Firewalls Don't Stop Dragons Podcast

Probably the oldest online data you have – like, still have out there right now – is your emails. Did you have an AOL account? Or email through your internet service provider (ISP)? Statistically speaking, you probably have a Gmail, Yahoo Mail or Outlook (previously HotMail) account. Unless you explicitly closed those accounts or deleted those emails, they’re still there. Emails are less like letters in an envelope and much more like postcards, unless you made a point of encrypting them. So today we’ll start a multi-step process to download that email history so that we can delete the online data before it’s slurped into some AI model training or leaked in a data breach.

In other news: Met Police win suit to use live facial recognition; Australian teens work around social media ban; big tech is ignoring your do-not-track signals; Meta threatens to leave New Mexico over AG demands; Meta is training AI on their employees; doctors are using AI to take session notes; Mythos suffers ‘unauthorized access’; AI agent deletes companies databases; and AI is empowering script kiddies.

Article Links

Challenge over Met Police’s use of live facial recognition lost: https://www.bbc.com/news/articles/cq59x4vv954o

Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs: https://www.yahoo.com/news/articles/most-australian-teens-admit-social-111400429.html

Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit: https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you-opt-out-according-to-an-independent-audit

Meta threatens to pull its apps from New Mexico if forced to make ‘technologically impractical’ changes: https://www.theverge.com/policy/921557/meta-threatens-leaving-new-mexico

Meta is tracking employees for AI training data: https://proton.me/business/blog/meta-ai-training-employee-data

Why your doctor’s AI recorder can be bad for your health (and privacy): https://this.weekinsecurity.com/why-your-doctors-ai-recorder-can-be-bad-for-your-health-and-privacy

Anthropic’s most dangerous AI model just fell into the wrong hands: https://www.theverge.com/ai-artificial-intelligence/916501/anthropic-mythos-unauthorized-users-access-security

An AI agent allegedly deleted a startup’s production database: https://mashable.com/article/ai-agent-deletes-data-30-hour-service-outage-pocketos

Attack of the killer script kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai

Tip of the Week: https://firewallsdontstopdragons.com/withdraw-your-data-email/ 

Further Info

Enable and verify GPC flag: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ 

Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball 

AI doctor privacy newsletter: https://buttondown.com/maiht3k/archive/why-you-should-refuse-to-let-your-doctor-record/ 

Attack of the Script Kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai 

Zero Day Clock: https://zerodayclock.com/ 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:07: News bites

0:01:59: News rundown

0:04:17: Met Police win face recognition suit

0:09:10: Australia social media ban update

0:13:16: Google, Meta, Microsoft ignoring GPC

0:20:40: New Mexico AG has demands for Meta

0:26:28: Meta tracking employees to train AI

0:32:36: Doctors using AI to take notes

0:39:45: Mythos unauthorized access

0:43:39: AI agent deletes company databases

0:49:25: Attack of the killer script kiddies

1:02:29: Tip of the Week

1:11:45: Patron podcast preview

1:11:54: Looking ahead

We have relied on prophets and seers for most of human history, largely because humans are obsessed with the future – specifically their own. But prophecy has often been used to determine or at least influence the future, not just predict it. In her new book, Prophecy, Carissa Véliz explains the power and perils of prediction, from the Oracle of Delphi to modern AI, giving us some much-needed perspective on the dangers of chatbots and the people who are selling them to us as powerful tools that will either save or doom all of humanity.

Interview Notes

Prophecy: https://www.carissaveliz.com/prophecy 

Privacy is Power: https://www.carissaveliz.com/books 

The Power of Analogue (TEDx): https://www.youtube.com/watch?v=IvJeUQ9Egnk 

How Privacy Can Save Your Life (TEDx): https://www.youtube.com/watch?v=xSPRouBvgFE 

Here’s to the Crazy Ones (Steve Jobs): https://www.youtube.com/watch?v=mtftHaK9tYY 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:18: Intro

0:03:07: How is prediction used to determine the future?

0:08:09: Why are humans hard to predict?

0:12:34: What does AI predict about itself?

0:19:24: What are longtermism and effective altruism?

0:25:45: How does rationalism compare to empiricism with AI?

0:30:41: Why do humans believe numbers?

0:34:57: Are prediction markets ethical?

0:38:53: What do you tell policymakers?

0:41:51: How do we resist fear of the future?

0:47:11: Wrap up

0:49:45: Patron podcast preview

0:50:23: Looking ahead

Artificial Intelligence – in particular, Large Language Models (LLMs) or “chatbots” – are increasing in power at an astonishing pace. In fact, the latest models from Anthropic (Claude Mythos) and OpenAI (ChatGPT 5.4 Cyber) are so good at reading software code and finding vulnerabilities, that their makers have strictly limited initial access to manufacturers of the most popular software so that they have a head start in finding exploitable bugs. But it’s not all doom and gloom. I’ll highlight the promise of this powerful new technology, as well.

Article Links

Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.: https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2

Iran built a vast camera network to control dissent. Israel turned it into a targeting tool: https://apnews.com/article/iran-war-security-cameras-surveillance-5f9a1fe5845d94894f3edd50af560d3a

Iranian hackers are targeting American critical infrastructure, US agencies warn: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device: https://thenextweb.com/news/linkedin-browsergate-extension-scanning-privacy-fingerprint

The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine: https://www.secureworld.io/industry-news/pixel-marketing-pii-harvesting

Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance: https://www.wired.com/story/republican-mutiny-sinks-trumps-push-to-extend-warrantless-surveillance

India drops proposal to mandate national ID app Aadhaar on smartphones after pushback: https://www.reuters.com/world/china/india-drops-proposal-mandate-national-id-app-aadhaar-smartphones-after-pushback-2026-04-17

What I learned by vibe-coding my own word processor: https://www.fastcompany.com/91528164/claude-code-vibe-code-word-processor

On Anthropic’s Mythos Preview and Project Glasswing: https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html

Tip of the Week: https://firewallsdontstopdragons.com/ai-promise-peril/ 

Further Info

Support the Internet Archive: https://www.savethearchive.com/authors/ or https://www.savethearchive.com/journalists/ 

Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:08: Intro

0:00:37: Internet Archive needs your help

0:02:00: Router ban update

0:02:33: News rundown

0:05:46: New EU age app has bugs

0:10:46: FBI extracts Signal messages

0:16:33: Iran public cameras hacked by Israel

0:22:46: Iran hackers target US, Israel

0:26:11: LinkedIn scans your devices

0:37:06: TikTok Meta pixel madness

0:43:25: Section 702 on the ropes

0:50:56: India drops ID app mandate

0:53:42: Vibe-coding my own word processor

1:04:07: Schneier on Mythos, Glasswing

1:07:37: Tip of the Week

1:21:59: Patron podcast preview

1:22:24: Looking ahead

There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards.

Interview Notes

Victory Medium (Zach): https://victorymedium.com/ 

Check My Ads (Iesha): https://checkmyads.org/ 

TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/ 

Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now 

US v Google: https://www.usvgoogleads.com/ 

IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/ 

DROP portal: https://privacy.ca.gov/drop/ 

Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/ 

Apple’s Hide My Email: https://support.apple.com/en-us/105078 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Recommend news stories: send to news [at] firewallsdontstopdragons.com 

Send me your questions! https://fdsd.me/qna 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:20: Intro

0:02:22: Learning the lingo

0:03:34: What identifiers are used to track us online?

0:12:00: How else are we being tracked?

0:23:20: How are we tracked in the physical world?

0:31:54: How do brick and mortar stores track us?

0:37:46: What if the data is wrong?

0:43:58: What if I’m okay with targetted ads?

0:49:14: How does my data overlap your data?

0:54:01: Can’t this tracking also be used to stop fraud?

0:58:08: Why can’t we just use contextual ads?

1:05:22: What can we do about this?

1:13:00: What does NOT work to stop tracking?

1:14:10: What’s next for you two?

1:17:43: Wrap-up

1:21:05: Patron podcast preview

1:21:56: Looking ahead

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain.

In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case.

Article Links

Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts

This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers

These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns

H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability

This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions

The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer

macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands

Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25

Further Info

Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 

Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:03: News rundown

0:03:17: Walmart buys Vizio for ads, data

0:08:57: Public Zoom calls secretly turned into podcasts

0:17:24: Navia leaks millions of SSNs

0:20:28: TP-Link router vulnerabilities

0:36:25: H&R Block’s horrific tax software

0:45:41: New Claude Mac feature is too dangerous

0:48:22: macOS 24 blocks ClickFix?

0:50:44: Facebook, Google lose huge lawsuit

0:54:22: Patron podcast preview

0:54:58: Looking ahead