Episodios

  • Identity Resolution

    Identity Resolution
    Apr 13 2026

    There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards.

    Interview Notes
    • Victory Medium (Zach): https://victorymedium.com/
    • Check My Ads (Iesha): https://checkmyads.org/
    • TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/
    • Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now
    • US v Google: https://www.usvgoogleads.com/
    • IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/
    • DROP portal: https://privacy.ca.gov/drop/
    • Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/
    • Apple’s Hide My Email: https://support.apple.com/en-us/105078
    Further Info
    • My book: https://fdsd.me/book
    • My newsletter: https://fdsd.me/newsletter
    • Support the mission: https://fdsd.me/support
    • Give the gift of privacy and security: https://fdsd.me/coupons
    • Recommend news stories: send to news [at] firewallsdontstopdragons.com
    • Send me your questions! https://fdsd.me/qna
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
    Table of Contents
    • 0:00:20: Intro
    • 0:02:22: Learning the lingo
    • 0:03:34: What identifiers are used to track us online?
    • 0:12:00: How else are we being tracked?
    • 0:23:20: How are we tracked in the physical world?
    • 0:31:54: How do brick and mortar stores track us?
    • 0:37:46: What if the data is wrong?
    • 0:43:58: What if I’m okay with targetted ads?
    • 0:49:14: How does my data overlap your data?
    • 0:54:01: Can’t this tracking also be used to stop fraud?
    • 0:58:08: Why can’t we just use contextual ads?
    • 1:05:22: What can we do about this?
    • 1:13:00: What does NOT work to stop tracking?
    • 1:14:10: What’s next for you two?
    • 1:17:43: Wrap-up
    • 1:21:05: Patron podcast preview
    • 1:21:56: Looking ahead
    Más Menos
    1 h y 24 m
  • Routers Behaving Badly

    Routers Behaving Badly
    Apr 6 2026
    The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain. In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case. Article Links Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-dataThis Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcastsThis Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbersThese critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concernsH&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerabilityThis New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressionsThe United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainermacOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commandsMeta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25 Further Info Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro0:01:03: News rundown0:03:17: Walmart buys Vizio for ads, data0:08:57: Public Zoom calls secretly turned into podcasts0:17:24: Navia leaks millions of SSNs0:20:28: TP-Link router vulnerabilities0:36:25: H&R Block’s horrific tax software0:45:41: New Claude Mac feature is too dangerous0:48:22: macOS 24 blocks ClickFix?0:50:44: Facebook, Google lose huge lawsuit0:54:22: Patron podcast preview0:54:58: Looking ahead
    Más Menos
    56 m
  • Privacy Guides Panel

    Privacy Guides Panel
    Mar 30 2026

    Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors.

    Interview Notes
    • Privacy Guides: https://www.privacyguides.org/
    • The New Oil: https://thenewoil.org/
    • Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/
    • This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455
    • Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/
    • Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/
    Further Info
    • My book: https://fdsd.me/book
    • My newsletter: https://fdsd.me/newsletter
    • Support the mission: https://fdsd.me/support
    • Give the gift of privacy and security: https://fdsd.me/coupons
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
    Table of Contents
    • 0:00:18: Intro
    • 0:02:11: Why did you get into privacy?
    • 0:07:44: What’s the most enduring privacy myth?
    • 0:14:13: Do you find people dislike the answer “it depends”?
    • 0:16:50: How would you describe your target audience?
    • 0:22:00: How do you evaluate privacy products?
    • 0:27:59: What products have you unrecommended and why?
    • 0:34:27: What are major privacy red flags?
    • 0:43:09: What product do you use that you do not recommend to others?
    • 0:48:05: How will you handle age checks or repeal of Section 230?
    • 0:55:09: Who do you look to for privacy advice?
    • 1:04:22: What’s next for you guys?
    • 1:08:30: Wrap-up
    • 1:10:46: Patron podcast preview
    • 1:11:24: Looking ahead
    Más Menos
    1 h y 12 m
  • Spring Cleaning

    Spring Cleaning
    Mar 23 2026
    When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface. Article Links Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malwareInstagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryptionViral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymizationEU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-settingTip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ Further Info Greynoise IP Check: https://check.labs.greynoise.io/ Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro0:01:35: News rundown0:03:41: Update your Asus routers0:08:55: Instragram drops E2EE0:12:57: Porn addiction app exposed user data0:19:54: Dangers of age verification laws0:30:45: Car surveillance mandatory in 20270:35:46: Cyberattack kills breathalizer-equipped cars0:39:41: LLMs can deanonymize users0:51:11: Chat Control defeated!0:55:22: Firefox free VPN coming0:59:05: New Apple security fix mechanism1:03:14: Tip of the Week1:09:09: More security tips1:13:53: Patron podcast preview1:14:17: Looking ahead
    Más Menos
    1 h y 16 m
  • Surveillance Pricing

    Surveillance Pricing
    Mar 16 2026

    When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening.

    Interview Notes
    • Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/
    • Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/
    • Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo
    • Consumer Reports: https://www.consumerreports.org/
    • More Perfect Union: https://perfectunion.us/
    • Get involved: https://action.consumerreports.org/
    • Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/
    • Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/
    • Amazon price tracker: https://camelcamelcamel.com/
    Further Info
    • My book: https://fdsd.me/book
    • My newsletter: https://fdsd.me/newsletter
    • Support the mission: https://fdsd.me/support
    • Give the gift of privacy and security: https://fdsd.me/coupons
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
    Table of Contents
    • 0:00:13: Intro
    • 0:02:44: What’s your background?
    • 0:04:26: What triggered this study?
    • 0:06:08: How did you test this theory?
    • 0:09:25: How prevalent is this practice?
    • 0:11:27: What is a “customer surplus”?
    • 0:13:44: Did the pandemic exacerbate this?
    • 0:15:08: Is this practice legal?
    • 0:21:42: How do ESL’s work?
    • 0:25:52: Are all the add-on fees legit?
    • 0:28:01: Are the stores participating in this, too?
    • 0:32:01: What do they learn from loyalty programs?
    • 0:37:38: Are digital coupons dynamic, too?
    • 0:41:07: Does this amount to price fixing?
    • 0:44:21: What’s been the reaction to your report?
    • 0:49:00: What will you study next?
    • 0:53:04: What can we do about this?
    • 0:58:39: How can we support your work?
    • 1:00:39: Wrap-up
    • 1:03:27: Patron podcast preview
    Más Menos
    1 h y 5 m
  • Fixing ClickFix

    Fixing ClickFix
    Mar 9 2026
    Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to. In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource. Article Links Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.htmlWhat Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disasterNew AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillancePrivacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10Ente Locker – Safe space for your most important documents https://ente.io/locker/Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/ Further Info My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:08: Intro0:01:54: News rundown0:03:36: Amazon wishlist change exposes your address0:08:44: New iOS exploit kit leaks0:14:21: Israel hacked traffic cams to kill Khamenei0:17:19: Meta’s AI glasses privacy nightmware0:22:32: AirSnitch WiFi attack0:26:31: Microsoft AI bug exposes private emails0:29:35: Discord backtracks on age verification0:34:38: Senators reintroduce surveillance transparency bill0:39:15: Call to remove hidden surveillance cameras0:44:44: Ente Locker0:47:51: Privacy Activist Toolbox0:51:53: Tip of the Week1:00:36: Patron podcast preview1:02:15: Looking ahead
    Más Menos
    1 h y 3 m
  • Double Blind Armadillo

    Double Blind Armadillo
    Mar 2 2026

    Cellular providers need to know your location in order to deliver calls and text message to your phone. But it turns out that they really don’t need to know who you are to give you that service. They only need to know how to bill you – and that information can be at little as knowing your ZIP+4 code. Why do we give so much personal information to our mobile service providers when we don’t have to? Today, Nick Merrill, founder of Phreeli, will explain how he can give you top notch cell service and know almost nothing about you.

    Interview Notes
    • Phreeli: https://www.phreeli.com/
    • Double Blind Armadillo: https://www.phreeli.com/files/PhreeliDoubleBlindArmadilloWhitePaper.pdf
    • Wired article: https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/
    • Call Detail Record: https://en.wikipedia.org/wiki/Call_detail_record
    • 2600 Magazine: https://www.2600.com/
    • Zero-Knowledge Proofs: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/
    Further Info
    • My book: https://fdsd.me/book
    • My newsletter: https://fdsd.me/newsletter
    • Support the mission: https://fdsd.me/support
    • Give the gift of privacy and security: https://fdsd.me/coupons
    • Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
    Table of Contents
    • 0:00:12: Intro
    • 0:02:25: Zero Knowledge Proofs!
    • 0:03:35: Lingo
    • 0:07:29: How did you come to found Phreeli?
    • 0:15:08: Who is your target audience?
    • 0:19:18: How can you get by with just ZIP+4?
    • 0:24:10: Is Phreeli more private, say, Mint?
    • 0:28:33: How do I recover my Phreeli acccount?
    • 0:30:22: What identifiers are tied to cell phones?
    • 0:37:12: Can Phreeli work law requires KYC?
    • 0:41:09: How do you separate billing from service?
    • 0:47:23: How can a cellular provider hide a user’s location?
    • 0:51:44: Do telecom networks have inherent privacy problems?
    • 0:55:30: How do you handle lawful intercept?
    • 0:59:13: How do you convince the skeptics?
    • 1:02:19: What’s the current feature roadmap?
    • 1:04:19: Wrap-up
    • 1:08:59: Patron podcast preview
    • 1:10:35: Looking ahead
    Más Menos
    1 h y 12 m
  • New Google Alternatives

    New Google Alternatives
    Feb 23 2026
    In my seemingly never-ending quest to replace all things Google, I’ve finally found some solid, private alternatives to Google Sheets and Google Forms. And we’ll also talk about how the EU is looking to create competing products to reduce their dependence on Big Tech from Silicon Valley. In the news: Australian drivers’ info exposed in breach; school admissions website leaked student data; Discord is rolling out age verification; more countries move to ban social media for kids; Big Tech companies volunteer data to DHS on anti-ICE users; Meta wanted to sneak out facial recognition; researchers find tricky bugs in password managers; DJI robovacs were wide open on the internet; Ring’s mass surveillance efforts garner blow back; Russia blocks WhatsApp and Telegram. Article Links More than 200,000 Australian drivers exposed in massive data breach https://www.drive.com.au/news/over-200000-driver-licences-hacked-in-massive-data-breach/Bug in student admissions website exposed children’s personal information https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-outThese are the countries moving to ban social media for children https://techcrunch.com/2026/02/17/social-media-ban-children-countries-list/Reddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users https://gizmodo.com/reddit-meta-and-google-voluntarily-gave-dhs-info-of-anti-ice-users-report-says-2000722279Meta reportedly wants to add face recognition to smart glasses while privacy advocates are distracted https://www.theverge.com/tech/878725/meta-facial-recognition-smart-glasses-name-tag-privacy-advoatesPassword managers less secure than promised https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.htmlThe DJI Romo robovac had security so poor, this man remotely accessed thousands of them https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqttWith Ring, American Consumers Built a Surveillance Dragnet https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/WhatsApp and Telegram blocked in Russia, Meta ‘extremist organization’ https://9to5mac.com/2026/02/12/whatsapp-and-telegram-blocked-in-russia-as-meta-designated-an-extremist-organization/Europe is ready to ditch US tech for private alternatives https://proton.me/blog/european-alternative-us-tech-surveyTip of the Week: https://firewallsdontstopdragons.com/de-google-my-life-part-5/ Further Info Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time/ Try Mastodon! https://firewallsdontstopdragons.com/how-to-move-to-mastodon/ Proton referral link: https://pr.tn/ref/ZMNG3DNK My book: https://fdsd.me/book My newsletter: https://fdsd.me/newsletter Support our mission! https://fdsd.me/support Give the gift of privacy and security: https://fdsd.me/coupons Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch Table of Contents 0:00:07: Intro0:01:54: News rundown0:04:27: 200k+ Australian drivers’ data exposed0:08:08: Aadmissions site exposed children’s info0:12:44: Discord to implement age checks0:23:50: Countries looking to ban social media for kids0:29:40: Meta, Google Gave DHS Info of Anti-ICE Users0:32:37: Meta wants to add face recognition while privacy advocates are distracted0:37:10: Password manager bugs fixed0:39:57: DJI robovacs security flaw fixed0:45:43: Ring’s new Search Party feature0:56:36: Russia blocks Telegram, WhatsApp0:59:15: Europe is ready to ditch US tech1:04:26: Tip of the Week1:08:07: Proton referral1:08:50: Patron podcast preview1:09:20: Looking ahead
    Más Menos
    1 h y 10 m