Firewalls Don't Stop Dragons Podcast

Did you know that Google owns Android, Waze, YouTube, Pixel phones and Chromebooks? Did you know that almost 90% of Google’s revenue comes from advertising? There’s hardly any part of your online life that isn’t somehow tracked by Google. By using Google’s email, calendar, docs, search, browser, cloud storage and even phones, we are allowing Google to know just about everything about us. But there are viable alternatives that will respect your privacy. Daniel Davis from DuckDuckGo (a search privacy-first search company) will help us understand how and why Google tracks us, and then provide practical replacements for Google’s most popular services and products. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn’t track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter: https://twitter.com/duckduckgo LinkedIn: https://www.linkedin.com/company/duck-duck-go Facebook: https://www.facebook.com/duckduckgo/ How to Live Without Google: https://spreadprivacy.com/how-to-remove-google/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons TRANSCRIPT OF FULL INTERVIEW Carey Parker: Hi everybody, welcome back to Firewalls Don’t Stop Dragons. I got another great interview show for you today. I know I’ve had three interviews in a row. It’s not normal. Usually I try to go back and forth, but it just hasn’t worked out that way lately. I’ve got some great people available for the reason I just couldn’t pass it up. Carey Parker: Today we’re gonna be talking with Daniel Davis from DuckDuckGo and DuckDuckGo, if you recall, is the privacy centered search engine that’s an alternative to Google search engine and that is what we’re going to be talking about today. So we hear all the new stories about Facebook and Cambridge Analytica and all the things that have been exposed and all the things that Facebook knows about you. And what we really need to realize is that all of that just pales in comparison to what Google knows about most of us. Google is all up in everything that we do, and I think you’ll actually be surprised to learn that all the different ways that Google is in our lives. Carey Parker: And so as all these scandals around privacy been coming around, I finally just decided personally that I’ve got to extract myself from Google, and they have some great products. These free products that they’ve had that I have used for many, many, many years are honestly great functionally, they’re wonderful. And because like Facebook because everybody uses them, it’s just so easy to share calendars, to share documents to … email of course is not quite the same because at least emails are standard that many different services support, so you don’t have to both be on Gmail in order to send email, which thank God. But, anyway, there are just so many things that Google’s part of lives and we’re going to cover that in the interview, So I’m not going to give too much away now. Carey Parker: But the point of this interview, what I tasked Daniel with and they’ve got an article at DuckDuckGo about how to get rid of Google, how to live your life without Google products. And it goes through all the top Google products and gives you a really viable alternative. But to me that wasn’t good enough. What I wanted to know was, okay, if I’m deeply embedded in Google and I’ve got all this data and all my friends know my Gmail address and I’m sharing Google calendars with people, it’s not just enough to know here’s an alternative, but how do I actually switch from one to the other? And so we’re going to talk about that today with Daniel Davis and let’s jump right in. Carey Parker: He’s got some really great info and we’ll start off talking a little bit about what the real backgro…

AT&T is operating top secret Internet monitoring facilities for the NSA in the heart of 8 major US cities according to a blockbuster report from The Intercept. Sitting on top of major digital communications arteries, these surveillance systems can track and record most communications within the US as well as many outside our physical borders. David Ruiz from the Electronic Frontier Foundation explains why these sorts of systems go way beyond the foreign spying mandate of the NSA and hoover up hordes of “incidental” data on ordinary, law-abiding US citizens. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that seek to reform or reauthorize Section 702 of the FISA Amendments Act, a law that is currently one of the U.S. government's most powerful surveillance tools. Previously, David worked as a journalist covering legal affairs for some of Silicon Valley's largest companies, including Google, Facebook, Twitter and Uber. He has also had his work featured in KQED, The East Bay Express, SFGate.com, The Sacramento Bee and KZSU Stanford 90.1 FM. Beyond writing, David also hosts a personal podcast called Death Knell, which explores the grieving process after death.  For Further Insight: Website: davidalruiz.com Follow on Twitter: @davidalruiz @EFF Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Frontline’s United States of Secrets: https://www.pbs.org/video/frontline-united-states-secrets-part-one/ The Intercept, AT&T NSA Spy Hubs: https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/ EFF’s response to Intercept: https://www.eff.org/deeplinks/2018/07/eight-att-buildings-and-ten-years-litigation-shining-light-nsa-surveillance

The 2018 DEFCON Vote Hacking Village showed once again that our voting machines are way too easy to hack. Even though election system manufacturers refuse to allow independent researchers to vet their products directly, hackers at DEFCON have managed to get their hands on several systems in use today, and show that they are trivial to compromise. Jacob Hoffman-Andrews from the EFF explains what all of this means and the measures we need to take to address these shortcomings. The PAVE Act that’s currently before Congress would provide mechanisms to mitigate the weaknesses of our voting systems by requiring a paper trail for all votes and risk-limiting audits to validate vote totals with minimal effort and cost. The companion Secure Elections Act is now a much weaker bill and would need to have these provisions restored. Jacob Hoffman-Andrews is a lead developer on Let's Encrypt, the free and automated Certificate Authority. He also works on EFF's Encrypt the Web initiative and helps maintain the HTTPS Everywhere browser extension. Prior to working at EFF, Jacob was on Twitter's anti-spam and security teams. One the security team, he implemented HTTPS-by-default with forward secrecy, key pinning, HSTS, and CSP. On anti-spam, he deployed new machine-learned models to detect and block spam in realtime. Before Twitter, he worked at Google, variously on the maps, transit, and shopping teams. For Further Insight: Website: https://www.eff.org/about/staff/jacob-hoffman-andrews Follow on Twitter: https://twitter.com/j4cob

Facebook’s “Protect” Virtual Private Network is anything but “private”. Facebook has been using this VPN to monitor all of your web surfing, adding even more information about its users to its colossal database. Apple removed the app from it’s App Store due to violations of its recently upgraded privacy policies. You should delete the app from your phone and use a better VPN. In other news, banks are using 2,000 data points about how you tap, swipe, type, click and move to try to prevent fraud, DEFCON hackers have found more bugs in our election systems (though the headlines got it mostly wrong), Amazon Echo might be able to scare off burglars, and DNA service 23andMe is starting to dial back access to your data for third party developers. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Security researchers have demonstrated that a modern all-in-one printer machine can be compromised using technology from the 1970s: the venerable fax machine. If you have a fancy printer/fax, you need to update its software ASAP. Presenters are this year’s DEFCON hacker conference have shown that they can compromise HP printer/fax machines by sending it a maliciously formatted fax message. I’ll also tell you about a scary and effective sextortion scam, a dire warning from the FBI about a coming ATM cashout heist, some more browser plugins that are tracking all the websites you visit, and why turning of Location History in your Google settings isn’t actually stopping Google from tracking where you go. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

What do you get when you cross cryptography with a wall of lava lamps? Believe it or not, a much more secure Internet. Cloudflare’s CTO John Graham-Cumming will explain why all our modern communications require sources of randomness to remain secure, and how his company has used a wall of 100 lava lamps to serve as a serious source of entropy. John will explain how to pick strong passwords using dice, how you can predict random numbers, and whether quantum computing will render all of our crypto technology useless. Book: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

How can you go wrong trying to stop sex trafficking? FOSTA, that’s how. The Fight Online Sex Trafficking Act (FOSTA) tried to fix something that wasn’t broke: under pre-existing law, we already had common sense regulations in place to prosecute online services that facilitated sex trafficking. But perhaps in an effort to appear tough on sex crimes, the US Congress passed additional regulations that are difficult to enforce and possibly even unconstitutional. The result may be more harm that good, robbing sex workers of resources that tools that served to protect them and squelching legitimate online content. I delve into this topic with the EFF’s Elliot Harmon, covering the history of legislation in this area and analyzing the nuances of this tricky area of law. We also explore the political and financial reasons the FOSTA/SESTA bills appeared to have such broad support and how these laws closely parallel copyright enforcement bills. Elliot Harmon is the associate director of activism at EFF. He advocates for free speech and the right to innovate online, with particular emphasis on patents, copyright, open access, and Section 230. Before coming to EFF, Elliot served as director of communications at Creative Commons, an organization that helps creators share their works with the public via open copyright licenses. Before that, he worked as a writer and curator for TechSoup, a technology resource for the nonprofit community. He has degrees from the University of South Dakota and the California College of the Arts. For Further Insight: Website: https://www.eff.org/about/staff/elliot-harmon  Rep Chris Cox on how Section 230 came into being: https://www.youtube.com/watch?v=iBEWXIn0JUY&t=3m55s Why Hollywood might see FOSTA as a step toward a filtered Internet: https://www.eff.org/deeplinks/2018/03/how-fosta-will-get-hollywood-filters-theyve-long-wanted Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

A small company has recently bought up a bunch of mobile phone add-ons and browser plugins, and apparently decided to start snooping on its customers. The apps have been downloaded by over 11 million people and appear to be keeping track of every single web site you visit. In another story, a plugin that is supposed to help you pin things on Pinterest is actually injecting code into web pages. While this appears to be just a coding accident, these two stories should be a wake-up call. I’ll tell you what you can do about it. In other news, Facebook, Google and others are helping you take your data to competing services, 23andMe is sharing your DNA with Big Pharma, a nasty new Bluetooth bug has been found, and Chrome is now marking many more websites as “insecure”. Tune in and I’ll explain how this all affects you!

There’s a data gold rush going on in the United States and without regulation, it’s turning into a Wild West of data mining. Modern humans generate tons of data exhaust every single day: what you buy, what you eat, what you watch, where you live and work and what you do in your free time. These activities and habits may speak volumes about your health risk factors – and therefore how expensive you will be to cover with health insurance. In today’s show, I’ll share some chilling insights from a conference where data brokers and health insurers are using this data to predict how much it will cost them to insure you – and potentially raise your rates or even find ways to avoid covering you at all. In other news, Apple has released a new privacy feature to protect your iPhone from hacking, the popular mobile payment firm Venmo is sharing your transaction information with the world, researchers have developed an app to stop your laser printer from tattling on you, and Google’s new Confidential Mode email isn’t so confidential. For Further Insight: Change Venmo privacy settings: https://help.venmo.com/hc/en-us/articles/210413717-Payment-Activity-Privacy  Get your LexisNexis report: https://personalreports.lexisnexis.com/access_your_full_file_disclosure.jsp  Find and obfuscate secret tracking dots from your printer: http://seeingyellow.com/  Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Where were you on the night of June 22nd? Your cellular provider knows. And until that date just a few weeks ago, if law enforcement wanted that info, all they had to do was ask. But we’re not just talking about one night… they know every place you’ve been, throughout the day, every day, going back months or even years. Thankfully, the Supreme Court ruled that law enforcement must now get a warrant to obtain this highly sensitive information and show probable cause. In our interview today, I have a truly thought-provoking discussion around the landmark Carpenter vs United States ruling with Shahid Buttar, a lawyer and grassroots organizer for the Electronic Frontier Foundation (EFF). We delve into the history behind cell phone data access in the United States and why a basic right to privacy is fundamental to any democracy.  Shahid Buttar leads EFF's grassroots and student outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms, with roots in communities across the country resisting mass surveillance. From 2009 to 2015, he led the Bill of Rights Defense Committee as Executive Director. After graduating from Stanford Law School in 2003, where he grew immersed in the movement to stop the war in Iraq, Shahid worked for a decade in Washington, D.C. He first worked in private practice for a California-based law firm, with public interest litigation projects advancing campaign finance reform and marriage equality for same-sex couples (as early as 2004, when LGBT rights remained politically marginal). From 2005 to 2008, he helped build a national progressive legal network and managed the communications team at the American Constitution Society for Law & Policy, before founding the program to combat racial & religious profiling at Muslim Advocates. For Further Insight: Website: https://eff.org/efa  Twitter URL: https://twitter.com/Sheeyahshee / https://twitter.com/EFF Facebook URL: https://www.facebook.com/EFF Become part of the Electronic Frontier Alliance: organizing@eff.org Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons