Firewalls Don't Stop Dragons Podcast

Several US states are trialing programs to replace the venerable plastic driver's license card with a new smartphone app. Unlike the "dumb" physical cards, the app would always be up to date. One study showed that 77% of all US adults have a smartphone. If you're an adult under the age of 30, that percentage jumps to 94%. But as our guest, Chad Marlow, explains this is a solution in search of a problem. It comes with significant risks for both privacy and democracy. Guest Info: Chad Marlow (ACLU) Chad Marlow is a senior advocacy and policy counsel at the ACLU. He principally focuses on privacy, surveillance, and technology issues. His work on issues ranging from net neutrality and police body cameras to government surveillance and consumer privacy has been a frequent subject of national and international media coverage. He is the author of fifteen ACLU model bills. He spearheaded the ACLU’s nationwide #TakeCTRL and Community Control Over Police Surveillance (CCOPS) campaigns. Twitter: @chadaaronmarlow, @ACLUWebsite: ACLU.org Further Reading Could Plastic Driver’s Licenses Become a Thing of the Past? : https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2018/11/20/could-plastic-drivers-licenses-become-a-thing-of-the-pastWhy Privacy Matters (TED Talk): https://www.ted.com/talks/glenn_greenwald_why_privacy_matters

It's bad enough that online ads are watching us, but now billboards and other real world ads are watching us, too. Using video cameras and signals from our smart devices, marketers are tailoring their billboards and digital signage based on our appearance and even our identity. Sean O'Brien from Yale Privacy Lab explains how this is done and the significant privacy implications of this practice. He'll also tell you how you to protect our privacy. Sean O'Brien is a Lecturer in Law at Yale Law School with expertise in cybersecurity, privacy, and mobile device forensics. He is Director of Business Development at Purism SPC, a company dedicated to digital privacy and security and founder of Yale Privacy Lab. Twitter: @YalePrivacyLab Yale Privacy Lab: https://privacylab.yale.edu Citizen FOSS guide: https://github.com/YalePrivacyLab/citizen-foss Original article from Medium: https://medium.com/s/thenewnew/irl-ads-are-taking-scary-inspiration-from-social-media-7088e8241beb

Marriott reports this week that it has exposed up to 500 million Starwood guests’ data going back as far as 2014. Affected hotels include Sheraton, Westin, W Hotels, Starwood timeshares and more, While it’s still not clear how much data may have been stolen, what is clear is that corporations are still not guarding their data properly. In today’s show, I’ll tell you what sort of customer information was vulnerable and what you can do to protect yourself. In other news, Ford’s CEO voices plans to monetize their customers’ data, the USPS has a mail preview service that you’ll want to sign up for before the bad guys do it on your behalf, and if you’ve ever had the creepy feeling that customer support reps can see what you’re typing in chat support before you send it… it’s because they can! More Info: Starwood's breach info page: https://info.starwoodhotels.com How to freeze your credit: https://firewallsdontstopdragons.com/using-credit-freeze-for-self-defense/ Best & Worst gifts for 2018: https://firewallsdontstopdragons.com/best-worst-gifts-2018/

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? Today we discuss these topics and more with Daniel Davis from DuckDuckGo - a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter URL: https://twitter.com/duckduckgo LinkedIn URL: https://www.linkedin.com/company/duck-duck-go DuckDuckGo Privacy Essentials: https://duckduckgo.com/app Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

The gift-giving season is once again upon us! “Smart” devices make great presents, but you want to make sure that you’re not also giving a gift to the hackers out there! In this special, annual holiday episode, I’ll tell you about some of the best and the worst holiday gifts and accessories, from a security and privacy viewpoint. Thinking about giving someone a DNA analysis kit? You might want to think twice! Which computers and smart devices are the most secure? And are there products I can buy to help make them more secure? You bet! I have all the angles covered for you in this week’s show! See also my blog article: The Best & Worst Gifts for 2018

Just because the caller ID says it’s the IRS or the Social Security Administration, don’t believe it. It’s almost surely a scammer trying to get your money or information. Government agencies don’t call people to confirm information in their records about you or with threats if you don’t pay up. And the caller ID information you see often has no relation whatsoever to who is actually calling or where they’re calling from. In today’s episode, I’ll tell you how to handle these scammer calls. I’ll also tell you about a massive, nationwide database of biometrics that was just created, how Consumer Reports and Mozilla are helping you to make smart security and privacy decisions on new products, and how a PhD from MIT is on a mission to fix our horrendously insecure voting systems.

