Going through border security today – even just returning to your own country – is not at simple and stress-free as it should be. The likelihood of our digital devices being searched by a border agent has increased in recent years and political sensitivities today can be high. Our devices have access to a ridiculous amount of extremely personal information. How can we protect ourselves? The answers aren’t great, but I’ll give the current best advice from immigration lawyers and civil rights groups.

In other news: the Apple-UK data privacy court case will be at least partially public; some companies are ignoring automated opt-out signals; Waymo may use interior car video to train its AI; data breaches at Hertz and a Planned Parenthood medical lab; air travel group paints a picture of future use of facial recognition; San Francisco police have a new surveillance center; Ukraine drones come with anti-Russian malware; judge rules that ‘cell tower dumps’ require a warrant.

It’s easy to be a Monday morning quarterback, even with cybersecurity. But defending a business, of any size, against cyber threats today is hard. Like, really hard. Defenders have to succeed every single time; attackers only need to succeed once. And then your company makes the headlines. Today we’ll delve into the world of the “blue team” – the defenders who are charged with protecting your data and the services you depend on – with cyber expert Oz Jones. Along the way, we’ll learn valuable lessons for everyone.

When we collect a lot of personal data, say via the US Census, the goal is to glean important aggregate information and statistics, while somehow preserving the anonymity and privacy of the individual respondents. There’s a rigorous mathematical process for doing this – that’s actually not that hard to understand – called Differential Privacy. I’ll explain how it works.

In the news: iOS has a new location privacy setting; Google confirms it’s rolling out AI to Gmail; Windows makes it much harder to avoid creating a Microsoft Account; WhatsApp is rolling out AI in Europe with no way to opt out; Switzerland is considering undermining encrypted communications; 23andMe is going bankrupt – it’s time to delete your data; France rejects a backdoor mandate; and finally, I have a lot to say about the US officials’ Signal chat debacle.

We’ve been installing apps on our smartphones for almost two decades now. The iPhone and Android app stores kicked off in 2008 and we still, to this day, have no real way to know what’s in them. It turns out that most apps are an amalgamation of software libraries and development kits from various third party vendors, so often even the makers of apps don’t fully understand the makeup of their products. Lisa LeVasseur from Internet Safety Labs has worked to build tools to dissect and inspect our apps and help us understand what they’re really doing.

Tax time is once again upon us here in the USA, which means that the tax scammers are coming out of the woodwork. Many will claim to be representing the IRS, claiming that there is an urgent need to fix a problem with your return, threatening penalties if you don’t pay them money. Others will simply try to file fake returns in your name, but send the massive false refund checks to themselves. I’ll help you spot and avoid these scams.

In other news: Apple’s Passwords app was vulnerable to phishing attacks (now fixed); Amazon is forcing Echo owners to share voice recordings; the Bluetooth chip “backdoor” that wasn’t; Captchas were used by Google to translate books and Street View images; ICE uses third party tool to scrape tons of your data; beware of online file converters; Clearview AI attempted to buy millions of mugshots; RCS messaging will soon allow end-to-end encrypted chats between iPhones and Android phones.

Use these timestamps to jump to a particular section of the show.

Josh Summers lived in China for many years and learned a lot about privacy and security. Since he left, he’s made it his mission to share this knowledge through his website and YouTube channel called All Things Secured – helping regular, everyday people like you and me to protect our data and devices. Today we’ll talk specifically about improving your security and privacy on iPhones and Android phones, and even some alternatives outside the Apple and Google ecosystems.

Google’s Chrome browser is rolling out changes that will hamstring ad blockers – so there’s never been a better time to try a better browser. There are a handful of good options, but I’m going to recommend that you try Firefox with a fantastic ad blocker called uBlock Origin. If you’ve never tried this powerful combination, you won’t believe what you’ve been missing.

In other news: the UK scrubs all encryption advice from government sites; Signal’s CEO threatens to leave Sweden over backdoor demands; UK private health services hit by Medusa ransomware; Australian IVF provider has patient data stolen; Brazil gives Apple 90 days to allow side loading of apps; millions of Android TVs hijacked by a botnet; Qualcomm and Google team up to offer 8 years of Android updates; Google rolls out AI voice call scam detector; and confusion over Trump admin orders regarding Russia cyber threats.

Use these timestamps to jump to a particular section of the show.

Today, we travel back in time and back to The L0pht with one of the original founders of L0pht Heavy Industries, Weld Pond (aka Chris Wysopal). We’ll talk about how hacker culture has impacted modern technology, cybersecurity practices and digital rights, while sprinkling in some classic and hilarious stories from hacker history by someone who lived them.

Use these timestamps to jump to a particular section of the show.

Not all Privacy Enhancing Technologies are new – but this one is probably new to you. Onion routing was developing in the 1990’s by the US government and is the basis for the Tor Network. Onion routing does one thing very well: it masks your actual IP address. While you can use a VPN for this purpose, onion routing adds a different layer of anonymity – and it’s just a cool technology. Today I’ll explain how it works, how to use it, and the pros and cons of doing so.

In other news: Bitly is leveraging its URL-shortening empire to monetize your links; a major car company is experimenting with in-car pop up ads; a cautionary tale about law enforcement’s access to private phone data; Russian spies are using a clever new phishing technique to gain access to Microsoft 365 accounts; Apple pulls its Advanced Data Protection feature from the UK market in response to demands to ‘backdoor’ its encryption; and whatever your political beliefs, the chaos and careless changes made by the DOGE group are seriously undermining national security.

Use these timestamps to jump to a particular section of the show.

Generic security advice is good, but tailored advice is much better. Everyone’s situation is a little different. What are you trying to protect? Who or what are you trying to protect it from? What are the consequences of failure? This is called threat modeling. And thankfully, the wonderful folks at Consumer Reports have a free, easy-to-use Security Planner tool that will help anyone do this assessment and provide custom solutions. My guest today is Yael Grauer, who will help us understand how to think about our security and how the CR tool can help you protect your data and devices.

Use these timestamps to jump to a particular section of the show.