irritating popups (and many like them) for good. In other news: 1Password was not hacked, but recent messages might have worried you; new macOS malware stealer app; five things scammers hope you search for; Microsoft Edge is recording your web surfing data; Windows 10 will never receive another feature update; Microsoft is rewriting core Windows software in a memory-safe language; study claims 83% of passwords can be hacked in one second; Google adds support for passkeys; Apple issues first Rapid Security Response with confusing messages; NYPD hands out 500 free AirTags to combat auto thefts; Apple and Google partner on industry spec to thwart unwanted tracking devices; Google adds cloud backup for 2FA without end-to-end encryption; Amazon Clinic requires you to sign away privacy rights; Washington State pass health data privacy law; my take on recent efforts to undermine encryption and restrict access to social media. Article Links [Digital Trends] No, 1Password wasn’t hacked – here’s what really happened https://www.digitaltrends.com/computing/1password-secret-keys-not-hacked/ [9to5mac.com] PSA: ‘Atomic macOS Stealer’ malware can compromise iCloud Keychain passwords, credit cards, crypto wallets https://9to5mac.com/2023/04/28/atomic-macos-stealer-malware-steal-passwords/ [Lifehacker] Five Things Scammers Are Hoping You Google https://lifehacker.com/five-things-scammers-are-hoping-you-google-1850405964 [The Verge] Microsoft Edge is leaking the sites you visit to Bing https://www.theverge.com/2023/4/25/23697532/microsoft-edge-browser-url-leak-bing-privacy [Lifehacker] Microsoft Will Never Update Windows 10 Again (But You Can Keep Using It) https://lifehacker.com/microsoft-will-never-update-windows-10-again-but-you-c-1850386188 [theregister.com] Microsoft is busy rewriting core Windows code in memory-safe Rust https://www.theregister.com/2023/04/27/microsoft_windows_rust/ [9to5mac.com] Study reveals top 20 most used passwords; 83% can be cracked in a second https://9to5mac.com/2023/05/02/most-used-passwords-report/ [The Hacker News] Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts https://thehackernews.com/2023/05/google-introduces-passwordless-secure.html [AppleInsider] Apple issues Rapid Security Response update for iOS 16.4.1, macOS 13.3.1 https://appleinsider.com/articles/23/05/01/apple-issues-rapid-security-response-update-for-ios-1641-macos-1331 [AppleInsider] New York hands out 500 AirTags in car theft crackdown https://appleinsider.com/articles/23/05/01/new-york-hands-out-500-airtags-in-car-theft-crackdown [Apple] Apple, Google partner on an industry specification to address unwanted tracking https://www.apple.com/newsroom/2023/05/apple-google-partner-on-an-industry-specification-to-address-unwanted-tracking/ [Gizmodo] Google’s New Two-Factor Authentication Isn’t End-to-End Encrypted, Tests Show https://gizmodo.com/google-authenticator-two-factor-not-end-encrypted-1850377102 [The Washington Post] To become an Amazon Clinic patient, first you sign away some privacy https://www.washingtonpost.com/technology/2023/05/01/amazon-clinic-hipaa-privacy/ [The Verge] Washington passes law requiring consent before companies collect health data https://www.theverge.

