Firewalls Don't Stop Dragons Podcast

Did you know that Google’s search can track you on a non-Chrome browser, even if you block third party cookies? And did you also know that there’s a gaping privacy hole in web surfing that even a VPN may not fix? Is it possible to defeat browser fingerprinting? In the second half of my interview with Mozilla’s Chief Security Officer Marshall Erwin, we’ll answer these questions and much more. Marshall will give us his personal privacy tips and tell us about some upcoming Firefox features. And perhaps most importantly, he’ll tell us what we can do to support Mozilla and Firefox. Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from pervasive web tracking. Prior to joining Mozilla, Marshall worked in a variety of positions related to technology policy, cybersecurity, and national security more broadly. He began his career in national security, an analyst covering counterterrorism and cybersecurity. He also served as the counterterrorism and intelligence adviser on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service, focusing on National Security Agency surveillance programs and legislative changes to FISA statute. Marshall is a current Non-Residential Fellow at Stanford Law School’s Center for Internet & Society. Further Info: Download the Firefox browser: https://www.mozilla.org/en-US/firefox/new/ Donate to Mozilla Foundation: https://donate.mozilla.org/en-US/ Pre-order the 4th edition of my book: https://www.amazon.com/gp/product/148426188 Enter my book giveaway! http://bit.ly/firewalls4

If you really care about online privacy, you can’t use Google’s Chrome browser. Google is an advertising company. Everything else they do is in support of that core business. If you want a secure, fast browser that is actually focused on protecting your privacy, you want to be using Mozilla’s Firefox browser. Today I’ll be speaking with Mozilla’s Chief Security Officer, Marshall Erwin. We’ll trace Firefox’s heritage back to the stalwart Netscape Navigator and then dive into the ugly world of ubiquitous web tracking, by both governments and corporations. Are we really going dark? Why is privacy important? Are targeted ads really worth that much more than “dumb” ads? Marshall Erwin is the Chief Security Officer at the Mozilla Corporation, where he leads teams responsible for protecting Mozilla and its users. He also drives policy initiatives on encryption, government vulnerability disclosure, malicious online content, and online political advertising, as well as product initiatives to protect people from pervasive web tracking. Prior to joining Mozilla, Marshall worked in a variety of positions related to technology policy, cybersecurity, and national security more broadly. He began his career in national security, an analyst covering counterterrorism and cybersecurity. He also served as the counterterrorism and intelligence adviser on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service, focusing on National Security Agency surveillance programs and legislative changes to FISA statute. Marshall is a current Non-Residential Fellow at Stanford Law School’s Center for Internet & Society. Further Info: Firefox browser: https://www.mozilla.org/en-US/firefox/new/ Donate to Mozilla Foundation: https://donate.mozilla.org/en-US/ Pre-order the 4th edition of my book: https://www.amazon.com/gp/product/1484261887

Epic – the maker of the massively popular game Fortnite – has thrown down the proverbial gauntlet. It has decided that it no longer wishes to cut Apple in for 30% of its profits… Which is exactly what all app developers do – and have explicitly and contractually agreed to do – in return for using Apple’s platform, tools, software development kits, and security testing. Apple provides this and access to billions of users. Microsoft, Sony and Google charge the same 30% in their app stores. But Epic claims that Apple’s cut is too much, and has deliberately picked a legal fight with Apple (and Google) to try to get more favorable terms or be allowed to run a private Epic store. It’s complex and nuanced, but I’ll wade into the muddy and turbulent waters on today’s show. In other news: There’s a tricky new Outlook email phishing scam going around, Jack Daniels has been hacked and asked to pay millions in ransom, Google had a big outage, your location data is for sale to corporations as well as government agencies (bypassing the need for court orders and warrants), and I’ll cover a couple interesting Android security stories from the recent DEFCON and BlackHat security conferences. Further Info: Scan suspicious files online: www.virustotal.com

Can Facebook or Google really promise to keep your data private in this era of mass surveillance by the likes of the NSA and GCHQ? Max Schrems doesn’t think so, and he’s convinced the EU Court of Justice of the same thing. There’s no way to protect user data when intelligence agencies are hoovering up all our communications and storing them on massive server farms forever. In part 2 of my chat with EFF’s Danny O’Brien, we’ll talk about the two Shrems cases in the EU and what the recent ruling against Privacy Shield will mean for all of us. Danny O’Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped found the Open Rights Group, Britain’s own digital rights organization. He was EFF’s activist from 2005 to 2007, its international outreach coordinator from 2007-2009, and international director from 2013-2019. He now supervises EFF’s medium and long-term strategy, with an eye to maintaining the organization’s global impact and reputation. Further Info: EU Court Again Rules That NSA Spying Makes U.S. Companies Inadequate for Privacy: https://www.eff.org/deeplinks/2020/07/eu-court-again-rules-nsa-spying-makes-us-companies-inadequate-privacy None of Your Business: https://noyb.eu/en  Donate to EFF: https://supporters.eff.org/donate/join-eff-today

What good are privacy laws when we all know that intelligence agencies don’t play by the rules? How can any company promise to keep our data safe when we know that agencies like the NSA and GCHQ are hoovering it all up? That’s the essential argument behind the Max Schrems cases at the European Court of Justice. And the EU court agrees. In part 1 of my interview with EFF’s Danny O’Brien, we’ll talk about how we got here and how the parallel development of data mining and mass surveillance led us to these (successful) court challenges. Danny O’Brien has been an activist for online free speech and privacy for over 20 years. In his home country of the UK, he fought against repressive anti-encryption law, and helped found the Open Rights Group, Britain’s own digital rights organization. He was EFF’s activist from 2005 to 2007, its international outreach coordinator from 2007-2009, and international director from 2013-2019. He now supervises EFF’s medium and long-term strategy, with an eye to maintaining the organization’s global impact and reputation. Further Info: EU Court Again Rules That NSA Spying Makes U.S. Companies Inadequate for Privacy: https://www.eff.org/deeplinks/2020/07/eu-court-again-rules-nsa-spying-makes-us-companies-inadequate-privacy Donate to EFF: https://supporters.eff.org/donate/join-eff-today

