There are a ton of messaging apps on the market – and there are actually quite a few that are very secure and private. I would argue that there is no such thing as a “perfect” secure messaging app. There are several threat models to account for, each with different requirements. Today we’re going to talk about the pros and cons of decentralized messaging with the co-founder of Session, Kee Jeffreys. These messaging apps don’t rely on a set of servers hosted by the provider, but rather on a mesh of nodes run by hundreds or thousands of others. We’ll also discuss the importance of protecting metadata and the notion of “permissionless access”. Session just announced support for key features in the upcoming version 2 of their protocol, including Perfect Forward Secrecy (PFS) and post-quantum encryption. Interview Notes Get the Session app: https://getsession.org/  Session adds PFS, post-quantum crypto: https://getsession.org/blog/session-protocol-v2  xkcd $5 wrench (“Security”): https://xkcd.com/538/  Further Info Annual Listener Survey!!! https://fdsd.me/survey2026  New Patron Promotion!! https://firewallsdontstopdragons.com/new-patron-promotion/ Generate passphrases using d02’s: https://d20key.com/#/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:12: Promotion teasers 0:01:54: Interview setup 0:03:33: Lingo 0:05:07: Why did you create Session? 0:11:01: How does the location of a company’s HQ matter? 0:18:58: Why do regular people need this level of security? 0:22:01: How does Session work? 0:29:59: Why does permissional account creation matter? 0:35:55: How does Session compare to other apps? 0:45:27: Why didn’t Session have Perfect Forward Secrecy originally? 0:53:50: When will PFS roll out? 0:58:37: How does cryptocurrency factor into Session’s network? 1:03:32: What happens if $SESH price goes way up or way down? 1:07:19: How does Session sustain itself? 1:13:34: Why is private messaging so important? 1:19:49: Wrap-up 1:22:34: Patron podcast preview 1:23:44: New patron promotion 1:27:14: Annual listener survey

Every week, I record a special, private bonus podcast for my patrons. Normally all of that content is restricted to my supporters. But today I’ve got a sampler platter of some of the best snippets from my bonus Q&A with my interview guests. You’ll hear from Yael Grauer (Consumer Reports), Josh Summers (All Things Secured), Lisa LeVasseur (Internet Safety Labs), Josh Corman (UnDisruptable27), Andy Liddell (EdTech Law Center), Carissa Véliz (author, professor), Eamonn Maguire (Proton), Grace Menna & Adrien Ogee (Cyber Resilience Corps). Enjoy! Original Interview Links Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep420: Josh Summers: https://podcast.firewallsdontstopdragons.com/2025/03/17/all-things-secured/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep428: Josh Corman: https://podcast.firewallsdontstopdragons.com/2025/05/12/shelter-from-the-storm/  Ep426: Andy Liddell: https://podcast.firewallsdontstopdragons.com/2025/07/07/defending-student-privacy/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep453: Eamonn Maguire: https://podcast.firewallsdontstopdragons.com/2025/10/27/privacy-focused-ai/  Ep454: Grace Menna & Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Security Planner: https://securityplanner.consumerreports.org/  App Microscope: https://appmicroscope.org/  Take 9: https://pausetake9.org/  Meshtastic: https://meshtastic.org/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  CISA Bad Practices: https://www.cisa.gov/news-events/news/bad-practices-0 Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:03:55: Ep416: Yael Grauer 0:10:51: Ep420: Josh Summers 0:16:36: Ep422: Lisa LaVasseur 0:22:21: Ep428: Josh Corman 0:30:03: Ep426: Andy Liddell 0:35:49: Ep438: Deviant 0:41:55: Ep446: Carissa Veliz 0:47:12: Ep450: Jake Braun 0:52:55: Ep454: Grace Menna & Adrien Ogee 0:55:44: Wrap-up

