Welcome to Tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I am an executive producer with I Heart Radio and I love all things tech. And originally I had intended to bring you a third installment on our home theater basics, but stuff got got piled up. I had to record episodes of a couple of other podcasts, one of which is a spooky podcast that will be
coming out later this year. UH can't say a whole lot about it, except it's not twelve days of Halloween and it's not fourteen days of Halloween somewhere in between. Anyway, Because of that, I got a little bit behind. So we're going to have a rerun today of an episode that published on Christmas Day in two thousand nineteen. UH Spend guest Shannon Morrise joined the show to talk about the dangers of public WiFi. So I hope you enjoy
this episode. Let's sit back and listen. There's a topic that I really wanted to cover because as I record this, we're in the holiday season. A lot of people are traveling, They're going through airports, maybe you're visiting family and occasionally you need to find a place to be elsewhere, like maybe a coffee shop or something. That typically means we're carrying our devices with us, and then we want to
connect to different networks. But that might not always be a great idea, and so I decided I was going to do an episode all about the best ways to browse the Internet with privacy and safety in mind, going from the least private and the least secure to perhaps the most private and most secure. And then I thought, hey, you dumb, dumb You know people who are extremely well versed in this topic, and that's why I invited my good friend, the phenomenal Shannon More to join this episode
to come back. So welcome back to Tech Stuff, Shannon. Thank you so much. Jonathan. I'm so excited to be back on the show. How are you doing. I'm tired. But it's at the end of the year, so that always happens, right like, And here's the thing, you know,
Shannon can tell you. In fact, we were just talking about it before we went on to the record that the tech journalists life does not get easier at the end of the year because you immediately turn around and head off to Vegas for ce S and that's where you're gonna be in early January, as I understand it, right, Shannon, Yes, I will. I'll be there all week covering everything over on my channel, so make sure to link everybody to
my channel later, absolutely, because I ain't going folks. So Shannon's your your your destination for finding all the really cool stuff. And uh, Shannon, I can say from experience because I've watched her work does amazing work. Not just at c yes, but we were, but particularly like under a high stress situation like c e S, certain people can light up under the camera. And uh, I'm frankly envious of your ability to do so. So um, that's me be nice. Yeah, well, I mean I could be
more caddy about it, but I'm gonna be nice. The Caddy would be like, how dare she? How dare she show me up? But no, we're gonna talk about browsing safely. So the first thing I wanted to do before we get into the spectrum of browsing the Internet, because you could argue that there's like the least safe, secure, naive way to do it to what is perhaps the most secure but not perfect. There's no perfect solution spoiler alert.
Before we get into any of that, I wanted to talk about some stats, and these come from a few different sources. Uh. One was a survey that was conducted by one World Identity back in about public wi fi. So this was just asking people about their perception and
their use of public WiFi. And Shannon, I kind of wanted to get your reaction to this because being someone who has been so entrenched in data security in the hacker culture in you know, everything from how do we make these systems more secure, to the white hat approach of how do we find any vulnerability so that they can be patched, to even the black hat culture where people are exploiting this for their own gain. I wanted
to see what you thought about these stats. So the first one was they asked a question to people in the United States, in Germany and in France, and the question they asked was do you ever use unsecured public WiFi networks in the United States? So nearly half said, you know, if there's no other option, sure, I'll do it. Thirty two percent actually said I prefer using public WiFi
to using my cellular plan. Uh. Person sumably because they would not be billed for data usage right because they're using WiFi instead of their cell data only said they never did it. One percent said they do it, but only with a VPN. But we'll cover VPNs a little
bit later. So, Shannon, you've you've talked with hackers. What do you think their reaction initially would be hearing that nearly fifty of people in the United States said yeah, you know, if there's no other connection, I'll I'll connect to public WiFi, and another thirty two percent and I said, oh, heck, yeah, sign me up. Well, I'm definitely in the one percent of only with a VPN, and and that's assuming that
I have absolutely no other option. So I'm kind of a mix of the and the one percent, but only only if I have a vp n UM. I would say from my experience, all of my friends would probably not be surprised by the tent that prefer public WiFi over their cellular plants, specifically because of what you said, they'll be able to save money, especially if they don't have an unlimited plan through their mobile carriers. So in that way, it makes sense, uh that say yes, if
there's no other option, there's always another option. Come on, folks, what are you doing? Where are you at? Yeah? I mean we we have such good cellular coverage now there's always another option, even if you just have three G like that's manageable from most tasks. So what what are they doing? I'm just my draw My job kind of
dropped a little bit when I heard that number. I just thought it was I thought that I'm doing a much better job of educating people about the importance of not using public WiFi, and apparently I'm not doing my job as well as I should have been, or or the people who are already kind of hip to it are the ones watching you, going yeah, she gets it, she knows, and the people who need to see it are like what's on the masked Singer today or whatever?
You know, Like so, yeah, I I look at this and I think, man if I were a black hat, I would just be doing the Mr Burns excellent. Just you're over and over again just drooling at that opportunity, because you know, public WiFi is definitely the most dangerous option you can pick when you're talking about protecting your own privacy and security, especially if you're not doing something like using a VPN. UH spoiler alert will talk more
about that in a second. And so knowing that you're your opportunity for targets is so vast has got to be incredibly encouraging to someone who is ready to exploit that. And that's really, you know, that's what we're trying to protect everyone against, is you know, it's the likelihood of you running into these situations is not necessarily high on a day to day basis, but the opportunity is so huge that you need to take it into account no matter where you happen to be. So you you want
to make yourself the hard target. You want to be the person that makes people work really hard to get access to your data. You don't want to be the easy target, because the easier target you are, the more
often you're going to be targeted. You don't want that. No, no, And I was actually talking to a co worker today and I said, honestly, when you look at data security, even when you're talking like you always get naysayers who will say, oh, sure you can use this, but it doesn't protect you against everything, And they may technically be right, but my answer is the harder you make it. Effectively, what that means is you're making it more expensive for
someone to successfully target you. So if you price yourself out where it would cost them more to break your security, then they would get from whatever they took from you. You win, because no one's going to lose money on that. Uh exactly. It's when you've made it so convenient that it's like it's like it's like when someone says about a sale, I would lose money if I didn't buy that. That's when you're in Yeah, yes, exactly, it's they're looking
for the bargain deal. And a lot of times when a black hat is looking at public WiFi as a way to access information, they're in tending to profit off of that information, whether by stealing an idea, identity, or reselling that data on the black market, like on the dark web. So making yourself the hard target is absolutely crucial to helping to protect you. Yeah. And and just so that you guys out there, no, I mean I
mentioned the United States numbers. It's not like Germany and France were shining examples of data privacy and security among the public. In Germany, in fact, of respondents said they'd used unsecured, unsecured public WiFi over their cellular data, So it was even a larger percentage than the United States. And the United States it was that it said, oh yeah, I've got a choice, I'll use public over my cellular data.
