Firewalls Don't Stop Dragons Podcast

In my seemingly never-ending quest to replace all things Google, I’ve finally found some solid, private alternatives to Google Sheets and Google Forms. And we’ll also talk about how the EU is looking to create competing products to reduce their dependence on Big Tech from Silicon Valley.

In the news: Australian drivers’ info exposed in breach; school admissions website leaked student data; Discord is rolling out age verification; more countries move to ban social media for kids; Big Tech companies volunteer data to DHS on anti-ICE users; Meta wanted to sneak out facial recognition; researchers find tricky bugs in password managers; DJI robovacs were wide open on the internet; Ring’s mass surveillance efforts garner blow back; Russia blocks WhatsApp and Telegram.

Article Links

More than 200,000 Australian drivers exposed in massive data breach https://www.drive.com.au/news/over-200000-driver-licences-hacked-in-massive-data-breach/

Bug in student admissions website exposed children’s personal information https://techcrunch.com/2026/02/19/bug-in-student-admissions-website-exposed-childrens-personal-information/

Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out

These are the countries moving to ban social media for children https://techcrunch.com/2026/02/17/social-media-ban-children-countries-list/

Reddit, Meta, and Google Voluntarily Gave DHS Info of Anti-ICE Users https://gizmodo.com/reddit-meta-and-google-voluntarily-gave-dhs-info-of-anti-ice-users-report-says-2000722279

Meta reportedly wants to add face recognition to smart glasses while privacy advocates are distracted https://www.theverge.com/tech/878725/meta-facial-recognition-smart-glasses-name-tag-privacy-advoates

Password managers less secure than promised https://ethz.ch/en/news-and-events/eth-news/news/2026/02/password-managers-less-secure-than-promised.html

The DJI Romo robovac had security so poor, this man remotely accessed thousands of them https://www.theverge.com/tech/879088/dji-romo-hack-vulnerability-remote-control-camera-access-mqtt

With Ring, American Consumers Built a Surveillance Dragnet https://www.404media.co/with-ring-american-consumers-built-a-surveillance-dragnet/

WhatsApp and Telegram blocked in Russia, Meta ‘extremist organization’ https://9to5mac.com/2026/02/12/whatsapp-and-telegram-blocked-in-russia-as-meta-designated-an-extremist-organization/

Europe is ready to ditch US tech for private alternatives https://proton.me/blog/european-alternative-us-tech-survey

Tip of the Week: https://firewallsdontstopdragons.com/de-google-my-life-part-5/ 

Further Info

Avoid tax scams: https://firewallsdontstopdragons.com/its-tax-scam-time/ 

Try Mastodon! https://firewallsdontstopdragons.com/how-to-move-to-mastodon/  

Proton referral link: https://pr.tn/ref/ZMNG3DNK 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:54: News rundown

0:04:27: 200k+ Australian drivers’ data exposed

0:08:08: Aadmissions site exposed children’s info

0:12:44: Discord to implement age checks

0:23:50: Countries looking to ban social media for kids

0:29:40: Meta, Google Gave DHS Info of Anti-ICE Users

0:32:37: Meta wants to add face recognition while privacy advocates are distracted

0:37:10: Password manager bugs fixed

0:39:57: DJI robovacs security flaw fixed

0:45:43: Ring’s new Search Party feature

0:56:36: Russia blocks Telegram, WhatsApp

0:59:15: Europe is ready to ditch US tech

1:04:26: Tip of the Week

1:08:07: Proton referral

1:08:50: Patron podcast preview

1:09:20: Looking ahead

Today I speak with Yahoo CISO Sean Zadig – aka, the Chief Paranoid. Sean has had a long and varied career in cybersecurity, working both in law enforcement (at NASA!) and working security for Big Tech. I’ll ask Sean how we can teach our kids about cybersecurity, and how to protect them from the worst of the internet without compromising anyone’s privacy. I’ll also get his perspective on the relationship between Big Tech, user data, law enforcement and the Fourth Amendment.

Interview Notes

The Paranoids (Yahoo): https://www.yahooinc.com/our-technology/paranoids 

Suddenly a CISO: https://www.yahooinc.com/paranoids/suddenly-a-ciso-four-pieces-of-transitional-advice 

Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:13: Intro

0:01:20: Lingo

0:02:06: How did you become CISO at Yahoo?

0:05:38: Has AI made you job harder?

0:08:54: What the Paranoid ethos?

0:11:49: What a kids taught about cybersecurity?

0:14:05: How do we interest kids in cybersecurity?

0:17:35: How do we get kids to care about privacy?

0:21:42: Can we verify age privately?

0:25:06: Should parents control content restrictions?

0:28:36: Are kids echewing tech today?

0:31:51: How do we combat CSAM?

0:40:31: What’s it like working in law enforement?

0:47:14: Can we get Big Tech to collect less private data?

0:52:19: Is law enforcement skirting the 4th Amendment?

