Firewalls Don't Stop Dragons Podcast

As our world becomes increasingly technical and interconnected, we become more susceptible to technical misfortunes and feel more impact when they inevitably occur. In the first half of my interview with Joshua Motta, we'll talk about the recent rise in ransomware attacks: how people and companies get infected, what we know about the hackers, and why ransomware is such an effective and debilitating attack. Joshua will even explain how ransomware has become a cottage industry unto itself. Joshua Motta is the CEO and Co-founder of Coalition, the fastest-growing provider of cyber insurance for small to medium sized businesses. Having worked at the intersection of the intelligence, finance, and technology sectors at the CIA, Goldman Sachs, and most recently as an early employee and CxO of Cloudflare, he gained valuable insights into the minds of hackers and how — and why — they target specific organizations, as well as how organizations can most effectively manage cyber risk. He founded Coalition to provide a better way to protect small and midsize businesses from breaches and cyber incidents. Further Info: Coalition Cyber Insurer: https://www.thecoalition.com/Help with ransomware: https://www.nomoreransom.org/en/index.html

What happens to all the files, photos, songs and other data on your devices when you resell them or throw them away? Well, if you don't do anything, all that data is still there, waiting for someone else to access it. A recent study showed that 60% of used hard drives still had accessible data on them. Today I'll tell you how to properly wipe the data from your smartphones and computers before you get rid of them. And there were a lot of other news items this week, including severe bugs in both Apple and Android smartphones, Cloudflare's wonderful new free mobile VPN app called Warp, a bug in WhatsApp that could allow complete takeover of your device, how to pronounce "GIF", the SIMJacker hack that affects well over a billion phones, and yet around call by the government to "backdoor" our encrypted communications. Further Info: Hope to Wipe Your Data: https://firewallsdontstopdragons.com/wipe-data-before-dumping-devices/Windows 10 privacy settings: https://spreadprivacy.com/windows-10-privacy-tips/

So what happens when your face print (or any biometric info) is stolen from a server? You can't change your face like you can change your password. Is there anything you can do to avoid your face being scanned or prevent your face from being recognized? What can you do right now to halt the use of facial recognition technologies while we sort out all the social implications? The answers to these questions and more in the second half of my interview with EPIC's Jeramie Scott! Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of "Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Protections of Our Newest Public Space.” Prior to joining EPIC, Mr. Scott graduated from the New York University Law School where he was a clinic intern at the Brennan Center's Liberty and National Security Program. His work at the Brennan Center focused on civil liberty issues arising from local law enforcement surveillance. Further Info: Electronic Privacy Information Center (EPIC): https://epic.orgPrivacy in the Modern Age: The Search for Solutions: https://www.amazon.com/Privacy-Modern-Age-Search-Solutions/dp/1620971070Glenn Greenwald's TED Talk on Privacy: https://www.ted.com/talks/glenn_greenwald_why_privacy_mattersPetition to ban the use of FRT: https://www.banfacialrecognition.com/

Use of facial recognition technology (FRT) is exploding around the globe. While touted as a convenience for checking in for a flight or crossing the border, the opportunities for abuse are staggering. People act differently when they feel they're being watched. There's a reason we have sayings like "dance like no one is watching". But US agencies like TSA and CBP have gained access to treasure troves of faces from DMV and passport databases, without ever asking our permission, and they're rolling out FRT across the nation. There are no laws or regulations on the use of this technology, and little thought being given to how constant, mass surveillance will affect our democratic and human rights. In the first part of my two-part interview with Jeremie Scott (EPIC), we'll discuss how we got here. Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of "Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Protections of Our Newest Public Space.” Prior to joining EPIC, Mr. Scott graduated from the New York University Law School where he was a clinic intern at the Brennan Center's Liberty and National Security Program. His work at the Brennan Center focused on civil liberty issues arising from local law enforcement surveillance. Further Info: Electronic Privacy Information Center (EPIC): https://epic.orgPrivacy in the Modern Age: The Search for Solutions: https://www.amazon.com/Privacy-Modern-Age-Search-Solutions/dp/1620971070

No doubt sensing the impending US privacy regulations, Google has released a plan to "enhance" user privacy... by finding different ways to track you. Instead of relying on cookies and fingerprinting, Google proposes that we just come out in the open and formalize tracking technologies. While that could give users more transparency and a modicum of control, the bottom line is that Google is really just trying desperately to save its business model (ads based on tracking). While there are actually some good ideas in their proposal, many of the technologies they're putting forward could be even worse for your privacy than the current schemes. Today I'll walk through the EFF's excellent analysis of these propositions and give my own take. Further Info: EFF: Don't Play in Google's Privacy Sandbox: https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1 EFF's Panopticlick tool: https://panopticlick.eff.org/

