Now that we've tracked down all our old online accounts, it's time to make them more secure and review the data they contain. We should download a copy of that data for safe keeping before we ultimately delete or suspend the accounts. We'll discuss this next step in our journey of reducing our online data footprint - our Data Diet.
In the news: Windows 10 support has officially ended; seniors targeted with malware from Facebook groups; Tile trackers can also track you; massive Salesforce data leaked after refusing to pay ransom; dangerous Discord breach; Apple, Google to reluctantly comply with new Texas age law; California enacts age-verification law; EU Chat Control defeated; California makes GPC universally available; largest CCPA fine to date levied against TSC.
Article Links
Windows 10 support “ends” today, but it’s just the first of many deaths https://arstechnica.com/gadgets/2025/10/windows-10-support-ends-today-but-its-just-the-first-of-many-deaths/
Seniors targeted in global Facebook scam spreading new Android malware https://therecord.media/seniors-targeted-facebook-android-malware-scam
Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/
ShinyHunters Leak Data from Qantas, Vietnam Airlines and Others https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/
The Discord Hack is Every Users’ Worst Nightmare https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/
Apple and Google reluctantly comply with Texas age verification law https://arstechnica.com/tech-policy/2025/10/apple-and-google-reluctantly-comply-with-texas-age-verification-law/
California enacts its own internet age-gating law https://www.theverge.com/news/798871/california-governor-newsom-age-gating-ab-1043
Citizen Protest Halts Chat Control https://www.patrick-breyer.de/en/citizen-protest-halts-chat-control-breyer-celebrates-major-victory-for-digital-privacy/
California Governor signs first-in-the-nation privacy bill into law https://advocacy.consumerreports.org/press_release/california-governor-signs-first-in-the-nation-privacy-bill-into-law
CPPA fines Tractor Supply Company $1.4 million for privacy violations https://therecord.media/ccpa-tractor-supply-privacy-fine
Tip of the week: https://firewallsdontstopdragons.com/secure-old-accounts/
Further Info
How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/
Setting up Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:28: News preview
0:02:31: Win10 support ended
0:08:19: Seniors targeted with malware from Facebook groups
0:12:00: Tile trackers can also track you
0:19:51: Massive Salesforce data leak
0:26:50: Dangerous Discord breach
0:32:35: Apple, Google to comply with new Texas age law
0:39:47: CA enacts age-verification law
0:44:56: EU Chat Control defeated!
0:49:33: CA makes GPC universally available
0:55:02: Largest CCPA fine to date
0:57:02: Tip of the Week
1:01:41: Wrapping up
1:02:29: Looking ahead
--------
1:04:22
--------
1:04:22
Project Franklin Wants You
Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn't done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the 'cyber poverty line'. Today we'll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help.
Interview Notes
DEF CON Franklin: https://defconfranklin.com/
For more info or help, email “defconfranklin” at gmail.com.
Volt Typhoon: https://en.wikipedia.org/wiki/Volt_Typhoon
Initial Franklin trials: https://harris.uchicago.edu/news-events/news/first-water-utilities-take-volunteer-cyber-help
Franklin Almanac: https://defconfranklin.com/almanack.html
Franklin launch (DEF CON 32): https://www.youtube.com/watch?v=0TdY9JUaybc
DEF CON 33 Franklin update: https://defconfranklin.com/water_cybersec.html
Jake’s books: https://www.amazon.com/s?i=digital-text&rh=p_27%3AJake%2BBraun
More help: https://www.cybervolunteers.us/en
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:03:19: Why did you start the DEF CON Franklin project?
0:07:58: Why did you focus on protecting water systems?
0:12:41: Why target our water systems?
0:17:10: How do protect 50,000+ water facilities?
0:22:01: What are key takeaways from your first trials?
0:24:53: What are some of challenges you've faced?
0:29:13: Why did we ever put critical infrastructure on the internet?
0:31:05: Are there third parties involved in facility security, too?
0:32:45: How do you coordinate your efforts with other, similar orgs?
0:36:32: How do you know when your job is finished?
0:39:14: Are you getting support from the US government?
0:41:31: What's next for Franklin? How can we help?
0:43:38: What's the long term roadmap for Franklin?
0:45:00: Interview wrap-up
0:46:54: Patron podcast preview
0:47:52: Looking ahead
0:49:11: My other stuff
--------
49:51
--------
49:51
Tech Time Bombs
There are literally billions of devices connected to the internet today - many of them cheap, insecure IoT devices... smart thermostats, doorbell cameras, webcams, cheap WiFi routers and other smart appliances. As we like to say, the "S" in "IoT" is for security. And when insecure devices are no longer supported, the security bugs will never be fixed. We'll discuss the implications of this growing problem and potential solutions with a passionate right-to-repair advocate and the founder of the Secure Resilient Future Foundation, Paul Roberts.
Interview Notes
Secure Resilient Future Foundation: https://secure-resilient.org/
The Security Ledger: https://securityledger.com/
Tech Timebombs: https://www.youtube.com/watch?v=koZERADCyug
Secure Repairs: https://securepairs.org/
Paul’s Congressional testimony: https://judiciary.house.gov/committee-activity/hearings/there-right-repair
FULU Foundation: https://fulu.org/
US PIRG: https://pirg.org/
Institute for Security and Technology: https://securityandtechnology.org/
NIST 800-232: https://csrc.nist.gov/pubs/sp/800/232/ipd
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:01:42: Interview terminology
0:03:22: How did you come to found SRFF?
0:08:24: Why are abandoned IoT devices "tech time bombs"?
0:16:53: What are the dangers of hacked IoT devices?
0:18:28: Is there any real liability for making insecure IoT devices?
0:23:36: How important is transparency to law making?
0:29:07: How does the right to repair interact with IoT security?
0:38:33: How should consumers be made aware of abandoned devices?
0:43:56: Can we rely on ISP's to block insecure devices?
0:46:42: What other groups are working on improving IoT security?
0:52:24: Should the gov't be funding research into securing IoT devices?
1:01:20: What can we do to help?
1:06:58: Patron podcast preview
1:07:31: Looking ahead
--------
1:08:54
--------
1:08:54
Ente: Private by Design
It's rare these days to find a well-designed and useful application that was made to be private from the get-go. Too many apps today view your personal data as a cash cow to be mercilessly milked, claiming to value your privacy when they really value the extra revenue they can make off of your private data. When I find useful apps that are private by design, especially ones that can replace more popular apps that harvest our data, I like to call attention to them: in this case, Ente Photos. Today I'll ask the founder and CEO why privacy is important to him and how it influenced his design approach.
Interview Notes
Ente Photo: https://ente.io/
Ente Auth: https://ente.io/auth/
Ente’s Machine Learning: https://ente.io/ml/
Ken Thompon’s lecture on trust: https://dl.acm.org/doi/10.1145/358198.358210
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:04:08: interview terminology
0:06:44: Why did you start Ente and why do you care about privacy?
0:15:23: Why should we trust Ente with our private data?
0:20:14: What private information does Ente collect?
0:25:12: How hard is it for 3rd party apps to integrate with the OS?
0:29:39: Is Ente more private than Apple Photos with ADP enabled?
0:31:40: How hard is it to migrate from Google or Apple Photos to Ente?
0:34:30: Is facial recognition metadata in a standard, portable format?
0:35:51: How hard is it to export photos from Ente?
0:37:57: Does Ente Auth allow for easy export and backup?
0:39:28: How do you backup your Ente photos?
0:41:12: How much of Ente's AI photo processing is purely on-device?
0:45:51: How do you vet third party software libraries for privacy?
0:49:07: What data could Ente give, if required, to law enforcement?
0:52:43: How can we pass on our legacy of memories to our kids?
0:54:55: What's next for Ente?
0:59:43: Interview wrap-up
1:00:56: Patron podcast preview
1:01:36: Looking ahead
--------
1:02:51
--------
1:02:51
Find Old Accounts (Part 2)
In our quest to clean up and secure our data, today I will give you several clever and useful techniques for uncovering old, forgotten online accounts. We'll scrape the bottom of the barrel to complete our list of accounts so that we can upgrade their security, see what data they have, and remove anything we no longer want floating around out there, waiting to be stolen or abused.
In the news: Chat Control is up for a vote in the EU (time to contact your MEPs); Samsung to show ads on their smart refrigerators; new automated sextortion spyware; a third of UK firms spying on employees; airlines sells 5B flight records for warrantless searching; ICE signs $3M contract for phone hacking tool; ChatGPT to guess your age or require ID; Swiss government looks to enable mass surveillance; Google Pixel 10 adds C2PA support; Apple iPhone 17 includes killer hardware security feature.
Article Links
Chat Control: Can the EU Parliament save our encrypted chats? https://www.techradar.com/vpn/vpn-privacy-security/chat-control-can-the-eu-parliament-save-our-encrypted-chats
Samsung confirms its $1,800+ fridges will start showing you ads https://www.androidauthority.com/samsung-confirms-smart-refrigerator-ads-are-coming-3598848/
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn https://www.wired.com/story/stealerium-infostealer-porn-sextortion/
A third of UK firms using 'bossware' to monitor workers' activity, survey reveals https://www.theguardian.com/world/2025/sep/14/uk-firms-bossware-monitor-workers-activity
Airlines Sell 5 Billion Plane Ticket Records to the Government For Warrantless Searching https://www.404media.co/airlines-sell-5-billion-plane-ticket-records-to-the-government-for-warrantless-searching/
ICE unit signs new $3M contract for phone-hacking tech | TechCrunch https://techcrunch.com/2025/09/18/ice-unit-signs-new-3-million-contract-for-phone-hacking-tech/
ChatGPT Will Guess Your Age and Might Require ID for Age Verification https://www.404media.co/chatgpt-will-guess-your-age-and-might-require-id-for-age-verification/
Swiss government looks to undercut privacy tech, stoking fears of mass surveillance https://therecord.media/switzerland-digital-privacy-law-proton-privacy-surveillance
Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity https://thehackernews.com/2025/09/google-pixel-10-adds-c2pa-support-to.html
The iPhone 17 memory shield will give spyware developers a hard time https://appleinsider.com/articles/25/09/11/the-iphone-17-memory-shield-will-give-spyware-developers-a-hard-time
Tip of the Week: https://firewallsdontstopdragons.com/find-old-accounts-part-2/
Further Info
Fight Chat Control in EU: https://fightchatcontrol.eu/
ARC opt out: https://www2.arccorp.com/site-privacy-policy/#17
LinkedIn privacy settings to change: https://discuss.privacyguides.net/t/linkedin-change-of-tos-opt-out-before-november-3rd/31199
Privacy Guides: https://www.privacyguides.org/
Coalition for Content Provenance and Authenticity: https://c2pa.org/
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:23: Few PSA's
0:03:37: News preview
0:05:35: EU's Chat Control vote coming soon
0:10:46: Samsung smart fridges to start showing ads
0:16:17: New automated sextortion malware
0:21:24: A third of UK companies spy on employees
0:25:51: Airlines sell 5B records for warrantless searches
0:31:44: ICE signs $3M contract for phone hacking tool
0:34:08: ChatGPT to guess your age or require ID
0:38:11: New Swiss law would uncut user privacy
0:42:46: Google Pixel 10 Adds C2PA Support
0:45:50: iPhone 17 adds killer new security feature
México