Privacy risks are bad enough for adults - but it's much worse for our kids, particularly as students. Who provides notice and obtains consent for minors at school? In many cases it's not the parents, let alone the students - it's the school system. Not only are they opting the students into invasive data collection by profit-driven third parties, but they often also bind them to mandatory arbitration clauses, neutering their ability to seek legal redress for the inevitable violations. Today I'll...
Jul 07, 2025•1 hr 10 min
Do you realize that you're not always using your chosen mobile web browser or your network privacy features? Many mobile apps have their own in-app browser that can gather your data and even inject ads and trackers into any web links you click. I'll explain how this works and what you can do about it. In the news: 23andMe bankruptcy ombudsman argues for user consent to data; Meta AI app privacy nightmare; Amazon, Roku sharing users for ads; WhatsApp launches in-app ads; healthcare sites are shar...
Jun 30, 2025•1 hr 12 min
On January 12th, 2025, the ShmooCon hacker conference held it's 20th and final gathering. I was lucky enough to be able to not only attend the final show but also to interview the founders, Heidi and Bruce Potter. We talk about how it all got started, what made this hacker con so special and beloved, and hear some hilarious stories from the past twenty years of hacker shenanigans in Washington D.C. Interview Notes ShmooCon: https://www.shmoocon.org/ ShmooCon 2025 sessions: https://www.youtube.co...
Jun 23, 2025•1 hr 11 min
Artificial Intelligence is taking over. But I don't mean that in a Skynet kinda way. It's simply becoming ubiquitous because companies are insisting on inserting the technology into all their products, even if it's not useful - or not even safe. Unfortunately, the breathless reporting on dangers of AI is also getting way out of hand, including stories of AI systems 'blackmailing' their designers. Today I'll try to bring us back to reality a bit. Also in the news: Billions of session login cookie...
Jun 16, 2025•1 hr 1 min
Debbie Reynolds (aka, The Data Diva) has been working in the privacy realm for many years, as a privacy consultant, speaker, advisor and podcaster. She and I have been running in the same circles on LinkedIn for a while now, and we finally decided it was time to be a guest on each other's shows. Today Debbie and I will discuss the dangers of privacy in the realm of IoT devices (including her contributions on the US Department of Commerce's IoT Advisory Board), vehicles, and AI. I'll ask about he...
Jun 09, 2025•1 hr 3 min
Tracking our faces and whereabouts is getting out of control. It's a mass surveillance infrastructure that keeps growing in Borg-like fashion. Facial recognition and license plate readers are proliferating at a stupefying pace and companies like Flock are consolidating the collected data and packaging it up for sale to law enforcement agencies. Even if no human in these agencies were to abuse this data, it's creating an irresistible target for scheming hackers and nation states keen on espionage...
Jun 02, 2025•1 hr 26 min
VPNs were not invented for privacy, despite the name - they were invented for security. Nevertheless, in recent years, they have been touted as privacy tools to thwart rampant and fanatical data gathering. With a regular VPN, this really just means you're shifting your trust from your internet service provider to your VPN provider. But what if your encrypted data traffic was actually divided between two separate companies? The split trust model is a powerful way to protect your privacy and it's ...
May 26, 2025•1 hr 10 min
There are way too many messenger apps today. It's a sad state of affairs and I don't see it getting better anytime soon. But the real problem (for me) is that almost all of the popular messenger apps aren't really that secure and private. Most do not have end-to-end encryption (E2EE) at all or it's not turned on by default. And frankly even the apps with E2EE are run by companies whose revenue model is based on monetizing your personal data. I'm going to suggest you try Signal. In other news: st...
May 19, 2025•45 min
Almost exactly two years ago, "Five Eyes" intelligence agencies discovered a successful and ongoing cyber attack on critical US infrastructure by a state-sponsored actor based in China. This group, associated with the People's Liberation Army and known as Volt Typhoon, was tasked with quietly gaining persistent remote access to critical systems including water, power, communications, and transportation systems, as well as ports and government networks. The goal was to deter the US from interferi...
May 12, 2025•1 hr 17 min
As we learned last week from Zach Edwards, our smartphones have a globally unique mobile ad ID, or MAID, that is automatically associated with everything we do on our phones... unless we take explicit steps to turn this off. Today I'll tell you how this works and why you should disable this insidious form of tracking. In other news: the FTC warns us about a new type of scam; dating app Raw exposed sensitive user data; a determined reporter documents his efforts to disable all the AI features in ...
