Firewalls Don't Stop Dragons Podcast

Looking for fun gifts that won't also be gifts to hackers and data miners? In today's show, I'll list off the top products and services from my annual Naughty & Nice gifts guide! Every year, I review several popular gifts and give you my recommendations on which ones to buy and which ones to avoid like the plague (or the pandemic?). In other news: Spotify has been hacked and you should change your password; Google is looking to add end-to-end encryption to its new Android RCS messaging system; an important new IoT security bill is waiting for the President's signature; 27.7M Texans' driver's license info has been stolen; the IRS and the US military have been doing an end run around the US Constitution to obtain location information on thousands of people including US citizens without a warrant; Apple lowers its App Store commission to 15% for the vast majority of developers; Apple has responded to the blow back concerning its security validation on macOS Big Sur; and now is the time to download and enable your state's COVID-19 tracing app. Further Info: Best & Worst Gifts for 2020: https://firewallsdontstopdragons.com/best-worst-gifts-2020/ COVID-tracing app story, Washington Post: https://www.washingtonpost.com/technology/2020/11/18/coronavirus-app-exposure-alerts/Setting up a Pi-Hole server: https://www.smarthomebeginner.com/pi-hole-setup-guide/

So, what can we do about these dark patterns? Are there technical solutions to this problem? Or will this require regulations? Or perhaps we just need to train our engineers and consumers better? In part 2 of my interview with Dr. Colin Gray of Purdue University, we talk about some possible solutions to the dark patterns problem, as well as tips and tricks for avoiding them. Colin also shares several interesting resources for further study. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in Educational Technology from University of South Carolina, and a MA in Graphic Design from Savannah College of Art & Design. He has worked as an art director, contract designer, and trainer, and his involvement in design work informs his research on design activity and how design capability is learned. His research focuses on the ways in which the pedagogy and practice of designers informs the development of design ability, particularly in relation to ethics, design knowledge, and professional identity formation. Further Info: Colin’s home page: https://colingray.me Dark Patterns: https://darkpatterns.uxp2.com Dark Patterns (Brignull): https://darkpatterns.org/ Give Thanks: https://firewallsdontstopdragons.com/give-thanks-donate/ Rachel Maddow’s plea: https://www.nbcnews.com/feature/nbc-out/rachel-maddow-says-her-partner-has-covid-19-one-point-n1248375COVID-19 risk assessment tool: https://covid19risk.biosci.gatech.edu/ Facebook’s Social Contagion experiment: https://www.forbes.com/sites/kashmirhill/2014/06/30/facebook-only-got-permission-to-do-research-on-users-after-emotion-manipulation-study/Evil By Design: https://www.amazon.com/Evil-Design-Interaction-Lead-Temptation/dp/1118422147 Design Justice: https://design-justice.pubpub.org/ Data Feminism: https://data-feminism.mitpress.mit.edu/ Michael Sandel’s Justice course: http://justiceharvard.org/justicecourse/

Are you tired of being pestered to allow notifications or access to your location? Do you wonder why you have to give your credit card number in order to sign up for "free" trials? Why weren't you told about the shipping costs until the very last screen in the purchase process? Are you sure that you didn't intend to sign up for all those newsletters? You're not alone, and you're not simply being subjected to clever marketing. You've been the victim of dark patterns: specific, scientifically-proven techniques designed to favor shareholder value over user value. In part 1 of my interview with Dr. Colin Gray, we'll discuss all the ways in which we're being manipulated and why, as mere humans, we're horribly outmatched. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in Educational Technology from University of South Carolina, and a MA in Graphic Design from Savannah College of Art & Design. He has worked as an art director, contract designer, and trainer, and his involvement in design work informs his research on design activity and how design capability is learned. His research focuses on the ways in which the pedagogy and practice of designers informs the development of design ability, particularly in relation to ethics, design knowledge, and professional identity formation. Further Info: Dr. Colin Gray's home page: https://colingray.me Dark Patterns: https://darkpatterns.uxp2.com Dark Patterns (Brignull): https://darkpatterns.org/ Facebook’s Social Contagion experiment: https://www.forbes.com/sites/kashmirhill/2014/06/30/facebook-only-got-permission-to-do-research-on-users-after-emotion-manipulation-study/

Zoom went from an obscure teleconferencing company to a household word when the pandemic hit. Zoom wasn’t the best videoconferencing app by any means. But it was dead simple to use and kinda fun to say. For better or worse, it became the de facto tool for many of us to keep in touch. Over that time, Zoom has made many important improvements. This week it has finally rolled out what appears to be true end-to-end encryption (E2EE). Today I'll tell you how to enable this new feature. In other news: Be sure to update your iPhones to iOS 14.2; also be sure to keep Google Chrome and Windows 10 up to date; Adobe Flash is finally almost gone; police in Jackson, Mississippi are trialing a program to directly tap into people's private security cameras like Ring video doorbells; the NSA and FBI have been burned by the very backdoors they added; and California's Prop 24 passes, beefing up privacy protections for its citizens (and probably for all of us). Further Info (for podcast page) How to enable Zoom end-to-end encryption: https://firewallsdontstopdragons.com/zoom-now-with-actual-privacy/ Best & Worst Gifts from last year: https://firewallsdontstopdragons.com/best-worst-gifts-2019/Please add a nice review on my new book!! https://www.amazon.com/gp/product/1484261887

For better or for worse, the internet today is funded by advertising. While ads can be annoying, the real issue isn't having to watch ads - it's when then ads watch us. AdTech today is premised on invasive personal data collection. Companies like Google and Facebook amass voluminous dossiers on each of us, and sell highly-targeted ads based on our income, gender, age, location, buying habits, personal interests, sexual orientation, and much, much more. But it doesn't have to be that way. And Cloudflare is going to show us how. Today, I'll talk again with the CTO, John Graham-Cumming, about Cloudflare Radar and much more. John Graham-Cumming is a British software engineer and writer best known for starting a successful petition to the Government of the United Kingdom asking for an apology for its persecution of Alan Turing. As of 2020, he serves as Chief Technology Officer (CTO) at Cloudflare. Further Info: Cloudflare Radar: Election 2020 https://radar.cloudflare.com/election-2020Cloudflare 1.1.1.1 DNS and Warp VPN: https://1.1.1.1/ VOTE! https://www.vote.org/

In the second half of my interview with the EFF’s Lindsay Oliver and Jason Kelley, we talk about how these draconian surveillance systems put several students at a distinct disadvantage and how the teacher themselves feel about all of this. How might all of this normalize surveillance for young people? Can the invisible hand of the market resolve some of these issues? What should the policies be around proctoring and the use of these surveillance apps? How can we push back and demand change most effectively? Lindsay Oliver is the Project Manager for EFF’s activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: VOTE! https://www.vote.org/ Cybersecurity & Infrastructure Security Agency tip sheets: https://www.cisa.gov/national-cybersecurity-awareness-month-resources Surveillance Self Defense for students: https://ssd.eff.org/en/module/privacy-studentsElectronic Frontier Alliance: https://supporters.eff.org/join-efa This article has TONS of student privacy resources: https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps

In this time of COVID19, we've all had to learn to work and learn from home. But how do our bosses know we're not screwing around instead of working? How do our teachers know we're not cheating? It turns out that they're both willing to go to extremely intrusive measures to try to figure that out. Home and mobile device surveillance technology is booming thanks to this global pandemic, as we will learn from talking to the EFF's Lindsay Oliver and Jason Kelley. They have been investigating the serious impacts these products and services are having on our privacy and overall fairness for students and employees. Lindsay Oliver is the Project Manager for EFF's activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: Surveillance Self Defense for students: https://ssd.eff.org/en/module/privacy-studentsElectronic Frontier Alliance: https://supporters.eff.org/join-efa This article has TONS of student privacy resources: https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps National Cybersecurity Awareness Month: https://www.cisa.gov/national-cybersecurity-awareness-month-resources

October is National Cybersecurity Awareness Month! The theme this year is: if you connect it, protect it! And given how popular IoT devices are these days, and also how horrid their security usually is, this advice has never been more important. In today's show, I'll walk through some top cyber tips for protecting your devices and your home network. And there's a TON of news, as well: I'll update you on the "App Fairness" campaign from Epic, Protonmail, Spotify and others; watch out for fake Android messaging apps made to look like Threema or Telegram; Google's Chrome browser gets slammed for its poor privacy protections; Google is now giving out lists of people who searched on particular terms to law enforcement; Amazon is adding some new privacy options to their Alexa products, while also introducing a super-creepy home spy drone; should you let your insurance company track you? (spoiler: no); and Apple's T2 chip is found to have a severe, unfixable security flaw. Further Info: Cybersecurity & Infrastructure Security Agency (CISA) tip sheets: https://www.cisa.gov/publication/national-cybersecurity-awareness-month-publications Get 20% off my new book at Apress using code Dragons2020. https://www.apress.com/us/book/9781484261880 Google Chrome: the Anti-Privacy Browser: https://theprivacy.com/2020/09/14/google-chrome-the-anti-privacy-browser/?hss_channel=tw-976856456740864004 Coalition for App Fairness’s 10 principles examined: https://appleinsider.com/articles/20/10/05/breaking-down-the-coalition-for-app-fairness-issues-with-apple

What do Apple, Tyson Foods and Worldwide Wrestling (WWE) all have in common? And what is "chickenization"? In part 2 of my interview with Cory Doctorow, he explains how some markets in the US economy are completely distorted by dominant sellers as well as dominant buyers. Seeing all of these specific markets as facets of a single economic problem, we can find common cause and perhaps a common solution. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles. Further Info: Buy Attack Surface: https://us.macmillan.com/books/9781250757531 Back Attack Surface audio book: https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-bookBuy Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Watch The Social Dilemma!: https://www.netflix.com/title/81254224 Donate to EFF: https://supporters.eff.org/donate/join-4 Be very wary of disinformation right now: https://firewallsdontstopdragons.com/fake-news-be-highly-wary-right-now/VOTE!! https://www.vote.org/

Apple and Epic Games are locked in an epic legal (and PR) battle that may determine the future of the App Store, the Google Play Store, and several other game distribution networks. At the heart of this debate is the disproportionate influence the app store owner has over the apps in their store, including demanding a hefty cut of the app maker's profits. How did we get to this place? How does this distort the market for software? When did "contempt of business model" become a felony? Today I'll discuss this and more with EFF's Cory Doctorow. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles. Further Info: Buy Attack Surface: https://us.macmillan.com/books/9781250757531 Back Attack Surface audio book: https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-bookEnter to win a free copy of my book: https://bit.ly/firewalls4 Buy Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887 Watch The Social Dilemma!: https://www.netflix.com/title/81254224 Donate to EFF: https://supporters.eff.org/donate/join-4 VOTE!! https://www.vote.org/