0:58:14: What’s next for The Paranoids?

1:00:01: Wrap-up

1:00:12: Patron podcast preview

1:01:10: Survey highlights

1:05:40: 2026 Milestones

1:06:49: Looking ahead

The latest craze with artificial intelligence is agentic AI – exhibited most recently in the viral AI project called ClawdBot… or Moltbot… or OpenClaw. (The name has changed two times in less than a week.) You download this software, give it access to your AI chatbot accounts, and then give it full and complete access to your computer and online accounts. Why? So you can have an all-powerful assistant who can do real things in the real world as if they were you! What could go wrong?

In other news: a new lawsuit claims Meta can read all your WhatsApp messages; an AI toy exposed chat transcripts of their toddler owners; another AI app leaks millions of private conversations; TikTok’s new terms of service are very scary; the US wants visitors to fork over tons of personal info; UK officials were hit by Volt Typhoon; the UK wants to increase facial recognition in public places; the FBI failed to unlock journalist’s iPhone with Lockdown Mode enabled; Google adds cool anti-theft features; CA town disables Flock cameras; Google cripples home proxy network; and Firefox adds one toggle to disable AI features.

Article Links

WhatsApp Encryption, a Lawsuit, and a Lot of Noise https://blog.cryptographyengineering.com/2026/02/02/whatsapp-encryption-a-lawsuit-and-a-lot-of-noise/

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account https://www.wired.com/story/an-ai-toy-exposed-50000-logs-of-its-chats-with-kids-to-anyone-with-a-gmail-account/

Massive AI Chat App Leaked Millions of Users Private Conversations https://www.404media.co/massive-ai-chat-app-leaked-millions-of-users-private-conversations/

TikTok’s New Terms of Service Has Raised Alarm Bells https://lifehacker.com/tech/tiktoks-new-ownership-tos-concerns

The Trump Administration wants your DNA and social media https://www.privacyinternational.org/news-analysis/5713/trump-administration-wants-your-dna-and-social-media

Hackers suspected of spying on UK officials’ calls for years https://www.theregister.com/2026/01/27/chinalinked_hackers_accused_of_yearslong/

Police to get 40 new live facial recognition vans and AI help in sweeping reforms https://news.sky.com/story/facial-recognition-technology-to-be-rolled-out-nationally-and-police-will-get-ai-support-13499172

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/

Google Just Updated These Android Theft Protection Features https://lifehacker.com/tech/google-just-updated-these-android-theft-protection-features

California city turns off Flock cameras after company shared data without authorization https://therecord.media/california-city-turns-off-flock-cameras-unauthorized-sharing

Google cripples IPIDEA proxy network abused by crims https://www.theregister.com/2026/01/29/google_ipidea_crime_network/

Mozilla Adds One-Click Option to Disable Generative AI Features in Firefox https://thehackernews.com/2026/02/mozilla-adds-one-click-option-to.html

Tip of the Week: https://firewallsdontstopdragons.com/agents-of-misfortune/ 

Further Info

TikTok’s Real Privacy Risks: https://internetsafetylabs.org/blog/research/tiktoks-real-privacy-risks/ 

Private TikTok viewer: https://sticktock.com/ 

EFF’s Atlas of Surveillance: https://www.atlasofsurveillance.org/ 

DeFlock: https://deflock.org/ 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:00:51: News rundown

0:02:51: WhatsApp encryption questioned

0:11:34: AI toy’s logs exposed

0:16:17: AI app leaks user data

0:19:27: TikTok gets worse for privacy

0:23:52: US demands more visitor data

0:30:41: UK hit by Salt Typhoon

0:33:47: UK proposes more mass surveillance

0:36:51: Lockdown Mode protects WaPo journalist iPhone

0:43:03: New Android anti-theft features

0:45:54: CA town shuts down Flock

0:49:07: Google hobbles bad proxy network

0:52:33: Firefox AI kill switch

0:55:18: Tip of the Week

1:02:08: Wrap-up

1:02:21: Patron podcast preview

1:02:30: Looking ahead

We’re all busy people with busy lives. We only have so much time and energy. So when security people dole out to-do lists, we really need to focus on the tips with the most bang for the buck. Conversely, we need to avoid wasting people’s precious resources on advice that is no longer valid or worth the effort. Today, we’ll debunk several of these “Hacklore” tips with security guru Bob Lord.

Interview Notes

Hacklore: https://www.hacklore.org/letter 

Hacklore resources: https://www.hacklore.org/resources 

Elevator (un)safety analogy: https://medium.com/@boblord/psa-elevator-un-safety-7ac69a9498de 

DNC Security Checklist: https://democrats.org/security/ 

CISA Secure by Design: https://www.cisa.gov/securebydesign 

MITRE’s 2007 Unforgivable Vulnerabilities (PDF): https://cwe.mitre.org/documents/unforgivable_vulns/unforgivable.pdf 

Take 9: https://pausetake9.org/ 

Consumer Reports Security Planner tool: https://securityplanner.consumerreports.org/ 

EFF security planning: https://ssd.eff.org/module/your-security-plan 

Removing online data: https://firewallsdontstopdragons.com/data-diet-introduction/ 

Generate passphrases with d20 dice! https://d20key.com/#/ 

Dragon coupons: https://fdsd.me/coupons/ 

Rafifi (film): https://www.imdb.com/title/tt0048021/ 

Xkcd password strength: https://xkcd.com/936/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:14: Intro

0:00:25: Survey, promo wrap-up

0:01:30: Interview setup

0:02:22: Lingo definitions

0:02:52: What drove you to launch Hacklore?

0:07:12: Is this advice truly wrong?

0:11:51: 1) Avoid public WiFi

0:17:38: 2) Never scan QR codes

0:22:43: 3) Never charge devices from public USB ports

0:24:38: 4) Turn off Bluetooth and NFC

0:28:25: 5) Regularly clear cookies

0:32:47: 6) Regularly change passwords

0:38:19: Why do we not have web password standards?

0:44:24: Any bad tips that didn’t make the cut?

0:45:53: WIll Hacklore be regularly updated?

0:46:32: What has been the response to Hacklore?

0:48:08: So what are the actual top security tips?

0:49:56: How do we shift the onus to software makers?

0:53:14: What other resources can you recommend?

0:55:40: What’s next for you?

0:56:53: Wrap-up

1:00:40: Generating passphrases

1:02:00: Accessing show notes

1:03:08: Dragon coupons

1:03:40: Patron podcast preview

1:04:24: Looking ahead

There exist many interesting technical tools which can greatly improve our privacy while still allowing us to use very personal data. In the next installment of my series on Privacy Enhancing Technologies, we’ll look at zero-knowledge proofs – what they are, how they work and what types of privacy problems they can address. Specifically, we’ll show how you can prove that you know a secret without actually revealing the secret.

In other news: Florida may be implementing an age-gating law; the UK government is now considering a ban on VPNs; 17 more people browser plugins that steal your data; popular apps used to harvest data using real-time bidding; police unmask millions of surveillance targets due to Flock redaction failures; AI company sued for secretly scoring job seekers; Microsoft gives BitLocker keys to FBI; and the FTC finalizes restrictions on GM car data gathering and sharing.

Article Links

Oppose Florida’s AI age verification bill, protect your privacy https://www.miamitech.club/oppose-sb-482/

UK government targets VPNs in online safety consultation as Lords vote for ban https://www.techradar.com/vpn/vpn-privacy-security/uk-government-targets-vpns-in-new-online-safety-consultation-as-lords-vote-for-ban

If You’ve Installed Any of These 17 Browser Extensions, Delete Them Now https://lifehacker.com/tech/delete-malicious-ghostposter-browser-extensions

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location https://www.wired.com/story/gravy-location-data-app-leak-rtb/

Police Unmask Millions of Surveillance Targets Because of Flock Redaction Error https://www.404media.co/police-unmask-millions-of-surveillance-targets-because-of-flock-redaction-error/

AI Company Eightfold Sued Helping Companies Secretly Score Job Seekers 2026 01 21 https://www.reuters.com/sustainability/boards-policy-regulation/ai-company-eightfold-sued-helping-companies-secretly-score-job-seekers-2026-01-21/

Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw https://www.forbes.com/sites/thomasbrewster/2026/01/22/microsoft-gave-fbi-keys-to-unlock-bitlocker-encrypted-data/

FTC Finalizes Order Settling Allegations that GM and OnStar Collected and Sold Geolocation Data Without Consumers’ Informed Consent https://www.ftc.gov/news-events/news/press-releases/2026/01/ftc-finalizes-order-settling-allegations-gm-onstar-collected-sold-geolocation-data-without-consumers

Tip of the Week: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/ 

Further Info

Annual Listener Survey!!! https://fdsd.me/survey2026 

New Patron Promotion!! https://fdsd.me/promo126 

Data Privacy Week: https://www.staysafeonline.org/data-privacy-week  

HaveIBeenFlocked: https://haveibeenflocked.com/ 

404 Media FOIA Forum: https://www.404media.co/foia-forum-archive/ 

NextDNS: https://nextdns.io/ 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:00:51: Last call for survey, dragon coin

0:02:17: Winter storm

0:03:14: News preview

0:05:02: Proposed FL age-gating bill

0:11:33: UK government targets VPNs

0:15:42: More malicious browser extensions

0:21:22: Popular apps leaking personal info (again)

0:31:26: Have I Been Flocked?

0:41:37: AI company sued for secretly scoring job seekers

0:46:41: Microsoft give BitLocker keys to FBI

0:56:05: FTC restricts GM from selling car data

0:59:34: Tip of the Week

1:10:49: Wrap-up

1:12:16: Patron podcast preview

1:12:42: Looking ahead