I’m digging into the vault for a classic interview – a blast from the past! I’ve done 460 episodes over the last nearly 9 years, and some of the best old episodes still hold up well today. I first interviewed Troy Hunt, creator of Have I Been Pwned, in February of 2019. It was Episode 102 and it was entitled “You Must Stop Reusing Passwords”. In this episode we talk a little about the origins of HIBP, password security, data breaches and brokers, and how to keep our accounts secure. I’ve added some new commentary, but the original episode is preserved in all of its glory! Interview Notes Have I Been Pwned? https://haveibeenpwned.com/  NIST updated password guidelines:  https://pages.nist.gov/800-63-4/sp800-63c.html  Proton summary of NIST changes: https://proton.me/blog/nist-password-guidelines  Password haystacks: https://firewallsdontstopdragons.com/need-a-bigger-password-haystack/  Choosing a strong PIN: https://firewallsdontstopdragons.com/how-to-choose-a-pin/  Using passphrases: https://podcast.firewallsdontstopdragons.com/2021/05/24/how-when-to-use-a-passphrase/  On passkeys: https://podcast.firewallsdontstopdragons.com/2023/05/22/problems-with-passkeys/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:32: Interview setup 0:02:52: What is Have I Been Pwned? 0:05:37: What is a data breach? 0:06:42: Where do you get data breach records? 0:08:18: What is the “dark web”? 0:10:35: How do YOU get breach data? 0:11:43: What were some of the worst data breaches? 0:15:09: Who is behind these breaches? 0:17:03: How often are data brokers hacked? 0:19:47: Is it that hard to protect our data? 0:21:22: Is there no liability for not protecting data? 0:24:16: What about breach disclosure laws? 0:26:00: Do class action lawsuits provide accountability? 0:29:00: How can consumers evaluate a company’s data security? 0:32:35: Is data collection inherently bad? 0:34:43: How can we best use HIBP? 0:36:59: Should sites be rejecting known-bad passwords? 0:39:37: Why do some sites limit the use of special characters? 0:41:50: How up-to-date is HIBP data? 0:44:25: What does registering for notifications do? 0:45:39: What is your “opt out” feature? 0:46:25: Can hackers use HIBP for nefarious purposes? 0:48:16: Any other password advice? 0:50:27: Which services integrate with HIBP? 0:52:19: Wrap-up 0:54:52: New password guidelines 1:01:45: Patron podcast preview 1:02:12: Looking ahead

I’ve had some truly amazing interviews this past year. For your listening enjoyment, I’ve curated a set of clips from some of the best shows, creating a sampler platter of stellar audio content from some amazing guests! If you’ve never listened to my podcast, this will give you a taste of what you’re missing! If you’re a regular listener, this will be a fun trip down memory lane, complete with new commentary. You’ll hear from Dr Paul Ashley (CEO/Founder of MySudo), Yael Grauer (Consumer Reports), Weld Pond (L0pht), Lisa LaVasseur (Internet Safety Labs), Zach Edwards (Silent Push), Bruce & Heidi Potter (Shmoocon), Deviant (physical security expert), Cory Doctorow (author, activist, EFF), Monique Priestley (VT State Rep), Carissa Véliz (author, professor), Adrian Ogee (CyberPeace Builders).Enjoy! Original Interview Links Ep414, Dr Paul Ashley: https://podcast.firewallsdontstopdragons.com/2025/02/03/controlling-your-digital-id/  Ep416: Yael Grauer: https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Ep418: Chris Wysopal (Weld Pond): https://podcast.firewallsdontstopdragons.com/2025/03/03/back-to-the-l0pht/  Ep422: Lisa LeVasseur: https://podcast.firewallsdontstopdragons.com/2025/03/31/microscoping-our-apps/  Ep426: Zach Edwards: https://podcast.firewallsdontstopdragons.com/2025/04/28/riding-the-data-gravy-train/  Ep434: Bruce & Heidi Potter: https://podcast.firewallsdontstopdragons.com/2025/06/23/shmoocon-moose-you-already/  Ep438: Deviant Ollaf: https://podcast.firewallsdontstopdragons.com/2025/07/21/passport-lawyer-locksmith/  Ep440: Cory Doctorow: https://podcast.firewallsdontstopdragons.com/2025/08/04/tariffs-vs-ip-law/  Ep442: Monique Priestley: https://podcast.firewallsdontstopdragons.com/2025/08/18/im-just-a-privacy-bill/  Ep446: Carissa Véliz: https://podcast.firewallsdontstopdragons.com/2025/09/15/on-the-ethics-of-ai/ Ep454: Adrien Ogee: https://podcast.firewallsdontstopdragons.com/2025/11/10/becoming-cyber-resilient/  Best of 2025 blog/podcast: https://firewallsdontstopdragons.com/best-of-2025/  Previous dragon coin promo: https://firewallsdontstopdragons.com/dragon-coin-promo/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:04:42: Ep414: Dr Paul Ashley 0:09:44: Ep416: Yael Grauer 0:14:27: Ep418: Weld Pond 0:20:58: Ep422: Lisa LeVasseur 0:28:27: Ep426: Zach Edwards 0:34:38: Ep434: Bruce & Heidi Potter 0:38:36: Ep438: Deviant 0:42:51: Ep440: Cory Doctorow 0:51:10: Ep442: Monique Priestley 0:58:28: Ep446: Carissa Veliz 1:05:38: Ep454: Adrien Ogee 1:14:59: Wrap-up 1:15:40: Looking ahead

Way before the world wide web, computer enthusiasts were sharing information via digital bulletin board systems (BBS). This amounted to attaching a modem to your home computer and allowing other people to dial in from their computers (one at a time) to download “textfiles” and share “warez” – or cracked software applications, often games. This scene gave rise to several electronic “zines” that published articles on hacking and phone phreaking techniques. One of the most popular zines, Phrack, was started in 1985 and is still going strong forty years later. Today we’ll discuss the colorful and storied history of this pioneering zine with two Phrack editors, skyper and TMZ. Interview Notes Phrack magazine: https://phrack.org  Phrack Wikipedia page: https://en.wikipedia.org/wiki/Phrack  Hacker Manifesto: https://phrack.org/issues/7/3 Smashing the Stack for Fun and Profit (Aleph One): https://phrack.org/issues/49/14 E911 Document Leak: https://phrack.org/issues/24/5 Texfiles archive: http://www.textfiles.com/  DEF CON: https://www.youtube.com/watch?v=TW-D1I27E08  HOPE: https://www.youtube.com/live/7ZeN53mKhbE?t=26726s  WHY 2025 talk: https://www.youtube.com/watch?v=EtyzTsOtx4A  WHYcast: https://www.youtube.com/watch?v=nwY1q3aEFS0  Cap’N Crunch whistle: https://www.thingiverse.com/thing:3193749  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:01:31: Interview setup 0:03:13: Lingo definitions 0:05:32: How did Phrack Magazine start? 0:09:14: How did BBS systems give rise to phone phreaking? 0:15:59: How did Phrack compare to other zines? 0:19:35: How do you define “hacker”? 0:25:10: What goes into making an issue of Phrack? 0:30:00: What’s the story behind Phrack’s famous “hacker manifesto”? 0:33:32: Why was your E911 article so controversial? 0:36:27: What does it mean to “smash the stack”? 0:41:41: What are there ethical issues around releasing hacking tools? 0:45:46: Is the original hacker ethos still alive today? 0:50:18: How has hacking evolved in the last 40 years? 0:52:51: How will AI impact hacking? 0:54:24: Wrap-up 0:56:55: Patron podcast preview 0:57:39: Looking ahead

With the holiday season come holiday scams – and honestly, just more scammer activity across the board, in general. People are busy and buying lots of stuff, and it’s a time when we’re more vulnerable to schemes to take our money and infect our devices. Today we’ll talk about a few current scams going around and give some solid advice to avoid becoming a victim. In the news: FCC scraps cybersecurity rules for telcos; WhatsApp flaw exposed 3.5B phone numbers; ClickFix scam update; Border Patrol is monitoring US drivers for ‘suspicious’ travel patterns; a tricky Apple Support scam; USPS and EZ-Pass scams; a cool new tool for monitoring your home network for rogue devices; state and local cyber grant program to be renewed; airlines shut down program that sold your flight records; CA court ends electricity surveillance program; also, a few more holiday gift ideas! Article Links Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies https://techcrunch.com/2025/11/21/despite-chinese-hacks-trumps-fcc-votes-to-scrap-cybersecurity-rules-for-phone-and-internet-companies/ A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers https://www.wired.com/story/a-simple-whatsapp-security-flaw-exposed-billions-phone-numbers/ ClickFix may be the biggest security threat your family has never heard of https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/ Border Patrol is monitoring US drivers and detaining those with ‘suspicious’ travel patterns https://apnews.com/article/immigration-border-patrol-surveillance-drivers-ice-trump-9f5d05469ce8c629d6fecf32d32098cd ‘It made my blood run cold’: scammers are targeting Apple users with this devilishly clever trick – here’s how to stay safe https://www.techradar.com/computing/cyber-security/watch-out-apple-fans-this-scary-scam-is-stealing-personal-accounts-with-real-apple-support-tickets Scam USPS and E-Z Pass Texts and Websites – Schneier on Security https://www.schneier.com/blog/archives/2025/11/scam-usps-and-e-z-pass-texts-and-websites.html Your IP Address Might Be Someone Else’s Problem (And Here’s How to Find Out) https://www.greynoise.io/blog/your-ip-address-might-be-someone-elses-problem Full renewal of state and local cyber grants program passes in House https://therecord.media/state-local-cyber-grants-program-house-passage Airlines Will Shut Down Program That Sold Your Flights Records to Government https://www.404media.co/airlines-will-shut-down-program-that-sold-your-flights-records-to-government/ Victory! Court Ends Dragnet Electricity Surveillance Program in Sacramento https://www.eff.org/deeplinks/2025/11/victory-court-end-dragnet-electricity-surveillance-program-sacramento Best & Worst Gift Guide: https://firewallsdontstopdragons.com/best-worst-gifts-2025/  All my gift guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  Further Info EasyOptOuts 25% discount: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Consumer Reports $10 off: https://www.consumerreports.org/fdsd/  eBay AI settings:  https://accountsettings.ebay.com/ai-preferences My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:08: Intro 0:01:34: Quick tidbits 0:05:10: News preview 0:07:02: FCC scraps cybersecurity rules for telcos 0:11:02: WhatsApp Flaw Exposed 3.5B Phone Numbers 0:17:47: ClickFix scam 0:24:53: CBP is monitoring US drivers for ‘suspicious’ travel patterns 0:32:12: Clever Apple Support scam 0:38:05: More scams to watch for 0:40:19: Your IP Address Might Be Someone Else’s Problem 0:47:15: State and local cyber grant program to be renewed 0:49:13: Airlines Shut Down Program That Sold Your Flights Records 0:51:40: CA Court Ends Electricity Surveillance Program 0:55:27: Tip of the Week 1:03:53: Looking ahead 1:06:22: Patron podcast previews 1:07:42: Looking more ahead

Holiday shopping season is here! And that must mean that it’s time again for my annual Best & Worst Gift Guide! But this time I’ve recruited some top minds from Consumer Reports to lend their expertise and enlighten us with their tech gift-giving strategies! Yael Grauer, Stacey Higginbotham and Jeff Landale join me for a round table discussion of how to give tech gifts that won’t ruin the security and privacy of your recipients! Interview Notes $10 off Consumer Reports!! https://www.consumerreports.org/fdsd/  Consumer Reports: https://www.consumerreports.org/  Cyber Readiness Report: https://innovation.consumerreports.org/new-report-2025-consumer-cyber-readiness/  Security Planner: https://securityplanner.consumerreports.org/  Vulnerability Disclosure Programs: https://innovation.consumerreports.org/who-ya-gonna-call/  Give Dragon Coupons! https://firewallsdontstopdragons.com/give-the-gift-of-security-and-privacy/  Library Freedom Project: https://libraryfreedom.org/  Yael on spyware and iPhone 17: https://innovation.consumerreports.org/apples-new-iphone-memory-protections-safeguards-devices-against-sophisticated-attacks/  Yael interview (Security Planner): https://podcast.firewallsdontstopdragons.com/2025/02/17/security-planner/  Stacey interview (software tethering): https://podcast.firewallsdontstopdragons.com/2024/11/11/cutting-the-software-tether/  iVerify interview: https://podcast.firewallsdontstopdragons.com/2023/11/13/securing-your-smartphone/  Further Info All my Best & Worst guides: https://firewallsdontstopdragons.com/category/best-worst-gifts/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:15: Intro 0:02:18: What is your tech gift giving philosophy? 0:08:37: What are some worrying tech trends? 0:17:41: What are your tech gift horror stories? 0:22:09: What are your thoughts on giving tech gifts to kids? 0:29:52: What gifts are on your naughty list? 0:42:31: What’s on your nice tech gift list? 0:54:51: How should you handle receiving a bad gift? 1:07:06: Any other hot tips or advice? 1:11:08: What are some great non-tech gifts? 1:17:40: How can Consumer Reports help here? 1:20:39: Wrap-up 1:22:35: Dealing with phone spyware 1:24:35: Newsletter info 1:24:51: IoT vulnerability programs 1:25:04: Give Thanks 1:25:37: Patron podcast preview 1:26:28: Other gift ideas 1:27:27: EasyOptOuts and PayPal 1:28:12: Looking ahead

Data brokers are amassing tons of our personal information, often from public sources. You can try to find all of these brokers and request your data be deleted, but it’s a lot easier to deputize a trustworthy and affordable service to do all that work for you – and to do so on a regular basis. I’ll give you my easy button solution for this. Also in the news: Meta will use your AI sessions to target ads; Google is rolling out agentic AI shopping tools; OpenTable is gathering and sharing your dining habits; Amazon sues Perplexity over their agentic shopping tool; first ever reported AI-orchestrated hacking campaign; EU Commission looks to gut privacy laws; lawmakers want to ban all VPN use; US Senator uses opponents’ can VIN info against them; and new health privacy bill seeks to protect data in apps, smart watches. Article Links Meta won’t allow users to opt out of targeted ads based on AI chats https://arstechnica.com/tech-policy/2025/10/meta-wont-allow-users-to-opt-out-of-targeted-ads-based-on-ai-chats/ Google Is Rolling Out ‘Agentic Checkout’ to Make Your Purchases for You https://lifehacker.com/tech/google-is-rolling-out-agentic-checkout Texas Server Says Your Waitstaff Can Now See What Type Of Customer You Are If You Use OpenTable https://brobible.com/culture/article/opentable-ai-customer-profiling/ Amazon sues Perplexity over ‘agentic’ shopping tool https://www.reuters.com/business/retail-consumer/perplexity-receives-legal-threat-amazon-over-agentic-ai-shopping-tool-2025-11-04/ Disrupting the first reported AI-orchestrated cyber espionage campaign https://www.anthropic.com/news/disrupting-AI-espionage Civil society decries digital rights ‘rollback’ as European Commission pushes data protection changes https://therecord.media/civil-society-privacy-rollback Lawmakers Want to Ban VPNs https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing Senate Democrats seek to ‘get to bottom’ of Moreno’s car-data collection https://rollcall.com/2025/11/06/senate-democrats-seek-to-get-to-bottom-of-morenos-car-data-collection/ Health privacy bill seeks protections for data collected by apps, smartwatches https://therecord.media/health-privacy-bill-seeks-protections-apps-smartwatches Tip of the Week: Erasing Your Data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/  Further Info Ask ARC to delete data and stop sharing: https://www.404media.co/how-to-opt-out-of-airlines-selling-your-travel-data-to-the-government/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:45: News briefs 0:02:57: News preview 0:05:38: Meta won’t let you opt out of AI data gathering 0:15:05: Google Is Rolling Out ‘Agentic Checkout’ 0:20:13: OpenTable gathering and sharing your dining info 0:31:22: Amazon sues Perplexity over ‘agentic’ shopping tool 0:38:57: First reported AI-orchestrated cyber attack 0:51:33: European Commission pushes data protection changes 0:55:15: Lawmakers Want to Ban VPNs 1:04:03: Senator uses VIN info against opponents 1:10:38: Health privacy bill seeks protections for data collected by apps, smartwatches 1:12:43: Tip of the Week 1:16:26: Looking ahead

In the US alone, there are tens of thousands of small organizations that are responsible for critical infrastructure and vital community services. Most of them don’t have an IT department let alone a cyber security expert on staff. And yet these organizations are being attacked by cyber criminal gangs with ransomware and are also being targeted by foreign adversaries who would like the ability to disrupt our very civilization. While the US federal cyber agencies have not properly responded to these threats, a handful of volunteer organizations have emerged, organized under the Cyber Resilience Corps, to address these needs. Today I’ll speak with Michael Razeeq, Grace Menna, Adrien Ogee and Eric Franco about their much-needed efforts. Interview Notes Cyber Resilience Corps: https://cltc.berkeley.edu/program/cyber-resilience-corps/  Volunteer! https://cybervolunteers.us  Cyber Security Clinics: https://cybersecurityclinics.org/  The Ransomware Hunting Team: https://en.wikipedia.org/wiki/The_Ransomware_Hunting_Team  Roadmap to Cyber Defense: https://cltc.berkeley.edu/publication/roadmap-to-community-cybersecurity/  Path to Long-Term Cyber Resilience report: https://cltc.berkeley.edu/publication/a-path-to-long-term-cyber-resilience-for-under-resourced-organizations/  Grace Menna’s BSides LV talk: https://www.youtube.com/live/v20rxx_afw0?&t=1410   CISA Cybersecurity Resources for High-Risk Communities: https://www.cisa.gov/audiences/high-risk-communities/cybersecurity-resources-high-risk-communities  FBI InfraGuard: https://www.infragardnational.org/  Further Info My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support the mission: https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:13: Intro 0:00:26: Couple announcements 0:01:09: Interview setup 0:03:38: Defining some terms 0:06:40: Introductions 0:07:51: What is the Cyber Resilience Corps? 0:13:59: What are some of the other affiliated cyber groups? 0:19:24: How do you reach organizations in need? 0:26:43: Do orgs ever resist or eschew your help? 0:34:22: How are these efforts funded? 0:42:14: is there agreement on where to focus efforts? 0:44:02: Which sectors are most important to secure? 0:51:11: Are there accepted standards for infrastructure security? 0:53:38: What are the requirements for volunteers? 1:04:19: How do match volunteers with needs? 1:08:28: How long do the support relationships last? 1:16:31: What key things have you learned from your initial work? 1:22:58: How do you scale this effort to address the massive need? 1:25:18: Shouldn’t Big Tech be doing more here? 1:33:49: How can we help? 1:37:28: If I’m an organization, how do I get help? 1:38:38: What’s next? 1:44:28: Wrap-up 1:47:59: Patron podcast preview 1:48:59: Looking ahead

Today we’ll wrap up my series of tips for enumerating all your old online accounts and deciding whether to delete them or just dumb down the personal data they have on you. There are several things to consider – we’ll go through them all! In other news: a study ranks the most private AI chatbots; LinkedIn is set to use your personal data to train their AI; ChatGPT has released an AI browser; new phishing scam for password manager creds; Gmail did not leak 183M passwords; man discovers his robot vacuum sharing lots of personal data; more info on Cellebrite’s mobile hacking abilities; Flock expanded its surveillance with Ring and drones; and group finds that half of our satellite communications are not encrypted. Article Links Which Generative AI Is Most Privacy-Respecting? https://www.obscureiq.com/which-generative-ai-is-most-privacy-respecting/ LinkedIn will use your data to train AI – how to opt out https://proton.me/blog/linkedin-ai-training Chatgpt Atlas Browser https://www.washingtonpost.com/technology/2025/10/22/chatgpt-atlas-browser/ Phishing scam uses fake death notices to trick LastPass users https://www.malwarebytes.com/blog/news/2025/10/phishing-scam-uses-fake-death-notices-to-trick-lastpass-users No, Gmail has not suffered a massive 183 million passwords breach https://www.techradar.com/pro/security/no-gmail-has-not-suffered-a-massive-183-million-passwords-breach-but-you-should-still-look-after-your-data Man Alarmed to Discover His Smart Vacuum Was Broadcasting a Secret Map of His House https://futurism.com/robots-and-machines/robot-vacuum-broadcasting Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/ Ring cameras are about to get increasingly chummy with law enforcement https://arstechnica.com/gadgets/2025/10/ring-cameras-are-about-to-get-increasingly-chummy-with-law-enforcement/ Exclusive: Flock Safety paid over $300 million for 17-month-old drone startup Aerodome https://techcrunch.com/2024/10/23/flock-safety-paid-over-300-million-for-17-month-old-drone-startup-aerodome/ Leak From the Sky: It Turns Out a Lot of Satellite Data Is Unencrypted” https://www.pcmag.com/news/leak-from-the-sky-it-turns-out-a-lot-of-satellite-data-is-unencrypted Tip of the Week: https://firewallsdontstopdragons.com/removing-old-accounts/  Further Info Data Diet series: https://firewallsdontstopdragons.com/data-diet-introduction/  Backing up 2FA seed codes: https://firewallsdontstopdragons.com/how-to-backup-2fa-seed-codes/  Using email aliases: https://firewallsdontstopdragons.com/how-to-use-email-aliases-part-1/  Claudito: https://github.com/micahflee/claudito  LM Studio: https://lmstudio.ai/  Dark Wire book: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/  My book: https://fdsd.me/book  My newsletter: https://fdsd.me/newsletter  Support our mission! https://fdsd.me/support  Give the gift of privacy and security: https://fdsd.me/coupons  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Table of Contents 0:00:07: Intro 0:00:27: News briefs 0:01:49: News preview 0:03:53: Which AI Is Most Privacy-Respecting? 0:09:21: LinkedIn will use your data to train AI 0:14:23: ChatGPT’s new Altas browser 0:21:46: Phishing scam uses fake death notices 0:25:32: Gmail has NOT suffered a massive password breach 0:27:57: Man finds smart vacuum sending maps of home 0:33:41: More Cellebrite capability details leak 0:38:28: Flock inks deal with Ring cameras 0:42:57: Flock Safety buys drone company 0:46:52: Half of satellite comms are unencrypted 0:51:26: Tip of the Week 1:00:01: Patron podcast preview 1:00:18: Looking ahead 1:01:39: New patron promotion coming?