In Germany it was fort um and and said they would use it if they could not get a cellular option. And then in France it was closer to what the United States said, said they preferred using public WiFi to using their cellular data, and forty percent said they'd used it if they couldn't get any other option. So again that mirrored very closely what the folks in the United States said. So this is a trend that goes beyond
the US. I know that because I'm centered in the US, I often get very US centric, And I also tend to harp on how American citizens in particular seemed to come across to me as being security illiterate for in a in large part, I mean, I just see it all the time, But I don't know if it's not exactly reassuring to see that that way in other parts
of the world. That doesn't fill me with confidence. I think a lot of times people either don't know where to look for the information, for accessible information that's that that's explained in a way that is it's scary, or doesn't you know, create create emotions of paranoia or just close people down so that they just get lose interest insecurity. Uh. And you also have a lot of folks out there that just don't care. But I think a lot of people do care, they just don't know where to look
for this kind of information. So I'm glad that you, Jonathan, as well as myself on my channel, we're putting that information out there in a way that's easy to understand, and I'm hoping that even if it just helps one person understand a little bit better security and privacy, hopefully we change that percentage over time. Absolutely, I agree. I think, uh, it can be one of those situations where you get
overwhelmed by the scope of something. And when you get overwhelmed, it's almost like there's a defense mechanism in your brain, right, It's like this is too hard, so I can't worry about it. And I have seen this in action when trying to tell people about like password managers, for example, and lead shut down. They have no interest. They get glassy eyed, and they just say, well, I don't see what the point is on I try to explain the point. But as after that point, it's just it's just like
talking through talking through the air. They just don't want anything to do with it. And and as someone who relies heavily on a password manager like it is, it's it's fundamentally one of the most important tools in my toolbox to make certain that I don't do rookie mistakes
like using the same password for multiple accounts. Right because as as we'll discuss as we get into this discussion about safely browsing the Internet, one of the big dangers is that if you, through accident or or your tricked or whatever, if you somehow share your log in information for one service. Let's say that you have one service
that isn't using uh secure encryption for some reason. First of all, don't do that, But if you are, if you're using that same password anywhere else, it's like you just handed a skeleton key to somebody, because now they can access everything you've used that password with. I mean, this is this is blatantly obvious. So that's why it's so important to have unique, strong passwords for all the different services you use. That way, if one if worst
case scenario one gets compromised, it doesn't compromise everything else. Yes, absolutely, I'm glad you mentioned that because the more different things that you use that help your security and privacy, every single step you take absolutely helps. And that's just one of the many steps that you can take. Every single consumer in the world does not have to take all of these steps all at once, because that would be
quite mind boggling. But if you do take steps towards these over time, you can increase your privacy and security two fold times fold. Yeah, it's fantastic. Yeah, I mean and and and to be fair, like like I'm going to be upfront guys, like I used to be the dude who had like three passwords and for everything. Yeah, I was like that for years until until I finally like woke up to how dangerous that was. I was fortunate in that I was never knowingly anyway targeted for
a specific like intrusion. Uh, as far as I know, I never none of my stuff ever got compromised because of that. Stuff has been compromised because of data breaches that are beyond our control. But we're really focusing on the stuff that we as end users can do to improve our security as best we can knowing that we live in a world where that's just one point of vulnerability. That's one point of attack, but it's it's one that
we have some control over another. Another scary statistic, or at least I thought it was scary, is that Kaspersky did a UH survey back in ten and are They did an analysis of thirty two million hot spots, hot spots being points of contact where your device connects over to the Internet at large, and a hot spot can be everything from the router in a like a coffee shop to your own cell phone you might be using
that as a portable hot spot. Out of the thirty two million hot spots they examined, one quarter of them had no encryption in use at all, meaning everything is being sent in plain text, which means that if anyone has any method of eavesdropping on those communications, they see it all, which again blows my mind that there would be that many networks that have no encryption in place at all, not even bad encryption. Yeah, that's a very scary number. That's extremely high and is a lot higher
than what I thought it would be. UH. If if they're not using any sort of encryption whatsoever, for a hot spot. That means that anybody within that vicinity, within range of that device would be able to see everything
you're doing. It's very, very mind boggling, and this is one of the reasons why I wanted to have you on the show because we say these things, right, we say that when you use public WiFi, you're using if you're using an unsecured public WiFi hot spot, especially one that is unencrypted, that you are in danger of this. And a lot of people say, all right, but exactly
what's going on? Right? How are they doing this? And it's that there are various pieces of software out there that allow people who are who get onto a network to monitor traffic that's going across that network. I mean, their entire groups out there that make different software and hardware uh solutions to do just this. Right. Yeah, not gonna lie. Um. I used to solder and sell some of these products at a company that I used to
work with called hack five. So I'll definitely share some of that information once we get closer to those those topics with today's discussion. But yeah, those products exist, They're very inexpensive, and some of the software is free, and there's tutorials made by yours truly on YouTube that show you how to use these things. It's definitely a thing that pretty much anybody can introduce themselves to and then they will be able to see what's going on on
a network. And there are different reasons to even do this. There's obviously there's the nefarious ones that were concerned about, but there's also like if you're a network administrator, being able to do things like monitor network traffic and see points of congestion education as well. Yeah, there's like there's there are legit reasons to use that sort of technology that don't that don't immediately point to to the to the road of I'm here to steal all your infos.
It's like there's stuff that where this is used in quote unquote legitimate purposes. I mean like packet sniffers. That's something that sounds like it's underhanded and shady, but they were invented not to try and sniff out what's someone else was doing, but literally to help network administrators see how network how network traffic was moving across so that they could make sure that everything was working properly. So but it doesn't mean that you can't think a tool.
A tool is either a tool or a weapon, depending upon how you want to use it. And so the same stuff that was used to help networks is also used to exploit them. Um, exactly, you could say the same thing about a kitchen knife. I mean kitchen knives to to you know, cut up fruits and veggies. Some nefarious people might use one to murder somebody part of me. But I used the exact same sort of analogy except when I was talking to someone earlier today. But it
was a hammer. But same thing, Like a hammer is either something that you're using to to build stuff with or it could be used to bludgeon somebody. And it all comes down to it's not that the tool itself is bad, it's the intent and use of the person wielding that tool. And the same is true of technology. Uh So, one other stat that I wanted to mention
that's pretty alarming. Norton found out this was in so it's a few years ago, but Americans had had their email hacked at some point, and that twelve percent had their financial data stolen while they were shopping online, and that in four million people globally had been a victim of some sort of cyber crime, and that kind of shows us the scale of why this is an important topic.
It's not just because the opportunity is there, it's because people are actually actively taking advantage of those opportunities, and you could be the victim of one of those actions if you're not careful. And we love you absolutely, we
do love you very much. I'm kind of I'm kind of thinking that all of those numbers have probably increased given that it's been about four years since they were they analyzed the data and had those those too sticks available, because in the past couple of years we've seen hacks go from a few hundred million people to almost a
billion people get hacked online. So it's entirely possible that those numbers have increased quite a bit since, especially in the realm of the mobile app becoming king right, because there's there's such a proliferation of apps out there that either through a conscious effort, are creating vulnerabilities or because of poor design, create vulnerabilities that can later be exploited.
You know, we've seen so many examples of that where an a p I didn't take everything into account and then someone was able to exploit it, famous one being Facebook and Cambridge Analytica, where you had an app that if you installed the app, like you would voluntarily install it within your Facebook and you're voluntary lee sharing your own information. All of that is fine, right if you've agreed to do it such a good not a good idea, such a good example, good example, Yeah, good example, not
a good idea to do. But it's fine if you if you are knowingly doing that, that's fine. But the problem that the Cambradge Analytica story brought to bears that they took advantage of a loophole in Facebook's API and they were able to to phish out a ton of information about all the contacts of the people who had installed the app. These are people who did not, uh, you know, give permission to share their information, but the
app collected all that information regardless. And that's where we see, like, you know, there were countless victims of this app because none of them opted in to share that information. It
was just taken from them. And uh, that's just one little example of the world we live in where you know, even when you are being careful, there are there are these opportunities for your information to get out there, which is why we're like this is why you need to take the steps necessary to protect yourself as best you can, because we live in a world where there are numerous
attack vectors that point back to us. All right, I mean just mid December, the New York Times discussed location tracking on phones and how ping pings to local towers can basically give you a map of a certain phone I D and you can track that and figure out who that phone belongs to based on what residents and what office they go to every day. It's extremely scary, and the more information we have about it as consumers,
the better we can protect ourselves. Yeah, and again, like, uh, back to what you were just saying, Shannon, Facebook send a letter to Congress just a couple of days before we record this episode where they said, yeah, even if you opted out of location tracking, we actually know where you are, partly because of the information people are voluntarily sharing. Like if I tag If I take a photo while I'm at a party and I tagged the location and I tag people are in the photo, well, I'm voluntarily
sharing a lot of information. Maybe those people haven't given me permission to do that, but I'm I'm sharing the information. So yeah, of course, Facebook knows where I am, when I when I'm there, and who I'm with because I shared the information. But they also admitted, yeah, we also use a lot of other methods where we can suss out where you were and who you were with at what time that aren't as obvious and aren't examples of
the user voluntarily handing over information. So yeah, scary stuff. Um. One of the things I wanted to mention is sort of the bird's eye view of the process of what it's like just connecting to WiFi, so we can kind of understand, uh, you know, what's going on, because I think a lot of people if they think that if they see that, for example, that there's a WiFi hotspot that requires a password, they immediately think that that is inherently more secure here than a public WiFi spot that
has no password, which is not necessarily true. Um. So connecting to WiFi is really you can think of it as a series of handshakes between whatever device you're using and the hot spot, whether it's a router or something else. And this series of handshakes is not meant to secure the data. It's not meant to encrypt a channel necessarily, it's not meant to protect it. What's meant to do is to identify the device and the hot spot so
that they know where the data needs to go. Right. Otherwise, if if we all connected to a public WiFi hot spot and there wasn't this handshake thing going on, it would be as if we were all listening to an open broadcast of everything all at once, and it would just be meaningless garbage and we would just get we would just get everyone's data simultaneously, and we're like, I don't even I don't know what this we could I don't think it would go well. But so this was
this was literally the solution into that problem. Like, you know, if you're using wired connections, that's one thing, right, you can wire things to specific ports, you have physical hardware. When you go wireless, you have to create a virtual version of that. That's sort of what the handshake processes for. It's saying, hey, there's this device that wants to connect to the network. The network says, okay, I'm giving you permission.
The device is okay, this is who I am, and the network devices all right, I I see who you are, and now we can send information back and forth. You can send requests out to the internet. I'll go out and grab whatever it is you wanted, and I'll return it just to you. That's the idea. That's actually a great explanation without using any of the terminology. So I thank you for the doing that. Yeah, I tried. I tried. At one point I had a spoiler alert or well
not even spoiler, look behind the curtain, folks. I had originally started this episode as a solo show, and that's when it struck me that it would be way easier if I brought Shannon on, because she's much smarter than I am. And so as I was doing it, I was trying to describe this process, and I think I went through two or three drafts when I said, you know what, I can just step back and not get so technical, because the technical parts aren't really what's important.
What's important is just sort of understanding the concept of the process and why it is not inherently tied to security and privacy. It's inherently tied to just what does it take so that you can have these two devices communicate with one another and not have them confused with all the other devices that hook into the same network. And once I figured that out, was like, I'm going to go with that because I'm tired of trying to figure out how to explain this handshake process. Um, it
totally works. I mean I like the handshake terminology because it is kind of like that, like in person, whenever you meet somebody, you acknowledge each other, you shake each other's hands, you kind of authenticate each other by name and by face. And that's very similar to what a router does with a device like your smartphone or a laptop. It's basically doing the same thing where you're you're looking
for somebody to introduce yourself to. You go in, you acknowledge each other, you shake hands with each other, you kind of authenticate each other by name, and then you have that connection. Yeah, and you have that connection forever until you break it off. Yes, And if if you're at c S, it probably also requires you to hand over a business card because that's like, yeah, most likely that's that's the current I guess that would be your password, right, yeah,
I guess so yeah. All right, Well when we come back, we're going to talk about the how how information is sent through packets, just so that we can understand why did that packet sniffing thing mean earlier. But first let's take a quick break to thank our sponsor Shannon and I have a lot more to say about the dangers of public WiFi, but first let's take a quick break. All right, then we're back. So I promised that we were going to talk about pack it's packets is pretty
simple concept. So a packet switching network. You've probably heard that term before, uh the Internet. When the pioneers of the Internet were sort of designing this thing, they thought, well, how do we make it so that information can be sent from one computer to another in such a way that if something happens, the information can continue to make its way to its destination even if there's some sort
of interruption. And if it were just an uninterrupted string of data and there was an interruption, then you would have a corrupt file or you know, things would not work right. You wouldn't get what you were wanting. So they said, what if we bundled data into uh certain sizes, We'll call it packets. The packets will have information on them that will tell the data where it needs to go, where it came from, and how it fits within all
the other packets. To make whatever the thing is. And since we're talking about the Internet, let's be honest, chances are it's a picture of a cat. So that cat picture is going to be a lot of different data packets, and they have to put the packets together kind of like a puzzle in order to recreate that image of a cat. So that's that's what a packet is. Well, the packet because it has that information on it about
where it's going and where it's from. That's what we would call metadata, right, It's the data about the data, or it's data that somehow describes the data that's inside. And um and I always always try and say that the packets on the other side get reassembled Willy Wonka style like Mike TV when he goes across the camera. Um.
