Firewalls Don't Stop Dragons Podcast

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain.

In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case.

Article Links

Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts

This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers

These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns

H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability

This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions

The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer

macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands

Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25

Further Info

Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 

Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:03: News rundown

0:03:17: Walmart buys Vizio for ads, data

0:08:57: Public Zoom calls secretly turned into podcasts

0:17:24: Navia leaks millions of SSNs

0:20:28: TP-Link router vulnerabilities

0:36:25: H&R Block’s horrific tax software

0:45:41: New Claude Mac feature is too dangerous

0:48:22: macOS 24 blocks ClickFix?

0:50:44: Facebook, Google lose huge lawsuit

0:54:22: Patron podcast preview

0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors.

Interview Notes

Privacy Guides: https://www.privacyguides.org/ 

The New Oil: https://thenewoil.org/ 

Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/

This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455 

Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/ 

Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:18: Intro

0:02:11: Why did you get into privacy?

0:07:44: What’s the most enduring privacy myth?

0:14:13: Do you find people dislike the answer “it depends”?

0:16:50: How would you describe your target audience?

0:22:00: How do you evaluate privacy products?

0:27:59: What products have you unrecommended and why?

0:34:27: What are major privacy red flags?

0:43:09: What product do you use that you do not recommend to others?

0:48:05: How will you handle age checks or repeal of Section 230?

0:55:09: Who do you look to for privacy advice?

1:04:22: What’s next for you guys?

1:08:30: Wrap-up

1:10:46: Patron podcast preview

1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface.

Article Links

Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware

Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption

Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/

Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/

Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization

EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/

Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/

You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting

Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ 

Further Info

Greynoise IP Check: https://check.labs.greynoise.io/ 

Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 

CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services 

CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:35: News rundown

0:03:41: Update your Asus routers

0:08:55: Instragram drops E2EE

0:12:57: Porn addiction app exposed user data

0:19:54: Dangers of age verification laws

0:30:45: Car surveillance mandatory in 2027

0:35:46: Cyberattack kills breathalizer-equipped cars

0:39:41: LLMs can deanonymize users

0:51:11: Chat Control defeated!

0:55:22: Firefox free VPN coming

0:59:05: New Apple security fix mechanism

1:03:14: Tip of the Week

1:09:09: More security tips

1:13:53: Patron podcast preview

1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening.

Interview Notes

Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/ 

Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo 

Consumer Reports: https://www.consumerreports.org/ 

More Perfect Union: https://perfectunion.us/ 

Get involved: https://action.consumerreports.org/ 

Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/ 

Amazon price tracker: https://camelcamelcamel.com/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:13: Intro

0:02:44: What’s your background?

0:04:26: What triggered this study?

0:06:08: How did you test this theory?

0:09:25: How prevalent is this practice?

0:11:27: What is a “customer surplus”?

0:13:44: Did the pandemic exacerbate this?

0:15:08: Is this practice legal?

0:21:42: How do ESL’s work?

0:25:52: Are all the add-on fees legit?

0:28:01: Are the stores participating in this, too?

0:32:01: What do they learn from loyalty programs?

0:37:38: Are digital coupons dynamic, too?

0:41:07: Does this amount to price fixing?

0:44:21: What’s been the reaction to your report?

0:49:00: What will you study next?

0:53:04: What can we do about this?

0:58:39: How can we support your work?

1:00:39: Wrap-up

1:03:27: Patron podcast preview

Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to.

In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource.

Article Links

Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/

Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/

Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.html

What Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disaster

New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/

Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/

Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/

Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillance

Privacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10

Ente Locker – Safe space for your most important documents https://ente.io/locker/

Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/

Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:08: Intro

0:01:54: News rundown

0:03:36: Amazon wishlist change exposes your address

0:08:44: New iOS exploit kit leaks

0:14:21: Israel hacked traffic cams to kill Khamenei

0:17:19: Meta’s AI glasses privacy nightmware

0:22:32: AirSnitch WiFi attack

0:26:31: Microsoft AI bug exposes private emails

0:29:35: Discord backtracks on age verification

0:34:38: Senators reintroduce surveillance transparency bill

0:39:15: Call to remove hidden surveillance cameras

0:44:44: Ente Locker

0:47:51: Privacy Activist Toolbox

0:51:53: Tip of the Week

1:00:36: Patron podcast preview

1:02:15: Looking ahead