Firewalls Don't Stop Dragons Podcast

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain. In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case. Article Links Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25 Further Info Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/  Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:03: News rundown 0:03:17: Walmart buys Vizio for ads, data 0:08:57: Public Zoom calls secretly turned into podcasts 0:17:24: Navia leaks millions of SSNs 0:20:28: TP-Link router vulnerabilities 0:36:25: H&R Block’s horrific tax software 0:45:41: New Claude Mac feature is too dangerous 0:48:22: macOS 24 blocks ClickFix? 0:50:44: Facebook, Google lose huge lawsuit 0:54:22: Patron podcast preview 0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors. Interview Notes Privacy Guides: https://www.privacyguides.org/  The New Oil: https://thenewoil.org/  Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/ This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455  Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/  Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:18: Intro 0:02:11: Why did you get into privacy? 0:07:44: What’s the most enduring privacy myth? 0:14:13: Do you find people dislike the answer “it depends”? 0:16:50: How would you describe your target audience? 0:22:00: How do you evaluate privacy products? 0:27:59: What products have you unrecommended and why? 0:34:27: What are major privacy red flags? 0:43:09: What product do you use that you do not recommend to others? 0:48:05: How will you handle age checks or repeal of Section 230? 0:55:09: Who do you look to for privacy advice? 1:04:22: What’s next for you guys? 1:08:30: Wrap-up 1:10:46: Patron podcast preview 1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface. Article Links Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/ Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/ Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027 Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/ Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/ Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/ You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/  Further Info Greynoise IP Check: https://check.labs.greynoise.io/  Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026  CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services  CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:35: News rundown 0:03:41: Update your Asus routers 0:08:55: Instragram drops E2EE 0:12:57: Porn addiction app exposed user data 0:19:54: Dangers of age verification laws 0:30:45: Car surveillance mandatory in 2027 0:35:46: Cyberattack kills breathalizer-equipped cars 0:39:41: LLMs can deanonymize users 0:51:11: Chat Control defeated! 0:55:22: Firefox free VPN coming 0:59:05: New Apple security fix mechanism 1:03:14: Tip of the Week 1:09:09: More security tips 1:13:53: Patron podcast preview 1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening. Interview Notes Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/  Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/  Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo  Consumer Reports: https://www.consumerreports.org/  More Perfect Union: https://perfectunion.us/  Get involved: https://action.consumerreports.org/  Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/  Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/  Amazon price tracker: https://camelcamelcamel.com/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:02:44: What’s your background? 0:04:26: What triggered this study? 0:06:08: How did you test this theory? 0:09:25: How prevalent is this practice? 0:11:27: What is a “customer surplus”? 0:13:44: Did the pandemic exacerbate this? 0:15:08: Is this practice legal? 0:21:42: How do ESL’s work? 0:25:52: Are all the add-on fees legit? 0:28:01: Are the stores participating in this, too? 0:32:01: What do they learn from loyalty programs? 0:37:38: Are digital coupons dynamic, too? 0:41:07: Does this amount to price fixing? 0:44:21: What’s been the reaction to your report? 0:49:00: What will you study next? 0:53:04: What can we do about this? 0:58:39: How can we support your work? 1:00:39: Wrap-up 1:03:27: Patron podcast preview

Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to. In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource. Article Links Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/ Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/ Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.html What Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disaster New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/ Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/ Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/ Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillance Privacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10 Ente Locker – Safe space for your most important documents https://ente.io/locker/ Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/ Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:01:54: News rundown 0:03:36: Amazon wishlist change exposes your address 0:08:44: New iOS exploit kit leaks 0:14:21: Israel hacked traffic cams to kill Khamenei 0:17:19: Meta’s AI glasses privacy nightmware 0:22:32: AirSnitch WiFi attack 0:26:31: Microsoft AI bug exposes private emails 0:29:35: Discord backtracks on age verification 0:34:38: Senators reintroduce surveillance transparency bill 0:39:15: Call to remove hidden surveillance cameras 0:44:44: Ente Locker 0:47:51: Privacy Activist Toolbox 0:51:53: Tip of the Week 1:00:36: Patron podcast preview 1:02:15: Looking ahead

Cellular providers need to know your location in order to deliver calls and text message to your phone. But it turns out that they really don’t need to know who you are to give you that service. They only need to know how to bill you – and that information can be at little as knowing your ZIP+4 code. Why do we give so much personal information to our mobile service providers when we don’t have to? Today, Nick Merrill, founder of Phreeli, will explain how he can give you top notch cell service and know almost nothing about you. Interview Notes Phreeli: https://www.phreeli.com/  Double Blind Armadillo: https://www.phreeli.com/files/PhreeliDoubleBlindArmadilloWhitePaper.pdf  Wired article: https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/  Call Detail Record: https://en.wikipedia.org/wiki/Call_detail_record  2600 Magazine: https://www.2600.com/  Zero-Knowledge Proofs: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:12: Intro 0:02:25: Zero Knowledge Proofs! 0:03:35: Lingo 0:07:29: How did you come to found Phreeli? 0:15:08: Who is your target audience? 0:19:18: How can you get by with just ZIP+4? 0:24:10: Is Phreeli more private, say, Mint? 0:28:33: How do I recover my Phreeli acccount? 0:30:22: What identifiers are tied to cell phones? 0:37:12: Can Phreeli work law requires KYC? 0:41:09: How do you separate billing from service? 0:47:23: How can a cellular provider hide a user’s location? 0:51:44: Do telecom networks have inherent privacy problems? 0:55:30: How do you handle lawful intercept? 0:59:13: How do you convince the skeptics? 1:02:19: What’s the current feature roadmap? 1:04:19: Wrap-up 1:08:59: Patron podcast preview 1:10:35: Looking ahead

In my seemingly never-ending quest to replace all things Google, I’ve finally found some solid, private alternatives to Google Sheets and Google Forms. And we’ll also talk about how the EU is looking to create competing products to reduce their dependence on Big Tech from Silicon Valley. In the news: Australian drivers’ info exposed in breach; school admissions website leaked student data; Discord is rolling out age verification; more countries move to ban social media for kids; Big Tech companies volunteer data to DHS on anti-ICE users; Meta wanted to sneak out facial recognition; researchers find tricky bugs in password managers; DJI robovacs were wide open on the internet; Ring’s mass surveillance efforts garner blow back; Russia blocks WhatsApp and Telegram. Article Links More than 200,000 Australian drivers exposed in massive data breach https://www.drive.com.au/news/over-200000-driver-licences-hacked-in-massive-data-breach/ Bug in student admissions website exposed children’s personal information https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/ Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out These are the countries moving to ban social media for children https://techcrunch.com/2026/02/17/social-media-ban-children-countries-list/ Reddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users https://gizmodo.com/reddit-meta-and-google-voluntarily-gave-dhs-info-of-anti-ice-users-report-says-2000722279 Meta reportedly wants to add face recognition to smart glasses while privacy advocates are distracted https://www.theverge.com/tech/878725/meta-facial-recognition-smart-glasses-name-tag-privacy-advoates Password managers less secure than promised https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html The DJI Romo robovac had security so poor, this man remotely accessed thousands of them https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt With Ring, American Consumers Built a Surveillance Dragnet https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/ WhatsApp and Telegram blocked in Russia, Meta ‘extremist organization’ https://9to5mac.com/2026/02/12/whatsapp-and-telegram-blocked-in-russia-as-meta-designated-an-extremist-organization/ Europe is ready to ditch US tech for private alternatives https://proton.me/blog/european-alternative-us-tech-survey Tip of the Week: https://firewallsdontstopdragons.com/de-google-my-life-part-5/  Further Info Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time/  Try Mastodon! https://firewallsdontstopdragons.com/how-to-move-to-mastodon/   Proton referral link: https://pr.tn/ref/ZMNG3DNK  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:01:54: News rundown 0:04:27: 200k+ Australian drivers’ data exposed 0:08:08: Aadmissions site exposed children’s info 0:12:44: Discord to implement age checks 0:23:50: Countries looking to ban social media for kids 0:29:40: Meta, Google Gave DHS Info of Anti-ICE Users 0:32:37: Meta wants to add face recognition while privacy advocates are distracted 0:37:10: Password manager bugs fixed 0:39:57: DJI robovacs security flaw fixed 0:45:43: Ring’s new Search Party feature 0:56:36: Russia blocks Telegram, WhatsApp 0:59:15: Europe is ready to ditch US tech 1:04:26: Tip of the Week 1:08:07: Proton referral 1:08:50: Patron podcast preview 1:09:20: Looking ahead

Today I speak with Yahoo CISO Sean Zadig – aka, the Chief Paranoid. Sean has had a long and varied career in cybersecurity, working both in law enforcement (at NASA!) and working security for Big Tech. I’ll ask Sean how we can teach our kids about cybersecurity, and how to protect them from the worst of the internet without compromising anyone’s privacy. I’ll also get his perspective on the relationship between Big Tech, user data, law enforcement and the Fourth Amendment. Interview Notes The Paranoids (Yahoo): https://www.yahooinc.com/our-technology/paranoids  Suddenly a CISO: https://www.yahooinc.com/paranoids/suddenly-a-ciso-four-pieces-of-transitional-advice  Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:20: Lingo 0:02:06: How did you become CISO at Yahoo? 0:05:38: Has AI made you job harder? 0:08:54: What the Paranoid ethos? 0:11:49: What a kids taught about cybersecurity? 0:14:05: How do we interest kids in cybersecurity? 0:17:35: How do we get kids to care about privacy? 0:21:42: Can we verify age privately? 0:25:06: Should parents control content restrictions? 0:28:36: Are kids echewing tech today? 0:31:51: How do we combat CSAM? 0:40:31: What’s it like working in law enforement? 0:47:14: Can we get Big Tech to collect less private data? 0:52:19: Is law enforcement skirting the 4th Amendment? 0:58:14: What’s next for The Paranoids? 1:00:01: Wrap-up 1:00:12: Patron podcast preview 1:01:10: Survey highlights 1:05:40: 2026 Milestones 1:06:49: Looking ahead