There's a big difference between mass surveillance and targeted surveillance based on a court-approved, limited-scope search warrant. But advances in technology have made warrant-less, dragnet surveillance exceptionally easy and stunningly effective. Local law enforcement agencies have deployed several types of surveillance systems in our communities, but have strongly resisted calls for transparency and oversight. Furthermore, police have simply bypassed the need for a warrant and pesky Fourth Amendment rights by just buying surveillance data from private companies. My guests today - Albert Fox Cahn and Evan Enzer, from the Surveillance Technology Oversight Project (S.T.O.P.) - will explain what's going on, why it's a danger to our privacy rights and democratic principles, and what we can do to fix it. Interview Notes Surveillance Technology Oversight Project: https://www.stopspying.org/  STOP on Twitter & TikTok: @STOPSpyingNY Donate to S.T.O.P.  https://www.stopspying.org/donate  STOP Trojan House report: https://www.stopspying.org/the-trojan-house  Public Oversight of Surveillance Technology (POST) Act: https://www.nyc.gov/site/nypd/about/about-nypd/policy/post-act.page  Community Control of Police Surveillance (CCOPS): https://www.eff.org/issues/community-control-police-surveillance-ccops  Electronic Frontier Alliance: https://www.eff.org/fight  EFF’s Atlas of Surveillance: https://atlasofsurveillance.org/  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:33: Interview setup 0:03:26: What is the Surveillance Technology Oversight Project? 0:07:57: What are the most common mass surveillance technologies? 0:10:15: How does Shot Spotter work and what are the dangers? 0:13:02: Do these technologies actually reduce crime? 0:14:38: Is law enforcement required to disclose info on these systems? 0:17:35: How transparent is the funding around these projects? 0:19:21: Who has access to this surveillance data? 0:21:20: 9/11 revealed a lack of data sharing - what's the right balance? 0:22:42: Is privately obtained surveillance data subject to 4th Amendment rights? 0:23:53: What is the "third party doctrine" and how does it apply here? 0:26:15: How does purchased data differ from data obtained via warrant? 0:27:56: How does the practice of "parallel construction" work? 0:29:22: What is my legal right to privacy when in public spaces? 0:31:09: What are my legal rights to "surveil" law enforcement? 0:32:44: How are police using copyright law to curtail video taping? 0:34:13: Who watches the watchers? Is there any oversight of mass surveillance? 0:36:52: How do you uncover surveillance use and abuse? 0:38:45: How can we mitigate consumer surveillance tech? 0:41:53: Are there any tools or techniques to mitigate public surveillance? 0:46:22: What's the solution here? How do we rein in mass surveillance? 0:50:06: How can people get involved in the fight against mass surveillance? 0:51:51: Interview wrap-up 0:54:51: Looking ahead

Our smartphones have become indispensable tools for our daily lives - so seeing that dreaded red battery indicator can induce some serious anxiety. But before you jack your phone into some public USB charging port, think twice. Those USB connections can pass data as well as power, and it's actually possible to hack your phone using those ubiquitous and innocent-looking ports. Is this common? Probably not. But it's also very easy to avoid. I'll give you several tips for staying safe, particularly while traveling. In other news: Mullvad VPN was subjected to a search warrant (but had no data to give up); Proton has announced that it has created a password manager; YubiCo is merging with another company and going public; Facebook probably owes you some money; Apple HomePods can tell you if your house is on fire; one of several Israeli spyware makers is shutting down; the US and several partner countries are urging device makers to adopt Security by Design principles; hackers use fake Chrome updates to install malware; the much-hyped Florida water treatment plant hack wasn't really a hack; clever thieves are stealing modern cars through headlamp connectors; and health care portal check-in vendors are tricking patients into allowing them to monetize very sensitive health data. Article Links [mullvad.net] Mullvad VPN was subject to a search warrant. Customer data not compromised https://mullvad.net/en/blog/2023/4/20/mullvad-vpn-was-subject-to-a-search-warrant-customer-data-not-compromised/ [proton.me] Proton Pass is now in beta https://proton.me/blog/proton-pass-beta [yubico.com] Yubico is merging