Firewalls Don't Stop Dragons Podcast

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface.

Article Links

Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware

Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption

Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/

Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/

Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization

EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/

Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/

You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting

Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ 

Further Info

Greynoise IP Check: https://check.labs.greynoise.io/ 

Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 

CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services 

CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:35: News rundown

0:03:41: Update your Asus routers

0:08:55: Instragram drops E2EE

0:12:57: Porn addiction app exposed user data

0:19:54: Dangers of age verification laws

0:30:45: Car surveillance mandatory in 2027

0:35:46: Cyberattack kills breathalizer-equipped cars

0:39:41: LLMs can deanonymize users

0:51:11: Chat Control defeated!

0:55:22: Firefox free VPN coming

0:59:05: New Apple security fix mechanism

1:03:14: Tip of the Week

1:09:09: More security tips

1:13:53: Patron podcast preview

1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening.

Interview Notes

Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/ 

Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo 

Consumer Reports: https://www.consumerreports.org/ 

More Perfect Union: https://perfectunion.us/ 

Get involved: https://action.consumerreports.org/ 

Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/ 

Amazon price tracker: https://camelcamelcamel.com/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:13: Intro

0:02:44: What’s your background?

0:04:26: What triggered this study?

0:06:08: How did you test this theory?

0:09:25: How prevalent is this practice?

0:11:27: What is a “customer surplus”?

0:13:44: Did the pandemic exacerbate this?

0:15:08: Is this practice legal?

0:21:42: How do ESL’s work?

0:25:52: Are all the add-on fees legit?

0:28:01: Are the stores participating in this, too?

0:32:01: What do they learn from loyalty programs?

0:37:38: Are digital coupons dynamic, too?

0:41:07: Does this amount to price fixing?

0:44:21: What’s been the reaction to your report?

0:49:00: What will you study next?

0:53:04: What can we do about this?

0:58:39: How can we support your work?

1:00:39: Wrap-up

1:03:27: Patron podcast preview

Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to.

In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource.

Article Links

Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/

Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/

Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.html

What Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disaster

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/

Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/

Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillance

Privacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10

Ente Locker – Safe space for your most important documents https://ente.io/locker/

Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/

Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:08: Intro

0:01:54: News rundown

0:03:36: Amazon wishlist change exposes your address

0:08:44: New iOS exploit kit leaks

0:14:21: Israel hacked traffic cams to kill Khamenei

0:17:19: Meta’s AI glasses privacy nightmware

0:22:32: AirSnitch WiFi attack

0:26:31: Microsoft AI bug exposes private emails

0:29:35: Discord backtracks on age verification

0:34:38: Senators reintroduce surveillance transparency bill

0:39:15: Call to remove hidden surveillance cameras

0:44:44: Ente Locker

0:47:51: Privacy Activist Toolbox

0:51:53: Tip of the Week

1:00:36: Patron podcast preview

1:02:15: Looking ahead

Cellular providers need to know your location in order to deliver calls and text message to your phone. But it turns out that they really don’t need to know who you are to give you that service. They only need to know how to bill you – and that information can be at little as knowing your ZIP+4 code. Why do we give so much personal information to our mobile service providers when we don’t have to? Today, Nick Merrill, founder of Phreeli, will explain how he can give you top notch cell service and know almost nothing about you.

Interview Notes

Phreeli: https://www.phreeli.com/ 

Double Blind Armadillo: https://www.phreeli.com/files/PhreeliDoubleBlindArmadilloWhitePaper.pdf 

Wired article: https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/ 

Call Detail Record: https://en.wikipedia.org/wiki/Call_detail_record 

2600 Magazine: https://www.2600.com/ 

Zero-Knowledge Proofs: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:12: Intro

0:02:25: Zero Knowledge Proofs!

0:03:35: Lingo

0:07:29: How did you come to found Phreeli?

0:15:08: Who is your target audience?

0:19:18: How can you get by with just ZIP+4?

0:24:10: Is Phreeli more private, say, Mint?

0:28:33: How do I recover my Phreeli acccount?

0:30:22: What identifiers are tied to cell phones?

0:37:12: Can Phreeli work law requires KYC?

0:41:09: How do you separate billing from service?

0:47:23: How can a cellular provider hide a user’s location?

0:51:44: Do telecom networks have inherent privacy problems?

0:55:30: How do you handle lawful intercept?

0:59:13: How do you convince the skeptics?

1:02:19: What’s the current feature roadmap?

1:04:19: Wrap-up

1:08:59: Patron podcast preview

1:10:35: Looking ahead

In my seemingly never-ending quest to replace all things Google, I’ve finally found some solid, private alternatives to Google Sheets and Google Forms. And we’ll also talk about how the EU is looking to create competing products to reduce their dependence on Big Tech from Silicon Valley.

In the news: Australian drivers’ info exposed in breach; school admissions website leaked student data; Discord is rolling out age verification; more countries move to ban social media for kids; Big Tech companies volunteer data to DHS on anti-ICE users; Meta wanted to sneak out facial recognition; researchers find tricky bugs in password managers; DJI robovacs were wide open on the internet; Ring’s mass surveillance efforts garner blow back; Russia blocks WhatsApp and Telegram.

Article Links

More than 200,000 Australian drivers exposed in massive data breach https://www.drive.com.au/news/over-200000-driver-licences-hacked-in-massive-data-breach/

Bug in student admissions website exposed children’s personal information https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/

Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out

These are the countries moving to ban social media for children https://techcrunch.com/2026/02/17/social-media-ban-children-countries-list/

Reddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users https://gizmodo.com/reddit-meta-and-google-voluntarily-gave-dhs-info-of-anti-ice-users-report-says-2000722279

Meta reportedly wants to add face recognition to smart glasses while privacy advocates are distracted https://www.theverge.com/tech/878725/meta-facial-recognition-smart-glasses-name-tag-privacy-advoates

Password managers less secure than promised https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html

The DJI Romo robovac had security so poor, this man remotely accessed thousands of them https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt

With Ring, American Consumers Built a Surveillance Dragnet https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/

WhatsApp and Telegram blocked in Russia, Meta ‘extremist organization’ https://9to5mac.com/2026/02/12/whatsapp-and-telegram-blocked-in-russia-as-meta-designated-an-extremist-organization/

Europe is ready to ditch US tech for private alternatives https://proton.me/blog/european-alternative-us-tech-survey

Tip of the Week: https://firewallsdontstopdragons.com/de-google-my-life-part-5/ 

Further Info

Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time/ 

Try Mastodon! https://firewallsdontstopdragons.com/how-to-move-to-mastodon/  

Proton referral link: https://pr.tn/ref/ZMNG3DNK 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:54: News rundown

0:04:27: 200k+ Australian drivers’ data exposed

0:08:08: Aadmissions site exposed children’s info

0:12:44: Discord to implement age checks

0:23:50: Countries looking to ban social media for kids

0:29:40: Meta, Google Gave DHS Info of Anti-ICE Users

0:32:37: Meta wants to add face recognition while privacy advocates are distracted

0:37:10: Password manager bugs fixed

0:39:57: DJI robovacs security flaw fixed

0:45:43: Ring’s new Search Party feature

0:56:36: Russia blocks Telegram, WhatsApp

0:59:15: Europe is ready to ditch US tech

1:04:26: Tip of the Week

1:08:07: Proton referral

1:08:50: Patron podcast preview

1:09:20: Looking ahead