Firewalls Don't Stop Dragons Podcast

I wrap up my de-Google project this week with two biggies: Google Drive and Google Docs. I decided to reduce my Google data footprint as one of my 2022 New Year's resolutions, so I've done a ton of research to replace all the major Google services with privacy-respecting alternatives. My hope is that you can use this information to reduce your own Google data exposure (and help your friends and family, while you're at it). In other news: UK police arrested seven people that may be tied to the Lapsus$ hacking group; the FCC has flagged Kaspersky software as a risk to national security; a very tricky new phishing technique tricks you into giving up your Facebook, Apple and Google credentials; an open-source software developer makes the dubious decision to target Russian users with "protestware"; the US passes a much-needed cybersecurity regulation (that takes way too long to come into effect); the Russia-based Yandex search engine is harvesting user details from many people, even those not using its search engine; app developers and cloud service providers are leaving your data lying around for anyone to find; and Google is testing its new tracking platform called Topics, which they will use to eventually replace third party cookies. Article Links UK police arrest 7 hacking suspects – have they bust the LAPSUS$ gang? https://nakedsecurity.sophos.com/2022/03/25/uk-police-arrest-7-hacking-suspects-have-they-bust-the-lapsus-gang/ FCC flags Russian cybersecurity firm Kaspersky as risk to national security https://mashable.com/article/fcc-bans-kaspersky-antivirus  This 'browser in browser' attack will steal your passwords — here's how to avoid it https://www.tomsguide.com/news/bitb-phishing-attackDeveloper Sabotages Open-Source Software Package https://www.schneier.com/blog/archives/2022/03/developer-sabotages-open-source-software-package.htmlUS Passes "Game-Changing" Cyber Incident Reporting Legislation https://www.infosecurity-magazine.com/news/us-cyber-incident-reporting/ Yandex is sending data harvested from millions of iOS users to Russia https://9to5mac.com/2022/03/29/yandex-is-sending-data-from-ios-users/ Your personal data is exposed to hackers — alarming report reveals mobile apps are not protecting your info https://www.laptopmag.com/news/your-personal-data-is-exposed-to-hackers-alarming-report-reveals-mobile-apps-are-not-protecting-your-info Chrome’s “Topics” advertising system is here, whether you want it or not https://arstechnica.com/gadgets/2022/03/googles-topics-advertising-system-starts-rolling-out-to-chrome-canary/ De-Google My Life, Part 4: https://firewallsdontstopdragons.com/de-google-my-life-part-4  Further Info Crypotmator: https://cryptomator.org/Sync.com: https://www.sync.com/ ONLYOFFICE: https://www.onlyoffice.com/ NextCloud: https://nextcloud.com/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker

Today I'm speaking with a fellow privacy evangelist: Henry from Techlore. Like me, Henry and his team are on a mission to teach regular, everyday people how to secure their data and improve their privacy. Henry and I have a frank discussion about the importance of privacy today and the struggles we have when deciding which privacy-oriented products to recommend. First of all, everyone's privacy "threat model" is different. Second, many people still don't understand the true impacts of privacy failures - to themselves and to society in general. Privacy isn't just a "me" thing - it's also very much a "we" thing. And if all of that weren't enough, privacy advocates argue constantly (and often heatedly) about the proper litmus tests to use when evaluating privacy-oriented products. Today, Henry and I will discuss what frustrates us and what gives us hope in the highly nuanced realm of privacy. Further Info Podcast 5th Anniversary Giveaway! https://firewallsdontstopdragons.com/5th-anniversary-giveaway/ Techlore: https://techlore.tech/ Support Techlore! https://www.patreon.com/techlore Simple Login: https://simplelogin.io/MySudo: https://mysudo.com/ Privacy.com: https://privacy.com/ Malwarebytes Lock & Code podcast: https://blog.malwarebytes.com/category/podcast/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