with ACQ Bure: merged company intends to go public on Nasdaq First North Growth Market in Stockholm https://www.yubico.com/blog/yubico-is-merging-with-acq-bure/ [Lifehacker] Facebook Probably Owes You Money https://lifehacker.com/facebook-probably-owes-you-money-1850350640 [MacRumors] HomePod Can Now Alert You If Your Smoke Alarm Goes Off https://www.macrumors.com/2023/04/18/homepod-alert-smoke-alarm/ [The Hacker News] Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose https://thehackernews.com/2023/04/israeli-spyware-vendor-quadream-to-shut.html [cisa.gov] U.S. and International Partners Publish Secure-by-Design and -Default Principles and Approaches    https://www.cisa.gov/news-events/news/us-and-international-partners-publish-secure-design-and-default-principles-and-approaches [Tom's Guide] Hackers are using fake Chrome updates to spread malware — don’t fall for this https://www.tomsguide.com/news/hackers-are-using-fake-chrome-updates-to-spread-malware-dont-fall-for-this  [VICE] Much-Hyped Water Plant Hack Wasn't a Hack, Was Actually User Error, Official Says https://www.vice.com/en/article/y3wddv/much-hyped-water-plant-hack-wasnt-a-hack-was-actually-user-error-official-says [theregister.com] CAN do attitude: How thieves steal cars using network bus https://www.theregister.com/2023/04/06/can_injection_attack_car_theft/ [statnews.com] I declined to share my medical data with advertisers at my doctor’s office. One company claimed otherwise https://www.statnews.com/2023/04/07/medical-data-privacy-phreesia/ Tip of the Week: How to Avoid Juice Jacking https://firewallsdontstopdragons.com/how-to-avoid-juice-jacking/ Further Info Facebook settlement form: https://www.facebookuserprivacysettlement.com/#submit-claim  CISA Secure by Design, Secure by Default: https://www.cisa.gov/securebydesign  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.

As cybersecurity experts love to say, the "S" in "IoT" stands for security... meaning there is none. I've seen estimates that say there were almost 30 billion IoT devices on the internet in 2022. I have dozens of them on my home network alone. Each of these devices contains at least one computer, which is running potentially hackable software. And because these devices have internet connections, they are vulnerable to cyber attacks from anywhere on the planet. Today I'll ask Bill Niefert from Corellium how IoT devices differ from regular computers, how secure they are, what the risks are of insecure smart devices, and how we can make them better. Interview Notes Corellium: https://www.corellium.com/  Interesting IoT statistics: https://techjury.net/blog/internet-of-things-statistics/  Raspberry Pi: https://www.raspberrypi.org/  Fun RPi projects: https://www.pcworld.com/article/420028/10-practical-raspberry-pi-projects-anyone-can-do.html  Matter IoT standard: https://en.wikipedia.org/wiki/Matter_(standard)  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:40: Interview terminology preview 0:04:49: Tell us about Corellium and what you do there 0:09:34: What is an ARM processor? 0:12:23: How do IoT devices compare to regular computers? 0:16:03: How do you design for security in cheap, slow IoT devices? 0:20:10: Are IoT devices fundamentally more hackable than regular computers? 0:25:07: Does your home Wi-Fi router adequately shield IoT devices from hacking? 0:28:31: Should you put IoT devices on your guest network? 0:34:35: What are the real-world dangers of having compromised IoT devices? 0:37:34: What is the new Matter IoT framework all about? 0:43:47: Does the Matter standard come with improved cybersecurity? 0:45:30: What are the privacy concerns for IoT devices? 0:53:19: Should IoT manufacturers be held liable for security failures? 0:58:18: Wrap-up 0:59:16: What is a Raspberry Pi and what can I do with it? 1:01:25: Matter security and privacy 1:02:16: Bonus content

Right after releasing my episode on web fingerprinting, highly-respected VPN provider Mullvad teamed up with Tor to release a new web browser, specifically designed to protect your privacy - including attempting to block fingerprinting! Great timing, so I thought I'd give you my review of the Mullvad Browser - the good, the bad, and (yes) the ugly. In other news: Timely tips on spotting IRS phone scams; ultrasound attacks can hijack your smart speakers; brace yourself for a wave of more sophisticated AI-based scams; alcohol recover startups shared patients' data with advertisers; Google to require app developers to let you delete your account data; FBI's Operation Cookie Monster shuts down