Your physical world is governed by many laws and regulations that protect your freedom and privacy. Why should the digital world be any different? Todd Weaver, CEO and Found of Purism, explains how Big Tech managed to write the rules for the digital world and why those rules are at odds with your freedom, security and privacy. But it doesn’t have to be this way. As citizens, we can force those representing us to protect our digital civil rights. As consumers, we have options for computers and smartphones you can buy right now that will assert your digital civil rights. Serial entrepreneur and successful businessman, Todd has been recognized for his visionary strategy, technical leadership, and relentless drive, with more than 20 years of entrepreneurial experience, using, installing, and promoting Free Software. Todd has consistently predicted market directions and executed disruptive technologies in a wide range of industries, including in-store entertainment, collaborative financial solutions, and starting the first online cable company. Todd has a deep understanding of the hardware manufacturing process, and an unwavering belief for users to retain their essential freedoms via free software, making Purism (the marriage of high quality hardware and free software), his most ambitious, disruptive, and exciting venture yet. For Further Insight: The Future of Computing and Why You Should Care: https://www.youtube.com/watch?v=nFwBh9QZTwg Purism products: https://puri.sm/products/ Website: https://puri.sm Twitter URL: https://twitter.com/Puri_sm

We all know how marketers are tracking our every move on the world wide web. But now they’re starting to track you in the real world, too. Security cameras exist everywhere, but companies have now decided to add facial recognition software to those systems in order to track where you go, what you look at, who you’re with and how effective their ads are. I’ll also tell you why the Firefox browser is taking bold new steps to protect your web browsing privacy and how Apple’s CEO Tim Cook believes tech companies must take steps to safeguard their customer’s data. For Further Insight: Tim Cook’s speech on privacy: https://www.youtube.com/watch?v=kVhOLkIs20A Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

The reports of net neutrality’s death have been greatly exaggerated. We still have time for Congress to reinstate the federal rules that were struck down by the FCC. In the meantime, states like California are taking matters into their own hands, passing landmark state-level legislation to preserve a level playing field on the Internet. Ernesto Falcon from the Electronic Frontier Foundation (EFF) explains why Net Neutrality is not dead and how states are stepping in to try to fill the gap. Prior to joining EFF, Ernesto worked as a legislative staffer for two Members of Congress (2004-2010). He then became Vice President of Government Affairs at Public Knowledge where he advocated on behalf of consumers on copyright issues and broadband competition. During his tenure, Public Knowledge was successful in achieving one of the largest consumer victories in telecom policy by defeating AT&T’s merger with T-Mobile. The following year, PK and EFF scored a major victory for consumers by rallying the Internet community to defeat the Stop Online Piracy Act (SOPA). After eight years in Washington DC, he returned to his home state of California to go to law school at McGeorge School of Law in order to strengthen his digital rights advocacy. Now, as an attorney, he is excited to rejoin the fight for consumers and Internet freedom. For Further Insight: Website: https://eff.org/ Follow on Twitter: https://twitter.com/EFFFalcon LinkedIn: https://www.linkedin.com/in/ernestofalcon/

Bloomberg claims that Chinese manufacturers have implanted tiny spy chips into many of our computer systems. Apple, Amazon and others strenuously deny this. Who’s telling the truth? In today’s show, I’ll cover both sides of this story, discuss the various ways in which our global manufacturing and supply chain systems could be compromised, and delve into the several deeper considerations for these sorts of stories. In other news, Facebook has lowered its estimate of the number of users affected by the recent breach to a mere 29 million, Google has shuttered its flagging Google+ service after news of a breach leaked last week, I give you the highlights of my 320-page LexisNexis dossier, and finally I give you several tips for patching holes in your defenses in honor of National Cybersecurity Awareness Month. For Further Insight: Deleting your Google+ account: https://www.cnet.com/how-to/how-to-delete-your-google-account-data-breach/ Supply chain security 101: https://krebsonsecurity.com/2018/10/supply-chain-security-101-an-experts-view/ Make sure you’re registered to vote! https://votesaveamerica.com/verify Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons