Firewalls Don't Stop Dragons Podcast

Between 50 and 90 million Facebook users’ accounts were exposed, appearing to give hackers full access as if they were logged in as you. Facebook has fixed the bug, but it’s not yet clear whose accounts may have been compromised. In other news, researchers have determined that Facebook is using your security contact information and information shared by others you know to target you with ads. In other privacy news, Google’s Chrome browser version 69 will automatically log you into the browser if you log in to any of Google many services – without warning or consent. While Google claims that none of your history or data is uploaded, the quiet change appears to violate their own privacy policies and has rankled many privacy advocates (including yours truly). For Further Insight: Why I’m Done With Chrome: https://blog.cryptographyengineering.com/2018/09/23/why-im-leaving-chrome/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

One of the best ways to avoid identity fraud is to freeze your credit reports. Thanks to a new law that just went into effect, freezing and unfreezing your credit is now completely free! Freezing your credit will prevent fraudsters from opening new loans and credit cards in your name, sticking you with the bill. When you actually need to open new credit, you can temporarily thaw your account (also free). I’ll tell you how. In other news, hackers have found flaws in two different government online payment systems, researchers have identified popular iPhone and Mac apps that are stealing your personal information, and Google has struct a secret deal with at least one major credit card company to get access to your real life purchase information. For Further Insight: Secret data sharing deal between Google and MasterCard: https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales iPhone apps stealing location data: https://www.macrumors.com/2018/09/07/iphone-apps-location-data-monetization/ Freeze your credit: https://krebsonsecurity.com/2018/09/credit-freezes-are-free-let-the-ice-age-begin/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Did you know that Google owns Android, Waze, YouTube, Pixel phones and Chromebooks? Did you know that almost 90% of Google’s revenue comes from advertising? There’s hardly any part of your online life that isn’t somehow tracked by Google. By using Google’s email, calendar, docs, search, browser, cloud storage and even phones, we are allowing Google to know just about everything about us. But there are viable alternatives that will respect your privacy. Daniel Davis from DuckDuckGo (a search privacy-first search company) will help us understand how and why Google tracks us, and then provide practical replacements for Google’s most popular services and products. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn’t track you, and has expanded to protect you no matter where the Internet takes you. For Further Insight: Website: https://duckduckgo.com Twitter: https://twitter.com/duckduckgo LinkedIn: https://www.linkedin.com/company/duck-duck-go Facebook: https://www.facebook.com/duckduckgo/ How to Live Without Google: https://spreadprivacy.com/how-to-remove-google/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons TRANSCRIPT OF FULL INTERVIEW Carey Parker: Hi everybody, welcome back to Firewalls Don’t Stop Dragons. I got another great interview show for you today. I know I’ve had three interviews in a row. It’s not normal. Usually I try to go back and forth, but it just hasn’t worked out that way lately. I’ve got some great people available for the reason I just couldn’t pass it up. Carey Parker: Today we’re gonna be talking with Daniel Davis from DuckDuckGo and DuckDuckGo, if you recall, is the privacy centered search engine that’s an alternative to Google search engine and that is what we’re going to be talking about today. So we hear all the new stories about Facebook and Cambridge Analytica and all the things that have been exposed and all the things that Facebook knows about you. And what we really need to realize is that all of that just pales in comparison to what Google knows about most of us. Google is all up in everything that we do, and I think you’ll actually be surprised to learn that all the different ways that Google is in our lives. Carey Parker: And so as all these scandals around privacy been coming around, I finally just decided personally that I’ve got to extract myself from Google, and they have some great products. These free products that they’ve had that I have used for many, many, many years are honestly great functionally, they’re wonderful. And because like Facebook because everybody uses them, it’s just so easy to share calendars, to share documents to … email of course is not quite the same because at least emails are standard that many different services support, so you don’t have to both be on Gmail in order to send email, which thank God. But, anyway, there are just so many things that Google’s part of lives and we’re going to cover that in the interview, So I’m not going to give too much away now. Carey Parker: But the point of this interview, what I tasked Daniel with and they’ve got an article at DuckDuckGo about how to get rid of Google, how to live your life without Google products. And it goes through all the top Google products and gives you a really viable alternative. But to me that wasn’t good enough. What I wanted to know was, okay, if I’m deeply embedded in Google and I’ve got all this data and all my friends know my Gmail address and I’m sharing Google calendars with people, it’s not just enough to know here’s an alternative, but how do I actually switch from one to the other? And so we’re going to talk about that today with Daniel Davis and let’s jump right in. Carey Parker: He’s got some really great info and we’ll start off talking a little bit about what the real backgro…

AT&T is operating top secret Internet monitoring facilities for the NSA in the heart of 8 major US cities according to a blockbuster report from The Intercept. Sitting on top of major digital communications arteries, these surveillance systems can track and record most communications within the US as well as many outside our physical borders. David Ruiz from the Electronic Frontier Foundation explains why these sorts of systems go way beyond the foreign spying mandate of the NSA and hoover up hordes of “incidental” data on ordinary, law-abiding US citizens. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that seek to reform or reauthorize Section 702 of the FISA Amendments Act, a law that is currently one of the U.S. government's most powerful surveillance tools. Previously, David worked as a journalist covering legal affairs for some of Silicon Valley's largest companies, including Google, Facebook, Twitter and Uber. He has also had his work featured in KQED, The East Bay Express, SFGate.com, The Sacramento Bee and KZSU Stanford 90.1 FM. Beyond writing, David also hosts a personal podcast called Death Knell, which explores the grieving process after death. For Further Insight: Website: davidalruiz.com Follow on Twitter: @davidalruiz @EFF Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Frontline’s United States of Secrets: https://www.pbs.org/video/frontline-united-states-secrets-part-one/ The Intercept, AT&T NSA Spy Hubs: https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/ EFF’s response to Intercept: https://www.eff.org/deeplinks/2018/07/eight-att-buildings-and-ten-years-litigation-shining-light-nsa-surveillance

The 2018 DEFCON Vote Hacking Village showed once again that our voting machines are way too easy to hack. Even though election system manufacturers refuse to allow independent researchers to vet their products directly, hackers at DEFCON have managed to get their hands on several systems in use today, and show that they are trivial to compromise. Jacob Hoffman-Andrews from the EFF explains what all of this means and the measures we need to take to address these shortcomings. The PAVE Act that’s currently before Congress would provide mechanisms to mitigate the weaknesses of our voting systems by requiring a paper trail for all votes and risk-limiting audits to validate vote totals with minimal effort and cost. The companion Secure Elections Act is now a much weaker bill and would need to have these provisions restored. Jacob Hoffman-Andrews is a lead developer on Let's Encrypt, the free and automated Certificate Authority. He also works on EFF's Encrypt the Web initiative and helps maintain the HTTPS Everywhere browser extension. Prior to working at EFF, Jacob was on Twitter's anti-spam and security teams. One the security team, he implemented HTTPS-by-default with forward secrecy, key pinning, HSTS, and CSP. On anti-spam, he deployed new machine-learned models to detect and block spam in realtime. Before Twitter, he worked at Google, variously on the maps, transit, and shopping teams. For Further Insight: Website: https://www.eff.org/about/staff/jacob-hoffman-andrews Follow on Twitter: https://twitter.com/j4cob

Facebook’s “Protect” Virtual Private Network is anything but “private”. Facebook has been using this VPN to monitor all of your web surfing, adding even more information about its users to its colossal database. Apple removed the app from it’s App Store due to violations of its recently upgraded privacy policies. You should delete the app from your phone and use a better VPN. In other news, banks are using 2,000 data points about how you tap, swipe, type, click and move to try to prevent fraud, DEFCON hackers have found more bugs in our election systems (though the headlines got it mostly wrong), Amazon Echo might be able to scare off burglars, and DNA service 23andMe is starting to dial back access to your data for third party developers. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Security researchers have demonstrated that a modern all-in-one printer machine can be compromised using technology from the 1970s: the venerable fax machine. If you have a fancy printer/fax, you need to update its software ASAP. Presenters are this year’s DEFCON hacker conference have shown that they can compromise HP printer/fax machines by sending it a maliciously formatted fax message. I’ll also tell you about a scary and effective sextortion scam, a dire warning from the FBI about a coming ATM cashout heist, some more browser plugins that are tracking all the websites you visit, and why turning of Location History in your Google settings isn’t actually stopping Google from tracking where you go. Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

What do you get when you cross cryptography with a wall of lava lamps? Believe it or not, a much more secure Internet. Cloudflare’s CTO John Graham-Cumming will explain why all our modern communications require sources of randomness to remain secure, and how his company has used a wall of 100 lava lamps to serve as a serious source of entropy. John will explain how to pick strong passwords using dice, how you can predict random numbers, and whether quantum computing will render all of our crypto technology useless. Book: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

How can you go wrong trying to stop sex trafficking? FOSTA, that’s how. The Fight Online Sex Trafficking Act (FOSTA) tried to fix something that wasn’t broke: under pre-existing law, we already had common sense regulations in place to prosecute online services that facilitated sex trafficking. But perhaps in an effort to appear tough on sex crimes, the US Congress passed additional regulations that are difficult to enforce and possibly even unconstitutional. The result may be more harm that good, robbing sex workers of resources that tools that served to protect them and squelching legitimate online content. I delve into this topic with the EFF’s Elliot Harmon, covering the history of legislation in this area and analyzing the nuances of this tricky area of law. We also explore the political and financial reasons the FOSTA/SESTA bills appeared to have such broad support and how these laws closely parallel copyright enforcement bills. Elliot Harmon is the associate director of activism at EFF. He advocates for free speech and the right to innovate online, with particular emphasis on patents, copyright, open access, and Section 230. Before coming to EFF, Elliot served as director of communications at Creative Commons, an organization that helps creators share their works with the public via open copyright licenses. Before that, he worked as a writer and curator for TechSoup, a technology resource for the nonprofit community. He has degrees from the University of South Dakota and the California College of the Arts. For Further Insight: Website: https://www.eff.org/about/staff/elliot-harmon Rep Chris Cox on how Section 230 came into being: https://www.youtube.com/watch?v=iBEWXIn0JUY&t=3m55s Why Hollywood might see FOSTA as a step toward a filtered Internet: https://www.eff.org/deeplinks/2018/03/how-fosta-will-get-hollywood-filters-theyve-long-wanted Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

A small company has recently bought up a bunch of mobile phone add-ons and browser plugins, and apparently decided to start snooping on its customers. The apps have been downloaded by over 11 million people and appear to be keeping track of every single web site you visit. In another story, a plugin that is supposed to help you pin things on Pinterest is actually injecting code into web pages. While this appears to be just a coding accident, these two stories should be a wake-up call. I’ll tell you what you can do about it. In other news, Facebook, Google and others are helping you take your data to competing services, 23andMe is sharing your DNA with Big Pharma, a nasty new Bluetooth bug has been found, and Chrome is now marking many more websites as “insecure”. Tune in and I’ll explain how this all affects you!

There’s a data gold rush going on in the United States and without regulation, it’s turning into a Wild West of data mining. Modern humans generate tons of data exhaust every single day: what you buy, what you eat, what you watch, where you live and work and what you do in your free time. These activities and habits may speak volumes about your health risk factors – and therefore how expensive you will be to cover with health insurance. In today’s show, I’ll share some chilling insights from a conference where data brokers and health insurers are using this data to predict how much it will cost them to insure you – and potentially raise your rates or even find ways to avoid covering you at all. In other news, Apple has released a new privacy feature to protect your iPhone from hacking, the popular mobile payment firm Venmo is sharing your transaction information with the world, researchers have developed an app to stop your laser printer from tattling on you, and Google’s new Confidential Mode email isn’t so confidential. For Further Insight: Change Venmo privacy settings: https://help.venmo.com/hc/en-us/articles/210413717-Payment-Activity-Privacy Get your LexisNexis report: https://personalreports.lexisnexis.com/access_your_full_file_disclosure.jsp Find and obfuscate secret tracking dots from your printer: http://seeingyellow.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Where were you on the night of June 22nd? Your cellular provider knows. And until that date just a few weeks ago, if law enforcement wanted that info, all they had to do was ask. But we’re not just talking about one night… they know every place you’ve been, throughout the day, every day, going back months or even years. Thankfully, the Supreme Court ruled that law enforcement must now get a warrant to obtain this highly sensitive information and show probable cause. In our interview today, I have a truly thought-provoking discussion around the landmark Carpenter vs United States ruling with Shahid Buttar, a lawyer and grassroots organizer for the Electronic Frontier Foundation (EFF). We delve into the history behind cell phone data access in the United States and why a basic right to privacy is fundamental to any democracy. Shahid Buttar leads EFF's grassroots and student outreach efforts. He's a constitutional lawyer focused on the intersection of community organizing and policy reform as a lever to shift legal norms, with roots in communities across the country resisting mass surveillance. From 2009 to 2015, he led the Bill of Rights Defense Committee as Executive Director. After graduating from Stanford Law School in 2003, where he grew immersed in the movement to stop the war in Iraq, Shahid worked for a decade in Washington, D.C. He first worked in private practice for a California-based law firm, with public interest litigation projects advancing campaign finance reform and marriage equality for same-sex couples (as early as 2004, when LGBT rights remained politically marginal). From 2005 to 2008, he helped build a national progressive legal network and managed the communications team at the American Constitution Society for Law & Policy, before founding the program to combat racial & religious profiling at Muslim Advocates. For Further Insight: Website: https://eff.org/efa Twitter URL: https://twitter.com/Sheeyahshee / https://twitter.com/EFF Facebook URL: https://www.facebook.com/EFF Become part of the Electronic Frontier Alliance: [email protected] Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

We’ve talked about encryption in just about every single one of these shows but we’ve never actually talked about what it means to encrypt something. Did you know that Julius Caesar used cryptography to send secret messages to his generals? You may have heard about the vaunted Enigma Machine used by the Germans in World War II, but how did it work? I’ll walk you through the basics of creating secret codes and how to crack them – the science of cryptography and cryptanalysis! Secret codes have one big problem, though: coded messages stick out like a sore thumb. When you capture a spy with a piece of paper full of gibberish, you can bet it’s a coded message. But what if you could hide your messages in plain site? That’s called steganography and I’ll explain how crafty people have hidden messages since the days of the Ancient Greeks. For Further Insight: The Code Book by Simon Singh The Code Breakers by David Kahn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Wouldn’t it be great if you could speed up every single website you visit without paying a dime? Every time you go to a website, your computer or smartphone first has to look up how to get to get there – just like we used to have to look up people’s numbers in the phone book. The service we all use is the Domain Name System (DNS), and by default, your DNS provider is probably not very fast. Today, John Graham-Cumming (the CTO of Cloudflare) will carefully explain how this works and why his company’s 1.1.1.1 DNS service is so much faster than the default one you’re probably all using. Furthermore, Cloudflare’s service will keep your web surfing habits totally private – something your default service is almost surely NOT doing. John Graham-Cumming, CTO of Cloudflare, is a computer programmer and author. He studied mathematics and computation at Oxford and stayed for a doctorate in computer security. As a programmer he has worked in Silicon Valley and New York, the UK, Germany, and France. His open source POPFile program won a Jolt Productivity Award in 2004. John is the author of a travel book for scientists published in 2009 called The Geek Atlas and has written articles for The Times, The Guardian, The Sunday Times, the San Francisco Chronicle, New Scientist and other publications. For Further Insight: Website: jgc.org Follow on Twitter: https://twitter.com/jgrahamc Cloudflare’s 1.1.1.1 DNS service Steve Gibson’s DNS Benchmarking tool: https://www.grc.com/dns/benchmark.htm DNS Perf speed check: https://www.dnsperf.com/

This was a huge week for location privacy rights. In a 5-4 ruling, the Supreme Court has ruled that law enforcement must now obtain a warrant to obtain your cell phone location history. You cell provider knows where you are 24/7 and keeps records of your whereabouts that can go back for years. Until this ruling, this location information was considered to be unprotected and could be freely provided to law enforcement without notice or permission. In related news, all major US cellular providers have voluntarily terminated agreements to provide your location to third party vendors due to several recent cases of abuse. On the other hand, Apple’s new iOS 12 will come with a feature that will automatically send detailed location information to 911 operators when you make an emergency call. We’ll talk about how end-to-encryption in WhatsApp has allowed girls in ISIS-controlled Syria to maintain their schooling. And if you have a really old web browser, it’s time to update it – at least if you still want to shop online!

Android devices are everywhere – not just smartphones, but smart TVs, DVRs, streaming TV boxes and tablets. And many of these devices a shipping with a wide open backdoor for hackers. The Android debug port is supposed to only be used during software development, but many manufacturers are shipping popular Android-based products with this debug interface wide open. Hackers can easily use this interface to hack these devices, often from anywhere on the planet. In other news, California is trying to follow Vermont’s lead by introducing consumer data protection regulations, but many huge tech companies are trying desperately to defeat the measure. I’ll update you on the VPNFilter malware that is affecting more and more of our home WiFi routers, yet another critical Adobe Flash bug, and a $99 “unbreakable” smart padlock that can be hacked in under two seconds. For Further Insight: Locking down your home routers: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

There are estimated to be 2500-4000 data brokers in the United States who are collecting, buying and selling your information. Vermont has become the first state to pass laws to regulate this data mining that is largely working in the dark with zero accountability. We need more laws like this and I’ll tell you what you can do in the meantime to take more control over your personal and private data. Also in the news, Apple has announced some fantastic new security and privacy features for it’s upcoming iOS and macOS releases, Facebook has screwed up again, turning posts from 14M people public when they were supposed to be private, and My Heritage DNA service annouces that its 92M customer passwords were stolen. For Further Insight: Opting out of data collection: https://www.stopdatamining.me/opt-out-list/ Opting out of marketing, phone calls: https://www.worldprivacyforum.org/2015/08/consumer-tips-top-ten-opt-outs/ Know that they have on you: https://www.aboutthedata.com/portal/registration/step1 Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

