The Lockdown - Practical Privacy & Security

In this week's show, I discuss CLEAR's intrusive privacy policy and highlight alternatives to Authy using KeePass, with a privacy friendly solution for scanning QR codes. I also address the common mistakes people make when backing up their MFA codes. Additionally, I share some of the highlights from attending the SANS OSINT Summit in Washington, D.C., and explore various uses for custom domain names. Finally, I touch on the Starbucks app and the benefits of using Tello for pre-paid SIM cards. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on March 14, 2024 In this week's episode: Show Links: CLEAR Security Breachhttps://www.youtube.com/watch?v=i0I0BTtnMC4OSINT Combine Free Toolsosintcombine.com/freetoolsWhatsmynamehttps://whatsmyname.app/Tellohttps://tello.com/QR Scanner (PFA) by Secuso Research Grouphttps://secuso.aifb.kit.edu/english/QR_Scanner.phpSkull Gameshttps://skullgames.io/Trace Labshttps://www.tracelabs.org/Expired Domainshttps://www.expireddomains.net/deleted-domains/- Supreme Court Justice William O. Douglas

In today's show, I have a conversation with Lawrence Gentilello, the CEO and Founder of Optery, a personal data removal service. Lawrence shares his own experiences with identity theft and what motivated him to start Optery. We also discuss the future of privacy in the United States, Utah's new privacy law, the Utah Consumer Privacy Act (UCPA), and the bare minimum you should be doing to protect and secure your private data. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on March 6, 2024 Follow Ray on Twitter @privacypod In this week's episode: Show Links: Optery websitehttps://www.optery.com/PC Magazine Editors Choice Award for Opteryhttps://www.pcmag.com/reviews/opteryPC Magazine's list of the best personal data removal serviceshttps://www.pcmag.com/picks/the-best-personal-data-removal-servicesUtah Consumer Privacy Act (UCPA)https://attorneygeneral.utah.gov/utah-consumer-protection-act-a-new-law-to-protect-online-privacy/- Philip R. Zimmermann, creator of PGP encryption

In this weeks show I discuss some of the concerns of using TOR over a VPN, and take another look at data removal from people search sites, including a look at Mozilla Monitor, a new service for data removal from the makers of Firefox. I'll also discuss the importance of freezing your credit and putting the title of your home into a revocable living trust, prior to removing your records from people search sites. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on February 16, 2024 In this week's episode: Show Links: Mozilla Monitor:https://monitor.mozilla.orgTor Browser:https://www.torproject.org/downloadDeepCorr:https://dl.acm.org/doi/pdf/10.1145/3243734.3243824Foundations of Digital Privacy, Part One:https://lockdown.media/the-foundations-of-digital-privacy-George Orwell

In this Friday Field Notes episode of The Lockdown, I share my experience with imposter syndrome, and compare practical privacy approaches with extreme measures, inspired by my move to the USA. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on January 31, 2024 In this week's episode: Show Links: qView Image Viewer: https://interversehq.com/qviewGPG4Winhttps://www.gpg4win.org/download.htmlWindows 10 LTSC:ttps://www.cdw.com/search/?key=Windows%20LTSCSimplewall: https://github.com/henrypp/simplewall-Oscar Wilde Music: The Lockdown

This week, I introduce Defensive OSINT, address privacy concerns while on the road, and examine the intricacies of alias usage and AI-based face morphing for photo alteration. Sharing insights from my recent travels, I highlight the need for vigilance and innovative strategies for maintaining privacy on the go. The episode explores the pros and cons of using alias names for hotel bookings, including the challenges of identity verification during check-in, while I discuss smart, alternative solutions for these scenarios. Join me as we navigate the complexities of preserving privacy in an era rife with survlleiance and data breaches, providing practical tips and advice for privacy-conscious travelers and digital citizens. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on January 27, 2024 In This Week's Show: Show Links: https://www.amazon.com/Portable-Security-Additional-Traveling-Apartment/dp/B0CFVS6NRNhttps://github.com/locksec/tpdne_pyhttps://facemorph.mehttps://www.upscayl.orghttps://nikkhokkho.sourceforge.io/static.php?page=FileOptimizerIntro voice-over: IRLRosie - Creative Commons Attribution license (reuse allowed) Music: The Lockdown

In this week's episode, it's time to wrap up 2023 with another look at Privacy.com, and my strategies for avoiding bank account lockout. I delve into the CIA Triad, breaking down its relevance to everyday privacy concerns. The episode also takes a practical turn with a guide on using FindMyDevice on GrapheneOS, and the FindMyDevice feature on the Garmin Instinct 2 watch for tracking lost phones. I also tackle the debate between biometric authentication and passcodes, taking our threat model into consideration. For those interested in storage synchronization solutions, I discuss using Nextcloud for a variety of purposes, including photo backups, syncing Keepass, and markdown notes, highlighting its versatility for privacy. Join me for an episode packed with valuable insights and tips for enhancing your digital privacy and security as we welcome in 2024! Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on January 03, 2024 In this week's episode: 1. Closing 2023 with Privacy.com 2. How the CIA Triad Relates to privacy 3. Tracking Lost Phones with FindMyDevice on GrapheneOS and a Garmin watch 4. Biometric authentication vs Passcodes 5. Using Nextcloud for photo backups, Keepass Sync, and taking notes in Markdown 6. Backups with Backblaze B2 and Restic Show Links: https://www.privacy.com https://strongboxsafe.com https://www.keepassdx.com https://grapheneos.org https://gitlab.com/Nulide/findmydevice https://obsidian.md https://www.backblaze.com/cloud-storage https://restic.net https://www.garmin.com/en-US/p/775697 Ray Ban Meta News: https://san.com/cc/investigation-into-new-meta-smart-glasses-brings-privacy-concerns Music: The Lockdown "We suffer more often in imagination than in reality." - Seneca

In this week’s show, Ray Heffer gives a farewell to Michael Bazzell's Privacy, Security, and OSINT show. Also, speculation about living in a faraday cage continues, and the reasons Firefox is still better than Brave for privacy and security. Ray also talks about when privacy techniques go wrong, with his lockout from Privacy.com. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on November 22nd, 2023 This week's episode: Links mentioned in the show: MITRE ATT&CK (Credentials from Web Browsers): https://attack.mitre.org/techniques/T1555/003/ MITRE ATT&CK (Password Managers): https://attack.mitre.org/techniques/T1555/005/ Tor Project Recommendations: https://support.torproject.org/tbb/tbb-9/ Brave (VPN Services) Issue: https://github.com/brave/brave-browser/issues/33726 Citi Virtual Credit Cards: https://www.cardbenefits.citi.com/Products/Virtual-Account-Numbers Citi (True Name) Card: https://banking.citi.com/cbol/updatemyname/default.htm IronVest (Formerly Abine Blur): https://ironvest.com/pricing/ Wise Virtual Card (UK): https://wise.com/gb/virtual-card/ Intro music: The Lockdown "Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

In this week’s FRIDAY FIELD NOTES, Ray Heffer discusses the Zero Trust security model, a framework that's revolutionizing how organizations protect their critical systems and data. Diving into the depths of cybersecurity, we clear up common myths and misinterpretations surrounding Zero Trust, illuminating its role as not just a defensive strategy but a comprehensive approach to modern threats. Zero Trust operates on the principle of "never trust, always verify," but what does this mean in practice? Zero Trust doesn't just look outward; it recognizes that threats also come from the inside. By assuming that a breach is not just possible, but has already happened, Zero Trust strategies are uniquely positioned to mitigate damage by insiders, whether malicious or accidental. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on November 09, 2023 This week's episode: NIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/pubs/sp/800/207/final CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html Intro music: The Lockdown "Security is always seen as too much until the day it is not enough." — William H. Webster

Welcome to episode four of The Lockdown - The Practical Privacy and Security podcast. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on November 06, 2023 This week's episode: 1. I'm back! 2. Traveling to London and Los Angeles 3. A major privacy invasion for Jennifer Lawrence 4. The Psychology of social engineering Intro music: The Lockdown "To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment." - Ralph Waldo Emerson

Welcome to episode three of The Lockdown - The Practical Privacy and Security podcast. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on April 09, 2023 This week's episode: 1. The case of Zachary McCoy 2. Why do all this? 3. The Apple Ecosystem 4. My experience with GrapheneOS Get GrapheneOS: https://grapheneos.org/ The case of Zachary McCoy: https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google Tracking Phones, Google Is a Dragnet for the Police: https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.html Denmark frees 32 inmates over flaws in phone geo-location evidence: https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelations Intro music: The Lockdown "The rights of one are as sacred as the rights of a million." - Eugene V. Debs

Welcome to episode two of The Lockdown - Practical Privacy and Security podcast. In this episode I share the saga of the LastPass breach, and my thoughts on password managers and authenticator apps. Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on March 19, 2023 This week's episode: 1. The LastPass Breach 2. Password Managers: Dashlane, 1Password, BitWarden, and KeePassXC 3. Authenticator Apps: Google Authenticator, Aegis, and Authy. Recommended Password Managers: 1. https://keepassxc.org (Desktop) 2. https://www.keepassdx.com (Android only) 3. https://strongboxsafe.com (iOS only) 4. https://bitwarden.com (Top recommendation for cloud hosted) 5. https://1password.com (Ease of use, and great option for cloud hosted) 6. https://www.dashlane.com (Expensive, no desktop app) Recommended Authenticator Apps: 1. https://authy.com 2. https://getaegis.app (Android only) Get Yubikey: https://www.yubico.com Intro music: The Lockdown "In the long run, we will have to rebuild the universe of the online world to have security first and ease of use second." - Moxie Marlinspike

Follow on Twitter (X): @privacypod Support the show: https://www.patreon.com/TheLockdown This episode was recorded on March 10, 2023 Show Links: Stalkerware: https://www.theregister.com/2023/02/07/stalkerware_developer_fined/ IntelTechniques (List of People Search Sites): https://inteltechniques.com/workbook.html This week's privacy tips: 1. Privacy check-up / opt-out from people search sites 2. Establish a Revocable Living Trust. Be sure to hire an estate planning attorney. 3. Custom domains with Namecheap and add privacy. 4. Setup a private mailbox with UPS. 5. Use Privacy.com for virtual payment cards. 6. MySudo virtual phone numbers. Stop being tracked, and avoid SIM swap attacks! 7. Use SimpleMobile or Mint for a pre-paid cellphone option. Not Sponsors: https://www.privacy.com/ https://mysudo.com/ https://www.namecheap.com/ Intro music: The Lockdown “Who controls the past controls the future. Who controls the present controls the past.” - 1984 by George Orwell