Firewalls Don't Stop Dragons Podcast

What do you get when you cross cryptography with a wall of lava lamps? Believe it or not, a much more secure Internet. Cloudflare’s CTO John Graham-Cumming will explain why all our modern communications require sources of randomness to remain secure, and how his company has used a wall of 100 lava lamps to serve as a serious source of entropy. John will explain how to pick strong passwords using dice, how you can predict random numbers, and whether quantum computing will render all of our crypto technology useless. Book: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

How can you go wrong trying to stop sex trafficking? FOSTA, that’s how. The Fight Online Sex Trafficking Act (FOSTA) tried to fix something that wasn’t broke: under pre-existing law, we already had common sense regulations in place to prosecute online services that facilitated sex trafficking. But perhaps in an effort to appear tough on sex crimes, the US Congress passed additional regulations that are difficult to enforce and possibly even unconstitutional. The result may be more harm that good, robbing sex workers of resources that tools that served to protect them and squelching legitimate online content. I delve into this topic with the EFF’s Elliot Harmon, covering the history of legislation in this area and analyzing the nuances of this tricky area of law. We also explore the political and financial reasons the FOSTA/SESTA bills appeared to have such broad support and how these laws closely parallel copyright enforcement bills. Elliot Harmon is the associate director of activism at EFF. He advocates for free speech and the right to innovate online, with particular emphasis on patents, copyright, open access, and Section 230. Before coming to EFF, Elliot served as director of communications at Creative Commons, an organization that helps creators share their works with the public via open copyright licenses. Before that, he worked as a writer and curator for TechSoup, a technology resource for the nonprofit community. He has degrees from the University of South Dakota and the California College of the Arts. For Further Insight: Website: https://www.eff.org/about/staff/elliot-harmon  Rep Chris Cox on how Section 230 came into being: https://www.youtube.com/watch?v=iBEWXIn0JUY&t=3m55s Why Hollywood might see FOSTA as a step toward a filtered Internet: https://www.eff.org/deeplinks/2018/03/how-fosta-will-get-hollywood-filters-theyve-long-wanted Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

A small company has recently bought up a bunch of mobile phone add-ons and browser plugins, and apparently decided to start snooping on its customers. The apps have been downloaded by over 11 million people and appear to be keeping track of every single web site you visit. In another story, a plugin that is supposed to help you pin things on Pinterest is actually injecting code into web pages. While this appears to be just a coding accident, these two stories should be a wake-up call. I’ll tell you what you can do about it. In other news, Facebook, Google and others are helping you take your data to competing services, 23andMe is sharing your DNA with Big Pharma, a nasty new Bluetooth bug has been found, and Chrome is now marking many more websites as “insecure”. Tune in and I’ll explain how this all affects you!

There’s a data gold rush going on in the United States and without regulation, it’s turning into a Wild West of data mining. Modern humans generate tons of data exhaust every single day: what you buy, what you eat, what you watch, where you live and work and what you do in your free time. These activities and habits may speak volumes about your health risk factors - and therefore how expensive you will be to cover with health insurance. In today’s show, I’ll share some chilling insights from a conference where data brokers and health insurers are using this data to predict how much it will cost them to insure you - and potentially raise your rates or even find ways to avoid covering you at all. In other news, Apple has released a new privacy feature to protect your iPhone from hacking, the popular mobile payment firm Venmo is sharing your transaction information with the world, researchers have developed an app to stop your laser printer from tattling on you, and Google’s new Confidential Mode email isn’t so confidential. For Further Insight: Change Venmo privacy settings: https://help.venmo.com/hc/en-us/articles/210413717-Payment-Activity-Privacy  Get your LexisNexis report: https://personalreports.lexisnexis.com/access_your_full_file_disclosure.jsp  Find and obfuscate secret tracking dots from your printer: http://seeingyellow.com/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Where were you on the night of June 22nd? Your cellular provider knows. And until that date just a few weeks ago, if law enforcement wanted that info, all they had to do was ask. But we’re not just talking about one night… they know every place you’ve been, throughout the day, every day, going back months or even years. Thankfully, the Supreme Court ruled that law enforcement must now get a warrant to obtain this highly sensitive information and show probable cause. In our interview today, I have a truly thought-provoking discussion around the landmark Carpenter vs United States ruling with Shahid Buttar, a lawyer and grassroots organizer for the Electronic Frontier Foundation (EFF). We delve into the history behind cell phone data access in the United States and why a basic right to privacy is fundamental to any democracy.  Shahid Buttar leads EFF's grassroots and student outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms, with roots in communities across the country resisting mass surveillance. From 2009 to 2015, he led the Bill of Rights Defense Committee as Executive Director. After graduating from Stanford Law School in 2003, where he grew immersed in the movement to stop the war in Iraq, Shahid worked for a decade in Washington, D.C. He first worked in private practice for a California-based law firm, with public interest litigation projects advancing campaign finance reform and marriage equality for same-sex couples (as early as 2004, when LGBT rights remained politically marginal). From 2005 to 2008, he helped build a national progressive legal network and managed the communications team at the American Constitution Society for Law & Policy, before founding the program to combat racial & religious profiling at Muslim Advocates. For Further Insight: Website: https://eff.org/efa  Twitter URL: https://twitter.com/Sheeyahshee / https://twitter.com/EFF Facebook URL: https://www.facebook.com/EFF Become part of the Electronic Frontier Alliance: organizing@eff.org Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

