Security Unfiltered

Building Safer Online Habits Without Becoming Paranoid

Joe South Episode 219

Share episode

Send us a text

We trade office chaos for focused remote work, then chart the journey from a 1999 idea to one of security’s most-used tools. The talk widens to cyber warfare, scams, and practical privacy steps anyone can take without going off-grid.

• year-end boundaries and remote work focus
• origin of WhatIsMyIPAddress and staying humble
• don’t invite hackers, real-world conference fallout
• elite cyber training, Ukraine drones, satellite comms
• podcast guest vetting, authenticity, and value
• preventing scams, empathy for victims, proof problems
• privacy without becoming a hermit, actionable steps
• 2FA on email, credit freezes, password strategy
• data collection at retail, saying no with confidence
• ads as social engineering, better defaults online

“I will give anyone who wants the book can come to my website and get the book… If you don’t want to give me your email address or your name, I’ll give you the book without the email address and your name.”

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

SPEAKER_00:

How's it going, Chris? It's great to get you on the podcast. I I looked back because, like, you know, I I just kind of fly by, you know, the seat of my pants with my calendar at this point. And I looked back and I was like, man, when would when did we start talking about this thing? It was like in September, you know, and we're finally on in November. I'm already like wrapping up my year trying to figure out like, all right, who do I really want to talk to, you know, November and December? Because I typically don't record anything in November and December. Yep.

SPEAKER_01:

I I am the same way. I try to, you know, I can't tell you how many guests have tried to reschedule once November, December, oh, this family thing came up. So I'm the same way. I try to get my year wrapped up by the end of October. Anything in November and December is just a bonus.

SPEAKER_00:

Yeah, yeah. No, I I try to, because I have such a crazy schedule, I try to just like take off a month or two from like some of my you know side work that I'm doing, right? Like unfortunately, I can't take like two months off for my nine to five, but you know, at least like from the podcast, you know, all that content will be already recorded. And, you know, my course creation, book writing, all that stuff will be like on pause, you know, for a month or two, which will be nice, like for a change, you know, because it it's like I also I kind of do this to myself, I guess, because like once my kids are home from from school from daycare, like I'm with them until they're up until they're down. You know, I'm not working or anything like that. If someone calls me from work, like I even told my boss, I was like, let me be very clear. If you call me after work hours, it better be something that I'm the only person in this company can solve it. Like if someone else can solve it, I'm hanging up on you, just to be clear.

SPEAKER_01:

Yeah, and and and these days, you know, I I think particularly since COVID, this kind of work-life balance is totally blended with work from home. When does work really end? When does, you know, family start? It's a little blurry these days.

SPEAKER_00:

Yeah. Yeah, I feel like you have to have that clear delineation, you know, for yourself.

SPEAKER_01:

Yeah.

SPEAKER_00:

But now, you know, it's crazy because I started my career going into the office, you know, just not even thinking about it. I mean, I lived, I'm based out of Chicago, so I live downtown Chicago, and going into the office wasn't that big of a big of a deal typically. You know, it's a bus or a train ride away. But now I'm out in the suburbs, I have a house, right? I'm 45 minutes away from the loop with no traffic, which never happens, right? And then for someone to like have me go into the office, that is such a hard sell. And I never expected it to be that hard of a sell, but it's now it's like, well, why would I why would I go work for you for 50k more a year when like I get to be home, I get to do my podcast, I get to be home when my kids are home, you know, like I get to take them to daycare. Like, why would I ever go in? And that's something that like I feel like companies fail to understand, where it's like the benefits like are in my my corner in this situation, you know. And I I don't know. Seeing work from home go away like it, like it is, it's frustrating because it's like, can't you guys understand this? Like, I'm doing the same amount of work, if not more, for you.

SPEAKER_01:

And that's like most of the people that I've talked to who went from fully in the office to fully at home are like, I get so much more done when I'm at home. Now there's there's some people that are like, I can't focus, I can't wait to go back into the office. And for those people, you know, go for it, go back into the office. But other people are like, you know, there's not 16 people walking by my office every day interrupting me. I, you know, I can when I want to get two hours of uninterrupted work done, I can do it at home.

SPEAKER_00:

Yeah, yeah. No, I yeah. That is such a good point. Like, cause that in the office, like I'm talking to other people, and you know, devs are coming up complaining to me about you know stuff that I'm forcing them to do, and now I have to argue in person rather than over camera, you know, like it's a totally different situation. I'm not like trying to be argumentative, I guess, with them, but that's you know, that's the nature of security work at this point. Yeah. Well, Chris, you know, why don't you tell me how you got started in IT and just cybersecurity overall, right? Because you you created maybe the most popular application or website that basically any analyst and every analyst, you know, will use every day of the week, you know, which like a lot of people don't even realize it. I feel like I I I had no clue who the creator was or anything. I was just, you know, I had that website open constantly. I mean, it was every day when I got started.

SPEAKER_01:

And it's kind of funny for the first probably 15 years, I actually not that I avoided having my name associated with it, but there was nothing on the website pointing towards me as an individual. Yeah. For probably at least the first 15 years. Because I was just like, well, I just, yeah, I I, you know, I'm I'm not risk well, yeah, I'm risk averse, but I just didn't want to be the public face of something. It was just let this thing be its own thing and let me not be involved with it in that sense. So I think it was 19 oh gosh, I'm gonna date myself, 1999. I was working for an online mail order catalog company. We're just starting to uh the early days of the internet, and our marketing department would, you know, work on the catalog, and then they would FedEx a hard drive with the catalog on it to the printer, and the printer was finally like, hey, we're gonna start doing this online. We want you to upload your catalog, and we need you to access our FTP site, we're gonna poke a hole in it, we need to know your IP address. And everyone went, huh? What's what's that? And in those days, like inside your network, you wouldn't even know what your public IP address was. And I thought, well, gosh, there really should be a website to uh tell you that. And that night I went home and gosh, in those days it was like 200 bucks to register a domain name, registered what is my ip address.com, started it up on a Windows NT server box in my home on a DSL connection, and that was the beginning of it.

SPEAKER_00:

Wow. Yeah, that is uh it's fascinating because it's like it's such a core you know tool almost, right? And I mean, at least when I was using it, like there was no like pro, you know, version of it or anything like that. It was just very simple. What's my IP? You know, hit enter.

SPEAKER_01:

It was seriously for the first probably five to ten years. If you went to the website, there was no logo, there was no content, it just spit back your IP address for probably the first 10 years.

SPEAKER_00:

Yeah. Yeah, no, it's it's super, super helpful, right? It's interesting what the just what the security community, you know, puts together, right? That that like ends up being so super helpful for everyone else, you know, and like I feel like the security community above and beyond everyone else, like it's typically free. You know, like I've I've had people on that have created, you know, tools and enterprises and whatnot, and they're like, oh yeah, here's this free version that secretly has everything. You just need to know how to look, you know, or where to look.

SPEAKER_01:

IT just seems to be a lot more altruistic than a lot of other industries.

SPEAKER_00:

Yeah, yeah, because you know, I I feel like everyone has tried to get relevant information before, and it was extremely difficult to find. And like that sort of thing really frustrates, you know, hackers and security people overall, right? And and when you frustrate a hacker, you don't like detour them, you you attract them, you know. Same thing with taunting, you know, hackers. It's like, why would you ever, ever taunt a hacker who's already bored and he is looking for a reason to do anything?

SPEAKER_01:

I will never publicly or privately say, you know, I'm impenetrable. No one can ever get to gosh, no, that's you know, yeah, I'm not gonna invite that. Sure, everybody's hackable. You jump on a mountaintop and say you're not, you're doubly, you're now a target. And I I have no desire to be a target.

SPEAKER_00:

Yeah, like what was it, Caesar's Entertainment a couple years ago leading in the DEF CON. It's like, yeah, I've talked about it several times on the podcast, right? I'm sure my audience is probably like tired of me talking about it to some extent. But it's like it's like, dude, what are you what are you really thinking right now? Like, seriously, you have 40,000 of the world's best hackers in one place. I mean, the FBI, the CIA, and the NSA, they all show up to these conferences like to learn and recruit from this conference, right? Because they're not getting these people to apply. They're like, you know, meeting them up at a bar and slipping a card under their drink saying, like, hey, give me a call. You know what I mean? Like, it's that sort of environment. So, like, what's gonna happen when we have a vendor who goes and buys us unlimited drinks at the bar, and then we read a news article saying that Caesar's entertainment just said that they're unhackable. Oh, I happen to be in Caesar's palace right now. Let's see how unhackable they really are. Any anything that is designed by humans has vulnerabilities. I don't think they found that guy yet. I don't know if they have. And just to make a point, too, they blue screened their slot machines for the next four years after that and got DEF CON kicked out of Cersei's palace, which is very frustrating. It's like, man, I don't I don't understand it. And this guy's supposed to be in security too, and he says something like that. It's like, all right, well, you've never been on the other side of security then. You've only been a suit, you know. Don't invite drama. Yeah, yeah. No, I I work for a professional services firm now, and I work with like some of the best, some of the best in the industry. I mean, some of these people used to work for you know the NSA, right? And you start talking to them, and I've I've actually interviewed a cyber warfare officer from the NSA before, before he got disappeared off the internet after our conversation. And the episode hasn't gone live. It'll go live next August. I'm just gonna let it go live, you know. So if the US military's hearing, like that's when it's gonna go live. Because like, you know, we did the recording, and then he like someone found out that he did the recording, and they told him to tell me very firmly not to release it for the next four years. And I was like, Well, that sounds like a good reason not to do it for the next four years because it's not a very good look for my neighborhood for me to like have the FBI show up, you know. Yeah, yeah, not good look at all, they'll kick me right out. But but uh, you know, he was he was talking about how they're trained, and they're trained just like the the special forces. I mean, literally, you know, you look at the special forces, you know, Navy SEALs, Green Berets, Delta, any of them. And I mean, it's a two, two and a half year process. The government's putting millions of dollars into these people to ensure that they're trained to the absolute best capabilities possible. And any day for any reason, you can be cut. They don't like how you look that day, you're cut. Like they don't like, but you were 10 seconds off on your five-mile run. All right, we're gonna punish you with another five-mile run, and if you fail that one, you're done. You know, like that's just like cut and dry, plain and simple. You know, five-mile run in wet sand in California. I'm in trouble. In boots, good luck, you know. But they do the same thing on the digital side, which was really interesting to me, where you know, they would wake you up in the middle of the night. He said sometimes. They would wake you up in the middle of the night and uh, you know, force you to come in and immediately do an exploit, like build one right now. It has to get into this target. You have two hours, and that's what it is, you know. It makes sense. Yeah. He said that there were like he knew he knew a lot of people that just never even made it through, you know, that they got cut immediately. Like he said that there was one person that he was friends with that he was really tired and he improperly put a line of code. It was just one line of code, but he like misspelled something, so the code wasn't gonna work, you know, when it hit that line. And they saw it and they let him go that day. They're like, Yeah, you're going back to whatever fleet you're from, you know, good luck.

SPEAKER_01:

He was out. I mean, I mean, it makes sense if you know cyber, the cyber surface is just another platform and you need to have the same discipline and organization and functionality as what's the what's the expression, those that are kinetic? Yeah, yeah.

SPEAKER_00:

Well, it's also it's also important to have that skill set, you know, be like the tip of the spear, especially because it's another war platform. It's another like it's not just an attack surface. It's like if you know, if you want to avoid an another country, which we did with Iraq, you turn off the lights. You get every advantage that you can. You turn off the water, you know. I mean, like, that's what we did. You know, that that stuff was unheard of. You know, when they when they announced that, oh, we turned off the power in the country, everyone thought, oh, we bombed their power grid, right? Took it out. No, it was still intact. We wanted it intact for when we like won, you know, and owned the country. And oh, here's the lights back, you know? Yeah. Like we digitally got in there and turned them off and they never came back on, you know. It's just an interesting world we're in right now. Absolutely. Yeah, we're we're kind of at the precipice of something, something that I don't think anyone really knows what's gonna happen next, you know? It's a really weird time. It's like it could go any way, any direction. It doesn't look good.

SPEAKER_01:

And I wonder like how many generations before us have said exactly the same thing.

SPEAKER_00:

Yeah, probably a lot, you know. Because the world is like really crazy. But I feel like I feel like now it's even more present because we have such great access to to the data, to the information, you know? It's just it's an interesting time, and and cyber warfare is going to play a bigger part in whatever comes next, you know. Yeah.

SPEAKER_01:

Just watch what's happening in between Ukraine and Russia.

SPEAKER_00:

Right.

SPEAKER_01:

And uh the tit for tat back there, and how we using how is new technology being used in modern warfare. I mean, the whole way drones have been used in Ukraine, and it's it's amazing that, like, hey, forget these multi-million dollar drones, let's use hundred dollar drones.

SPEAKER_00:

Yeah. Yeah. My I'm getting my PhD right now, and kind of like the precipice of my PhD is the 2022 Viasat hack that Russia pulled off, you know, that took down comms and GPS and everything for the region. And it's like, if we don't start figuring this out, we're gonna lose wars before they even start on the ground, you know? That's the very first thing anyone with half a brain in in you know the war theater, the theater of war, would say, Yeah, we need to own their communications. Like, how can we possibly like effectively take them out quickly or ever if we don't own their communications? We have to own their communications, their capability of GPS, you know, all this stuff. And how do you do that? You do it with satellites. You don't do it, you don't do it on the ground. The ground is becoming less and less relevant for satellite capabilities.

SPEAKER_01:

Have you have you seen the footage of what a lot of the Ukrainian fields look like now? They look like they're covered with spider webs. Yeah. Because of all the electronic jamming on the drones, they a lot of them are flown via a fiber optic line. And so it's they're just a single thin filament running behind the drone. And so the fields are covered with single lines because, like, well, everything's being jammed, so let's go back to the physical realm again.

SPEAKER_00:

That's crazy, you know? That's so it's such a weird thing to think about, you know. And I I was watching something where it said that like they're bit basically back to like trench warfare, you know, like World War One style of fighting. Like, it's insane. Yeah, yeah. Yeah, I I uh I really want to dive into like your podcast overall and full disclosure. I haven't watched it, I haven't listened to it, I've known about it. I I just haven't, you know. Like the thing with podcasting, you would think, oh, now all you listen to is podcasts. It's like, no, that's the like the last thing that I actually listen to. So like, you know, please don't hate me for that, but not at all. Yeah. Being in podcasting myself, you get you get you get to have on some really interesting guests. Yes. And sometimes it's it's at least for me, sometimes it feels like the guests probably shouldn't be there in terms of like, I feel like I'm talking to someone who's on the run right now, you know. Do you ever interview?

SPEAKER_01:

I interviewed John McAfee while he was still alive. And so, yes, he I mean it was he was on the run at the time. Jeez, yeah.

SPEAKER_00:

I talked to uh Chris Roberts out of I think he was like out of Australia or something, of all places, and he was talking about how the Taliban paid him to develop a technology to counteract the US jamming of their IEDs. And so he did, and I was like, man, I immediately feel like I should just end this conversation, you know. Like it was probably like a hundred episodes ago, but it still it's like I don't I don't know if I wanna I wanna talk to you anymore. Yeah, I could totally see that. Yeah, uh I want to have them back on, but it I feel like it needs to be uh well like figured out and decided on what we're gonna discuss. Yeah.

SPEAKER_01:

You know, there's nothing worse than than a uh a podcast conversation going sideways on you.

SPEAKER_00:

Yeah, yeah. Well, there's nothing worse than someone coming on the podcast and not wanting to talk. You know, I've I've had that before, and like you said before we got started, right? Like 99% of your episodes always go live. For me, it's it's the same thing, you know, the vast majority of them go live, but then there's a couple that like, you know, you get the person on there and you know you can always tell if they're nervous or if they don't want to be there, or if they really want to be there, or if they're experienced with being on podcasts and whatnot. And the only one that I don't like having on is the ones that don't want to be there, right? Because it's like, all right, now you're wasting my time and your time. So like that's an insane amount of money right there, you know, that you're wasting. Like, why are you even why are you even doing it? You know, do you encounter that often? Do you still let those episodes go live? Because like it's a weird situation because you're still being authentic to yourself and your listeners and your viewers, right? But you're not showing that person in a very good light, you know. So it's it's a weird thing and it's not a good conversation typically.

SPEAKER_01:

Yeah. I mean, there there's there's a couple I interviewed an author, and he's a great writer, but it was he was an atrocious interview. It was ask him open-ended questions, and it was yes. Can you tell me more about that? No. And so I've had a couple interviews like that that have that I it there was no value to the audience, so why ever publish it? You know, it was unfortunate use, you know, loss of our time, but you know, hey, that happens. And then I've had a couple of interviews where the guest was overly promotional about something. It was, hey, you know, if you visit my website, we've got this course and da-da-da-da-da-da-da. And then the next sentence was, well, hey, if you go to the course and da-da-da-da-da. And those in general, we've been to edit we've been able to edit them. And so maybe it was a 45-minute recording, it turns into a 35 minute episode because we got rid of all the self-promotional stuff. So I think I've kind of gone both of those ways. And I think we've gotten good or better at, I shouldn't say necessarily good at we've gotten better at kind of uh pre screening guests, making sure that they've got uh you know interview, interview agreements. Experience that they have they're used to being in front of a camera. They're not, you know, in a dark room where you can't see them, and their microphone is, you know, from Radio Shack from 2019 from 2000, gosh, from 1990. Yeah. But I feel like these days most people are they're in front of a decent camera, they've got a decent mic, they know what they're talking about, they're passionate about it. And once you get someone who's passionate about a topic, usually the conversations are pretty easy to have.

SPEAKER_00:

Yeah, no, that that's very true. I I probably need to do a better job of you know, like doing prep calls and stuff beforehand. Yeah, I mean, I I definitely need to, you know, there's always like a list of things that I come up with throughout the year that I just I say, like, okay, next year when I take that month or two off from recording, like that's what I'm doing, you know, to because there's just like no way to do it outside of that. You know, you know, like you know, you're busy with the kids, busy busy with my PhD, busy doing the nine to five stuff. You know, it's like the the podcast is such a side thing right now, and it's becoming more more prevalent, more important, which is interesting because when I started this thing, I mean my goal was literally having 10 people listen to the podcast, and that was a success, you know. It it sounds very, very similar to my start.

SPEAKER_01:

I yeah, when I started, it was like I had been interviewed for a bunch of podcasts, and someone I was working says, Well, you need to do a podcast now. I was like, Oh, great, like I don't want to do this. Okay, I'm gonna commit to doing it. I'm not gonna think about the cost of it, I'm not gonna think about income. There's gonna be no monetization, like none of that. And I'm gonna commit to doing 52 episodes. And if I make 52 episodes, then I'll decide what I'm gonna do. And here I am, you know, 300 episodes in at this point, and there's so many neat people to talk to. And yeah, sometimes it gets a little repetitious, but I've just talked to so many incredible people. They're so passionate about helping the community that are interested in if I could just keep one person from being scammed, you know, that it's worth it. That excitement just works through, you know, all those days when you're like, I don't know if I really want to do this. Knowing that someone is gonna be positively impacted by the content is like, okay, that's worth it. That's gonna make it worth it doing.

SPEAKER_00:

Yeah. Yeah. No, I I have that same mentality, you know. I like to know what I'm doing is providing value to some extent. Because if I'm not, then like, why am I doing it? You know, I used to, I mean, I I've worked for a lot of different companies, and the good managers that I've had, they they understood, you know, like where I was coming from when I'd be on these calls and I wouldn't say anything. And, you know, my architect or other engineers or whatever, they'd just be like, Well, Joe's not saying anything. What's he doing? He's supposed to be the lead, you know? And my manager would just say, Yeah, he doesn't want to just fill the air with you know useless information or repeating something that the architect already said. Like, that's not value to Joe. And it makes sense because he's not wasting anyone's time. In fact, we're kind of wasting his time. And like people started to, you know, kind of understand that, right? Because like that, that's that's true. Like, I'm not gonna just talk just to talk. I mean, I know I'm a podcaster, but it's like, you know, there has to be value behind it. And that's that's also why I started the podcast too, right? Is uh, you know, I started it because I had such a hard time getting into security, and all I wanted was advice, you know, from from some from people already in the field. And I'd be reaching out to people and they wouldn't, they wouldn't even respond, they wouldn't even look at my message or anything, you know. And that's awful. I just felt like that is so dumb, right? Because wouldn't you want if you really like the field, wouldn't you want as many people in it as possible? You know, it doesn't like make you less valuable, you know, and it was so frustrating for me. And now now I'll I'll respond to pretty much everyone, you know, online, right? Like, so now I'm probably gonna go go and get flooded because I'm reminding my audience that I'll actually respond to them. But like I respond to everyone, you know, online that asks me a question of like, hey, how do I get into this thing? Like, how do I do this? Where do I go for this? You know, the last thing that I even do is like promote any of the content that I've like put out that I get paid for, which my the companies that that I do it for, they get pissed off at me because they're like, you did 300 episodes and you didn't even mention you know the course that you did. And I'm just like, I don't, I don't think about it, I don't know.

SPEAKER_01:

Yeah, I mean I mean that that's the challenge is there's you you you get people that are that get just too busy with life and get too tired and and don't want to engage, and then you've got people like you who are like, no, I I had a high I had a rough go at it. I want other people to have a better experience. And you know, I I try to do that with you know the support that I offer, whether it's the podcast or the website. If you know someone is like, hey, I'm I got scammed, I'm like, that hurts to me. It's like, okay, what what can I do to help you? Like, is there anything I could do? And and honestly, in most cases, it's the most I can do is be a listening ear. Like, I can't help you get your money back. It's unlikely that the person's gonna get caught, but I can at least be someone who's gonna listen to what happened and empathize and say, man, that's you know, try these things, talk to these people, take these steps to to at least stop anything else bad from happening. But, you know, last thing people want is like, I want help, and there's nothing from the void comes back.

SPEAKER_00:

Yeah, yeah, right. Yeah, like even today I got a phone call, and I think yesterday too, I got a phone call trying to scam me saying that I owed the IRS some money. Like, trust me, if I owed the IRS money, I would be in contact with the IRS. Like, they would be calling me, you know, not some scammer trying to be like, oh, we can lower your bill. Like, there's no lowering it with the IRS unless you go and find some legitimate receipts. Like, there's no lowering it.

SPEAKER_01:

It was funny, I was uh interviewing, I think it was uh Ian Mitchell runs uh an anti-fraud organization called the Noble. And he had been in Las Vegas doing conferences and whatnot. And at some point along the line, he started getting these phone calls from a medical debt collection company saying, Hey, you haven't you haven't paid for your ambulance ride. And he's like, he just assumed it was a scam and kept getting the calls and kept getting the calls, and finally he was like, Okay, this is getting annoying. What's going on here? And someone had needed an ambulance ride in Las Vegas and had provided his name, his address, his social security number, all of his personal information was used in that incident. And so now he's like, Okay, how do I how do I prove that it wasn't me? Because like it's well documented. I was in Las Vegas at the time, but it's you know, it's weird because sometimes there was a fraud that happened and the call you're getting is legitimate. But how do you know? Like, I would have been the same thing. I wasn't there, it wasn't me. I didn't take an ambulance ride.

SPEAKER_00:

Do they even have cameras and ambulances? Because that might be a HIPAA violation, you know. I don't know, but would you even prove it outside of a camera?

SPEAKER_01:

Well, you probably like the guesses from the ambulance rides, no. But if it was a result of, let's say, an auto accident, then there's gonna be police body cam. And you'd probably have to FOIA the police department for the incident and all that stuff. And they might have had a real driver license and a real, you know, they might have had real information for the person that was taken to the hospital who then just used this other guy's information on a form. But like someone had to think about it in advance, like had planned on using fake information.

SPEAKER_00:

Yeah, that's insane.

SPEAKER_01:

I wouldn't think of that for an ambulance ride. I could, you know, you go to the dentist, I need a filling. Like, okay, I can plan in advanced use someone else's identity for that. But for an ambulance ride, maybe it was just after the fact when he started getting billed. He's like, I don't want to pay for it, I'll have someone else pay for it.

SPEAKER_00:

Yeah, I wouldn't, I mean, I wouldn't even like memorize someone else's info like that. You know what I mean? Like, that's like taking it to another level where like this guy must be doing it all the time to where, you know, he he gets into some situation and he gives a fake name and knows the address and everything. Like, that's like some, you know, CIA rogue identity sort of stuff where where you have to memorize an entire persona.

SPEAKER_01:

Yeah, I mean, Ian was thinking that it was maybe because he's so because he's fairly well known in the anti-fraud community that it was someone in effectively uh intentionally trying to mess with him and doing it for that reason, not necessarily because they were trying to skip out on paying for an ambulance ride.

SPEAKER_00:

Yeah, one of us got bored, you know. That's that's what it is, right? Like I I've had some of these hackers on and like they're a national security threat if they ever get bored. You know, like the government the government needs a task force just to make sure those people are not bored, you know.

SPEAKER_01:

I'd I'd love to get a whole bunch of bored hackers and say, like, take down some of these, you know, trafficking rings that are running scam call centers in East Asia, like yeah, Kip Boga and those guys have done it, but like let's get some NSA level guys going and like take out some hack take take out some of these scam organizations. Let's see how fast you can do it.

SPEAKER_00:

Yeah, that would be that would be amazing to see that, you know. And I've it's interesting that the hacker community doesn't have a bigger presence in terms of that because you know, I I immediately think about like child exploitation, right? Where it's like there's no way that these criminal organizations that are doing that are so well secured that no one can get in. There it's just no way. There's no way, right? Especially like how they're hosting it, all that, all that stuff, right? And it's weird to me that the community hasn't formed, you know, a group that all that they do is take that down in their free time, you know. Like let's actively attack this thing. It's probably, I mean, I don't know. I can't think of more things that are like more evil than child exploitation. I mean, yeah. Especially if you have kids and then you realize, you know, it's like, hey, they are extremely vulnerable. Yeah. Like extremely malleable, you know. It's like if we're gonna protect anything, it's gonna be the kids.

SPEAKER_01:

I would, I would hey, hey anonymous, hey, whatever group who wants to go after child sex trafficking, like go after the child exploiters, please.

SPEAKER_00:

Yeah, maybe I'm gonna go start something for it, like, you know, because it's like, I don't know. That that's just like the easiest sell in my mind. Like, hey, let's go get we can all go get drunk together, even I'll pay for the alcohol. Like no one is going around defending the child export exploitation. Right. And if you are, it's a little sus. It's a little questionable. That that becomes worrisome in and of itself. Yeah, yeah, no, for sure. So you you also wrote a book, and I'm starting down this path as well, which I don't know. I'm probably gonna regret doing it, to be honest, because uh like I'm getting my PhD right now, and it's just it's just like full on. But in my light, light defense, I think I got past the hard part of my PhD, and now I just have to actually do the technical work for a weekend and write about it. But I don't know. I I feel like I'm gonna spend more time on it than I than I estimate. Probably.

SPEAKER_01:

You know, privacy is just this okay. So if you look at the macro level, there's this argument of privacy versus security, of if you're looking at it from like a governmental or a national security point of view, that if you want really good national security, people have to give up their privacy. And if you want to have really good privacy, then there's going to be international security risks. And all those are probably worthwhile conversations to have, but I think that's different than like your personal privacy and your personal security. Those things are not opposed to one another. If you if you were being more secure, you're probably also being more private. If you're being more private, you're also being more secure. Like these things are not, it's not like in your personal life you choose one or the other.

SPEAKER_00:

Yeah. Yeah. So what's the what's the book about and what it what's it titled and what made you want to go down that path of of writing the book?

SPEAKER_01:

So the book is uh privacy, how to maintain your privacy without becoming a hermit. Because like I think there's so many books out there that are like, hey, how to become invisible. Well, that's a miserable existence. Ask John McAfee. Well, I guess you can't anymore, but like they're either written from this perspective of it's an all or nothing. You either have to like disappear and you know live in a cave somewhere, or you know, in conjunction with that, you need to be absolutely afraid and terrified of anything and everything. And that's like that turns people away from just making practical decisions in their life. I think it started with with a podcast talking about fraud and scam and realizing like there's steps that we can take that are actionable, practical, that move us down the road. In the same way, you know, from a security standpoint, if you don't have 2FA, I don't care what it is. If you don't have 2FA, enable something, anything, because it's better than nothing. And I think it's the same thing too for our privacy is taking little steps that we can manage, that like, hey, I can do this, keep us from being low-hanging fruit, keep us from reduce our data from being monetized, reduce what's on us about on us about us on the internet. You know, there's just simple steps that we can take.

SPEAKER_00:

Yeah. Yeah, it that's very true. It's interesting that you approach it that way because I'm sure that that will be really helpful for like the elderly community, you know. I'm sure they feel like they're completely, you know, like out of the conversation, out of the out of the realm of possibility of even staying protected. They're just kind of hoping, you know, that it doesn't happen. Interesting example is, you know, my wife, she went to Kohl's and they wanted to give her a Coles card, and she asked very specifically, is it a credit card? And they were like, no, it's not a credit card. So my wife put down the information, you know, and the the credit pool got blocked. And I got an alert on it, you know, and I didn't I didn't care if she was gonna open up the credit card or whatever, but I immediately texted her, I was like, Hey, did you intend to do this? Like, you want me to just unlock it real quick? And she was like, What? They told me it wasn't a credit card. I was like, Oh, they committed fraud. Yes, no, that would never happen. Yeah, and like a huge chain, you know, is that Kohl's, right? Like, and she like asked very clearly, is it a credit card? And they were like, No, it's not. And she's like, Okay, if you're gonna give me a discount, like I might as well, you know. And uh, sure enough, it shows up. I'm like, man, you know, because that's such a basic thing, you know, to do to just lock your credit. Yeah, that's so many people don't even know to do.

SPEAKER_01:

Yeah, but that'll be simple based things, lock your credit. Yeah, privacy stuff usually has an inconvenience. There's some like if you take privacy action, there is some friction that's gonna happen, which is why those things need to be intentional. I'm gonna lock my credit because I don't want people opening credit accounts in my name. I don't want this stuff going on. Yeah, it's actually probably good for us financially because we have to jump through hoops in order to open up a credit card to buy a car. We're gonna be less impulsive. We're gonna be more intentional about what we do if if we do it that way. But you always have to think of, you know, why is Kohl's offering, hey, we're gonna give you a 10% discount. They're not doing it because they like you, because they just want to give you a discount. They know that if they give you a 10% discount, they're more gonna make up for it in selling products to you. Like it's not altruistic on their part.

SPEAKER_00:

Yeah. Yeah. And, you know, my my wife, she wouldn't even think twice about it, really, because she's uh she's an early childhood special education teacher, right? So it's like she's not thinking, you know, everyone's out to get her or anything like that. Like I'm the I'm the paranoid one. Like I'm the one that's wondering what you're gonna do with my social security number after I put it into this, you know, either on this paper piece of paper or you know, into your system or all that sort of stuff, right? So and like you said, it's inconvenient. It's not supposed to be like super convenient, you know. Like when I call up Chase and I talk to my account manager, it's like there's a step to the process that I have to go through that verifies it's me. And as it should be, because I have 300 episodes out there of me talking online. Someone can easily do a date deep fake of me, you know, but if they don't know a certain code or whatever it is, you know, they're not getting access. The phone call immediately ends.

SPEAKER_01:

And I'm surprised by the number of people who don't have 2FA enabled on their email account. Yeah. It's like people think, oh yeah, yeah, I I need to enable 2FA for you know, logging into my, you know, logging into X, Y, R Z. But it's like, you understand that if someone gains access to your email, they gain access to they effectively gain access to your bank accounts, your retirement, yeah, all your family members. All your yeah, they can just reset it. Or worse than that, is they can just sit there and listen. Yeah. Because uh there was a uh an interviewed guy once who, while he was traveling, his phone got uh sim swapped. So someone was able to port his phone number over to theirs. They they were now able to get the two-factor authentication SMS messages and they were and they got into the accounts and then after they got in, they port swapped the phone back to him. So he didn't even know that it had happened. Jeez. And so that's like the that is those sort of things are the worst case scenario. Is look, if if I got locked out of my email account, I know to start contacting banks and stuff right away. But what if what if I don't know they're in there? Right. Is it a day? Is it a week? Is it I mean, think of what hackers do, you know, in corporate on the corporate platforms. They may sit there for days, weeks, months, or years before they deploy payload and exfiltrate anything.

SPEAKER_00:

Yeah.

SPEAKER_01:

Well, the same thing could happen with our, you know, someone gets in our email account, they start seeing bank statements, they start seeing payroll, they start seeing, hey, we're going on vacation. Okay, now I can start to plan on when to do stuff. Hey, you're gonna be out of the country in a month. You know, you're not gonna be paying attention to your bank account while you're out of the country. Let me take, let me, let me, you know, transfer everything out while you're on vacation. Right. Imagine trying to do that from the other side of the, you know, trying to unwind that from the other side of the world.

SPEAKER_00:

Yeah. Yeah, I try to uh there's a lot of different things that I that I do very intentionally because a couple several years ago at this point, you know, I I kind of like mapped my central control of everything that I have down to you know a few accounts, right? Where it's like if they gain access to this, I'm basically screwed everywhere, right? If they gain access to this, I'm screwed in this way, like all this sort of stuff, right? And so like, you know, the the password to my my emails, I don't even know the password. Like I don't know what super complex password that is stored in a super secure vault that requires you know several layers of authentication to get into. And if you still get into the vault, get the password, put in the password, there's a two-factor code. If you somehow sim sim swap my phone, that's fine because guess what? It's using the uh the uh Google Authenticator app or Microsoft Authenticator app or whatever it is, right? And those are all encrypted. So even when I change my phone, it is a very arduous task because now I have to log in to 50 different websites and reset my 2FA. So like even if you get the 2FA code, hey, guess what? You have very limited amount of time until I switch it.

SPEAKER_01:

But but I know people who you know that they silo things. It's like, okay, this is the email address and phone number that I use for social media accounts. There's this different phone number and different email. Email address that I use for my financial stuff. I don't ever email friends from that. It's only used for accessing bank accounts. And then here's the one that I use for when I'm talking with friends, and here's the one that I use in doing work stuff. Is it a pain to manage for some people? I I I don't go to that extent, but I understand why people would do that because look, you hacked my social media account and you didn't get into my bank account. You hacked my work, my work contacts, you didn't get into my bank account. And you can, you know, it it's that concept of even when you do it with like computer security, assume that someone is going to get in, and now once they're in, how do I mitigate what they have access to once they've gotten in? If you silo it, then you reduce, reduce the damage that can be done.

SPEAKER_00:

Yeah. Yeah, you know, like I guess I won't say that online, but you know, there there's there's critical accounts that, you know, I intentionally don't know the password to that are extremely complex, you know, 20 plus characters. It's like if you crack it, congrats, you need to white paper it, you know, like you should be telling people how you cracked it. Um that'll be a whole lot more valuable than the hundred dollars you're about to get off of me because I'm broke, right? Like, that's my thought with it. But like I have default passwords that I'll use for random sites, yes, that aren't, you know, linked to like central critical things to my identity or you know, anything like that. It's just like a password that you know I know off the top of my head it's complex enough to make it long enough to, you know, take a while to crack. And if it gets popped, it's like, okay, like there was nothing valuable on there anyways, right? Like I'll change it, but there's the the blast radius is limited.

SPEAKER_01:

Yeah, it it's it's it's mitigating your stuff. Yeah, I think most people probably do that. If I'm installing app because I don't know, I got I got a connected, I don't know, water bottle or something like that. I don't want to try to figure out a super complex password. I don't want to use my password manager and setting that up. I just want to get the water bottle to work. And so, yeah, okay, so yeah, that that account may get that password may be exposed in a data breach. So you get access to my water bottle and you get access to my blender. I don't know what's connected these days. Inconven inconvenient, but not uh a life-shattering event. Bank accounts, you know, two accounts have the same password. Frustrating, yeah. And you know, e-commerce places that I use on a regular basis, you're never gonna have the same password there, you know. Yeah. It's and so I think like that's the same sort of thing with privacy. You've got to make decisions in the moment of, you know, how important is this? You know, you if you want my zip code, uh, that's probably okay. I usually don't give it. I'll I remember ordering going to gosh, maybe it was a calls, actually. And I was buying something. They said, I can I get your zip code. And I was like, no, I don't want to give you my zip code. And they're like, Well, I can't ring up the order unless you provide me a zip code. I'm like, well, that's like not super intrusive, but that's just kind of weird. And I was like, ultimately, it's like, well, what's a zip code here? Like, and he's like, That, oh, you use that one. And like, I know why companies do that because they want to understand how far people willing to drive to shop at this store. Yeah. Should we open up another store halfway between these two because there's lots of people in between? But I don't, I just I'm trying to move to this position of why do you need it? Do you do you really need that information to conduct this transaction? And lots of places, you know, the person at the front, like, I don't know, someone just told me to do it. Yeah. They don't they don't know why they do it. And usually saying, I don't want to give that to you. Yeah, I'd rather not give that to you. They're like, oh, okay. Everywhere you go, like I can't remember the last retail place that I went to where they didn't say, are you a member? Okay, let me get your email address. I'm like, no, I don't want to be a member. Well, but you get a discount. No, that's that's fine. Yeah. You don't want a discount? And I'm like, no, well, I'm I'm perfectly fine now to getting the discount because I don't know what you're doing with my information. I mean, right clearly it's it's valuable enough that you are willing to effectively pay me for it, but you can't clarify what you're gonna do with it. Well, then I don't want to give it to you.

SPEAKER_00:

Yeah, data is like the new the new gold. Yes, you know. I mean, that's how companies make all their money. How do you think Meta makes all their money? You know, like they're selling, they're selling, you know, ad space and they're giving those, you know, advertisers information to your data when you see it and when you click on it. Even if you don't put in your information, they're giving you all of that stuff, you know? It's it's crazy. Yeah. I mean, we we've all seen it.

SPEAKER_01:

Like, you know, hey, switch to, you know, incognito mode is not like gonna save you from everything. Yeah, you know, privacy browsers, they're not gonna save you from everything, but better than it's kind of like Faye using an SMS message. It's better than not using Faye. Is it totally gonna save your life? No, but it's better than nothing. I mean, we we've all been followed around by, you know, I it's funny. I I like to talk about like it from an ad perspective. And uh, and because part of it is like I hate seeing ads for things I'm never gonna buy. You know, I'm not gonna be buying, you know, perfume, whatever. So why ever, you know, I'd much rather see ads for tech and you know, stuff like that. But then again, like, do I really want people shoving like, do I want this product or did I buy it because I saw an ad for it?

SPEAKER_02:

Yeah.

SPEAKER_01:

And so there's this battle between we we live in this real world of I don't want garbage, but I also don't want them to know exactly what I'm doing. I'd love ad platforms to be smart enough to know, hey, I th those shoes that I was looking for, I bought them. So don't show any more ads for shoes. But at the same time, like, I don't want you to even know I was looking to buy shoes. Right, right. Not that that's a security risk, but like all of those things, you know, are either manipulative towards our shopping habits, our buying habits, or they can be used to socially engineer us. I mean, marketing is a form of social engineering, hopefully relatively benign, or is this information going to be used to socially engineer us some point later in life? You go to the sandwich shop, they ask, you know, they got a clipboard out. Hey, on your birthday, we'll give you a free sandwich, put your name, your phone number, and your email address on this piece of paper that's gonna sit on the counter for the next three weeks and everyone else is gonna look at it. You know, is that inherently a risk? Probably not. Probably, but not necessarily. Not sure. The issue is that if you if you have one, probably not an issue, it's not a big deal. If you have 10,000, probably not an issue. There's gonna be an issue in there somewhere.

SPEAKER_00:

Yeah, very true. Well, Chris, you know, we're at the top of our time. I'm I'm trying to be very uh cognizant of everyone's time. I had a podcast earlier this week. It was the very first time I went over by 30 minutes. I like had to ask him mid-podcast, like, hey, can we keep talking? So I I really try to pay attention to it, but I really do appreciate you coming on. It was a great conversation. I appreciate that.

SPEAKER_01:

And what because this is like, you know, the the business people are gonna freak out about this. I will give anyone who wants the book can come to my website and get the book. And guess what? If you don't want to give me your email address or your name, I'll give you the book without the email address in your name. Because I think it's important enough that we that we start thinking about our privacy in our lives, that we start taking those little steps. Is this secret? Is it private? Is it public? Thinking these things through when we make decisions.

SPEAKER_00:

Right. Well, before I let you go, how about you tell my audience, you know, where they could find you if they wanted to connect with you, where they could find your podcast, your book, and any other, you know, sources that you want to send them to.

SPEAKER_01:

Yeah. So if they want to find me, see at gparker.com. A little bit of background, you know, find stuff about the about the website there, about the book, whatever other annoying things that I happen to be doing. If you just want to read about the book, you can go to privacycrisis.com. And if you you know are a tech guy and you you want to see my ugly mug at what is my p address.com, you can go there too.

SPEAKER_00:

Awesome. Well, all the links, including the ugly mug, will be in the description of this episode. I hope everyone watching, you know, listening enjoyed this episode as much as we did.

SPEAKER_01:

Joe, thank you so much for thank you so much for having me on the podcast.

SPEAKER_00:

Yeah, absolutely. Well, thanks everyone. Hope you enjoyed it.

Head Shot

Joe South

Host