popular cybercrime forum; Facebook will grudgingly offer users in Europe to opt out of all tracking; the FDA is requiring medical device manufacturers to improve cybersecurity and support; and I answer a Dear Carey question about how to use a Mac mini as a server to host private versions of cloud apps. Article Links [NPR] No, the IRS isn't calling you. It isn't texting or emailing you, either https://www.npr.org/2023/04/07/1168353969/irs-scam-tax-day-imposter-how-to-avoid [Gizmodo] Ultrasound Attack Can Secretly Hijack Phones and Smart Speakers, Researchers Find https://gizmodo.com/ultrasound-attack-hacks-phones-siri-alexa-usenix-1850273055 [WIRED] Brace Yourself for a Tidal Wave of ChatGPT Email Scams https://www.wired.com/story/large-language-model-phishing-scams/ [TechCrunch] Alcohol recovery startups Monument and Tempest shared patients’ private data with advertisers https://techcrunch.com/2023/04/04/monument-tempest-alcohol-data-breach/ [Engadget] Google will require that Android apps let you delete your account and data https://www.engadget.com/google-will-require-that-android-apps-let-you-delete-your-account-and-data-170618841.html [CNN] ‘Operation Cookie Monster’: FBI seizes popular cybercrime forum used for large-scale identity theft https://www.cnn.com/2023/04/04/politics/genesis-market-fbi-seizure/index.html [BGR] Facebook and Instagram users can now opt out of tracking, but only in Europe https://bgr.com/tech/facebook-and-instagrams-users-can-now-opt-out-of-tracking-but-only-in-europe/ [scmagazine.com] FDA will refuse new medical devices for cybersecurity reasons on Oct. 1 https://www.scmagazine.com/news/device-security/fda-will-refuse-new-medical-devices-for-cybersecurity-reasons-on-oct-1 Tip of the Week: Mullvad Browser https://firewallsdontstopdragons.com/new-privacy-tool-mullvad-browser/ Further Info Watchman Privacy interview: https://www.youtube.com/watch?v=fByagxDetVI  Using ultrasound to drive away teens: https://www.today.com/news/controversial-mosquito-sonic-devices-deter-young-people-high-pitched-sounds-t157801  Train Siri to recognize your voice: https://support.apple.com/en-us/HT204753  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:22: Important software updates 0:01:13: Watchman Privacy interview 0:01:44: News preview 0:04:38: Beware IRS phone scams 0:09:42: New ultrasound attacks against digital assistants 0:17:51: Brace yourself for AI-enhanced email scams 0:27:45: Alcohol recovery startups shared patients' private data with advertisers 0:30:28: Google will require that Android apps delete your account and data 0:35:00: FBI Operation Cookie Monster shuts down popular...

On today's show, I'll take you behind the scenes of not one, not two, but three different privacy websites. I ask Nate from The New Oil and Niek from Privacy Guides how they deal with being a public figures advocating for privacy, how they set their personal standards for privacy products, and how they cope with people and product makers who complain about their recommendations (or lack thereof). I ask them about some favorite products that they've had to remove from their recommended lists and where they go to keep up to date on privacy topics and products. Finally, I ask them what gives them hope about the future of privacy and what keeps them up at night. Interview Notes The New Oil: https://thenewoil.org/  Privacy Guides: https://www.privacyguides.org/ Techlore: https://techlore.tech/  Panopticon: https://en.wikipedia.org/wiki/Panopticon Naomi Brockwell on VPNs: https://www.youtube.com/watch?v=8MHBMdTBlok  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:03:02: Transcriptions coming! 0:04:25: Introductions 0:05:55: As a private person, what's it like putting yourself out there? 0:09:13: How do you handle the haters? 0:12:09: How do you keep up to date on privacy and related products? 0:15:29: How often have you had to reverse product recommendations? 0:20:33: How do you set the threshold for how private a product should be? 0:26:10: Where do YOU go to learn about privacy products and topics? 0:31:19: A little humility goes a long way 0:33:25: Choosing a good VPN provider 0:37:44: Should people use antivirus software? If so, which ? 0:40:57: How do you set and enforce your product recommendation criteria? 0:47:27: Do you think your standards help to improve the market? 0:49:08: What gives you hope about the future? And what keeps you up at night? 0:55:10: What can I do to further the cause of privacy? 0:59:05: Interview wrap-up 1:00:32: Dear Carey: Top privacy guidelines and topics for discussion?

