Firewalls Don't Stop Dragons Podcast

Convincing a human to hire you is hard enough. Can you imagine trying to convince a computer? Artificial intelligence is now being used to automate the screening of job candidates, evaluating cognitive ability, vocabulary, and even emotional intelligence. This new “hiretech” promises to weed out the bad applicants and flag the good ones by analyzing not just the substance of answers to interview questions, but also the manor in which you respond – your cadence, your word choices, your tone, your speech patterns, and perhaps even your facial expressions and body language. What could possibly go wrong? We’ll discuss this and more today with John Davisson from the Electronic Privacy Information Center. John Davisson is Senior Counsel at EPIC. John works on a variety of appellate litigation and Freedom of Information Act cases. John first came to EPIC in 2015 as a clerk in the Internet Public Interest Opportunities Program. He has previously clerked at Levine Sullivan Koch & Schulz, served as a student attorney in the Civil Rights Section of Georgetown’s Institute for Public Representation, and interned at the Appignani Humanist Legal Center. John is a 2016 magna cum laude graduate of Georgetown University Law Center, where he was managing editor of the Georgetown Journal on Poverty Law & Policy, a Georgetown Law Fellow, and an NGO observer to the 9/11 military commission at Naval Station Guantanamo Bay. He worked as a journalist before entering the law and earned his B.A. at Columbia University. John is a member of the New York and District of Columbia bars. Further Info: Electronic Privacy Information Center: https://epic.org/  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Weapons of Math Destruction: https://www.amazon.com/Weapons-Math-Destruction-Increases-Inequality/dp/0553418815

Ep210. I’ve recommended LastPass for years – since I wrote my book and every day since. Until now. There are several good (secure and private) password managers out there. But LastPass was the full package: a free tier that had all the functionality most people need and for-pay tiers that had very useful extras. But now they’re hobbling the free version by only allowing you to use it on one type of device: either a mobile device or a computer, but not both. To me, that makes the free tier useless. LastPass’s Android app was also found to contain seven different trackers. That was the last straw for me. In today’s episode, I’ll tell you my new recommendations and give you an important tip on making the switch. In other news: a new law in Australia aims to force Google and Facebook to pay for news links; SolarWinds is blaming an intern for using a horrible password; SMS tax scams are picking up; Alexa Skills have serious privacy and security issues; adtech companies are scrambling to avoid telling you that you’re being tracked on iOS; cops use copyright filters to prevent being recorded; a new company is creating a nationwide surveillance system; pharmacies are capitalizing on the COVID vaccine to get your data for marketing; Firefox 86 has a killer new system to prevent third party cookie tracking; however, adtech is exploiting a loophole in DNS to turn third party cookies into first party cookies. Further Info: Switching to Bitwarden: https://firewallsdontstopdragons.com/?p=2447 Chat with me on Discord and get exclusive content! https://www.patreon.com/FirewallsDontStopDragons SMS tax scam unmasked: Bogus but believable – don’t fall for it! https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/ Alexa Skills: Security gaps and data protection problems https://www.helpnetsecurity.com/2021/03/02/alexa-skills-security/ Ongoing & enormous Microsoft Exchange server hack hits 30,000 US groups https://appleinsider.com/articles/21/03/06/microsoft-exchange-server-hack-affects-over-30000-us-organizations Post-IDFA Alliance will address concerns of mobile app and game marketers https://venturebeat.com/2021/02/17/post-idfa-alliance-will-address-concerns-of-mobile-app-and-game-marketers/ Judge approves $650m settlement of privacy lawsuit against Facebook https://www.theguardian.com/technology/2021/feb/27/facebook-illinois-privacy-lawsuit-settlement Cops Using Music to Try to Stop Being Filmed Is Just the Tip of the Iceberg https://www.eff.org/deeplinks/2021/02/cops-using-music-try-stop-being-filmed-just-tip-iceberg Inside ‘TALON,’ the Nationwide Network of AI-Enabled Surveillance Cameras https://www.vice.com/en/article/bvx4bq/talon-flock-safety-cameras-police-license-plate-reader You got a vaccine. Walgreens got your data. (Recode) https://www.vox.com/recode/22310281/covid-vaccine-walgreens-cvs-rite-aid-walmart-data Firefox’s Total Cookie Protection aims to stop tracking between multiple sites https://www.engadget.com/firefox-total-cookie-protection-stop-tracking-websites-140044979.html Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique https://thehackernews.com/2021/02/online-trackers-increasingly-switching.html Changes to LastPass Free https://blog.lastpass.com/2021/02/changes-to-lastpass-free/ Security researcher raises questions about trackers in LastPass Android app https://appleinsider.com/articles/21/02/26/security-raises-questions-about-trackers-in-lastpass-android-app

In the second half of my interview with the Tech Learning Collective, we delve into their course curriculum a bit, and then discuss why they teach what they teach and how they approach these topics in a unique and meaningful way. We also examine the notion of “ethical hacking” and how this term can be used to whitewash some truly unethical and immoral products and services. Finally, we discuss why it’s important to know how to perform cyber attacks in order to properly defend against them. These classes are truly like nothing else you’ll find online. Check out one of their workshops for yourself (and support their important work in the process)! Technology, taught collectively. Looking to get certified? Look elsewhere. Looking to spark a revolution? We’ll show you how to become more powerful than the most well-funded adversaries, including corporate- and government-backed opponents. Further Info Tech Learning Collective: https://techlearningcollective.com/  Support me on Patreon! https://www.patreon.com/FirewallsDontStopDragons The Privacy Issue’s Essential Privacy Podcasts: https://theprivacyissue.com/privacy-and-society/download-privacy-security-podcasts Transcript: https://techlearningcollective.com/2021/04/06/firewalls-dont-stop-dragons-interviews-tech-learning-collective-part-2.html

I first learned of the Tech Learning Collective at a privacy conference in late 2020. I struck up a conversation with one of its representatives and ended up taking one of their wonderful workshops in January. The TLC offers some top-notch courses on computers with a focus on cybersecurity. Unlike college courses or cybersecurity certification courses, TLC offers eminently practical and affordable content, focused squarely on doing. It’s like the difference between taking a karate class to earn colored belts and taking a personal self defense class to actually protect yourself. But it’s also much more than that, and hard to describe. You’ll have to listen to this interview to truly understand! From their website… Technology, taught collectively. Looking to get certified? Look elsewhere. Looking to spark a revolution? We’ll show you how to become more powerful than the most well-funded adversaries, including corporate- and government-backed opponents. Further Info Tech Learning Collective: https://techlearningcollective.com/  The Privacy Issue’s Essential Privacy Podcasts: https://theprivacyissue.com/privacy-and-society/download-privacy-security-podcasts Transcript: https://techlearningcollective.com/2021/04/06/firewalls-dont-stop-dragons-interviews-tech-learning-collective-part-1.html

Ep207. Clearview AI – the company that has hoovered up every face it can find on the internet to create a creepy person identifying app – is back in the news. Canada and the EU have decided that Clearview has gone too far and needs to allow its users to opt out and even delete all the data they have, upon request. It’s a welcome development, but unfortunately only available to California residents in the US (plus Canada and the EU). I’ll tell you how to delete your data. In other news: Google uncovers a killer security feature in iOS 14 called BlastDoor; Amazon is expanding its “surveillance empire” in a massive and creepy way; someone “hacked” a water treatment plant in Florida trying (and failing) to poison its citizens; a bad bug has been found in a popular Wi-Fi iOT chip; a new phishing attack uses Morse code to hide its malicious web links; Facebook’s “Supreme Court” has rendered its first set of rulings; and Clubhouse, the latest social media craze, is using some intrusive techniques to find more members. Also, I’ve got several tips for tax time in the US, including avoiding scams and safely transferring your financial data. Further Info Opt out of Clearview AI and delete your data: https://clearview.ai/privacy/requests  Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time-again/  Send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/ Get your IRS IP PIN: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin

Episode 206. The social media events around the January 6th storming of the US Capitol have sparked raging, divisive debates in the US. But the banning of individuals and the deplatforming of apps and groups are not new phenomenons. The Right of Free Speech that is enshrined in the First Amendment to the US Constitution is not limitless. It does have legal boundaries. And private companies, even monopolies, have the legal right to control access to their platforms. But does that make it right? Today, I will wade into this decidedly thorny issue with Troy Hunt, who brings a plethora of global technology and security experience to the debate. Troy Hunt is an Australian Microsoft Regional Director and a Most Valuable Professional awardee for Developer Security. He’s a blogger, international speaker and author of several online courses, and he runs the very valuable internet security service HaveIBeenPwned. Further Info Troy Hunt’s blog on deplatforming: https://www.troyhunt.com/weekly-update-226/  EFF’s take: https://www.eff.org/deeplinks/2019/05/censorship-cant-be-only-answer-disinformation-online Legal limits of free speech: https://en.wikipedia.org/wiki/United_States_free_speech_exceptions  Listener survey: https://bit.ly/Firewalls-survey-2021  Patron survey: http://bit.ly/Firewalls-patron-survey-2021

Tracking and data mining has gotten way out of hand. We’re not only being tracked online, we’re now being tracked around the real world, too. We’re truly living in a panopticon – and it’s not good for us as individuals or as a democratic society. Today I’ll cover several stories that make it clear that we’ve hit a tipping point. It has to stop. And it’s going to require all of us putting pressure on our representatives to lay down some common sense rules to curb surveillance capitalism. In today’s news: One week left to send in your podcast listener survey; update all your iOS devices ASAP; Apple walks back a controversial OS change that would have allowed some Apple apps to bypass firewalls and VPNs; Microsoft is touting a new Edge browser feature that notifies you when your passwords have been breached; an innocuous-looking police robot is actually paving the way towards chilling mass surveillance; another US intelligence agency has been caught buying the location data of US citizens from data brokers; Apple’s efforts at improving user privacy are ruffling more feathers at Google and Facebook. Further Info New Years Resolution ideas for 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/ Data Privacy Day checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/  Listener survey: https://bit.ly/Firewalls-survey-2021  Patron survey: http://bit.ly/Firewalls-patron-survey-2021

We all love to beat up on Facebook over user privacy, but the real granddaddy of them all is Google. Google is everywhere. And they almost surely know way more about you than any other company on the planet. In addition to all the “G” apps and services that you know about, Google also owns Android, Chrome browser, Waze, Nest and YouTube. It’s extremely hard to avoid using Google. But there are alternatives that will respect your privacy – and today I’ll give you a long list of viable options. And with international Data Privacy Day happening this week (Jan 28th), it’s a great time to take back control of your data. In other news: Some malicious Chrome extensions have been scraping Facebook data, a man working for ADT has been caught spying on women using the security cameras he helped to install, Google seems to be dragging their heels on updating their iOS app privacy labels, Malwarebytes says they’ve been hacked by the same group behind the SolarWinds hacks, WhatsApp has upset many of their users with a new privacy ultimatum, and I’ll delve into the national security implications of the recent US Capitol breach. Further Info Listener survey: https://bit.ly/Firewalls-survey-2021  Patron survey: http://bit.ly/Firewalls-patron-survey-2021  My Data Privacy Day Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/  Google Alternatives: https://restoreprivacy.com/google-alternatives/ Restore Privacy tools: https://restoreprivacy.com/privacy-tools/   No More Google: https://nomoregoogle.com/  Just Get My Data: https://justgetmydata.com/ Just Delete Me: https://justdeleteme.xyz/

So I want to switch to a new, privacy-respecting email service. How do I even do that? What happens to all the email I have now? What about my calendar and contacts? Am I going to have to change my email address every time I change email providers? In part 2 of my interview with Fastmail’s COO Helen Horstmann-Allen, we’ll answer these questions and also address the thorny issue of privileged access by law enforcement. Helen Horstmann-Allen is the Chief Operating Officer at Fastmail where she provides overall business strategy and product direction for Fastmail and its suite of products. Before Fastmail, she ran her company, Pobox, an email forwarding service, for 20 years before Fastmail acquired it in 2015. Helen graduated from the Wharton School of Business and currently serves on several nonprofit boards in the Philadelphia area. Further Info 2021 Listener Survey: http://bit.ly/Firewalls-survey-2021 New Year’s Resolutions 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/  No More Google: https://nomoregoogle.com/ Sign up for Fastmail (referral link): https://ref.fm/u18721448 

What could I learn about you if I read all your emails? Like, all of them. Since you started sending email. Beyond private conversations, I would also likely know every web site you have a relationship or account with, every online purchase you’ve made, every club or organization you’ve been a part of, and all the appointments you’ve made. I can also make a pretty comprehensive list of everyone you know. And that’s just the tip of the iceberg. If I analyze the content of your emails, I could almost certainly determine your political leanings, sexual preferences, religion, income, location(s), and more. So why don’t we put more thought into choosing our email provider? In part one of my interview with Fastmail’s COO, Helen Horstmann-Allen, we’ll discuss how email privacy really works and why it’s so crucially important. Helen Horstmann-Allen is the Chief Operating Officer at FastMail where she provides overall business strategy and product direction for Fastmail and its suite of products. Before Fastmail, she ran her company, Pobox, an email forwarding service, for 20 years before Fastmail acquired it in 2015. Helen graduated from the Wharton School of Business and currently serves on several nonprofit boards in the Philadelphia area. Further Info CONTEST LINK!! http://bit.ly/Firewalls-200  New Year’s Resolutions 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/  No More Google: https://nomoregoogle.com/ Sign up for Fastmail (referral link): https://ref.fm/u18721448  Arnold’s take: https://www.youtube.com/watch?v=mz3zFsTp2Pk