Firewalls Don't Stop Dragons Podcast

The year is almost over and as we head into the holiday season I wanted to reminisce with some of my favorite snippets from the last year! Unlike in previous 'best of' shows, I've actually included some new snippets from my private podcast, to give you a little taste of the bonus content that I create for my patrons! The links in the show notes will take you to the full episodes, including all the relevant 'further information' links associated with them. Happy holidays, everyone!! Article Links Ep267: Luck Favors the Prepared https://podcast.firewallsdontstopdragons.com/2022/04/11/luck-favors-the-prepared/  Ep279: Necessary Chaos: https://podcast.firewallsdontstopdragons.com/2022/07/04/necessary-chaos/  Ep272: Tomatoes & Telegraphs: https://podcast.firewallsdontstopdragons.com/2022/05/23/tomatoes-telegraphs/  Ep275: Cryptocurrency 101: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/  Ep283: No Place Left to Hide: https://podcast.firewallsdontstopdragons.com/2022/08/01/now-place-left-to-hide/ Ep287: The Night the Lights Went Out in Vegas: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/  Ep289: Decoding Computers & Software: https://podcast.firewallsdontstopdragons.com/2022/09/12/decoding-computers-software/  Ep292: Capture the Flag for Fun & Profit: https://podcast.firewallsdontstopdragons.com/2022/10/03/capture-the-flag-for-fun-profit/ Steganography: https://en.wikipedia.org/wiki/Steganography Further Info Give the gift of security and privacy! https://fdsd.me/coupons  300th episode promotion: https://fdsd.me/ep300  Patron promotion: https://fdsd.me/coinpromo  Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:17: Ep267: How the internet works 0:10:23: Ep279: Getting into electronics and hacking 0:16:22: Ep273: The invention of the one-time pad 0:24:36: Ep275: Why do we need cryptocurrency? 0:30:26: Ep283 BONUS: What's it like arguing in front of the Supreme Court? 0:35:33: Ep283: This suspect looks just like Woody Harrelson! 0:40:26: Ep287: The time DEF CON almost ended 0:49:15: Ep289: The historical origins of software and storage 0:56:28: Ep292: Ender's Game-ing a hacker tournament 1:02:20: Ep288 Merlin's Musings: Steganography 1:10:39: Wrap-up

Today when computer systems fail, they can cause real, physical harm. In just the last few years, we've seen cyber attacks interfere with our food supply, tamper with city water supplies, and disrupt gas pipelines. While cheap consumer electronics often have poor security, medical devices like insulin pumps and pacemakers are also vulnerable to attack - and the consequences of failure can be lethal. The free market doesn't reward better security. Regulations are weak or nonexistent, regulators are understaffed and underfunded. Targeted organizations lack sufficient funding, training and personnel to prepare and respond. They need help. I Am the Cavalry aims to engage technologists and hackers to ride to the rescue. Joshua Corman is VP of Cyber Safety Strategy at Claroty, Founder of I am The Cavalry, and formerly served as Chief Strategist for CISA regarding COVID, healthcare, and public safety. Interview Links I Am The Cavalry: https://iamthecavalry.org/  BSides 2022 Cavalry presentation: https://www.youtube.com/watch?v=aw3egJej7so  The Cavalry Isn’t Coming (DEF CON 21 talk): https://www.youtube.com/watch?v=2kMGdkOMSK0  Rugged Software Manifesto: https://github.com/rugged-software/rugged-software.github.io  CISA Bad Practices: https://www.cisa.gov/BadPractices  CISA Information Sharing and Awareness: https://www.cisa.gov/information-sharing-and-awareness  Maslow’s Hierarchy of Needs: https://www.simplypsychology.org/maslow.html  Click Here to Kill Everyone: https://www.schneier.com/books/click-here/  SBOM interview: https://podcast.firewallsdontstopdragons.com/2021/07/19/its-time-to-drop-the-sbom/  My Jeff Moss interview: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/  Further Info 300th episode promotion: https://fdsd.me/ep300  Patron promotion: https://fdsd.me/coinpromo  Send me your questions! https://fdsd.me/qna  Subscribe to the newsletter: https://fdsd.me/newsletter Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:28: Giveaway and promotion update 0:02:46: Holiday gift ideas 0:03:59: Interview preview 0:08:35: How did I Am the Cavalry get started? 