
Firewalls Don't Stop Dragons Podcast
A Podcast on Computer Security & Privacy for Non-Techies
Latest episodes

Feb 24, 2020 • 30min
Adversarial Interoperability (Part 2)
it's not cheap or easy to get your iPhone repaired - largely because there's not a lot of real competition in the iPhone repair market. That's no accident. Owners of modern John Deere tractors have really only one option: John Deere. Why? There's no good technical reason. There's really no good legal reason either, but laws like the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA) have been abused to give these companies inordinate say over who can perform repairs on their products. In part 2 of my interview with the EFF's Cory Doctorow, we discuss the right to repair and wrap up our overall discussion with possible solutions and action items for the concerned consumer.
Cory Doctorow is a science fiction author, activist, journalist and blogger. He’s the author of several novels including HOMELAND, LITTLE BROTHER and WALKAWAY. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group.
Further Info:
Adversarial Interoperability: https://www.eff.org/deeplinks/2019/10/adversarial-interoperability Donate to EFF: https://supporters.eff.org/donate Electronic Frontier Alliance: https://www.eff.org/fight

Feb 17, 2020 • 48min
Adversarial Interoperability (Part 1)
Here's a riddle for you: when does something you paid good money not actually belong to you? Answer: when that device is part of the Internet of Things. Why? Because without the express permission and continued support of the company that sold you that device, it becomes a worthless piece of junk. All of our modern "smart" devices are inextricably tied to their cloud-based services and automatic software updates. In part 1 of my interview with Cory Doctorow, we'll talk about how we got into this situation, including several shocking examples.
Cory Doctorow is a science fiction author, activist, journalist and blogger. He’s the author of several novels including HOMELAND, LITTLE BROTHER and WALKAWAY. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group.
Further Info:
Adversarial Interoperability: https://www.eff.org/deeplinks/2019/10/adversarial-interoperability Donate to EFF: https://supporters.eff.org/donate

Feb 10, 2020 • 51min
Tax Time Brings Tax Scams
It's that time of year again: tax time! And that means it's also time for tax scams. I'll give you some tips on how to avoid them, and also help you find the real "Free File" versions of your favorite online tax filing software.
In other news: a German man fooled Google Maps with a wagon full of phones; Hue smart bulbs patched a serious vulnerability; Ring doorbell offers more security and privacy controls; a nasty Android Bluetooth vulnerability found and fixed; extracting data from a computer using screen brightness; and the US government's use of third-party location trackers.
Further Info
ProPublica interview on history of Free File: http://podcast.firewallsdontstopdragons.com/2020/01/13/why-free-file-isnt-free/Free File: https://firewallsdontstopdragons.com/how-to-really-free-file-your-taxes/Avoid tax scams: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/Winston Privacy: https://winstonprivacy.com/

Feb 3, 2020 • 43min
Just Say No (to Sharing)
We install antivirus software to protect us, not exploit us. Like a bodyguard, AV programs needs full, unfettered access to everything in order to properly do the job. That requires complete and absolute trust. And probably a non-disclosure agreement. Unfortunately, antivirus software doesn't offer you an NDA promise. Avast, the maker of one of the top five AV software applications, has recently been shown to collect and sell entensive customer information to third parties. While they claim to anonymize the data, it's often easy to re-identify people when correlating this data with other databases. Thanks to some reporting by Vice and PCMag, Avast is shutting down this lucrative side business after a serious backlash. I'll tell you how you can mitigate your exposure to rampant data sharing.
In other news, Sonos angers many long-time customers by declaring an end to supporting older devices; over 250M customer records have been exposed on five public servers with zero protections for about 14 years; Clearview, the company boasting a database of 3B face photos, has come under fire from social media companies and the US Congress; iOS 13 and Android 10 location privacy restrictions have dropped location tracking by nearly 70%; and Mozilla has banned almost 200 plugins for tracking users and violating its malware policies.

Jan 27, 2020 • 50min
Data Privacy Day 2020
Happy Data Privacy Day! My guest today is none other than Bruce Schneier: world renowned security guru and author of several great books, including the Data and Goliath and Click Here to Kill Everybody! Bruce and I discuss the current state of data privacy and what it's going to take to rein in the corporations that are buying and selling our data with abandon.
Bruce Schneier is an internationally renowned security technologist Bruce Schneier has authored over one dozen books--most recently Click Here to Kill Everybody--and hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and his blog Schneier on Security are read by over 250,000 people.
Further Information:
Transcript of my interview with Bruce Schneier: http://podcast.firewallsdontstopdragons.com/wp-content/uploads/2019/01/Ep100-interview.txtData Privacy Day Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/

Jan 20, 2020 • 32min
Clearview Knows Who You Are
A small company has amassed over 3 billion online photos from social media and other public sources, creating perhaps the largest facial database in existence - far larger than even the FBI's database. The images are often connected to a person's full name, address, and people they know. The company, called Clearview, has sold access to this database to over 600 law enforcement agencies, allowing them to quickly identify someone from a single picture. While this has allowed them to solve several cases, it also means that we have basically lost the ability to be anonymous in public. There are no rules around this - but there need to be.
In other news, if you haven't updated Windows in the last week, you need to do it right now; same goes for Internet Explorer (though you should really just switch to Firefox); Apple and FBI are once again facing off over iPhone encryption; the vast majority of modern cable modems are vulnerable to a devastating hack; and for at least this year, you shouldn't abbreviate with just "20" on anything important.
Further Info:
NY Times article on Clearview: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html Sandboxie: https://www.sandboxie.com/ VirtualBox: https://www.virtualbox.org/ CableHaunt: https://cablehaunt.com/

Jan 13, 2020 • 53min
Why “Free File” Isn’t Free
The IRS already knows what I made, what taxes I've paid, and even what my mortgage interest was last year. Why do I have to fill out tax forms? Turns out there's a very specific reason, and you're not going to like it. At the turn of the century, tax preparers like TurboTax and H&R Block negotiated a deal with the US government that prevented this very thing. In exchange, these tax companies agreed to offer a "Free File" online tax program for most tax filers. But while perhaps honoring the letter of that agreement, they used dark patterns and other subtle psychological tricks to push tax payers into pricey, unnecessary tax applications. Justin Elliott from ProPublica will explain the sordid history of "free" online tax preparation and the cat-and-mouse game companies like Intuit (maker of TurboTax) have been playing with regulators.
Justin Elliott has been a reporter since 2012 with ProPublica, where he has covered money and influence in the Obama and Trump administrations, the American Red Cross and TurboTax maker Intuit. He has produced stories for outlets including The New York Times and National Public Radio, and his work has spurred congressional investigations and changes to federal legislation.
Further Info:
ProPublica Free File stories: https://www.propublica.org/series/the-turbotax-trap IRS official Free FIle site: https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free How to file for free: https://www.propublica.org/article/how-to-file-state-federal-taxes-free-2020

Jan 6, 2020 • 47min
Time to Upgrade Windows
It's not too late! You can still snag a free upgrade to Windows 10 from Microsoft. If you're still running Windows 7, it's time to avail yourself of this offer. Microsoft is ending support for Windows 7 on January 24, 2020. That means that you will no longer get software updates - in particular, security fixes. The official offer to upgrade to Windows 10 at no cost supposedly ended in July 2016, but Microsoft still offers a legitimate way to upgrade for free. I'll tell you how.
In other news, cybersecurity experts are on the alert following our lethal attack on a senior Iranian military figure, Facebook was again caught using your two-factor authentication mobile number for non-security purposes, there's another massive leak of Facebook user data, Amazon blames its customers for Ring device hacks, a bug in GPS watches allows anyone to track your location, and the new California Consumer Privacy Act (CCPA) goes into effect.
Further Info:
Spread the Word: https://firewallsdontstopdragons.com/spread-the-word/ New Year's Resolutions: https://firewallsdontstopdragons.com/2020-new-years-resolutions/ Upgrade to Win10 for free: https://www.zdnet.com/article/heres-how-you-can-still-get-a-free-windows-10-upgrade/ Protect Your Privacy on Windows 10: https://spreadprivacy.com/windows-10-privacy-tips/

Dec 30, 2019 • 55min
2020 New Year’s Resolutions
2019 has come and gone, and 2020 is upon us! You know what that means: New Years Resolutions! I've put together a Top Ten list of suggestions that will significantly improve your computer security and online privacy! Some of these are easy and some are going to require some effort... but you have a whole year to do them!
This will also be a great episode to forward to friends and family, introduce them to the show and help build up our "herd immunity".
Further Info
2020 New Years Resolutions blog: https://firewallsdontstopdragons.com/2020-new-year's-resolutions/Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/Key resources: https://firewallsdontstopdragons.com/resources/Terms and Conditions May Apply: http://tacma.net/tacma.php Support me! https://www.patreon.com/FirewallsDontStopDragons

Dec 23, 2019 • 1h 1min
Behind the One-Way Mirror (part 2)
We know that we're tracked, but what remains largely invisible is the massive economy working behind the scenes (or "mirror") to buy, sell, trade and bid on you and your data. I've seen estimates that claim there are up to 4000 data brokers in the US alone. And what's worse is that they are largely unregulated, making the data market a total free-for-all. What can you do to curb this tracking and selling of data? We'll discuss that in the conclusion of my interview with the EFF's Bennett Cyphers.
Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he's worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master's degree for work on privacy-preserving machine learning. In his spare time he designs t-shirts for fake punk rock bands.
Further Info
EFF’s Behind the One-Way Mirror: https://www.eff.org/wp/behind-the-one-way-mirror Setting Apple ID to zero (“limit ad tracking”): https://blog.tenjin.com/idfa-sends-all-zeros-on-ios-10-devices-2/Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/ The Scoring of America: https://www.worldprivacyforum.org/wp-content/uploads/2014/04/WPF_Scoring_of_America_April2014_fs.pdfCorporate Surveillance in Everyday Life: https://crackedlabs.org/en/corporate-surveillance