Firewalls Don't Stop Dragons Podcast

The reports of net neutrality’s death have been greatly exaggerated. We still have time for Congress to reinstate the federal rules that were struck down by the FCC. In the meantime, states like California are taking matters into their own hands, passing landmark state-level legislation to preserve a level playing field on the Internet. Ernesto Falcon from the Electronic Frontier Foundation (EFF) explains why Net Neutrality is not dead and how states are stepping in to try to fill the gap. Prior to joining EFF, Ernesto worked as a legislative staffer for two Members of Congress (2004-2010). He then became Vice President of Government Affairs at Public Knowledge where he advocated on behalf of consumers on copyright issues and broadband competition. During his tenure, Public Knowledge was successful in achieving one of the largest consumer victories in telecom policy by defeating AT&T’s merger with T-Mobile. The following year, PK and EFF scored a major victory for consumers by rallying the Internet community to defeat the Stop Online Piracy Act (SOPA). After eight years in Washington DC, he returned to his home state of California to go to law school at McGeorge School of Law in order to strengthen his digital rights advocacy. Now, as an attorney, he is excited to rejoin the fight for consumers and Internet freedom. For Further Insight: Website: https://eff.org/ Follow on Twitter: https://twitter.com/EFFFalcon LinkedIn: https://www.linkedin.com/in/ernestofalcon/

Bloomberg claims that Chinese manufacturers have implanted tiny spy chips into many of our computer systems. Apple, Amazon and others strenuously deny this. Who’s telling the truth? In today’s show, I’ll cover both sides of this story, discuss the various ways in which our global manufacturing and supply chain systems could be compromised, and delve into the several deeper considerations for these sorts of stories. In other news, Facebook has lowered its estimate of the number of users affected by the recent breach to a mere 29 million, Google has shuttered its flagging Google+ service after news of a breach leaked last week, I give you the highlights of my 320-page LexisNexis dossier, and finally I give you several tips for patching holes in your defenses in honor of National Cybersecurity Awareness Month. For Further Insight: Deleting your Google+ account: https://www.cnet.com/how-to/how-to-delete-your-google-account-data-breach/ Supply chain security 101: https://krebsonsecurity.com/2018/10/supply-chain-security-101-an-experts-view/ Make sure you’re registered to vote! https://votesaveamerica.com/verify Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Ransomware, the malware that locks up your data and hold it for ransom, has been growing by leaps and bounds in the past few years, WHY? Because it works. Hackers trick you into installing the malware which encrypts your most precious files and demands that you pay Bitcoin to get the key that unlocks them. It’s like a burglar broke into your house and put all your valuables in a safe in your living room, demanding payment for the combination. Allan Liska explains why ransomware has become a favorite tool of both hackers and nation states, how to protect your computers, and even what you can do if you are unfortunate enough to be infected. Allan Liska is an intelligence analyst at Recorded Future. Allan has more than 15 years’ experience in information security and has worked as both a blue teamer and a red teamer for the intelligence community and the private sector. Allan has helped countless organizations improve their security posture using more effective and integrated intelligence. Allan is also one of the organizers of BSides Bordeaux and has presented at security conferences around the world on a variety of topics. He is the author of The Practice of Network Security, Building an Intelligence-Led Security Program, and Securing NTP: A Quickstart Guide and the co-author of DNS Security: Defending the Domain Name System and Ransomware: Defending Against Digital Extortion. For Further Insight: Ransomwhere (Ransomware protection for Mac): https://objective-see.com/products/ransomwhere.html No More Ransom (if you get infected): https://www.nomoreransom.org/ Website: www.bsidesbdx.org Twitter: https://twitter.com/uuallan LinkedIn: https://www.linkedin.com/in/allan2/