I like that. Yeah, I mean it's a it's a nice way of putting it, especially since I mean that's one of my favorite films of all time, the Gene Wilder version of the Not the not the Johnny version yet. So that's where we get the words for packets. So a packet sniffer, as we mentioned earlier, can be software, it can be hardware, it can be a combination of the two. That is meant to sort of check out the packets that are being sent across a network UH
and get an idea of what's going on there. And one of the things someone can do if they have a packet sniffer and they know how to do it, is they can look for packets that represent essentially an unencrypted cookie or a session key, And this is essentially where a user has sent a request to log into a service of some sort UH and if the hacker is able to sniff out that cookie, they might be able to step in and pose as that user and thus get access to the user's account or services UM.
And this is sometimes referred to as side jacking. I learned a lot of hacker slang while I was doing the research. This. I'm so proud of you. I'm not good at using it, but I learned it. It's okay. You could go to def Con next year and totally fitting. Yeah, except I would be like, all right, well, I'm gonna leave all of my devices at home. Another great idea def con for those who do not know is a information security and hacking convention where if you aren't careful,
they will let you know about it. Oh yeah, they do. Usually they're nice about it, and you just end up on this thing called the wall of shame. But luckily generally people don't nefariously hack each other there. It's just kind of to pop your name up on a wall of shame and that's about it. Yeah, essentially, essentially they're saying, hey, you need to have a heads up, like whatever you're
doing is not sufficient. Yeah, it's it's really more like it's really more like saying like, listen, we want you to be safe, and right now you're not being safe. So but but yeah, but still there's also the shame factor. And the more the more known you are in the sphere, I imagine, the greater the shame would be to appear on that wall. Oh yeah, definitely. So this was never been on the wall of shame, and I hope I never congratulations. Yeah, I've never been on the wall of
shame either, but that's because I haven't gone. I am certain I would end up doing something bone headed and mess up. So you were talking earlier about how you have actually actively worked on technologies that do this this packet sniffing uh approach. Yes, yes, I have. I used
to work at a company called Hack five. I still do shows on that channel, j K five, and our our premise for that channel is educating people who are interested in security and privacy and might want to go into information technology or penetration testing or infosec info security as a profession. So we teach young hackers how to legally use their talents to actually get a job that will help them spur the economy, help them protect companies,
h and help them really get involved with their passion. Um. So, one of the products that we created is something called called the WiFi Pineapple. It's a little hardware device. It's basically a round outer, but the software that's built into the WiFi Pineapple allows us to do things like get people to connect to a WiFi Pineapple as opposed to a regular router and allow us to sniff packets just like you were saying. Um. The the product has been
around for half a decade at this point. No, actually it's been almost a decade. Wow, I can't believe it's been so long. But we've gone through various revisions of it, and as security has gotten stronger, there's always been new vulnerabilities available in wireless network technology, so we've always been able to update the WiFi Pineapple to continue to educate people why it's still a good idea to not connect
to public WiFi or open hotspots. And uh, it's been a wonderful education tool since we can use it as this kind of man in the middle attack for for you know, helping people understand and I mean, like the thing that I see people sometimes and I know you've seen it sometimes protests they're like, why are you making this thing? And the argument I would make to them, and I'm sure it's an argument that you guys have made numerous times, is you know that people who have
bad intentions are making stuff like this already. They're they're they're doing it all the time. They're doing and they're not talking about it. They're not upfront about it because they want to take advantage of it. The reason why you guys do it is to raise awareness, to teach people how it works, and presumably they can then take that knowledge and better protect whatever their future clients might be if they end up working as a white hat hacker.
And yeah, straight up, people have made their own WiFi pineapples using you know, different types of hardware and different kind of software that they've made their own, but our our products are well. Hack fives products are listed in MIST, which is the National Institute of Standards and Technologies as a wireless penetration testing device. So a lot of companies see it as a professional tool and they get their employees to purchase these items to use and make sure
that their networks are protected. Because as much as you could use a WiFi Pineapple to hack somebody, you can also use it to protect yourself because you're still doing the same kind of tracking on your known network. So if I had a WiFi Pineapple on a company's network that I'm legally have access to as since that's my profession, for example, hypothetically, uh, then I could see what employees
are doing on that network. So if somebody is visiting Facebook when they shouldn't be, I could see that and I could tell them, hey, you need to, you know, cut that off or you're going to get written up.
Or if there was an attacker trying to gain access to a wireless network, I would be able to see those packets because they would not be what I normally see, and I would be able to protect my network because I could blacklist them then, So there's so many different ways that you can use these tools, not just nefariously like you had mentioned, but in like these amazing ways that help protect so much more than just companies but also the employees that are working there as well. Yeah. Yeah,
and that. And I've always been the type to say, if if someone's outwardly talking about what their technology can do, then those are the people you should trust. It's the ones who aren't talking that you have to worry about. So yeah, it's the same thing for me when people are talking about security vulnerabilities that they found in systems, where they might come forward and say, yeah, I reported this like three months ago, the company still hasn't done
anything about it. The only reason I'm coming forward is because that puts the pressure on the company to definitely make a change, because that vulnerability exists, whether they talk about it or not. Now they have to do something because the public knows about it, and and they're I'm
I'm fully on board with that too. I mean, I think that you always give the entity the chance to address it, but if they haven't shown any movement towards that, I think it's the responsibility of someone who's found a vulnerability to come forward with it, because otherwise it's just it's just a ticking time bomb. Someone's going to take advantage of it, and then it becomes a problem far bigger than coming forward and saying, hey, guys, need to
fix your stuff. And it's it's not just you know, devices like the WiFi Pineapple, but as we had mentioned, it's also software that's involved too that can do very similar type of tracking on networks. There's a technology called wire Shark, which I'll bring up not just because you know, I have no financial responsibility via hack five. So like if if you know, somebody purchases a WiFi Pineapple when they hear this talk, I don't get anything from that,
no compensation whatsoever. I just do a show on that channel, So don't worry. I'm not. I don't get referrals or anything. But there's also software like wire shark, which is a free service online that anybody can download and that allows you to do packets niffing. I've used it to test my own home network and make sure that my smart coot devices are secure and they're encrypted, and that has luckily, luckily, all of my devices are you know, totally secure, which
is wonderful. But back in the day when I first started using wire shark, I discovered that when I was using Instagram on my phone, I could see links to the pictures that I was liking as I liked them, So as I gave them the little hearts, uh, it would pull up a little HTTP link and I could click on that through wire Shark, and I could see exactly which pictures I was liking, which was so creepy.
I mean, definitely something that you should be aware of is what kind of data is being passed through with no encryption whatsoever, and what kind of data is being encrypted too. Yeah, totally, and you means crazy. You mentioned the man in the middle attack. That's that's kind of another step up, where you have a hacker that sets their machine in between a user and some other computer
that might be a router. So you might actually have a man in the middle of attack where someone say at the coffee shop, and they set up uh their computer so that it appears to be the coffee shops network. There's actually ways where you can force a reboot of a system and then pose as that system so that when it does reboot, you are effectively a middleman. In that relationship, and meanwhile you see all the stuff that goes across that because your computer is acting as the
network spot for where where everybody's connecting through. Uh So that's that's one way, But there's also ways of doing a man in the middle of attack between a like a client and an actual service, like you know, directing people to fake bank log in pages and things of that nature. UM So those are things you also have to be aware of. Although that can happen pretty much in every scenario we're going to talk about. That requires you to pay close attention to what you are doing
as you're browsing. Um And I mentioned earlier about the idea that if you are using public WiFi that is password protected, Let's say you're at a coffee shop where yeah, you can log into their their WiFi, but you have to first go up to the cash register and find out what the password is, and then you find that out and you log in. Some people feel like that gives them that extra area of security. Honestly, that doesn't because there's nothing stopping a hacker going into that same
coffee shop getting that same password and like that. It doesn't add any like by itself. It doesn't add any extra security. It just is one extra little step. Yeah, it's true. Uh yeah, anybody even in the vicinity, if they've ever had access to that wireless password and the coffee shop, for example, has never changed the password, like they could easily get access again with a long range antenna on the other side of a parking lot and be able to sniff what everybody in that coffee shop
is doing. So yeah, I don't even use coffee shop WiFi or airport WiFi if we want to use that example, those even trustworthy exactly, and I think that those are perfect examples, especially as people are traveling a lot for the holidays. Like that's where I think of seeing people whipping out their computers the most is airports and coffee shops. That's it. Um. But yeah, if you have an encrypted network, that's better. It's again like this is another step where
we're getting into uh more secure area. And we'll talk about different types of encryption in a second, but before we get to that, there's actually also a difference in the types of browsers, right. Different browsers offer different levels of features that either uh enable security and privacy or they make it really difficult to protect, so on the bad end of the scale as an Internet explorer for
multiple reasons. It was never the best browser when it comes to security and privacy, but it's really not great now because Microsoft no longer actively supports it. UM. They will push out a security update on occasion, but it's not frequent, which means that there are a lot more opportunities for people to discover and exploit vulnerabilities and and be fairly sure that those vulnerabilities will stick around for
a while. So it's not even like a rush because Microsoft isn't updating it that frequently with security patches, So that's a bad one. Don't use it. Microsoft Microsoft Edge only slightly better than the completely unsupported Internet Explorer UM, at least as far as privacy is concerned. Uh. I use Google Chrome a lot, but admittedly Google Chrome not great either. It's kind of on the bottom half off
of the middle of the pack. So uh, they're better about security, but they are the pets when it comes to privacy. Also not a big surprise, because I mean, what's Google's business, right? Google owns you? Yeah, your data is Google's That's what Google buys and sells. Like it's your information. That's that's Google's currency. So clearly it does not behoove Google too lockdown privacy super tight. They want to know all the information about you they make that's
how they make their money. UM. So, of all the common browsers, like the ones that are frequently used out there, the one that UH that tends to rank the highest is Firefox, higher than Opera, higher than Chrome, higher than Safari. UM. So it does really well, especially for security and privacy.
It can support a lot of features that protect you when you're when you're surfing stuff that will end up cutting down on things like targeted advertise because you can really limit the information that's being shared by the sites that you're visiting. UM And you can also enhance it with various add ons that you can find, although obviously anytime you're going to be adding anything to an existing program, it pays to do your research to make sure that
it is offered by a reputable and dependable app developer. Yeah, Firefox is an excellent choice UH and two fold. If you download something like Firefox, you also get a very fast browser because they have worked very hard to make that browser quick. So even if you don't care about the security and you just want to access your sites really fast, you should use Firefox. Yeah, yeah, I got Firefox. I got stuck on Chrome because for a while Chrome was super fast and then it got super bloated. And
also there's the more tabs you have opening Chrome. Anyone who's done this with Chrome knows. Even though it are all supposed to be distinct instances that don't bleed over into each other, Uh, there gets to be some memory issues if you happen to be really a heavy user, and everyone here at this company is a heavy user. So uh, Firefox is definitely going to be my browser of choice moving forward after I did this research. I also, I should point out, before I did this research, I
did not know this. I was just a happy, blithe, naive Chrome user handing handing over reams of personal data to Google, which I mean, granted, I'm sure that company's board with me by now, but still there's some value
there um. And then that brings us to encryption. And this encryption it gets this is sort of like complicated, like the handshake thing, but encryption, when you boil it down, is all about scrambling messages so that the only people who can access it are the ones who have the key to decode it, right, So you have the key to encode and the key to decode. There are various implementations of that technology, different ways to have the public key and private key operations. I don't need to get
into all of that because it gets way too technical. Obviously, encrypted is better than unencrypted, but not all encryption schemes are created equal, and it pays which ones are in use. So yes, that's very true. There's there's even like there's symmetrical keys and asymmetrical keys, and then there's like SHAW one and be crypt and r s A. There's all
these different terminologies for encryption. But for what it's worth, all of them jumble up your information into some kind of format that will hopefully hopefully encrypted, so that anybody who does gain access to the encrypted version of your information will not be able to reverse engineer it or change it back to its original plain text formats, so they can't read it in like English speak, right, it would just be mean less garbage to them, hopefully in
its ideal, ideal implementation. So one of the things that you may have encountered if you've ever set up any sort of wireless network. I think most people have, or at least they've they've had to connect to one where they've seen the different types of UH network security protocols. These are certifications that the WiFi Security Alliance creates, and the earliest one was the Wired Equivalent Privacy Protocol or w e p H. That one is decrepit, it's old,
it's vulnerable as heck, so don't use it. Yeah, if you have the if if your router tells you, like asks you which one you want to use, don't use w ep UM. It is not secure. It is it's I mean, you could argue it's better than nothing, but not by much because the vulnerabilities have been known for a long time. In fact, so long that even before the nineties were up, you had people developing the next generation, which would have been the WiFi Protected Access or w
p A. So w p A came out. Then you get w p A two, which was trying to address some of the shortcomings of w p A UH. Both of those also still have vulnerabilities. W p A two is generally talked about as being one of the more secure UH certifications these days. There is a w p A three also has vulnerabilities that have pointed out within the year of coming out. Yeah so, but w P I, I don't think I've even seen a lot of stuff
that's certified w P A three yet. Like we've we've started to see some wireless routers come out with w P A three, but they there's still a little expensive and they haven't really gotten widespread adoption by consumers quite yet. So w P A two is fine for most consumers to use. Uh, you just have to make sure that you set it up correctly and you don't give the entire world access to your password for your account. Yeah that, because then there's what what were you even thinking? There's
no point then? Yeah. So, so w P A three on w P A two. All these are our designations. And what happens is a manufacturer will make a piece of equipment or uh either it's a computer or handset or maybe it's a router, and then they submit it to this WiFi Security alliance that then makes sure that that technology meets whatever the requirements are for the particular designation. Then they put the stamp on it and they say, yes, this is w P A two compliant or w P
A three compliant. So that just tells you that compliance really there. It gets more granular than that. For example, w P A two has two different types of encryption standards that can be used. There's the bad one. It's Temporal key Integrity Protocol or t k I P, and I call it bad because yeah, t KIP. T KIP is no longer safe, skip the tea KIP. If you skip the tea KIP, I like that. Yeah, it's nice
mnemonic device. And then there's Advanced Encryption Standard or a e S, and that's the more secure of the two. So don't rely on tea KIP, rely on a S uh. So that will end up protecting you quite a bit as well. The encryption will end up helping a great deal because you've just made it more difficult for someone to get anything meaningful from your browsing activity. It does
not mean that you are immune. But again, the harder you make it for somebody, the less chance they're gonna put forth the effort to break through whatever protections you put up. So just general note um, and then that also brings us to secure browsing. So back in the day, which was the Thursday, I don't know if you know that UH, there was the the Secure Sockets Layer SSL, whenever you went to a website that had the little padlock and the lock on it and the HTTPS like
the original version of that was SSL. In fact, a lot of people still refer to SSL, even though that technically has been and has before a while been replaced by the Transport Layer Security or TLS. But the same sort of purpose it's too. It's meant to create the secure channel of communication between you and a specific UH
website U r L address. So if you see HTTPS or you see that little locked padlock in the address bar of your browser, then you know you are in a secure channel between you know, your your device and that browser, at least as far as information going between those two points are. I mean, obviously, if you're on a public WiFi hotspot that's unsecured, you've got other issues. But it means that when you're browsing, you want to
make sure that that HTTPS is showing up. You don't you don't want the h T t P, you you want to make sure that S is there. So one thing I've noticed very rarely, but it has happened on occasion, is where a website that requires you to log in somewhere like their main page there dot com address will be encrypted with HTTPS, but as soon as you go over to the log in page or go through any tree of different sites that they have created on their dot com domain, all the rest of their pages are
h T T P. They are unencrypted. So if you go to the log in page and my cat agrees she's mewing behind me, uh, and you put in your user name and password, those would be copied through plain text, and if anybody was, you know, tracking or sniffing your packets, they would be able to see that plane text user
name and passwords. So, for example, if my password was my cat's name is Starbuck, and that was a plain text, unencrypted website just using HTTP, then if somebody was sniffing those packets, they could see that passwords show up in their software through whatever hardware device they might be using, and just be able to see, oh, she entered Starbuck, and then they couldn't go to the website type that
in and gain access to my login account information. Yeah, and that is what we call no bueno, right like yeah, yeah, And more and more sites are getting better about making certain that their entire presence they are is being secure, but you can. It's actually harder and harder to find examples websites doing that, so which I'm happy to see because that makes my job harder and that means people are listening. Uh So, I am happy to see that less sites are doing that, but we still have issues.
There's still some out there. And then occasionally you have browsers that will alert you if you try to navigate to a site that is not secure. It'll give you a little alert, which is good too, because you know if the people on the website aren't being diligent and at gives the user on the other end the heads up of hey, you probably thought this was secure, but turns out it's not. Maybe you want to rethink that.
Are you sure you want to go ahead? You will probably be eaten by a group, and then you decide what you can do it. Um Now, when we come back, we're gonna talk about one other topic before we get into like the super secret stuff, and that is what the heck is incognito mode for. But before we do that, let's take another quick break. We've got some more discussion about public WiFi and the steps you should take to protect yourself But before we get to that, let's take
another break. So Shannon, I have I've gone to a private network, right, I'm it's not maybe mine, but it's a private once, not open to the public, it's encrypted, it's password access. I've done all those wonderful things. And then I think, you know what, I'm gonna look at some so like your friend's house or something. Yeah, yeah, yeah, And uh, I decided, you know what I want to do. I wanna I'm gonna look at some I'm gonna look at some some stuff that I don't think my friends
would really understand. Maybe maybe I'm gonna look into that that my little pony fan fiction. Uh, and I don't want my friends to know about it. So I'm like, well, I'm gonna be super sneaky. I'm gonna go into incognito mode. Now no one's ever done to know. So I click on that little incognito mode and little bitty shadow Man pops up, and I'm like, oh yeah, I'm totally safe and totally secret. Nobody knows it's me. And I start looking at my brony fan fiction. Oh you know the term. Hey, look,
I wouldn't listen listen, you just give yourself away. Listen, Princess Celestia and I have an understanding. Okay, so we are not gonna go down that road. We're not gonna go there. Like yeah, Fluttershy and I we're like, we're tight, so we're not. It's fine, Okay, it's acceptable behavior. But no, it is acceptable, but I don't want my friend to know that. Now here's the sad thing folks told everybody on the podcast. One one, whoops, I guess I should
be more secure with my data. And secondly, secondly, incognito mode, that's not how that works. It doesn't protect you from anyone who has any access to the network from seeing what you're doing, right right, that's correct. Um. Yeah, so incognito mode. Uh, you you've probably seen it on your own computer. If you go up into the menu for your regular browser and go into like the dropdown menu, there's usually an option to choose incognito mode or like
secret mode or something like private browsing or whatever. Yeah, private browsing, Yeah, that's another one. Uh So if you click that, it opens up a completely different window on your computer or on your phone as well. You can do it on your phone. Uh, and you start to browse. But basically the only thing that incognito mode is really doing is uh not putting anything into your local history for your your web browsing history, so if somebody else got it on your computer, they would not know what
you were doing in incognito mode. Uh. And it also doesn't store the cookies on your computer, so any information that you were sharing with a website during your incognito mode would not be stored afterwards. So all those cookies that might have happened during a session, they'll just be erased like you never existed. Uh. That that can actually be very useful. For example, if you're looking for a fun hack, if you want to save some money on
airplane flights, you can track them. You can look up airplane flight prices in incognito mode and compare them to your regular browser. And sometimes on occasion you can find cheaper prices in incognito mode. Because it doesn't see how much you are searching, it doesn't see how how many websites you've gone to. Those cookies just aren't it there, so the website is going to give you the best
price through that that private browsing mode. Uh. That's pretty much like the most interesting thing that I use for incognito mode four, but it can be used to secretly access websites without anybody else knowing that you're accessing those websites at the time. For example, if you are a Brownie. Yeah, so this works on the device level, but not the network level. So yeah, so if my friend gets hold of my phone or my computer, there would be no record of me having gone on the Browny fan fiction
community site. Uh where I post by q D mark. They would not be able to see that. But if they were to look at the network traffic, they'd say, huh, this I P address is going to this Brownie site a lot, and it's not my computer, so it's obviously your device and so and so this is why, like, if you were to use let's say that you're at work, let's hit your what the The example I like to give is your Let's say you are stuck in a
crappy job. You're doing your job, but you're miserable and you would really love to be able to get something else, but you don't have any time outside of your job where you can really dedicate towards things like searching for job openings. So on your lunch break, you slip into
incognito mode and you go on a job search website. Well, just because you're an incognito mode doesn't mean that at the network level they can't see exactly what's going on, So it doesn't actually protect what you're doing or how you're doing it. So one thing you might want to use incognito mode for if you're someone like me who does a lot of research. Let's say I'm researching into something that you know, it's it's just not my bag.