Today we speak with EFF's Matthew Guariglia about the creepy new partnership between Amazon's Ring Doorbell division and local law enforcement. Recent disclosures reveal that Amazon has partnered with over 400 police agencies to market their product and share surveillance footage. While these footage requests can supposedly be refused by the Ring owners, there appear to be circumstances where Amazon will provide footage without consent. The marketing of Ring has changed from convenience to an automated neighborhood watch program, where the police have been coached in how to drum up interest in the product and to assuage fears over sharing their private footage. Matthew Guariglia is a policy analyst for surveillance and privacy at the Electronic Frontier Foundation. He is also a visiting research scholar at the University of California-Berkeley and holds a PhD in U.S. history. His work focuses on the relationship between race, immigration, policing and government surveillance in the past and present. You can find his writing in the Washington Post, VICE, and the Freedom of information-centered outlet MuckRock. To find his writing you can follow him on Twitter at @mguariglia or visit MatthewGuariglia.com. Further Info EFF's Street Level Surveillance : https://www.eff.org/issues/street-level-surveillance Protecting Civic Spaces: https://privacyinternational.org/long-read/2852/protecting-civic-spaces

Evaluating VPN providers on privacy is really, really hard. Even if you read all their privacy claims, how do you know if they're telling the truth? I've read many reviews on many sites, but the recent review from The Wirecutter is the most comprehensive and helpful review I've ever come across. It focused first and foremost on privacy - something many other reviews fail to do, instead focusing on more readily verifiable aspects like speed, number of servers, and cost. In recent years, some top VPN providers have turned to third party, independent auditors to verify their privacy claims and published the results. This is what allows for a truly privacy-focused review. Many top contenders like ExpressVPN and NordVPN didn't make the cut due to lack of transparency compared to the providers that topped Wirecutter's list. Who won? Listen to today's show to find out. In other news, iPhones have been vulnerable to some nasty website hacks for several years, Facebook finally releases a tool to manage your "off-Facebook" data (though it fails), Kaspersky antivirus products have been marking all their users with a unique, trackable ID, and Kazakhstan tries to implement mass surveillance of its citizens and ends up being foiled (thankfully) by the three major browser makers. Further Info: Choosing a VPN Provider: https://firewallsdontstopdragons.com/choosing-a-vpn-service/

In the second half of my interview with EFF's Aaron Mackey, we'll discuss why our federal agencies are not enforcing the laws already on the books that should be protecting your privacy, the real implications of tracking someone's location, other ways in which we're tracked, and how you - as a consumer and citizen - can best defend yourself and advocate for better enforcement and protections. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown Law. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. Further Info: Donate to EFF: https://supporters.eff.org/donate/Surveillance Self Defense Guide: https://ssd.eff.orgEFF's California lawsuit: https://www.eff.org/cases/geolocation-privacyReport abused location information: geolocation@eff.orgEFF IMSI Catcher white paper: https://www.eff.org/files/2019/07/09/whitepaper_imsicatchers_eff_0.pdf

In January 2019, Motherboard broke a story about how cellular providers were allowing your location information to be sold to several third parties, effectively allowing anyone to buy the real-time location of any cell phone. The Electronic Frontier Foundation has brought a suit against AT&T and others, claiming that this practice broke several state and federal laws. Today in part one of my interview with the EFF's Aaron Mackey, we'll discuss this case and why our location data can expose so much about us. Aaron Mackey works on free speech, privacy, government surveillance and transparency. Before joining EFF in 2015, Aaron was in Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. He also holds an LLM from Georgetown Law. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. Further Info: Donate to EFF: https://supporters.eff.org/donate/Surveillance Self Defense Guide: https://ssd.eff.orgEFF's California lawsuit: https://www.eff.org/cases/geolocation-privacyReport abused location information: geolocation@eff.org

Marketing firms love to tell us that we control our privacy - you simply need to opt out of tracking! Like Dorothy, we've had the power all along. Just click your heels three times and uncheck all those pesky tracking options under Settings... somewhere. Which, statistically speaking, no one ever does. It's the Tyranny of the Default. I'll discuss why it's so hard. (Spoiler alert, it's on purpose.) Also in today's show: Apple massively expands its bug bounty program; several "air gapped" US elections systems found on the internet; Instagram pulls a Cambridge Analytica move; watch out for fake Equifax settlement sites; another sex hook-up app exposes its user's private information; and it's time to update your Android devices (if you can). Further Info: Instagram data leak: https://www.businessinsider.com/startup-hyp3r-saving-instagram-users-stories-tracking-locations-2019-8Election Systems exposed online: https://www.vice.com/en_us/article/3kxzk9/exclusive-critical-us-election-systems-have-been-left-exposed-online-despite-official-denialsOfficial FTC/Equifax settlement site: https://ftc.gov/equifax or https://www.equifaxbreachsettlement.com/Changing WiFi Router (and other IoT) default passwords: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/The Cop Out that is Opt Out: https://firewallsdontstopdragons.com