When is a Virtual Private Network (VPN) not really private? Answer: When your VPN provider tracks where you go and sells that information to someone else. Today we’ll talk about a recent study that shows that many of the top free VPN services make their money by collecting and selling your browsing information. That seems to violate the “P” part of “VPN”, but let’s face it: if the product is free, then you are probably the product. I’ll help you find a VPN service that is truly private. In other news, Amazon’s Echo was recently caught recording a private conversation and sending it to a seemingly random person – should you be worried? Also, I’ll explain why shouting at your hard drives can cause corruption and tell you about a great new feature of the Privacy Badger browser plugin that will stop Facebook from tracking you. For Further Insight: Don’t shout at your hard drives: https://www.youtube.com/watch?v=tDacjrSCeq4 Choosing a truly private VPN: https://www.privacytools.io/#vpn Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Summer is upon us and for many of us that means travel – but before you even pack your bags, you need to listen to this podcast! In my interview with Michael Kaiser (the Executive Director of the National Cyber Security Alliance), we discuss all the cyber security and privacy issues you need to consider: before you go and while you’re traveling. Going abroad this summer? There are even more things you need to consider well before you leave! I also tell you why everyone needs to reboot their WiFi routers – by request of the FBI, no less! A Russian-made piece of malware called VPNFilter has infected half a million routers world-wise, and the remedy in most cases is simply to power-cycle or reboot your router. It’s easy to do and we should also take a few minutes to do it. Michael Kaiser joined the National Cyber Security Alliance (NCSA) in 2008. As NCSA’s executive director, Mr. Kaiser engages diverse constituencies—business, government and other nonprofit organizations—in NCSA’s broad public education and outreach efforts to promote a safer, more secure and more trusted Internet. Mr. Kaiser leads NCSA in several major awareness initiatives, including National Cyber Security Awareness Month (NCSAM) each October, Data Privacy Day (Jan. 28) and STOP. THINK. CONNECT., the global online safety awareness and education campaign. NCSA builds efforts through public-private partnerships that address cybersecurity and privacy issues for a wide array of target audiences, including individuals, families and the education and business communities. In 2009, Mr. Kaiser was named one of SC Magazine’s information security luminaries. Mr. Kaiser has served on several nonprofit boards. He is currently the chair and a founding board member of SPINUSA, a national nonprofit based in Massachusetts, and has served on the Board of Trustees of the College of the Atlantic in Bar Harbor, Maine, and New Destiny Housing Corporation in New York City. For Further Insight: Web site: staysafeonline.org Follow on Twitter: https://twitter.com/MKaiserNCSA Facebook: https://www.facebook.com/staysafeonline/ LinkedIn: https://www.linkedin.com/in/michael-kaiser-3579752b NCSA’s Cyber Trip Advisor: https://www.stopthinkconnect.org/resources/preview/tip-sheet-ncsas-cyber-trip-advisor Reboot your router and set your admin password: https://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/

On May 25th, the European Union will begin enforcing the GDPR – a sweeping set of regulations designed to return control of user data back to the users. These rules apply to EU people, not EU companies – so if you have a business or website that deal with folks from the EU, then you need to comply with these rules. Note that even if it’s just a newsletter, you could be on the hook for damages if you didn’t obtain proper consent from your subscribers. Ruth Carter is an Arizona attorney and an authority on intellectual property, business startups, contracts, and internet law. She is an American Bar Association Legal Rebel, a Phoenix Business Journal 40 Under 40, and a Super Lawyers Southwest Rising Star. Ruth also wrote three best-selling books on guerrilla marketing and social media law including The Legal Side of Blogging: How Not to get Sued, Fired, Arrested, or Killed. Ruth is also a professional speaker and has spoken at South by Southwest, Content Marketing World, Intelligent Content Conference, Women in Travel Summit, BlogHer, Dad 2.0 Summit, Ungagged, Phoenix Comicon (now Phoenix Comic Fest), and BlogPaws. She's also been featured in the Wall Street Journal, Entrepreneur, CEO Blog Nation, U.S. News, and on NPR. For Further Insight: Website: GeekLawFirm.com Twitter: https://twitter.com/rbcarter LinkedIn: https://www.linkedin.com/in/ruthcarter Facebook: https://www.facebook.com/carterlawfirmpllc Book: https://www.amazon.com/The-Legal-Side-Blogging-ebook/dp/B009K4U5RU/ Terms of Service; Didn’t Read: https://tosdr.org/ Ruth’s blogs on complying with GDPR: http://carterlawaz.com/category/gdpr/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Ever since WhatsApp was acquired by Facebook in 2014 for a staggering $19B, the extremely popular global messaging app has been losing its focus on privacy. WhatsApp co-founder Jan Koum (who grew up in the Soviet Union) has now left Facebook, and with him WhatsApp may have lost its last hope for retaining the user protections Koum carefully put in place. If you even considered leaving Facebook, you should consider leaving WhatsApp. In the news, we’ll talk about a software bug that may leave 350,000 internal defibrillators to hacking, the looming hail-Mary chance to save net neutrality, a new credit bureau you might want to freeze, more computer CPU chip bugs coming, a Twitter password change requirement, new iOS and Firefox privacy features, and getting into your next concert using just your face. For Further Insight: Everything you need to know about credit freezes: https://krebsonsecurity.com/2018/05/another-credit-freeze-target-nctue-com/ Freezing your credit at NCTUE: 866-349-5355 Save Net Neutrality! https://battleforthenet.com Try Signal! Get your friends to try it, too!! https://www.signal.org/ Blog article with more info: https://firewallsdontstopdragons.com/ditch-whatsapp-use-signal/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Phil Zimmermann fought a multi-year court battle and risked years in jail in order to defend your right to privacy. Phil created an email encryption system called Pretty Good Privacy (PGP) in 1991 that is still the gold standard for private email today. I sat down with Phil to discuss his legacy and why we are truly in the Golden Age of Surveillance, despite claims by law enforcement that all communications are “going dark”. Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide. Despite the lack of funding, the lack of any paid staff, the lack of a company to stand behind it, and despite government persecution, PGP nonetheless became the most widely used email encryption software in the world. After the government dropped its case in early 1996, Zimmermann founded PGP Inc. That company was acquired by Network Associates Inc (NAI) in 1997. In 2002 PGP was acquired from NAI by a new company called PGP Corporation, where Zimmermann served as special advisor and consultant until its acquisition by Symantec in 2010. Since 2004, his focus has been on secure telephony for the Internet, developing the ZRTP protocol and creating products that use it, including Silent Phone and Zfone. Zimmermann is Co-founder of Silent Circle, a provider of secure communications services. For Further Insight: Website: https://www.philzimmermann.com/

