Privacy risks are bad enough for adults - but it's much worse for our kids, particularly as students. Who provides notice and obtains consent for minors at school? In many cases it's not the parents, let alone the students - it's the school system. Not only are they opting the students into invasive data collection by profit-driven third parties, but they often also bind them to mandatory arbitration clauses, neutering their ability to seek legal redress for the inevitable violations. Today I'll discuss this horrid state of affairs with someone who is on the front lines of this battle for our children's right to privacy: co-founder of the EdTech Law Center, Andy Liddell.
Interview Notes
EdTech Law Center: https://edtech.law/about-us/
EdTech current cases: https://edtech.law/cases/
Internet Safety Labs: https://internetsafetylabs.org/
The Right to Oblivion (book): https://www.hup.harvard.edu/books/9780674260528
ACLU, Digital Dystopia: https://www.aclu.org/publications/digital-dystopia-the-danger-in-buying-what-the-edtech-surveillance-industry-is-selling
The Markup, College Prep Software Naviance Is Selling Advertising Access to Millions of Students: https://themarkup.org/machine-learning/2022/01/13/college-prep-software-naviance-is-selling-advertising-access-to-millions-of-students
Proton blog on EdTech and privacy: https://proton.me/blog/ed-tech-trackers
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:02:48: What's your mission at the EdTech Law Center?
0:05:20: What are the unique privacy threats for students?
0:09:46: What privacy laws are there for minors?
0:12:05: How are these laws enforced and litigated?
0:18:21: How does notice and consent work for students?
0:27:05: What rights do the kids have in these situations?
0:29:38: How are these EdTech companies?
0:31:40: Which apps and tools are most problematic and why?
0:37:20: Should minors's data be deleted when they reach adulthood?
0:40:15: Are school systems equipped to understand these contracts?
0:42:35: What about privacy issues with EdTech hardware?
0:45:50: What have we already learned via discovery or reporting?
0:50:01: As a parent, who do I talk to about my child's privacy risks at school?
0:54:16: What are some red flags to look out for?
0:57:10: What responsibilities do school systems have here?
1:00:57: So what can we do? When should we reach out to you?
1:05:02: Interview follow-up
1:06:26: Patron podcast preview
1:07:19: Looking ahead
--------
1:09:43
--------
1:09:43
The In-App Switcheroo
Do you realize that you're not always using your chosen mobile web browser or your network privacy features? Many mobile apps have their own in-app browser that can gather your data and even inject ads and trackers into any web links you click. I'll explain how this works and what you can do about it.
In the news: 23andMe bankruptcy ombudsman argues for user consent to data; Meta AI app privacy nightmare; Amazon, Roku sharing users for ads; WhatsApp launches in-app ads; healthcare sites are sharing your data; ICE seeks powerful new surveillance tool; Austrian government wants your encrypted data; new US visa rules require social media posts; Scattered Spider targeting insurance info; VT governor signs child data privacy law; Flock blocks access to some US states; Microsoft offers 1-year security updates for Win10 users; new Android 16 security features; Denmark's answer to deepfakes; cleaner Google search results; ChatGPT user info reports.
Article Links
[therecord.media] 23andMe privacy ombudsman recommends company obtains consent for sale of customer data https://therecord.media/23andme-privacy-ombudsman-recommends-consent-sale
[techcrunch.com] The Meta AI app is a privacy disaster https://techcrunch.com/2025/06/12/the-meta-ai-app-is-a-privacy-disaster/
[variety.com] Amazon, Roku Strike Deal to Pool Connected-TV Audiences for Advertisers https://variety.com/2025/tv/news/amazon-roku-pool-connected-tv-audiences-advertising-deal-1236432579/
[9to5mac.com] WhatsApp just launched ads for all users https://9to5mac.com/2025/06/16/whatsapp-just-launched-ads-for-all-users-here-are-the-details/
[The Markup] This Is How You Stop Data Trackers From Sucking up Your Health Data https://themarkup.org/the-breakdown/2025/06/17/this-is-how-you-stop-data-trackers-from-sucking-up-your-health-data
[fedscoop.com] ICE seeks proprietary data and tech to monitor up to a million people https://fedscoop.com/ice-seeks-proprietary-data-and-tech-to-monitor-up-to-a-million-people/
[reuters.com] Austrian government agrees on plan to allow monitoring of secure messaging https://www.reuters.com/world/austrian-government-agrees-plan-allow-monitoring-secure-messaging-2025-06-18/
[The Hacker News] New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public https://thehackernews.com/2025/06/new-us-visa-rule-requires-applicants-to.html
[therecord.media] Scattered Spider hackers targeting insurance industry following retail hits, Google warns https://therecord.media/scattered-spider-targeting-insurance-sector-following-retail-attacks
[epic.org] EPIC Applauds Vermont Governor Phil Scott for Signing Age-Appropriate Design Code into Law https://epic.org/epic-applauds-vermont-governor-phil-scott-for-signing-age-appropriate-design-code-into-law/
[404media.co] Flock Removes States From National Lookup Tool After ICE and Abortion Searches Revealed https://www.404media.co/flock-removes-states-from-national-lookup-tool-after-ice-and-abortion-searches-revealed/
[techradar.com] Windows 10 users who don’t want to upgrade to Windows 11 get new lifeline from Microsoft https://www.techradar.com/computing/windows/windows-10-users-who-dont-want-to-upgrade-to-windows-11-get-new-lifeline-from-microsoft
[androidauthority.com] Android 16 introduces Advanced Protection mode to fortify your phone against threats https://www.androidauthority.com/android-16-advanced-protection-mode-2-3566064/
[theguardian.com] Denmark to tackle deepfakes by giving people copyright to their own features https://www.theguardian.com/technology/2025/jun/27/deepfakes-denmark-copyright-law-artificial-intelligence
[tedium.co] Does One Line Fix Google? https://tedium.co/2024/05/17/google-web-search-make-default/
[schneier.com] What LLMs Know About Their Users https://www.schneier.com/blog/archives/2025/06/what-llms-know-about-their-users.html
Tip of the Week: https://firewallsdontstopdragons.com/the-in-app-switcheroo/
--------
1:12:28
--------
1:12:28
ShmooCon: Moose You Already
On January 12th, 2025, the ShmooCon hacker conference held it's 20th and final gathering. I was lucky enough to be able to not only attend the final show but also to interview the founders, Heidi and Bruce Potter. We talk about how it all got started, what made this hacker con so special and beloved, and hear some hilarious stories from the past twenty years of hacker shenanigans in Washington D.C.
Interview Notes
ShmooCon: https://www.shmoocon.org/
ShmooCon 2025 sessions: https://www.youtube.com/playlist?list=PLnKSfJ5rXw95HSPVl5L7dqhKpVAx3q_j0
Turngate: https://www.turngate.io/
HOPE conference: https://www.hope.net/
BSides: https://bsides.org/
Cackalackycon: https://cackalackycon.org/
Thotcon: https://www.thotcon.org/
SummerCon: https://www.summercon.org/
PancakesCon: https://pancakescon.com/
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Recommend news stories: send to news [at] firewallsdontstopdragons.com
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:03:43: How and why did you start ShmooCon?
0:11:05: Why are hacker conferences so different from regular trade shows?
0:17:19: Why limit attendence and how did this give rise to LobbyCon?
0:21:52: What makes a good con? What's your post-con recovery like?
0:27:26: Why did you decide to end the con?
0:29:54: How have other cons influenced ShmooCon?
0:33:16: Why is it important to be so transparent about your con?
0:37:38: What are your favorite ShmooCon stories?
0:44:54: What's it like running a conference as a married couple?
0:49:39: What are you most proud of with ShmooCon?
0:52:13: Was there anything you wish you had done but didn't?
0:56:07: Did you ever consider handing ShmooCon off to someone else?
0:58:13: So what now?
1:00:58: What are some ShmooCon alternatives?
1:06:36: Wrap-up
1:08:07: Attend a hacker con!
1:09:35: Patron bonus preview
1:10:24: Looking ahead
--------
1:11:09
--------
1:11:09
Rogue AI?
Artificial Intelligence is taking over. But I don't mean that in a Skynet kinda way. It's simply becoming ubiquitous because companies are insisting on inserting the technology into all their products, even if it's not useful - or not even safe. Unfortunately, the breathless reporting on dangers of AI is also getting way out of hand, including stories of AI systems 'blackmailing' their designers. Today I'll try to bring us back to reality a bit.
Also in the news: Billions of session login cookies up for grabs; Meta and Yandex cheat in order to track you around the web; Qualcomm fixes three zero-day bugs being actively exploited; Apple releases transparency report on push notification data requests; LAPD using Waymo for gathering video evidence; another massive AT&T user data leak includes SSNs; AI system appears to try to blackmail its owner; judge grants preliminary injunction on DOGE data grab; and we'll check in on your 2025 New Year's Resolutions!
Article Links
[theregister.com] Billions of cookies up for grabs as experts warn over session security https://www.theregister.com/2025/05/29/billions_of_cookies_available/
[arstechnica.com] Meta and Yandex are de-anonymizing Android users’ web browsing identifiers https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/
More info: https://www.zeropartydata.es/p/localhost-tracking-explained-it-could
[techcrunch.com] Phone chipmaker Qualcomm fixes three zero-days exploited by hackers https://techcrunch.com/2025/06/03/phone-chipmaker-qualcomm-fixes-three-zero-days-exploited-by-hackers/
[404media.co] Apple Gave Governments Data on Thousands of Push Notifications https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/
[404media.co] LAPD Publishes Crime Footage It Got From a Waymo Driverless Car https://www.404media.co/lapd-publishes-crime-footage-it-got-from-a-waymo-driverless-car/
[cyberinsider.com] AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs https://cyberinsider.com/att-investigating-new-leak-of-86-million-customer-records-with-decrypted-ssns/
[bbc.com] AI system resorts to blackmail if told it will be removed https://www.bbc.com/news/articles/cpqeng9d20go
[eff.org] Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit https://www.eff.org/press/releases/privacy-victory-judge-grants-preliminary-injunction-opmdoge-lawsuit
Tip of the Week: https://firewallsdontstopdragons.com/2025-resolutions-check-in/
Further Info
2025 New Year’s Resolutions: https://firewallsdontstopdragons.com/new-years-resolutions-2025/
Privacy Guides: https://www.privacyguides.org/articles/
EFF’s Rayhunter project: https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:50: A note on protest privacy
0:04:32: News preview
0:06:43: Billions of cookies up for grabs as experts warn over session security
0:18:27: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers
0:25:59: Phone chipmaker Qualcomm fixes three zero-days exploited by hackers
0:27:51: Apple Gave Governments Data on Thousands of Push Notifications
0:33:25: LAPD Publishes Crime Footage It Got From a Waymo Driverless Car
0:37:39: AT&T Investigating New Leak of 86 Million Customer Records with Decrypted SSNs
0:41:51: AI system resorts to blackmail if told it will be removed
0:51:40: Privacy Victory! Judge Grants Preliminary Injunction in OPM/DOGE Lawsuit
0:56:04: Tip of the Week
0:58:13: Wrapup
--------
1:00:35
--------
1:00:35
Dialog with the Data Diva
Debbie Reynolds (aka, The Data Diva) has been working in the privacy realm for many years, as a privacy consultant, speaker, advisor and podcaster. She and I have been running in the same circles on LinkedIn for a while now, and we finally decided it was time to be a guest on each other's shows. Today Debbie and I will discuss the dangers of privacy in the realm of IoT devices (including her contributions on the US Department of Commerce's IoT Advisory Board), vehicles, and AI. I'll ask about her experiences advising corporations on privacy issues with emerging technologies and how she advocates for less data gathering and more transparency.
Interview Notes
Debbie Reynolds consulting: https://www.debbiereynoldsconsulting.com/
Data Diva podcast: https://www.debbiereynoldsconsulting.com/podcast
My interview on Debbie’s podcast: https://www.debbiereynoldsconsulting.com/podcast/e228-carey-parker
The Right to Privacy book (1995): https://www.amazon.com/Right-Privacy-Caroline-Kennedy/dp/0679419861
IoT Advisory Board report: https://www.debbiereynoldsconsulting.com/iot-advisory-board
Shodan search: https://www.shodan.io/
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:01:27: During your privacy career, how have privacy changed?
0:05:59: How do you define privacy?
0:08:51: What were your contributions on the IoT Advisory Board?
0:12:54: Who was the primary audience for that report?
0:15:49: Which IoT devices have the worst privacy?
0:19:33: How bad are modern cars in terms of privacy?
0:29:50: How does AI threaten our privacy today?
0:33:30: How can we mitigate AI privacy risks?
0:40:11: How can we convince companies to truly embrace user privacy?
0:45:36: What are some of the biggest privacy mistakes companies make?
0:49:34: Why can't we have a global tracking opt-out signal?
0:53:52: What can we learn from the EU's GDPR?
0:58:35: So what can we do to improve our privacy?
1:00:50: Patron preview
1:01:21: Looking ahead
Netherlands