Firewalls Don't Stop Dragons Podcast

A small company has amassed over 3 billion online photos from social media and other public sources, creating perhaps the largest facial database in existence – far larger than even the FBI’s database. The images are often connected to a person’s full name, address, and people they know. The company, called Clearview, has sold access to this database to over 600 law enforcement agencies, allowing them to quickly identify someone from a single picture. While this has allowed them to solve several cases, it also means that we have basically lost the ability to be anonymous in public. There are no rules around this – but there need to be. In other news, if you haven’t updated Windows in the last week, you need to do it right now; same goes for Internet Explorer (though you should really just switch to Firefox); Apple and FBI are once again facing off over iPhone encryption; the vast majority of modern cable modems are vulnerable to a devastating hack; and for at least this year, you shouldn’t abbreviate with just “20” on anything important. Further Info: NY Times article on Clearview: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html Sandboxie: https://www.sandboxie.com/ VirtualBox: https://www.virtualbox.org/ CableHaunt: https://cablehaunt.com/

The IRS already knows what I made, what taxes I’ve paid, and even what my mortgage interest was last year. Why do I have to fill out tax forms? Turns out there’s a very specific reason, and you’re not going to like it. At the turn of the century, tax preparers like TurboTax and H&R Block negotiated a deal with the US government that prevented this very thing. In exchange, these tax companies agreed to offer a “Free File” online tax program for most tax filers. But while perhaps honoring the letter of that agreement, they used dark patterns and other subtle psychological tricks to push tax payers into pricey, unnecessary tax applications. Justin Elliott from ProPublica will explain the sordid history of “free” online tax preparation and the cat-and-mouse game companies like Intuit (maker of TurboTax) have been playing with regulators. Justin Elliott has been a reporter since 2012 with ProPublica, where he has covered money and influence in the Obama and Trump administrations, the American Red Cross and TurboTax maker Intuit. He has produced stories for outlets including The New York Times and National Public Radio, and his work has spurred congressional investigations and changes to federal legislation. Further Info: ProPublica Free File stories: https://www.propublica.org/series/the-turbotax-trap IRS official Free FIle site: https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free How to file for free: https://www.propublica.org/article/how-to-file-state-federal-taxes-free-2020

It’s not too late! You can still snag a free upgrade to Windows 10 from Microsoft. If you’re still running Windows 7, it’s time to avail yourself of this offer. Microsoft is ending support for Windows 7 on January 24, 2020. That means that you will no longer get software updates – in particular, security fixes. The official offer to upgrade to Windows 10 at no cost supposedly ended in July 2016, but Microsoft still offers a legitimate way to upgrade for free. I’ll tell you how. In other news, cybersecurity experts are on the alert following our lethal attack on a senior Iranian military figure, Facebook was again caught using your two-factor authentication mobile number for non-security purposes, there’s another massive leak of Facebook user data, Amazon blames its customers for Ring device hacks, a bug in GPS watches allows anyone to track your location, and the new California Consumer Privacy Act (CCPA) goes into effect. Further Info: Spread the Word: https://firewallsdontstopdragons.com/spread-the-word/ New Year’s Resolutions: https://firewallsdontstopdragons.com/2020-new-years-resolutions/ Upgrade to Win10 for free: https://www.zdnet.com/article/heres-how-you-can-still-get-a-free-windows-10-upgrade/ Protect Your Privacy on Windows 10: https://spreadprivacy.com/windows-10-privacy-tips/

2019 has come and gone, and 2020 is upon us! You know what that means: New Years Resolutions! I’ve put together a Top Ten list of suggestions that will significantly improve your computer security and online privacy! Some of these are easy and some are going to require some effort… but you have a whole year to do them! This will also be a great episode to forward to friends and family, introduce them to the show and help build up our “herd immunity”. Further Info 2020 New Years Resolutions blog: https://firewallsdontstopdragons.com/2020-new-year’s-resolutions/ Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/ Key resources: https://firewallsdontstopdragons.com/resources/ Terms and Conditions May Apply: http://tacma.net/tacma.php Support me! https://www.patreon.com/FirewallsDontStopDragons

We know that we’re tracked, but what remains largely invisible is the massive economy working behind the scenes (or “mirror”) to buy, sell, trade and bid on you and your data. I’ve seen estimates that claim there are up to 4000 data brokers in the US alone. And what’s worse is that they are largely unregulated, making the data market a total free-for-all. What can you do to curb this tracking and selling of data? We’ll discuss that in the conclusion of my interview with the EFF’s Bennett Cyphers. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he’s worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master’s degree for work on privacy-preserving machine learning. In his spare time he designs t-shirts for fake punk rock bands. Further Info EFF’s Behind the One-Way Mirror: https://www.eff.org/wp/behind-the-one-way-mirror  Setting Apple ID to zero (“limit ad tracking”): https://blog.tenjin.com/idfa-sends-all-zeros-on-ios-10-devices-2/ Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/ The Scoring of America: https://www.worldprivacyforum.org/wp-content/uploads/2014/04/WPF_Scoring_of_America_April2014_fs.pdf Corporate Surveillance in Everyday Life: https://crackedlabs.org/en/corporate-surveillance

If you’ve listened to even a handful of my shows, you are well aware that you’re being tracked around the web. But even I was surprised by some of the things I learned in the recent white paper from the Electronic Frontier Foundation entitled “Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance”. One of the prime authors of this report, Bennett Cyphers, came on my show to walk us through the myriad and shocking ways that ad tech companies have found to identity us as we surf the web, use our smartphones, and even walk around the real world. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he’s worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master’s degree for work on privacy-preserving machine learning. In his spare time he designs t-shirts for fake punk rock bands. Further Info EFF’s Behind the One-Way Mirror: https://www.eff.org/wp/behind-the-one-way-mirror  Setting Apple ID to zero (“limit ad tracking”): https://blog.tenjin.com/idfa-sends-all-zeros-on-ios-10-devices-2/ Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/

We don’t often think about the security and privacy of our regular old “snail mail”, but we need to. According to recent activity observed by researchers of the dark web, the bad guys have been regaining interest in identity theft schemes involving physical letters. And in many cases, they can steal your mail without ever opening your mailbox. I’ll tell you what you can do to reduce your risk. In other news, thousands of Disney+ accounts were hacked on the first day, a massive data breach exposed over a billion user records, PayPal is set to acquire shopping platform Honey for $4B, and Avast and AVG browser extensions are spying on Chrome and Firefox users.

It’s that time of year again – time to see which popular gifts make my privacy/security Naughty and Nice lists! You want to make sure that when you’re giving gifts to your loved ones that you’re not also giving gifts to hackers and data miners! I’ll also start to catch you up on several of the news stories from the past few weeks including Google’s access to private medical info of tens of millions of people, a researcher finding 146 different Android bugs coming right out of the box, more creepy updates on the Ring Doorbell, and a very welcome federal court ruling about your rights at the US border.

Today in part 2 of my deeply insightful interview with author Kris Shaffer, we discuss how marketers and foreign powers have been capturing our attention and even manipulating our responses. We’ll discuss how these techniques were used in the 2016 US presidential election and in other critical voting situations. In many cases, it’s sufficient to make people stay home or to sow doubt in the election results. But we’ll also discuss whether some of these sames tools and techniques can be used to expose manipulation and tip the scales back in our favor. Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored “The Tactics and Tropes of the Internet Research Agency”, a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, non-profits, and universities on matters related to digital disinformation, data ethics, and digital pedagogy. Kris is the author of Data versus Democracy: How Big Data Algorithms Shape Opinions and Alter the Course of History, published July 2019 by Apress. Further Info Data versus Democracy: https://www.apress.com/us/book/9781484245392 Kris Shaffer’s website: https://pushpullfork.com Weapons of Math Destruction: https://weaponsofmathdestructionbook.com/ Automating Inequality: https://virginia-eubanks.com/ The Great Hack: https://www.thegreathack.com/ Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/

They say we are in the Information Age and that data is the new oil. But many (including my guest, Kris Shaffer) are saying that was is truly valuable today is attention, not information. Information is so plentiful now that it almost has no value. And because just about everything on the internet is free, we’re paying for it with our attention. Marketers have gone to great lengths to study human behavior and they know exactly how to get and keep our attention. Unfortunately, these techniques can also be used to distract us and manipulate us. We’ll discuss this and much more in today’s interview (part 1 of 2). Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored “The Tactics and Tropes of the Internet Research Agency”, a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, non-profits, and universities on matters related to digital disinformation, data ethics, and digital pedagogy. Kris is the author of Data versus Democracy: How Big Data Algorithms Shape Opinions and Alter the Course of History, published July 2019 by Apress. Further Info Data versus Democracy: https://www.apress.com/us/book/9781484245392 Kris Shaffer’s website: https://pushpullfork.com Carey’s Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/