0:16:52: How does focusing on physical harms change your approach to cybersecurity? 0:20:33: Why is it so important to 'meet people where they are'? 0:23:40: How do you best help organizations that are target rich but cyber poor? 0:31:47: What is the crawl, walk, run progression? 0:34:33: Why is it so important to compartmentalize systems? 0:35:56: How do we do a better job of designing security in from the start? 0:39:01: Is it safer for small companies to use managed services? 0:42:17: What role should the government play here? 0:52:57: If I want to get help for my organization, where should I go? 0:58:18: What's next for the Cavalry and how can I get involved? 1:05:09: Interview wrap-up 1:06:35: Book recommendations 1:07:43: Preview of upcoming shows

Tis the season for giving... and unfortunately, also for taking. Scammers tend to be extremely active during the holiday season. We're buying lots of stuff online, having lots of packages delivered. We're away from our homes for extended periods of time. We're giving money to charities. We're firing up new tech toys. The bad guys know this and are happy to take advantage of our chaotic holiday schedule and unusual levels of spending and giving. I'll give you some top tips to avoid being a victim this holiday season. In other news: the SFPD wants to arm its law enforcement robots; the TSA is expanding the use of facial recognition at airports; Microsoft warns of malware coming from Google Ads; a new study shows that computer repair shops may be accessing your personal data; WhatsApp data breach affects nearly 500M users; Twitter data breach was far worse than reported; Meta shuts down covert US propaganda operation; US watchdog raises warning for offshore oil and gas rig security; a new malware campaign bypasses Windows protections; LastPass admits to customer data breach caused by previous breach; and Anker's Eufy cameras caught sending data to cloud without user consent. Article Links [Electronic Frontier Foundation] Red Alert: The SFPD want the power to kill with robots https://www.eff.org/deeplinks/2022/11/red-alert-sfpd-want-power-kill-robots [The Washington Post] TSA now wants to scan your face at security. Here are your rights. https://www.washingtonpost.com/technology/2022/12/02/tsa-security-face-recognition/ [BleepingComputer] Brave starts showing "privacy-preserving" ads in search results https://www.bleepingcomputer.com/news/technology/brave-starts-showing-privacy-preserving-ads-in-search-results/ [Tech.co] Microsoft Warns Hackers Use Google Ads to Deliver Ransomware https://tech.co/news/microsoft-warns-hackers-google-ads-ransomware [Ars Technica] Thinking about taking your computer to the repair shop? Be very afraid https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/ [TechRadar] WhatsApp data breach sees nearly 500 million user records up for sale https://www.techradar.com/news/whatsapp-data-breach-sees-nearly-500-million-user-records-up-for-sale [9to5mac.com] Massive Twitter data breach was far worse than reported, reveal security researchers https://9to5mac.com/2022/11/25/massive-twitter-data-breach/ [BleepingComputer] Meta links U.S. military with covert Facebook influence operation https://www.bleepingcomputer.com/news/security/meta-links-us-military-with-covert-facebook-influence-operation/ [TechCrunch] US offshore oil and gas rigs at ‘significant’ risk of cyberattacks, warns watchdog https://techcrunch.com/2022/11/22/offshore-oil-gas-cyberattacks-watchdog/ [TechRadar] This new malware is able to bypass all of Microsoft's security warnings https://www.techradar.com/news/this-new-malware-is-able-to-bypass-all-of-microsofts-security-warnings [Naked Security] LastPass admits to customer data breach caused by previous breach https://nakedsecurity.sophos.com/2022/12/02/lastpass-admits-to-customer-data-breach-caused-by-previous-breach/ [MacRumors] Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ Tip of the Week: Tis the Season for Scams: https://firewallsdontstopdragons.com/how-to-avoid-holiday-scams/ Further Info Boston Dynamics robodog: https://www.youtube.com/watch?v=6Zbhvaac68Y  This Person Doesn’t Exist: https://thispersondoesnotexist.com/  300th episode promotion: https://fdsd.me/ep300  Patron promotion: https://fdsd.me/coinpromo  Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book

I can't believe I've been doing this for 300 weeks - almost 6 years now! And returning for his 3rd "podcentennial" episode is world-renowned security guru Bruce Schneier! Today we'll discuss hacking - not just in the realm of computers, but in legal, political, social and economic spaces. And then we'll talk about how artificial intelligence and computer automation are starting to play a significant role in hacking all of these realms. Computers and AI expand the scope, scale and speed of hacking and we're honestly not prepared for it. To celebrate the 300th episode and the coming release of the 5th edition of my book, today I'm kicking off a big giveaway with lots of prizes and a killer promotion for patrons on Patreon! (See below for links.) Bruce Schneier is an internationally renowned technologist and security guru. He is the author of over one dozen books, including his latest, A Hacker’s Mind, due out in February, I believe. He has testified before Congress and has served on several government committees and corporate boards, written many seminal papers, has a very popular blog called Crypto-Gram, and last but not least, Bruce is the Chief of Security Architecture at Inrupt.  Further Info 300th episode promotion: https://firewallsdontstopdragons.com/enter-to-win-300th-podcast-giveaway/ Patron promotion: https://www.patreon.com/posts/december-patron-75151773 The Coming AI Hackers: https://www.schneier.com/academic/archives/2021/04/the-coming-ai-hackers.html  A Hacker’s Mind book: https://www.schneier.com/books/a-hackers-mind/  Give the gift of security & privacy: https://firewallsdontstopdragons.com/give-the-gift-of-security-and-privacy/ Check out my Best & Worst Gifts Guide for 2022: https://firewallsdontstopdragons.com/best-worst-gifts-2022/ The Coming AI Hackers: https://www.schneier.com/academic/archives/2021/04/the-coming-ai-hackers.html  A Hacker’s Mind book: https://www.schneier.com/books/a-hackers-mind/  The Trolley Problem: https://en.wikipedia.org/wiki/Trolley_problem  Gödel's incompleteness theorems: https://en.wikipedia.org/wiki/G%C3%B6del's_incompleteness_theorems  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:31: Interview preview 0:02:29: Interview start 0:03:13: How does hacking differ from inventing or just cheating? 0:07:14: What is artificial intelligence and when will it be like teh sci-fi version? 0:11:32: Do we have to worry about AI replacing us or taking over? 0:13:57: Can we program human values into AI systems? 0:18:09: Why are reward and goal alignment so crucial for AI? 0:20:28: Will we ever implicitly trust AI if we can't explain its answers? 0:25:37: Do we put too much trust in some AI systems? 0:27:59: How might AI systems be used to hack financial or political systems? 0:33:26: Can we govern AI systems with human laws? 0:36:40: Are non-computer systems more susceptible to hacks due to uncodified norms? 0:42:41: Can AI think outside the box if it doesn't understand the box? 0:48:05: How does terrorism hack our brains and how do we prevent that? 0:53:35: What are some Utopian possibilities for AI? 0:55:08: How do we get more public interest technologists? 0:56:28: Interview wrap-up 0:58:19: 300th podcast giveaway! 1:01:49: Patron promotion!

Black Friday is just around the corner, which marks the unofficial launch of the holiday shopping season. As you're considering what gifts to give to your loved ones this year, I want to make sure you're thinking about the privacy and security aspects. To that end, I have updated my annual Best and Worst Gift Guide and I will go over the highlights in this episode for my Tip of the Week. But I also have a special new gift idea this year: security and privacy coupons that you can download and give to your loved ones! In the news: USPS tells customers to avoid using the big blue mailboxes for gifts and important letters during the holiday season; Google pays nearly $400M fine to 40 states who sued over location tracking; Medibank refuses to pay ransom for data and criminals are starting to leak sensitive medical records online; TransUnion reports a data breach; FBI director warns that TikTok is a national security risk; Lenovo laptops are exposed to UEFI malware risks (update now); a mysterious company with government ties and a history of spying has become a root certificate authority; the British government is scanning its citizens devices looking for vulnerabilities in hopes of fixing them; almost 50% of all Mac malware can be traced to a single, security application; Apple apps are sending tons of analytics data to Apple even when analytics are disabled; I answer a listener question (Dear Carey) about the best Mastodon clients, in the wake of the Twitter collapse. Article Links [Lifehacker] Avoid Using Blue Mailboxes During the Holidays, USPS Warns https://lifehacker.com/avoid-using-blue-mailboxes-during-the-holidays-usps-wa-1849773201 [The Hacker News] Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html [CPO Magazine] Medibank Refuses Ransom Payments, Hackers Leak Stolen Health Data to Dark Web https://www.cpomagazine.com/cyber-security/medibank-refuses-ransom-payments-hackers-leak-stolen-health-data-to-dark-web/ [BGR] TransUnion data breach compromises financial information of consumers https://bgr.com/tech/transunion-data-breach-compromises-financial-information-of-consumers/ [USA TODAY] FBI director says TikTok poses national security threat, and he's 'extremely concerned' https://www.usatoday.com/story/tech/2022/11/16/tiktok-poses-national-security-threat-fbi/10709987002/ [Ars Technica] Lenovo driver goof poses security risk for users of 25 notebook models https://arstechnica.com/information-technology/2022/11/lenovo-patches-secure-boot-vulnerabilities-that-imperil-25-notebook-models/ [The Washington Post] Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ [Bleeping Computer] British govt is scanning all Internet devices hosted in UK https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/amp/ [Tom's Guide] Almost 50% of macOS malware reportedly comes from single app — delete it now https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now [Gizmodo] Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not, New Research Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558 Dear Carey: Mastodon clients. https://joinmastodon.org/apps  https://bilge.world/mastodon-ios-apps  Further Info Best & Worst Gifts for 2022: https://firewallsdontstopdragons.com/best--worst-gifts-2022/ Privacy & Security Coupons: https://fdsd.me/coupons  Give thanks and donate! https://firewallsdontstopdragons.com/give-thanks-donate/  Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://firewallsdo...

Connected computers have changed the world perhaps more than any other single invention. The impacts of nearly instant global communication and effectively infinite, perfect storage of information are at once undeniable and difficult to fully comprehend. And yet, technologists, bureaucrats and corporate leaders make decisions on a daily basis that should be considering the repercussions. Just because you can do something doesn't mean you should. Today, we'll discuss the digitization of the world and some of the more important impacts it has had and is having on society with the authors of the book Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion. Harry Lewis, former Dean of Harvard College, is Gordon McKay Professor of Computer Science at Harvard. Ken Ledeen is the Chairman and Chief Executive Officer at Nevo Technologies, Inc., a software development and information technology consulting firm located in Cambridge, Massachusetts. Wendy Seltzer is Strategy Lead and Counsel to the World Wide Web Consortium (W3C) at MIT, improving the Web’s security, availability, and interoperability through standards. Further Info Buy or download Blown to Bits: https://www.bitsbook.com/thebook/  Weird Marketing Tales interviewed me: https://weirdmarketingtales.com/why-firewalls-dont-stop-dragons-carey-parker-privacy-security/   Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Become a Patron! https://www.patreon.com/FirewallsDontStopDragons  Donate directly with Monero! https://firewallsdontstopdragons.com/contact/  Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:03:16: interview start 0:04:03: What brought you all together to write this book? 0:05:28: What are the biggest changes since the first edition? 