When most people think of protecting their computers, they think of antivirus software. Viruses are a real problem, of course, but how well do antivirus (AV) apps protect you? And are there any downsides to using AV software? Turns out there are plenty – so many that the cons probably outweigh the pros for most people, on Apple Mac or on Windows PC. Don’t believe me? Listen to this show and then decide. In other news: Google is finally bringing its Google One storage app to iOS, but don’t use it; Netgear has declared that at least 45 of their highly vulnerably routers will never be fixed; and if you’ve purchased anything from Amazon, you have a public profile – and you should review what others can see about you. Further Info: Cryptomator: https://cryptomator.org/ Sync.com secure cloud storage Netgear routers you should get rid of: https://www.tomsguide.com/news/netgear-routers-no-fixes My “pros & cons of AV” article: https://firewallsdontstopdragons.com/the-pros-and-cons-of-anti-virus-software/

Last week, Twitter was massively hacked – apparently just to launch a Bitcoin scam (though that story is still developing). Famous people’s accounts were taken over, including Joe Biden, Barack Obama, Bill Gates, Elon Musk and several popular brand name accounts. (President Trump’s account was not taken over due to enhanced security measures.) But beyond the details of the hack, we need to look at the bigger picture and what this hack should be telling us about these totally unregulated social media giants with zero accountability. We’ll dig into that in today’s show. In other news: account credential dumps have significantly increased on the dark web, including over 140 million MGM Resort creds; Windows 10 suffers another maddening bug, but there’s a workaround; Signal has stirred up a lot of controversy with a recent change; a massive wifi router study revealed widespread security problems; and I’ll go over some of the cool new privacy features coming in iOS 14 and macOS Big Sur. Further Info: Windows 10 “No Internet Connection” workaround: https://lifehacker.com/how-to-fix-windows-10s-latest-no-internet-connection-bu-1844458254 Fraunhofer Institute router security report: https://github.com/fkie-cad/embedded-evaluation-corpus/blob/master/2020/FKIE-HRS-2020.md

In the second part of my interview with Renee Dudley from ProPublica, we delve into the cyber insurance and ransomware incident response industries, including how some of these companies are being less than forthcoming about their services. In fact, it appears that several “incident response” companies are simply paying the ransom and then charging companies a fee on top of that. We’ll talk about how cyber insurance works and how to decide whether or not it’s for you. And Renee will also give us some tips on choosing an incident response firm and what red flags to watch out for. Renee Dudley is a tech reporter at ProPublica. Before joining ProPublica in 2018, she was a member of the enterprise team at Reuters, where she reported extensively on issues with college-entrance exams. Before joining Reuters in 2015, she worked as a reporter in New York for Bloomberg News and in South Carolina for The (Charleston) Post and Courier and The (Hilton Head) Island Packet. At Bloomberg, she uncovered questionable accounting and unauthorized sales practices at Walmart Inc. In Charleston, her reporting led to the indictment and resignation of South Carolina’s most powerful politician. She received the Society of Professional Journalists’ Pulliam Award in 2010 for her work upholding First Amendment rights while reporting for The Island Packet. Further Information: ProPublica on ransomware: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks Mike Gillespie to the rescue: https://www.propublica.org/article/the-ransomware-superhero-of-normal-illinois ID Ransomware: https://id-ransomware.malwarehunterteam.com/ No More Ransom: https://www.nomoreransom.org/ Bleeping Computer: https://www.bleepingcomputer.com/

Unless you’ve been living under a rock, you know that ransomware is one of the most common and most lucrative cybersecurity rackets today. But despite all the press, ransomware is massively under-reported because companies don’t want bad press. And in most cases, unless it can be proven that data was actually stolen, companies are under no legal obligation to inform the data subjects (you) of these hacks. In part one of my interview with Renee Dudley from ProPublica, we’ll discuss the current state of the ransomware problem and the emergence of cyber insurance and incident response companies to deal with the threat and recover from attacks. And we’ll also see that not all players are above board about what they do. Renee Dudley is a tech reporter at ProPublica. Before joining ProPublica in 2018, she was a member of the enterprise team at Reuters, where she reported extensively on issues with college-entrance exams. Before joining Reuters in 2015, she worked as a reporter in New York for Bloomberg News and in South Carolina for The (Charleston) Post and Courier and The (Hilton Head) Island Packet. At Bloomberg, she uncovered questionable accounting and unauthorized sales practices at Walmart Inc. In Charleston, her reporting led to the indictment and resignation of South Carolina’s most powerful politician. She received the Society of Professional Journalists’ Pulliam Award in 2010 for her work upholding First Amendment rights while reporting for The Island Packet. Further Information: ProPublica on ransomware: https://www.propublica.org/article/the-extortion-economy-how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks Mike Gillespie to the rescue: https://www.propublica.org/article/the-ransomware-superhero-of-normal-illinois ID Ransomware: https://id-ransomware.malwarehunterteam.com/ No More Ransom: https://www.nomoreransom.org/ Bleeping Computer: https://www.bleepingcomputer.com/

TikTok is the hot new social media service (Snapchat and Instragram are so last year), particularly in Asian countries like India. But India just banned this and several other apps from China over privacy concerns – and I have a feeling they won’t be the last. The TikTok app was just revealed to be copying the user’s clipboard contents every few seconds for some completely unknown reason (and TikTok’s explanation was lame). While it has supposedly “fixed” this, another researcher claims to have reverse engineered the TikTok app and found that it’s pulling all sorts of other user data – enough to put Facebook and Google to shame. Short answer? Delete this app. And there’s a ton of other news this week: Zoom changes course on end-to-end encryption for free users, with a couple catches; I have more info on the recent Netgear router vulnerability affecting dozens of their products; Adobe Flash will be erased from the Earth by year’s end; Oracle’s BlueKai data mining subsidiary left a ton of personal data exposed with no password; Sen. Sherrod Brown (D-Ohio) has a wonderful privacy proposal that will probably never pass Congress; new Mac malware uses a trick to get around Apple’s app security; Microsoft shoves its new Edge browser down its users’ virtual throats; and Comcast is the first ISP to qualify for Mozilla’s Trusted Recursive Resolver program (DNS over HTTPS) and might switch out Cloudflare without asking you. Further Info: Netgear router fix info: https://bit.ly/netgear-fix https://bit.ly/netgear-passwords Humble Bundle – LAST CHANCE! https://www.humblebundle.com/books/protect-your-stuff-apress-books

In the second half of my interview with Eduard Goodman and Adam Levin from Cyberscout, we discuss the privacy aspects of our new work- and learn-from-home reality. How much privacy should you really expect? What are your legal rights? What should we beware of when using a single device for both work and personal things? How much should companies be willing to spend to make sure their employees and intellectual property are well protected while working from home? How do we avoid, as a democracy, giving up too much privacy with hopes it will make us more secure? Will we ever get that privacy back? We discuss all of this and much more! Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. He is also the author of the book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Further Info: CyberScout: https://www.cyberscout.com/en My Apress Humble Bundle: https://www.humblebundle.com/books/protect-your-stuff-apress-books Patreon: https://www.patreon.com/FirewallsDontStopDragons

Today I speak with not one but two experts on security and privacy to get their insights, stories and tips on staying safe from scammers and hackers in our new COVID19 pandemic reality. These guys have dealing with cyber incidents every day and bring some unique perspectives. In some ways, it’s same stuff, different day; but the pandemic, economy woes and general civil unrest have given the bad guys some fertile material for working their craft. Eduard Goodman is the Chief Legal Counsel and Global Privacy Officer for CyberScout, a global leader in identity theft resolution, data defense and employee benefits services. An internationally trained attorney and data protection expert, Goodman has more than twenty years of experience in global privacy law and cybersecurity. Adam Levin is a consumer advocate with more than 30 years of experience in security, privacy, personal finance and many other things. He is the former director of the New Jersey Division of Consumer Affairs and current chairman and founder of CyberScout. He is also the author of the book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Further Info: CyberScout: https://www.cyberscout.com/en My Apress Humble Bundle: https://www.humblebundle.com/books/protect-your-stuff-apress-books Patreon: https://www.patreon.com/FirewallsDontStopDragons

With the US general election just over 20 weeks away and no vaccine in sight for the coronavirus, it’s time to think very seriously about how you’re going to vote. Even if you think you want to vote in person this November, you should have a backup plan: voting by mail. This means that you’ll need to register for an absentee ballot – and the sooner you do so, the better prepared your state and county will be. I’ll tell you everything you need to know to get your absentee ballot. In other news: Microsoft, IBM and Amazon have taken very welcome steps to curbing the use of facial recognition for law enforcement purposes; the FBI is once again warning us about banking hacks, this time related to mobile apps; the Brave browser was busted “accidentally” trying to cash in on your browsing; Google is being sued for $5B over its Chrome browser tracking while in incognito mode; and Zoom is rolling out full end-to-end encryption on its video conferencing solution… if you’re willing to pay. Further Info: Get your absentee ballot: https://www.vote.org/ Support election reform: https://www.verifiedvoting.org/ Support fair and open voting: https://fairfight.com/ Vote at home: https://www.voteathome.org/

We’ve established that we have a high speed internet access problem – now what can we do about it? In part 2 of my interview with the EFF’s Ernesto Falcon, we’ll talk about how broadband fiber-based internet is a critical piece of national infrastructure, not unlike the highway system. It enables and supports industry and innovation, and ubiquitous access would greatly increase our ability to learn and work remotely. We talk about the politics and economics behind all of this, including some interesting solutions involving both the government and private corporations. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the country in response to federal repeal efforts, as well as leading EFF’s research and advocacy to promote universally available, affordable, and competitive fiber broadband networks. Further Info: Electronic Frontier Foundation: https://www.eff.org/ Why cable companies hate California’s SB1130 bill: https://www.eff.org/deeplinks/2020/05/why-cable-companies-oppose-californias-universal-fiber-effort-sb-1130

The COVID-19 era has exposed several weaknesses in American infrastructure and exacerbated the gulf between the haves and the have-nots. Perhaps nowhere is this more evident than the digital divide: access to high speed internet. While much of the country was able to work and learn from home, for too many communities this was simply not an option due to poor or non-existent broadband access. In today’s show, Ernesto Omar Falcon from the EFF explains the political and economic reasons we got into this mess. Ernesto Falcon is Senior Legislative Counsel at the Electronic Frontier Foundation with a primary focus on intellectual property, open Internet issues, broadband access, and competition policy. He represents EFF’s advocacy, on behalf of its members and all consumers, for a free and open Internet before state legislatures and Congress. Ernesto’s work includes pushing the state of California to pass the strongest net neutrality law in the country in response to federal repeal efforts, as well as leading EFF’s research and advocacy to promote universally available, affordable, and competitive fiber broadband networks. Further Info: Electronic Frontier Foundation: https://www.eff.org/ Why cable companies hate California’s SB1130 bill: https://www.eff.org/deeplinks/2020/05/why-cable-companies-oppose-californias-universal-fiber-effort-sb-1130

The FBI is once again trash-talking Apple for not helping them in their investigation of a terrorist – this time, the alleged perpetrator of the Pensacola shooting. However, like the San Bernardino shooting a few years ago, Apple has actually done everything in its power to aid law enforcement. The issue is the “in its power” part. The FBI and DOJ would prefer that Apple (and therefore they) would have more power to unlock and decrypt iOS devices. We’ll discuss this and a recent ruling against the FBI in another phone-related case. In other news: the Senate narrowly defeated a bill amendment that would protect your web history from government surveillance; 83% of users store their passwords in their heads (meaning their passwords suck); Firefox will soon tell you when sign-up forms are truncating your long passwords; Microsoft warns of a nasty new COVID-19-related phishing scheme that can take over your entire computer; and secure messaging app Signal has added a new security PIN to protect your account and make transferring to a new device easier.

Intel created the Thunderbolt protocol to give us blazingly fast data transfer and other interesting features. Thunderbolt usually comes with the newer USB-C ports, common on laptops, especially Macbooks. Unfortunately, researchers have found a major flaw affecting all computers that will allow bad guys to gain access to your computer in just a few minutes with a few hundred dollars of common equipment. Most computers built in 2019 and later are capable of blocking this attack, but not many have implemented it. Apple computers are safe, unless they’re in Bootcamp mode running Windows or Linux. I’ll go over the details of this “evil maid” attack and provide several tips for securing your computers. In other news: Mozilla is adding a couple cool new privacy features to Firefox; Microsoft is rolling out some security and privacy in its coming May release; Google Authenticator finally provides a way to transfer accounts (sorta); Clearview AI is quickly backpedaling is data collection on Illinois residents; and Bruce Schneier explains why the Apple/Google contact tracing app will be basically useless. Further Info: My Duke OLLI lecture on COVID19 scams and privacy: https://duke.zoom.us/rec/share/-pFnFpPwz31LZ9Lg72CPX58rIdTaX6a82ncZ_qAKnn7ycTkgCcknURAXsgLmOR0

In part two of my interview with Malwarebyte’s David Ruiz, he tells us how to avoid the scams we discussed last week. And then we move on to discuss the potentially serious privacy issues that could come from the emerging surveillance regimes, designed to help us curb the spread of the coronavirus. David Ruiz is a content writer for Malwarebytes, covering online privacy, cybersecurity, and the laws – and proposed legislation – that regulate how data is stored, shared and accessed. He previously worked for Electronic Frontier Foundation, where he wrote and analyzed policy about NSA surveillance, encryption, and cross-border data transfer. Further Info: Malwarebytes blog: https://blog.malwarebytes.com/author/davidruiz/ Malwarebytes antivirus: https://www.malwarebytes.com/for-home/products/ Malwarebytes “Lock and Code” podcast: https://podcasts.apple.com/us/podcast/lock-and-code/id1500049667

In times of great fear and anxiety, we need to be especially vigilant against snail oil salesmen. Never letting a good crisis go to waste, the bad guys are capitalizing on the chaos to lure us into downloading malware and buying fraudulent (or even harmful) advice and products. In part one of my interview with Malwarebyte’s David Ruiz, we talk about the explosion of COVID-19-related phishing scams and malware campaigns, including tips on how to avoid being a victim. David Ruiz is a content writer for Malwarebytes, covering online privacy, cybersecurity, and the laws – and proposed legislation – that regulate how data is stored, shared and accessed. He previously worked for Electronic Frontier Foundation, where he wrote and analyzed policy about NSA surveillance, encryption, and cross-border data transfer. Further Info: Malwarebytes blog: https://blog.malwarebytes.com/author/davidruiz/ Malwarebytes antivirus: https://www.malwarebytes.com/for-home/products/

Every time there’s a data breach at a company or service where you do business, there’s a chance that the bad guys will reverse engineer your password. And once they do that, they will almost surely try to use that email and password combination to log into dozens of other sites – a hacking technique called credential stuffing. And why do they do this? Because they know most people reuse the same password over and over again. Troy Hunt has created a free service called “Have I Been Pwned” that collects information from all of these breaches so that we can find out whether our email address has been included in any of these hacks. I originally interviewed Troy over a year ago on the topic of database breaches and how to protect yourself against them, and sadly this is just as relevant today as it was then. So I brought this back as an encore performance! Troy Hunt is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. You’ll regularly find Troy in the press talking about security and even testifying before US Congress on the impact of data breaches. Further Info HaveIBeenPwned.com Ethics of running a data breach search service: https://www.troyhunt.com/the-ethics-of-running-a-data-breach-search-service/ Authentication evolved: https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/

The bad guys are having a field day with all the coronavirus hubbub, using our fears and anxieties to trick us into clicking bad links, downloading infected files, or installing malware. While the topic is new, the techniques are the same: phishing. Using cleverly disguised emails and text messages, bad guys trick us into giving up credit card and social security numbers, login credentials, and other sensitive information. In today’s show, I’ll give you several ways to spot these scams. In other news: a new massive data breach contains records on 1.2 billion people; Microsoft released a new version of Windows Defender which is broken for some people; there’s been an attack on some Linksys routers; and as if regular ransomware wasn’t bad enough, the bad guys are now using a new “double extortion” tactic that really puts you in a bind. Further Info: Flatten the Curve Summit: https://flattenthecurve.tech/

As health services and society in general struggle to cope with the coronavirus pandemic, people are desperately seeking new and inventive ways to curb the spread of the disease. A tried and true tool of epidemiologists is contact tracing: interviewing infected subjects in order to create lists of people they’ve had contact with in recent days and weeks. But people’s memories are notoriously sketchy and they may not even know all the names, let alone contact information. Google and Apple have united to propose a technical solution. Android phones and iPhones will silently record anonymous identifiers of every other device they come near, in hopes of eventually notifying those device owners if a person later tests positive for COVID-19. But doing this in a way that preserves privacy and resists mass surveillance is difficult. I’ll walk through the technical and social implications of their proposal. In other news: Zoom is working hard to fix their privacy and security issues (and repair their reputation); bad guys are capitalizing on Zoom’s popularity to trick users into installing malware along with the app; smart locks can actually be pretty stupid (and insecure); and now that we’re all working from home, it’s a good time to review standard security practices to keep your company’s data and devices secure. (And by the way, this is good practice for your personal stuff, too.) Further Info: Remote working security checklist: https://doist.com/blog/security-checklist-remote-workers/ VeraCrypt hard drive encryption app: https://www.veracrypt.fr/

During our global COVID-19 self-quarantining, video conferencing usage has exploded. I’ve tried to find hard statistics, but they’re rising so fast that anything I post now will be stale tomorrow. That said, I’ve seen usage growth figures as high as 400%. And since we’re all staying home now (right?), video chatting is a great way to get some some social time with friends and family. But many of the most popular video chat services are lacking in security, privacy, or both (I’m looking at you, Zoom). I’ll give you a handful of good options that are all end-to-end encrypted. In other news: over 12,000 Android apps were found to have some sort of backdoor; Cloudflare introduces 1.1.1.1 for Families; Marriott announces yet another major data breach; Google is using its vast hoard of location data to track our social distancing success (or failure); EFF issues some timely warnings about guarding our civil liberties when responding to this crisis; and the FBI is warning us to watch out for coronavirus-related scams. Further Info: Zoom alternatives and online gaming: https://firewallsdontstopdragons.com/secure-private-zoom-alternatives/ Flatten the Curve Summit: https://flattenthecurve.tech/ 1.1.1.1 for Families: https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

Wouldn’t it be nice if privacy wasn’t an afterthought? What if user privacy was built in from the get go? What if the entire design assumed that you didn’t want anyone selling your data – and respected those wishes? That’s the world of Privacy by Design – a concept pioneered in the mid-1990’s by Dr. Ann Cavoukian. This may seem like an unattainable Utopian future, but Ann’s infectious optimism may just convince you otherwise. Adding privacy doesn’t mean sacrificing security or functionality, if done properly. Today we discuss the concepts of Privacy by Design and how we can achieve it. Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. Further Info: Global Privacy & Security: https://gpsbydesigncentre.com/about-us/ Fight the EARN IT Act: https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill

Never let a good crisis go to waste. Though normally applied to politics, it can be equally applied to opportunistic cyber criminals. With the world transfixed by and anxious about this nasty virus, bad guys are seizing on our fears to make a quick buck. From ransomware-laden virus tracking apps to actually threatening to infect families directly with the actual virus, COVID-19 is becoming a gold mine for unscrupulous hackers. We need to be extra vigilant and warn our loved ones to do the same. In other news… connected cars are tapping into your driving data to make more money; a $3 robot lawyer can help you exercises your CCPA rights; the Brave browser will be implementing some novel fingerprinting protections; Firefox had created a privacy container for Facebook; and not to miss a good crisis, the US government is looking to weaken our civil liberties in the name of virus tracking.

