Firewalls Don't Stop Dragons Podcast

The Russian SVR has had backdoor access to hundreds if not thousands of government and corporate networks for nearly nine months. And if not for private security firm FireEye, we might never have known. The SolarWinds supply chain hack may be the biggest, most consequential cybersecurity event ever. And it will literally be years before we understand the full impacts. However, from what we know so far, this was not an “attack” or “act of war” … it was straight-up espionage, which is widely accepted as normal during peacetime. The US does this all the time, as do all modern nations. And yet, espionage and infiltration are the first steps in any actual attack. It’s a fine line. We’ll discuss it today. In other news: Adobe Flash is finally dead – it’s time to remove it; Facebook is being sued by almost all 50 states and the Federal Trade Commission; butt-flap pajamas flooded internet ads; GoDaddy plays a cruel Christmas prank on its employees; Microsoft, McAfee and many others have joined forces to fight ransomware; and Signal messenger was NOT hacked by Cellebrite. Further Info CONTEST LINK!! http://bit.ly/Firewalls-200   Follow me on Facebook!! https://bit.ly/Firewalls-Facebook Follow me on YouTube!! https://bit.ly/Firewalls-YouTube New Year’s Resolutions 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/  Uninstall Adobe Flash: Windows: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

The dumpster fire that was 2020 is almost behind us, and it’s time to look forward to a brighter future in 2021! By a stroke of fortuitous coincidence, this is also my 200th podcast! To celebrate these two important milestones, we have a world-renowned security guru for our guest, Bruce Schneier, and I’ll be giving away over $1800 worth of great stuff to help you improve your privacy and security in 2021! And if all of that weren’t enough, I’ll also be sharing with you several top-notch to-do list ideas for your 2021 New Year’s resolutions – not just from myself, but from several top industry experts! It’s an amazing star-studded, prize-riddled, info-packed podcast! Special Guest Appearances By: Bruce Schneier (Chief of Security Architecture at Inrupt) Dr Ann Cavoukian (Executive Director at Global Privacy & Security by Design Centre) Dr Andy Yen (CEO/Co-Founder ProtonMail) Cory Doctorow (author & activist) David Ruiz (Malwarebytes) Helen Horstmann-Allen (COO Fastmail) Beah Burger-Lenehan (Director, Product at DuckDuckGo) Marshall Erwin (Chief Security Officer, Mozilla) Todd Weaver (Founder/CEO Purism) Rich Stokes (Founder/CEO Winston Privacy) Further Info: CONTEST LINK!! http://bit.ly/Firewalls-200 Contest info: https://firewallsdontstopdragons.com/new-years-2021-giveaway/ New Year’s Resolutions 2021: https://firewallsdontstopdragons.com/new-years-resolutions-2021/ Inrupt: https://inrupt.com/solid Solid Project: https://solidproject.org/ Follow me on Facebook!! https://bit.ly/Firewalls-Facebook Follow me on YouTube!! https://bit.ly/Firewalls-YouTube

I’ve painstakingly scoured the last 50 episodes to select the best of the best, the cream of the crop, the top tips for the year 2020! If you’re already a subscriber, this will be a great refresher – and maybe give you a chance to do some of those things you had meant to do but somehow never got around to doing it! And if you’re a new subscriber, then you can catch up on some of what you missed! This would also be a great episode to share with friends and family who you feel might also benefit from improving their cyber security and data privacy! Enjoy! And Happy Holidays!! Further Info Don’t miss the HUGE 200th episode next week! https://firewallsdontstopdragons.com/200th-podcast-a-brighter-future/ Follow me on Facebook!! https://bit.ly/Firewalls-Facebook  Follow me on YouTube!! https://bit.ly/Firewalls-YouTube

One today’s show, Ben Moskowitz from Consumer Reports will tell us about an extremely useful tool they’ve created to help you improve your personal security and privacy, customized to your particular needs, called the Security Scanner. Just answer a few simple questions and it will give you a checklist of specific ways to be more secure, ranked by time, effort and cost. Consumer Reports is also pioneering a comprehensive, open-source program that will allow consumers, manufacturers, advocacy organizations, and more to formally evaluate the privacy and security aspects of products and services. This will allow buyers to compare products more accurately and give manufacturers incentives to make better products. Benjamin Moskowitz is the Director of Consumer Reports’ Digital Lab, a major initiative to expand CR’s work on privacy, digital security, and emerging concerns in digital consumer protection. Previously, he served as Director of Development for Innovation for the International Rescue Committee, where he secured more than $29 million in funding as a founding member of the Airbel Center—a research and development unit that designs, tests, and scales life-changing solutions for refugees and people affected by conflict. Further Info Consumer Reports Security Planner: https://securityplanner.consumerreports.org/  The Digital Standard: https://thedigitalstandard.org/  Virtual screening of Coded Bias: https://action.consumerreports.org/coded_bias  Contribute! https://digital-lab.consumerreports.org/  Become a CR Member: https://www.consumerreports.org/membership  Privacy Front & Center study: https://thedigitalstandard.org/downloads/CR_PrivacyFrontAndCenter_102020_vf.pdf  Best & Worst Gift Guide 2020: https://firewallsdontstopdragons.com/best-worst-gifts-2020/  Follow me on Facebook!! https://bit.ly/Firewalls-Facebook  Follow me on YouTube!! https://bit.ly/Firewalls-YouTube Request book for review: https://form.jotform.com/203127587895064

Are consumers really concerned about security and privacy in the products they buy? And if so, how could manufacturers capitalize on these attributes to sell more of their products? Consumer Reports has recently published an important, comprehensive study of consumer attitudes towards privacy and security, including the historical evolution of these feelings. The result is a roadmap which companies can use to better serve this fast-growing market. Today we’ll discuss this study and its implications with Ben Moskowitz from CR’s Digital Lab. Benjamin Moskowitz is the Director of Consumer Reports’ Digital Lab, a major initiative to expand CR’s work on privacy, digital security, and emerging concerns in digital consumer protection. Previously, he served as Director of Development for Innovation for the International Rescue Committee, where he secured more than $29 million in funding as a founding member of the Airbel Center—a research and development unit that designs, tests, and scales life-changing solutions for refugees and people affected by conflict. Further Info: Privacy Front & Center study: https://thedigitalstandard.org/downloads/CR_PrivacyFrontAndCenter_102020_vf.pdf Consumer Reports Security Planner: https://securityplanner.consumerreports.org/ The Digital Standard: https://thedigitalstandard.org/ Virtual screening of Coded Bias: https://action.consumerreports.org/coded_bias Contribute! https://digital-lab.consumerreports.org/ Become a CR Member: https://www.consumerreports.org/membership My new YouTube Channel: https://www.youtube.com/channel/UC0aUElaV7hDubXSpDJkiSrA Request book for review: https://form.jotform.com/203127587895064

Looking for fun gifts that won’t also be gifts to hackers and data miners? In today’s show, I’ll list off the top products and services from my annual Naughty & Nice gifts guide! Every year, I review several popular gifts and give you my recommendations on which ones to buy and which ones to avoid like the plague (or the pandemic?). In other news: Spotify has been hacked and you should change your password; Google is looking to add end-to-end encryption to its new Android RCS messaging system; an important new IoT security bill is waiting for the President’s signature; 27.7M Texans’ driver’s license info has been stolen; the IRS and the US military have been doing an end run around the US Constitution to obtain location information on thousands of people including US citizens without a warrant; Apple lowers its App Store commission to 15% for the vast majority of developers; Apple has responded to the blow back concerning its security validation on macOS Big Sur; and now is the time to download and enable your state’s COVID-19 tracing app. Further Info: Best & Worst Gifts for 2020: https://firewallsdontstopdragons.com/best-worst-gifts-2020/  COVID-tracing app story, Washington Post: https://www.washingtonpost.com/technology/2020/11/18/coronavirus-app-exposure-alerts/ Setting up a Pi-Hole server: https://www.smarthomebeginner.com/pi-hole-setup-guide/ 

So, what can we do about these dark patterns? Are there technical solutions to this problem? Or will this require regulations? Or perhaps we just need to train our engineers and consumers better? In part 2 of my interview with Dr. Colin Gray of Purdue University, we talk about some possible solutions to the dark patterns problem, as well as tips and tricks for avoiding them. Colin also shares several interesting resources for further study. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in Educational Technology from University of South Carolina, and a MA in Graphic Design from Savannah College of Art & Design. He has worked as an art director, contract designer, and trainer, and his involvement in design work informs his research on design activity and how design capability is learned. His research focuses on the ways in which the pedagogy and practice of designers informs the development of design ability, particularly in relation to ethics, design knowledge, and professional identity formation. Further Info: Colin’s home page: https://colingray.me  Dark Patterns: https://darkpatterns.uxp2.com  Dark Patterns (Brignull): https://darkpatterns.org/  Give Thanks: https://firewallsdontstopdragons.com/give-thanks-donate/  Rachel Maddow’s plea: https://www.nbcnews.com/feature/nbc-out/rachel-maddow-says-her-partner-has-covid-19-one-point-n1248375 COVID-19 risk assessment tool: https://covid19risk.biosci.gatech.edu/  Facebook’s Social Contagion experiment: https://www.forbes.com/sites/kashmirhill/2014/06/30/facebook-only-got-permission-to-do-research-on-users-after-emotion-manipulation-study/ Evil By Design: https://www.amazon.com/Evil-Design-Interaction-Lead-Temptation/dp/1118422147  Design Justice: https://design-justice.pubpub.org/  Data Feminism: https://data-feminism.mitpress.mit.edu/  Michael Sandel’s Justice course: http://justiceharvard.org/justicecourse/ 

Are you tired of being pestered to allow notifications or access to your location? Do you wonder why you have to give your credit card number in order to sign up for “free” trials? Why weren’t you told about the shipping costs until the very last screen in the purchase process? Are you sure that you didn’t intend to sign up for all those newsletters? You’re not alone, and you’re not simply being subjected to clever marketing. You’ve been the victim of dark patterns: specific, scientifically-proven techniques designed to favor shareholder value over user value. In part 1 of my interview with Dr. Colin Gray, we’ll discuss all the ways in which we’re being manipulated and why, as mere humans, we’re horribly outmatched. Colin M. Gray is an Assistant Professor at Purdue University in the Department of Computer Graphics Technology. He is program lead for an undergraduate major and graduate concentration in UX Design. He holds a PhD in Instructional Systems Technology from Indiana University Bloomington, a MEd in Educational Technology from University of South Carolina, and a MA in Graphic Design from Savannah College of Art & Design. He has worked as an art director, contract designer, and trainer, and his involvement in design work informs his research on design activity and how design capability is learned. His research focuses on the ways in which the pedagogy and practice of designers informs the development of design ability, particularly in relation to ethics, design knowledge, and professional identity formation. Further Info: Dr. Colin Gray’s home page: https://colingray.me  Dark Patterns: https://darkpatterns.uxp2.com  Dark Patterns (Brignull): https://darkpatterns.org/  Facebook’s Social Contagion experiment: https://www.forbes.com/sites/kashmirhill/2014/06/30/facebook-only-got-permission-to-do-research-on-users-after-emotion-manipulation-study/

Zoom went from an obscure teleconferencing company to a household word when the pandemic hit. Zoom wasn’t the best videoconferencing app by any means. But it was dead simple to use and kinda fun to say. For better or worse, it became the de facto tool for many of us to keep in touch. Over that time, Zoom has made many important improvements. This week it has finally rolled out what appears to be true end-to-end encryption (E2EE). Today I’ll tell you how to enable this new feature. In other news: Be sure to update your iPhones to iOS 14.2; also be sure to keep Google Chrome and Windows 10 up to date; Adobe Flash is finally almost gone; police in Jackson, Mississippi are trialing a program to directly tap into people’s private security cameras like Ring video doorbells; the NSA and FBI have been burned by the very backdoors they added; and California’s Prop 24 passes, beefing up privacy protections for its citizens (and probably for all of us). Further Info (for podcast page) How to enable Zoom end-to-end encryption: https://firewallsdontstopdragons.com/zoom-now-with-actual-privacy/  Best & Worst Gifts from last year: https://firewallsdontstopdragons.com/best-worst-gifts-2019/ Please add a nice review on my new book!! https://www.amazon.com/gp/product/1484261887

For better or for worse, the internet today is funded by advertising. While ads can be annoying, the real issue isn’t having to watch ads – it’s when then ads watch us. AdTech today is premised on invasive personal data collection. Companies like Google and Facebook amass voluminous dossiers on each of us, and sell highly-targeted ads based on our income, gender, age, location, buying habits, personal interests, sexual orientation, and much, much more. But it doesn’t have to be that way. And Cloudflare is going to show us how. Today, I’ll talk again with the CTO, John Graham-Cumming, about Cloudflare Radar and much more. John Graham-Cumming is a British software engineer and writer best known for starting a successful petition to the Government of the United Kingdom asking for an apology for its persecution of Alan Turing. As of 2020, he serves as Chief Technology Officer (CTO) at Cloudflare. Further Info: Cloudflare Radar: Election 2020 https://radar.cloudflare.com/election-2020 Cloudflare 1.1.1.1 DNS and Warp VPN: https://1.1.1.1/ VOTE! https://www.vote.org/