Our electronics and appliance manufacturers are desperately trying to turn all of their “dumb” products into “smart” ones by connecting them to the Internet – the new Internet of Things (IoT). And while dialing down your thermostat from the office and asking your portable speaker for today’s forecast is great, how can you trust that these devices aren’t spying on you or going rogue? In most cases, you can’t – which is why you need to wall them off from your computers Today I’ll tell you how everyone can segregate these insecure devices using the WiFi router you already own. I’ll also tell you about a promising new project from Microsoft that may make future IoT devices much more secure, how Facebook is moving 1.5B users out from under GDPR protections, how services like 23andMe and Ancestry.com can be used to catch serial killers, and why the FBI may be lying about information “going dark”. For Further Insight: How to put your IoT devices on the guest network: http://firewallsdontstopdragons.com/the-s-in-iot-is-for-security/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Google truly does know everything. Law enforcement is now turning to the search company to locate potential crime suspects. Google owns Android and Waze, along with several other smartphone apps – many of which have full access to your whereabouts. Police are now asking Google for lists of users who were near crimes when they occurred in hopes of finding suspects. How does this jibe with our Fourth Amendment rights and what can we do to protect our privacy in the Golden Age of Surveillance? I have an eye-opening conversation with Nathan Freed Wessler of the ACLU on how courts and lawmakers are struggling to deal with demands for data from Google and other sources by law enforcement agencies anxious to make use of the treasure trove of personal information they’re amassing. Nathan Freed Wessler is a staff attorney with the ACLU Speech, Privacy, and Technology Project, where he focuses on litigation and advocacy around surveillance and privacy issues, including government searches of electronic devices, requests for sensitive data held by third parties, and use of surveillance technologies. In 2017, he argued Carpenter v. United States in the U.S. Supreme Court, seeking to establish that the Fourth Amendment requires law enforcement to get a search warrant before requesting cell phone location data from a person’s cellular service provider. For Further Insight: Website: www.aclu.org Follow on Twitter: https://twitter.com/NateWessler Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Chairman Ajit Pai and the FCC voted to gut net neutrality late last year – but the fight is not over. The United States Senate can overturn these rule changes with a simple majority of 51 votes. Right now, we have 50. We need just one more vote. This process has a 60-day deadline, which is April 23rd. We have one week left to reverse these changes and preserve Net Neutrality. If you have a Republican Senator, now is the time to call them and express your support! I’ll discuss the new “multi-breach” of Sears, Kmart, Delta and MyFitnessPal, including what you need to do if you were affected. I’ll talk about Facebook CEO’s Mark Zuckerberg’s testimony in front of Congress and why most of the Congress folks completely missed the point. And while all of that was going on, Facebook was working in the background to severely weaken data collection regulations. For Further Insight: Delta.com breach info: https://www.delta.com/response Sears/Kmart breach info: https://searsholdings.com/update Save Net Neutrality – act by April 23! https://www.battleforthenet.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Would you take your computer in for repair if you knew the technicians would be scanning your hard drive looking for anything suspicious while they had the hood up? It’s something that apparently we all need to be considering now. A recent lawsuit against a California doctor has revealed that the FBI has been paying Best Buy Geek Squad technicians to search for illegal content on the computers that were sent in for repairs. The relationship appears to go back at least 10 years. Today I speak with Aaron Mackey, a staff attorney at the Electronic Frontier Foundation – the organization who discovered this connection through the use of Freedom of Information Act queries. I’ll also briefly update on the latest Facebook scandals and their attempts to address the massive privacy issues. Aaron Mackey joined EFF in 2015 after moving from Washington, D.C. where he worked on speech, privacy, and freedom of information issues at the Reporters Committee for Freedom of the Press and the Institute for Public Representation at Georgetown Law. Aaron graduated from Berkeley Law in 2012, where he worked for EFF while a student in the Samuelson Law, Technology & Public Policy Clinic. Prior to law school, Aaron was a journalist at the Arizona Daily Star in Tucson, Arizona. He received his undergraduate degree in journalism and English from the University of Arizona in 2006, where he met his amazing wife, Ashley. They have two young children. For Further Insight: Website: www.eff.org Twitter URL: https://twitter.com/aaron_d_mackey Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons – https://www.eff.org/deeplinks/2018/03/geek-squads-relationship-fbi-cozier-we-thought How to delete (or curtail) Facebook: https://firewallsdontstopdragons.com/its-time-to-delete-facebook/

At Facebook, it’s critically important to remember that you are not the customer, you’re the product. None of Facebook’s users pay a dime for its service and yet Facebook makes tens of billions of dollars a year. Facebook makes money off of you and your data. And as we’ve seen in the last two weeks, that business model is ripe for abuse. It’s long since time that we, as consumers, reject the current Internet business model: the collection and sale of phenomenal amounts of highly personal data. In today’s episode, I’ll discuss the Cambridge Analytica scandal and why a Facebook VP believes that growth is good at any cost. I’ll spell out all the reasons why I’m deleting my Facebook account – and why you should strongly consider doing the same. At the very least, you should see what information Facebook has on you, so you can make an informed decision – I’ll tell you how to do that, too. For Further Insight: Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons Further Reading: https://firewallsdontstopdragons.com/its-time-to-delete-facebook/

Your privacy and 4th amendments rights were dealt another blow last week, while no one was really looking. Congress opened the door to more warrantless surveillance by tacking on a little-known, unvetted bill to the monster spending legislation passed last week. This bill, benignly titled the Clarifying Overseas Use of Data (“CLOUD”) Act, removes the need for foreign countries to obtain a search warrant before demanding data from US companies. This bill was never debated. It wasn’t reviewed or marked up by a single committee. There were no hearings. But it is now law. David Ruiz, from the Electronic Frontier Foundation, helps us to understand the stark implications of this new law and together we explore how it can be used to completely circumvent your 4th Amendment rights. David Ruiz is a writer covering NSA surveillance and federal surveillance policy for Electronic Frontier Foundation, a digital rights non-profit. As 2017 closes, he is deeply involved in covering the multiple bills before Congress that seek to reform or reauthorize Section 702 of the FISA Amendments Act, a law that is currently one of the U.S. government's most powerful surveillance tools. Previously, David worked as a journalist covering legal affairs for some of Silicon Valley's largest companies, including Google, Facebook, Twitter and Uber. He has also had his work featured in KQED, The East Bay Express, SFGate.com, The Sacramento Bee and KZSU Stanford 90.1 FM. Beyond writing, David also hosts a personal podcast called Death Knell, which explores the grieving process after death. For Further Insight: Website: davidalruiz.com Follow on Twitter: https://twitter.com/davidalruiz Little Brother by Cory Doctorow Donate to the Electronic Frontier Foundation Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Have you ever really stopped to consider the sheer amount of data Facebook has on you? How long have you had your Facebook account? How many pictures have you posted and tagged? How many relationships have you had? Facebook has all that data, and much more – all your posts, your messages, your status changes, your likes, your comments, your profile (every version), your photos and videos… Facebook knows all. Do you have the Facebook app on your smartphone? Then it probably also has all of your phone contacts, ever. What many people don’t know is that you can actually download your entire Facebook dossier, and it’ll blow your mind. I’ll tell you how. In other news, Intel has fixes coming soon for its chips while AMD chips have several newly discovered vulnerabilities. Alexa has been laughing at some of you, Apple has a nice web page to help you control what your kids can access, PayPal shares your data with over 600 companies, and the Geek Squad has been snooping around on your computers for the FBI. For Further Insight: Apple’s Families page: https://www.apple.com/families/ Download your Facebook data: https://www.facebook.com/help/302796099745838 Download your Google data: https://support.google.com/accounts/answer/3024190?hl=en Download your Twitter data: https://help.twitter.com/en/managing-your-account/how-to-download-your-twitter-archive Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