In part 1 of this interview, Hayley Tsukayama walked us through the details of the new California Consumer Privacy Act (CCPA). In part 2, we discuss how this law will affect many of us who are not California residents and how it’s influencing potential legislation in other states and even at the federal level. We also discuss how CCPA can synergize with other state laws and be used as a tool for journalists to expose data brokers to the light of scrutiny. Hayley Tsukayama is a legislative activist for the Electronic Frontier Foundation, focusing on state legislation. Prior to joining EFF, she spent nearly eight years as a consumer technology reporter at The Washington Post writing stories on the industry’s largest companies. Hayley has an MA in journalism from the University of Missouri and a BA in history from Vassar College. She was a 2010 recipient of the White House Correspondents’ Association scholarship. Further Info Donate to the EFF: https://supporters.eff.org/donate/ Robot Lawyer to sue data hoarders: https://fortune.com/2020/03/05/delete-location-data-privacy-personal-information-donotpay/ My book is on sale for $18: https://www.apress.com/us/book/9781484238516

On January 1st, 2020, the California Consumer Privacy Act (CCPA) went into effect. While not perfect, the CCPA is a landmark piece of legislation for the United States, even though legally it only protect California residents. I will dig into the details of this bill – both the good and the bad – in part one of my delightful interview with Hayley Tsukayama from the EFF. Hayley Tsukayama is a legislative activist for the Electronic Frontier Foundation, focusing on state legislation. Prior to joining EFF, she spent nearly eight years as a consumer technology reporter at The Washington Post writing stories on the industry’s largest companies. Hayley has an MA in journalism from the University of Missouri and a BA in history from Vassar College. She was a 2010 recipient of the White House Correspondents’ Association scholarship. Further Info Donate to the EFF: https://supporters.eff.org/donate/ Robot Lawyer to sue data hoarders: https://fortune.com/2020/03/05/delete-location-data-privacy-personal-information-donotpay/

A few weeks ago, the New York Times published a bombshell article about a small startup called Clearview AI who was using a massive database of three billion faces scraped from several social media sites to offer a creepy facial recognition app. Just one snapshot of some stranger’s face could immediately identify that person – not just name, but potential location, age, other images, social media pages, and even a list of friends and family. Clearview claimed to only sell this service to law enforcement agencies, mostly in the US and Canada. However, this week Buzzfeed News obtained the company’s client list, and it contained several non-law enforcement agencies and dozens of clients outside of North America. In other news: the latest Windows 10 update has caused many serious problems; leaked documents show how big companies are buying our credit card data; up to a billion WiFi devices have a critical security bug; the FCC says it will fine the four big US cellular carriers $200M for selling your location data; and several news bits about browsers: Brave, Chrome and Firefox. Further Info: The Secretive Company That Might End Privacy as We Know It: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html Public DNS providers supporting DNS over HTTPS: https://github.com/curl/curl/wiki/DNS-over-HTTPS WaPo: The Intelligence Coup of the Century: https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ WNCU Livestream (Sun Mar 8, 6:30pm ET): http://www.wncu.org/listen-live/ The Measure of Everyday Life podcast: https://podcasts.apple.com/us/podcast/the-measure-of-everyday-life/id956844695

it’s not cheap or easy to get your iPhone repaired – largely because there’s not a lot of real competition in the iPhone repair market. That’s no accident. Owners of modern John Deere tractors have really only one option: John Deere. Why? There’s no good technical reason. There’s really no good legal reason either, but laws like the Digital Millennium Copyright Act (DMCA) and the Computer Fraud and Abuse Act (CFAA) have been abused to give these companies inordinate say over who can perform repairs on their products. In part 2 of my interview with the EFF’s Cory Doctorow, we discuss the right to repair and wrap up our overall discussion with possible solutions and action items for the concerned consumer. Cory Doctorow is a science fiction author, activist, journalist and blogger. He’s the author of several novels including HOMELAND, LITTLE BROTHER and WALKAWAY. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Further Info: Adversarial Interoperability: https://www.eff.org/deeplinks/2019/10/adversarial-interoperability Donate to EFF: https://supporters.eff.org/donate Electronic Frontier Alliance: https://www.eff.org/fight

Here’s a riddle for you: when does something you paid good money not actually belong to you? Answer: when that device is part of the Internet of Things. Why? Because without the express permission and continued support of the company that sold you that device, it becomes a worthless piece of junk. All of our modern “smart” devices are inextricably tied to their cloud-based services and automatic software updates. In part 1 of my interview with Cory Doctorow, we’ll talk about how we got into this situation, including several shocking examples. Cory Doctorow is a science fiction author, activist, journalist and blogger. He’s the author of several novels including HOMELAND, LITTLE BROTHER and WALKAWAY. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Further Info: Adversarial Interoperability: https://www.eff.org/deeplinks/2019/10/adversarial-interoperability Donate to EFF: https://supporters.eff.org/donate

It’s that time of year again: tax time! And that means it’s also time for tax scams. I’ll give you some tips on how to avoid them, and also help you find the real “Free File” versions of your favorite online tax filing software. In other news: a German man fooled Google Maps with a wagon full of phones; Hue smart bulbs patched a serious vulnerability; Ring doorbell offers more security and privacy controls; a nasty Android Bluetooth vulnerability found and fixed; extracting data from a computer using screen brightness; and the US government’s use of third-party location trackers. Further Info ProPublica interview on history of Free File: http://podcast.firewallsdontstopdragons.com/2020/01/13/why-free-file-isnt-free/ Free File: https://firewallsdontstopdragons.com/how-to-really-free-file-your-taxes/ Avoid tax scams: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/ Winston Privacy: https://winstonprivacy.com/

