Send us Fan Mail

You already knew you were the product. But did you know you're also the teacher?

Companies are quietly feeding your emails, your work decisions, your customer interactions, and your daily patterns into AI systems — systems designed to automate exactly what you do. And most people have no idea it's happening.

In this episode of Privacy Please, we break down how it works, who's doing it, why your right to delete your own data is functionally broken in the AI era, and what you can actually do about it.

What we cover:

• How "function creep" turns your data into AI training fuel without new consent
• The GitHub policy change that's happening right now — and how to opt out
• Why employees at Amazon, Google, and JPMorgan described training AI as "building your own coffin."
• The deletion problem — why you can't remove yourself from a trained model
• Practical steps to audit your tools and protect yourself today

Links:

• GitHub opt-out: github.com/settings/copilot/features
• Khan v. Figma lawsuit: rainintelligence.com
• FTC on AI data practices: ftc.gov
• Check your state privacy rights: iapp.org/resources/article/us-state-privacy-legislation-tracker
• Delete old posts: redact.dev

Privacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen

Support the show

Send a text

Your anonymous account isn't anonymous anymore. Researchers just proved it costs $4 to find out who you are.

In February 2026, a team from ETH Zurich and Anthropic published a paper that quietly ended the era of practical online anonymity. Their AI pipeline, using nothing but your posts, comments, and forum activity, correctly identified 67% of pseudonymous users from a pool of 89,000 candidates. No name. No photo. No metadata. Just your words.

This episode breaks down exactly how it works, why it's different from every deanonymization scare before it, who's most at risk, and what you can actually do about it.

In this episode:

• How the ESRC pipeline (Extract, Search, Reason, Calibrate) works
• Why previous anonymity attacks required structured data, and this one doesn't
• Why commercial AI safety guardrails didn't stop it
• What "practical obscurity" meant, and why it's gone
• Concrete steps to reduce your exposure today

Links:

• Research paper: arxiv.org/abs/2602.16800
• Delete your Reddit history: redact.dev
• Tor Project: torproject.org
• Signal: signal.org

Privacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen

Support the show

Send a text

Cameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance.

Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust.

In this episode, we dig into:

• Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secure
• The three stages of compliance maturity — and how to climb them
• What "compliance debt" is and why it's quietly eating your business
• How smart CISOs use their security posture as a revenue driver, not a back-office cost center
• The "$100/month" challenge: what actually moves the needle for startups
• How AI is reshaping compliance programs — for better or worse
• Why Girish spent over a year talking to customers before writing a single line of code

Plus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question.

🔗 Find Sprinto at sprinto.com

Support the show