The latest craze with artificial intelligence is agentic AI – exhibited most recently in the viral AI project called ClawdBot… or Moltbot… or OpenClaw. (The name has changed two times in less than a week.) You download this software, give it access to your AI chatbot accounts, and then give it full and complete access to your computer and online accounts. Why? So you can have an all-powerful assistant who can do real things in the real world as if they were you! What could go wrong? In other news: a new lawsuit claims Meta can read all your WhatsApp messages; an AI toy exposed chat transcripts of their toddler owners; another AI app leaks millions of private conversations; TikTok’s new terms of service are very scary; the US wants visitors to fork over tons of personal info; UK officials were hit by Volt Typhoon; the UK wants to increase facial recognition in public places; the FBI failed to unlock journalist’s iPhone with Lockdown Mode enabled; Google adds cool anti-theft features; CA town disables Flock cameras; Google cripples home proxy network; and Firefox adds one toggle to disable AI features. Article Links WhatsApp Encryption, a Lawsuit, and a Lot of Noise https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/ An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/ Massive AI Chat App Leaked Millions of Users Private Conversations https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/ TikTok’s New Terms of Service Has Raised Alarm Bells https://lifehacker.com/tech/tiktoks-new-ownership-tos-concerns The Trump Administration wants your DNA and social media https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media Hackers suspected of spying on UK officials’ calls for years https://www.theregister.com/2026/01/27/chinalinked_hackers_accused_of_yearslong/ Police to get 40 new live facial recognition vans and AI help in sweeping reforms https://news.sky.com/story/facial-recognition-technology-to-be-rolled-out-nationally-and-police-will-get-ai-support-13499172 FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/ Google Just Updated These Android Theft Protection Features https://lifehacker.com/tech/google-just-updated-these-android-theft-protection-features California city turns off Flock cameras after company shared data without authorization https://therecord.media/california-city-turns-off-flock-cameras-unauthorized-sharing Google cripples IPIDEA proxy network abused by crims https://www.theregister.com/2026/01/29/google_ipidea_crime_network/ Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html Tip of the Week: https://firewallsdontstopdragons.com/agents-of-misfortune/  Further Info TikTok’s Real Privacy Risks: https://internetsafetylabs.org/blog/research/tiktoks-real-privacy-risks/  Private TikTok viewer: https://sticktock.com/  EFF’s Atlas of Surveillance: https://www.atlasofsurveillance.org/  DeFlock: https://deflock.org/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:51: News rundown 0:02:51: WhatsApp encryption questioned 0:11:34: AI toy’s logs exposed 0:16:17: AI app leaks user data 0:19:27: TikTok gets worse for privacy 0:23:52: US demands more visitor data 0:30:41: UK hit by Salt Typhoon 0:33:47: UK proposes more mass surveillance 0:36:51: Lockdown Mode protects WaPo journalist iPhone 0:43:03: New Android anti-theft features 0:45:54: CA town shuts down Flock 0:49:07: Google hobbles bad proxy network 0:52:33: Firefox AI kill switch 0:55:18: Tip of the Week 1:02:08: Wrap-up 1:02:21: Patron podcast preview 1:02:30: Looking ahead

We’re all busy people with busy lives. We only have so much time and energy. So when security people dole out to-do lists, we really need to focus on the tips with the most bang for the buck. Conversely, we need to avoid wasting people’s precious resources on advice that is no longer valid or worth the effort. Today, we’ll debunk several of these “Hacklore” tips with security guru Bob Lord. Interview Notes Hacklore: https://www.hacklore.org/letter  Hacklore resources: https://www.hacklore.org/resources  Elevator (un)safety analogy: https://medium.com/@boblord/psa-elevator-un-safety-7ac69a9498de  DNC Security Checklist: https://democrats.org/security/  CISA Secure by Design: https://www.cisa.gov/securebydesign  MITRE’s 2007 Unforgivable Vulnerabilities (PDF): https://cwe.mitre.org/documents/unforgivable_vulns/unforgivable.pdf  Take 9: https://pausetake9.org/  Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/  EFF security planning: https://ssd.eff.org/module/your-security-plan  Removing online data: https://firewallsdontstopdragons.com/data-diet-introduction/  Generate passphrases with d20 dice! https://d20key.com/#/  Dragon coupons: https://fdsd.me/coupons/  Rafifi (film): https://www.imdb.com/title/tt0048021/  Xkcd password strength: https://xkcd.com/936/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:00:25: Survey, promo wrap-up 0:01:30: Interview setup 0:02:22: Lingo definitions 0:02:52: What drove you to launch Hacklore? 0:07:12: Is this advice truly wrong? 0:11:51: 1) Avoid public WiFi 0:17:38: 2) Never scan QR codes 0:22:43: 3) Never charge devices from public USB ports 0:24:38: 4) Turn off Bluetooth and NFC 0:28:25: 5) Regularly clear cookies 0:32:47: 6) Regularly change passwords 0:38:19: Why do we not have web password standards? 0:44:24: Any bad tips that didn’t make the cut? 0:45:53: WIll Hacklore be regularly updated? 0:46:32: What has been the response to Hacklore? 0:48:08: So what are the actual top security tips? 0:49:56: How do we shift the onus to software makers? 0:53:14: What other resources can you recommend? 0:55:40: What’s next for you? 0:56:53: Wrap-up 1:00:40: Generating passphrases 1:02:00: Accessing show notes 1:03:08: Dragon coupons 1:03:40: Patron podcast preview 1:04:24: Looking ahead

There exist many interesting technical tools which can greatly improve our privacy while still allowing us to use very personal data. In the next installment of my series on Privacy Enhancing Technologies, we’ll look at zero-knowledge proofs – what they are, how they work and what types of privacy problems they can address. Specifically, we’ll show how you can prove that you know a secret without actually revealing the secret. In other news: Florida may be implementing an age-gating law; the UK government is now considering a ban on VPNs; 17 more people browser plugins that steal your data; popular apps used to harvest data using real-time bidding; police unmask millions of surveillance targets due to Flock redaction failures; AI company sued for secretly scoring job seekers; Microsoft gives BitLocker keys to FBI; and the FTC finalizes restrictions on GM car data gathering and sharing. Article Links Oppose Florida’s AI age verification bill, protect your privacy https://www.miamitech.club/oppose-sb-482/ UK government targets VPNs in online safety consultation as Lords vote for ban https://www.techradar.com/vpn/vpn-privacy-security/uk-government-targets-vpns-in-new-online-safety-consultation-as-lords-vote-for-ban If You’ve Installed Any of These 17 Browser Extensions, Delete Them Now https://lifehacker.com/tech/delete-malicious-ghostposter-browser-extensions Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location https://www.wired.com/story/gravy-location-data-app-leak-rtb/ Police Unmask Millions of Surveillance Targets Because of Flock Redaction Error https://www.404media.co/police-unmask-millions-of-surveillance-targets-because-of-flock-redaction-error/ AI Company Eightfold Sued Helping Companies Secretly Score Job Seekers 2026 01 21 https://www.reuters.com/sustainability/boards-policy-regulation/ai-company-eightfold-sued-helping-companies-secretly-score-job-seekers-2026-01-21/ Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/ FTC Finalizes Order Settling Allegations that GM and OnStar Collected and Sold Geolocation Data Without Consumers’ Informed Consent https://www.ftc.gov/news-events/news/press-releases/2026/01/ftc-finalizes-order-settling-allegations-gm-onstar-collected-sold-geolocation-data-without-consumers Tip of the Week: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  Data Privacy Week: https://www.staysafeonline.org/data-privacy-week   HaveIBeenFlocked: https://haveibeenflocked.com/  404 Media FOIA Forum: https://www.404media.co/foia-forum-archive/  NextDNS: https://nextdns.io/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:51: Last call for survey, dragon coin 0:02:17: Winter storm 0:03:14: News preview 0:05:02: Proposed FL age-gating bill 0:11:33: UK government targets VPNs 0:15:42: More malicious browser extensions 0:21:22: Popular apps leaking personal info (again) 0:31:26: Have I Been Flocked? 0:41:37: AI company sued for secretly scoring job seekers 0:46:41: Microsoft give BitLocker keys to FBI 0:56:05: FTC restricts GM from selling car data 0:59:34: Tip of the Week 1:10:49: Wrap-up 1:12:16: Patron podcast preview 1:12:42: Looking ahead

Having data privacy laws are great. But if those laws can’t be practically enforced or your rights easily asserted, they’re not very useful. Modern cars are chock full of sensors, many of which are used to monitor the passengers and collect personal data. But cars are subject to privacy laws, too. Opting out of data collection or requesting data deletion should be straightforward. Andrea Amico and Merry Marwig from Privacy4Cars just completed a massive study on this, and the vast majority of auto brands had horrible user experiences for data management. They will share their findings with us on today’s show. Interview Notes Privacy4Cars: https://privacy4cars.com/  California UX whitepaper: https://privacy4cars.com/ux-california/  Vehicle Privacy Report tool: https://vehicleprivacyreport.com/  Company auto info: https://Privacy4Cars.com/CISO  GDPR auto info: https://Privacy4Cars.com/GDPR  Opt Out Code: https://optoutcode.com/ IoT on Wheels talk: https://instituteofprivacydesign.org/2025/08/11/cars-iot-endpoints-on-wheels-privacy-engineering-technology-education-discussion-peted-recording/  Data Diva car data graphic (slide 16): https://www.nist.gov/system/files/documents/2024/05/15/V3_2024_May_IoTAB%20%20-%20Monroney%20Sticker%20Presentation_Privacy_subteam_compressed%20508.pdf  IoT Advisory Board Report: https://www.nist.gov/system/files/documents/2024/10/21/The%20IoT%20of%20Things%20Oct%202024%20508%20FINAL_1.pdf  Enable Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:14: Intro 0:01:06: Listener survey reminder 0:01:53: Patron promo reminder 0:02:30: Lingo definitions 0:03:14: What’s changed since our last talk? 0:08:15: What data do cars collect? 0:12:56: How could car data affect my insurance rates? 0:15:51: What was the purpose of your recent study? 0:23:01: How do authorized agents work? 0:28:01: How does Opt Out Code work? 0:33:21: What’s the response been to your report? 0:36:13: How do we make car data more obvious? 0:40:23: Does GDPR apply to cars? 0:45:17: What are some other cases to consider? 0:48:45: What’s the EU Data Act? 0:54:08: How do I limit my auto data sharing? 0:56:44: How remove car data before selling? 0:59:56: What’s next for you? 1:01:43: Wrap-up 1:03:25: Enable Global Privacy Control 1:05:24: Patron podcast preview 1:06:52: Looking ahead