May 05, 2025•1 hr 6 min
Data brokers are out of control. While we think of them gathering data in order to target us with ads, they can actually use the targeted ad system (real-time bidding) to collect vast quantities of personal information. It's a very shady business and the primary players are trying hard to obfuscate what they're doing. Thankfully, we have people like my guest, Zach Edwards, whose investigations are ripping the cover off of these unscrupulous practices. Interview Notes Zach Edwards: https://www.li...
Apr 28, 2025•1 hr 14 min
Going through border security today - even just returning to your own country - is not at simple and stress-free as it should be. The likelihood of our digital devices being searched by a border agent has increased in recent years and political sensitivities today can be high. Our devices have access to a ridiculous amount of extremely personal information. How can we protect ourselves? The answers aren't great, but I'll give the current best advice from immigration lawyers and civil rights grou...
Apr 21, 2025•1 hr 6 min
It's easy to be a Monday morning quarterback, even with cybersecurity. But defending a business, of any size, against cyber threats today is hard. Like, really hard. Defenders have to succeed every single time; attackers only need to succeed once. And then your company makes the headlines. Today we'll delve into the world of the "blue team" - the defenders who are charged with protecting your data and the services you depend on - with cyber expert Oz Jones. Along the way, we'll learn valuable le...
Apr 14, 2025•1 hr 5 min
When we collect a lot of personal data, say via the US Census, the goal is to glean important aggregate information and statistics, while somehow preserving the anonymity and privacy of the individual respondents. There's a rigorous mathematical process for doing this - that's actually not that hard to understand - called Differential Privacy. I'll explain how it works. In the news: iOS has a new location privacy setting; Google confirms it's rolling out AI to Gmail; Windows makes it much harder...
Apr 07, 2025•1 hr 12 min
We've been installing apps on our smartphones for almost two decades now. The iPhone and Android app stores kicked off in 2008 and we still, to this day, have no real way to know what's in them. It turns out that most apps are an amalgamation of software libraries and development kits from various third party vendors, so often even the makers of apps don't fully understand the makeup of their products. Lisa LeVasseur from Internet Safety Labs has worked to build tools to dissect and inspect our ...
Mar 31, 2025•1 hr 11 min
Tax time is once again upon us here in the USA, which means that the tax scammers are coming out of the woodwork. Many will claim to be representing the IRS, claiming that there is an urgent need to fix a problem with your return, threatening penalties if you don't pay them money. Others will simply try to file fake returns in your name, but send the massive false refund checks to themselves. I'll help you spot and avoid these scams. In other news: Apple's Passwords app was vulnerable to phishin...
Mar 24, 2025•59 min
Josh Summers lived in China for many years and learned a lot about privacy and security. Since he left, he's made it his mission to share this knowledge through his website and YouTube channel called All Things Secured - helping regular, everyday people like you and me to protect our data and devices. Today we'll talk specifically about improving your security and privacy on iPhones and Android phones, and even some alternatives outside the Apple and Google ecosystems. Interview Notes All Things...
Mar 17, 2025•1 hr 5 min
Google's Chrome browser is rolling out changes that will hamstring ad blockers - so there's never been a better time to try a better browser. There are a handful of good options, but I'm going to recommend that you try Firefox with a fantastic ad blocker called uBlock Origin. If you've never tried this powerful combination, you won't believe what you've been missing. In other news: the UK scrubs all encryption advice from government sites; Signal's CEO threatens to leave Sweden over backdoor dem...
Mar 10, 2025•1 hr 8 min
Today, we travel back in time and back to The L0pht with one of the original founders of L0pht Heavy Industries, Weld Pond (aka Chris Wysopal). We'll talk about how hacker culture has impacted modern technology, cybersecurity practices and digital rights, while sprinkling in some classic and hilarious stories from hacker history by someone who lived them. Interview Notes Veracode: https://www.veracode.com/ L0pht.com: https://l0pht.com/ L0pht Congressional testimony 1998: https://www.youtube.com/...
Mar 03, 2025•1 hr 3 min
Not all Privacy Enhancing Technologies are new - but this one is probably new to you. Onion routing was developing in the 1990's by the US government and is the basis for the Tor Network. Onion routing does one thing very well: it masks your actual IP address. While you can use a VPN for this purpose, onion routing adds a different layer of anonymity - and it's just a cool technology. Today I'll explain how it works, how to use it, and the pros and cons of doing so. In other news: Bitly is lever...
Feb 24, 2025•1 hr 14 min
Generic security advice is good, but tailored advice is much better. Everyone's situation is a little different. What are you trying to protect? Who or what are you trying to protect it from? What are the consequences of failure? This is called threat modeling. And thankfully, the wonderful folks at Consumer Reports have a free, easy-to-use Security Planner tool that will help anyone do this assessment and provide custom solutions. My guest today is Yael Grauer, who will help us understand how t...
Feb 17, 2025•59 min
Privacy is a human right - and you don't have to justify rights, you just have them. That's kinda the whole point. But you do need to exercise them and defend them sometimes. It has been leaked that the UK is telling Apple to reveal the encrypted data of every single one of their users to the UK government under the auspices of the Investigatory Powers Act (and its recent controversial Amendment). This would be a privacy and security disaster, and we were not even supposed to know about it. In o...
Feb 10, 2025•1 hr 9 min
In the real world, we present different aspects of ourselves in different environments: home, work, family, friends, school, etc. Why can't we do this in the virtual world, as well? While marketers love to identify us with unique identifiers so they can track us mercilessly, there are tools we can use that will allow us to compartmentalize our digital lives just like we can in the real world. Today we'll discuss the notion of decentralized identity with Dr. Paul Ashley, CTO of Anonyome Labs who ...
Feb 03, 2025•1 hr 9 min
Software plugins allow you to add functionality to existing applications. Web browsers commonly use these extensions to add functionality like shopping helpers, password managers, ad blockers and much, much more. In a way, these add-ons are like "apps" for the browser. Like apps, they can view and manipulate your data. In the browser, they may alter the web page, track pages you visit, and even mine any data you might enter into web forms. Also like apps, plugins can have permissions which you m...
Jan 27, 2025•1 hr 11 min
There are way too many data brokers and they have way too much of our data. We've talked a lot lately about what you can do to reclaim your privacy and claw back some of that data and today I'm going to give you yet another interesting tool for your privacy toolbox: Permission Slip. This app and the related service, brought to you by Consumer Reports, will work on your behalf to request that these data brokers relinquish your information, or at least suppress the sharing of that data to the exte...
Jan 20, 2025•1 hr 1 min
The start of a new year is always a good time to add some big juicy goals to your to-do list - call them New Year's Resolutions, if that works for you, but really it's just about making up your mind to tackle some important personal objectives. Today I'll give you several ideas to improve your privacy and security in 2025, and those around you. In the news: dozens of malicious Chrome Browser extensions identified; net neutrality is dead, again, and probably for good this time; Apple to pay a mea...
Jan 13, 2025•1 hr 6 min
There are many ways in which we are tracked in the real world, but one of the most ubiquitous and insidious technologies is Automated License Plate Readers. These camera systems are deployed in just about every city by both public and private organizations. Furthermore, the third parties who sell and operate these systems collect and collate data from around the country, making it available to law enforcement and marketing firms. Because these systems capture images of your car, they can also do...
Jan 06, 2025•1 hr 4 min
Every week, I record a special, private bonus podcast for my patrons. Until today, all of that content was restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Micah Lee (author, journalist), Nick Weaver (cybersecurity researcher), Kate Black (health data specialist), Jason Edison (OSINT expert), Dani Cronce and Lizzie Moratti (TunnelVision hack), Bruce Schneier (cryptographer, author), and...
Dec 30, 2024•54 min
I'm digging into the vault for a classic replay! I first interviewed Phil Zimmermann, creator of Pretty Good Privacy (PGP), on May 7, 2018. It was Episode 63 (we're now at 408) and it was entitled "We Now Live in the Golden Age of Surveillance". In this episode we talk a little about the origins of PGP in the 1990's and what he feels about the FBI's claims that we're "going dark" due to strong end-to-end encrypted communications. I've added some new commentary, but the original episode is preser...
Dec 23, 2024•42 min
I've had some truly amazing interviews this past year. For your listening enjoyment, I've curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you've never listened to my podcast, this will give you a taste of what you're missing! If you're a regular listener, this will be a fun trip down memory lane, complete with a little new commentary. Enjoy! Original Interview Links Ep362: Patrick Wardle https://podcast.firewall...
Dec 16, 2024•1 hr 32 min