We install antivirus software to protect us, not exploit us. Like a bodyguard, AV programs needs full, unfettered access to everything in order to properly do the job. That requires complete and absolute trust. And probably a non-disclosure agreement. Unfortunately, antivirus software doesn’t offer you an NDA promise. Avast, the maker of one of the top five AV software applications, has recently been shown to collect and sell entensive customer information to third parties. While they claim to anonymize the data, it’s often easy to re-identify people when correlating this data with other databases. Thanks to some reporting by Vice and PCMag, Avast is shutting down this lucrative side business after a serious backlash. I’ll tell you how you can mitigate your exposure to rampant data sharing. In other news, Sonos angers many long-time customers by declaring an end to supporting older devices; over 250M customer records have been exposed on five public servers with zero protections for about 14 years; Clearview, the company boasting a database of 3B face photos, has come under fire from social media companies and the US Congress; iOS 13 and Android 10 location privacy restrictions have dropped location tracking by nearly 70%; and Mozilla has banned almost 200 plugins for tracking users and violating its malware policies.

Happy Data Privacy Day! My guest today is none other than Bruce Schneier: world renowned security guru and author of several great books, including the Data and Goliath and Click Here to Kill Everybody! Bruce and I discuss the current state of data privacy and what it’s going to take to rein in the corporations that are buying and selling our data with abandon. Bruce Schneier is an internationally renowned security technologist Bruce Schneier has authored over one dozen books–most recently Click Here to Kill Everybody–and hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and his blog Schneier on Security are read by over 250,000 people. Further Information: Transcript of my interview with Bruce Schneier: http://podcast.firewallsdontstopdragons.com/wp-content/uploads/2019/01/Ep100-interview.txt Data Privacy Day Checklist: https://firewallsdontstopdragons.com/data-privacy-day-checklist/

A small company has amassed over 3 billion online photos from social media and other public sources, creating perhaps the largest facial database in existence – far larger than even the FBI’s database. The images are often connected to a person’s full name, address, and people they know. The company, called Clearview, has sold access to this database to over 600 law enforcement agencies, allowing them to quickly identify someone from a single picture. While this has allowed them to solve several cases, it also means that we have basically lost the ability to be anonymous in public. There are no rules around this – but there need to be. In other news, if you haven’t updated Windows in the last week, you need to do it right now; same goes for Internet Explorer (though you should really just switch to Firefox); Apple and FBI are once again facing off over iPhone encryption; the vast majority of modern cable modems are vulnerable to a devastating hack; and for at least this year, you shouldn’t abbreviate with just “20” on anything important. Further Info: NY Times article on Clearview: https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html Sandboxie: https://www.sandboxie.com/ VirtualBox: https://www.virtualbox.org/ CableHaunt: https://cablehaunt.com/

The IRS already knows what I made, what taxes I’ve paid, and even what my mortgage interest was last year. Why do I have to fill out tax forms? Turns out there’s a very specific reason, and you’re not going to like it. At the turn of the century, tax preparers like TurboTax and H&R Block negotiated a deal with the US government that prevented this very thing. In exchange, these tax companies agreed to offer a “Free File” online tax program for most tax filers. But while perhaps honoring the letter of that agreement, they used dark patterns and other subtle psychological tricks to push tax payers into pricey, unnecessary tax applications. Justin Elliott from ProPublica will explain the sordid history of “free” online tax preparation and the cat-and-mouse game companies like Intuit (maker of TurboTax) have been playing with regulators. Justin Elliott has been a reporter since 2012 with ProPublica, where he has covered money and influence in the Obama and Trump administrations, the American Red Cross and TurboTax maker Intuit. He has produced stories for outlets including The New York Times and National Public Radio, and his work has spurred congressional investigations and changes to federal legislation. Further Info: ProPublica Free File stories: https://www.propublica.org/series/the-turbotax-trap IRS official Free FIle site: https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free How to file for free: https://www.propublica.org/article/how-to-file-state-federal-taxes-free-2020

It’s not too late! You can still snag a free upgrade to Windows 10 from Microsoft. If you’re still running Windows 7, it’s time to avail yourself of this offer. Microsoft is ending support for Windows 7 on January 24, 2020. That means that you will no longer get software updates – in particular, security fixes. The official offer to upgrade to Windows 10 at no cost supposedly ended in July 2016, but Microsoft still offers a legitimate way to upgrade for free. I’ll tell you how. In other news, cybersecurity experts are on the alert following our lethal attack on a senior Iranian military figure, Facebook was again caught using your two-factor authentication mobile number for non-security purposes, there’s another massive leak of Facebook user data, Amazon blames its customers for Ring device hacks, a bug in GPS watches allows anyone to track your location, and the new California Consumer Privacy Act (CCPA) goes into effect. Further Info: Spread the Word: https://firewallsdontstopdragons.com/spread-the-word/ New Year’s Resolutions: https://firewallsdontstopdragons.com/2020-new-years-resolutions/ Upgrade to Win10 for free: https://www.zdnet.com/article/heres-how-you-can-still-get-a-free-windows-10-upgrade/ Protect Your Privacy on Windows 10: https://spreadprivacy.com/windows-10-privacy-tips/

2019 has come and gone, and 2020 is upon us! You know what that means: New Years Resolutions! I’ve put together a Top Ten list of suggestions that will significantly improve your computer security and online privacy! Some of these are easy and some are going to require some effort… but you have a whole year to do them! This will also be a great episode to forward to friends and family, introduce them to the show and help build up our “herd immunity”. Further Info 2020 New Years Resolutions blog: https://firewallsdontstopdragons.com/2020-new-year’s-resolutions/ Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/ Key resources: https://firewallsdontstopdragons.com/resources/ Terms and Conditions May Apply: http://tacma.net/tacma.php Support me! https://www.patreon.com/FirewallsDontStopDragons

We know that we’re tracked, but what remains largely invisible is the massive economy working behind the scenes (or “mirror”) to buy, sell, trade and bid on you and your data. I’ve seen estimates that claim there are up to 4000 data brokers in the US alone. And what’s worse is that they are largely unregulated, making the data market a total free-for-all. What can you do to curb this tracking and selling of data? We’ll discuss that in the conclusion of my interview with the EFF’s Bennett Cyphers. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he’s worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master’s degree for work on privacy-preserving machine learning. In his spare time he designs t-shirts for fake punk rock bands. Further Info EFF’s Behind the One-Way Mirror: https://www.eff.org/wp/behind-the-one-way-mirror  Setting Apple ID to zero (“limit ad tracking”): https://blog.tenjin.com/idfa-sends-all-zeros-on-ios-10-devices-2/ Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/ The Scoring of America: https://www.worldprivacyforum.org/wp-content/uploads/2014/04/WPF_Scoring_of_America_April2014_fs.pdf Corporate Surveillance in Everyday Life: https://crackedlabs.org/en/corporate-surveillance

If you’ve listened to even a handful of my shows, you are well aware that you’re being tracked around the web. But even I was surprised by some of the things I learned in the recent white paper from the Electronic Frontier Foundation entitled “Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance”. One of the prime authors of this report, Bennett Cyphers, came on my show to walk us through the myriad and shocking ways that ad tech companies have found to identity us as we surf the web, use our smartphones, and even walk around the real world. Bennett Cyphers is a staff technologist on the Tech Projects team at the Electronic Frontier Foundation (EFF). He contributes to a variety of different projects within EFF, most of them tied to privacy and competition. In the past year, he’s worked on the tracker-blocking browser extension Privacy Badger, provided technical advice to lawyers and activists, and read and re-read the California Consumer Privacy Act. Before coming to EFF, he was a policy intern at Access Now and earned a Master’s degree for work on privacy-preserving machine learning. In his spare time he designs t-shirts for fake punk rock bands. Further Info EFF’s Behind the One-Way Mirror: https://www.eff.org/wp/behind-the-one-way-mirror Setting Apple ID to zero (“limit ad tracking”): https://blog.tenjin.com/idfa-sends-all-zeros-on-ios-10-devices-2/ Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/

We don’t often think about the security and privacy of our regular old “snail mail”, but we need to. According to recent activity observed by researchers of the dark web, the bad guys have been regaining interest in identity theft schemes involving physical letters. And in many cases, they can steal your mail without ever opening your mailbox. I’ll tell you what you can do to reduce your risk. In other news, thousands of Disney+ accounts were hacked on the first day, a massive data breach exposed over a billion user records, PayPal is set to acquire shopping platform Honey for $4B, and Avast and AVG browser extensions are spying on Chrome and Firefox users.

It’s that time of year again – time to see which popular gifts make my privacy/security Naughty and Nice lists! You want to make sure that when you’re giving gifts to your loved ones that you’re not also giving gifts to hackers and data miners! I’ll also start to catch you up on several of the news stories from the past few weeks including Google’s access to private medical info of tens of millions of people, a researcher finding 146 different Android bugs coming right out of the box, more creepy updates on the Ring Doorbell, and a very welcome federal court ruling about your rights at the US border.

Today in part 2 of my deeply insightful interview with author Kris Shaffer, we discuss how marketers and foreign powers have been capturing our attention and even manipulating our responses. We’ll discuss how these techniques were used in the 2016 US presidential election and in other critical voting situations. In many cases, it’s sufficient to make people stay home or to sow doubt in the election results. But we’ll also discuss whether some of these sames tools and techniques can be used to expose manipulation and tip the scales back in our favor. Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored “The Tactics and Tropes of the Internet Research Agency”, a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, non-profits, and universities on matters related to digital disinformation, data ethics, and digital pedagogy. Kris is the author of Data versus Democracy: How Big Data Algorithms Shape Opinions and Alter the Course of History, published July 2019 by Apress. Further Info Data versus Democracy: https://www.apress.com/us/book/9781484245392 Kris Shaffer’s website: https://pushpullfork.com Weapons of Math Destruction: https://weaponsofmathdestructionbook.com/ Automating Inequality: https://virginia-eubanks.com/ The Great Hack: https://www.thegreathack.com/ Give Thanks and Donate: https://firewallsdontstopdragons.com/give-thanks-donate/

They say we are in the Information Age and that data is the new oil. But many (including my guest, Kris Shaffer) are saying that was is truly valuable today is attention, not information. Information is so plentiful now that it almost has no value. And because just about everything on the internet is free, we’re paying for it with our attention. Marketers have gone to great lengths to study human behavior and they know exactly how to get and keep our attention. Unfortunately, these techniques can also be used to distract us and manipulate us. We’ll discuss this and much more in today’s interview (part 1 of 2). Kris Shaffer, PhD (Yale University, 2011), is a data scientist and Senior Computational Disinformation Analyst for Yonder. He co-authored “The Tactics and Tropes of the Internet Research Agency”, a report prepared for the United States Senate Select Committee on Intelligence about Russian interference in the 2016 U.S. presidential election. Kris has consulted for multiple U.S. government agencies, non-profits, and universities on matters related to digital disinformation, data ethics, and digital pedagogy. Kris is the author of Data versus Democracy: How Big Data Algorithms Shape Opinions and Alter the Course of History, published July 2019 by Apress. Further Info Data versus Democracy: https://www.apress.com/us/book/9781484245392 Kris Shaffer’s website: https://pushpullfork.com Carey’s Best & Worst Gifts for 2019: https://firewallsdontstopdragons.com/best-worst-gifts-2019/

Marketing companies have come up with may clever ways to track our travels around the web, hoping to garner as much information about us as they can. At the same time, privacy-conscious organizations have given us tools to maintain our anonymity by countering these tracking technologies. It’s the usual arms race – one that privacy advocates were mostly winning, with VPN’s, blocking third party cookies, and privacy-enhancing browser plugins. But now we’re faced with the nuclear option: browser fingerprinting. Our browsers cough up dozens of detailed bits of information about us: OS type and version, browser type and version, fonts and plugins installed, monitor resolution, and much more. When taken together, this information creates a fingerprint of our system – one that is often very unique. Preventing this sort of fingerprinting is extremely difficult, making most of the above privacy-enhancing techniques useless. I’ll tell you how it works and what you can do to mitigate this. In other news: Facebook sues NSO Group for using WhatsApp to track people; Google buys FitBit (and all its data); Apple’s privacy website is revamped; Microsoft Office is building in much-needed protections against infected files; and researchers figure out how to hack Siri, Alexa and Google Home from afar using lasers.

How are our identities stolen? What happens to our identity information after its been stolen? Once we realize we’ve been hacked, what can we do to mitigate the damage and recover from the consequences? I’ll discuss this and much more with Amyn Gilani from 4iQ – including why you shouldn’t be participating in all those fun social media quizzes. Amyn Gilani leads strategy and product at 4iQ. Previously, he was a Chief Technologist at Booz Allen Hamilton where he provided expertise to federal and commercial clients focusing on incident response, red teaming, threat hunting, and cybersecurity operations engineering. Prior to joining Booz Allen, Amyn was a Vice President in Information Security at Goldman Sachs where he led Red Team Operations and emulated sophisticated attacks against securities trading platforms and payment systems. He began his career serving in the United States Air Force as an intelligence analyst and was on detail at National Security Agency and United States Cyber Command. Further Info: 4iQ: https://4iq.com/ Report identity theft and other resources: https://www.identitytheft.gov/ Defending Digital podcast: https://defendingdigital.com/carey-parker-firewalls-dont-stop-dragons/

I’ve been a Dropbox user for many, many years. But recently, they’ve gotten really pushy – trying to get me to save all my photos and docs there, integrating with MS Office when I didn’t ask it to, and pushing me to upgrade. Now it tells me I need to deactivate all but three devices (I have probably 7-8). I’ve been looking for a secure and (more importantly) private alternative for a while now, and this pushed me to move. Today I’ll compare several cloud sync services and tell you why I picked Sync.com. In other news: Firefox keeps delivering excellent privacy features and gets top ranks in two new reports; NordVPN was “hacked” but you shouldn’t be worried; ISP are lobbying hard to stop DNS over HTTPS in browsers; some clever researchers show how to create legitimate Amazon Echo and Google Home apps that can eavesdrop and phish for passwords; and macOS Catalina arrives with several bugs but also several welcome new security features. Further Info: Sign up for Sync.com (referral gets us both 1GB extra); http://www.sync.com/get-started?_sync_refer=bd7921700 Switch to Firefox: https://www.mozilla.org/en-US/firefox/new/

You’ve got ransomware! Now what? If you had the foresight to create safe backups, you can restore your data and move on. Sometimes the hackers screw up and you can actually recover your files directly without paying for the key. But in many cases, you have no real choice but to pay. Cyber insurance can not only help you cover those costs, but insurers can deal directly with the hackers for you and help you with the restoration process. Joshua Motta is the CEO and Co-founder of Coalition, the fastest-growing provider of cyber insurance for small to medium sized businesses. Having worked at the intersection of the intelligence, finance, and technology sectors at the CIA, Goldman Sachs, and most recently as an early employee and CxO of Cloudflare, he gained valuable insights into the minds of hackers and how — and why — they target specific organizations, as well as how organizations can most effectively manage cyber risk. He founded Coalition to provide a better way to protect small and midsize businesses from breaches and cyber incidents. Further Info: Coalition Cyber Insurer: https://www.thecoalition.com/ Help with ransomware: https://www.nomoreransom.org/en/index.html

As our world becomes increasingly technical and interconnected, we become more susceptible to technical misfortunes and feel more impact when they inevitably occur. In the first half of my interview with Joshua Motta, we’ll talk about the recent rise in ransomware attacks: how people and companies get infected, what we know about the hackers, and why ransomware is such an effective and debilitating attack. Joshua will even explain how ransomware has become a cottage industry unto itself. Joshua Motta is the CEO and Co-founder of Coalition, the fastest-growing provider of cyber insurance for small to medium sized businesses. Having worked at the intersection of the intelligence, finance, and technology sectors at the CIA, Goldman Sachs, and most recently as an early employee and CxO of Cloudflare, he gained valuable insights into the minds of hackers and how — and why — they target specific organizations, as well as how organizations can most effectively manage cyber risk. He founded Coalition to provide a better way to protect small and midsize businesses from breaches and cyber incidents. Further Info: Coalition Cyber Insurer: https://www.thecoalition.com/ Help with ransomware: https://www.nomoreransom.org/en/index.html

What happens to all the files, photos, songs and other data on your devices when you resell them or throw them away? Well, if you don’t do anything, all that data is still there, waiting for someone else to access it. A recent study showed that 60% of used hard drives still had accessible data on them. Today I’ll tell you how to properly wipe the data from your smartphones and computers before you get rid of them. And there were a lot of other news items this week, including severe bugs in both Apple and Android smartphones, Cloudflare’s wonderful new free mobile VPN app called Warp, a bug in WhatsApp that could allow complete takeover of your device, how to pronounce “GIF”, the SIMJacker hack that affects well over a billion phones, and yet around call by the government to “backdoor” our encrypted communications. Further Info: Hope to Wipe Your Data: https://firewallsdontstopdragons.com/wipe-data-before-dumping-devices/ Windows 10 privacy settings: https://spreadprivacy.com/windows-10-privacy-tips/

So what happens when your face print (or any biometric info) is stolen from a server? You can’t change your face like you can change your password. Is there anything you can do to avoid your face being scanned or prevent your face from being recognized? What can you do right now to halt the use of facial recognition technologies while we sort out all the social implications? The answers to these questions and more in the second half of my interview with EPIC’s Jeramie Scott! Jeramie Scott is Senior Counsel at EPIC and Director of the EPIC Domestic Surveillance Project. His work focuses on the privacy issues implicated by domestic surveillance programs with a particular focus on drones, AI, biometrics, and social media monitoring. Mr. Scott regularly litigates open government cases and cases arising under the Administrative Procedure Act. He is also a co-editor of “Privacy in the Modern Age: The Search for Solutions” and the author of “Social Media and Government Surveillance: The Case for Better Privacy Protections of Our Newest Public Space.” Prior to joining EPIC, Mr. Scott graduated from the New York University Law School where he was a clinic intern at the Brennan Center’s Liberty and National Security Program. His work at the Brennan Center focused on civil liberty issues arising from local law enforcement surveillance. Further Info: Electronic Privacy Information Center (EPIC): https://epic.org Privacy in the Modern Age: The Search for Solutions: https://www.amazon.com/Privacy-Modern-Age-Search-Solutions/dp/1620971070 Glenn Greenwald’s TED Talk on Privacy: https://www.ted.com/talks/glenn_greenwald_why_privacy_matters Petition to ban the use of FRT: https://www.banfacialrecognition.com/