Firewalls Don't Stop Dragons Podcast

Today's podcast addresses listener questions on topics like handling 2FA codes while traveling, the necessity of changing passwords, securing IoT devices, using hardware security keys, privacy-focused email clients, VPN challenges, and protecting cryptocurrency. The host also gives insights on the TikTok ban legislation.

Today I talk with Justin and Jodi Daniels about that state of privacy today, how we can help consumers and companies better understand the importance of privacy and security, and how companies are dealing with these aspects internally. We talk about the state of privacy regulations (or the lack thereof), why companies are failing to protect their customers, and what we can do about that. Justin and Jodi host a podcast together called She Said Privacy, He Said Security. They’ve also co-written a book called “Data Reimagined: Building trust one byte at a time”. Interview Notes Justin & Jodi Daniels’ podcast: https://redcloveradvisors.com/podcasts/ Justin Daniels: https://www.linkedin.com/in/justinsdaniels/ Jodi Daniels: https://www.linkedin.com/in/jodihoffmandaniels/  Red Clover Advisors: https://redcloveradvisors.com/ Baker Donelson: https://www.bakerdonelson.com/  Data Reimagined book: https://redcloveradvisors.com/book-sales/  International Association of Privacy Professionals (IAPP): https://iapp.org/  Information Commissioner’s Office (ICO): https://ico.org.uk/  YourAdChoices (AboutAds.info): https://youradchoices.com/  How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Jeff Jockisch top 10: https://www.linkedin.com/posts/jozian_privacypodcast-peopleschoice-privacyawards-activity-7155591864593637376-Q3bi/  Further Info Coin & Treasure Promo: https://fdsd.me/promo424 Send me your questions: https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:33: Interview setup 0:03:31: Tell me about your podcast and how you got into this space. 0:06:40: How do you explain privacy to regular, everyday people? 0:09:37: How can we help people better understand the need for privacy? 0:11:10: What are the newest threats to our privacy? 0:14:58: So how do we know what to trust? 0:17:07: What mistakes do companies make when crafting and implementing privacy policies? 0:21:37: How should companies embrace privacy? 0:25:51: What’s life like for a Chief Privacy Officer today? 0:30:22: Can we blame companies for monetizing our data since it’s legal to do so? 0:34:01: How do we combat privacy problems with security tech? 0:37:11: Why can’t the US government pass a federal privacy law? 0:42:54: Would it help to pass laws that mandate transparency? 0:46:11: What about a universal opt-out mechanism? 0:47:24: Is mainstream media covering privacy and security properly? 0:49:36: What are some promising Privacy Enhancing Technologies? 0:53:50: What are some of your top resources to learn more about privacy? 0:56:09: Any final thoughts? 0:57:30: Interview follow-up 0:59:25: Looking ahead

Passwords, two-factor authentication and even passkeys don’t matter if you can access someone’s account by answering three simple account recovery questions. Also, just about every account today has a way to reset your password, no matter how strong it is, if you can gain access to someone’s email account. Until we can remove these weak links, it doesn’t matter how secure our regular authentication schemes are. In the news: old A&T breach data is making the rounds; Apple Silicon chips have a security flaw baked into the hardware; two very popular digital safe locks come with backdoor codes; Twitter/X is failing to properly check posted links that redirect to scam sites; a court rules that external continuous camera surveillance of your house doesn’t require a warrant; searches for VPNs spike after PornHub pulls out of Texas; a blockbuster NY Times article brings much needed attention to data collection in cars; AirBnB implements a blanket camera ban. And I announce a killer new patron promotion! Click this link! https://fdsd.me/promo424 Article Links [restoreprivacy.com] AT&T Investigating Potential Breach Following Leak of 73.4 Million Records https://restoreprivacy.com/att-investigating-breach-following-leak-of-73-4-million-records/ HaveIBeenPwned.com: https://haveibeenpwned.com/  [9to5Mac] Unpatchable security flaw in Apple Silicon Macs breaks encryption https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/ [404media.co] Massively Popular Safe Locks Have Secret Backdoor Codes https://www.404media.co/massively-popular-safe-locks-have-secret-backdoor-codes/ [Lifehacker] It’s Not Safe to Click Links on X https://lifehacker.com/tech/its-not-safe-to-click-links-on-x [Gizmodo] The Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court https://gizmodo.com/feds-can-film-your-front-porch-without-warrant-1851352414 [CNN] Searches for VPNs spike in Texas after Pornhub pulls out of the state https://www.cnn.com/2024/03/15/tech/vpn-searches-spike-texas-pornhub [The New York Times] Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html [Lifehacker] Airbnb’s New Security Camera Ban Is a Big Deal https://lifehacker.com/tech/airbnbs-new-security-camera-ban Tip of the Week: https://firewallsdontstopdragons.com/account-security-is-broken/ Further Info Become a Patron! (promo): https://fdsd.me/promo424  Lock & Code Podcast: https://www.malwarebytes.com/blog/podcast/2024/03/securing-your-home-network-is-long-tiresome-and-entirely-worth-it-with-carey-parker-lock-and-code-s05e07 Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:04:05: News preview 0:06:12: AT&T Investigating Potential Breach Following Leak of 73.4 Million Records 0:11:24: Unpatchable security flaw in Apple Silicon Macs breaks encryption 0:16:34: Massively Popular Safe Locks Have Secret Backdoor Codes 0:21:57: It’s Not Safe to Click Links on X 0:30:28: The Feds Can Film Your Front Porch for 68 Days Without a Warrant, Says Court 0:33:28: Searches for VPNs spike in Texas after Pornhub pulls out of the state 0:38:35: Automakers Are Sharing Consumers’ Driving Behavior With Insurance 0:47:36: Airbnb’s New Security Camera Ban Is a Big Deal 0:49:57: Tip of the Week: Account Security is Broken 0:55:49: Dragon Coin promotion details

The United States has no general data privacy laws. However, we do have some sector-specific regulations, including HIPAA for health data. But there are many misconceptions about HIPAA. For example, the “P” in HIPAA does not stand for Privacy – it stands for Portability. So, what information does HIPAA cover? Which healthcare and related service providers are governed by HIPAA? And most importantly, what can you do to protect your medical and health data? Today we’ll dive deep into this subject with Kate Black, a data, privacy & health lawyer and a strategic advisor in the health data field. Interview Notes Kate Black: https://www.linkedin.com/in/kate-black-sfo/  Washington’s My Health, My Data law: https://hintzelaw.com/blog/2023/4/9/wa-my-health-my-data-act-pt1-overview  HIPAA rights: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html  STAT medical news: https://www.statnews.com/  Further Info Check out my dragon challenge coins! https://fdsd.me/coin2 Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:03:29: What is covered by HIPAA? What isn’t covered? 0:06:51: Can I sign away my HIPAA rights? 0:08:08: Who in my medical provider’s office can access my data? 0:10:23: How audits HIPAA compliance? 0:11:47: How is my health data shared between providers? 0:14:49: Are certain types of health data treated differently? 0:15:23: How does health privacy work for minors? 0:16:53: Outside of health providers, who else can access my data? 0:20:56: How does HIPAA compare to other sector-specific privacy laws? 0:22:20: Do secondary providers share back with my primary care physician? 0:24:42: Who stores and protects my digital medical records? 0:27:46: How are third party providers audited for privacy and security? 0:29:56: Are HIPAA security requirements keeping up with the times? 0:33:13: Do I have full access to my complete medical record? 0:36:52: How do marketers get my health data? 0:39:51: What laws govern inferred health information? 0:45:48: Do pharmacies sell health data to marketers? 0:48:57: How private are online medical portals and checkin services? 0:53:35: How concerned should we be about using DNA analysis services? 0:59:17: How can we improve our health privacy laws? 1:00:30: What are your personal tips for protecting health data? 1:02:37: If I think someone has abused my data, what can I do? 1:04:13: Interview wrap-up 1:06:49: Looking ahead

The podcast delves into the importance of backing up 2FA seeds for account security. Topics include FBI using push notifications, Roku's forced arbitration, security risks in video doorbells, AI pinpointing photo locations, facial recognition in vending machines, data broker bankruptcy impact, privacy laws, Proton Mail's features, and crackdowns on spyware firms.

With the rise of IoT and tracking technologies (both online and in the real word), we are generating staggering amounts of highly personal information. This massive trove of juicy data has drawn the attention of several interested parties outside the realm of consumer marketing. Like chum in the water, it’s created a feeding frenzy from data aggregators as well as from law enforcement and intelligence agencies, both foreign and domestic. The journalists at 404 Media have published several blockbuster articles on this data ecosystem which have triggered backlashes from lawmakers and consumers alike. Today I’ll speak with two of the founders: Joseph Cox and Jason Koebler. Interview Notes 404 Media: https://www.404media.co/  404 Media podcast: https://www.404media.co/the-404-media-podcast/ 404 Media support: https://www.404media.co/faq/  Formation of 404 Media: https://www.nytimes.com/2023/08/22/business/media/404-media-vice-motherboard.html  Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup 0:02:45: How did 404 Media come to be? 0:12:00: When do we think law enforcement started buying our data? 0:15:39: What’s up with companies listening to our conversations? 0:23:01: Where does law enforcement go to get our data? 0:27:46: How are video feeds being gathered and sold? 0:34:23: Can’t all this data also be used by “bad guys”? 0:39:13: Is it legal for law enforcement to buy data from foreign sources? 0:44:28: Have your stories triggered responses from the US government? 0:50:01: Trust in media is low these days – how can we fix that? 0:59:37: How can we support good work like yours? 1:03:22: Wrap-up

Artificial Intelligence is the buzzword of the day. Since the launch of ChatGPT in November 2022, there has been a flood of AI-based tools and services. Many tech firms are racing to build AI into their products without considering the consequences, let alone taking the time to build in guardrails for privacy and security. Today, I’ll tell you about some of the risks, how to mitigate them and explain why you should spend some time playing with AI tools so we can understand how they do (and don’t) work. In other news: Wyze home webcams had yet another security breach; Poland’s PM calls out illegal use of Pegasus spyware by opposition party; US military finally notifies 20,000 of email data breach; Skiff was bought by Notion and will shut down services; FTC fines Avast antivirus $16.5M for mining user data; Backdoors in encryption violate human rights according to EU court; LockBit ransomware servers were taken over by multinational law enforcement efforts; Apple’s iMessage gaining quantum computer resistant encryption; Signal finally allows users to hide cell phone numbers via usernames; new Android secure browsing features announced. Article Links [Lifehacker] Wyze Had a Security Breach (Again) https://lifehacker.com/tech/wyze-security-breach-again [The Associated Press] Poland’s prime minister says authorities widely used spyware under the previous government https://apnews.com/article/poland-government-pegasus-spyware-tusk-duda-78420fc7099401926d28b5be98669192 [TechCrunch] US military notifies 20,000 of data breach after cloud email leak https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/ [The Cut] The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger https://www.thecut.com/article/amazon-scam-call-ftc-arrest-warrants.html https://pluralistic.net/2024/02/05/cyber-dunning-kruger/  [restoreprivacy.com] Skiff Mail Shutting Down in 6 Months (Try These Alternatives) https://restoreprivacy.com/skiff-shutting-down-alternatives-to-skiff-mail/ [404media.co] FTC Fines Avast $16.5 Million For Selling Browsing Data Harvested by Antivirus https://www.404media.co/impact-ftc-fines-avast-16-5-million-for-selling-browsing-data-harvested-by-antivirus/ [Ars Technica] Backdoors that let cops decrypt messages violate human rights, EU court says https://arstechnica.com/tech-policy/2024/02/human-rights-court-takes-stand-against-weakening-of-end-to-end-encryption/ [Ars Technica] LockBit ransomware group taken down in multinational operation https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/ [WIRED] Apple’s iMessage Is Getting Post-Quantum Encryption https://www.wired.com/story/apple-pq3-post-quantum-encryption/ [signal.org] Keep your phone number private with Signal usernames https://signal.org/blog/phone-number-privacy-usernames/ [Lifehacker] These New Android Features Will Keep You Safer Online https://lifehacker.com/tech/android-safer-browsing-and-live-threat-detection-rolling-out Tip of the Week: Mitigating AI Risks https://firewallsdontstopdragons.com/how-to-mitigate-the-risks-of-ai/ Further Info Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:44: AT&T outage, hot take 0:03:08: News rundown 0:04:44: Wyze Had a Security Breach (Again) 0:07:27: Poland’s PM says authorities used spyware under the previous government 0:10:19: US military notifies 20,000 of data breach after cloud email leak 0:13:50: The Day I Put $50,000 in a Shoe Box and Handed It to a Stranger 0:22:37: Skiff Mail Shutting Down in 6 Months 0:27:14: FTC Fines Avast $16.5 Million For Selling Browsing Data 0:32:20: Backdoors that let cops decrypt messages violate human rights, EU court says 0:36:18: LockBit ransomware group taken down in multinational operation 0:39:41: Apple’s iMessage Is Getting Post-Quantum Encryption 0:45:02: Keep your phone number private with Signal usernames 0:49:20: These New Android Features Will Keep You Safer Online 0:52:12: Tip of the Week: Mitigating AI Risks 1:04:25: Wrap up

Modern cars are chock full of sensors and connected to the internet via built-in cellular modems. That’s a recipe for massive data collection. Last September, Mozilla’s Privacy Not Included team released a blockbuster report how much data our cars were gathering and it was absolutely staggering. According to the hard-to-find privacy policies, your car can collect extremely personal information including precise location, contact lists from your phone, call and message data, and – believe it or not – even “sexual activity”. Today, I’ll walk through this report and its implications with the head of Mozilla’s Privacy Not Included project, Jen Caltrider. Interview Notes Mozilla’s Privacy Not Included: https://foundation.mozilla.org/en/privacynotincluded/  Mozilla’s car report: https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/  Mozilla’s report on AI chatbots: https://foundation.mozilla.org/en/privacynotincluded/articles/happy-valentines-day-romantic-ai-chatbots-dont-have-your-privacy-at-heart/  Donate to Mozilla Foundation: https://donate.mozilla.org/  Mozilla layoffs: https://techcrunch.com/2024/02/13/mozilla-downsizes-as-it-refocuses-on-firefox-and-ai-read-the-memo/  Sign the petition to stop car data gathering! https://foundation.mozilla.org/en/privacynotincluded/articles/car-companies-stop-your-huge-data-collection-programs-en/  Bruce Schneier article in Slate: https://slate.com/technology/2023/12/ai-mass-spying-internet-surveillance.html  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:39: What were some top finding from your car privacy report? 0:05:14: Which cars did you review and how did you evaluate them? 0:09:44: How was I notified and how did I consent to my car’s privacy policy? 0:10:39: What are cars tracking? Are electric cars any worse than gas cars? 0:13:55: What third party data mining is going on in my car? 0:20:41: Is there a way to opt out of data sharing? 0:24:10: Is less data collected in Europe? 0:26:02: Where is all my data stored? Locally, in the cloud, or both? 0:28:52: Is the data at least secured? 0:29:48: Can dealerships access my data? What about law enforcement? 0:32:28: What about rental or fleet cars? What about passengers? 0:37:24: Do car dealers disclose this data collection to shoppers? 0:39:11: What are some of the security problems with this data collection? 0:45:55: How did car makers and legislators respond to your report? 0:48:36: Do modern privacy laws cover auto data? 0:50:48: So what can we do about this today? 0:54:30: What will Privacy Not Included tackle next? 0:58:40: Wrap-up

It’s tax time here again in the USA, and therefore it’s also time for tax scams. I’ll explain how to recognize common tax scams, how to respond to them, how to prevent scammers from taking over your IRS account and even filing fraudulent tax returns in your name. In other news: the Mother of All Breaches (MOAB) contains 26 billion records; 23andMe is in trouble after massive data breach and pending class action lawsuits; a viral story about a smart toothbrush botnet isn’t true… but could have been; a clever hack of older computer TPM modules could expose encrypted hard drive data (but it’s not easy to do); Malwarebytes has issued their 2024 malware report; the FBI and CISA are raising the alarm over Chinese hackers and key US infrastructure, as well as taking action to prevent it; you might want to consider creating a family password to defeat voice clone scams; Mozilla has released a new data deletion service; and Privacy4Cars has an interesting new mechanism for universally opting out of data collection. Article Links [cybernews] Mother of all breaches reveals 26 billion records https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/ [Fast Company] 23andMe at risk of being delisted from the Nasdaq as lawsuits mount https://www.fastcompany.com/91020738/23andme-risk-delisted-nasdaq-class-action-lawsuits [404media.co] The Viral Smart Toothbrush Botnet Story Almost Certainly Isn’t Real https://www.404media.co/the-viral-toothbrush-ddos-botnet-story-almost-certainly-isnt-real/ [Tom’s Hardware] YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico https://www.tomshardware.com/pc-components/cpus/youtuber-breaks-bitlocker-encryption-in-less-than-43-seconds-with-sub-dollar10-raspberry-pi-pico [9to5Mac] Report: Mac security threats on the rise, here’s what to watch out for https://9to5mac.com/2024/02/06/report-mac-security-threats-on-the-rise/ [NBC News] FBI director to warn Chinese hackers aim to ‘wreak havoc’ on US critical infrastructure https://www.nbcnews.com/politics/national-security/fbi-director-warn-chinese-hackers-aim-wreak-havoc-us-critical-infrastr-rcna136524 [Ars Technica] Chinese malware removed from SOHO routers after FBI issues covert commands https://arstechnica.com/security/2024/01/chinese-malware-removed-from-soho-routers-after-fbi-issues-covert-commands/ [cisa.gov] CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers https://www.cisa.gov/news-events/alerts/2024/01/31/cisa-and-fbi-release-secure-design-alert-urging-manufacturers-eliminate-defects-soho-routers [9to5Mac] FCC outlaws voice cloning robocalls after AI-generated voice claimed to be President Biden https://9to5mac.com/2024/02/08/voice-cloning-robocalls/ [Electronic Frontier Foundation] Worried about AI voice clone scams? Create a family password https://www.eff.org/deeplinks/2024/01/worried-about-ai-voice-clone-scams-create-family-password  [The Verge] Firefox maker Mozilla has a new subscription to keep your info out of data brokers’ clutches https://www.theverge.com/2024/2/6/24062765/mozilla-monitor-plus-firefox-paid-subscription-privacy-data-broker-removal-requests [optoutcode.com] A Privacy4Cars Universal Opt-Out Concept https://optoutcode.com/ Tip of the Week: Avoiding Tax Scams https://firewallsdontstopdragons.com/how-to-avoid-tax-scams/ Further Info Secure Your Network: https://firewallsdontstopdragons.com/secure-your-network-part-1-scan/  Davos speech, original: https://www.youtube.com/watch?v=fJoEPRQMBuY  Davos speech, translated: https://www.youtube.com/live/6Fwv9Cek2F4?feature=shared&t=98 How to enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  How to send files securely: https://firewallsdontstopdragons.com/how-to-send-files-securely-like-tax-info/  Send me your questions! https://fdsd.me/qna  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Subscribe to the newsletter: https://fdsd.me/newsletter  Become a patron! https://www.patreon.com/FirewallsDontStopDragons  Give the gift of privacy and security: https://fdsd.me/coupons  Support our mission! https://fdsd.me/support  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:57: News rundown 0:04:04: Mother of all breaches reveals 26 billion records 0:07:36: 23andMe at risk of being delisted from the Nasdaq as lawsuits mount 0:10:20: Viral Smart Toothbrush Botnet Story Isn’t Real 0:13:22: YouTuber breaks BitLocker encryption in less than 43 seconds with sub-$10 Raspberry Pi Pico 0:18:31: Mac security threats on the rise 0:22:27: FBI director to warn Chinese hackers aim to ‘wreak havoc’ on US critical infrastructure 0:23:55: Chinese malware removed from SOHO routers after FBI issues covert commands 0:29:48: CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers 0:33:39: FCC outlaws voice cloning robocalls after AI-generated voice claimed to be President Biden 0:38:12: Worried about AI voice clone scams? Create a family password 0:42:17: Firefox maker Mozilla has a new subscription to keep your info out of data brokers’ clutches 0:43:58: A Privacy4Cars Universal Opt-Out Concept 0:46:44: Tip of the Week: Avoiding tax scams 0:51:51: Looking ahead

Are Macs really safer than PCs? What should you do to make your Mac more secure? How do you know if your Mac has a virus? And how do you know which security apps you can trust? I’ll dig into all of these questions and more today with Mac security guru Patrick Wardle. Patrick Wardle is the founder of the Objective-See Foundation. Having worked at NASA and the NSA, as well as presented at countless security conferences Patrick is passionate about all things related to macOS security, writing books on macOS malware, and releasing free open-source security tools to protect Mac users. Interview Notes Objective See (free Mac tools): https://objective-see.org/  The Art of Mac Malware (book): https://taomm.org/  Objective by the Sea conference: https://objectivebythesea.org/  Apple’s Malware protections: https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1  Reinstall macOS in Recovery Mode: https://support.apple.com/en-us/HT204904  Jamf presentation on Apple anti-malware tools: https://www.jamf.com/resources/videos/a-closer-look-at-macos-built-in-security-tools/  Further Info Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:45: Interview setup 0:04:06: What have you been up to since we last had you on the show? 0:13:40: Are Macs safer than PCs? 0:17:34: How effective are modern antivirus programs? 0:22:25: Which are the better AV software programs? 0:24:45: Tell us about the Mac security apps that you created 0:27:53: How does Lulu differ from a regular firewall? 0:32:00: How do you know which security software you can trust? 0:38:00: How do we combat security fatigue? 0:43:22: Does the Apple App Store protect me from bad apps? 0:52:09: What’s your take on Apple’s new Lockdown Mode? 0:53:34: How do I know if my computer is infected with malware? 0:58:03: What should I do to protect my brand new Mac? 1:01:23: What worries you most right now? What gives you hope? 1:04:43: What’s next for you? 1:10:31: Wrap-up