Between 50 and 90 million Facebook users’ accounts were exposed, appearing to give hackers full access as if they were logged in as you. Facebook has fixed the bug, but it’s not yet clear whose accounts may have been compromised. In other news, researchers have determined that Facebook is using your security contact information and information shared by others you know to target you with ads. In other privacy news, Google’s Chrome browser version 69 will automatically log you into the browser if you log in to any of Google many services - without warning or consent. While Google claims that none of your history or data is uploaded, the quiet change appears to violate their own privacy policies and has rankled many privacy advocates (including yours truly). For Further Insight: Why I’m Done With Chrome: https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

One of the best ways to avoid identity fraud is to freeze your credit reports. Thanks to a new law that just went into effect, freezing and unfreezing your credit is now completely free! Freezing your credit will prevent fraudsters from opening new loans and credit cards in your name, sticking you with the bill. When you actually need to open new credit, you can temporarily thaw your account (also free). I’ll tell you how. In other news, hackers have found flaws in two different government online payment systems, researchers have identified popular iPhone and Mac apps that are stealing your personal information, and Google has struct a secret deal with at least one major credit card company to get access to your real life purchase information. For Further Insight: Secret data sharing deal between Google and MasterCard: https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales iPhone apps stealing location data: https://www.macrumors.com/2018/09/07/iphone-apps-location-data-monetization/ Freeze your credit: https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Did you know that Google owns Android, Waze, YouTube, Pixel phones and Chromebooks? Did you know that almost 90% of Google’s revenue comes from advertising? There’s hardly any part of your online life that isn’t somehow tracked by Google. By using Google’s email, calendar, docs, search, browser, cloud storage and even phones, we are allowing Google to know just about everything about us. But there are viable alternatives that will respect your privacy. Daniel Davis from DuckDuckGo (a search privacy-first search company) will help us understand how and why Google tracks us, and then provide practical replacements for Google’s most popular services and products. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter: https://twitter.com/duckduckgo LinkedIn: https://www.linkedin.com/company/duck-duck-go Facebook: https://www.facebook.com/duckduckgo/ How to Live Without Google: https://spreadprivacy.com/how-to-remove-google/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons TRANSCRIPT OF FULL INTERVIEW Carey Parker: Hi everybody, welcome back to Firewalls Don't Stop Dragons. I got another great interview show for you today. I know I've had three interviews in a row. It's not normal. Usually I try to go back and forth, but it just hasn't worked out that way lately. I've got some great people available for the reason I just couldn't pass it up. Carey Parker: Today we're gonna be talking with Daniel Davis from DuckDuckGo and DuckDuckGo, if you recall, is the privacy centered search engine that's an alternative to Google search engine and that is what we're going to be talking about today. So we hear all the new stories about Facebook and Cambridge Analytica and all the things that have been exposed and all the things that Facebook knows about you. And what we really need to realize is that all of that just pales in comparison to what Google knows about most of us. Google is all up in everything that we do, and I think you'll actually be surprised to learn that all the different ways that Google is in our lives. Carey Parker: And so as all these scandals around privacy been coming around, I finally just decided personally that I've got to extract myself from Google, and they have some great products. These free products that they've had that I have used for many, many, many years are honestly great functionally, they're wonderful. And because like Facebook because everybody uses them, it's just so easy to share calendars, to share documents to ... email of course is not quite the same because at least emails are standard that many different services support, so you don't have to both be on Gmail in order to send email, which thank God. But, anyway, there are just so many things that Google's part of lives and we're going to cover that in the interview, So I'm not going to give too much away now. Carey Parker: But the point of this interview, what I tasked Daniel with and they've got an article at DuckDuckGo about how to get rid of Google, how to live your life without Google products. And it goes through all the top Google products and gives you a really viable alternative. But to me that wasn't good enough. What I wanted to know was, okay, if I'm deeply embedded in Google and I've got all this data and all my friends know my Gmail address and I'm sharing Google calendars with people, it's not just enough to know here's an alternative, but how do I actually switch from one to the other? And so we're going to talk about that today with Daniel Davis and let's jump right in. Carey Parker: He's got some really great info and we'll start off talking a little bit about what the real backgro...

AT&T is operating top secret Internet monitoring facilities for the NSA in the heart of 8 major US cities according to a blockbuster report from The Intercept. Sitting on top of major digital communications arteries, these surveillance systems can track and record most communications within the US as well as many outside our physical borders. David Ruiz from the Electronic Frontier Foundation explains why these sorts of systems go way beyond the foreign spying mandate of the NSA and hoover up hordes of “incidental” data on ordinary, law-abiding US citizens. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that seek to reform or reauthorize Section 702 of the FISA Amendments Act, a law that is currently one of the U.S. government's most powerful surveillance tools. Previously, David worked as a journalist covering legal affairs for some of Silicon Valley's largest companies, including Google, Facebook, Twitter and Uber. He has also had his work featured in KQED, The East Bay Express, SFGate.com, The Sacramento Bee and KZSU Stanford 90.1 FM. Beyond writing, David also hosts a personal podcast called Death Knell, which explores the grieving process after death.  For Further Insight: Website: davidalruiz.com Follow on Twitter: @davidalruiz @EFF Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Frontline’s United States of Secrets: https://www.pbs.org/video/frontline-united-states-secrets-part-one/ The Intercept, AT&T NSA Spy Hubs: https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/ EFF’s response to Intercept: https://www.eff.org/deeplinks/2018/07/eight-att-buildings-and-ten-years-litigation-shining-light-nsa-surveillance

The 2018 DEFCON Vote Hacking Village showed once again that our voting machines are way too easy to hack. Even though election system manufacturers refuse to allow independent researchers to vet their products directly, hackers at DEFCON have managed to get their hands on several systems in use today, and show that they are trivial to compromise. Jacob Hoffman-Andrews from the EFF explains what all of this means and the measures we need to take to address these shortcomings. The PAVE Act that’s currently before Congress would provide mechanisms to mitigate the weaknesses of our voting systems by requiring a paper trail for all votes and risk-limiting audits to validate vote totals with minimal effort and cost. The companion Secure Elections Act is now a much weaker bill and would need to have these provisions restored. Jacob Hoffman-Andrews is a lead developer on Let's Encrypt, the free and automated Certificate Authority. He also works on EFF's Encrypt the Web initiative and helps maintain the HTTPS Everywhere browser extension. Prior to working at EFF, Jacob was on Twitter's anti-spam and security teams. One the security team, he implemented HTTPS-by-default with forward secrecy, key pinning, HSTS, and CSP. On anti-spam, he deployed new machine-learned models to detect and block spam in realtime. Before Twitter, he worked at Google, variously on the maps, transit, and shopping teams. For Further Insight: Website: https://www.eff.org/about/staff/jacob-hoffman-andrews Follow on Twitter: https://twitter.com/j4cob

Facebook’s “Protect” Virtual Private Network is anything but “private”. Facebook has been using this VPN to monitor all of your web surfing, adding even more information about its users to its colossal database. Apple removed the app from it’s App Store due to violations of its recently upgraded privacy policies. You should delete the app from your phone and use a better VPN. In other news, banks are using 2,000 data points about how you tap, swipe, type, click and move to try to prevent fraud, DEFCON hackers have found more bugs in our election systems (though the headlines got it mostly wrong), Amazon Echo might be able to scare off burglars, and DNA service 23andMe is starting to dial back access to your data for third party developers. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Security researchers have demonstrated that a modern all-in-one printer machine can be compromised using technology from the 1970s: the venerable fax machine. If you have a fancy printer/fax, you need to update its software ASAP. Presenters are this year’s DEFCON hacker conference have shown that they can compromise HP printer/fax machines by sending it a maliciously formatted fax message. I’ll also tell you about a scary and effective sextortion scam, a dire warning from the FBI about a coming ATM cashout heist, some more browser plugins that are tracking all the websites you visit, and why turning of Location History in your Google settings isn’t actually stopping Google from tracking where you go. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons