Firewalls Don't Stop Dragons Podcast

Data brokers are amassing tons of our personal information, often from public sources. You can try to find all of these brokers and request your data be deleted, but it's a lot easier to deputize a trustworthy and affordable service to do all that work for you - and to do so on a regular basis. I'll give you my easy button solution for this. Also in the news: Meta will use your AI sessions to target ads; Google is rolling out agentic AI shopping tools; OpenTable is gathering and sharing your dining habits; Amazon sues Perplexity over their agentic shopping tool; first ever reported AI-orchestrated hacking campaign; EU Commission looks to gut privacy laws; lawmakers want to ban all VPN use; US Senator uses opponents' can VIN info against them; and new health privacy bill seeks to protect data in apps, smart watches. Article Links Meta won’t allow users to opt out of targeted ads based on AI chats https://arstechnica.com/tech-policy/2025/10/meta-wont-allow-users-to-opt-out-of-targeted-ads-based-on-ai-chats/ Google Is Rolling Out ‘Agentic Checkout’ to Make Your Purchases for You https://lifehacker.com/tech/google-is-rolling-out-agentic-checkout Texas Server Says Your Waitstaff Can Now See What Type Of Customer You Are If You Use OpenTable https://brobible.com/culture/article/opentable-ai-customer-profiling/ Amazon sues Perplexity over 'agentic' shopping tool https://www.reuters.com/business/retail-consumer/perplexity-receives-legal-threat-amazon-over-agentic-ai-shopping-tool-2025-11-04/ Disrupting the first reported AI-orchestrated cyber espionage campaign https://www.anthropic.com/news/disrupting-AI-espionage Civil society decries digital rights ‘rollback' as European Commission pushes data protection changes https://therecord.media/civil-society-privacy-rollback Lawmakers Want to Ban VPNs https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing Senate Democrats seek to ‘get to bottom’ of Moreno’s car-data collection https://rollcall.com/2025/11/06/senate-democrats-seek-to-get-to-bottom-of-morenos-car-data-collection/ Health privacy bill seeks protections for data collected by apps, smartwatches https://therecord.media/health-privacy-bill-seeks-protections-apps-smartwatches Tip of the Week: Erasing Your Data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/ Further Info Ask ARC to delete data and stop sharing: https://www.404media.co/how-to-opt-out-of-airlines-selling-your-travel-data-to-the-government/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro 0:00:45: News briefs 0:02:57: News preview 0:05:38: Meta won't let you opt out of AI data gathering 0:15:05: Google Is Rolling Out ‘Agentic Checkout’ 0:20:13: OpenTable gathering and sharing your dining info 0:31:22: Amazon sues Perplexity over 'agentic' shopping tool 0:38:57: First reported AI-orchestrated cyber attack 0:51:33: European Commission pushes data protection changes 0:55:15: Lawmakers Want to Ban VPNs 1:04:03: Senator uses VIN info against opponents 1:10:38: Health privacy bill seeks protections for data collected by apps, smartwatches 1:12:43: Tip of the Week 1:16:26: Looking ahead

In the US alone, there are tens of thousands of small organizations that are responsible for critical infrastructure and vital community services. Most of them don't have an IT department let alone a cyber security expert on staff. And yet these organizations are being attacked by cyber criminal gangs with ransomware and are also being targeted by foreign adversaries who would like the ability to disrupt our very civilization. While the US federal cyber agencies have not properly responded to these threats, a handful of volunteer organizations have emerged, organized under the Cyber Resilience Corps, to address these needs. Today I'll speak with Michael Razeeq, Grace Menna, Adrien Ogee and Eric Franco about their much-needed efforts. Interview Notes Cyber Resilience Corps: https://cltc.berkeley.edu/program/cyber-resilience-corps/ Volunteer! https://cybervolunteers.us Cyber Security Clinics: https://cybersecurityclinics.org/ The Ransomware Hunting Team: https://en.wikipedia.org/wiki/The_Ransomware_Hunting_Team Roadmap to Cyber Defense: https://cltc.berkeley.edu/publication/roadmap-to-community-cybersecurity/ Path to Long-Term Cyber Resilience report: https://cltc.berkeley.edu/publication/a-path-to-long-term-cyber-resilience-for-under-resourced-organizations/ Grace Menna’s BSides LV talk: https://www.youtube.com/live/v20rxx_afw0?&t=1410 CISA Cybersecurity Resources for High-Risk Communities: https://www.cisa.gov/audiences/high-risk-communities/cybersecurity-resources-high-risk-communities FBI InfraGuard: https://www.infragardnational.org/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:13: Intro 0:00:26: Couple announcements 0:01:09: Interview setup 0:03:38: Defining some terms 0:06:40: Introductions 0:07:51: What is the Cyber Resilience Corps? 0:13:59: What are some of the other affiliated cyber groups? 0:19:24: How do you reach organizations in need? 0:26:43: Do orgs ever resist or eschew your help? 0:34:22: How are these efforts funded? 0:42:14: is there agreement on where to focus efforts? 0:44:02: Which sectors are most important to secure? 0:51:11: Are there accepted standards for infrastructure security? 0:53:38: What are the requirements for volunteers? 1:04:19: How do match volunteers with needs? 1:08:28: How long do the support relationships last? 1:16:31: What key things have you learned from your initial work? 1:22:58: How do you scale this effort to address the massive need? 1:25:18: Shouldn't Big Tech be doing more here? 1:33:49: How can we help? 1:37:28: If I'm an organization, how do I get help? 1:38:38: What's next? 1:44:28: Wrap-up 1:47:59: Patron podcast preview 1:48:59: Looking ahead

Today we'll wrap up my series of tips for enumerating all your old online accounts and deciding whether to delete them or just dumb down the personal data they have on you. There are several things to consider - we'll go through them all! In other news: a study ranks the most private AI chatbots; LinkedIn is set to use your personal data to train their AI; ChatGPT has released an AI browser; new phishing scam for password manager creds; Gmail did not leak 183M passwords; man discovers his robot vacuum sharing lots of personal data; more info on Cellebrite's mobile hacking abilities; Flock expanded its surveillance with Ring and drones; and group finds that half of our satellite communications are not encrypted. Article Links Which Generative AI Is Most Privacy-Respecting? https://www.obscureiq.com/which-generative-ai-is-most-privacy-respecting/ LinkedIn will use your data to train AI – how to opt out https://proton.me/blog/linkedin-ai-training Chatgpt Atlas Browser https://www.washingtonpost.com/technology/2025/10/22/chatgpt-atlas-browser/ Phishing scam uses fake death notices to trick LastPass users https://www.malwarebytes.com/blog/news/2025/10/phishing-scam-uses-fake-death-notices-to-trick-lastpass-users No, Gmail has not suffered a massive 183 million passwords breach https://www.techradar.com/pro/security/no-gmail-has-not-suffered-a-massive-183-million-passwords-breach-but-you-should-still-look-after-your-data Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House https://futurism.com/robots-and-machines/robot-vacuum-broadcasting Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/ Ring cameras are about to get increasingly chummy with law enforcement https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/ Exclusive: Flock Safety paid over $300 million for 17-month-old drone startup Aerodome https://techcrunch.com/2024/10/23/flock-safety-paid-over-300-million-for-17-month-old-drone-startup-aerodome/ Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted” https://www.pcmag.com/news/leak-from-the-sky-it-turns-out-a-lot-of-satellite-data-is-unencrypted Tip of the Week: https://firewallsdontstopdragons.com/removing-old-accounts/ Further Info Data Diet series: https://firewallsdontstopdragons.com/data-diet-introduction/ Backing up 2FA seed codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/ Using email aliases: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/ Claudito: https://github.com/micahflee/claudito LM Studio: https://lmstudio.ai/ Dark Wire book: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro 0:00:27: News briefs 0:01:49: News preview 0:03:53: Which AI Is Most Privacy-Respecting? 0:09:21: LinkedIn will use your data to train AI 0:14:23: ChatGPT's new Altas browser 0:21:46: Phishing scam uses fake death notices 0:25:32: Gmail has NOT suffered a massive password breach 0:27:57: Man finds smart vacuum sending maps of home 0:33:41: More Cellebrite capability details leak 0:38:28: Flock inks deal with Ring cameras 0:42:57: Flock Safety buys drone company 0:46:52: Half of satellite comms are unencrypted 0:51:26: Tip of the Week 1:00:01: Patron podcast preview 1:00:18: Looking ahead 1:01:39: New patron promotion coming?

AI chatbots like ChatGPT have made quiet a splash. Companies are tripping all over themselves in a rush to add "AI" to everything, heedless of the security risks. But perhaps more insidious are the privacy risks. Most AI processing is done in the cloud, meaning that your queries and chats are subject to inspection, sharing, storing and monetizing. These AI systems are incredibly expensive to train and operate. And AI companies are desperate to feed them every scrap of data they can find. It's a recipe for privacy disaster. But there are ways to make it more private and today we'll discuss these approaches with Proton's head of AI, Eamonn Maguire. Interview Notes Lumo privacy and security model: https://proton.me/blog/lumo-security-model AI privacy concerns: https://proton.me/blog/ai-privacy-concerns How to build a private AI: https://proton.me/blog/how-to-build-privacy-first-ai LaTeX: https://en.wikipedia.org/wiki/LaTeX Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:12:22: Defining some terms 0:15:29: What are the main privacy issues with modern AI? 0:22:53: What are the dangers of training AI models on personal data? 0:27:57: How do we make AI chatbots safer to use? 0:35:31: What are Proton's goals with Lumo? 0:42:41: How can Lumo protect a user's privacy? 0:52:19: Can we do more to anoymize cloud LLM queries? 0:56:50: What can we do to increase trust and transparency with AI? 1:02:55: Where does Proton store and process AI data? 1:10:35: Which LLM models does Lumo use? 1:15:38: Will Proton offer a local-only version of Lumo? 1:20:36: What's next for Lumo and AI at Proton? 1:27:59: Will Lumo ever be part of Proton pricing bundles? 1:31:24: Wrap-up 1:35:14: Patron podcast preview 1:36:04: Looking ahead

Now that we've tracked down all our old online accounts, it's time to make them more secure and review the data they contain. We should download a copy of that data for safe keeping before we ultimately delete or suspend the accounts. We'll discuss this next step in our journey of reducing our online data footprint - our Data Diet. In the news: Windows 10 support has officially ended; seniors targeted with malware from Facebook groups; Tile trackers can also track you; massive Salesforce data leaked after refusing to pay ransom; dangerous Discord breach; Apple, Google to reluctantly comply with new Texas age law; California enacts age-verification law; EU Chat Control defeated; California makes GPC universally available; largest CCPA fine to date levied against TSC. Article Links Windows 10 support “ends” today, but it’s just the first of many deaths https://arstechnica.com/gadgets/2025/10/windows-10-support-ends-today-but-its-just-the-first-of-many-deaths/ Seniors targeted in global Facebook scam spreading new Android malware https://therecord.media/seniors-targeted-facebook-android-malware-scam Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/ ShinyHunters Leak Data from Qantas, Vietnam Airlines and Others https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/ The Discord Hack is Every Users’ Worst Nightmare https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/ Apple and Google reluctantly comply with Texas age verification law https://arstechnica.com/tech-policy/2025/10/apple-and-google-reluctantly-comply-with-texas-age-verification-law/ California enacts its own internet age-gating law https://www.theverge.com/news/798871/california-governor-newsom-age-gating-ab-1043 Citizen Protest Halts Chat Control https://www.patrick-breyer.de/en/citizen-protest-halts-chat-control-breyer-celebrates-major-victory-for-digital-privacy/ California Governor signs first-in-the-nation privacy bill into law https://advocacy.consumerreports.org/press_release/california-governor-signs-first-in-the-nation-privacy-bill-into-law CPPA fines Tractor Supply Company $1.4 million for privacy violations https://therecord.media/ccpa-tractor-supply-privacy-fine Tip of the week: https://firewallsdontstopdragons.com/secure-old-accounts/ Further Info How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ Setting up Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:28: News preview 0:02:31: Win10 support ended 0:08:19: Seniors targeted with malware from Facebook groups 0:12:00: Tile trackers can also track you 0:19:51: Massive Salesforce data leak 0:26:50: Dangerous Discord breach 0:32:35: Apple, Google to comply with new Texas age law 0:39:47: CA enacts age-verification law 0:44:56: EU Chat Control defeated! 0:49:33: CA makes GPC universally available 0:55:02: Largest CCPA fine to date 0:57:02: Tip of the Week 1:01:41: Wrapping up 1:02:29: Looking ahead

Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn't done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the 'cyber poverty line'. Today we'll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help. Interview Notes DEF CON Franklin: https://defconfranklin.com/ For more info or help, email “defconfranklin” at gmail.com. Volt Typhoon: https://en.wikipedia.org/wiki/Volt_Typhoon Initial Franklin trials: https://harris.uchicago.edu/news-events/news/first-water-utilities-take-volunteer-cyber-help Franklin Almanac: https://defconfranklin.com/almanack.html Franklin launch (DEF CON 32): https://www.youtube.com/watch?v=0TdY9JUaybc DEF CON 33 Franklin update: https://defconfranklin.com/water_cybersec.html Jake’s books: https://www.amazon.com/s?i=digital-text&rh=p_27%3AJake%2BBraun More help: https://www.cybervolunteers.us/en Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:03:19: Why did you start the DEF CON Franklin project? 0:07:58: Why did you focus on protecting water systems? 0:12:41: Why target our water systems? 0:17:10: How do protect 50,000+ water facilities? 0:22:01: What are key takeaways from your first trials? 0:24:53: What are some of challenges you've faced? 0:29:13: Why did we ever put critical infrastructure on the internet? 0:31:05: Are there third parties involved in facility security, too? 0:32:45: How do you coordinate your efforts with other, similar orgs? 0:36:32: How do you know when your job is finished? 0:39:14: Are you getting support from the US government? 0:41:31: What's next for Franklin? How can we help? 0:43:38: What's the long term roadmap for Franklin? 0:45:00: Interview wrap-up 0:46:54: Patron podcast preview 0:47:52: Looking ahead 0:49:11: My other stuff

There are literally billions of devices connected to the internet today - many of them cheap, insecure IoT devices... smart thermostats, doorbell cameras, webcams, cheap WiFi routers and other smart appliances. As we like to say, the "S" in "IoT" is for security. And when insecure devices are no longer supported, the security bugs will never be fixed. We'll discuss the implications of this growing problem and potential solutions with a passionate right-to-repair advocate and the founder of the Secure Resilient Future Foundation, Paul Roberts. Interview Notes Secure Resilient Future Foundation: https://secure-resilient.org/ The Security Ledger: https://securityledger.com/ Tech Timebombs: https://www.youtube.com/watch?v=koZERADCyug Secure Repairs: https://securepairs.org/ Paul’s Congressional testimony: https://judiciary.house.gov/committee-activity/hearings/there-right-repair FULU Foundation: https://fulu.org/ US PIRG: https://pirg.org/ Institute for Security and Technology: https://securityandtechnology.org/ NIST 800-232: https://csrc.nist.gov/pubs/sp/800/232/ipd Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Send me your questions! https://fdsd.me/qna Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:01:42: Interview terminology 0:03:22: How did you come to found SRFF? 0:08:24: Why are abandoned IoT devices "tech time bombs"? 0:16:53: What are the dangers of hacked IoT devices? 0:18:28: Is there any real liability for making insecure IoT devices? 0:23:36: How important is transparency to law making? 0:29:07: How does the right to repair interact with IoT security? 0:38:33: How should consumers be made aware of abandoned devices? 0:43:56: Can we rely on ISP's to block insecure devices? 0:46:42: What other groups are working on improving IoT security? 0:52:24: Should the gov't be funding research into securing IoT devices? 1:01:20: What can we do to help? 1:06:58: Patron podcast preview 1:07:31: Looking ahead

It's rare these days to find a well-designed and useful application that was made to be private from the get-go. Too many apps today view your personal data as a cash cow to be mercilessly milked, claiming to value your privacy when they really value the extra revenue they can make off of your private data. When I find useful apps that are private by design, especially ones that can replace more popular apps that harvest our data, I like to call attention to them: in this case, Ente Photos. Today I'll ask the founder and CEO why privacy is important to him and how it influenced his design approach. Interview Notes Ente Photo: https://ente.io/ Ente Auth: https://ente.io/auth/ Ente’s Machine Learning: https://ente.io/ml/ Ken Thompon’s lecture on trust: https://dl.acm.org/doi/10.1145/358198.358210 Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:04:08: interview terminology 0:06:44: Why did you start Ente and why do you care about privacy? 0:15:23: Why should we trust Ente with our private data? 0:20:14: What private information does Ente collect? 0:25:12: How hard is it for 3rd party apps to integrate with the OS? 0:29:39: Is Ente more private than Apple Photos with ADP enabled? 0:31:40: How hard is it to migrate from Google or Apple Photos to Ente? 0:34:30: Is facial recognition metadata in a standard, portable format? 0:35:51: How hard is it to export photos from Ente? 0:37:57: Does Ente Auth allow for easy export and backup? 0:39:28: How do you backup your Ente photos? 0:41:12: How much of Ente's AI photo processing is purely on-device? 0:45:51: How do you vet third party software libraries for privacy? 0:49:07: What data could Ente give, if required, to law enforcement? 0:52:43: How can we pass on our legacy of memories to our kids? 0:54:55: What's next for Ente? 0:59:43: Interview wrap-up 1:00:56: Patron podcast preview 1:01:36: Looking ahead

In our quest to clean up and secure our data, today I will give you several clever and useful techniques for uncovering old, forgotten online accounts. We'll scrape the bottom of the barrel to complete our list of accounts so that we can upgrade their security, see what data they have, and remove anything we no longer want floating around out there, waiting to be stolen or abused. In the news: Chat Control is up for a vote in the EU (time to contact your MEPs); Samsung to show ads on their smart refrigerators; new automated sextortion spyware; a third of UK firms spying on employees; airlines sells 5B flight records for warrantless searching; ICE signs $3M contract for phone hacking tool; ChatGPT to guess your age or require ID; Swiss government looks to enable mass surveillance; Google Pixel 10 adds C2PA support; Apple iPhone 17 includes killer hardware security feature. Article Links Chat Control: Can the EU Parliament save our encrypted chats? https://www.techradar.com/vpn/vpn-privacy-security/chat-control-can-the-eu-parliament-save-our-encrypted-chats Samsung confirms its $1,800+ fridges will start showing you ads https://www.androidauthority.com/samsung-confirms-smart-refrigerator-ads-are-coming-3598848/ Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn https://www.wired.com/story/stealerium-infostealer-porn-sextortion/ A third of UK firms using 'bossware' to monitor workers' activity, survey reveals https://www.theguardian.com/world/2025/sep/14/uk-firms-bossware-monitor-workers-activity Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching https://www.404media.co/airlines-sell-5-billion-plane-ticket-records-to-the-government-for-warrantless-searching/ ICE unit signs new $3M contract for phone-hacking tech | TechCrunch https://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/ ChatGPT Will Guess Your Age and Might Require ID for Age Verification https://www.404media.co/chatgpt-will-guess-your-age-and-might-require-id-for-age-verification/ Swiss government looks to undercut privacy tech, stoking fears of mass surveillance https://therecord.media/switzerland-digital-privacy-law-proton-privacy-surveillance Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity https://thehackernews.com/2025/09/google-pixel-10-adds-c2pa-support-to.html The iPhone 17 memory shield will give spyware developers a hard time https://appleinsider.com/articles/25/09/11/the-iphone-17-memory-shield-will-give-spyware-developers-a-hard-time Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-2/ Further Info Fight Chat Control in EU: https://fightchatcontrol.eu/ ARC opt out: https://www2.arccorp.com/site-privacy-policy/#17 LinkedIn privacy settings to change: https://discuss.privacyguides.net/t/linkedin-change-of-tos-opt-out-before-november-3rd/31199 Privacy Guides: https://www.privacyguides.org/ Coalition for Content Provenance and Authenticity: https://c2pa.org/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:23: Few PSA's 0:03:37: News preview 0:05:35: EU's Chat Control vote coming soon 0:10:46: Samsung smart fridges to start showing ads 0:16:17: New automated sextortion malware 0:21:24: A third of UK companies spy on employees 0:25:51: Airlines sell 5B records for warrantless searches 0:31:44: ICE signs $3M contract for phone hacking tool 0:34:08: ChatGPT to guess your age or require ID 0:38:11: New Swiss law would uncut user privacy 0:42:46: Google Pixel 10 Adds C2PA Support 0:45:50: iPhone 17 adds killer new security feature

Artificial Intelligence (AI) is the Big Tech buzzword of the day. Every company who wants investment (public or private) is scrambling to have an "AI story", adding chatbots and 'agentic' features in their products wherever possible. The AI companies themselves are constantly expanding their models, ingesting as much data (including highly personal information) as possible. In this AI gold rush, companies are making flawed and often harmful products. Companies are firing workers and trying to replace them with AI bots. And it's forcing us all to question what's real, what has actual value, and what the impacts could and should be on society as a whole. Discussing deep questions like this is the purview of philosophers - and today I'll be welcoming back someone uniquely and supremely qualified to address them, Carissa Véliz. Interview Notes Carissa Véliz: https://www.carissaveliz.com/ Privacy is Power: https://www.carissaveliz.com/books Carissa’s research: https://www.carissaveliz.com/research Moral Zombies: https://link.springer.com/article/10.1007/s00146-021-01189-x ChatGPT suicide: https://www.nytimes.com/2025/08/26/technology/chatgpt-openai-suicide.html TESCREAL: https://en.wikipedia.org/wiki/TESCREAL John Oliver on AI Slop: https://www.youtube.com/watch?v=TWpg1RmzAbc Proton Lumo: https://proton.me/blog/lumo-ai EU’s “public good” LLM: https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:05:09: What does "artifical intelligence" really mean? 0:13:21: Should STEM degrees require ethics training? 0:17:20: Does anthropomorphising AI undermine our discourse? 0:22:35: What is the TESCREAL view of AI? 0:28:09: Can we infuse AI tools with human morality? 0:34:31: What are the dangers of training AI on copyrighted works? 0:42:16: What happens when AI starts ingesting it's own output? 0:44:27: Can we make AI systems that are truly private? 0:48:08: How should we assign liability for AI harms? 0:51:06: Is AI eroding our ability to trust anything? 0:54:06: What happens when AI obviates the need to work at all? 1:00:00: How do we maximize the benefits and minimize the harms of AI? 1:03:20: Interview wrap-up 1:06:06: Patron podcast preview 1:07:08: Looking ahead

The next step in reducing our digital footprint is to identify all of our online accounts, including the long forgotten and unused ones. The easiest place to start is by using the tool we should already have: our password manager. By its very nature, it contains a list of all our accounts. You may have used your browser to remember your passwords, or you may have some other method... but it's time to move to a real password manager. In other news: update your Android devices ASAP; Android malware spreading via Facebook ads; Google to make it harder to sideload Android apps; dashcam company cloud storage hacked; Anthropic to train model based on your chats; OpenAI sharing some GPT chats with law enforcement; ChatGPT getting parental controls after teen suicide; Microsoft Word will auto-save to OneDrive; Chrome VPN extension caught taking screenshots of sites you visit; US tells BigTech not to comply with DSA; and Flock pauses work with federal agencies. Article Links This Android Malware Is Spreading Through Facebook Ads https://lifehacker.com/tech/this-android-malware-is-spreading-using-meta-ads Android Is Making It More Difficult to Sideload Apps https://lifehacker.com/tech/android-is-making-it-more-difficult-to-sideload-apps This Company Turns Dashcams into ‘Virtual CCTV Cameras.’ Then Hackers Got In https://www.404media.co/this-company-turns-dashcams-into-virtual-cctv-cameras-then-hackers-got-in/ Anthropic will start training its AI models on chat transcripts https://www.theverge.com/anthropic/767507/anthropic-user-data-consumers-ai-models-training-privacy People Are Furious That OpenAI Is Reporting ChatGPT Conversations to Law Enforcement https://futurism.com/people-furious-openai-reporting-police OpenAI announces parental controls for ChatGPT after teen suicide lawsuit https://arstechnica.com/ai/2025/09/openai-announces-parental-controls-for-chatgpt-after-teen-suicide-lawsuit/ Microsoft Word now autosaves to OneDrive. Is your data safe? https://proton.me/blog/microsoft-word-autosave-onedrive-default Chrome VPN Extension With 100k Installs Screenshots All Sites Users Visit https://cyberinsider.com/chrome-vpn-extension-with-100k-installs-screenshots-all-sites-users-visit/ Big Tech Companies in the US Have Been Told Not to Apply the Digital Services Act https://www.wired.com/story/big-tech-companies-in-the-us-have-been-told-not-to-apply-the-digital-services-act/ License-plate reader company pauses work with federal agencies after backlash https://therecord.media/flock-license-plate-reader-pauses-federal-work Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-1/ Further Info Nexar CityStream live: https://livefeed.getnexar.com My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Become a patron! https://fdsd.me/patron/ Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:01:10: Update your Android devices 0:01:41: News preview 0:03:38: Android malware spread via Facebook ads 0:06:49: Android is making it harder to sideload apps 0:12:16: "Virtual CCTV" dashcam company is hacked 0:18:01: Anthropic to train AI based on your chats 0:22:33: OpenAI sharing some GPT chats with law enforcement 0:26:46: OpenAI accounces parental controls after teen suicide 0:33:41: Microsoft Word now autosaves to OneDrive 0:40:36: Chrome VPN extension screenshots sites you visit 0:45:18: US tells BigTech not to comply with DSA 0:51:08: Flock pauses work with federal agencies 0:53:38: Tip of the Week 1:01:22: Patron podcast preview 1:01:55: Looking ahead

We take our cell phones with us everywhere - which makes them the perfect tracking device. Just walking around with your device will give your location away in multiple ways. But even if you had no apps on your phone, the cellular chips in our devices will constantly be interacting with every cell tower that's in range, negotiating the best tower to talk to, whether to use 5G or something else, and authenticating to the network - even in Airplane Mode. Cell site simulators (aka Stingrays or IMSI catchers) can be used to trick your phone into give away your location. The Electronic Frontier Foundation (EFF) has developed a cheap, easy-to-setup device that can try to discover and report these devices. Today I interview an expert panel about the clever Rayhunter project: Cooper Quintin, The Gibson, and OopsBagel. Interview Notes Rayhunter announcement: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying EFF’s Rayhunter project: https://efforg.github.io/rayhunter/ Submitting logs to EFF: https://efforg.github.io/rayhunter/support-feedback-community.html DEF CON talk on Rayhunter: https://spectra.video/w/jt9rZHCU51Rh58cBD8oiP3 Buy yourself an Orbic hotspot: https://www.ebay.com/sch/i.html?_nkw=orbic+rc400l Gotta Catch ‘Em All: https://www.eff.org/wp/gotta-catch-em-all-understanding-how-imsi-catchers-exploit-cell-networks iPhone/Android fake cell site protections: https://www.eff.org/deeplinks/2023/09/apple-and-google-are-introducing-new-ways-defeat-cell-site-simulators-it-enough Meshtastic: https://meshtastic.org/docs/getting-started/ Veilid: https://veilid.com/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Table of Contents 0:00:00: Intro 0:02:26: Interview setup 0:06:18: How did you become in involved with Rayhunter? 0:12:08: What is a cell site simulator? 0:14:01: What does a CSS look like and how are they deployed? 0:16:55: How is a CSS used for surveillance? 0:20:31: Can cell site simulaters work with modern protocols like 5G? 0:24:09: What information can you sniff from the cellular network? 0:27:41: Is there any transparency around the use of CSS's? 0:30:02: How did Rayhunter evolve from previous work? 0:35:00: How do I make a Rayhunter device? 0:41:45: I've create a Rayhunter... now what? 0:46:10: How can I protect myself against CSS surveillance? 0:49:38: Does Airplane Mode really disable your cellular radio? 0:52:22: How else might I defeat mass surveillance tech? 0:54:46: What's next for everyone? 1:00:53: Interview wrap-up 1:03:36: Meshtastic 1:04:49: Patron podcast preview 1:05:26: Looking ahead

The world wide web, as we know it today, has been around for over 30 years. In that time, most of us have created many dozens, perhaps hundreds, of online accounts. How many of those accounts are still alive somewhere? What data do they hold? And how good are the passwords you used? Today we're going to start on the path to finding all those accounts which could drastically improve our privacy and security. In the news: millions of Dell laptops have critical security flaws you need to patch now; Facebook may be secretly scanning your phone's images; National Public Data is back and you should delete your data; data brokers are flouting privacy laws; Ionic 5 owners in the UK will have to pay for a security fix; Flipper Zero devices are being (wrongly) blamed for auto thefts; the US Supreme Court allows Mississippi social media law to go into effect; data brokers are hiding their opt-out pages; app TeaOnHer exposed users' data; UK backs down from Apple backdoor demand; and now is the time for EU residents to speak out against Chat Control. Article Links Millions of Dell laptops hit by ‘critical’ security vulnerability https://www.pcworld.com/article/2870014/millions-of-dell-laptops-hit-by-critical-security-vulnerability.html Meta might be secretly scanning your phone's camera roll - how to check and turn it off https://www.zdnet.com/article/meta-might-be-secretly-scanning-your-phones-camera-roll-how-to-check-and-turn-it-off/ You Should Remove Your Info From the Rebooted National Public Data Site https://lifehacker.com/tech/remove-your-info-from-rebooted-national-public-data-site Data Brokers Are Ignoring Privacy Law. We Deserve Better. https://www.eff.org/deeplinks/2025/08/data-brokers-are-ignoring-privacy-law-we-deserve-better Hyundai wants Ioniq 5 owners to pay to fix a keyless entry security hole https://www.theverge.com/news/757205/hyundai-ioniq-5-security-upgrade-fix-game-boy-device-attacks Can Flipper Zero really steal your car? (Spoiler: NO) https://blog.flipper.net/can-flipper-zero-steal-your-car/ Supreme Court allows Mississippi social media law to go into effect https://www.npr.org/2025/08/14/nx-s1-5482925/scotus-netchoice Data Brokers Are Hiding Their Opt-Out Pages From Google Search https://www.wired.com/story/data-brokers-hiding-opt-out-pages-google-search/ How we found TeaOnHer spilling users' driver's licenses in less than 10 minutes | TechCrunch https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/ UK blinks, backs down from its Apple backdoor encryption demand https://appleinsider.com/articles/25/08/19/uk-blinks-backs-down-from-its-apple-backdoor-encryption-demand Worried about Chat Control? This website can help you get your say https://www.techradar.com/computing/cyber-security/worried-about-chat-control-this-website-can-help-you-get-your-say Tip of the Week: Data Diet Introduction: https://firewallsdontstopdragons.com/data-diet-introduction/ Further Info Cory Doctorow on age verification: https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers Fight EU’s Chat Control: https://fightchatcontrol.eu/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:01:37: News preview 0:05:00: Millions of Dell laptops hit by ‘critical’ security vulnerability 0:06:44: Meta might be secretly scanning your phone's camera roll 0:12:00: You Should Remove Your Info From National Public Data 0:15:39: Data Brokers Are Ignoring Privacy Law 0:19:06: Hyundai wants Ioniq 5 owners to pay for security fix 0:22:43: Can Flipper Zero really steal your car? (No.) 0:30:38: Supreme Court allows Mississippi social media law ...

Why don't we have meaningful privacy laws in the US? While we haven't been able to pass federal privacy legislation, many states have managed to pass laws protecting our data and establishing some basic privacy rights. Vermont House Representative Monique Priestley led a Herculean effort to pass privacy legislation in her state last year. While managing to get a solid bill through the House and Senate, the bill was ultimately vetoed by the governor and the Senate failed to override it. But along the way, Monique learned valuable lessons about dealing with Big Tech lobbyists. Today we'll follow the journey of the Vermont Data Privacy Act of 2024 and what lessons we should learn for future attempts at privacy legislation. Interview Notes Monique Priestley: https://mepriestley.com/ Vermont State Representative site: https://priestleyvt.com/ Vermont Committee Zoom call: https://www.youtube.com/watch?v=RfvAteuwRCA Age Appropriate Design Code: https://epic.org/epic-applauds-passage-of-vermont-age-appropriate-design-code/ Big Tech Tried to Kill My State’s Privacy Bill. Here’s What I Learned. https://www.techpolicy.press/big-tech-tried-to-kill-my-states-privacy-bill-heres-what-i-learned/ The man quietly rewriting American privacy law https://www.politico.com/news/2024/09/17/andrew-kingman-data-privacy-lobbying-00179630 Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:01:36: Interview setup 0:05:45: How did you get into privacy politics? 0:08:44: Who drafts the initial bill? 0:12:25: How are initial bills modified during this process? 0:17:08: When and how do lobbyists get involved? 0:22:34: Are lobbyists transparent about who they represent? 0:30:42: What are the most controversial elements of a privacy bill? 0:34:16: How are privacy laws limited by scope? 0:39:11: Why is the privacy right of action so important? 0:43:37: How do lobbyists kill privacy bills? 0:49:05: Do legislators collaborate across states? 0:55:19: How did the Vermont privacy bill get killed? 0:57:55: What are your key takeaways from this experience? 1:02:12: What's the current status of privacy legislation? 1:04:57: How can we help? 1:06:57: Wrap-up 1:09:38: Patron podcast preview 1:10:18: Looking ahead

It's early August, which means it's time for BSides Las Vegas and DEF CON, part of the trio of conferences that make up "hacker summer camp" (the other being Black Hat, which I don't attend). It's been a crazy, chaotic week - as usual - but in almost completely good ways. After the regular news, I've got some mini interviews with Jake Braun (DEF CON Franklin), Stacey Higginbotham (Consumer Reports), Cooper Quitin (EFF) and The Gibson (Veilid and hackers.town). In other news: Tea app users file a class action lawsuit over massive breach; ChatGPT sessions may be searchable by anyone; US government launches initiative to centralize health data for use by tech companies; Australia rolls out age verification for search engines; Grok AI is now in Teslas; China-backed hackers exploit horrific Microsoft bug; Dropbox ends its password manager service. Article Links Tea User Files Class Action After Women’s Safety App Exposes Data https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/ ChatGPT users shocked to learn their chats were in Google search results https://arstechnica.com/tech-policy/2025/08/chatgpt-users-shocked-to-learn-their-chats-were-in-google-search-results/ Trump administration is launching a new private health tracking system with Big Tech's help https://apnews.com/article/trump-ai-rfk-jr-health-tech-fa73703bd1fd557c787ef0b590e151f1 Australia is quietly rolling out age checks for search engines like Google https://www.abc.net.au/news/2025-07-11/age-verification-search-engines/105516256 Grok is now in Tesla cars, but not in the way you think https://mashable.com/article/grok-tesla China-backed hackers used Microsoft flaw in attacks https://www.washingtonpost.com/technology/2025/07/21/china-hackers-microsoft-sharepoint/ Users left scrambling for a plan B as Dropbox drops Dropbox Passwords https://www.theregister.com/2025/07/30/dropbox_drops_dropbox_passwords/ Tip of the Week: https://firewallsdontstopdragons.com/how-to-backup-cloud-data/ Further Info Top hacker interviews: https://fdsd.me/hackers DEF CON Franklin: https://defconfranklin.com/ EFF: https://www.eff.org/ Veilid: https://veilid.com/ Consumer Reports: https://securityplanner.consumerreports.org/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:02:24: News preview 0:03:31: Tea User Files Class Action Lawsuit 0:06:24: ChatGPT users shocked to learn their chats were in Google search results 0:11:11: Trump administration is launching a new private health tracking system 0:17:52: Australia is quietly rolling out age checks for search engines 0:22:56: Grok is now in Tesla cars, but not in the way you think 0:25:29: China-backed hackers used Microsoft flaw in attacks 0:29:50: Dropbox drops Dropbox Passwords 0:32:20: Tip of the Week 0:36:27: Hacker Summer Camp Extras! 0:42:53: SNIPPET: Stacey Higginbotham 0:47:03: SNIPPET: Jack Braun 0:50:18: SNIPPET: Cooper Quintin and Gibson 0:55:04: Wrapup

Cory Doctorow has garnered a lot of needed attention to the decline of modern online platforms, including Google Search, Facebook and Twitter. Much of this is a result of coining the now-viral term Enshittification. Today we'll talk about how the internet was broken and who's to blame. We'll also discuss the lack of privacy laws and the threats of AI to tech workers and copyrighted works. Finally, we'll discuss Cory's novel proposal for how countries could respond to US tariffs by ripping up intellectual property agreements, changing the power dynamic of the Big Tech industry and hopefully benefiting consumers in the process. Interview Notes Cory’s blog (Pluralistic): https://pluralistic.net/ Canada shouldn't retaliate with US tariffs: https://pluralistic.net/2025/01/15/beauty-eh/#its-the-only-war-the-yankees-lost-except-for-vietnam-and-also-the-alamo-and-the-bay-of-ham Who Broke the Internet? https://www.cbc.ca/listen/cbc-podcasts/1353-the-naked-emperor Enshittification book (coming Oct 2025): https://us.macmillan.com/books/9780374619329/enshittification/ Regex: https://en.wikipedia.org/wiki/Regular_expression Copyright and AI: https://www.technologyreview.com/2025/07/01/1119486/ai-copyright-meta-anthropic/ Further Info Humble Bundle: https://www.humblebundle.com/books/security-apress-books My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:02:07: Humble Bundle! 0:03:09: Interview preview 0:06:52: Has coining the term Enshittification helped to raise awareness? 0:11:08: Who broke the internet? 0:20:15: Will AI reduce tech workers' power? 0:27:21: Why can we not get privacy laws? 0:35:21: How should countries respond to US tariffs? 0:39:57: Do DRM protections incentize creators? 0:44:37: What's your take on the Anthropic AI copyright decision? 0:55:03: What's next for you? 0:56:04: Interview wrap-up 0:57:27: Hacker summer camp 0:59:28: Patron podcast preview 1:00:24: Looking ahead

We take our phones with us everywhere. And they contain, or have cloud access to, pretty much all of our personal information and online accounts. While phone makers have made it difficult for thieves to resell a stolen phone, anyone with physical access to your device may be able to extract its data or access all your accounts. Thankfully, Apple (iOS) and Google (Android) have recently introduced several features that can significantly increase your device's physical security and privacy. We'll discuss some of them today. In the news: VPN signups in UK spike after age verification law kicks in; Tea app data breach includes IDs; Amazon buys Bee AI wearable; your power meter is a surveillance tool; Amazon's Ring returns to sharing video with police; startup sells hacked data to debt collectors; Gemini AI on Android to get third party app access; Brave blocks Windows Recall; UK backs down on Apple back door; Apple to make passkeys portable; two new AI chatbots that are truly open and private. Article Links Proton VPN Signups in UK Surge 1,400% After Online Safety Act Comes Into Force https://cyberinsider.com/proton-vpn-signups-in-uk-surge-1400-after-online-safety-act-comes-into-force/ I Knew the Viral 'Tea' App Was Trouble, but I Didn't Expect a Data Breach https://lifehacker.com/tech/i-knew-the-viral-tea-app-was-trouble-but-i-didnt-expect-a-data-breach Amazon buys Bee AI wearable that listens to everything you say https://www.theverge.com/news/711621/amazon-bee-ai-wearable-acquisition When Your Power Meter Becomes a Tool of Mass Surveillance https://www.eff.org/deeplinks/2025/07/when-your-power-meter-becomes-tool-mass-surveillance Amazon's Ring goes full founder mode, taking the company back to its crime-fighting roots https://www.businessinsider.com/amazon-ring-founder-mode-jamie-siminoff-crime-fighting-roots-2025-7 A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/ Unless users take action, Android will let Gemini access third-party apps https://arstechnica.com/security/2025/07/unless-users-take-action-android-will-let-gemini-access-third-party-apps/ Brave blocks Windows Recall from screenshotting your browsing activity https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/ UK backing down on Apple encryption backdoor after pressure from US https://arstechnica.com/tech-policy/2025/07/uk-backing-down-on-apple-encryption-backdoor-after-pressure-from-us/ Passkey portability is finally here in iOS 26 and macOS Tahoe 26 https://9to5mac.com/2025/07/12/passkey-portability-is-finally-here-in-ios-26-and-macos-tahoe-26/ Introducing Lumo, the AI where every conversation is confidential https://proton.me/blog/lumo-ai A language model built for the public good https://ethz.ch/en/news-and-events/eth-news/news/2025/07/a-language-model-built-for-the-public-good.html Tip of the Week: https://firewallsdontstopdragons.com/physical-phone-security/ Further Info Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent https://www.404media.co/hacker-plants-computer-wiping-commands-in-amazons-ai-coding-agent/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:47: DEF CON update 0:01:47: News preview 0:04:06: Proton VPN use surges in UK 0:08:13: Data breach at viral Tea app 0:19:36: Amazon buys Bee AI wearable 0:26:47: Using power meters for surveillance 0:30:48: Ring again sharing video with police 0:34:57: Startup selling hacked data to debt collectors 0:42:29: Android lets Gemini access 3rd party apps

We talk a lot about digital or online security. Today we're going to focus on physical security and the general ethos of "be prepared". There are many situations in life when you will find yourself wishing you had had the foresight to acquire certain things or establish certain professional relationships before you actually needed them. Deviant Ollam is a physical penetration specialist. His job is to find and fix weaknesses in physical things... buildings, locks, safes, etc. And along the way he has learned some important lessons for all of us. Today he will share his wisdom with us. Interview Notes Deviant’s website: https://deviating.net/ Lawyer,Passport, Locksmith, Gun talk: https://www.youtube.com/watch?v=6ihrGNGesfI Attacking Classified Safes & Vaults: https://www.youtube.com/watch?v=-Z_Jv7vuiqg Red Team Alliance: https://shop.redteamalliance.com/ Red Team Tools: https://www.redteamtools.com/ CackalackyCon: https://www.cackalackycon.org/ Shut the F**k Up PSA: https://www.youtube.com/watch?v=nWEpW6KOZDs Home lock - Schlage Primus: https://commercial.schlage.com/en/products/key-systems/primus-security-upgrade.html Padlock - Pacific Lock (PACLOCK): https://paclock.com/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:04:27: What is a physical entry specialist? 0:08:47: How would you describe the prepper ethos? 0:12:21: What are common mistakes for disaster prep? 0:15:52: What should everyone have a passport? 0:20:32: Why should everyone have an established lawyer? 0:28:55: What other professionals should I have at the ready? 0:34:09: What locks should I use or avoid? 0:40:39: Do any movies and TV shows portray lock picking correctly? 0:43:36: What is 'responsible disclosure' like for physical vulnerabilities? 0:47:44: Do you tell companies when you stumble on physical vulnerabilities? 0:51:41: What documents should we have physical copies of? 0:55:27: If I'm politically active, how can I minimize my digital footprint? 0:59:10: Why should we use secure, private communications? 1:02:34: What's next for you? 1:06:05: Wrap-up 1:08:45: Patron podcast preview

Your cell phone number uniquely identifies you. Many companies rely on this 1-to-1 relationship to authenticate you to their systems. So if someone were to somehow manage to steal your mobile phone number - a hack called SIM swapping - they could use that to impersonate you and compromise any of your accounts that are validated via SMS or phone call. There's a new tool to combat this scam that's better than the old-style account PIN codes. I'll explain how it works. In the news: many Brother printers have serious cyber vulnerabilities; Belkin in abandoning Wemo smart devices next January; Xfinity's WiFi routers can detect motion in your entire home; Bluesky is rolling out age verification in the UK; California is using drones to catch the use of illegal fireworks; McDonald's AI hiring bot was hacked to expose millions of applicants' data; Mexican drug cartel hacked FBI phone to catch informants; US strikes blow against North Korean fake worker scams; Denmark is looking to ditch Microsoft products. Article Links New Vulnerabilities Expose Millions of Brother Printers to Hacking https://www.securityweek.com/new-vulnerabilities-expose-millions-of-brother-printers-to-hacking/ Belkin pulls the plug on Wemo smart home products which will stop working in 2026 https://9to5google.com/2025/07/10/belkin-wemo-smart-home-shutdown-list/ Using WiFi Motion in the Xfinity app https://www.xfinity.com/support/articles/wifi-motion Bluesky is rolling out age verification in the UK https://www.theverge.com/news/704468/bluesky-age-verification-uk-online-safety-act Huge fines coming for Californians caught by drone with illegal fireworks https://www.sfgate.com/bayarea/article/california-drones-illegal-fireworks-20629637.php McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/ Drug cartel hacked FBI official’s phone to track and kill informants https://arstechnica.com/security/2025/06/mexican-drug-cartel-hacked-fbi-officials-phone-to-track-informant-report-says/ Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams https://www.wired.com/story/identities-of-80-plus-americans-stolen-for-north-korean-it-worker-scams/ Why Denmark is dumping Microsoft Office and Windows for LibreOffice and Linux https://www.zdnet.com/article/why-denmark-is-dumping-microsoft-office-and-windows-for-libreoffice-and-linux/ Tip of the Week: https://firewallsdontstopdragons.com/freezing-your-mobile-account/ Further Info Tom’s Hardware on WiFi Motion: https://www.tomshardware.com/networking/routers/new-xfinity-router-motion-detecting-feature-stokes-privacy-fears-feature-powered-by-wi-fi-signals RockYou password list: https://cybernews.com/security/rockyou2024-largest-password-compilation-leak/ LibreOffice: https://www.libreoffice.org/discover/libreoffice/ Eurostack: https://eurostack.eu/ Running Linux in a VM on Windows: https://itsfoss.com/install-linux-mint-in-virtualbox/ Age verification: https://www.privacyguides.org/articles/2025/05/06/age-verification-wants-your-face/ My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:00:17: DEF CON coming up fast 0:03:34: News preview 0:06:31: New Vulnerabilities Expose Millions of Brother Printers to Hacking 0:11:51: Belkin pulls the plug on Wemo smart home products 0:14:25: Using WiFi Motion in the Xfinity app 0:21:19: Bluesky is rolling out age verification in the UK 0:26:49: Huge fines coming for Californians caught by drone with illegal fireworks 0:29:36: McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data 0:35:31: Drug cartel hacked FBI official’s phone to track and k...

Privacy risks are bad enough for adults - but it's much worse for our kids, particularly as students. Who provides notice and obtains consent for minors at school? In many cases it's not the parents, let alone the students - it's the school system. Not only are they opting the students into invasive data collection by profit-driven third parties, but they often also bind them to mandatory arbitration clauses, neutering their ability to seek legal redress for the inevitable violations. Today I'll discuss this horrid state of affairs with someone who is on the front lines of this battle for our children's right to privacy: co-founder of the EdTech Law Center, Andy Liddell. Interview Notes EdTech Law Center: https://edtech.law/about-us/ EdTech current cases: https://edtech.law/cases/ Internet Safety Labs: https://internetsafetylabs.org/ The Right to Oblivion (book): https://www.hup.harvard.edu/books/9780674260528 ACLU, Digital Dystopia: https://www.aclu.org/publications/digital-dystopia-the-danger-in-buying-what-the-edtech-surveillance-industry-is-selling The Markup, College Prep Software Naviance Is Selling Advertising Access to Millions of Students: https://themarkup.org/machine-learning/2022/01/13/college-prep-software-naviance-is-selling-advertising-access-to-millions-of-students Proton blog on EdTech and privacy: https://proton.me/blog/ed-tech-trackers Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support the mission: https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:00: Intro 0:02:48: What's your mission at the EdTech Law Center? 0:05:20: What are the unique privacy threats for students? 0:09:46: What privacy laws are there for minors? 0:12:05: How are these laws enforced and litigated? 0:18:21: How does notice and consent work for students? 0:27:05: What rights do the kids have in these situations? 0:29:38: How are these EdTech companies? 0:31:40: Which apps and tools are most problematic and why? 0:37:20: Should minors's data be deleted when they reach adulthood? 0:40:15: Are school systems equipped to understand these contracts? 0:42:35: What about privacy issues with EdTech hardware? 0:45:50: What have we already learned via discovery or reporting? 0:50:01: As a parent, who do I talk to about my child's privacy risks at school? 0:54:16: What are some red flags to look out for? 0:57:10: What responsibilities do school systems have here? 1:00:57: So what can we do? When should we reach out to you? 1:05:02: Interview follow-up 1:06:26: Patron podcast preview 1:07:19: Looking ahead