Artificial Intelligence is taking over. But I don't mean that in a Skynet kinda way. It's simply becoming ubiquitous because companies are insisting on inserting the technology into all their products, even if it's not useful - or not even safe. Unfortunately, the breathless reporting on dangers of AI is also getting way out of hand, including stories of AI systems 'blackmailing' their designers. Today I'll try to bring us back to reality a bit.
Also in the news: Billions of session login cookies up for grabs; Meta and Yandex cheat in order to track you around the web; Qualcomm fixes three zero-day bugs being actively exploited; Apple releases transparency report on push notification data requests; LAPD using Waymo for gathering video evidence; another massive AT&T user data leak includes SSNs; AI system appears to try to blackmail its owner; judge grants preliminary injunction on DOGE data grab; and we'll check in on your 2025 New Year's Resolutions!
Article Links
[theregister.com] Billions of cookies up for grabs as experts warn over session security https://www.theregister.com/2025/05/29/billions_of_cookies_available/
[arstechnica.com] Meta and Yandex are de-anonymizing Android users’ web browsing identifiers https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/
More info: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could
[techcrunch.com] Phone chipmaker Qualcomm fixes three zero-days exploited by hackers https://techcrunch.com/2025/06/03/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers/
[404media.co] Apple Gave Governments Data on Thousands of Push Notifications https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/
[404media.co] LAPD Publishes Crime Footage It Got From a Waymo Driverless Car https://www.404media.co/lapd-publishes-crime-footage-it-got-from-a-waymo-driverless-car/
[cyberinsider.com] AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs https://cyberinsider.com/att-investigating-new-leak-of-86-million-customer-records-with-decrypted-ssns/
[bbc.com] AI system resorts to blackmail if told it will be removed https://www.bbc.com/news/articles/cpqeng9d20go
[eff.org] Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit https://www.eff.org/press/releases/privacy-victory-judge-grants-preliminary-injunction-opmdoge-lawsuit
Tip of the Week: https://firewallsdontstopdragons.com/2025-resolutions-check-in/
Further Info
2025 New Year’s Resolutions: https://firewallsdontstopdragons.com/new-years-resolutions-2025/
Privacy Guides: https://www.privacyguides.org/articles/
EFF’s Rayhunter project: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:50: A note on protest privacy
0:04:32: News preview
0:06:43: Billions of cookies up for grabs as experts warn over session security
0:18:27: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
0:25:59: Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
0:27:51: Apple Gave Governments Data on Thousands of Push Notifications
0:33:25: LAPD Publishes Crime Footage It Got From a Waymo Driverless Car
0:37:39: AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs
0:41:51: AI system resorts to blackmail if told it will be removed
0:51:40: Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit
0:56:04: Tip of the Week
0:58:13: Wrapup
--------
1:00:35
Dialog with the Data Diva
Debbie Reynolds (aka, The Data Diva) has been working in the privacy realm for many years, as a privacy consultant, speaker, advisor and podcaster. She and I have been running in the same circles on LinkedIn for a while now, and we finally decided it was time to be a guest on each other's shows. Today Debbie and I will discuss the dangers of privacy in the realm of IoT devices (including her contributions on the US Department of Commerce's IoT Advisory Board), vehicles, and AI. I'll ask about her experiences advising corporations on privacy issues with emerging technologies and how she advocates for less data gathering and more transparency.
Interview Notes
Debbie Reynolds consulting: https://www.debbiereynoldsconsulting.com/
Data Diva podcast: https://www.debbiereynoldsconsulting.com/podcast
My interview on Debbie’s podcast: https://www.debbiereynoldsconsulting.com/podcast/e228-carey-parker
The Right to Privacy book (1995): https://www.amazon.com/Right-Privacy-Caroline-Kennedy/dp/0679419861
IoT Advisory Board report: https://www.debbiereynoldsconsulting.com/iot-advisory-board
Shodan search: https://www.shodan.io/
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:01:27: During your privacy career, how have privacy changed?
0:05:59: How do you define privacy?
0:08:51: What were your contributions on the IoT Advisory Board?
0:12:54: Who was the primary audience for that report?
0:15:49: Which IoT devices have the worst privacy?
0:19:33: How bad are modern cars in terms of privacy?
0:29:50: How does AI threaten our privacy today?
0:33:30: How can we mitigate AI privacy risks?
0:40:11: How can we convince companies to truly embrace user privacy?
0:45:36: What are some of the biggest privacy mistakes companies make?
0:49:34: Why can't we have a global tracking opt-out signal?
0:53:52: What can we learn from the EU's GDPR?
0:58:35: So what can we do to improve our privacy?
1:00:50: Patron preview
1:01:21: Looking ahead
--------
1:02:36
Life in the Panopticon
Tracking our faces and whereabouts is getting out of control. It's a mass surveillance infrastructure that keeps growing in Borg-like fashion. Facial recognition and license plate readers are proliferating at a stupefying pace and companies like Flock are consolidating the collected data and packaging it up for sale to law enforcement agencies. Even if no human in these agencies were to abuse this data, it's creating an irresistible target for scheming hackers and nation states keen on espionage. The longer we let this go, the harder it will be to stop.
In today's news: Asus routers are being hacked and you need to take action; 23andMe has been sold, along with its users' genetic data; AI-generated videos have just become way more realistic; US government taps surveillance company to centralize all its citizen data; CFPB regulation limiting data brokers is axed; Kroger is packaging and selling its customer loyalty data; automated license plate reader data use is expanding in scary ways; Android phones gain key new security feature; EU court rules that real-time bidding data gathering is illegal; Montana is first state to plug data broker loophole; and I relate my recent privacy experience at the US border.
Article Links
[LifeHacker.com] If You Have an Asus Router, You Need to Check If It's Been Hacked https://lifehacker.com/tech/asus-routers-hacked
[404media.co] 23andMe Sale Shows Your Genetic Data Is Worth $17 https://www.404media.co/23andme-sale-shows-your-genetic-data-is-worth-17/
[lifehacker.com] You Are Not Prepared for This Terrifying New Wave of AI-Generated Videos https://lifehacker.com/tech/you-are-not-prepared-for-this-new-wave-of-ai-generated-videos
[nytimes.com] Trump Taps Palantir to Compile Data on Americans https://www.nytimes.com/2025/05/30/technology/trump-palantir-data-americans.html
[techcrunch.com] White House scraps plan to block data brokers from selling Americans’ sensitive data https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/
[therecord.media] Consumer Reports: Kroger using loyalty program to package, sell customer data https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data
[404media.co] A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion https://www.404media.co/a-texas-cop-searched-license-plate-cameras-nationwide-for-a-woman-who-got-an-abortion/
[404media.co] License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/
[arstechnica.com] Android phones will soon reboot themselves after sitting unused for 3 days https://arstechnica.com/gadgets/2025/04/android-phones-will-soon-reboot-themselves-after-sitting-unused-for-3-days/
[signal.org] By Default, Signal Doesn't Recall https://signal.org/blog/signal-doesnt-recall/
[therecord.media] EU court rules that tracking-based online ads are illegal https://therecord.media/eu-court-rules-tracking-based-ads-illegal
[eff.org] Montana Becomes First State to Close the Law Enforcement Data Broker Loophole https://www.eff.org/deeplinks/2025/05/montana-becomes-first-state-close-law-enforcement-data-broker-loophole
Tip of the Week: https://firewallsdontstopdragons.com/border-insecurity-update/
The Atlantic: How to Disappear https://www.theatlantic.com/ideas/archive/2025/05/extreme-personal-data-privacy-protection/682867/
BADBOOL data removal service list: https://docs.google.com/spreadsheets/d/115L6LpQg_UX638IyUfdwGhRS7dIU3lKwz6fjAcDtE-0/edit?gid=0#gid=0
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Recommend news stories: send to news [at] firewallsdontstopdragons.com
--------
1:26:01
Dividing Trust
VPNs were not invented for privacy, despite the name - they were invented for security. Nevertheless, in recent years, they have been touted as privacy tools to thwart rampant and fanatical data gathering. With a regular VPN, this really just means you're shifting your trust from your internet service provider to your VPN provider. But what if your encrypted data traffic was actually divided between two separate companies? The split trust model is a powerful way to protect your privacy and it's the key technology behind new services like Apple's Private Relay and Obscura VPN. Today we'll discuss the benefits of this approach with Obscura's founder, Carl Dong.
Interview Notes
Obscura VPN: https://obscura.net/
Wireguard: https://en.wikipedia.org/wiki/WireGuard
Obscura Wireguard configuration tool: https://obscura.net/#faq-wireguard-config
QUIC explainer video: https://www.youtube.com/watch?v=HnDsMehSSY4
Masque: https://datatracker.ietf.org/wg/masque/about/
Privacy Pass: https://privacypass.github.io/
Anubis: https://anubis.techaro.lol/docs/design/how-anubis-works/
How Onion Routing Works: https://firewallsdontstopdragons.com/how-onion-routing-works/
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Recommend news stories: send to news [at] firewallsdontstopdragons.com
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:01:16: Interview setup
0:04:46: Lingo definitions
0:09:48: Why do we need yet another VPN?
0:15:00: How does Obscura differ from Apple Private Relay and Tor?
0:21:59: How little info can you give to set up an Obscura account?
0:25:33: What is the Bitcoin Lightning Network?
0:27:30: How can we know how much logging a VPN provider is doing?
0:35:04: Does Obscura have the same quirks as regular VPNs?
0:42:10: How vulnerable are you to being taken down by governments?
0:46:11: What are the core technologies in Obscura?
0:50:49: What do you think about Safing's IP-per-connection idea?
0:54:00: Are you planning to expand your partner VPNs?
0:56:41: How does Obscura handle the TunnelVision problem?
0:59:57: What is the roadmap for supporting other operating systems?
1:03:14: What's next for Obscura?
1:04:32: Interview wrap-up
1:09:19: Patron podcast preview
1:09:50: Looking ahead
--------
1:10:19
Slay Message Snoopers
There are way too many messenger apps today. It's a sad state of affairs and I don't see it getting better anytime soon. But the real problem (for me) is that almost all of the popular messenger apps aren't really that secure and private. Most do not have end-to-end encryption (E2EE) at all or it's not turned on by default. And frankly even the apps with E2EE are run by companies whose revenue model is based on monetizing your personal data. I'm going to suggest you try Signal.
In other news: study finds Canadian's health data being sold to drug makers; DOGE worker's computer has been hacked; airlines are selling your data to ICE; a massive proxy botnet has been shut down; Google pays $1.4B to Texas over unauthorized tracking and data collection; Denver decides to stop using license plate readers of privacy concerns; jury orders NSO Group to pay hundreds of millions of dollars for hacking WhatsApp users.
Article Links
[cbc.ca] Millions of Canadians' health data available for sale to pharmaceutical industry, study shows https://www.cbc.ca/news/health/health-data-records-pharmaceutical-private-clinics-1.7529955
[micahflee.com] DOGE bro Kyle Schutt's computer infected by malware, credentials found in stealer logs https://micahflee.com/doge-bro-kyle-schutts-computer-infected-by-malware-credentials-found-in-stealer-logs/
[jacobin.com] Airlines Are Selling Your Data to ICE https://jacobin.com/2025/05/airlines-data-ice-trump-immigration/
[The Hacker News] BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html
[The Hacker News] Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection https://thehackernews.com/2025/05/google-pays-1375-billion-to-texas-over.html
[9news.com] Denver will stop using license plate reader cameras amid privacy worries https://www.9news.com/article/news/local/local-politics/license-plate-reader-camera-data-security-concerns/73-9c570252-9d1c-4e5c-b042-c12392aa1081
[arstechnica.com] Jury orders NSO to pay $167 million for hacking WhatsApp users https://arstechnica.com/security/2025/05/jury-orders-nso-to-pay-167-million-for-hacking-whatsapp-users/
Tip of the Week: Slay Snoopers: https://firewallsdontstopdragons.com/dragon-hacks-slay-snoopers/
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Recommend news stories: send to news [at] firewallsdontstopdragons.com
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:43: News preview
0:02:53: Millions of Canadians' health data available for sale to pharmaceutical industry
0:08:39: DOGE engineer's computer infected by malware
0:14:38: Airlines Are Selling Your Data to ICE
0:22:05: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in US, Dutch Operation
0:28:04: Google Pays $1.375 Billion to Texas Over Unauthorized Tracking and Biometric Data Collection
0:30:21: Denver will stop using license plate reader cameras amid privacy worries
0:34:54: Jury orders NSO to pay $167 million for hacking WhatsApp users
0:39:17: Tip of the Week: Slay Snoopers
0:44:31: Wrap-up