If a vote falls in a ballot box, but there’s no one there to see it – does it count? Marian Schneider, President of Verified Voting, explains why so many of our national voting systems have absolutely no way of being audited. Digital technology has been a wonderful boon for this world, but when it comes to something as fundamental to democracy as casting a vote, you simply must have a physical record that you can verify by hand if necessary. It may already be too late for the 2018 midterm elections, but we simply must have this fixed for 2020. We’ll tell you how you can get involved and make a real difference. This is a non-partisan issue that affects us all. As the President of Verified Voting, Marian Schneider brings a strong grounding in the legal and constitutional elements governing voting rights and elections, as well as experience in election administration at the state level. Immediately before becoming President of Verified Voting, Marian served as Special Advisor and Deputy Secretary for Elections and Administration, to Pennsylvania Gov. Tom Wolf. Marian received her J.D. from The George Washington University, where she was a member of the Law Review, and earned her B.A. degree cum laude from the University of Pennsylvania. For Further Insight: Website: www.verifiedvoting.org Follow on Twitter: https://twitter.com/VerifiedVoting Facebook: https://www.facebook.com/VerifiedVoting/

Facebook has wants your face. Guess we should have seen that coming. While Facebook has been using face recognition for years now, it began notifying users in December of much broader use of this technology. Of course, they will tell you that you are the prime beneficiary, but by accepting this new feature you may be enabling Facebook to do much more. Tune in and I’ll tell you all about it, including how to turn it off! We’ll also discuss how Apple is taking heat for moving some of its iCloud customers’ encryption keys to China, some great new privacy features coming soon to both Firefox and Android, and how you can see all your snail mail online (and maybe others can, too). For Further Insight: How to turn off FB facial recognition: https://mashable.com/2018/02/28/how-to-turn-off-facebook-face-recognition/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Should you cover your webcam? Is anti-virus software worth the money? How do you know if you’ve been hacked? How do you know what software you can trust? We’ll cover all of these topics and more with Patrick Wardle, a computer security expert and ex-NSA hacker. While Patrick’s focus is Mac security, we also discuss PCs and mobile devices, and much more! Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, and as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users. For Further Insight: Website: https://objective-see.com/ Twitter URL: https://twitter.com/patrickwardle Optional guest headshot: https://2016.zeronights.org/wp-content/uploads/2016/09/Patrick_Wardle.jpeg Support Patrick! https://www.patreon.com/objective_see Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

You know the best way to limit what malware can do on your system? Limit what YOU can do! Software on computers generally inherits the privileges of the current user. The problem is that the default account that comes with all computers has full administrator privileges – you can do anything. And whatever you can do, malware can also do. The solution is to always have a non-admin account that you use for day-to-day activities, reserving your admin account for very special tasks. According to experts, using a non-admin account could have mitigated 80% of critical Microsoft bugs in 2017. I’ll also talk about Chrome’s new “ad filter” that falls well short, a bug on Apple devices that will allow a single character to crash your messaging apps, a new “turducken” Microsoft vulnerability, a nasty Skype bug that Microsoft claims takes “too much effort to fix”, and a new Facebook app feature called “protect” that should really be called “spy”. For Further Insight: How to set up non-admin accounts: http://firewallsdontstopdragons.com/use-non-admin-account/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Do you know where your software’s been? If you’re downloading your apps and driver software from third parties, you may be getting more than you bargained for. Software download sites may be attaching unwanted extras to your installers in order to make money. And bad guys are also hacking these sites to trick you into downloading malware. I’ll tell you how to ensure your software is pristine. In other news, Equifax admits that it lost even more sensitive information in the massive hack that affected over 145 million customers last year. Some key Apple source code in revealed that may help hackers attack your iPhone. And Lenovo announces critical bugs in the WiFi software on many of its ThinkPad laptops.

Our mobile phones today are chock full of private information and are constantly tattling about our whereabouts and activities. Most phones today have GPS, WiFi, Bluetooth, motion detectors, magnetic field detectors, microphones, cameras, and of course cellular radios. Some even have facial recognition built right in. With all this personal data and telemetry information, is it even possible to prevent tracking and information leakage? CLICK FOR FULL TRANSCRIPT OF INTERVIEW Today we discuss these topics and more with Daniel Davis from DuckDuckGo – a company dedicated to protecting your privacy. He and I discuss DuckDuckGo’s new privacy-focused smartphone app, along with other tips and techniques to guard your privacy on your mobile devices. Daniel Davis is a Community Manager at DuckDuckGo, the Internet privacy company helping you take control of your personal information online. DuckDuckGo has its roots as the search engine that doesn't track you, and has expanded to protect you no matter where the Internet takes you. CLICK FOR FULL TRANSCRIPT OF INTERVIEW For Further Insight: Website: https://duckduckgo.com Twitter URL: https://twitter.com/duckduckgo LinkedIn URL: https://www.linkedin.com/company/duck-duck-go New DuckDuckGo mobile app: https://duckduckgo.com/app DuckDuckGo privacy guides: https://spreadprivacy.com/tag/device-privacy-tips/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It's that time of year again: tax time. And that means it's also high season for identity thieves and scammers. Millions of people are affected by fake tax return filings every year. Phone and email scams lure unsuspecting victims to give away their money or identity. In today’s episode, I’ll tell you how to protect yourself. In this week’s news, we’ll talk about why California won’t let you cover your license plate while parked, discuss yet another Adobe Flash bug, and explain how fitness trackers may be revealing covert military sites around the world. For Further Insight: Full blog article on tax return fraud: https://firewallsdontstopdragons.com/preventing-tax-return-fraud/ Think someone filed a fraudulent tax return in your name? Check this article: https://krebsonsecurity.com/2018/01/file-your-taxes-before-scammers-do-it-for-you/ Set up your MySSA account, even if you’re years away from retirement: https://www.ssa.gov/myaccount/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Data Privacy Day is upon us, and today is the day you take back your online privacy. And I’m going to help you do it. There’s no more standing on the sidelines and hoping someone else will fix this for you. You need to get off your butt and do something – and today is the day to do it. Corporations have sold loads of compelling and powerful “free” tools and services. But if the product is free, then you are the product. Making us watch ads was all well and good, until those ads started watching us back. They’ve gone too far and now we are duty-bound to push back. Privacy is a human right and our privacy has never been more in jeopardy that right now. Now is the time to assert your rights and make your voices heard. For Further Insight: http://firewallsdontstopdragons.com/data-privacy-day-checklist/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Bitcoin has been all over the news lately, and rightly so. The digital “coin” was worth $1000 a year ago, and peaked at nearly $20,000 last month – an increase of 2000% in one year! And yet it’s lost almost half that value in the last two weeks. What is Bitcoin, anyway? Should you invest in it? How would you even do that if you wanted to? I’ve invited Berkley security researcher Nick Weaver back to the program to answer these questions and many more! Nick’s an enlightened and entertaining guest, and he pulls no punches. And trust me, Nick has some very strong opinions on cryptocurrencies like Bitcoin and the crazy market dynamics surrounding them! Nick Weaver received a B.A. in Astrophysics and Computer Science in 1995, and his Ph.D. in Computer Science in 2003 from the University of California at Berkeley. Although his dissertation was on novel FPGA architectures, he also was highly interested in Computer Security, including postulating the possibility of very fast computer worms in 2001. In 2003, he joined the International Computer Science Institute (ICSI), first as a postdoc and then as a staff researcher. His primary research focus is on network security, notably worms, botnets, and other internet-scale attacks, and network measurement. Other areas have included both hardware acceleration and software parallelization of network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user's network connection. For Further Insight: Website: http://www1.icsi.berkeley.edu/~nweaver Follow on Twitter: https://twitter.com/ncweaver Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Despite being available for seven years, less than 10% of Google users have taken advantage of two-factor authentication. And yet, two-factor (or “two-step”) authentication is probably the best option today for most people to truly lock down their most important online accounts. I’ll tell you why it’s so effective and explain how you set it up. We’ll also talk about the security news of the week including yet another Intel chip bug that could allow bad guys to hack your laptop in under 30 seconds, a high-tech targeted attack on WhatsApp and Signal users, a Netflix phishing campaign that’s trying to get your credit card info, and a nasty bit of Mac malware that can compromise all your web communications. For further Insight: Sites that support two-factor auth: https://twofactorauth.org/ Setting up and using Google Authenticator: http://firewallsdontstopdragons.com/two-factor-authentication/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

When can anyone search through your most intimate records and belongings? When you throw them away, of course! The US Supreme Court has already ruled that the Fourth Amendment doesn’t protect your garbage can or recycle bin. Today we talk about a very interesting case in Oregon where local reporters turned the tables on the authorities, with very interesting results. I’ll also update you on the latest WiFi security standards, a police department that awarded cybersecurity quiz takers with infected USB drives, and some welcome (but limited) changes to border search policies for electronic devices. For Further Insight: Portland dumpster diving: http://www.wweek.com/portland/article-1616-rubbish.html-2 Picking a good shredder: http://firewallsdontstopdragons.com/take-out-trash-securely/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

This week a couple of truly nasty computer hardware bugs were revealed by security researchers. Dubbed Meltdown and Spectre, the exploits take advantage of performance features found in Intel CPU chips as far back as 1995 and most other modern CPUs from AMD and ARM. Luckily, chip and software makers have been working in the background for months on fixes and mitigations, and many of them have already been deployed. I’ll walk you through what these bugs are, what they actually mean to you, and what you can do to limit your exposure to them. Sadly, this is probably just the first of many hardware bugs that will be revealed – and hardware bugs are often very hard if not impossible to fix without simply replacing the entire device. For Further Insight: Official website for Meltdown/Spectre: https://meltdownattack.com/ Helpful list of affected systems and current state of fixes: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843 How to surf the web safely: http://firewallsdontstopdragons.com/browser-safety-choose-weapon/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Can law enforcement force you to divulge your passwords? How do you limit the scope of a search warrant on an iPhone? Is powerful encryption technology creating ‘warrant-free zones’ in cyberspace? Or are we actually in the Golden Age of Surveillance? Today I speak with Andrew Crocker (Staff Attorney at the Electronic Frontier Foundation) about how our Constitutional rights work in cyberspace. We’ll talk about the locked iPhone in the Texas mass shooting case and discuss how it relates to the San Bernardino case from 2015 and the Crypto Wars of the 1990’s. Andrew Crocker is a staff attorney on the Electronic Frontier Foundation’s civil liberties team. He focuses on EFF’s national security and privacy docket, as well as the Coders' Rights Project. While in law school, Andrew worked at the Berkman Center for Internet and Society, the American Civil Liberties Union’s Speech, Privacy, and Technology Project, and the Center for Democracy and Technology. He received his undergraduate and law degrees from Harvard University and an M.F.A. in creative writing from New York University. For Further Insight: Website: https://www.eff.org/ Follow on Twitter: https://twitter.com/agcrocker, https://twitter.com/EFF Donate to the EFF! https://supporters.eff.org/donate Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It’s that time of year again – time for New Years Resolutions! While you consider going to the gym or maybe drinking a little less, we’re in the Information Age now – and that means you need to get your digital house in order, too! In our first show of 2018, I’ll give you several great projects to improve your cybersecurity and privacy – some easy, some that will take some time – but all of them are crucial in today’s world of hackers and prying eyes. With these top tips, you’ll be protected against malware, computer crashes, mass surveillance, and overzealous marketers! For Further Insight: LastPass password manager: https://www.lastpass.com/ TunnelBear VPN: https://www.tunnelbear.com/ Firefox web browser: https://www.mozilla.org/en-US/firefox/ Backblaze cloud backup: https://www.backblaze.com/cloud-backup.html#af9kxp Signal secure messaging app: https://signal.org/ ProtonMail: https://protonmail.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

While you have some down time over the holidays, it’s a great opportunity to learn something new. I humbly suggest some cybersecurity and privacy “homework” that is both entertaining and educational! Like watching documentaries? Maybe you prefer to curl up by the fire with a good book? I’ve got you covered! In the news this week, we have yet another staggeringly large data breach – though it’s not clear whether the bad guys found it before it was locked down. Is your iPhone 6 or 7 running slower than it used to? You may not be imagining it – Apple did it on purpose, and I explain why. For Further Insight: EFF’s Surveillance Self-Defense: https://ssd.eff.org/en Stay Safe Online: https://staysafeonline.org/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Net Neutrality suffered a severe but expected setback this week when the new FCC repealed the protections enacted in 2015 by a 3-2 party line vote, without any public hearings or investigation into flawed comment system. Call your Congressman! Bitcoin value has soared in the last few months… but what the heck is a Bitcoin? I’ll explain what all the buzz is about. I’ll also tell you about massive database of 1.4 billion cracked passwords and give you several tips for buying those last-minute holiday gifts online! For Further Insight: 11 Lies about Net Neutrality: https://www.popsci.com/net-neutrality-lies Net Neutrality isn’t dead: https://www.battleforthenet.com/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

Many of the most important voices on the web today are individuals or small, low-budget organizations: human rights groups, investigative journalists, political dissidents, and fighters for democracy in repressive regimes. These groups don’t have the wherewithal to defend themselves against hackers and bad state actors that would prefer their voices not be heard. Projects like Cloudflare’s Galileo and Google’s Shield help these at-risk groups to weather the heaviest of Internet storms, making sure that their voices cannot be silenced – without having to pay a dime. Doug Kramer, General Counsel for Cloudflare, helps us understand why these projects and groups are so important and how these programs help to protect their websites from attack. Doug Kramer is General Counsel of Cloudflare, where he is responsible for managing the legal, policy, and trust and safety teams. In this role, Doug helps address the broad range of issues that touch the company's operations around the world. Prior to joining Cloudflare, Doug worked for seven years in senior positions in the Obama Administration, including as Deputy Assistant to the President and White House Staff Secretary, as the Deputy Administrator of the US Small Business Administration, and General Counsel at USAID. He previously worked in private practice in Washington, DC and Kansas City. He received Bachelor’s degree in Philosophy and English from Georgetown University and his J.D. from University of Chicago Law School. For Further Insight: Website: https://www.cloudflare.com Project Galileo: https://www.cloudflare.com/galileo/ Project Shield: https://projectshield.withgoogle.com/public/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

The gift-giving season is upon us and technology presents are always popular! But what you may not realize that the hackers and marketers out there are secretly hoping you’ll give your friends and family certain gifts, too! In this special holiday episode, I’ll tell you about some of the best and the worst holiday gifts and accessories, from a security and privacy viewpoint. Thinking about giving someone a DNA analysis kit? You might want to think again! Which computers and smart devices are the most secure? And are there products I can buy to help make them more secure? You bet! Tune in – I’ve got you covered! For Further Insight: Read this before buying a DNA test: https://vitals.lifehacker.com/what-you-should-know-before-you-gift-someone-a-dna-test-1820774515 Best WiFi Routers: https://thewirecutter.com/reviews/best-wi-fi-router/ Setting your Router’s DNS to Quad9: http://firewallsdontstopdragons.com/evading-malware-quad9-dns/ Data and Goliath: https://www.schneier.com/books/data_and_goliath/ Little Brother: https://craphound.com/littlebrother/download/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

It’s been a rough week or so for Apple products, in particular their new Macintosh operating system version called High Sierra. A horrendous security bug was released last week that would let anyone have full, unfettered access to your computer – possible even remotely. That’s about as bad as it gets, folks. I’ll tell you all about it, including how to fix it once and for all. We’ll also talk about some insidious HP computer software that is sending tracking information back to the mother ship without proper warning or consent, how some clever thieves have figured out how to steal cars by faking out your keyless entry system, and why now is the time to support Net Neutrality. For Further Insight: Fixing Apple’s horrible “root” bug: http://firewallsdontstopdragons.com/fixing-apple-root-bug/ Save Net Neutrality! https://www.battleforthenet.com/ John Oliver on Net Neutrality (includes adult language): https://www.youtube.com/watch?v=92vuuZt7wak Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

In the era of mass surveillance, our communications are being hoovered up, searched and stored by both corporations and intelligence agencies, without a warrant and with almost zero transparency. While we should be fighting for our right to privacy, creating and amending laws is hard and can take years. Dr Andy Yen is the CEO of ProtonMail, a secure email service based in Switzerland. Today we discuss why it’s important for even regular, “uninteresting” people to use a truly secure and private email service. In the news this week, hundreds of top websites are tracking everything you do and Intel comes clean about a horrendous flaw in their secretive Management Engine that is part of every CPU they’ve made in the last 8 years. I’ll tell what you can do about it. Also, in the Tip of the Week, I’ll tell you about a new free service that can protect you from bad websites. Dr. Andy Yen is the CEO and Co-Founder of Protonmail. Andy has over 8 years of experience in distributed computing for demanding particle physics applications. Andy was a researcher at CERN from 2009 to 2015, where ProtonMail’s founding team met. He has a PhD in Physics from Harvard and a degree in Economics from Caltech. For Further Insight: Website: https://protonmail.com/ Twitter URL: https://twitter.com/ProtonMail LinkedIn URL: https://www.linkedin.com/in/andy-yen-03a9676 Quad9’s free DNS service protects you as you surf: http://firewallsdontstopdragons.com/evading-malware-quad9-dns/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons

In our next installment of the Castle Defense 101 series, I’ll help you to choose the web browser that will keep you safe and protect your privacy. We’ll talk about the big four (Safari, Internet Explorer, Firefox and Chrome) as well as some others you’ve never heard of. I walk you through the things you need to consider when comparing these browsers and explain why the choice can be tricky. In the end, I’ll share my personal browser strategy and recommend several free browser add-ons that will make you even safer! In the news: Facebook recommends that you upload your nude photos so that they can protect you and a cheeky New Zealand company has created a new automated service that enables some sweet revenge on all those spam emailers. For Further Insight: ExpressVPN Browser rankings: https://www.expressvpn.com/blog/best-browsers-for-privacy/ RE: Scam, spammer chatbot: https://www.rescam.org/ Help me to help you! Visit: https://patreon.com/FirewallsDontStopDragons