You know, it's I need to do an episode about it, but it's not something I'm particularly interested in on a personal level, or might even be something that I would find very awkward. Let's say that I was doing an episode about, uh, dating websites, and so I have to
do a whole bunch of research on dating websites. Well, then I might want to use incognito mode so it doesn't build up this cookie history that relates back to me personally, so that maybe I log onto something like Facebook and then suddenly all the ads are for dating sites. That would be awkward, Right, that would be super awkward, especially if you were married. Yes, I'm not a good thing. Yeah, I had a similar occasion with I was looking up
pregnancy and birth information for somebody in my family. I'm nowhere near any time soon giving you know, birth to any children in my life except for my beautiful for babies that I have in my house with me. Uh So I was looking up this information and I was just like, do I want Twitter on Instagram to start promoting like baby items to me or do I want them to keep on promoting like makeup in sailor moon items,
which I'm actually into. So I looked up the information about pregnancy and birth for the other person through incognito mode so that that informa and wouldn't actually be tracked and identified as a part of my online personality. So that way I was able to keep the same ads that I actually, you know, sometimes kind of enjoy looking at because they do pertain to my lifestyle, but nothing
that had to do with pregnancies. Right. And and that's a great example too, because there was that famous example a few years ago of a retailer I want to say it was target, but I could be wrong, but it was a retailer target, Yeah, And they had identified through the browsing history of a user that she was pregnant because of the things she was searching for, so they proactively sent her through the snail mail a package of coupons for pregnancy related items, and her father was
the one who intercepted the letter the coupons, and she had not told him that she was pregnant, and he had assumed that target had made this assumption and got super mad, and then turned out that he was mad about something that actually had happened. She just had not She had not had the occasion, she had not found the way to tell him. And that's awful. Uh. Yeah, it's such a breach of privacy, to be honest, is when they start tracking you like that and sending you information.
It's like unsolicited advertising, and I hate it. We deal with it every single day online. Yeah, it's it's it's even worse than unsolicited advice, Like that's bad, but unsolicited advertising is even worse because they're like, yeah, they're so eager to make that sale that they can overstep very easily. Well, let's wrap up by talking about some of the more secure ways you can browse if you have to connect him.
We mentioned this at the very top of the show, where VPNs are virtual private networks, and we mentioned that sort of man in the middle attack where you are logging into a hackers machine thinking that that's a legit spot, and then the hackers kind of relaying information and sniffing
the entire time and learning all about you. VPNs are kind of like that, but on the legit side, where you are logging into a remote server somewhere far away, probably through an encrypted connection, and then when you browse, it's as if you're browsing from the server's location, not
your personal device. So if I were to blog into a VPN and then log into a web service, the web service would see my location as the location of the VPN server, not my gadget that's actually in front of me, right and not necessarily just for if you want to look at your my little pony browny fan fix, but VPNs can be extremely useful if you're trying to
access a website that's only available in select countries. So if you choose to purchase like a consumer facing VPN product, and there's many out there, I could make recommendations, but they're can instantly changing as far as their privacy and security terms and policies go, So I won't make any
major recommendations here. But if you choose a VPN that has a a UH, for example, a country facing server that's in Japan, that means that I could download this VPN, log into it, connect through Japan, and be able to access a website that's only available to Japanese residences. UH. So I I had to do that a few years ago when I wanted to purchase tickets for the Studio Ghibli Museum through the Japanese website. It wouldn't let you access it through an American server or an American connection.
So I logged in through my VPN through the Japanese server UH, and I was able to purchase those tickets through the Japanese website. It thought that I was in Japan, so it let me do it, and that way I was able to save myself so much money. It was wonderful. So you can do it for you know, buying goods, buying tickets for where, you know, going to a concert in a different country, or a museum or something like
that in a different country. You can use it to access online streaming portals that are only available in specific countries. You can use it to download specific things that are only available in specific countries like the list goes on and on as far as different ways that you can use VPNs that aren't necessarily just directed for security and privacy, but are also directed at manipulating where the website thinks that you are coming from. Yeah, and this can be
a matter of life and death for some people. Like here in the United States, we largely use it for the purposes of things like privacy, security, and convenience, but in other places where you might be uh in a country with a more authoritarian government, one that is far more restrictive in access to certain services. If you're able to connect through a VPN, which you know, granted, that means that that government agency has have been paying very
close attention. But if you're able to do that, then you can log in two different things as if you were from some other part of the world, and maybe get access to vital information or services that otherwise you would not have at your disposal. So they play a very important role. In fact, I gave an example today with a friend of mine about how I would see VPNs and incognito mode together being incredibly important. So imagine this is a terrible scenario and I put that out
there first. But imagine that you are in some form of abusive situation at home, and whether it's a spouse, a parent, a parent, some sort of authority figure, whatever it may be. But you're in that abusive experience, You're going to feel like you are helpless and you want to look for resources that can help you get out of that situation. But at the same time, you have a very legitimate fear of being found out for seeking out those resources and the fear of reprisal that you
might face as a result of that. Well, using something like a VPN and incognito mode would mean that you're not leaving a trace on the network of what you're doing, because as far as the network is concerned, all you're doing is visiting this VPN server. It's not seeing what else you're doing. All of knows you went to that VPN server. Incognito mode means you're not leaving the trace on whatever device you're actually using to do that sort of search. So these are the sort of tools that
can literally mean life or death scenarios for people. And you know that's dramatically that's together and it yeah, and once you start combining those different security and privacy products together that are very consumer friendly. Then you can end up having a much more secure experience online, especially if you're dealing with some kind of like like an abusive relationship or something like that that can be uh something that you seriously have to worry about, so definitely take
those into consideration. Using an incognito mode and VPNs together is so easy to It's just as simple as opening up that browser window in private browsing mode and turning on your VPN, which is usually with a lot of software nowadays, is the click of a switch on your computer. And there are a lot of VPN apps out there, like there are a lot of the services where if you subscribe to the service, you can use uh your computer, or you can use a mobile device, or you can
use some combination of multiples. And they're even ones where you can have it set as a default that as soon as you connect to WiFi networks, you connect through the VPN, so you don't even have to don't even think about it in that case, which is definitely good.
If you're using like a mobile device and you're connecting to public WiFi frequently, you definitely want to have that that that turned on, because if you ever forget about it, that's when you're going to have the opportunities for people to take advantage of you. Uh, the last examples go ahead, I'm sorry. There's also the option to build your own VPN, but that gets very much into the nitty gritty, uh, since there are a lot of consumer facing ones that
are generally fine for the average consumer. That's what I wouldn't normally recommend. But when I go to Deacon, for example, I bring like my own certificate, my own VPN, and my own little o VPN basically file, and I stick that on my phone to actually run my own VPN. When you do that, you're basically creating your own secure profile, as opposed to trusting a VPN company with your information and hoping that they are doing it for you. Yeah.
That's a great point, Shannon, because a lot of these solutions actually ultimately require you to put trust in another entity, and you know, there have been cases where even VPNs have suffered data breaches in recent past, where you know, you have to worry about that kind of stuff too.
There does come a point where you ultimately you have to say to yourself, at what point am I comfortable handing over control or handing over you know, some of my data, because either you're doing that or you're doing nothing. But you know, deciding where that point is is a very personal choice. Uh. The very last one I want to talk about, and we can do this very briefly, is Tour, the Tour browser. Tour initially was an acronym
instead for the Onion router. And the reason it's called Onion is because it does encryption in layers, each outer layer being another layer of encryption. And I gave a very simple analogy. Imagine that you are trying to ship a present. Let's say I'm shipping a present to Shannon, but You're welcome, but I don't want you to know where I live, um for some reason. And I don't want anyone to know that I'm sending a present specifically
to you for some reason. So what I've done is I've nested your package that has your present in it inside another package that's gonna go to a totally different address. And I've nested that what's is it a brown package? There's probably some you know, my little pony temper tattoo sheets in there. So that's in there, and then that's in a second package, and the second package is in the third, the third packages in the fourth. Each package
has a different address on it. So I've got a really big package that ultimately is just holding a bunch of boxes and a couple of sheets of temporary tattoos and the innermost box. I ship that to the first address. The person at the first address opens up this big box and they see that there's a slightly smaller box inside with a different address on it. So they plopped that back into the post office. Post office takes that to the second destination. They open up the package, well,
destination number two. They know that the package came from destination number one, but they don't know anything further back from that. They don't know that I was the person who originally put the package in the mail, and they don't know where the package is ultimately going to. They just see destination three on the shipping label of that inner package, so they send it to destination three. Destination three gets it. They opened it up. They know it
came from destination too. They don't know about destination one. They definitely don't know about me, and they see that they need to send on the next package to destination four, and so on and so forth until finally you get to that innermost package which has Shannon's address on it. She gets it, she knows it came from the previous site, but doesn't know any of the rest of the history, including where it came from, except I probably put a note in the inside of the package saying hey, it's
from me, Brownie Joe. And then then she gets the package. You would probably want to make sure that your message is encrypted. Yes, Uh, there's like a you know, I tell you that you need to use your super secret Captain Crusader decode ring or whatever to decrypt the message, and then and then she would be able to to use a similar process to send information to me. Uh. Now, this is a very secure way typically of sending information.
There are ways to try and sniff out things, just as there are with any network communication, but it's hard. It's very hard to get anything meaningful through this process. It is possible, it's not foolproof, but it's real hard and uh. And so this is generally considered the most secure way to browse the Internet. However, with that security there comes a trade off, and that trade off is mainly felt in the form of speed. We're in the
home stretch. Now we're going to have a little bit more talk about public WiFi and safety measures you should be observing. But before we get to that, let's take one last break. There has been talk on on the internet many years ago that government agencies had access to some of the UM end notes, the very last place that your package would hit before it went on to
whoever it was supposed to go to. UM. So you do have to consider where where is this information being sent and who has access to the very end of that tunnel that you're sending that information through UM and if that's protected, then yeah, it's great option UM. But of course with tour as well as with VPNs and incognito mode, you shouldn't use just one of these options. You should use all of them if they are at
your disposal. But again, do you want to deal with the slowness that you're going to experience when you add these additional tunnels and additional nodes onto whatever you're trying to gain access to, or are you going to deal with the security um UH minimal experience and add that additional convenience to your experience by just not using it, so there are trade offs either way, and you've summarized
it perfectly, Shannon. I mean, this is like we said at the beginning, this is a spectrum, and the important thing is to be educated to that spectrum so you can make your own educated decisions and not just trust to the fates. I have a tattoo on my back of the full Terror card, the Eternal Optimist. Don't be
the fool. You get the tattoo who wants pretty awesome, It's dope, But don't don't be the Don't be the fool in life, right, Don't just trust that you can take a step off a cliff and you're not going to fall to your death. The fool is taking a step off a cliff in the traditional tarot card. So you don't want to be like that. You want to be informed and make choices. And you know there might be instances where you think, Okay, I'm in a public spot, I am going to use WiFi, but I'm using it
for something that's not related to my personal information. I'm literally maybe I'm looking up a restaurant to find out what hours it's open, and that's it. You know, they're different levels. But if you're thinking, I want to do some shopping, or I'm going to check my bank statement, or I'm going to log into my email or this one's a big one for us here at my heart.
If I'm going to access any of my my work stuff, right, like anything that's stored on there, any of the services that are on your definitely use a VPN in those cases, because you're talking about things that affect not just you but other people. Right, You're talking about the potential of affecting uh, essentially an entire company if if the wrong information were to get out, you know, especially for talking
about things like publicly traded companies. You want to make sure that you're being a good steward of the information that's been entrusted to you, not just your own but others. So, uh, Shannon, this has been a joy. You have given generously of your time and your expertise, and I greatly appreciate it. Please let people know where they can find your work. Well.
Thank you so much, Jonathan. I love security and privacy and I think of it as a habit that you build upon over time, and the more that you learn about it, the better off you can be in the future. So build upon your security for your future self and for your family too, because the more secure cure you are, the more secure they will be as well. Uh. And if you're interested in learning more about consumer privacy and security,
you can check out my YouTube channel. It's YouTube dot com slash Shannon Morse uh and that's m O R s E just like Morse Code and I will be going to CS just like Jonathan Jonathan mentioned, I'm very excited, so I will be posting a lot of content from the Consumer Electronic Show and I will have tons in store through the year. Awesome. Shannon's always a pleasure. I am so sad that I will not be seeing you at c E S. Will have to make time for
some other tech conference, I'm sure. Or next time i'm out your way, I'll give you a shout and maybe we can, like please do Yeah, we can can go grab ramin or something and chat about security. I would love That would be awesome. And that was an episode from Christmas Day two thousand nineteen, The Dangers of Public WiFi. I hope you enjoyed this look back on the episode. That was one of the really epic ones when it
took a look at the full running time. I thought, wow, um, I oe Shannon a really nice lunch or something for agreeing to sit on a podcast for so long with me, Because, as we all know, that's a big request. I hope you are all staying safe and are well. If you have suggestions for topics I should cover on future episodes of tech Stuff, please reach out to me. The best way to do that is on Twitter. The handle for the show is text Stuff H s W and I'll
talk to you again really soon. Yeah. Text Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.