The Lockdown - Practical Privacy & Security

In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple’s private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it’s not hackers with Wireshark), and share my approach with aliases. I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google’s strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas. In this week’s episode: Matrix Community Rooms https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: https://maclookup.app/https://oui.is/https://www.33mail.com/https://github.com/evilsocket/opensnitchhttps://privacy.comhttps://lithic.comhttps://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_governmenthttps://www.androidauthority.com/google-not-killing-aosp-3566882/https://grapheneos.social/@GrapheneOS/114359660453627718https://grapheneos.social/@GrapheneOS/114671100848024807https://grapheneos.social/@GrapheneOS/114825492698412916https://grapheneos.social/@GrapheneOS/114824816120139544“Social engineering bypasses all technologies, including firewalls.”- Kevin Mitnick ★ Support this podcast on Patreon ★

In this episode, I explore the difference between the military mindset and the more stealth approach of minimization in cybersecurity. I share the results from the Ghost in the Source Capture the Flag (CTF) challenge, revealing how the winners cracked the AES encryption using dictionary attacks, keyword harvesting and the cipher tool hidden in robots.txt. I discuss why the “assume breach” mentality just leaves the doors wide open, using examples from Kevin Mitnick’s 1981 Pacific Bell infiltration to modern ransomware groups like Scattered Spider who breached MGM and Marks & Spencer through social engineering. I also cover practical tactics for using public Wi-Fi, data curation techniques, the invisible surveillance net including Stingray devices, and provide a deep dive into GrapheneOS covering user profiles, app sandboxing, network controls, sensor permissions, and the proper use of sandboxed Google Play services. In this week’s episode: Matrix Community Rooms https://matrix.to/#/#psysecure:matrix.orgIndividual Room Links: https://matrix.to/#/#lockdown-general:matrix.orghttps://matrix.to/#/#lockdown-podcast:matrix.orghttps://matrix.to/#/#lockdown-intro:matrix.orgShow Links: https://www.youtube.com/watch?v=QIWsTMcBrjQhttps://www.youtube.com/watch?v=PfIwUlY44CMhttps://tryhackme.comhttps://hackthebox.comhttps://www.wired.com/story/2024-dnc-cell-site-simulator-phone-surveillance/https://inteltechniques.com/workbook.htmlhttps://optery.comhttps://grapheneos.org“We’re dragons. We’re not supposed to live by other people’s rules.”- Hajime Ryudo ★ Support this podcast on Patreon ★

In this episode, I discuss three key strategies for maintaining privacy and security across your physical mailbox, email, and phone. I discuss the growing Matrix community, explore alternative mailing solutions using co-working spaces, detail a four-tier email strategy, and examine the concerning spread of Flock ALPR cameras. I also share insights on anonymous eSIM options and answer listener questions about dealing with Know-Your-Customer requirements. In this week’s episode: Show Links: https://matrix.org/clientshttps://matrix.to/#/#psysecure:matrix.orghttps://www.smarty.com/products/single-addresshttps://www.expireddomains.net/https://stealths.net/https://deflock.me/https://www.flocksafety.com/privacy-policyhttps://www.eff.org/deeplinks/2025/02/anti-surveillance-mapmaker-refuses-flock-safetys-cease-and-desist-demandhttps://psysecure.com/ctf “Imagine this situation where we have the huge electronic intercommunication so that everybody is in touch with everybody else in such a way that it reveals their inmost thoughts, and there is no longer any individuality. No privacy. Everything you are, everything you think, is revealed to everyone.” - “Future of Communications” Alan Watts Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, I discuss breaking free from the Apple ecosystem, the dangers of social media oversharing, and introduce our new Matrix community. I also cover the upcoming capture the flag challenge, share thoughts on the OSINT Defense & Security Framework progress, and rant about security theater at airports and online services that block VPNs. In this week’s episode: Show Links: https://matrix.to/#/#psysecure:matrix.orghttps://psysecure.com/ctfhttps://grayjay.apphttps://newpipe.nethttps://shop.hak5.org/products/wifi-pineapplehttps://system76.com/laptopshttps://www.obdev.at/products/littlesnitch/“I hope for nothing. I fear nothing. I am free.”- Nikos Kazantzakis Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this brief episode between travels, I announce the “Ghost in the Source” capture the flag challenge, a cryptographic hunt on my website starting June 21st, 2025. At the end of June I will pick 3 lucky winners which will receive a 6-month TryHackMe subscription voucher. I also provide an update on our new Matrix community. In this week’s episode: Show Links: https://psysecure.com/ctf/“When I float weightless back to the surface, I’m imagining I’m becoming someone else.”- Motoko Kusanagi Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, I explore the privacy implications of using AI apps like ChatGPT and Claude on mobile devices. I discuss why ChatGPT’s requirement for Google Play Store login and audio recording storage led me to Claude on my GrapheneOS device. I also cover my daily app setup, Windows telemetry blocking with SimpleWall, macOS privacy with Little Snitch, and the potential of System76 Linux laptops. In this week’s episode: Show Links: https://privacy.anthropic.com/en/articles/10458704...https://duck.aihttps://futo.org/https://auroraoss.com/aurora-storehttps://github.com/henrypp/simplewallhttps://www.obdev.at/products/littlesnitch/https://geospy.nethttps://system76.com/https://www.youtube.com/@MentalOutlawhttps://www.blackmagicdesign.com/products/davinciresolvehttps://psysecure.com/services/odsf/“██████REDACTED███”- █████████ Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, I discuss what has been keeping me away from the mic, the Open Source Intelligence Defense and Security Framework (ODSF), and share updates on privacy topics including browser security, autonomous taxis, airport security cameras, and managing cryptocurrency. I also address listener questions about anonymous SIM cards and creating separate online identities. Official Website: https://psysecure.com In this week’s episode: Show Links: https://github.com/iancoleman/bip39https://phoenix.acinq.cohttps://zeusln.comhttps://librewolf.net/https://github.com/Akylas/OSS-DocumentScannerhttps://github.com/mullvad/mullvad-browser/issues/358https://github.com/mullvad/mullvad-browser/issues/152“Minimize what can be known.”- Me Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, we dive into Apple’s latest privacy retreat with the removal of Advanced Data Protection (ADP) for iCloud in the UK. We break down why Apple made this move, how ADP works, and what it means for users who care about encryption and data security. If you’re in the UK and using Apple’s ecosystem, this episode is a must-listen as I cover strategies to keep your data secure despite Apple’s decision. In this week’s episode: Show Links: https://www.bbc.com/news/articles/cgj54eq4vejohttps://www.macrumors.com/2025/02/11/apple-intelligence-re-enabled-in-latest-updates/https://psysecure.com/complete-setup-guide-to-pfSensehttps://psysecure.com/self-hosting-nextlcoudhttps://mobiussync.com/https://obsidian.md/“The right to privacy is not merely a right to secrecy. It is a right to control information about oneself.”- Anonymous Podcast music: The R3cluse Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this week’s episode, we take a deep dive into Session, a private messaging app, with its co-founder Kee Jefferys. We discuss the philosophy behind Session, its technical architecture, and the broader implications of privacy in a world increasingly hostile to anonymous communication. Kee shares insights on the importance of decentralized networks, the risks of phone number-based messaging, and the role of cryptocurrency in supporting private infrastructure. We also touch on operational security (OPSEC), the real-world challenges of getting people to adopt privacy tools, and how Session is working to improve usability while maintaining strong privacy protections. In this week’s episode: Show Links: https://getsession.orghttps://getsession.org/litepaperhttps://patreon.com/TheLockdownhttps://x.com/JefferysKeeUntil they become conscious they will never rebel, and until after they have rebelled they cannot become conscious.- George Orwell, 1984 Podcast music: The R3cluse Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this week's episode we dive deep into both the psychological and privacy implications of social media apps. I reflect on my observations during recent travels, and explore how social media platforms are distorting human connections while simultaneously collecting vast amounts of personal data. The episode also tackles the technical aspects of email systems to the limitations of encrypted messaging apps, providing practical advice for maintaining privacy. In this week's episode: Show Links: https://patreon.com/TheLockdownhttps://grapheneos.orghttps://medium.com/design-bootcamp/the-neuroscience-of-engagement-b50531a9313b "The right information at the right time is deadlier than any weapon." - Dolores Abernathy (Westworld) Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

This week on The Lockdown, The Practical Privacy & Security Podcast, we’re kicking off the new year with reflections, updates, and a deep dive into key privacy issues that are shaping 2025. From privacy settings on iOS and GrapheneOS, to AI assistants and their potential privacy pitfalls, this episode covers practical advice, insights, and solutions for everyday users. Additionally, I explore new state-level privacy laws across the U.S. and what they mean for both businesses and individuals. In this week’s episode: Show Links: Apple offers $95 million in Siri privacy violation settlementAmazon to pay $31 million in privacy violation penalties for Alexa voice assistant and Ring cameraNulide / FindMyDevice · GitLabBritish journalist could face years in prison for refusing to hand over his passwords to the police - Il Fatto QuotidianoVolkswagen EV data leak exposes personal information of 3.3 million peopleTesla data helped police after Las Vegas truck explosion, but experts have wider privacy concerns Support this show: https://www.patreon.com/c/TheLockdown Official website: https://psysecure.com/podcast/ "If you want to keep a secret, you must also hide it from yourself." -George Orwell Podcast music: The R3cluse Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode I speak with Luke Mulks, who is the VP of Business Operations at Brave Software. We discuss the privacy concerns over traditional web-based ads, and why Brave is offering a privacy-first alternative. Show Links: https://brave.com/podcast/ https://brave.com/podcast/"Well who's gonna monitor the monitors of the monitors?" - Carla Dean (Enemy of the State) Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, we go back to the basics as I discuss what I would do today if I were starting from scratch. It begins with deleting social media accounts, especially Facebook. Additionally, we have an update from Optery in response to listener feedback. We discuss tools like LibreWolf, Brave, and GrapheneOS, and compare privacy approaches for mobile devices, including Pixel and iPhone. A segment is dedicated to starting a privacy-first journey, from deleting social media accounts to adopting secure communication and password management practices. The episode also touches on how AI, including large language models (LLMs), is reshaping privacy concerns by building highly accurate profiles of users. In this week’s episode: Show Links: https://psysecure.com/self-hosting-nextlcoudhttps://librewolf.net/https://grapheneos.org/https://www.nytimes.com/2023/05/22/business/meta-facebook-eu-privacy-fine.htmlhttps://www.surveillancewatch.io/ "The world outside, the world that you know, it’s gone. It doesn’t exist." – Christof Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, recorded on October 10, 2024, I dive into privacy and security during natural disasters, highlighting essential tools like iOS 18’s satellite messaging and Starlink for maintaining communication when traditional systems fail. Next I dive into self-hosting in depth, particularly focusing on Nextcloud for privacy-conscious file sync. The episode concludes with a detailed analysis of a critical vulnerability in Firefox and the merits of switching to LibreWolf for enhanced privacy and security. In this week’s episode: Show Links: https://www.psysecure.com/self-hosting-nextlcoudhttps://www.starlink.com/https://www.backblaze.com/cloud-storagehttps://restic.readthedocs.io/en/latest/faq.htmlhttps://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.htmlhttps://www.bleepingcomputer.com/news/security/firefox-users-fingerprinted-via-cached-intermediate-https-certificates/https://discourse.mozilla.org/t/fixed-certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/https://librewolf.net/ All warfare is based on deception. - Sun Tzu Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this episode, we have a special guest, Tyler Murphy, co-founder of EasyOptOuts, a data removal service focused on helping people remove their personal information from publicly accessible people search sites. Tyler discusses the inspiration behind EasyOptOuts, the challenges of maintaining privacy in a world of constant data breaches, and offers insights into data removal from various brokers. This conversation is packed with advice for anyone looking to regain control over their online privacy. In this week’s episode: Show Links: EasyOptOuts - https://www.easyoptouts.com/ Imagine, then, this situation where we have the huge electronic intercommunication so that everybody is in touch with everybody else in such a way that it reveals their inmost thoughts, and there is no longer any individuality. No privacy. Everything you are, everything you think is revealed to everyone. - Alan Watts Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In today’s show, I discuss the National Public Data (NPD) breach, which contains 2.7 billion records, including the social security numbers of US residents. I cover how to check if your SSN is part of the breach and emphasize the importance of setting up a credit freeze for yourself and your kids. I also explore some useful tools for searching large datasets and share my thoughts on a Reddit post. In this week's episode: Show Links: Simplewall - https://github.com/henrypp/simplewall ElevenTray - https://github.com/locksec/eleventray OnlyOffice - https://www.onlyoffice.com/ LibreOffice - https://www.libreoffice.org/ Credit Freeze Guide - https://inteltechniques.com/freeze.html Credit Freeze for Kids: Equifax - https://www.equifax.com/personal/education/identity-theft/articles/-/learn/freezing-your-childs-credit-report-faq/ (800)685-1111 Equifax Security Freeze, PO Box 105788, Atlanta, Georgia 30348 Experian - https://www.experian.com/help/minor-request.html (888)397-3742 Experian Security Freeze. PO Box 9554, Allen, TX 75013 TransUnion - https://www.transunion.com/credit-freeze/credit-freeze-faq#freeze-other-minor-0 (888)909-8872 TransUnion, P.O. Box 380, Woodlyn, PA 19094 https://www.transunion.com/credit-disputes/child-identity-theft-inquiry-form > I know why you're here, Neo. I know what you've been doing... why you hardly sleep, why you live alone, and why night after night, you sit by your computer. - Trinity (The Matrix) Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

This week I respond to a few listener questions, primarily around the use of social media as a privacy enthusiast. Love it or hate it, you can guess which camp I'm in, social media like LinkedIn has almost become a requirement for job searches, employers, and connecting with other professionals. I also touch on OPSEC for OSINT, a new talk track I am planning to present in the future. It's important for all of us to maintain better Operational Security (OPSEC). Finally, I share my latest blog post: Venturing into AI Security with Locally Hosted LLMs, and why locally hosted AI is essential for privacy. In this week's episode: Show Links: https://www.nytimes.com/interactive/2023/12/22/technology/openai-chatgpt-privacy-exploit.htmlhttps://www.ncbi.nlm.nih.gov/pmc/articles/PMC5362930/https://lockdown.media/ai-security-with-llmshttps://www.expireddomains.net/https://simplelogin.io/Because you made a phone call. - Brill (Enemy of the State) Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

In this week’s show, I take a deeper dive into Apple’s iCloud Private Relay, discussing who should and who shouldn’t use it. I then discuss my latest article, “The Complete Setup Guide to pfSense for Privacy and Security,” and the benefits of an always-on VPN. Lastly, for those who are parents, I offer a discussion on privacy for kids and some non-invasive techniques for protecting them online. In this week's episode: Show Links: https://lockdown.media/complete-setup-guide-to-pfsensehttps://nextdns.io/https://docs.netgate.com/pfsense/en/latest/packages/list.htmlhttps://www.tomsguide.com/phones/iphones/having-browsing-trouble-on-apple-devices-youre-not-alone-apples-private-relay-system-is-having-problemshttps://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF“You never had a camera in my head.”- Truman Burbank Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

This week we go back to the basics of privacy and security for the average Joe or Jane, and discuss the latest iPhone settings for privacy. I also discuss the Twilio Authy API abuse that resulted in 33 million phone numbers for Authy accounts being exposed. Huge thank you to the Patreon supporters! In this week's episode: Show Links: https://support.1password.com/security-assessments/https://bitwarden.com/help/is-bitwarden-audited/https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/https://mysudo.com/https://protonmail.com/https://strongboxsafe.com/https://www.keepassdx.com/https://www.amazon.com/gp/product/B07ZJS3L5Y"I don't want to live in a world where there's no privacy, and therefore no room for intellectual exploration and creativity." - Edward Snowden Podcast music: Recluse by Ray Heffer Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★

After escaping to the mountains and living like a recluse for the past few months, I am back. In this week's show, I discuss my latest experiences in purchasing a home and titling in a living trust, along with the potential obstacles with title deeds and mortgage lenders, and avoiding data breaches with utility companies. I also revisit GrapheneOS after using it daily for the past year, and answer listener questions. In this week's episode: "Privacy is rarely lost in one fell swoop. It is usually eroded over time, bit by bit."- Daniel J. Solove Official Website: https://psysecure.com Podcast music: The R3cluse ★ Support this podcast on Patreon ★