Firewalls Don't Stop Dragons Podcast

You may be vaguely aware of the term ‘quantum computing’ from media reports. But what you may not have picked up on is that one of the primary uses for quantum computers may be to break data encryption. Furthermore, you may not realize that if three-letter agencies can save off our encrypted emails and messages now, this could mean they could read them in the future when sufficiently powerful quantum computing becomes viable. How does this work? And what can we do about it now to protect our privacy in the future? We’ll dig into all of this today with Brandon Sundh from Tuta (formerly Tutanota), a prominent secure email company, who is already deploying such protections.

Use these timestamps to jump to a particular section of the show.

Mis- and disinformation is just a fact of modern life, but certain events can cause the practice to significantly increase – like a big election. This is a good time to review this phenomenon, learning how to recognize it, how to avoid being drawn in, and perhaps most importantly how to reduce its spread.

In other news: Telegram’s CEO was arrested in France; too many people keep saying Telegram is an secure messaging app when it’s really not; if you think ads and tracking are bad now, wait till you hear all the ways modern TVs are monetizing their users; sextortion scams are using some new techniques to scam their victims; consumer groups have lobbied the FTC to create clear guidance on ‘software tethering’; and California just approved a new privacy bill that will finally require companies to honor universal opt-out signals from apps and browsers.

Use these timestamps to jump to a particular section of the show.

Proton released three major new products this summer, all within the span of about a couple months: Proton Docs, Proton Wallet and Proton Scribe. Given that Proton is a privacy-focused company, some of these offerings seemed almost at odds with that mission. So today I ask Andy Yen (Proton’s CEO) some questions about the privacy of their Bitcoin wallet and AI editing tool. We also discuss the new Proton Foundation and how it safeguards their privacy mission for the future. Finally, I ask Andy if they would consider acquiring Mozilla to save the Firefox browser and, in the wake of the blow back Signal received about protecting local access to messaging data, how Proton addresses the ‘compromised machine’ threat model.

Use these timestamps to jump to a particular section of the show.

The headlines have been on fire with stories about 3 billion people’s data being leaked from a company you’ve never heard of. But like many such stories, the mainstream media gets a lot of the important details wrong and glosses over a lot of the important nuances. Today we’re going to dive into what really happened and what you should do about it, whether your data was part of the breach or not.

In other news: Illinois waters down its landmark biometric information law; US court rules geofence warrants are unconstitutional; FTC to investigate :surveillance pricing” and files rule impacting shady product reviews; the CFPB cracks down on some types of consumer data sales; and Consumer Reports evaluates several top data deletion services.

Use these timestamps to jump to a particular section of the show.

Finding your soul mate or even just a one-night stand can all be done digitally now – there’s an app for that. Several, in fact. But in order to find the best match, you need to turn over a lot of extremely personal information. You probably also need to let the app track your location, so you’re only matching people within some acceptable distance. You would hope that dating apps would be better than other apps at securing your private data… but are they? And are these services selling my data to advertisers? Today I answer these questions and many more with Zoë MacDonald from Mozilla’s Privacy Not Included team who recently published a full report on this topic.

Use these timestamps to jump to a particular section of the show.

It’s time once again for cybersecurity professionals to make the pilgrimage to the scorching desert of Las Vegas, Nevada for a week of tech conferences that we lovingly refer to as Hacker Summer Camp. Today I’ll bring you my on-the-ground reporting from BSides and DEF CON. I’ll also bring you part 2 of my series on Open Source Intelligence (OSINT) and how to purge your personal data from the web.

In the news this week: Vegas hotels search hacker’s rooms; Apple and others fix old but important browser bug; NFL rolls out more facial recognition at stadiums; Ford looks to patent car surveillance tech; automakers sold your data to brokers for pennies; border agents can no longer search your smartphone without a warrant; judge rules that Google is a monopoly.

Use these timestamps to jump to a particular section of the show.

Jack Daniel is a storyteller, wanderer, comic, bartender, blacksmith, luthier, historian, mechanic, and the world’s oldest millennial. He is also one of the founders of Security BSides. Jack has a colorful and interesting history, and today we’ll learn about how and why he started BSides, delve into a little hacker conference history, talk about modern hackers and cybersecurity conferences and how he’s seen them change over the years, and how hackers and their conferences are vastly different than the others.

Use these timestamps to jump to a particular section of the show.

Last week, we all learned about a company called CrowdStrike that apparently has the capability to single-handedly bring multiple airlines, hospitals and other large companies to their knees in an instant. There are many lessons we should be learning from this incident, though I’m not going to hold my breath. I’ll tell you what happened and what I think we should be doing to avoid a repeat of this incident in the future.

In other news: Google finally throws in the towel on blocking third-party cookies; a private organization claims to have gained access to advertising-based location data on Trump’s shooter; Republican VP candidate JD Vance forgets to make his Venmo data private; leaked docs show what phones Cellebrite can and can’t hack; Meta takes down thousands of accounts related to sextortion ring; and for my Tip of the Week, we’ll tackle part 1 of my article on deleting your public data from the web.

Use these timestamps to jump to a particular section of the show.

If someone decided to dig into your life – perhaps even try to ‘dox’ you – how might they go about doing that? What could they find about you right now on the internet? You might be surprised at how much information is readily available from public sources, including your local government agencies and state databases. Today I’ll be talking with Jason Edison from Intel Techniques whose day job is using open source intelligence, or OSINT, to find suspected criminals and whose night job is helping people remove that same information to protect their privacy and even personal security.

Use these timestamps to jump to a particular section of the show.

Ads on the web are beyond annoying – they are actually a threat to your privacy and sometimes even your security. Ads pay for a lot of the “free” web content we consume, but until ad networks stop tracking us and selling ad space to phishing and malware groups, we need tools to block them. Today I’ll give you two solid options for doing so.

In the news: Australian man charged for WiFi scam on flights; Airbnb reveals 35,000 complaints about hidden cameras; Linksys routers expose WiFi credentials; a massive new hacker list contains 10 billion unique passwords; a new AT&T call and text records data breach; Signal gets flak for response to storing encryption keys in the clear; Mozilla launches “privacy-preserving” ad attribution system (on by default); Proton launches encrypted Google Docs competitor.

Use these timestamps to jump to a particular section of the show.