AI has many problems, but also has promise. Today I’m going to focus on one particular problem that has some viable solutions: privacy. Chat bots like ChatGPT, Gemini and Claude all require your queries to be processed in the cloud. All the personal questions we ask are probably being logged against our identity and could be used to train future AI models or to present us with targeted ads. But there are alternatives that protect your data – I’ll give you a handful of solid options. In other news: a Texas court has blocked the app store age verification law; Flock’s people-tracking cameras have horrible security; PornHub confirms data leak due to third party; stalkerware maker pleads guilty; Texas sues 5 TV makers over data collection; Wegman’s grocery using facial recognition in NYC; New York’s surveillance pricing transparency law goes into effect; DROP tool debuts in California for deleting broker data; two Chrome extensions caught stealing chat bot session text; ChatGPT rolls out new Health tool. Article Links Judge blocks Texas app store age verification law https://www.theverge.com/news/849752/texas-app-store-accountability-act-age-verification-injunction Flock Exposed Its AI-Powered Cameras to the Internet. We Tracked Ourselves https://www.404media.co/flock-exposed-its-ai-powered-cameras-to-the-internet-we-tracked-ourselves/ PornHub Confirms Premium User Data Exposure Linked to Mixpanel Breach https://thecyberexpress.com/pornhub-data-breach-premium-users/ Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software https://techcrunch.com/2026/01/06/founder-of-spyware-maker-pctattletale-pleads-guilty-to-hacking-and-advertising-surveillance-software/ Texas sues 5 smart TV manufacturers over data collection practices https://therecord.media/texas-sues-5-smart-tv-makers-over-acr-tech Popular grocery store chain uses biometric surveillance on shoppers, raising privacy concerns https://www.aol.com/articles/popular-grocery-store-chain-uses-130056099.html How New York’s Personalized Pricing Law Affects Consumers And Retailers https://www.forbes.com/sites/anishasircar/2025/12/03/new-yorks-algorithmic-pricing-law-what-it-does-and-why-it-matters/ This Tool Deletes Your Info From Data Broker Sites (If You Live in One State) https://lifehacker.com/tech/california-new-data-removal-tool Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users https://thehackernews.com/2026/01/two-chrome-extensions-caught-stealing.html Why I Won’t Be Giving ChatGPT Health My Medical Records https://lifehacker.com/tech/dont-give-chatgpt-health-your-medical-records Tip of the Week: https://firewallsdontstopdragons.com/ai-chat-privacy/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://fdsd.me/promo126  Flock You project: https://github.com/colonelpanichacks/flock-you  Shodan: https://www.shodan.io/dashboard  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro 0:00:36: Listener survey 0:01:24: Dragon coin promo 0:02:11: News rundown 0:04:00: Court blocks Texas app store age check 0:09:52: Flock exposed its AI cameras to internet 0:21:04: Some PornHub user data leaked 0:26:22: Stalkerware maker pleads guilty 0:33:57: Texas sues 5 TV makers over data collection 0:39:39: Wegmans grocery is using facial recognition 0:44:33: NY personalized pricing law goes into effect 0:47:28: CA tool mass-deletes broker data 0:50:49: Two Chrome extensions steal AI chat records 0:54:56: ChatGPT unveils new Health feature 0:58:25: Tip of the Week 1:07:28: Wrap up 1:07:47: Patron podcast preview 1:08:23: Looking ahead

There are a ton of messaging apps on the market – and there are actually quite a few that are very secure and private. I would argue that there is no such thing as a “perfect” secure messaging app. There are several threat models to account for, each with different requirements. Today we’re going to talk about the pros and cons of decentralized messaging with the co-founder of Session, Kee Jeffreys. These messaging apps don’t rely on a set of servers hosted by the provider, but rather on a mesh of nodes run by hundreds or thousands of others. We’ll also discuss the importance of protecting metadata and the notion of “permissionless access”. Session just announced support for key features in the upcoming version 2 of their protocol, including Perfect Forward Secrecy (PFS) and post-quantum encryption. Interview Notes Get the Session app: https://getsession.org/  Session adds PFS, post-quantum crypto: https://getsession.org/blog/session-protocol-v2  xkcd $5 wrench (“Security”): https://xkcd.com/538/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://firewallsdontstopdragons.com/new-patron-promotion/ Generate passphrases using d02’s: https://d20key.com/#/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:12: Promotion teasers 0:01:54: Interview setup 0:03:33: Lingo 0:05:07: Why did you create Session? 0:11:01: How does the location of a company’s HQ matter? 0:18:58: Why do regular people need this level of security? 0:22:01: How does Session work? 0:29:59: Why does permissional account creation matter? 0:35:55: How does Session compare to other apps? 0:45:27: Why didn’t Session have Perfect Forward Secrecy originally? 0:53:50: When will PFS roll out? 0:58:37: How does cryptocurrency factor into Session’s network? 1:03:32: What happens if $SESH price goes way up or way down? 1:07:19: How does Session sustain itself? 1:13:34: Why is private messaging so important? 1:19:49: Wrap-up 1:22:34: Patron podcast preview 1:23:44: New patron promotion 1:27:14: Annual listener survey

Every week, I record a special, private bonus podcast for my patrons. Normally all of that content is restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Yael Grauer (Consumer Reports), Josh Summers (All Things Secured), Lisa LeVasseur (Internet Safety Labs), Josh Corman (UnDisruptable27), Andy Liddell (EdTech Law Center), Carissa Véliz (author, professor), Eamonn Maguire (Proton), Grace Menna & Adrien Ogee (Cyber Resilience Corps). Enjoy! Original Interview Links Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep420: Josh Summers: https://podcast.firewallsdontstopdragons.com/2025/03/17/all-things-secured/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep428: Josh Corman: https://podcast.firewallsdontstopdragons.com/2025/05/12/shelter-from-the-storm/  Ep426: Andy Liddell: https://podcast.firewallsdontstopdragons.com/2025/07/07/defending-student-privacy/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep453: Eamonn Maguire: https://podcast.firewallsdontstopdragons.com/2025/10/27/privacy-focused-ai/  Ep454: Grace Menna & Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Security Planner: https://securityplanner.consumerreports.org/  App Microscope: https://appmicroscope.org/  Take 9: https://pausetake9.org/  Meshtastic: https://meshtastic.org/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  CISA Bad Practices: https://www.cisa.gov/news-events/news/bad-practices-0 Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:03:55: Ep416: Yael Grauer 0:10:51: Ep420: Josh Summers 0:16:36: Ep422: Lisa LaVasseur 0:22:21: Ep428: Josh Corman 0:30:03: Ep426: Andy Liddell 0:35:49: Ep438: Deviant 0:41:55: Ep446: Carissa Veliz 0:47:12: Ep450: Jake Braun 0:52:55: Ep454: Grace Menna & Adrien Ogee 0:55:44: Wrap-up

I’m digging into the vault for a classic interview – a blast from the past! I’ve done 460 episodes over the last nearly 9 years, and some of the best old episodes still hold up well today. I first interviewed Troy Hunt, creator of Have I Been Pwned, in February of 2019. It was Episode 102 and it was entitled “You Must Stop Reusing Passwords”. In this episode we talk a little about the origins of HIBP, password security, data breaches and brokers, and how to keep our accounts secure. I’ve added some new commentary, but the original episode is preserved in all of its glory! Interview Notes Have I Been Pwned? https://haveibeenpwned.com/  NIST updated password guidelines:  https://pages.nist.gov/800-63-4/sp800-63c.html  Proton summary of NIST changes: https://proton.me/blog/nist-password-guidelines  Password haystacks: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  Choosing a strong PIN: https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Using passphrases: https://podcast.firewallsdontstopdragons.com/2021/05/24/how-when-to-use-a-passphrase/  On passkeys: https://podcast.firewallsdontstopdragons.com/2023/05/22/problems-with-passkeys/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:32: Interview setup 0:02:52: What is Have I Been Pwned? 0:05:37: What is a data breach? 0:06:42: Where do you get data breach records? 0:08:18: What is the “dark web”? 0:10:35: How do YOU get breach data? 0:11:43: What were some of the worst data breaches? 0:15:09: Who is behind these breaches? 0:17:03: How often are data brokers hacked? 0:19:47: Is it that hard to protect our data? 0:21:22: Is there no liability for not protecting data? 0:24:16: What about breach disclosure laws? 0:26:00: Do class action lawsuits provide accountability? 0:29:00: How can consumers evaluate a company’s data security? 0:32:35: Is data collection inherently bad? 0:34:43: How can we best use HIBP? 0:36:59: Should sites be rejecting known-bad passwords? 0:39:37: Why do some sites limit the use of special characters? 0:41:50: How up-to-date is HIBP data? 0:44:25: What does registering for notifications do? 0:45:39: What is your “opt out” feature? 0:46:25: Can hackers use HIBP for nefarious purposes? 0:48:16: Any other password advice? 0:50:27: Which services integrate with HIBP? 0:52:19: Wrap-up 0:54:52: New password guidelines 1:01:45: Patron podcast preview 1:02:12: Looking ahead

I’ve had some truly amazing interviews this past year. For your listening enjoyment, I’ve curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you’ve never listened to my podcast, this will give you a taste of what you’re missing! If you’re a regular listener, this will be a fun trip down memory lane, complete with new commentary. You’ll hear from Dr Paul Ashley (CEO/Founder of MySudo), Yael Grauer (Consumer Reports), Weld Pond (L0pht), Lisa LaVasseur (Internet Safety Labs), Zach Edwards (Silent Push), Bruce & Heidi Potter (Shmoocon), Deviant (physical security expert), Cory Doctorow (author, activist, EFF), Monique Priestley (VT State Rep), Carissa Véliz (author, professor), Adrian Ogee (CyberPeace Builders).Enjoy! Original Interview Links Ep414, Dr Paul Ashley: https://podcast.firewallsdontstopdragons.com/2025/02/03/controlling-your-digital-id/  Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep418: Chris Wysopal (Weld Pond): https://podcast.firewallsdontstopdragons.com/2025/03/03/back-to-the-l0pht/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep426: Zach Edwards: https://podcast.firewallsdontstopdragons.com/2025/04/28/riding-the-data-gravy-train/  Ep434: Bruce & Heidi Potter: https://podcast.firewallsdontstopdragons.com/2025/06/23/shmoocon-moose-you-already/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep440: Cory Doctorow: https://podcast.firewallsdontstopdragons.com/2025/08/04/tariffs-vs-ip-law/  Ep442: Monique Priestley: https://podcast.firewallsdontstopdragons.com/2025/08/18/im-just-a-privacy-bill/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep454: Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Best of 2025 blog/podcast: https://firewallsdontstopdragons.com/best-of-2025/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:04:42: Ep414: Dr Paul Ashley 0:09:44: Ep416: Yael Grauer 0:14:27: Ep418: Weld Pond 0:20:58: Ep422: Lisa LeVasseur 0:28:27: Ep426: Zach Edwards 0:34:38: Ep434: Bruce & Heidi Potter 0:38:36: Ep438: Deviant 0:42:51: Ep440: Cory Doctorow 0:51:10: Ep442: Monique Priestley 0:58:28: Ep446: Carissa Veliz 1:05:38: Ep454: Adrien Ogee 1:14:59: Wrap-up 1:15:40: Looking ahead

Way before the world wide web, computer enthusiasts were sharing information via digital bulletin board systems (BBS). This amounted to attaching a modem to your home computer and allowing other people to dial in from their computers (one at a time) to download “textfiles” and share “warez” – or cracked software applications, often games. This scene gave rise to several electronic “zines” that published articles on hacking and phone phreaking techniques. One of the most popular zines, Phrack, was started in 1985 and is still going strong forty years later. Today we’ll discuss the colorful and storied history of this pioneering zine with two Phrack editors, skyper and TMZ. Interview Notes Phrack magazine: https://phrack.org  Phrack Wikipedia page: https://en.wikipedia.org/wiki/Phrack  Hacker Manifesto: https://phrack.org/issues/7/3 Smashing the Stack for Fun and Profit (Aleph One): https://phrack.org/issues/49/14 E911 Document Leak: https://phrack.org/issues/24/5 Texfiles archive: http://www.textfiles.com/  DEF CON: https://www.youtube.com/watch?v=TW-D1I27E08  HOPE: https://www.youtube.com/live/7ZeN53mKhbE?t=26726s  WHY 2025 talk: https://www.youtube.com/watch?v=EtyzTsOtx4A  WHYcast: https://www.youtube.com/watch?v=nwY1q3aEFS0  Cap’N Crunch whistle: https://www.thingiverse.com/thing:3193749  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:31: Interview setup 0:03:13: Lingo definitions 0:05:32: How did Phrack Magazine start? 0:09:14: How did BBS systems give rise to phone phreaking? 0:15:59: How did Phrack compare to other zines? 0:19:35: How do you define “hacker”? 0:25:10: What goes into making an issue of Phrack? 0:30:00: What’s the story behind Phrack’s famous “hacker manifesto”? 0:33:32: Why was your E911 article so controversial? 0:36:27: What does it mean to “smash the stack”? 0:41:41: What are there ethical issues around releasing hacking tools? 0:45:46: Is the original hacker ethos still alive today? 0:50:18: How has hacking evolved in the last 40 years? 0:52:51: How will AI impact hacking? 0:54:24: Wrap-up 0:56:55: Patron podcast preview 0:57:39: Looking ahead

With the holiday season come holiday scams – and honestly, just more scammer activity across the board, in general. People are busy and buying lots of stuff, and it’s a time when we’re more vulnerable to schemes to take our money and infect our devices. Today we’ll talk about a few current scams going around and give some solid advice to avoid becoming a victim. In the news: FCC scraps cybersecurity rules for telcos; WhatsApp flaw exposed 3.5B phone numbers; ClickFix scam update; Border Patrol is monitoring US drivers for ‘suspicious’ travel patterns; a tricky Apple Support scam; USPS and EZ-Pass scams; a cool new tool for monitoring your home network for rogue devices; state and local cyber grant program to be renewed; airlines shut down program that sold your flight records; CA court ends electricity surveillance program; also, a few more holiday gift ideas! Article Links Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies https://techcrunch.com/2025/11/21/despite-chinese-hacks-trumps-fcc-votes-to-scrap-cybersecurity-rules-for-phone-and-internet-companies/ A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/ ClickFix may be the biggest security threat your family has never heard of https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/ Border Patrol is monitoring US drivers and detaining those with ‘suspicious’ travel patterns https://apnews.com/article/immigration-border-patrol-surveillance-drivers-ice-trump-9f5d05469ce8c629d6fecf32d32098cd ‘It made my blood run cold’: scammers are targeting Apple users with this devilishly clever trick – here’s how to stay safe https://www.techradar.com/computing/cyber-security/watch-out-apple-fans-this-scary-scam-is-stealing-personal-accounts-with-real-apple-support-tickets Scam USPS and E-Z Pass Texts and Websites – Schneier on Security https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html Your IP Address Might Be Someone Else’s Problem (And Here’s How to Find Out) https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem Full renewal of state and local cyber grants program passes in House https://therecord.media/state-local-cyber-grants-program-house-passage Airlines Will Shut Down Program That Sold Your Flights Records to Government https://www.404media.co/airlines-will-shut-down-program-that-sold-your-flights-records-to-government/ Victory! Court Ends Dragnet Electricity Surveillance Program in Sacramento https://www.eff.org/deeplinks/2025/11/victory-court-end-dragnet-electricity-surveillance-program-sacramento Best & Worst Gift Guide: https://firewallsdontstopdragons.com/best-worst-gifts-2025/  All my gift guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  Further Info EasyOptOuts 25% discount: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Consumer Reports $10 off: https://www.consumerreports.org/fdsd/  eBay AI settings:  https://accountsettings.ebay.com/ai-preferences My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:01:34: Quick tidbits 0:05:10: News preview 0:07:02: FCC scraps cybersecurity rules for telcos 0:11:02: WhatsApp Flaw Exposed 3.5B Phone Numbers 0:17:47: ClickFix scam 0:24:53: CBP is monitoring US drivers for ‘suspicious’ travel patterns 0:32:12: Clever Apple Support scam 0:38:05: More scams to watch for 0:40:19: Your IP Address Might Be Someone Else’s Problem 0:47:15: State and local cyber grant program to be renewed 0:49:13: Airlines Shut Down Program That Sold Your Flights Records 0:51:40: CA Court Ends Electricity Surveillance Program 0:55:27: Tip of the Week 1:03:53: Looking ahead 1:06:22: Patron podcast previews 1:07:42: Looking more ahead

Holiday shopping season is here! And that must mean that it’s time again for my annual Best & Worst Gift Guide! But this time I’ve recruited some top minds from Consumer Reports to lend their expertise and enlighten us with their tech gift-giving strategies! Yael Grauer, Stacey Higginbotham and Jeff Landale join me for a round table discussion of how to give tech gifts that won’t ruin the security and privacy of your recipients! Interview Notes $10 off Consumer Reports!! https://www.consumerreports.org/fdsd/  Consumer Reports: https://www.consumerreports.org/  Cyber Readiness Report: https://innovation.consumerreports.org/new-report-2025-consumer-cyber-readiness/  Security Planner: https://securityplanner.consumerreports.org/  Vulnerability Disclosure Programs: https://innovation.consumerreports.org/who-ya-gonna-call/  Give Dragon Coupons! https://firewallsdontstopdragons.com/give-the-gift-of-security-and-privacy/  Library Freedom Project: https://libraryfreedom.org/  Yael on spyware and iPhone 17: https://innovation.consumerreports.org/apples-new-iphone-memory-protections-safeguards-devices-against-sophisticated-attacks/  Yael interview (Security Planner): https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Stacey interview (software tethering): https://podcast.firewallsdontstopdragons.com/2024/11/11/cutting-the-software-tether/  iVerify interview: https://podcast.firewallsdontstopdragons.com/2023/11/13/securing-your-smartphone/  Further Info All my Best & Worst guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:15: Intro 0:02:18: What is your tech gift giving philosophy? 0:08:37: What are some worrying tech trends? 0:17:41: What are your tech gift horror stories? 0:22:09: What are your thoughts on giving tech gifts to kids? 0:29:52: What gifts are on your naughty list? 0:42:31: What’s on your nice tech gift list? 0:54:51: How should you handle receiving a bad gift? 1:07:06: Any other hot tips or advice? 1:11:08: What are some great non-tech gifts? 1:17:40: How can Consumer Reports help here? 1:20:39: Wrap-up 1:22:35: Dealing with phone spyware 1:24:35: Newsletter info 1:24:51: IoT vulnerability programs 1:25:04: Give Thanks 1:25:37: Patron podcast preview 1:26:28: Other gift ideas 1:27:27: EasyOptOuts and PayPal 1:28:12: Looking ahead