We’ve talked about encryption in just about every single one of these shows but we’ve never actually talked about what it means to encrypt something. Did you know that Julius Caesar used cryptography to send secret messages to his generals? You may have heard about the vaunted Enigma Machine used by the Germans in World War II, but how did it work? I’ll walk you through the basics of creating secret codes and how to crack them - the science of cryptography and cryptanalysis! Secret codes have one big problem, though: coded messages stick out like a sore thumb. When you capture a spy with a piece of paper full of gibberish, you can bet it’s a coded message. But what if you could hide your messages in plain site? That’s called steganography and I’ll explain how crafty people have hidden messages since the days of the Ancient Greeks. For Further Insight: The Code Book by Simon Singh The Code Breakers by David Kahn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Wouldn’t it be great if you could speed up every single website you visit without paying a dime? Every time you go to a website, your computer or smartphone first has to look up how to get to get there - just like we used to have to look up people’s numbers in the phone book. The service we all use is the Domain Name System (DNS), and by default, your DNS provider is probably not very fast. Today, John Graham-Cumming (the CTO of Cloudflare) will carefully explain how this works and why his company’s 1.1.1.1 DNS service is so much faster than the default one you’re probably all using. Furthermore, Cloudflare’s service will keep your web surfing habits totally private - something your default service is almost surely NOT doing. John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Cloudflare’s 1.1.1.1 DNS service Steve Gibson’s DNS Benchmarking tool: https://www.grc.com/dns/benchmark.htm DNS Perf speed check: https://www.dnsperf.com/

This was a huge week for location privacy rights. In a 5-4 ruling, the Supreme Court has ruled that law enforcement must now obtain a warrant to obtain your cell phone location history. You cell provider knows where you are 24/7 and keeps records of your whereabouts that can go back for years. Until this ruling, this location information was considered to be unprotected and could be freely provided to law enforcement without notice or permission. In related news, all major US cellular providers have voluntarily terminated agreements to provide your location to third party vendors due to several recent cases of abuse. On the other hand, Apple’s new iOS 12 will come with a feature that will automatically send detailed location information to 911 operators when you make an emergency call. We’ll talk about how end-to-encryption in WhatsApp has allowed girls in ISIS-controlled Syria to maintain their schooling. And if you have a really old web browser, it’s time to update it - at least if you still want to shop online!

Android devices are everywhere - not just smartphones, but smart TVs, DVRs, streaming TV boxes and tablets. And many of these devices a shipping with a wide open backdoor for hackers. The Android debug port is supposed to only be used during software development, but many manufacturers are shipping popular Android-based products with this debug interface wide open. Hackers can easily use this interface to hack these devices, often from anywhere on the planet. In other news, California is trying to follow Vermont’s lead by introducing consumer data protection regulations, but many huge tech companies are trying desperately to defeat the measure. I’ll update you on the VPNFilter malware that is affecting more and more of our home WiFi routers, yet another critical Adobe Flash bug, and a $99 “unbreakable” smart padlock that can be hacked in under two seconds. For Further Insight: Locking down your home routers: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

There are estimated to be 2500-4000 data brokers in the United States who are collecting, buying and selling your information. Vermont has become the first state to pass laws to regulate this data mining that is largely working in the dark with zero accountability. We need more laws like this and I’ll tell you what you can do in the meantime to take more control over your personal and private data. Also in the news, Apple has announced some fantastic new security and privacy features for it’s upcoming iOS and macOS releases, Facebook has screwed up again, turning posts from 14M people public when they were supposed to be private, and My Heritage DNA service annouces that its 92M customer passwords were stolen. For Further Insight: Opting out of data collection: https://www.stopdatamining.me/opt-out-list/ Opting out of marketing, phone calls: https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs/  Know that they have on you: https://www.aboutthedata.com/portal/registration/step1  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons