The Lockdown - Practical Privacy & Security

In this episode, I discuss breaking free from the Apple ecosystem, the dangers of social media oversharing, and introduce our new Matrix community. I also cover the upcoming capture the flag challenge, share thoughts on the OSINT Defense & Security Framework progress, and rant about security theater at airports and online services that block VPNs.In this week's episode:Apple's $95 million lawsuit and the ecosystem lock-in problemWhy people overshare on social media and how OSINT can exploit itIntroduction to the Matrix communityCapture the Flag challenge launching June 21st!Progress update on the OSINT Defense & Security Framework (ODSF)Security theater: VPN blocking and other pointless security measuresAlternative YouTube clients for privacy (GrayJay and NewPipe)Show Links:Matrix Community - https://matrix.to/#/#psysecure:matrix.orgCTF Challenge - https://psysecure.com/ctfGrayJay (by Futo) - https://grayjay.appNewPipe - https://newpipe.netWiFi Pineapple - https://shop.hak5.org/products/wifi-pineappleSystem76 Laptops - https://system76.com/laptopsLittle Snitch (macOS Firewall) - https://www.obdev.at/products/littlesnitch/“I hope for nothing. I fear nothing. I am free.”- Nikos KazantzakisOfficial Website: https://psysecure.com Podcast music: The R3cluse

In this brief episode between travels, I announce the “Ghost in the Source” capture the flag challenge, a cryptographic hunt on my website starting June 21st, 2025. At the end of June I will pick 3 lucky winners which will receive a 6-month TryHackMe subscription voucher. I also provide an update on our new Matrix community.In this week's episode:Announcing the “Ghost in the Source” CTF challengeChallenge details and rulesPrize information: 3 x 6-month TryHackMe vouchers!Matrix community update for listener interactionFuture plans for OSINT CTF challengesShow Links:CTF Challenge Page - https://psysecure.com/ctf/“When I float weightless back to the surface, I'm imagining I'm becoming someone else.”- Motoko KusanagiOfficial Website: https://psysecure.com Podcast music: The R3cluse

In this episode, I explore the privacy implications of using AI apps like ChatGPT and Claude on mobile devices. I discuss why ChatGPT's requirement for Google Play Store login and audio recording storage led me to Claude on my GrapheneOS device. I also cover my daily app setup, Windows telemetry blocking with SimpleWall, macOS privacy with Little Snitch, and the potential of System76 Linux laptops.In this week's episode:Privacy comparison between ChatGPT and Claude AI appsChatGPT's audio recording storage and data export concernsGrapheneOS setup without Google Play Store loginUsing FUTO Keyboard and FUTO Voice for local transcriptionEssential privacy tools: SimpleWall for Windows and Little Snitch for macOSWindows Subsystem for Linux (WSL) for developersSystem76 Linux laptops as a privacy-focused alternativeShow Links:Anthropic Claude.ai Encryption - https://privacy.anthropic.com/en/articles/10458704...Duck.ai - https://duck.aiFuto Keyboard & Voice - https://futo.org/Aurora Store - https://auroraoss.com/aurora-storeSimpleWall (Windows Firewall) - https://github.com/henrypp/simplewallLittle Snitch (macOS) - https://www.obdev.at/products/littlesnitch/GeoSpy (OSINT Tool) - https://geospy.netSystem76 Linux Laptops - https://system76.com/Mental Outlaw YouTube Channel - https://www.youtube.com/@MentalOutlawDaVinci Resolve - https://www.blackmagicdesign.com/products/davinciresolveOSINT Defense & Security Framework - https://psysecure.com/services/odsf/“██████REDACTED███”- █████████Official Website: https://psysecure.com Podcast music: The R3cluse

In this episode, I discuss what has been keeping me away from the mic, the Open Source Intelligence Defense and Security Framework (ODSF), and share updates on privacy topics including browser security, autonomous taxis, airport security cameras, and managing cryptocurrency. I also address listener questions about anonymous SIM cards and creating separate online identities.Official Website: https://psysecure.comIn this week's episode:Introducing the Open Source Intelligence Defense and Security Framework (ODSF)Browser privacy comparisons (Firefox, LibreWolf, Brave, Mulvad)Experiences with Waymo autonomous taxis and privacy considerationsTSA security cameras and opting out of facial recognitionListener questions about anonymous SIMs in Australia and creating sock puppet accountsUsing cryptocurrencyShow Links:BIP39 Generator - https://github.com/iancoleman/bip39Phoenix Wallet - https://phoenix.acinq.coZeus Wallet - https://zeusln.comLibreWolf Browser - https://librewolf.net/OSS Document Scanner (GrapheneOS) - https://github.com/Akylas/OSS-DocumentScannerMullvad Browser (randomDataOnCanvasExtract) - https://github.com/mullvad/mullvad-browser/issues/358Mullvad Browser (Letterboxing) - https://github.com/mullvad/mullvad-browser/issues/152“Minimize what can be known.”- MePodcast music: The R3cluseOfficial Website: https://psysecure.com Podcast music: The R3cluse

In this episode, we dive into Apple's latest privacy retreat with the removal of Advanced Data Protection (ADP) for iCloud in the UK. We break down why Apple made this move, how ADP works, and what it means for users who care about encryption and data security. If you're in the UK and using Apple's ecosystem, this episode is a must-listen as I cover strategies to keep your data secure despite Apple's decision.In this week's episode:The UK's Investigatory Powers ActA technical breakdown of how iCloud ADP was supposed to protect user data.Alternatives to iCloud, including Nextcloud, GrapheneOS, and secure backups.Threat Modeling & The Privacy SpectrumListener Questions, addressing concerns about online privacy, social media exposure, and what to do when friends dismiss security risks.Show Links:Apple pulls data protection tool (BBC News) - https://www.bbc.com/news/articles/cgj54eq4vejoApple Intelligence - https://www.macrumors.com/2025/02/11/apple-intelligence-re-enabled-in-latest-updates/pfSense Guide - https://psysecure.com/complete-setup-guide-to-pfSenseNextcloud Guide - https://psysecure.com/self-hosting-nextlcoudMöbius Sync - https://mobiussync.com/Obsidian - https://obsidian.md/“The right to privacy is not merely a right to secrecy. It is a right to control information about oneself.”- AnonymousPodcast music: The R3cluse

In this week's episode, we take a deep dive into Session, a private messaging app, with its co-founder Kee Jefferys. We discuss the philosophy behind Session, its technical architecture, and the broader implications of privacy in a world increasingly hostile to anonymous communication. Kee shares insights on the importance of decentralized networks, the risks of phone number-based messaging, and the role of cryptocurrency in supporting private infrastructure.We also touch on operational security (OPSEC), the real-world challenges of getting people to adopt privacy tools, and how Session is working to improve usability while maintaining strong privacy protections.In this week's episode:Session Private Messenger – Kee Jefferys explains the origins of Session, its core principles, and how it differs from mainstream messaging apps.The Future of Privacy – Discussion on surveillance, government censorship, and the increasing crackdown on privacy tools.Decentralized Messaging – How Session uses a global network of nodes to provide anonymous and resilient communication.Session Pro & Sustainability – Monetization strategies for Session and how the network sustains itself without compromising user privacy.Avoiding the Privacy Valley of Despair – How privacy-conscious users can avoid burnout and find a practical balance.Censorship & Government Interference – Addressing Russia's blocking of Session nodes and strategies to bypass censorship.Show Links:Download Session - https://getsession.orgSession Lite Paper - https://getsession.org/litepaperSupport the Show on Patreon - https://patreon.com/TheLockdownFollow Kee on X - https://x.com/JefferysKeeUntil they become conscious they will never rebel, and until after they have rebelled they cannot become conscious.- George Orwell, 1984Podcast music: The R3cluse

In this week's episode we dive deep into both the psychological and privacy implications of social media apps. I reflect on my observations during recent travels, and explore how social media platforms are distorting human connections while simultaneously collecting vast amounts of personal data.The episode also tackles the technical aspects of email systems to the limitations of encrypted messaging apps, providing practical advice for maintaining privacy.In this week's episode:Listener Questions - Deep dive into pfSense vs OPNsense, mobile VPN usage, and dealing with license plate readersSocial Media Privacy - Analysis of social media's psychological impact and privacy issues with data collection practicesProper Account Deletion - Step-by-step guide for securely deleting social media accountsSock Puppet Accounts - Maintaining anonymous online identitiesEmail Privacy - Historical perspective and current state of email securityWhatsApp Security - A discussion on encryption and device securityShow Links:Support the Show on Patreon - https://patreon.com/TheLockdownGrapheneOS - https://grapheneos.orgThe Neuroscience of Engagement - https://medium.com/design-bootcamp/the-neuroscience-of-engagement-b50531a9313b"The right information at the right time is deadlier than any weapon."- Dolores Abernathy (Westworld)

This week on The Lockdown, The Practical Privacy & Security Podcast, we're kicking off the new year with reflections, updates, and a deep dive into key privacy issues that are shaping 2025. From privacy settings on iOS and GrapheneOS, to AI assistants and their potential privacy pitfalls, this episode covers practical advice, insights, and solutions for everyday users. Additionally, I explore new state-level privacy laws across the U.S. and what they mean for both businesses and individuals.In this week's episode:Reflecting on personal privacy practices and professional projects.A look at U.S. state privacy regulations taking effect in 2025.Privacy and security implications of voice assistants like Siri, Alexa, and Google Assistant.Detailed privacy settings for iOS and why GrapheneOS is the better alternative.AI assistants like ChatGPT and Claude, and their risks.Privacy concerns with vehicles, focusing on data leaks and constant surveillance.The intersection of cybersecurity and OSINT in modern attacks.Show Links:Apple offers $95 million in Siri privacy violation settlementAmazon to pay $31 million in privacy violation penalties for Alexa voice assistant and Ring cameraNulide / FindMyDevice · GitLabBritish journalist could face years in prison for refusing to hand over his passwords to the police - Il Fatto QuotidianoVolkswagen EV data leak exposes personal information of 3.3 million peopleTesla data helped police after Las Vegas truck explosion, but experts have wider privacy concernsSupport this show: https://www.patreon.com/c/TheLockdownOfficial website: https://psysecure.com/podcast/"If you want to keep a secret, you must also hide it from yourself."-George OrwellPodcast music: The R3cluse 

In this episode I speak with Luke Mulks, who is the VP of Business Operations at Brave Software. We discuss the privacy concerns over traditional web-based ads, and why Brave is offering a privacy-first alternative. Show Links:Brave Software:  https://brave.com/podcast/ The Brave Technologist Podcast: https://brave.com/podcast/"Well who's gonna monitor the monitors of the monitors?" - Carla Dean (Enemy of the State)Podcast music: Recluse by Ray Heffer  

In this episode, we go back to the basics as I discuss what I would do today if I were starting from scratch. It begins with deleting social media accounts, especially Facebook. Additionally, we have an update from Optery in response to listener feedback.We discuss tools like LibreWolf, Brave, and GrapheneOS, and compare privacy approaches for mobile devices, including Pixel and iPhone. A segment is dedicated to starting a privacy-first journey, from deleting social media accounts to adopting secure communication and password management practices. The episode also touches on how AI, including large language models (LLMs), is reshaping privacy concerns by building highly accurate profiles of users.In this week's episode:Don't overthink privacy, especially web browsers with Brave, Firefox, and LibreWolfBack to the basics starting with deleting social mediaPixel vs iPhone (GrapheneOS)Show Links:Self-hosting Nextcloud: https://psysecure.com/self-hosting-nextlcoudLibreWolf: https://librewolf.net/GrapheneOS: https://grapheneos.org/Meta fined $1.3b: https://www.nytimes.com/2023/05/22/business/meta-facebook-eu-privacy-fine.htmlSurveillance Watch: https://www.surveillancewatch.io/"The world outside, the world that you know, it's gone. It doesn't exist." – Christof Podcast music: Recluse by Ray Heffer  

In this episode, recorded on October 10, 2024, I dive into privacy and security during natural disasters, highlighting essential tools like iOS 18's satellite messaging and Starlink for maintaining communication when traditional systems fail. Next I dive into self-hosting in depth, particularly focusing on Nextcloud for privacy-conscious file sync. The episode concludes with a detailed analysis of a critical vulnerability in Firefox and the merits of switching to LibreWolf for enhanced privacy and security.In this week's episode:Privacy During Natural Disasters. Using of iOS 18's satellite communication features for emergency contact, Starlink for off-grid internet access, and the importance of internet and Sudo phone numbers for safety without compromising privacy.Bug out bags for emergency preparedness, the utility of Starlink and satellite phones for privacy in disaster zones.Overview of the blog post on hosting Nextcloud, importance of cloud backups using Backblaze B2 and Restic, encrypting backups and maintaining data privacy within home networks.Other Privacy Tools and Practices, including Blue Iris for managing surveillance cameras without internet access, use of Proxmox for virtual machines and running DNS servers with PiHole.Analysis of the Firefox vulnerability (CVE 2024-9680), discussion on the benefits of LibreWolf as a more private alternative to Firefox.Show Links:Self-hosting Nextcloud - https://www.psysecure.com/self-hosting-nextlcoudStarlink - https://www.starlink.com/Backblaze B2 - https://www.backblaze.com/cloud-storageRestic FAQ - https://restic.readthedocs.io/en/latest/faq.htmlNextcloud End-to-End Encryption - https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.htmlFirefox Users Fingerprinted via Cached Intermediate HTTPS Certificates - https://www.bleepingcomputer.com/news/security/firefox-users-fingerprinted-via-cached-intermediate-https-certificates/Certificate issue causing add-ons to be disabled or fail to install - https://discourse.mozilla.org/t/fixed-certificate-issue-causing-add-ons-to-be-disabled-or-fail-to-install/39047Firefox CVE 2024-9680 - https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/LibreWolf - https://librewolf.net/All warfare is based on deception.- Sun TzuPodcast music: Recluse by Ray Heffer 

In this episode, we have a special guest, Tyler Murphy, co-founder of EasyOptOuts, a data removal service focused on helping people remove their personal information from publicly accessible people search sites. Tyler discusses the inspiration behind EasyOptOuts, the challenges of maintaining privacy in a world of constant data breaches, and offers insights into data removal from various brokers. This conversation is packed with advice for anyone looking to regain control over their online privacy.In this week's episode:Tyler shares how EasyOptOuts was founded, the challenges faced, and their mission to make data removal accessible.Discussion on the widespread availability of personal data on people search sites and the complexities of removing it.Insights into how EasyOptOuts automates data removal, and comparisons with manual removal processes.The challenges posed by bot detection, CAPTCHAs, and deceptive removal processes that often require membership or payment.The potential implications of data breaches, evolving bot detection, and the future of digital identity verification.Tyler shares his own privacy techniques, including the use of VPNs, alias names, and minimizing data exposure online.EasyOptOuts approach to scaling their service, future plans for business and family tiers, and their commitment to remaining a two-person operation.Show Links:EasyOptOuts - https://www.easyoptouts.com/Imagine, then, this situation where we have the huge electronic intercommunication so that everybody is in touch with everybody else in such a way that it reveals their inmost thoughts, and there is no longer any individuality. No privacy. Everything you are, everything you think is revealed to everyone. - Alan Watts

In today's show, I discuss the National Public Data (NPD) breach, which contains 2.7 billion records, including the social security numbers of US residents. I cover how to check if your SSN is part of the breach and emphasize the importance of setting up a credit freeze for yourself and your kids. I also explore some useful tools for searching large datasets and share my thoughts on a Reddit post.In this week's episode:On the brink of giving up!Using OnlyOffice as a Google Docs alternativeNational Public Data (NPD) breachRipgrep (rg) and Silver Searcher (ag) tools for searching massive datasetsCredit freezesBest efforts for Windows 11 privacyElevenTray, a useful utility to always show Windows 11 tray iconsShow Links:Simplewall - https://github.com/henrypp/simplewallElevenTray - https://github.com/locksec/eleventrayOnlyOffice - https://www.onlyoffice.com/LibreOffice - https://www.libreoffice.org/Credit Freeze Guide - https://inteltechniques.com/freeze.htmlCredit Freeze for Kids:Equifax - https://www.equifax.com/personal/education/identity-theft/articles/-/learn/freezing-your-childs-credit-report-faq/(800)685-1111Equifax Security Freeze, PO Box 105788, Atlanta, Georgia 30348Experian - https://www.experian.com/help/minor-request.html(888)397-3742Experian Security Freeze. PO Box 9554, Allen, TX 75013TransUnion - https://www.transunion.com/credit-freeze/credit-freeze-faq#freeze-other-minor-0(888)909-8872TransUnion, P.O. Box 380, Woodlyn, PA 19094https://www.transunion.com/credit-disputes/child-identity-theft-inquiry-form> I know why you're here, Neo. I know what you've been doing... why you hardly sleep, why you live alone, and why night after night, you sit by your computer. - Trinity (The Matrix)Podcast music: Recluse by Ray Heffer 

This week I respond to a few listener questions, primarily around the use of social media as a privacy enthusiast. Love it or hate it, you can guess which camp I'm in, social media like LinkedIn has almost become a requirement for job searches, employers, and connecting with other professionals. I also touch on OPSEC for OSINT, a new talk track I am planning to present in the future. It's important for all of us to maintain better Operational Security (OPSEC). Finally, I share my latest blog post: Venturing into AI Security with Locally Hosted LLMs, and why locally hosted AI is essential for privacy.In this week's episode:Redacting  ███ in your social media profilesMinimizing the use of profile photosAlways assume private profiles are NEVER privateAddiction to social media and down regulation of the dopamine receptorsMore on custom domainsOperational Security for OSINT professionalsLocally hosted LLMs for private AIData (PII) leakage with ChatGPTShow Links:ChatGPT Privacy Issue - https://www.nytimes.com/interactive/2023/12/22/technology/openai-chatgpt-privacy-exploit.htmlBrain anatomy alterations associated with Social Networking addiction - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5362930/AI Security with Locally Hosted LLMs - https://lockdown.media/ai-security-with-llmsExpired Domains - https://www.expireddomains.net/SimpleLogin - https://simplelogin.io/Because you made a phone call.- Brill (Enemy of the State)

In this week's show, I take a deeper dive into Apple's iCloud Private Relay, discussing who should and who shouldn't use it. I then discuss my latest article, “The Complete Setup Guide to pfSense for Privacy and Security,” and the benefits of an always-on VPN. Lastly, for those who are parents, I offer a discussion on privacy for kids and some non-invasive techniques for protecting them online. In this week's episode:IntroiCloud Private RelayComplete Guide to pfSensePrivacy for KidsListener questionsShow Links:The Complete Setup Guide to pfSense for Privacy and Security: https://lockdown.media/complete-setup-guide-to-pfsense NextDNS: https://nextdns.io/ Cron package for pfSense: https://docs.netgate.com/pfsense/en/latest/packages/list.html Private Relay Outage: https://www.tomsguide.com/phones/iphones/having-browsing-trouble-on-apple-devices-youre-not-alone-apples-private-relay-system-is-having-problems iCloud Private Relay Overview: https://www.apple.com/privacy/docs/iCloud_Private_Relay_Overview_Dec2021.PDF“You never had a camera in my head.”- Truman BurbankPodcast music: Recluse by Ray Heffer

This week we go back to the basics of privacy and security for the average Joe or Jane, and discuss the latest iPhone settings for privacy. I also discuss the Twilio Authy API abuse that resulted in 33 million phone numbers for Authy accounts being exposed. Huge thank you to the Patreon supporters!In this week's episode:Back to the basicsAdvice for the 'average Joe' The Twilio Authy API breach iPhone privacy settings Listener question on doorbell camerasShow Links:1Password Security Audits: https://support.1password.com/security-assessments/Bitwarden Security Audits: https://bitwarden.com/help/is-bitwarden-audited/Twilio Breach: https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/MySudo: https://mysudo.com/ProtonMail: https://protonmail.com/StrongBox: https://strongboxsafe.com/KeepassDX: https://www.keepassdx.com/Amcrest Cameras: https://www.amazon.com/gp/product/B07ZJS3L5Y"I don't want to live in a world where there's no privacy, and therefore no room for intellectual exploration and creativity."- Edward SnowdenPodcast music: Recluse by Ray Heffer

After escaping to the mountains and living like a recluse for the past few months, I am back. In this week's show, I discuss my latest experiences in purchasing a home and titling in a living trust, along with the potential obstacles with title deeds and mortgage lenders, and avoiding data breaches with utility companies. I also revisit GrapheneOS after using it daily for the past year, and answer listener questions.In this week's episode:Living in the mountainsBuying a house with a living trustPotential pitfalls with title deeds and mortgage lendersBalancing privacy and securityThe 'All or Nothing' approachWhy I still use Obsidian over Standard NotesRevisiting GrapheneOS and the Play Integrity APIBaby ReindeerListeners Questions"Privacy is rarely lost in one fell swoop. It is usually eroded over time, bit by bit."- Daniel J. Solove

In this week's show, I discuss CLEAR's intrusive privacy policy and highlight alternatives to Authy using KeePass, with a privacy friendly solution for scanning QR codes. I also address the common mistakes people make when backing up their MFA codes. Additionally, I share some of the highlights from attending the SANS OSINT Summit in Washington, D.C., and explore various uses for custom domain names. Finally, I touch on the Starbucks app and the benefits of using Tello for pre-paid SIM cards.Follow on Twitter (X): @privacypodSupport the show: https://www.patreon.com/TheLockdownThis episode was recorded on March 14, 2024In this week's episode:CLEAR Privacy and Selling SoulsAuthy discontinues the desktop app from March 19th, 2024Alternative MFA solutions using KeepassXC and KeepassDXStoring backup MFA codes in a Veracrypt containerMake sure you keep scanned copies of your credit cards and ID!Update on the SANS OSINT SummitAlternative to Mint Mobile with TelloUsing the Starbucks app privatelyCustom domain namesShow Links:CLEAR Security Breach: https://www.youtube.com/watch?v=i0I0BTtnMC4OSINT Combine Free Tools:  osintcombine.com/freetoolsWhatsmyname: https://whatsmyname.app/Tello:  https://tello.com/QR Scanner (PFA) by Secuso Research Group: https://secuso.aifb.kit.edu/english/QR_Scanner.phpSkull Games: https://skullgames.io/Trace Labs: https://www.tracelabs.org/Expired Domains: https://www.expireddomains.net/deleted-domains/"The right to be left alone is indeed the beginning of all freedom."- Supreme Court Justice William O. Douglas

In today's show, I have a conversation with Lawrence Gentellio, the CEO and Founder of Optery, a personal data removal service. Lawrence shares his own experiences with identity theft and what motivated him to start Optery. We also discuss the future of privacy in the United States, Utah's new privacy law, the Utah Consumer Privacy Act (UCPA), and the bare minimum you should be doing to protect and secure your private data.Follow on Twitter (X): @privacypodSupport the show: https://www.patreon.com/TheLockdownThis episode was recorded on March 6, 2024Follow Ray on Twitter @privacypodIn this week's episode:Lawrence's experience with identity theft highlights the importance of a credit freezeThe need for disinformationA reminder on hunting appsThe future of data privacy and the need for services like OpteryData privacy in the UK and the existence of search sites like 192.comUpdate on next weeks showShow Links:Optery website: https://www.optery.com/PC Magazine Editors Choice Award for Optery: https://www.pcmag.com/reviews/opteryPC Magazine's list of the best personal data removal services: https://www.pcmag.com/picks/the-best-personal-data-removal-servicesUtah Consumer Privacy Act (UCPA): https://attorneygeneral.utah.gov/utah-consumer-protection-act-a-new-law-to-protect-online-privacy/"If privacy is outlawed, only outlaws will have privacy."- Philip R. Zimmermann, creator of PGP encryption

In this weeks show I discuss some of the concerns of using TOR over a VPN, and take another look at data removal from people search sites, including a look at Mozilla Monitor, a new service for data removal from the makers of Firefox. I'll also discuss the importance of freezing your credit and putting the title of your home into a revocable living trust, prior to removing your records from people search sites.This episode was recorded on February 16, 2024Follow Ray on Twitter @privacypodIn this week's episode:I'm still on the road!Anonymity with TOR and VPNGet that Credit Freeze and Revocable Living TrustData Removals from people search sitesMozilla Monitor, a new data removal serviceQuick update on the Complete pfSense Setup GuideShow Links:Mozilla Monitor: https://monitor.mozilla.orgTor Browser: https://www.torproject.org/downloadDeepCorr: https://dl.acm.org/doi/pdf/10.1145/3243734.3243824Foundations of Digital Privacy, Part One: https://lockdown.media/the-foundations-of-digital-privacy“If you want to keep a secret, you must also hide it from yourself.”-George Orwell

In this Friday Field Notes episode of The Lockdown, I share my experience with imposter syndrome, and compare practical privacy approaches with extreme measures, inspired by my move to the USA.This episode was recorded on January 31st, 2024Become a Patreon member to support the show: https://patreon.com/TheLockdown/Follow TheLockdown on Twitter @privacypodIn this week's episode:Using alias names with food appsMore on practical privacy vs the extremeMy motivations for privacy after my move to the USASimplewall for Windows 10Using Virtual MachinesDual boot Windows for gaming vs productivityMicro-segmentation strategiesWindows 10 LTSC for privacy? I'm the Imposter! Show Links: qView Image Viewer: https://interversehq.com/qviewGPG4Win: https://www.gpg4win.org/download.htmlWindows 10 LTSC: https://www.cdw.com/search/?key=Windows%20LTSCSimplewall: https://github.com/henrypp/simplewall"Be yourself; everyone else is already taken."-Oscar WildeMusic: The Lockdown 