One of my New Year's resolutions for 2022 is to reduce my Google footprint - to try to de-Google my life as best I can - and hopefully inspire you to do the same. In today's show, I'll talk about replacing Google's many communications apps (Meet, Hangouts, Chat, Talk), Google Authenticator (the Kleenex of 2FA apps), Google Maps and Waze, and YouTube. In security and privacy news: ISPs in the UK are complaining about Apple's Private Relay feature; the Federal Trade Commission has a new weapon to fight algorithmic data mining; if someone tricks you into sending them money via Zelle, your bank probably won't give it back; Russia has issued a state-sponsored "trusted root CA" that could undermine privacy in Russia for a decade; the EFF weighs in on attempts to cut off Russia (and its citizens) from the internet; DuckDuckGo took a controversial step to down-rate Russian mis/disinformation in its search results; Google is mining info from receipts and invoices in your email; and Google is also mining data from your dialer and messaging apps on Android. Article Links UK Network Operators Target iCloud Private Relay in Complaint to Regulator https://www.macrumors.com/2022/03/13/uk-network-operators-target-icloud-private-relay/ The FTC’s new enforcement weapon spells death for algorithms https://www.protocol.com/policy/ftc-algorithm-destroy-data-privacy Fraud is flourishing on Zelle. The banks say it’s not their problem. https://www.seattletimes.com/business/fraud-is-flourishing-on-zelle-the-banks-say-its-not-their-problem/ You Should Not Trust Russia’s New “Trusted Root CA” https://www.eff.org/deeplinks/2022/03/you-should-not-trust-russias-new-trusted-root-ca Wartime Is a Bad Time To Mess With the Internet https://www.eff.org/deeplinks/2022/03/wartime-bad-time-mess-internet DuckDuckGo down-ranks sites spreading Russian propaganda https://www.bleepingcomputer.com/news/technology/duckduckgo-down-ranks-sites-spreading-russian-propaganda/ Gmail tracking: Google keeps records of everything you buy. Here is how to delete this information. https://tutanota.com/blog/posts/gmail-tracks-everything-you-buy/ Google to make changes to apps after TCD study finds privacy issues https://www.irishtimes.com/business/technology/google-to-make-changes-to-apps-after-tcd-study-finds-privacy-issues-1.4826225 De-Google My Life, Part 3: https://firewallsdontstopdragons.com/de-google-my-life-part-3/ Further Info Podcast 5th Anniversary Giveaway! https://firewallsdontstopdragons.com/5th-anniversary-giveaway/ My Lock & Code podcast interview: https://blog.malwarebytes.com/podcast/2022/03/de-googling-carey-parkers-and-your-life-lock-and-code-s03e06/ Data Privacy for Cars: https://podcast.firewallsdontstopdragons.com/2021/09/13/driving-data-privacy-for-cars/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

We didn't use to think too much about physical computer security because most computers were safely stored in our homes or businesses. But many people today use laptops which can be lost or stolen while traveling or toting them back and forth to work. Having physical access to a computer makes it much easier for bad guys to hack into them and steal our data. By "sniffing" the data signals on the wires in computer motherboards, bad guys can actually pull out security keys that would allow them to bypass encrypted hard drives and account authentication. To combat this, Microsoft's Pluton project makes this data exfiltration much, much harder by embedding the security circuitry directly into the CPU chip where the "wires" are microscopic and embedded in plastic casings. Tony Chen is a software engineer and security architect in the Microsoft core operating systems team. He's was the development lead responsible for Xbox One security that worked with the hardware team and AMD to successfully launch the Xbox One console in 2013 which has not been hacked for piracy or cheating for over 5 years. Further Info MIcrosoft's Pluton project: https://www.microsoft.com/security/blog/2020/11/17/meet-the-microsoft-pluton-processor-the-security-chip-designed-for-the-future-of-windows-pcs/ Podcast 5th Anniversary Giveaway! https://firewallsdontstopdragons.com/5th-anniversary-giveaway/Malwarebytes Lock & Code podcast: https://blog.malwarebytes.com/category/podcast/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

As my de-Google project progresses, I realized that I skipped the most important step: reconnaissance. Before you can de-Google your life, you need to first make a list of the Google products and services you interact with - and not all of them have "Google" in their names. Google also owns YouTube, Waze, Nest, Fitbit, Chromebooks, and much more. Furthermore, you need to know and understand what information Google already knows about you. And while you're doing that, you should delete all the existing data and prevent further collection. Thankfully, Google provides several tools to help you do this (most likely due to regulations like GDPR and CCPA). I'll help you create your personal de-Google to-do list. In other news: today I'm launching a massive giveaway promotion to celebrate the 5th anniversary of the podcast!! Also, 100 million Samsung phones shipped with horrible security flaws; Nvidia hackers are pressuring the company to turn off cryptocurrency mining limitations; the (Russian) Conti and TrickBot ransomware operations have been hacked; details of 120,000 Russian soldiers in Ukraine have been leaked (on purpose); the US Senate has passed landmark cybersecurity legislation in light of the rising cyber warfare threat; and the ACLU has published a sobering report about a mass surveillance company called Flock (no relation to Google's FLoC). Article Links 100 Million Samsung Phones Shipped With Flawed Encryption https://www.cpomagazine.com/cyber-security/100-million-samsung-phones-shipped-with-flawed-encryption-galaxy-s8-to-s21-series-cryptographic-keys-trivial-to-expose/ Nvidia Hackers Threaten to Release Mining-Limiter Killer https://www.tomshardware.com/news/nvidia-hackers-threaten-to-release-lhr-performance-limiter Conti Ransomware source code leaked by Ukrainian researcher https://www.bleepingcomputer.com/news/security/conti-ransomware-source-code-leaked-by-ukrainian-researcher/ Details of '120,000 Russian soldiers' leaked by Ukrainian media https://www.theregister.com/2022/03/02/russian_soldier_leaks/ Senate passes cybersecurity act forcing orgs to report cyberattacks, ransom payments https://www.zdnet.com/article/senate-passes-cybersecurity-act-forcing-critical-infrastructure-orgs-to-report-cyberattacks-ransom-payments/ Fast-Growing Company Flock is Building a New AI-Driven Mass-Surveillance System https://www.aclu.org/report/fast-growing-company-flock-building-new-ai-driven-mass-surveillance-system My De-Google Strategy: https://firewallsdontstopdragons.com/my-de-google-strategy/ Lawrence Lessig’s article: https://medium.lessig.org/crowdsourced-war-b5774c0ca7b5  Further Info 5th Anniversary Giveaway!! Details will be posted this week on my blog - keep your eye out on my main website! https://firewallsdontstopdragons.com/ Check out Techlore: https://techlore.tech/ Conti Ransomware report from Krebs On Security: https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion/ https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office/ https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry/ Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

Your cell phone is a super computer and phenomenally powerful tracking device. Even George Orwell wouldn't have dreamed that telescreens would be pocket sized and that citizens would willingly carry them 24/7. That one device knows all about you and has access to your most personal and critical information, including contacts, emails, social media, financial accounts, medical information, and much more. Furthermore, these devices are often used to secure our accounts through two-factor authentication. Stealing or cloning someone's mobile phone can have dire consequences. Therefore, it's crucial that we protect it. Today, I'll speak with Habeeb Awan whose company Efani is dedicated to providing secure phones and cell service to its VIP clientele, and we'll get his insights into the security risks and mitigation techniques of the mobile world. Haseeb Awan built one of the first and largest bitcoin ATMs - Bitaccess - which has 8000+ locations in 15 countries. He is also the CEO of Efani, America's most secure and private cell phone service, which protects people against SIM Swaps, eavesdropping, and location tracking. Further Info Efani: https://www.efani.com/ My Startpage interview: https://www.startpage.com/privacy-please/privacy-advocate-articles/privacy-in-action-carey-parker-author-and-podcast-hostSubscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

One of my big goals for 2022 was to minimize my Google footprint. In the last news show, I covered Google Search, Chrome and Android. In today's show, I'll tackle two other big ones: Google's email (Gmail) and calendar (Gcal) services (and Google's contacts, for good measure). I actually replaced Gmail with two different services, because they each address two different needs I have. In others news: Microsoft finally disables Word and Excel macros by default for any file downloaded from the internet; the IRS backs off it's requirement for using facial recognition to authenticate to the IRS website; Missouri's prosecutor declines to prosecute the reporter who pointed out a state website which gave away social security numbers for some state employees; Kashmir Hill compares the relative privacy and tracking capabilities of AirTags, Tile and a cheap GPS tracker; two US senators are decrying a newly declassified report of a CIA program that surveils American citizens in bulk; a remote test proctoring company sinks to new lows; hundreds of Android apps were found to be tracking you using ultrasonic signals; and Google will be implementing a new privacy feature in Android that it claims is just as private as Apple's App Tracking Transparency, but will somehow preserve the ad-based web economy. Article Links Microsoft's Small Step to Disable Macros Is a Huge Win for Security https://www.wired.com/story/microsoft-disables-macros-default-security-phishing/ IRS To Ditch Biometric Requirement for Online Access https://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/ Missouri prosecutor won't press charges against reporter who found flaw in state website https://www.kcur.org/politics-elections-and-government/2022-02-14/missouri-prosecutor-wont-press-charges-against-reporter-who-found-flaw-in-state-website New test shows AirTag’s safety precautions are far better than Tile, other GPS trackers https://9to5mac.com/2022/02/11/airtag-safety-vs-tile/ T2 Mac security vulnerability means passwords can now be cracked https://9to5mac.com/2022/02/17/t2-mac-security-vulnerability-passware/ Senators say CIA has been collecting data in bulk in secret program https://thehill.com/homenews/administration/593833-senators-say-cia-has-been-collecting-american-data-in-bulk-in-secret A Network of Fake Test Answer Sites Is Trying to Incriminate Students https://themarkup.org/machine-learning/2022/02/15/a-network-of-fake-test-answer-sites-is-trying-to-incriminate-students Hundreds of apps spying on users with ultrasonic tracking technology https://www.komando.com/gadgets/hundreds-of-apps-spying-on-users-with-ultrasonic-tracking-technology/402030/ Google's New Plan for Android Privacy Doesn't Sound All That Private https://gizmodo.com/google-android-privacy-sandbox-apple-ios-meta-1848547922?rev=1645048008531 De-Google My LIfe (part 2): https://firewallsdontstopdragons.com/de-google-my-life-part-2/  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

You may not know it, but our world has already been basically taken over by free and open source software, or FOSS - specifically, the Linux operating system. Just about every single electronic appliance or device today, from your smartphone to your smart toaster, is running some flavor of the Linux operating system. Furthermore, open source software projects are the bedrock of many for-profit software applications, operating systems, mobile apps and web apps. It's everywhere, and yet you probably know very little about it. Today, Sean O'Brien will give us a little FOSS history lesson, explain why supporting this movement is so important, and even tell us how we might replace some pricey and user-hostile popular software with top-notch free and open alternatives. Sean O’Brien is a lecturer in Cybersecurity at Yale Law School and Chief Security Officer at Panquake.com  He is a Visiting Fellow at the Information Society Project at Yale Law School, where he founded and leads the Privacy Lab initiative.  He has been involved in Free and Open-Source Software (FOSS) for approximately two decades, including volunteer work for the Free Software Foundation and FreedomBox Foundation. Show Links Panquake: https://panquake.com/ Yale Privacy Lab: https://privacylab.yale.edu/ It’s FOSS website: https://itsfoss.com/ Free Software Foundation: https://www.fsf.org/ Intro to Linux classes: https://itsfoss.com/free-linux-training-courses/ Windows Subsystem for Linux: https://docs.microsoft.com/en-us/windows/wsl/about System 76: https://system76.com/Purism: https://puri.sm/ Lineage OS: https://lineageos.org/Graphene OS: https://grapheneos.org/ Calyx OS: https://calyxos.org/ F-Droid: https://f-droid.org/ LibreOffice: https://www.libreoffice.org/ VLC Media Player: https://www.videolan.org/vlc/ Audacity audio editor: https://www.audacityteam.org/GIMP photo editor: https://www.gimp.org/ Inkscape illustrator: https://inkscape.org/ CryptPad: https://cryptpad.fr/  Further Info Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

One of my New Year's Resolutions for 2022 is to minimize my Google footprint. In reality, it's very difficulty to completely avoid Google products, if you include things like Google Analytics, Google's cloud computing, and other services that we may not directly choose. But thankfully, there are many excellent, privacy-respecting alternatives to Google's more well-known products and services. In today's show, I'll start with some of the most basic ones: Google Search, Google Chrome browser, and Android. In other news: Google beats Apple to offering a way to disable insecure 2G cellular connections; people are selling "silent" AirTags that won't beep to let you know they're near (which could be better for stalking people); Facebook reported its first ever loss in subscribers along with a $10 billion loss due to people opting out of ad tracking; privacy advocates scored a huge win in the European Union against advertisers collecting and sharing your data; the IRS may be rethinking its coming requirement for facial recognition-based authentication after pushback; the FBI admits to evaluating NSO Group's nasty Pegasus cell phone spyware; Kaspersky finds several serious vulnerabilities in wearable medical devices; and Google has abandoned its FLoC web tracking system for a much more privacy-respecting version called Topics. Article Links EFF praises Android’s new 2G kill switch, wants Apple to follow suit https://arstechnica.com/gadgets/2022/01/eff-praises-androids-new-2g-kill-switch-wants-apple-to-follow-suit/Sale of 'Silent AirTags' on eBay and Etsy Raises Privacy Concerns https://www.macrumors.com/2022/02/03/silent-airtags-privacy-concerns/Facebook lost daily users for the first time ever last quarter https://www.theverge.com/2022/2/2/22914970/facebook-app-loses-daily-users-first-time-earnings A Change by Apple Is Tormenting Internet Companies, Especially Meta https://www.nytimes.com/2022/02/03/technology/apple-privacy-changes-meta.html Regulators find Europe’s ad-tech industry acted unlawfully https://www.engadget.com/european-union-gdpr-ad-tech-unlawful-iccl-iab-europe-125735068.htmlTreasury Weighing Alternatives to ID.me Over Privacy Concerns https://www.bloomberg.com/news/articles/2022-01-28/treasury-weighing-id-me-alternatives-over-privacy-concerns FBI acknowledges it tested NSO Group’s spyware https://www.washingtonpost.com/technology/2022/02/02/pegasus-fbi-nso-test/ Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft https://threatpost.com/unpatched-security-bugs-medical-wearables-patient-tracking-data-theft/178150/ Google abandons FLoC, introduces Topics API to replace tracking cookies https://www.theverge.com/2022/1/25/22900567/google-floc-abandon-topics-api-cookies-tracking De-Google My Life, Part 1: https://firewallsdontstopdragons.com/de-google-my-life-part-1/Apple’s new Personal Safety User Guide: https://support.apple.com/guide/personal-safety/welcome/web  Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/

We tell our search engines a lot of very personal things. They arguably know more about us than our best friends and significant others do. A history of your search terms can reveal so much about you, especially when viewed over the course of days, months and even years. And unfortunately, companies like Google use this privileged position to better target us with advertisements. This may seem innocuous, today's guest, Kelly Finnerty, will explain how this data collection can lead to some truly creepy outcomes and even emotional harm. But it doesn't have to be that way. There are search engines and other tools that don't track your history and sell you out. And there is hope for a brighter, privacy-respecting future. Kelly Finnerty is the director of brand for Startpage, a global privacy technology company that provides search and browsing products that protect people's personal data. Kelly is a #techforgood advocate that believes privacy is a worldwide human right. Episode Links Startpage browser extension: https://add.startpage.com/protection/ What does your search engine know about you? https://www.startpage.com/privacy-please/startpage-articles/what-does-your-search-engine-know-about-you Startpage data flow: https://support.startpage.com/index.php?/en/Knowledgebase/Article/View/1276/0/how-startpage-processes-and-protects-your-dataInterview with System1 CEO: https://thinkprivacy.ch/system1-interview/ Terms of Service; Didn’t Read: https://tosdr.org/ EFF’s Surveillance Self Defense: https://ssd.eff.org/  Further Info Annual listener survey: https://bit.ly/Firewalls-survey-2022Carey’s 2022 Privacy Blog: https://firewallsdontstopdragons.com/data-privacy-week-2022/ Carey’s Privacy Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/ Data Privacy Week: https://staysafeonline.org/data-privacy-week/Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-SpeakerGenerate secure passphrases! https://d20key.com/#/