0:10:04: What were the impacts of the Edward Snowden revelations? 0:12:44: How do we resolve the tension between privacy and law enforcement? 0:16:43: Are computer systems free from bias? 0:19:22: How do algorithms impact judicial decisions? 0:20:45: Why is it hard to explain how AI systems make decisions? 0:28:33: What is net neutrality and who are the gatekeepers today on the internet? 0:31:59: Have we lost the original Utopian ideal of the internet? 0:35:41: How have content moderation and personalization affected our experience? 0:40:48: How do these companies hyper-personalize the web? 0:45:44: Are we changing our own behaviors to game the algorithms? 0:47:35: Are bits more fragile than parchment and cave paintings? 0:53:29: What gives you hope? What keeps you up at night? 0:58:12: Interview wrap-up 0:59:34: Upcoming shows, promotions, interviews

QR codes are not inherently dangerous. They're effectively links we can click in the real world using the camera app on our phone. Like hyperlinks on a web page, QR code "links" can take you to good websites or bad websites. They can also disguise their ultimate destination by using URL shortening services like bitly or owly. But now "free" QR code generator websites - that is, sites that will let you create one of these QR codes by entering the HTTP link you want it to take people to - are using these redirects to basically hold your QR code for ransom. The QR codes they give you use the redirect links to insert themselves into the middle - and after some time, they will stop working until you subscribe and pay them money. If you've already printed these codes on hundreds of business cards or dozens of plaques for your restaurant, they they've really got you over a barrel. I'll help you avoid these scams. In other news: Microsort warns that attackers are quickly leveraging newly reported zero-days; some Chrome extensions are making money by inserting affiliate links for thousands of websites; Microsoft appears to be readying a useful PC cleanup tool for release; Apple clarifies its policy on security updates for older OS releases; a report details how hidden AI algorithms are affecting the lives of DC residents; facial recognition systems are being installed in many soccer stadiums; Uber is planning to bombard their users with ads; Clearview AI has been fined 30M euros by France; Apple is ramping up its own ads on its various apps and devices; and I answer another Dear Carey question, this one on the case that is bringing Section 230 in front of the Supreme Court. Article Links [Hacker News] Microsoft Warns of Uptick in Hackers Leveraging Publicly-Disclosed 0-Day Vulnerabilities https://thehackernews.com/2022/11/microsoft-warns-of-uptick-in-hackers.html [BleepingComputer] Chrome extensions with 1 million installs hijack targets’ browsers https://www.bleepingcomputer.com/news/security/chrome-extensions-with-1-million-installs-hijack-targets-browsers/ [PCWorld] Microsoft’s surprise PC Manager system optimizer takes aim at CCleaner https://www.pcworld.com/a rticle/1360140/microsoft-releases-beta-of-a-ccleaner-style-pc-manager-tool.html [Ars Technica] Apple clarifies security update policy: Only the latest OSes are fully patched https://arstechnica.com/gadgets/2022/10/apple-clarifies-security-update-policy-only-the-latest-oses-are-fully-patched/ [WIRED] Algorithms Quietly Run the City of DC—and Maybe Your Hometown https://www.wired.com/story/algorithms-quietly-run-the-city-of-dc-and-maybe-your-hometown/ [WIRED] Soccer Fans, You’re Being Watched https://www.wired.com/story/soccer-world-cup-biometric-surveillance/ [Gizmodo] Uber Plans to Advertise to You At Every Stage of Your Ride, Using Your Own Data https://gizmodo.com/uber-ads-ride-share-uber-eats-1849678092 [Naked Security] Clearview AI image-scraping face recognition service hit with €20m fine in France https://nakedsecurity.sophos.com/2022/10/26/clearview-ai-image-scraping-face-recognition-service-hit-with-e20m-fine-in-france/ [Lifehacker] How to Block Apple’s Own Ads on Your iPhone https://lifehacker.com/how-to-block-apple-s-own-ads-on-your-iphone-1849703889 Tip of the Week: https://firewallsdontstopdragons.com/qr-code-scams-revisited/ Further Info Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/ Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:42: Countdown to 300

It's easy to tell people to use this or that privacy tool, but this always assumes that you trust the service that is providing that tool. How can mere mortals ever hope to obtain sufficient knowledge of the inner workings of these products and service providers that would allow them to make an informed decision? Today, I'll ask Adrianus Warmenhoven from Nord VPN that question, along with questions about normalizing surveillance and what privacy really means in our digital internet society. Adrianus Warmenhoven is a Defensive Strategist and Threat Intelligence Manager at NordVPN. He is responsible for getting the most relevant IOCs (Indicators of Compromise), malware samples and their indicators and generally mapping out the threat landscape for the company’s customers. Interview Links Nord VPN: https://nordvpn.com/The Follower: https://driesdepoorter.be/thefollower/ Five-Eyes Countries: https://en.wikipedia.org/wiki/Five_Eyes Electronic Frontier Foundation: https://www.eff.org/ Mozilla Foundation: https://foundation.mozilla.org/en/ Give thanks and donate: https://firewallsdontstopdragons.com/give-thanks-donate/  Further Info Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:26: Elon Musk buys Twitter0:01:31: What is Mastodon?0:02:36: Interview preview0:04:13: Tell us about Nord and what you do there0:05:25: What is most misunderstood about privacy?0:07:53: How does my privacy overlap your privacy?0:10:08: What threats to privacy aren't getting enough attention?0:13:02: Doesn't capitalism require companies to monetize our data?0:16:26: Is it possible compartmentalize our lives today?0:18:32: Why can't we learn that just because we can doesn't mean we should?0:22:09: How does privacy in the physical world differ from online?0:24:21: Have we normalized surveillance for the younger generation?0:30:22: How do we know which companies to trust with our privacy?0:38:11: How can companies avoid gathering user data?0:42:47: How important is transparency for consumers?0:45:48: How do VPNs work and how do they fail?0:48:46: How important is it for privacy companies to be in favorable jurisdictions?0:52:19: How can I get more involved with privacy rights?0:56:03: What gives you hope?0:57:59: Bonus content0:58:54: Interview wrapup1:01:51: Give thanks and donate1:03:17: Dear Carey - ask me a question1:04:13: Upcoming stuff

This is going to sound bonkers, even though you're used to so many things tracking you... web pages, emails, and apps... but I'm here to tell you that while you're watching your TV, your TV is also watching you. Or I guess more accurately, your TV is watching what you're watching. Even if you're not using the built-in smart apps, if you're just piping pixels in from an external box, your TV can recognize the movies and shows being displayed. And it's taking meticulous taking notes and selling that data. It's called Automatic Content Recognition and "post-purchase monetization". It's sorta like the Shazam music recognition app, but for TV shows and movies. I'll tell you what you can do to stop it. In other news: a tricky new ransomware campaign is targeting home Windows users; Signal is removing support for SMS text messaging; Toyota user app data was exposed for years; the White House unveiled a new cybersecurity rating system for consumer products; Apple privacy is better than most, but still falls short; a privacy researcher tries and fails to keep her pregnancy secret from marketers; companies in the UK are tailoring real-life billboards using cameras and AI; relief funds were sent to people impacted by Hurricane Ian using AI algorithms; Facebook's new VR headset will mine your facial expressions for marketing; Wired article gives tips for avoiding student surveillance tools. Article Links [ZDNet] This unusual ransomware attack targets home PCs, so beware https://www.zdnet.com/article/this-unusual-ransomware-attack-targets-home-pcs-so-beware/[Signal] Removing SMS support from Signal Android (soon) https://signal.org/blog/sms-removal-android/[BleepingComputer] Toyota discloses data leak after access key exposed on GitHub https://www.bleepingcomputer.com/news/security/toyota-discloses-data-leak-after-access-key-exposed-on-github/[CyberScoop] White House to unveil ambitious cybersecurity labeling effort modeled after Energy Star https://www.cyberscoop.com/white-house-to-unveil-internet-of-things-labeling/[The Atlantic] I Tried to Keep My Pregnancy Secret https://www.theatlantic.com/ideas/archive/2022/10/can-you-hide-your-pregnancy-era-big-data/671692/[The Guardian] Apple says it prioritizes privacy. Experts say gaps remain https://www.theguardian.com/technology/2022/sep/23/apple-user-data-law-enforcement-falling-short[VICE] Companies in the UK Are Mining Users’ Personal Data to Place Billboard Ads https://www.vice.com/en/article/n7zqmb/companies-in-the-uk-are-mining-users-personal-data-to-place-billboard-ads[WIRED UK] Hurricane Ian Destroyed Their Homes. Algorithms Sent Them Money https://www.wired.co.uk/article/hurricane-ian-destroyed-homes-google-algorithms-sent-money[Gizmodo] Meta’s New Headset Will Track Your Eyes for Targeted Ads https://gizmodo.com/meta-quest-pro-vr-headset-track-eyes-ads-facebook-1849654424[WIRED] How to Protect Yourself If Your School Uses Surveillance Tech https://www.wired.com/story/how-to-protect-yourself-school-surveillance-tech-privacy/Tip of the Week: https://firewallsdontstopdragons.com/your-tv-is-watching-you/ Further Info Send me your questions! https://fdsd.me/qna Support me! https://fdsd.me/support Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest Generate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:27: News rundown0:03:40: Sneaky new Windows ransomware targets home users0:07:20: Signal drops support for SMS on Android0:14:53: Toyota leak exposed car app data for 5 years0:18:27: White House cybersecurity product labeling initiative0:21:54: Privacy scholar tries and fails to keep pregnancy secret0:28:28: Apple still had glaring privacy holes0:33:...

We talk a lot about security and privacy on my show, but we don't talk enough about these subjects in relation to students and schools. Schools are tragically underfunded and can't afford to hire cybersecurity experts, let alone privacy experts. Students are minors who lack the legal rights and life experience to push back against horrific privacy invasions brought on by remote learning and in-home test proctoring. The laws in the US are woefully outdated and we too often assume that what is legal is the same as what is right and just. Today, I'll discuss these challenges and ethical dilemmas with Doug Levin. Doug Levin is co-founder and national director of the K12 Security Information eXchange (K12 SIX), a national non-profit dedicated solely to helping schools protect themselves from emerging cybersecurity threats. Interview Links: K12 SIX: https://www.k12six.org/Annual “State of K-12 Cybersecurity Report’: https://www.k12six.org/the-report K-12 Essentials Series: https://www.k12six.org/essentials-series Public event calendar: https://www.k12six.org/events US Department of Education, Privacy Technical Assistance Center: https://studentprivacy.ed.gov/ CISA K-12 Cybersecurity Resources: https://www.cisa.gov/stopransomware/k-12-resources CISA Back to School Campaign: https://www.cisa.gov/r8-virtual-back-school-campaign-2022 US GAO: “Critical Infrastructure Protection: Education Should Take Additional Steps to Help Protect K-12 Schools from Cyber Threats” https://www.gao.gov/products/gao-22-105024 EFF: Student Privacy Resources https://www.eff.org/issues/student-privacy CDT: Student Privacy Resources https://cdt.org/area-of-focus/privacy-data/student-privacy/ EPIC: Student Privacy https://epic.org/issues/data-protection/student-privacy /Algorithmic Justice League: https://www.ajl.org/ The Markup: https://themarkup.org/machine-learning/2022/01/19/help-us-investigate-the-ed-tech-industry Fight for the Future, which e.g., runs this campaign: https://www.baneproctoring.com/ ACLU: https://www.nyclu.org/en/issues/education-policy-center/technology-schools  Further Info Send me your questions! https://fdsd.me/qna Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Donate directly with Monero! https://firewallsdontstopdragons.com/contact/ Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:03:24: Pre-interview definition of terms0:05:07: What is K12SIX about?0:10:52: What are the biggest security threats for schools?0:17:15: What about security threats for teachers and students?0:21:58: What are your top security recommendations for schools?0:30:01: What are the major impediments for schools improving cybersecurity?0:33:20: How can schools systems best share info and help one another?0:37:41: What are the main privacy threats for students?0:46:25: How is student data being used (or abused)?0:48:36: How do AI systems fail when it comes to minority populations?0:51:32: How can students and parents assert their privacy rights?0:56:03: What resources can you recomment for schools and students?0:59:39: Interview wrap-up1:00:40: Not reusing user names and passwords1:02:20: Preview of upcoming shows, promotions