Cindy Cohn has been on the front lines, defending your digital rights, for three decades. With the Electronic Frontier Foundation (EFF), she has litigated several seminal legal cases that have directly impacted the lives of all Americans. As she retires from her role as Director of the EFF, she’s written a memoir about her time there and documents several of these legal fights called Privacy’s Defender. Today I’ll ask Cindy about the key parts of these cases, how we interpret our rights in the digital realm, and what we can do to ensure a free and open internet.

Interview Notes

• Cindy Cohn: https://www.eff.org/about/staff/cindy-cohn 
• Privacy’s Defender: https://mitpress.mit.edu/9780262051248/privacys-defender/ 
• Give thanks (donate): https://firewallsdontstopdragons.com/give-thanks-donate/ 
• Clipper Chip: https://en.wikipedia.org/wiki/Clipper_chip 
• Secure Drop: https://securedrop.org/ 
• Geofence warrants case: https://www.eff.org/press/releases/eff-supreme-court-shut-down-unconstitutional-geofence-searches 
• 404 Media’s FOIA Forum: https://www.404media.co/foia-forum-archive/ 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:15: Intro
• 0:01:13: Lingo
• 0:03:52: What if you had lost the Bernstein case?
• 0:09:18: What re-ignited the Crypto Wars?
• 0:13:54: Can we prevent all crime with surveillance?
• 0:16:37: How do our rights apply in the digital world?
• 0:21:29: Should national security trump our rights?
• 0:26:58: Can’t courts handle secret evidence?
• 0:29:20: How does loss of privacy create a power imbalance?
• 0:35:02: How does privacy improve democracy?
• 0:36:54: How to you translate technogy to law?
• 0:40:49: Are we losing online anonymity?
• 0:44:13: How important are whistleblowers?
• 0:47:08: How can we protect privacy from the next crisis?
• 0:54:24: How do we avoid burnout and keep fighting?
• 0:57:47: How do we get a federal privacy law?
• 1:02:37: What’s next for you and the EFF?
• 1:06:48: Wrap-up
• 1:08:37: Donate to rights organizations
• 1:10:27: Patron podcast preview
• 1:11:05: Looking ahead

Probably the oldest online data you have – like, still have out there right now – is your emails. Did you have an AOL account? Or email through your internet service provider (ISP)? Statistically speaking, you probably have a Gmail, Yahoo Mail or Outlook (previously HotMail) account. Unless you explicitly closed those accounts or deleted those emails, they’re still there. Emails are less like letters in an envelope and much more like postcards, unless you made a point of encrypting them. So today we’ll start a multi-step process to download that email history so that we can delete the online data before it’s slurped into some AI model training or leaked in a data breach.

In other news: Met Police win suit to use live facial recognition; Australian teens work around social media ban; big tech is ignoring your do-not-track signals; Meta threatens to leave New Mexico over AG demands; Meta is training AI on their employees; doctors are using AI to take session notes; Mythos suffers ‘unauthorized access’; AI agent deletes companies databases; and AI is empowering script kiddies.

Article Links

1. Challenge over Met Police’s use of live facial recognition lost: https://www.bbc.com/news/articles/cq59x4vv954o
2. Most Australian teens admit the social media ban isn’t working as they try to sidestep age verification blocks with face masks and their parents’ IDs: https://www.yahoo.com/news/articles/most-australian-teens-admit-social-111400429.html
3. Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit: https://www.404media.co/google-microsoft-meta-all-tracking-you-even-when-you-opt-out-according-to-an-independent-audit
4. Meta threatens to pull its apps from New Mexico if forced to make ‘technologically impractical’ changes: https://www.theverge.com/policy/921557/meta-threatens-leaving-new-mexico
5. Meta is tracking employees for AI training data: https://proton.me/business/blog/meta-ai-training-employee-data
6. Why your doctor’s AI recorder can be bad for your health (and privacy): https://this.weekinsecurity.com/why-your-doctors-ai-recorder-can-be-bad-for-your-health-and-privacy
7. Anthropic’s most dangerous AI model just fell into the wrong hands: https://www.theverge.com/ai-artificial-intelligence/916501/anthropic-mythos-unauthorized-users-access-security
8. An AI agent allegedly deleted a startup’s production database: https://mashable.com/article/ai-agent-deletes-data-30-hour-service-outage-pocketos
9. Attack of the killer script kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai
10. Tip of the Week: https://firewallsdontstopdragons.com/withdraw-your-data-email/ 

Further Info

• Enable and verify GPC flag: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/ 
• Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball 
• AI doctor privacy newsletter: https://buttondown.com/maiht3k/archive/why-you-should-refuse-to-let-your-doctor-record/ 
• Attack of the Script Kiddies: https://www.theverge.com/ai-artificial-intelligence/915660/mythos-script-kiddies-hackers-attack-cybersecurity-ai 
• Zero Day Clock: https://zerodayclock.com/ 
• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support our mission! https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:07: Intro
• 0:01:07: News bites
• 0:01:59: News rundown
• 0:04:17: Met Police win face recognition suit
• 0:09:10: Australia social media ban update
• 0:13:16: Google, Meta, Microsoft ignoring GPC
• 0:20:40: New Mexico AG has demands for Meta
• 0:26:28: Meta tracking employees to train AI
• 0:32:36: Doctors using AI to take notes
• 0:39:45: Mythos unauthorized access
• 0:43:39: AI agent deletes company databases
• 0:49:25: Attack of the killer script kiddies
• 1:02:29: Tip of the Week
• 1:11:45: Patron podcast preview
• 1:11:54: Looking ahead

We have relied on prophets and seers for most of human history, largely because humans are obsessed with the future – specifically their own. But prophecy has often been used to determine or at least influence the future, not just predict it. In her new book, Prophecy, Carissa Véliz explains the power and perils of prediction, from the Oracle of Delphi to modern AI, giving us some much-needed perspective on the dangers of chatbots and the people who are selling them to us as powerful tools that will either save or doom all of humanity.

Interview Notes

• Prophecy: https://www.carissaveliz.com/prophecy 
• Privacy is Power: https://www.carissaveliz.com/books 
• The Power of Analogue (TEDx): https://www.youtube.com/watch?v=IvJeUQ9Egnk 
• How Privacy Can Save Your Life (TEDx): https://www.youtube.com/watch?v=xSPRouBvgFE 
• Here’s to the Crazy Ones (Steve Jobs): https://www.youtube.com/watch?v=mtftHaK9tYY 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:18: Intro
• 0:03:07: How is prediction used to determine the future?
• 0:08:09: Why are humans hard to predict?
• 0:12:34: What does AI predict about itself?
• 0:19:24: What are longtermism and effective altruism?
• 0:25:45: How does rationalism compare to empiricism with AI?
• 0:30:41: Why do humans believe numbers?
• 0:34:57: Are prediction markets ethical?
• 0:38:53: What do you tell policymakers?
• 0:41:51: How do we resist fear of the future?
• 0:47:11: Wrap up
• 0:49:45: Patron podcast preview
• 0:50:23: Looking ahead

Artificial Intelligence – in particular, Large Language Models (LLMs) or “chatbots” – are increasing in power at an astonishing pace. In fact, the latest models from Anthropic (Claude Mythos) and OpenAI (ChatGPT 5.4 Cyber) are so good at reading software code and finding vulnerabilities, that their makers have strictly limited initial access to manufacturers of the most popular software so that they have a head start in finding exploitable bugs. But it’s not all doom and gloom. I’ll highlight the promise of this powerful new technology, as well.

Article Links

1. Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.: https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it
2. FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database: https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2
3. Iran built a vast camera network to control dissent. Israel turned it into a targeting tool: https://apnews.com/article/iran-war-security-cameras-surveillance-5f9a1fe5845d94894f3edd50af560d3a
4. Iranian hackers are targeting American critical infrastructure, US agencies warn: https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn
5. LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device: https://thenextweb.com/news/linkedin-browsergate-extension-scanning-privacy-fingerprint
6. The Pixel Trap: Online Marketing Is a Silent PII Harvesting Machine: https://www.secureworld.io/industry-news/pixel-marketing-pii-harvesting
7. Republican Mutiny Sinks Trump’s Push to Extend Warrantless Surveillance: https://www.wired.com/story/republican-mutiny-sinks-trumps-push-to-extend-warrantless-surveillance
8. India drops proposal to mandate national ID app Aadhaar on smartphones after pushback: https://www.reuters.com/world/china/india-drops-proposal-mandate-national-id-app-aadhaar-smartphones-after-pushback-2026-04-17
9. What I learned by vibe-coding my own word processor: https://www.fastcompany.com/91528164/claude-code-vibe-code-word-processor
10. On Anthropic’s Mythos Preview and Project Glasswing: https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html
11. Tip of the Week: https://firewallsdontstopdragons.com/ai-promise-peril/ 

Further Info

• Support the Internet Archive: https://www.savethearchive.com/authors/ or https://www.savethearchive.com/journalists/ 
• Contact your representatives on Section 702 reforms: https://act.eff.org/action/congress-has-until-april-20-to-take-action-on-702-tell-them-not-to-drop-the-ball 
• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support our mission! https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:08: Intro
• 0:00:37: Internet Archive needs your help
• 0:02:00: Router ban update
• 0:02:33: News rundown
• 0:05:46: New EU age app has bugs
• 0:10:46: FBI extracts Signal messages
• 0:16:33: Iran public cameras hacked by Israel
• 0:22:46: Iran hackers target US, Israel
• 0:26:11: LinkedIn scans your devices
• 0:37:06: TikTok Meta pixel madness
• 0:43:25: Section 702 on the ropes
• 0:50:56: India drops ID app mandate
• 0:53:42: Vibe-coding my own word processor
• 1:04:07: Schneier on Mythos, Glasswing
• 1:07:37: Tip of the Week
• 1:21:59: Patron podcast preview
• 1:22:24: Looking ahead

There are all sorts of things that can be used to identify us online and in the real world, beyond our names, addresses, and phone numbers. But data brokers are desperate to tie all of these unique pieces of information together, building a valuable marketing dossier. It’s become a massive industry – being able to map one supposedly anonymous or pseudonymous piece of data to the a person’s full identity. Today we’ll delve deeply into this shady business with Iesha White and Zach Edwards.

Interview Notes

• Victory Medium (Zach): https://victorymedium.com/ 
• Check My Ads (Iesha): https://checkmyads.org/ 
• TLS fingerprinting: https://fingerprint.com/blog/what-is-tls-fingerprinting-transport-layer-security/ 
• Disable Mobile Ad ID (MAID): https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now 
• US v Google: https://www.usvgoogleads.com/ 
• IAB (Interactive Advertising Bureau) Transparency & Consent Framework (TCF): https://iabeurope.eu/iab-europe-transparency-consent-framework-policies/ 
• DROP portal: https://privacy.ca.gov/drop/ 
• Remove online data: https://firewallsdontstopdragons.com/dragon-hacks-opt-out/ 
• Apple’s Hide My Email: https://support.apple.com/en-us/105078 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Recommend news stories: send to news [at] firewallsdontstopdragons.com 
• Send me your questions! https://fdsd.me/qna 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:20: Intro
• 0:02:22: Learning the lingo
• 0:03:34: What identifiers are used to track us online?
• 0:12:00: How else are we being tracked?
• 0:23:20: How are we tracked in the physical world?
• 0:31:54: How do brick and mortar stores track us?
• 0:37:46: What if the data is wrong?
• 0:43:58: What if I’m okay with targetted ads?
• 0:49:14: How does my data overlap your data?
• 0:54:01: Can’t this tracking also be used to stop fraud?
• 0:58:08: Why can’t we just use contextual ads?
• 1:05:22: What can we do about this?
• 1:13:00: What does NOT work to stop tracking?
• 1:14:10: What’s next for you two?
• 1:17:43: Wrap-up
• 1:21:05: Patron podcast preview
• 1:21:56: Looking ahead

The US is planning to ban all foreign-made or foreign-designed home WiFi routers… which is basically all routers. It’s true that many consumer routers are pretty crappy when it comes to security. TP-Link just fixed some bad vulnerabilities (which you need to patch ASAP). But what does this mean for anyone wanting to upgrade to a new router? I’ll try to explain.

In other news: Walmart is buying TV-maker Vizio to gain access to user data and ads; a company is turning public Zoom meetings into AI podcasts for profit (without permission); a health company suffers a data breach exposing millions of clients’ information; H&R Block’s latest business tax prep software commits an egregious security mistake; AI companies are rolling out dangerous automation features; macOS 26.4 appears to block ClickFix-style attacks; and Facebook and Google lose in a landmark legal case.

Article Links

1. Walmart buying TV-brand Vizio for its ad-fueling customer data: https://arstechnica.com/gadgets/2024/02/walmart-buying-tv-brand-vizio-for-its-ad-fueling-customer-data
2. This Company Is Secretly Turning Your Zoom Meetings into AI Podcasts: https://www.404media.co/this-company-is-secretly-turning-your-zoom-calls-into-ai-podcasts
3. This Massive Data Breach Leaked 2.7 Million Social Security Numbers: https://lifehacker.com/tech/navia-data-breach-social-security-numbers
4. These critical exploits just exposed a bigger problem with TP-Link routers: https://www.makeuseof.com/tp-link-critical-exploits-expose-bigger-security-concerns
5. H&R Block’s Tax Prep Blunder: What You Must Know About the 2025 Certificate Vulnerability: https://twit.tv/posts/tech/hr-blocks-tax-prep-blunder-what-you-must-know-about-2025-certificate-vulnerability
6. This New Claude Feature Can Automate Basically Everything on Your Mac, but It’s a Huge Security Risk: https://lifehacker.com/tech/claude-computer-use-impressions
7. The United States router ban, explained: https://www.theverge.com/tech/899906/fcc-router-ban-march-2026-explainer
8. macOS 26.4 warning about potentially malicious Terminal commands: https://appleinsider.com/articles/26/03/26/macos-264-warning-about-potentially-malicious-terminal-commands
9. Meta, Google lose US case over social media harm to kids: https://www.reuters.com/legal/litigation/jury-reaches-verdict-meta-google-trial-social-media-addiction-2026-03-25

Further Info

• Freeze Your Credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/ 
• Security Now on H&R Block fiasco: https://youtu.be/JebKuiHu5mg?si=EuXRT9PeKLl1l3oT&t=701 
• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support our mission! https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:07: Intro
• 0:01:03: News rundown
• 0:03:17: Walmart buys Vizio for ads, data
• 0:08:57: Public Zoom calls secretly turned into podcasts
• 0:17:24: Navia leaks millions of SSNs
• 0:20:28: TP-Link router vulnerabilities
• 0:36:25: H&R Block’s horrific tax software
• 0:45:41: New Claude Mac feature is too dangerous
• 0:48:22: macOS 24 blocks ClickFix?
• 0:50:44: Facebook, Google lose huge lawsuit
• 0:54:22: Patron podcast preview
• 0:54:58: Looking ahead

Nate Bartram and Jonah Aragon have been advocating for privacy for a long time. Their sites, The New Oil and Privacy Guides, have a ton of fabulous resources for anyone interested in guarding their data and defending their digital rights. Ever wonder what it’s like being a privacy advocate in an increasingly privacy-hostile world? Today, I’ll take you behind the scenes of these sites and into the brains of two top-notch privacy warriors.

Interview Notes

• Privacy Guides: https://www.privacyguides.org/ 
• The New Oil: https://thenewoil.org/ 
• Critical Thinking 101: https://ghost.thenewoil.org/critical-thinking-101/
• This Week in Privacy podcast: https://podcasts.apple.com/us/podcast/this-week-in-privacy/id1726826455 
• Privacy Advocate Toolbox: https://www.privacyguides.org/en/activism/ 
• Smartphone privacy guides: https://www.privacyguides.org/videos/2026/02/04/smartphone-security-course-lesson-1-beginners-2/ 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:18: Intro
• 0:02:11: Why did you get into privacy?
• 0:07:44: What’s the most enduring privacy myth?
• 0:14:13: Do you find people dislike the answer “it depends”?
• 0:16:50: How would you describe your target audience?
• 0:22:00: How do you evaluate privacy products?
• 0:27:59: What products have you unrecommended and why?
• 0:34:27: What are major privacy red flags?
• 0:43:09: What product do you use that you do not recommend to others?
• 0:48:05: How will you handle age checks or repeal of Section 230?
• 0:55:09: Who do you look to for privacy advice?
• 1:04:22: What’s next for you guys?
• 1:08:30: Wrap-up
• 1:10:46: Patron podcast preview
• 1:11:24: Looking ahead

When we think about improving security and privacy, we tend to add things: password managers, VPNs, encrypted communication apps. But one of the most effective ways to protect yourself is much simpler: remove what you don’t need. Safety through subtraction. Every app you install exposes you to more data collection and security vulnerabilities. Over time, these apps can automatically update, collecting more data and adding new exploitable features. And with the current global unrest, the risk of attacks is greater than normal. I’ll give you several top tips for reducing your attack surface.

Article Links

1. Check Your Asus Router for Malware ASAP: https://lifehacker.com/tech/check-asus-router-for-malware
2. Instagram drops end-to-end encrypted chats: https://proton.me/blog/instagram-end-to-end-encryption
3. Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users: https://www.404media.co/viral-quittr-porn-addiction-app-exposed-the-masturbation-habits-of-hundreds-of-thousands-of-users/
4. Papers, please: Age verification laws threaten everyone’s online security and privacy: https://this.weekinsecurity.com/papers-please-age-verification-laws-threaten-everyones-online-security-and-privacy/
5. Federal Surveillance Tech Becomes Mandatory in New Cars by 2027: https://www.gadgetreview.com/federal-surveillance-tech-becomes-mandatory-in-new-cars-by-2027
6. Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US: https://techcrunch.com/2026/03/20/cyberattack-on-vehicle-breathalyzer-company-leaves-drivers-stranded-across-the-us/
7. Large-Scale Online Deanonymization with LLMs: https://simonlermen.substack.com/p/large-scale-online-deanonymization
8. EU votes to restrict mass scanning of people’s private messages: https://cyberinsider.com/eu-votes-to-restrict-mass-scanning-of-peoples-private-messages/
9. Mozilla to launch free built-in VPN in upcoming Firefox 149: https://cyberinsider.com/mozilla-to-launch-free-built-in-vpn-in-upcoming-firefox-149/
10. You Should Turn On This New Security Update Feature on Your iPhone and Mac: https://lifehacker.com/tech/apples-security-update-iphone-mac-setting
11. Tip of the Week: https://firewallsdontstopdragons.com/spring-cleaning/ 

Further Info

• Greynoise IP Check: https://check.labs.greynoise.io/ 
• Joint statement on age verification laws: https://csa-scientist-open-letter.org/ageverif-Feb2026 
• CISA Cyber Hygiene Service: https://www.cisa.gov/cyber-hygiene-services 
• CISA Bad Practices: https://www.cisa.gov/stopransomware/bad-practices 
• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support our mission! https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:07: Intro
• 0:01:35: News rundown
• 0:03:41: Update your Asus routers
• 0:08:55: Instragram drops E2EE
• 0:12:57: Porn addiction app exposed user data
• 0:19:54: Dangers of age verification laws
• 0:30:45: Car surveillance mandatory in 2027
• 0:35:46: Cyberattack kills breathalizer-equipped cars
• 0:39:41: LLMs can deanonymize users
• 0:51:11: Chat Control defeated!
• 0:55:22: Firefox free VPN coming
• 0:59:05: New Apple security fix mechanism
• 1:03:14: Tip of the Week
• 1:09:09: More security tips
• 1:13:53: Patron podcast preview
• 1:14:17: Looking ahead

When you shop online or through an app, do you ever wonder if you’re being charged the same as someone else for the same thing? Even controlling for things like shipping address and local taxes, it turns out that today it’s not uncommon for pricing to dynamically change based on factors that may not seem fair. This is called surveillance pricing. Justin Brookman (Consumer Reports) and Eric Gardner (More Perfect Union) recently performed a study on this practice using Instacart, and the results were eye-opening.

Interview Notes

• Surveillance pricing study: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 
• Study video (Instagram): https://www.instagram.com/reels/DSC1w_Hjng6/ 
• Study video (YouTube): https://www.youtube.com/watch?v=osxr7xSxsGo 
• Consumer Reports: https://www.consumerreports.org/ 
• More Perfect Union: https://perfectunion.us/ 
• Get involved: https://action.consumerreports.org/ 
• Instacart’s AI-Enabled Pricing Experiments May Be Inflating Your Grocery Bill: https://www.consumerreports.org/money/questionable-business-practices/instacart-ai-pricing-experiment-inflating-grocery-bills-a1142182490/ 
• Pepsi/Walmart exposé: https://ilsr.org/article/independent-business/more-perfect-union-pepsi-walmart/ 
• Amazon price tracker: https://camelcamelcamel.com/ 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:13: Intro
• 0:02:44: What’s your background?
• 0:04:26: What triggered this study?
• 0:06:08: How did you test this theory?
• 0:09:25: How prevalent is this practice?
• 0:11:27: What is a “customer surplus”?
• 0:13:44: Did the pandemic exacerbate this?
• 0:15:08: Is this practice legal?
• 0:21:42: How do ESL’s work?
• 0:25:52: Are all the add-on fees legit?
• 0:28:01: Are the stores participating in this, too?
• 0:32:01: What do they learn from loyalty programs?
• 0:37:38: Are digital coupons dynamic, too?
• 0:41:07: Does this amount to price fixing?
• 0:44:21: What’s been the reaction to your report?
• 0:49:00: What will you study next?
• 0:53:04: What can we do about this?
• 0:58:39: How can we support your work?
• 1:00:39: Wrap-up
• 1:03:27: Patron podcast preview

Bad guys have found a willing accomplice for installing malware: YOU. This very effective malware delivery mechanism, dubbed ClickFix, accounted for over half of all infections last year. I’ll tell you how to avoid it, but also explain why you shouldn’t have to.

In other news: Amazon’s change to wishlists may expose your address; a new government-grade iOS exploit kit is spreading to criminals; Israel hacked traffic cams to kill Iran’s leaders; Meta’s AI glasses are a privacy nightmare; new AirSnitch WiFi exploit is clever, but not a threat for most people; Microsoft Office bug allowed AI to read confidential emails; Discord walks back it’s plans for age verification; US Senators reintroduce surveillance transparency bill; CA privacy activists call for removing license plate readers; Ente releases new Locker app; Privacy Guides releases wonderful new privacy resource.

Article Links

1. Amazon Change Means Wishlists Might Expose Your Address https://www.404media.co/amazon-wishlist-address-private-third-party/
2. Google and iVerify reveal government-grade iPhone exploit kit spreading to hackers https://9to5mac.com/2026/03/03/google-and-iverify-reveal-government-grade-iphone-exploit-kit-spreading-to-hackers/
3. Israel hacked Tehran’s traffic cameras, used AI to plan Khamenei’s assassination https://www.yahoo.com/news/articles/israel-hacked-tehrans-traffic-cameras-063114828.html
4. What Privacy? As Expected Meta Ray Bans Are A Privacy Disaster https://appleinsider.com/articles/26/03/03/what-privacy-as-expected-meta-ray-bans-are-a-privacy-disaster
5. New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises https://arstechnica.com/security/2026/02/new-airsnitch-attack-breaks-wi-fi-encryption-in-homes-offices-and-enterprises/
6. Microsoft says Office bug exposed customers’ confidential emails to Copilot AI https://techcrunch.com/2026/02/18/microsoft-says-office-bug-exposed-customers-confidential-emails-to-copilot-ai/
7. Discord just canceled its planned age verification rollout, for now https://9to5mac.com/2026/02/24/discord-just-canceled-its-planned-age-verification-rollout-for-now/
8. Senators Reintroduce Bill to Create Transparency for Court-Ordered Surveillance https://www.wyden.senate.gov/news/press-releases/wyden-daines-booker-and-lee-reintroduce-bill-to-create-transparency-for-court-ordered-surveillance
9. Privacy activists call on California to remove covert license plate readers https://apnews.com/article/license-plate-readers-surveillance-ice-dhs-db848b1498c55f3c1b3ee1a107dacd10
10. Ente Locker – Safe space for your most important documents https://ente.io/locker/
11. Guides and Tools for Privacy Activists https://www.privacyguides.org/en/activism/
12. Tip of the Week: https://firewallsdontstopdragons.com/fixing-clickfix/ 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support our mission! https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:08: Intro
• 0:01:54: News rundown
• 0:03:36: Amazon wishlist change exposes your address
• 0:08:44: New iOS exploit kit leaks
• 0:14:21: Israel hacked traffic cams to kill Khamenei
• 0:17:19: Meta’s AI glasses privacy nightmware
• 0:22:32: AirSnitch WiFi attack
• 0:26:31: Microsoft AI bug exposes private emails
• 0:29:35: Discord backtracks on age verification
• 0:34:38: Senators reintroduce surveillance transparency bill
• 0:39:15: Call to remove hidden surveillance cameras
• 0:44:44: Ente Locker
• 0:47:51: Privacy Activist Toolbox
• 0:51:53: Tip of the Week
• 1:00:36: Patron podcast preview
• 1:02:15: Looking ahead

Cellular providers need to know your location in order to deliver calls and text message to your phone. But it turns out that they really don’t need to know who you are to give you that service. They only need to know how to bill you – and that information can be at little as knowing your ZIP+4 code. Why do we give so much personal information to our mobile service providers when we don’t have to? Today, Nick Merrill, founder of Phreeli, will explain how he can give you top notch cell service and know almost nothing about you.

Interview Notes

• Phreeli: https://www.phreeli.com/ 
• Double Blind Armadillo: https://www.phreeli.com/files/PhreeliDoubleBlindArmadilloWhitePaper.pdf 
• Wired article: https://www.wired.com/story/new-anonymous-phone-carrier-sign-up-with-nothing-but-a-zip-code/ 
• Call Detail Record: https://en.wikipedia.org/wiki/Call_detail_record 
• 2600 Magazine: https://www.2600.com/ 
• Zero-Knowledge Proofs: https://firewallsdontstopdragons.com/how-zero-knowledge-proofs-work/ 

Further Info

• My book: https://fdsd.me/book 
• My newsletter: https://fdsd.me/newsletter 
• Support the mission: https://fdsd.me/support 
• Give the gift of privacy and security: https://fdsd.me/coupons 
• Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch 

Table of Contents

• 0:00:12: Intro
• 0:02:25: Zero Knowledge Proofs!
• 0:03:35: Lingo
• 0:07:29: How did you come to found Phreeli?
• 0:15:08: Who is your target audience?
• 0:19:18: How can you get by with just ZIP+4?
• 0:24:10: Is Phreeli more private, say, Mint?
• 0:28:33: How do I recover my Phreeli acccount?
• 0:30:22: What identifiers are tied to cell phones?
• 0:37:12: Can Phreeli work law requires KYC?
• 0:41:09: How do you separate billing from service?
• 0:47:23: How can a cellular provider hide a user’s location?
• 0:51:44: Do telecom networks have inherent privacy problems?
• 0:55:30: How do you handle lawful intercept?
• 0:59:13: How do you convince the skeptics?
• 1:02:19: What’s the current feature roadmap?
• 1:04:19: Wrap-up
• 1:08:59: Patron podcast preview
• 1:10:35: Looking ahead