Firewalls Don't Stop Dragons Podcast-logo

Firewalls Don't Stop Dragons Podcast

News & Politics Podcasts

A Podcast on Computer Security & Privacy for Non-Techies

A Podcast on Computer Security & Privacy for Non-Techies


United States


A Podcast on Computer Security & Privacy for Non-Techies




Trust No One

Lots of news to cover today... and to me the common thread seems to be a lack of proper security and privacy. So the theme today is "trust no one". And the idea there isn't really personal trust, but computer trust, algorithm trust, procedural trust. We need to engineer our systems and processes around the idea that data is a toxic asset that loves to find ways to leak. Assume that you will be hacked. Assume an employee will do something stupid or go rogue. Assume the "bad guys" will find a...


Social Media is Ruining Society

There are many business models and businesses that we curtail because they can be dangerous to people or democracy or society. Even rights enshrined in the US Constitution have reasonable limits. Now that it's become evident how engagement-optimized and algorithm-driven social media is ripping at the very fabric of our democracy, it's time for an intervention. Today, Phil Zimmermann (creator of PGP) will explain why things have gotten so bad and what we need to do to fix it and save civil...


Stop Using SMS for 2FA

Passwords suck and humans aren't good at using them. Password managers can help a lot, but to truly improve your account security these days, you need to add defense in depth. The easiest way to do that today is to enable two-factor authentication, or 2FA. Many websites have supported 2FA for years, but as hacking has gotten more aggressive and password databases are being stolen more often, the popularity of 2FA has grown significantly in the last year or two. Unfortunately, many 2FA...


Computers Interviewing Humans (Part 2)

Given that we're using computer algorithms to evaluate humans, can these systems be gamed or fooled? And is it possible that computers are less biased that humans? On any given day, humans can be distracted, tired, sick or just flat out biased against people for any number of reasons. Should these systems be more transparent? How do we know if they're being fair? Do we need to regulate these services? Is there a happy medium here? And finally, if you feel that you've been unfairly...


Computers Interviewing Humans (Part 1)

Convincing a human to hire you is hard enough. Can you imagine trying to convince a computer? Artificial intelligence is now being used to automate the screening of job candidates, evaluating cognitive ability, vocabulary, and even emotional intelligence. This new "hiretech" promises to weed out the bad applicants and flag the good ones by analyzing not just the substance of answers to interview questions, but also the manor in which you respond - your cadence, your word choices, your tone,...


Last Straw for LastPass

Ep210. I've recommended LastPass for years - since I wrote my book and every day since. Until now. There are several good (secure and private) password managers out there. But LastPass was the full package: a free tier that had all the functionality most people need and for-pay tiers that had very useful extras. But now they're hobbling the free version by only allowing you to use it on one type of device: either a mobile device or a computer, but not both. To me, that makes the free tier...


Tech Learning Collective (Part 2)

In the second half of my interview with the Tech Learning Collective, we delve into their course curriculum a bit, and then discuss why they teach what they teach and how they approach these topics in a unique and meaningful way. We also examine the notion of "ethical hacking" and how this term can be used to whitewash some truly unethical and immoral products and services. Finally, we discuss why it's important to know how to perform cyber attacks in order to properly defend against them....


Tech Learning Collective (Part 1)

I first learned of the Tech Learning Collective at a privacy conference in late 2020. I struck up a conversation with one of its representatives and ended up taking one of their wonderful workshops in January. The TLC offers some top-notch courses on computers with a focus on cybersecurity. Unlike college courses or cybersecurity certification courses, TLC offers eminently practical and affordable content, focused squarely on doing. It's like the difference between taking a karate class to...


Not Just a Face in the Crowd

Ep207. Clearview AI - the company that has hoovered up every face it can find on the internet to create a creepy person identifying app - is back in the news. Canada and the EU have decided that Clearview has gone too far and needs to allow its users to opt out and even delete all the data they have, upon request. It's a welcome development, but unfortunately only available to California residents in the US (plus Canada and the EU). I'll tell you how to delete your data. In other news:...


Free Speech & Deplatforming

Episode 206. The social media events around the January 6th storming of the US Capitol have sparked raging, divisive debates in the US. But the banning of individuals and the deplatforming of apps and groups are not new phenomenons. The Right of Free Speech that is enshrined in the First Amendment to the US Constitution is not limitless. It does have legal boundaries. And private companies, even monopolies, have the legal right to control access to their platforms. But does that make it...


Stop Watching Me!

Tracking and data mining has gotten way out of hand. We're not only being tracked online, we're now being tracked around the real world, too. We're truly living in a panopticon - and it's not good for us as individuals or as a democratic society. Today I'll cover several stories that make it clear that we've hit a tipping point. It has to stop. And it's going to require all of us putting pressure on our representatives to lay down some common sense rules to curb surveillance capitalism. In...


De-Googling Your Life

We all love to beat up on Facebook over user privacy, but the real granddaddy of them all is Google. Google is everywhere. And they almost surely know way more about you than any other company on the planet. In addition to all the "G" apps and services that you know about, Google also owns Android, Chrome browser, Waze, Nest and YouTube. It's extremely hard to avoid using Google. But there are alternatives that will respect your privacy - and today I'll give you a long list of viable...


Choosing a Private Email Service (Part 2)

So I want to switch to a new, privacy-respecting email service. How do I even do that? What happens to all the email I have now? What about my calendar and contacts? Am I going to have to change my email address every time I change email providers? In part 2 of my interview with Fastmail's COO Helen Horstmann-Allen, we'll answer these questions and also address the thorny issue of privileged access by law enforcement. Helen Horstmann-Allen is the Chief Operating Officer at Fastmail where she...


Choosing a Private Email Service (Part 1)

What could I learn about you if I read all your emails? Like, all of them. Since you started sending email. Beyond private conversations, I would also likely know every web site you have a relationship or account with, every online purchase you've made, every club or organization you've been a part of, and all the appointments you've made. I can also make a pretty comprehensive list of everyone you know. And that's just the tip of the iceberg. If I analyze the content of your emails, I could...


The Great SolarWinds Hack

The Russian SVR has had backdoor access to hundreds if not thousands of government and corporate networks for nearly nine months. And if not for private security firm FireEye, we might never have known. The SolarWinds supply chain hack may be the biggest, most consequential cybersecurity event ever. And it will literally be years before we understand the full impacts. However, from what we know so far, this was not an "attack" or "act of war" ... it was straight-up espionage, which is widely...


200th Podcast & New Year’s 2021!

The dumpster fire that was 2020 is almost behind us, and it's time to look forward to a brighter future in 2021! By a stroke of fortuitous coincidence, this is also my 200th podcast! To celebrate these two important milestones, we have a world-renowned security guru for our guest, Bruce Schneier, and I'll be giving away over $1800 worth of great stuff to help you improve your privacy and security in 2021! And if all of that weren't enough, I'll also be sharing with you several top-notch...


Best of 2020!

I've painstakingly scoured the last 50 episodes to select the best of the best, the cream of the crop, the top tips for the year 2020! If you're already a subscriber, this will be a great refresher - and maybe give you a chance to do some of those things you had meant to do but somehow never got around to doing it! And if you're a new subscriber, then you can catch up on some of what you missed! This would also be a great episode to share with friends and family who you feel might also...


Setting the Digital Standard (Part 2)

One today's show, Ben Moskowitz from Consumer Reports will tell us about an extremely useful tool they've created to help you improve your personal security and privacy, customized to your particular needs, called the Security Scanner. Just answer a few simple questions and it will give you a checklist of specific ways to be more secure, ranked by time, effort and cost. Consumer Reports is also pioneering a comprehensive, open-source program that will allow consumers, manufacturers, advocacy...


Setting the Digital Standard (Part 1)

Are consumers really concerned about security and privacy in the products they buy? And if so, how could manufacturers capitalize on these attributes to sell more of their products? Consumer Reports has recently published an important, comprehensive study of consumer attitudes towards privacy and security, including the historical evolution of these feelings. The result is a roadmap which companies can use to better serve this fast-growing market. Today we'll discuss this study and its...


Best & Worst Gifts Guide 2020

Looking for fun gifts that won't also be gifts to hackers and data miners? In today's show, I'll list off the top products and services from my annual Naughty & Nice gifts guide! Every year, I review several popular gifts and give you my recommendations on which ones to buy and which ones to avoid like the plague (or the pandemic?). In other news: Spotify has been hacked and you should change your password; Google is looking to add end-to-end encryption to its new Android RCS messaging...