Firewalls Don't Stop Dragons Podcast

When is a Virtual Private Network (VPN) not really private? Answer: When your VPN provider tracks where you go and sells that information to someone else. Today we’ll talk about a recent study that shows that many of the top free VPN services make their money by collecting and selling your browsing information. That seems to violate the “P” part of “VPN”, but let’s face it: if the product is free, then you are probably the product. I’ll help you find a VPN service that is truly private. In other news, Amazon’s Echo was recently caught recording a private conversation and sending it to a seemingly random person - should you be worried? Also, I’ll explain why shouting at your hard drives can cause corruption and tell you about a great new feature of the Privacy Badger browser plugin that will stop Facebook from tracking you. For Further Insight: Don’t shout at your hard drives: https://www.youtube.com/watch?v=tDacjrSCeq4 Choosing a truly private VPN: https://www.privacytools.io/#vpn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Summer is upon us and for many of us that means travel - but before you even pack your bags, you need to listen to this podcast! In my interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! I also tell you why everyone needs to reboot their WiFi routers - by request of the FBI, no less! A Russian-made piece of malware called VPNFilter has infected half a million routers world-wise, and the remedy in most cases is simply to power-cycle or reboot your router. It’s easy to do and we should also take a few minutes to do it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b NCSA’s Cyber Trip Advisor: https://www.stopthinkconnect.org/resources/preview/tip-sheet-ncsas-cyber-trip-advisor Reboot your router and set your admin password: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/

On May 25th, the European Union will begin enforcing the GDPR - a sweeping set of regulations designed to return control of user data back to the users. These rules apply to EU people, not EU companies - so if you have a business or website that deal with folks from the EU, then you need to comply with these rules. Note that even if it’s just a newsletter, you could be on the hook for damages if you didn’t obtain proper consent from your subscribers. Ruth Carter is an Arizona attorney and an authority on intellectual property, business startups, contracts, and internet law. She is an American Bar Association Legal Rebel, a Phoenix Business Journal 40 Under 40, and a Super Lawyers Southwest Rising Star. Ruth also wrote three best-selling books on guerrilla marketing and social media law including The Legal Side of Blogging: How Not to get Sued, Fired, Arrested, or Killed. Ruth is also a professional speaker and has spoken at South by Southwest, Content Marketing World, Intelligent Content Conference, Women in Travel Summit, BlogHer, Dad 2.0 Summit, Ungagged, Phoenix Comicon (now Phoenix Comic Fest), and BlogPaws. She's also been featured in the Wall Street Journal, Entrepreneur, CEO Blog Nation, U.S. News, and on NPR. For Further Insight: Website: GeekLawFirm.com Twitter: https://twitter.com/rbcarter LinkedIn: https://www.linkedin.com/in/ruthcarter Facebook: https://www.facebook.com/carterlawfirmpllc Book: https://www.amazon.com/The-Legal-Side-Blogging-ebook/dp/B009K4U5RU/  Terms of Service; Didn’t Read: https://tosdr.org/  Ruth’s blogs on complying with GDPR: http://carterlawaz.com/category/gdpr/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Ever since WhatsApp was acquired by Facebook in 2014 for a staggering $19B, the extremely popular global messaging app has been losing its focus on privacy. WhatsApp co-founder Jan Koum (who grew up in the Soviet Union) has now left Facebook, and with him WhatsApp may have lost its last hope for retaining the user protections Koum carefully put in place. If you even considered leaving Facebook, you should consider leaving WhatsApp. In the news, we’ll talk about a software bug that may leave 350,000 internal defibrillators to hacking, the looming hail-Mary chance to save net neutrality, a new credit bureau you might want to freeze, more computer CPU chip bugs coming, a Twitter password change requirement, new iOS and Firefox privacy features, and getting into your next concert using just your face. For Further Insight:  Everything you need to know about credit freezes: https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/  Freezing your credit at NCTUE: 866-349-5355 Save Net Neutrality! https://battleforthenet.com  Try Signal! Get your friends to try it, too!! https://www.signal.org/  Blog article with more info: https://firewallsdontstopdragons.com/ditch-whatsapp-use-signal/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Phil Zimmermann fought a multi-year court battle and risked years in jail in order to defend your right to privacy. Phil created an email encryption system called Pretty Good Privacy (PGP) in 1991 that is still the gold standard for private email today. I sat down with Phil to discuss his legacy and why we are truly in the Golden Age of Surveillance, despite claims by law enforcement that all communications are “going dark”. Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates Inc (NAI) in 1997. In 2002 PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann served as special advisor and consultant until its acquisition by Symantec in 2010. Since 2004, his focus has been on secure telephony for the Internet, developing the ZRTP protocol and creating products that use it, including Silent Phone and Zfone. Zimmermann is Co-founder of Silent Circle, a provider of secure communications services. For Further Insight: Website: https://www.philzimmermann.com/

Our electronics and appliance manufacturers are desperately trying to turn all of their “dumb” products into “smart” ones by connecting them to the Internet - the new Internet of Things (IoT). And while dialing down your thermostat from the office and asking your portable speaker for today’s forecast is great, how can you trust that these devices aren’t spying on you or going rogue? In most cases, you can’t - which is why you need to wall them off from your computers Today I’ll tell you how everyone can segregate these insecure devices using the WiFi router you already own. I’ll also tell you about a promising new project from Microsoft that may make future IoT devices much more secure, how Facebook is moving 1.5B users out from under GDPR protections, how services like 23andMe and Ancestry.com can be used to catch serial killers, and why the FBI may be lying about information “going dark”. For Further Insight: How to put your IoT devices on the guest network: http://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Google truly does know everything. Law enforcement is now turning to the search company to locate potential crime suspects. Google owns Android and Waze, along with several other smartphone apps - many of which have full access to your whereabouts. Police are now asking Google for lists of users who were near crimes when they occurred in hopes of finding suspects.  How does this jibe with our Fourth Amendment rights and what can we do to protect our privacy in the Golden Age of Surveillance? I have an eye-opening conversation with Nathan Freed Wessler of the ACLU on how courts and lawmakers are struggling to deal with demands for data from Google and other sources by law enforcement agencies anxious to make use of the treasure trove of personal information they’re amassing. Nathan Freed Wessler is a staff attorney with the ACLU Speech, Privacy, and Technology Project, where he focuses on litigation and advocacy around surveillance and privacy issues, including government searches of electronic devices, requests for sensitive data held by third parties, and use of surveillance technologies. In 2017, he argued Carpenter v. United States in the U.S. Supreme Court, seeking to establish that the Fourth Amendment requires law enforcement to get a search warrant before requesting cell phone location data from a person’s cellular service provider. For Further Insight: Website: www.aclu.org Follow on Twitter: https://twitter.com/NateWessler Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Chairman Ajit Pai and the FCC voted to gut net neutrality late last year - but the fight is not over. The United States Senate can overturn these rule changes with a simple majority of 51 votes. Right now, we have 50. We need just one more vote. This process has a 60-day deadline, which is April 23rd. We have one week left to reverse these changes and preserve Net Neutrality. If you have a Republican Senator, now is the time to call them and express your support! I’ll discuss the new “multi-breach” of Sears, Kmart, Delta and MyFitnessPal, including what you need to do if you were affected. I’ll talk about Facebook CEO’s Mark Zuckerberg’s testimony in front of Congress and why most of the Congress folks completely missed the point. And while all of that was going on, Facebook was working in the background to severely weaken data collection regulations. For Further Insight: Delta.com breach info: https://www.delta.com/response  Sears/Kmart breach info: https://searsholdings.com/update  Save Net Neutrality - act by April 23! https://www.battleforthenet.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Would you take your computer in for repair if you knew the technicians would be scanning your hard drive looking for anything suspicious while they had the hood up? It’s something that apparently we all need to be considering now. A recent lawsuit against a California doctor has revealed that the FBI has been paying Best Buy Geek Squad technicians to search for illegal content on the computers that were sent in for repairs. The relationship appears to go back at least 10 years. Today I speak with Aaron Mackey, a staff attorney at the Electronic Frontier Foundation - the organization who discovered this connection through the use of Freedom of Information Act queries. I’ll also briefly update on the latest Facebook scandals and their attempts to address the massive privacy issues. Aaron Mackey joined EFF in 2015 after moving from Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. For Further Insight: Website: www.eff.org Twitter URL: https://twitter.com/aaron_d_mackey Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons - https://www.eff.org/deeplinks/2018/03/geek-squads-relationship-fbi-cozier-we-thought How to delete (or curtail) Facebook: https://firewallsdontstopdragons.com/its-time-to-delete-facebook/

At Facebook, it’s critically important to remember that you are not the customer, you’re the product. None of Facebook’s users pay a dime for its service and yet Facebook makes tens of billions of dollars a year. Facebook makes money off of you and your data. And as we’ve seen in the last two weeks, that business model is ripe for abuse. It’s long since time that we, as consumers, reject the current Internet business model: the collection and sale of phenomenal amounts of highly personal data. In today’s episode, I’ll discuss the Cambridge Analytica scandal and why a Facebook VP believes that growth is good at any cost. I’ll spell out all the reasons why I’m deleting my Facebook account - and why you should strongly consider doing the same. At the very least, you should see what information Facebook has on you, so you can make an informed decision - I’ll tell you how to do that, too. For Further Insight: Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Further Reading: https://firewallsdontstopdragons.com/its-time-to-delete-facebook/