Firewalls Don't Stop Dragons Podcast

In the second half of my interview with the EFF’s Lindsay Oliver and Jason Kelley, we talk about how these draconian surveillance systems put several students at a distinct disadvantage and how the teacher themselves feel about all of this. How might all of this normalize surveillance for young people? Can the invisible hand of the market resolve some of these issues? What should the policies be around proctoring and the use of these surveillance apps? How can we push back and demand change most effectively? Lindsay Oliver is the Project Manager for EFF’s activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: VOTE! https://www.vote.org/ Cybersecurity & Infrastructure Security Agency tip sheets: https://www.cisa.gov/national-cybersecurity-awareness-month-resources Surveillance Self Defense for students: https://ssd.eff.org/en/module/privacy-students Electronic Frontier Alliance: https://supporters.eff.org/join-efa  This article has TONS of student privacy resources: https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps

In this time of COVID19, we’ve all had to learn to work and learn from home. But how do our bosses know we’re not screwing around instead of working? How do our teachers know we’re not cheating? It turns out that they’re both willing to go to extremely intrusive measures to try to figure that out. Home and mobile device surveillance technology is booming thanks to this global pandemic, as we will learn from talking to the EFF’s Lindsay Oliver and Jason Kelley. They have been investigating the serious impacts these products and services are having on our privacy and overall fairness for students and employees. Lindsay Oliver is the Project Manager for EFF’s activism team, and works on the self-help resource Surveillance Self-Defense, Security Education Companion, and student privacy. Jason Kelley guides EFF’s social media tactics and develops EFF’s online digital advocacy, and writes about various forms of governmental and private surveillance and tracking. Further Info: Surveillance Self Defense for students: https://ssd.eff.org/en/module/privacy-students Electronic Frontier Alliance: https://supporters.eff.org/join-efa  This article has TONS of student privacy resources: https://www.eff.org/deeplinks/2020/09/students-are-pushing-back-against-proctoring-surveillance-apps National Cybersecurity Awareness Month: https://www.cisa.gov/national-cybersecurity-awareness-month-resources

October is National Cybersecurity Awareness Month! The theme this year is: if you connect it, protect it! And given how popular IoT devices are these days, and also how horrid their security usually is, this advice has never been more important. In today’s show, I’ll walk through some top cyber tips for protecting your devices and your home network. And there’s a TON of news, as well: I’ll update you on the “App Fairness” campaign from Epic, Protonmail, Spotify and others; watch out for fake Android messaging apps made to look like Threema or Telegram; Google’s Chrome browser gets slammed for its poor privacy protections; Google is now giving out lists of people who searched on particular terms to law enforcement; Amazon is adding some new privacy options to their Alexa products, while also introducing a super-creepy home spy drone; should you let your insurance company track you? (spoiler: no); and Apple’s T2 chip is found to have a severe, unfixable security flaw. Further Info: Cybersecurity & Infrastructure Security Agency (CISA) tip sheets: https://www.cisa.gov/publication/national-cybersecurity-awareness-month-publications  Get 20% off my new book at Apress using code Dragons2020. https://www.apress.com/us/book/9781484261880  Google Chrome: the Anti-Privacy Browser: https://theprivacy.com/2020/09/14/google-chrome-the-anti-privacy-browser/?hss_channel=tw-976856456740864004  Coalition for App Fairness’s 10 principles examined: https://appleinsider.com/articles/20/10/05/breaking-down-the-coalition-for-app-fairness-issues-with-apple 

What do Apple, Tyson Foods and Worldwide Wrestling (WWE) all have in common? And what is “chickenization”? In part 2 of my interview with Cory Doctorow, he explains how some markets in the US economy are completely distorted by dominant sellers as well as dominant buyers. Seeing all of these specific markets as facets of a single economic problem, we can find common cause and perhaps a common solution. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles. Further Info: Buy Attack Surface: https://us.macmillan.com/books/9781250757531  Back Attack Surface audio book: https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-book Buy Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Watch The Social Dilemma!: https://www.netflix.com/title/81254224  Donate to EFF: https://supporters.eff.org/donate/join-4  Be very wary of disinformation right now: https://firewallsdontstopdragons.com/fake-news-be-highly-wary-right-now/ VOTE!! https://www.vote.org/

Apple and Epic Games are locked in an epic legal (and PR) battle that may determine the future of the App Store, the Google Play Store, and several other game distribution networks. At the heart of this debate is the disproportionate influence the app store owner has over the apps in their store, including demanding a hefty cut of the app maker’s profits. How did we get to this place? How does this distort the market for software? When did “contempt of business model” become a felony? Today I’ll discuss this and more with EFF’s Cory Doctorow. Cory Doctorow (craphound.com) is a science fiction author, activist, and journalist. He is the author of RADICALIZED and WALKAWAY, science fiction for adults, a YA graphic novel called IN REAL LIFE, the nonfiction business book INFORMATION DOESN’T WANT TO BE FREE, and young adult novels like HOMELAND, PIRATE CINEMA and LITTLE BROTHER. His latest book is POESY THE MONSTER SLAYER, a picture book for young readers. His next book is ATTACK SURFACE, an adult sequel to LITTLE BROTHER. He maintains a daily blog at Pluralistic.net. He works for the Electronic Frontier Foundation, is a MIT Media Lab Research Affiliate, is a Visiting Professor of Computer Science at Open University, a Visiting Professor of Practice at the University of North Carolina’s School of Library and Information Science and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in Los Angeles. Further Info: Buy Attack Surface: https://us.macmillan.com/books/9781250757531  Back Attack Surface audio book: https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-book Enter to win a free copy of my book: https://bit.ly/firewalls4  Buy Firewalls Don’t Stop Dragons: https://www.amazon.com/gp/product/1484261887  Watch The Social Dilemma!: https://www.netflix.com/title/81254224  Donate to EFF: https://supporters.eff.org/donate/join-4  VOTE!! https://www.vote.org/

If you’re a Windows PC user, you know the term “bloatware”, or maybe “crapware”. Every consumer PC comes chock full of it. Free trials of games, cloud storage services and antivirus software. Half a dozen “helper” apps from the PC manufacturer. Pre-installed calling, chat, and shopping services. It’s a mess. But they’re not just annoying. They can slow down your computer’s startup and shutdown, and waste precious battery life on laptops. Today I’ll share two ways to take out this trash. In other news: Android 11 and iOS 14 are out, and have neat new security and privacy features; Google is blocking W3C efforts to improve your privacy while also blocking resource-hogging ads in Chrome and blocking stalkerware apps in the Google Play Store; the FBI is now worried that video doorbells may actually let people spy on them; Facebook will try to ban deepfake political videos; and the US House unanimously passes a much-needed IoT security bill.

Enterprising scammers have found some very clever ways to trick you into believing your computer needs fixing, when in reality it’s just fine. Using various techniques, fake web pop-up alerts can cause your browser or computer to seem sluggish or malfunctioning. And then you get a helpful pop-up alerting you of a serious problem and offering to help you fix it – for a fee. I’ll tell you how to spot these fakes and how to recover from the issues they’ve inflicted. In other news: there’s a new and nasty Bluetooth bug, Emotet malware infections are spiking, Apple accidentally notarized malware in its App Store, Apple chooses to delay it’s key privacy feature on iOS 14 due to push back from marketing companies like Facebook, the Epic/Apple battle ratchets up yet again, a US circuit court rules that warrantless wiretapping is illegal, Portland enacts the country’s strictest ban on facial recognition technology, and the secure messaging app Threema has decided to go open source. Further Info: Order the 4th edition of my book: https://www.apress.com/us/book/9781484261880 Enter my book giveaway! http://bit.ly/firewalls4

Did you know that Google’s search can track you on a non-Chrome browser, even if you block third party cookies? And did you also know that there’s a gaping privacy hole in web surfing that even a VPN may not fix? Is it possible to defeat browser fingerprinting? In the second half of my interview with Mozilla’s Chief Security Officer Marshall Erwin, we’ll answer these questions and much more. Marshall will give us his personal privacy tips and tell us about some upcoming Firefox features. And perhaps most importantly, he’ll tell us what we can do to support Mozilla and Firefox. Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from pervasive web tracking. Prior to joining Mozilla, Marshall worked in a variety of positions related to technology policy, cybersecurity, and national security more broadly. He began his career in national security, an analyst covering counterterrorism and cybersecurity. He also served as the counterterrorism and intelligence adviser on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service, focusing on National Security Agency surveillance programs and legislative changes to FISA statute. Marshall is a current Non-Residential Fellow at Stanford Law School’s Center for Internet & Society. Further Info: Download the Firefox browser: https://www.mozilla.org/en-US/firefox/new/ Donate to Mozilla Foundation: https://donate.mozilla.org/en-US/ Pre-order the 4th edition of my book: https://www.amazon.com/gp/product/148426188 Enter my book giveaway! http://bit.ly/firewalls4

If you really care about online privacy, you can’t use Google’s Chrome browser. Google is an advertising company. Everything else they do is in support of that core business. If you want a secure, fast browser that is actually focused on protecting your privacy, you want to be using Mozilla’s Firefox browser. Today I’ll be speaking with Mozilla’s Chief Security Officer, Marshall Erwin. We’ll trace Firefox’s heritage back to the stalwart Netscape Navigator and then dive into the ugly world of ubiquitous web tracking, by both governments and corporations. Are we really going dark? Why is privacy important? Are targeted ads really worth that much more than “dumb” ads? Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from pervasive web tracking. Prior to joining Mozilla, Marshall worked in a variety of positions related to technology policy, cybersecurity, and national security more broadly. He began his career in national security, an analyst covering counterterrorism and cybersecurity. He also served as the counterterrorism and intelligence adviser on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service, focusing on National Security Agency surveillance programs and legislative changes to FISA statute. Marshall is a current Non-Residential Fellow at Stanford Law School’s Center for Internet & Society. Further Info: Firefox browser: https://www.mozilla.org/en-US/firefox/new/ Donate to Mozilla Foundation: https://donate.mozilla.org/en-US/ Pre-order the 4th edition of my book: https://www.amazon.com/gp/product/1484261887

Epic – the maker of the massively popular game Fortnite – has thrown down the proverbial gauntlet. It has decided that it no longer wishes to cut Apple in for 30% of its profits… Which is exactly what all app developers do – and have explicitly and contractually agreed to do – in return for using Apple’s platform, tools, software development kits, and security testing. Apple provides this and access to billions of users. Microsoft, Sony and Google charge the same 30% in their app stores. But Epic claims that Apple’s cut is too much, and has deliberately picked a legal fight with Apple (and Google) to try to get more favorable terms or be allowed to run a private Epic store. It’s complex and nuanced, but I’ll wade into the muddy and turbulent waters on today’s show. In other news: There’s a tricky new Outlook email phishing scam going around, Jack Daniels has been hacked and asked to pay millions in ransom, Google had a big outage, your location data is for sale to corporations as well as government agencies (bypassing the need for court orders and warrants), and I’ll cover a couple interesting Android security stories from the recent DEFCON and BlackHat security conferences. Further Info: Scan suspicious files online: www.virustotal.com