Marketers are desperately trying to follow us as we traverse the web. Tracking where we go and what we do allows them to better target us with ads. Browsers have built in protections to block older tracking techniques like cookies and tracking pixels, and so ad companies have had find new methods for identifying us across websites. Unfortunately, they've settled on a technique that is extremely difficult to defeat: fingerprinting. I'll explain what is, how it works, and what you can do to mitigate it. In other news: Google is warning Android users to update their devices right away in order to fix some truly nasty bugs; hackers are using malicious Chrome extensions to read your Gmail and potentially hack your Android device; popular fertility apps are collecting ridiculous amounts of highly personal data and sharing it with partners; scammers are using AI to simulate voices of people you know to steal your money; CISA has launched a great new ransomware vulnerability pilot program; I'll tell you why you should opt out of sharing your data with your mobile service provider; America's threatening to ban TikTok but this won't fix the real problem; the IRS is supposed to be moving away from ID.me authentication. Article Links [Naked Security] Dangerous Android phone 0-day bugs revealed – patch or work around them now! https://nakedsecurity.sophos.com/2023/03/17/dangerous-android-phone-0-day-bugs-revealed-patch-or-work-around-them-now/ [Tom's Guide] Hackers are stealing Gmail messages — delete this extension right now https://www.tomsguide.com/news/hackers-are-stealing-gmail-messages-delete-this-extension-right-now [The Conversation] Popular fertility apps are engaging in widespread misuse of data, including on sex, periods and pregnancy https://theconversation.com/popular-fertility-apps-are-engaging-in-widespread-misuse-of-data-including-on-sex-periods-and-pregnancy-202127 [consumer.ftc.gov] Scammers use AI to enhance their family emergency schemes https://consumer.ftc.gov/consumer-alerts/2023/03/scammers-use-ai-enhance-their-family-emergency-schemes [cisa.gov] CISA Establishes Ransomware Vulnerability Warning Pilot Program https://www.cisa.gov/news-events/news/cisa-establishes-ransomware-vulnerability-warning-pilot-program [briankrebs] Why You Should Opt Out of Sharing Data With Your Mobile Provider https://krebsonsecurity.com/2023/03/why-you-should-opt-out-of-sharing-data-with-your-mobile-provider/ [The Washington Post] America’s online privacy problems are much bigger than TikTok https://www.washingtonpost.com/technology/2023/03/24/tiktok-online-privacy-laws/ Dear Carey: IRS plans to approve use of Login-dot-gov as Tax Day nears https://www.fcw.com/it-modernization/2023/03/plans-approve-use-login-dot-gov-tax-day-nears/383934/  Tip of the Week: https://firewallsdontstopdragons.com/how-to-block-web-fingerprinting/  Further Info Syncthing: https://syncthing.net/  KeePassXC: https://keepassxc.org/  IP address black list check: https://whatismyipaddress.com/blacklist-check  EFF on TikTok: https://www.eff.org/deeplinks/2023/03/government-hasnt-justified-tiktok-ban Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:49: Local password vault sync solution 0:05:07: News preview 0:06:47: Dangerous Android Baseband Bugs Patched 0:18:19: Hackers stealing Gmail messages via browser plugin 0:22:29: Popular fertility apps are engaging in widespread misuse of data