Firewalls Don't Stop Dragons Podcast

Artificial Intelligence – in particular, Large Language Models (LLMs) or “chatbots” – are increasing in power at an astonishing pace. In fact, the latest models from Anthropic (Claude Mythos) and OpenAI (ChatGPT 5.4 Cyber) are so good at reading software code and finding vulnerabilities, that their makers have strictly limited initial access to manufacturers of the most popular software so that they have a head start in finding exploitable bugs. But it’s not all doom and gloom. I’ll highlight the promise of this powerful new technology, as well.

Article Links

Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.: https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it

FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2

Iran built a vast camera network to control dissent. Israel turned it into a targeting tool: https://apnews.com/article/iran-war-security-cameras-surveillance-5f9a1fe5845d94894f3edd50af560d3a

Iranian hackers are targeting American critical infrastructure, US agencies warn: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device: https://thenextweb.com/news/linkedin-browsergate-extension-scanning-privacy-fingerprint

The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine: https://www.secureworld.io/industry-news/pixel-marketing-pii-harvesting

Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance: https://www.wired.com/story/republican-mutiny-sinks-trumps-push-to-extend-warrantless-surveillance

India drops proposal to mandate national ID app Aadhaar on smartphones after pushback: https://www.reuters.com/world/china/india-drops-proposal-mandate-national-id-app-aadhaar-smartphones-after-pushback-2026-04-17

What I learned by vibe-coding my own word processor: https://www.fastcompany.com/91528164/claude-code-vibe-code-word-processor

On Anthropic’s Mythos Preview and Project Glasswing: https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html

Tip of the Week: https://firewallsdontstopdragons.com/ai-promise-peril/ 

Further Info

Support the Internet Archive: https://www.savethearchive.com/authors/ or https://www.savethearchive.com/journalists/ 

Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:08: Intro

0:00:37: Internet Archive needs your help

0:02:00: Router ban update

0:02:33: News rundown

0:05:46: New EU age app has bugs

0:10:46: FBI extracts Signal messages

0:16:33: Iran public cameras hacked by Israel

0:22:46: Iran hackers target US, Israel

0:26:11: LinkedIn scans your devices

0:37:06: TikTok Meta pixel madness

0:43:25: Section 702 on the ropes

0:50:56: India drops ID app mandate

0:53:42: Vibe-coding my own word processor

1:04:07: Schneier on Mythos, Glasswing

1:07:37: Tip of the Week

1:21:59: Patron podcast preview

1:22:24: Looking ahead

There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards.

Interview Notes

Victory Medium (Zach): https://victorymedium.com/ 

Check My Ads (Iesha): https://checkmyads.org/ 

TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/ 

Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now 

US v Google: https://www.usvgoogleads.com/ 

IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/ 

DROP portal: https://privacy.ca.gov/drop/ 

Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/ 

Apple’s Hide My Email: https://support.apple.com/en-us/105078 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Recommend news stories: send to news [at] firewallsdontstopdragons.com 

Send me your questions! https://fdsd.me/qna 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:20: Intro

0:02:22: Learning the lingo

0:03:34: What identifiers are used to track us online?

0:12:00: How else are we being tracked?

0:23:20: How are we tracked in the physical world?

0:31:54: How do brick and mortar stores track us?

0:37:46: What if the data is wrong?

0:43:58: What if I’m okay with targetted ads?

0:49:14: How does my data overlap your data?

0:54:01: Can’t this tracking also be used to stop fraud?

0:58:08: Why can’t we just use contextual ads?

1:05:22: What can we do about this?

1:13:00: What does NOT work to stop tracking?

1:14:10: What’s next for you two?

1:17:43: Wrap-up

1:21:05: Patron podcast preview

1:21:56: Looking ahead

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain.

In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case.

Article Links

Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts

This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers

These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns

H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability

This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions

The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer

macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands

Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25

Further Info

Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 

Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:03: News rundown

0:03:17: Walmart buys Vizio for ads, data

0:08:57: Public Zoom calls secretly turned into podcasts

0:17:24: Navia leaks millions of SSNs

0:20:28: TP-Link router vulnerabilities

0:36:25: H&R Block’s horrific tax software

0:45:41: New Claude Mac feature is too dangerous

0:48:22: macOS 24 blocks ClickFix?

0:50:44: Facebook, Google lose huge lawsuit

0:54:22: Patron podcast preview

0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors.

Interview Notes

Privacy Guides: https://www.privacyguides.org/ 

The New Oil: https://thenewoil.org/ 

Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/

This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455 

Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/ 

Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:18: Intro

0:02:11: Why did you get into privacy?

0:07:44: What’s the most enduring privacy myth?

0:14:13: Do you find people dislike the answer “it depends”?

0:16:50: How would you describe your target audience?

0:22:00: How do you evaluate privacy products?

0:27:59: What products have you unrecommended and why?

0:34:27: What are major privacy red flags?

0:43:09: What product do you use that you do not recommend to others?

0:48:05: How will you handle age checks or repeal of Section 230?

0:55:09: Who do you look to for privacy advice?

1:04:22: What’s next for you guys?

1:08:30: Wrap-up

1:10:46: Patron podcast preview

1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface.

Article Links

Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware

Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption

Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/

Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/

Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization

EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/

Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/

You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting

Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ 

Further Info

Greynoise IP Check: https://check.labs.greynoise.io/ 

Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 

CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services 

CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:35: News rundown

0:03:41: Update your Asus routers

0:08:55: Instragram drops E2EE

0:12:57: Porn addiction app exposed user data

0:19:54: Dangers of age verification laws

0:30:45: Car surveillance mandatory in 2027

0:35:46: Cyberattack kills breathalizer-equipped cars

0:39:41: LLMs can deanonymize users

0:51:11: Chat Control defeated!

0:55:22: Firefox free VPN coming

0:59:05: New Apple security fix mechanism

1:03:14: Tip of the Week

1:09:09: More security tips

1:13:53: Patron podcast preview

1:14:17: Looking ahead