Firewalls Don't Stop Dragons Podcast

Last week we saw perhaps the single largest data breach dump in history, close on the heels of another massive data disclosure from the same group. Dubbed “Collections 1-5”, together these data dumps represent literally billions of unique user email addresses and passwords. Using the online tool Have I Been Pwned will tell you whether your email address or password is contained in this hacker’s treasure trove. I will also tell you how you can mitigate the damage from this and future breaches. In other news, Apple’s FaceTime app contains a huge bug that could let other people eavesdrop on you and potentially even view you through your camera; Google and Firefox are offering competing visions of browser privacy with controversial new features; and a recent Mac malvertising campaign is using a classic technique called steganography to disguise its malicious intentions. Further Information Have I Been Pwned: https://haveibeenpwned.com/ Pod-Centennial Contest Details: https://firewallsdontstopdragons.com/celebrate-my-pod-centennial/ CLICK HERE TO ENTER the PodCentennial Contest!

We’re celebrating international Data Privacy Day along with the 100th episode of Firewalls Don’t Stop Dragons! And what a show we have! My guest today is none other than Bruce Schneier: internationally renowned security technologist and author of 14 books, including the best-seller Click Here to Kill Everybody)! Bruce and I discuss the current state of data privacy and what it’s going to take to rein in the corporations that are buying and selling our data with abandon. In this show I will also walk through my personal privacy checklist, including several things you could do RIGHT NOW to improve your online privacy. Along the way, I will share some tips from some of my favorite past guests on the show. But that’s not all! To celebrate my Pod-Centennial, I’m giving away 5 signed copies of my book as well as 5 signed copies of Bruce’s latest book, a stack of some of my favorite cybersecurity books, and MORE! You have to listen to this show to learn how to enter the contest – so there’s no better time to subscribe and listen! Further Information: Transcript of my interview with Bruce Schneier: http://podcast.firewallsdontstopdragons.com/wp-content/uploads/2019/01/Ep100-interview.txt Data Privacy Day Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/ Pod-Centennial Contest Details: https://firewallsdontstopdragons.com/celebrate-my-pod-centennial/ CLICK HERE TO ENTER Bruce Schneier interview transcriptDownload

Ancestry analysis firm 23andMe has just inked a 4-year, $300M deal to share its DNA samples with the colossal pharmaceutical company GlaxoSmithKline. What are they going to do your genetic material? Good question. Did you carefully read and understand your Terms of Service? Sure you did. I’ll tell you how you can ask 23andMe (or Ancestry.com) to discard your samples. In other news, some users are finding that they aren’t allowed to delete their Facebook apps from their phones, a new federal case has strengthened your privacy rights when it comes to phone searches, and the Weather Channel app has been selling your location data to third parties.

Last month Australia passed a sweeping surveillance law, quickly and without meaningful debate, called the Assistance and Access Act. Like the UK’s Investigatory Powers Act of 2016. this law aims to give authorities unprecedented power to force makers of messaging services to break their software and lie to their users. Danny O’Brien, International Director for the Electronic Frontier Foundation, helps us understand the true implications of these law and why they are truly harmful to democracy. Guest Information Danny O’Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped make the UK Parliament more transparent with FaxYourMP. He was EFF’s activist from 2005 to 2007, and its international outreach coordinator from 2007-2009. After three years working to protect at-risk online reporters with the Committee to Protect Journalists, he returned to EFF in 2013 to supervise EFF’s global strategy. He is also the co-founder of the Open Rights Group, Britain’s own digital civil liberties organization. Twitter: @EFF, @mala Website: https://www.eff.org/ Further Information: Truly Secure Messaging: https://firewallsdontstopdragons.com/truly-secure-mobile-calls-and-messaging-for-free/ Why Privacy Matters (TED Talk): https://www.ted.com/talks/glenn_greenwald_why_privacy_matters The Value of Privacy: https://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html Donate to the EFF! https://supporters.eff.org/donate/join-4

Just because you’re not paranoid doesn’t mean they’re not following you. A new study by Digital Content Next and Vanderbilt University shows just how much and how often Google apps on Android phones are tattling on you. Even an idle phone contacted Google 340 times a day. But can you avoid this by using Apple phones? Not completely. In other news, Microsoft’s Bali project aims to give users complete control over their data, Amazon’s Ring Doorbell may call the cops on “suspicious” people, and a new Apple phone phishing scam looks amazingly legitimate. Further Info Prying Yourself from Google’s Clutches: http://podcast.firewallsdontstopdragons.com/2018/09/17/prying-yourself-from-googles-clutches/ New Year’s (Cyber) Resolutions: https://firewallsdontstopdragons.com/new-years-resolutions-2019/

It’s that time of year again – time to make your New Years Resolutions! You know all those really important things I’ve been telling you to do, but you haven’t done? Well, I’m listing out the top ones on today’s show – and challenging each of you to check them off this year! There’s also a lot of news to catch you up on: why the green padlock symbol doesn’t mean what you think it does, an update on the SuperMicro computer spy chips, fitness apps stealing $120 from its users, scammers calling seniors pretending to be grandkids, US border agents not taking care of your private data, and a stunning NY Times study about all the apps that are tracking your location Further Reading NY Times article on location tracking: https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html Review my podcast! https://itunes.apple.com/us/podcast/firewalls-dont-stop-dragons-podcast/id1213366517?mt=2# Worst passwords of 2018: https://www.teamsid.com/100-worst-passwords/

Several US states are trialing programs to replace the venerable plastic driver’s license card with a new smartphone app. Unlike the “dumb” physical cards, the app would always be up to date. One study showed that 77% of all US adults have a smartphone. If you’re an adult under the age of 30, that percentage jumps to 94%. But as our guest, Chad Marlow, explains this is a solution in search of a problem. It comes with significant risks for both privacy and democracy. Guest Info: Chad Marlow (ACLU) Chad Marlow is a senior advocacy and policy counsel at the ACLU. He principally focuses on privacy, surveillance, and technology issues. His work on issues ranging from net neutrality and police body cameras to government surveillance and consumer privacy has been a frequent subject of national and international media coverage. He is the author of fifteen ACLU model bills. He spearheaded the ACLU’s nationwide #TakeCTRL and Community Control Over Police Surveillance (CCOPS) campaigns. Twitter: @chadaaronmarlow, @ACLU Website: ACLU.org Further Reading Could Plastic Driver’s Licenses Become a Thing of the Past? : https://www.pewtrusts.org/en/research-and-analysis/blogs/stateline/2018/11/20/could-plastic-drivers-licenses-become-a-thing-of-the-past Why Privacy Matters (TED Talk): https://www.ted.com/talks/glenn_greenwald_why_privacy_matters

It’s bad enough that online ads are watching us, but now billboards and other real world ads are watching us, too. Using video cameras and signals from our smart devices, marketers are tailoring their billboards and digital signage based on our appearance and even our identity. Sean O’Brien from Yale Privacy Lab explains how this is done and the significant privacy implications of this practice. He’ll also tell you how you to protect our privacy. Sean O’Brien is a Lecturer in Law at Yale Law School with expertise in cybersecurity, privacy, and mobile device forensics. He is Director of Business Development at Purism SPC, a company dedicated to digital privacy and security and founder of Yale Privacy Lab. Twitter: @YalePrivacyLab Yale Privacy Lab: https://privacylab.yale.edu Citizen FOSS guide: https://github.com/YalePrivacyLab/citizen-foss Original article from Medium: https://medium.com/s/thenewnew/irl-ads-are-taking-scary-inspiration-from-social-media-7088e8241beb

Marriott reports this week that it has exposed up to 500 million Starwood guests’ data going back as far as 2014. Affected hotels include Sheraton, Westin, W Hotels, Starwood timeshares and more, While it’s still not clear how much data may have been stolen, what is clear is that corporations are still not guarding their data properly. In today’s show, I’ll tell you what sort of customer information was vulnerable and what you can do to protect yourself. In other news, Ford’s CEO voices plans to monetize their customers’ data, the USPS has a mail preview service that you’ll want to sign up for before the bad guys do it on your behalf, and if you’ve ever had the creepy feeling that customer support reps can see what you’re typing in chat support before you send it… it’s because they can! More Info: Starwood’s breach info page: https://info.starwoodhotels.com How to freeze your credit: https://firewallsdontstopdragons.com/using-credit-freeze-for-self-defense/ Best & Worst gifts for 2018: https://firewallsdontstopdragons.com/best-worst-gifts-2018/

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? Today we discuss these topics and more with Daniel Davis from DuckDuckGo – a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn’t track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter URL: https://twitter.com/duckduckgo LinkedIn URL: https://www.linkedin.com/company/duck-duck-go DuckDuckGo Privacy Essentials: https://duckduckgo.com/app Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons