Firewalls Don't Stop Dragons Podcast

There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards.

Interview Notes

Victory Medium (Zach): https://victorymedium.com/ 

Check My Ads (Iesha): https://checkmyads.org/ 

TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/ 

Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now 

US v Google: https://www.usvgoogleads.com/ 

IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/ 

DROP portal: https://privacy.ca.gov/drop/ 

Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/ 

Apple’s Hide My Email: https://support.apple.com/en-us/105078 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Recommend news stories: send to news [at] firewallsdontstopdragons.com 

Send me your questions! https://fdsd.me/qna 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:20: Intro

0:02:22: Learning the lingo

0:03:34: What identifiers are used to track us online?

0:12:00: How else are we being tracked?

0:23:20: How are we tracked in the physical world?

0:31:54: How do brick and mortar stores track us?

0:37:46: What if the data is wrong?

0:43:58: What if I’m okay with targetted ads?

0:49:14: How does my data overlap your data?

0:54:01: Can’t this tracking also be used to stop fraud?

0:58:08: Why can’t we just use contextual ads?

1:05:22: What can we do about this?

1:13:00: What does NOT work to stop tracking?

1:14:10: What’s next for you two?

1:17:43: Wrap-up

1:21:05: Patron podcast preview

1:21:56: Looking ahead

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain.

In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case.

Article Links

Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data

This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts

This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers

These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns

H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability

This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions

The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer

macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands

Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25

Further Info

Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 

Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:03: News rundown

0:03:17: Walmart buys Vizio for ads, data

0:08:57: Public Zoom calls secretly turned into podcasts

0:17:24: Navia leaks millions of SSNs

0:20:28: TP-Link router vulnerabilities

0:36:25: H&R Block’s horrific tax software

0:45:41: New Claude Mac feature is too dangerous

0:48:22: macOS 24 blocks ClickFix?

0:50:44: Facebook, Google lose huge lawsuit

0:54:22: Patron podcast preview

0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors.

Interview Notes

Privacy Guides: https://www.privacyguides.org/ 

The New Oil: https://thenewoil.org/ 

Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/

This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455 

Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/ 

Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:18: Intro

0:02:11: Why did you get into privacy?

0:07:44: What’s the most enduring privacy myth?

0:14:13: Do you find people dislike the answer “it depends”?

0:16:50: How would you describe your target audience?

0:22:00: How do you evaluate privacy products?

0:27:59: What products have you unrecommended and why?

0:34:27: What are major privacy red flags?

0:43:09: What product do you use that you do not recommend to others?

0:48:05: How will you handle age checks or repeal of Section 230?

0:55:09: Who do you look to for privacy advice?

1:04:22: What’s next for you guys?

1:08:30: Wrap-up

1:10:46: Patron podcast preview

1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface.

Article Links

Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware

Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption

Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/

Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/

Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027

Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/

Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization

EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/

Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/

You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting

Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ 

Further Info

Greynoise IP Check: https://check.labs.greynoise.io/ 

Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 

CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services 

CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices 

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support our mission! https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:07: Intro

0:01:35: News rundown

0:03:41: Update your Asus routers

0:08:55: Instragram drops E2EE

0:12:57: Porn addiction app exposed user data

0:19:54: Dangers of age verification laws

0:30:45: Car surveillance mandatory in 2027

0:35:46: Cyberattack kills breathalizer-equipped cars

0:39:41: LLMs can deanonymize users

0:51:11: Chat Control defeated!

0:55:22: Firefox free VPN coming

0:59:05: New Apple security fix mechanism

1:03:14: Tip of the Week

1:09:09: More security tips

1:13:53: Patron podcast preview

1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening.

Interview Notes

Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/ 

Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo 

Consumer Reports: https://www.consumerreports.org/ 

More Perfect Union: https://perfectunion.us/ 

Get involved: https://action.consumerreports.org/ 

Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 

Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/ 

Amazon price tracker: https://camelcamelcamel.com/ 

Further Info

My book: https://fdsd.me/book 

My newsletter: https://fdsd.me/newsletter 

Support the mission: https://fdsd.me/support 

Give the gift of privacy and security: https://fdsd.me/coupons 

Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

0:00:13: Intro

0:02:44: What’s your background?

0:04:26: What triggered this study?

0:06:08: How did you test this theory?

0:09:25: How prevalent is this practice?

0:11:27: What is a “customer surplus”?

0:13:44: Did the pandemic exacerbate this?

0:15:08: Is this practice legal?

0:21:42: How do ESL’s work?

0:25:52: Are all the add-on fees legit?

0:28:01: Are the stores participating in this, too?

0:32:01: What do they learn from loyalty programs?

0:37:38: Are digital coupons dynamic, too?

0:41:07: Does this amount to price fixing?

0:44:21: What’s been the reaction to your report?

0:49:00: What will you study next?

0:53:04: What can we do about this?

0:58:39: How can we support your work?

1:00:39: Wrap-up

1:03:27: Patron podcast preview