This week, I introduce Defensive OSINT, address privacy concerns while on the road, and examine the intricacies of alias usage and AI-based face morphing for photo alteration. Sharing insights from my recent travels, I highlight the need for vigilance and innovative strategies for maintaining privacy on the go. The episode explores the pros and cons of using alias names for hotel bookings, including the challenges of identity verification during check-in, while I discuss smart, alternative solutions for these scenarios. Join me as we navigate the complexities of preserving privacy in an era rife with survlleiance and data breaches, providing practical tips and advice for privacy-conscious travelers and digital citizens.Become a Patreon member to support the show: https://patreon.com/TheLockdown/Follow TheLockdown on Twitter @privacypodIn This Week's Show:Privacy on the road with hotels, VRBO rentals, and UberWhy we do this, and the reasons behind our privacy lifestyleA look at Defensive OSINT strategiesFace morphing our real photos for privacyLocation tracking on your phoneMySudo and pre-paid burner numbersA surprise guest?Show Links:Black Portable Hotel Door Lock: https://www.amazon.com/Portable-Security-Additional-Traveling-Apartment/dp/B0CFVS6NRNPython Script for ThisPersonDoesNotExist: https://github.com/locksec/tpdne_pyFacemorph.me: https://facemorph.meUpscayl: https://www.upscayl.orgFile Optimizer: https://nikkhokkho.sourceforge.io/static.php?page=FileOptimizerIntro voice-over: IRLRosie - Creative Commons Attribution license (reuse allowed)Music: The Lockdown “Give me six lines written by the most honest man, and I will find something in them to hang him.” - Cardinal Richelieu

In this week's episode, it's time to wrap up 2023 with another look at Privacy.com, and my strategies for avoiding bank account lockout. I delve into the CIA Triad, breaking down its relevance to everyday privacy concerns. The episode also takes a practical turn with a guide on using FindMyDevice on GrapheneOS, and the FindMyDevice feature on the Garmin Instinct 2 watch for tracking lost phones.I also tackle the debate between biometric authentication and passcodes, taking our threat model into consideration. For those interested in storage synchronization solutions, I discuss using Nextcloud for a variety of purposes, including photo backups, syncing Keepass, and markdown notes, highlighting its versatility for privacy.Join me for an episode packed with valuable insights and tips for enhancing your digital privacy and security as we welcome in 2024!This episode was recorded on January 3, 2024Follow Ray on Twitter @privacypodIn this week's episode:1. Closing 2023 with Privacy.com2. How the CIA Triad Relates to privacy3. Tracking Lost Phones with FindMyDevice on GrapheneOS and a Garmin watch4. Biometric authentication vs Passcodes5. Using Nextcloud for photo backups, Keepass Sync, and taking notes in Markdown6. Backups with Backblaze B2 and ResticShow Links:https://www.privacy.comhttps://strongboxsafe.comhttps://www.keepassdx.comhttps://grapheneos.orghttps://gitlab.com/Nulide/findmydevicehttps://obsidian.mdhttps://www.backblaze.com/cloud-storagehttps://restic.nethttps://www.garmin.com/en-US/p/775697Ray Ban Meta News: https://san.com/cc/investigation-into-new-meta-smart-glasses-brings-privacy-concernsMusic: The Lockdown"We suffer more often in imagination than in reality." - Seneca

In this week's show, Ray Heffer gives a farewell to Michael Bazzell's Privacy, Security, and OSINT show. Also, speculation about living in a faraday cage continues, and the reasons Firefox is still better than Brave for privacy and security. Ray also talks about when privacy techniques go wrong, with his lockout from Privacy.com.This episode was recorded on November 22nd, 2023Follow me on Twitter @privacypodThis week's episode:IntroductionNotable mention for Michael BazzellNew website and Twitter accountWhy I don't use Brave and the reasons Firefox is still the best optionWhen Privacy Techniques Go WrongLinks mentioned in the show:MITRE ATT&CK (Credentials from Web Browsers): https://attack.mitre.org/techniques/T1555/003/MITRE ATT&CK (Password Managers): https://attack.mitre.org/techniques/T1555/005/Tor Project Recommendations: https://support.torproject.org/tbb/tbb-9/Brave (VPN Services) Issue: https://github.com/brave/brave-browser/issues/33726Citi Virtual Credit Cards: https://www.cardbenefits.citi.com/Products/Virtual-Account-NumbersCiti (True Name) Card: https://banking.citi.com/cbol/updatemyname/default.htmIronVest (Formerly Abine Blur): https://ironvest.com/pricing/Wise Virtual Card (UK): https://wise.com/gb/virtual-card/Intro music: The Lockdown"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth." - Marcus Aurelius

In this week's FRIDAY FIELD NOTES, Ray Heffer discusses the Zero Trust security model, a framework that's revolutionizing how organizations protect their critical systems and data. Diving into the depths of cybersecurity, we clear up common myths and misinterpretations surrounding Zero Trust, illuminating its role as not just a defensive strategy but a comprehensive approach to modern threats.Zero Trust operates on the principle of "never trust, always verify," but what does this mean in practice? Zero Trust doesn't just look outward; it recognizes that threats also come from the inside. By assuming that a breach is not just possible, but has already happened, Zero Trust strategies are uniquely positioned to mitigate damage by insiders, whether malicious or accidental.This episode was recorded on November 9th, 2023Follow me on Twitter @privacypodThis week's episode:Introduction and Brill is living in a Faraday cageHow we got to Zero Trust by understadning the Cyber Kill ChainThe Principals of Zero TrustRecommended Zero Trust FrameworksNIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/pubs/sp/800/207/finalCISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-modelCyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.htmlIntro music: The Lockdown"Security is always seen as too much until the day it is not enough." — William H. Webster

Welcome to episode four of The Lockdown - The Practical Privacy and Security podcast.This episode was recorded on November 6th, 2023Follow me on Twitter @privacypodThis week's episode:1. I'm back!2. Traveling to London and Los Angeles3. A major privacy invasion for Jennifer Lawrence4. The Psychology of social engineeringIntro music: The Lockdown"To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment." - Ralph Waldo Emerson

Welcome to episode three of The Lockdown - The Practical Privacy and Security podcast.This episode was recorded on April 9th, 2023Follow me on Twitter @privacypodThis week's episode:1. The case of Zachary McCoy2. Why do all this?3. The Apple Ecosystem4. My experience with GrapheneOSGet GrapheneOS: https://grapheneos.org/The case of Zachary McCoy:https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-googleTracking Phones, Google Is a Dragnet for the Police:https://www.nytimes.com/interactive/2019/04/13/us/google-location-tracking-police.htmlDenmark frees 32 inmates over flaws in phone geo-location evidence:https://www.theguardian.com/world/2019/sep/12/denmark-frees-32-inmates-over-flawed-geolocation-revelationsIntro music: The Lockdown"The rights of one are as sacred as the rights of a million." - Eugene V. Debs

Welcome to episode two of The Lockdown - Practical Privacy and Security podcast. In this episode I share the saga of the LastPass breach, and my thoughts on password managers and authenticator apps. This episode was recorded on March 19th, 2023Follow me on Twitter @privacypodThis week's episode:1. The LastPass Breach2. Password Managers: Dashlane, 1Password, BitWarden, and KeePassXC3. Authenticator Apps: Google Authenticator, Aegis, and Authy.Recommended Password Managers:1. https://keepassxc.org (Desktop)2. https://www.keepassdx.com (Android only)3. https://strongboxsafe.com (iOS only)4. https://bitwarden.com (Top recommendation for cloud hosted)5. https://1password.com (Ease of use, and great option for cloud hosted)6. https://www.dashlane.com (Expensive, no desktop app)Recommended Authenticator Apps:1. https://authy.com2. https://getaegis.app (Android only)Get Yubikey: https://www.yubico.comIntro music: The Lockdown"In the long run, we will have to rebuild the universe of the online world to have security first and ease of use second." - Moxie Marlinspike

This episode was recorded on March 10th 2023.Follow me on Twitter @privacypodShow Links:Stalkerware: https://www.theregister.com/2023/02/07/stalkerware_developer_fined/IntelTechniques (List of People Search Sites): https://inteltechniques.com/workbook.htmlThis week's privacy tips:1. Privacy check-up / opt-out from people search sites2. Establish a Revocable Living Trust. Be sure to hire an estate planning attorney.3. Custom domains with Namecheap and add privacy.4. Setup a private mailbox with UPS.5. Use Privacy.com for virtual payment cards.6. MySudo virtual phone numbers. Stop being tracked, and avoid SIM swap attacks!7. Use SimpleMobile or Mint for a pre-paid cellphone option.Not Sponsors:https://www.privacy.com/https://mysudo.com/https://www.namecheap.com/Intro music: The Lockdown“Who controls the past controls the future. Who controls the present controls the past.” - 1984 by George Orwell