This week, I introduce Defensive OSINT, address privacy concerns while on the road, and examine the intricacies of alias usage and AI-based face morphing for photo alteration. Sharing insights from my recent travels, I highlight the need for vigilance and innovative strategies for maintaining privacy on the go. The episode explores the pros and cons of using alias names for hotel bookings, including the challenges of identity verification during check-in, while I discuss smart, alternative solutions for these scenarios. Join me as we navigate the complexities of preserving privacy in an era rife with survlleiance and data breaches, providing practical tips and advice for privacy-conscious travelers and digital citizens.
Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown
This episode was recorded on January 27, 2024

In This Week's Show:

1. Privacy on the road with hotels, VRBO rentals, and Uber
2. Why we do this, and the reasons behind our privacy lifestyle
3. A look at Defensive OSINT strategies
4. Face morphing our real photos for privacy
5. Location tracking on your phone
6. MySudo and pre-paid burner numbers
7. A surprise guest?

Show Links:

• Black Portable Hotel Door Lock: https://www.amazon.com/Portable-Security-Additional-Traveling-Apartment/dp/B0CFVS6NRN
• Python Script for ThisPersonDoesNotExist: https://github.com/locksec/tpdne_py
• Facemorph.me: https://facemorph.me
• Upscayl: https://www.upscayl.org
• File Optimizer: https://nikkhokkho.sourceforge.io/static.php?page=FileOptimizer

Intro voice-over: IRLRosie - Creative Commons Attribution license (reuse allowed)
Music: The Lockdown

This week on The Lockdown, The Practical Privacy & Security Podcast, we’re kicking off the new year with reflections, updates, and a deep dive into key privacy issues that are shaping 2025. From privacy settings on iOS and GrapheneOS, to AI assistants and their potential privacy pitfalls, this episode covers practical advice, insights, and solutions for everyday users. Additionally, I explore new state-level privacy laws across the U.S. and what they mean for both businesses and individuals.
In this week’s episode:

1. Reflecting on personal privacy practices and professional projects.
2. A look at U.S. state privacy regulations taking effect in 2025.
3. Privacy and security implications of voice assistants like Siri, Alexa, and Google Assistant.
4. Detailed privacy settings for iOS and why GrapheneOS is the better alternative.
5. AI assistants like ChatGPT and Claude, and their risks.
6. Privacy concerns with vehicles, focusing on data leaks and constant surveillance.
7. The intersection of cybersecurity and OSINT in modern attacks.

Show Links:

• Apple offers $95 million in Siri privacy violation settlement
• Amazon to pay $31 million in privacy violation penalties for Alexa voice assistant and Ring camera
• Nulide / FindMyDevice · GitLab
• British journalist could face years in prison for refusing to hand over his passwords to the police - Il Fatto Quotidiano
• Volkswagen EV data leak exposes personal information of 3.3 million people
• Tesla data helped police after Las Vegas truck explosion, but experts have wider privacy concerns

Support this show: https://www.patreon.com/c/TheLockdown
Official website: https://psysecure.com/podcast/
"If you want to keep a secret, you must also hide it from yourself."
-George Orwell
Podcast music: The R3cluse

In this week’s FRIDAY FIELD NOTES, Ray Heffer discusses the Zero Trust security model, a framework that's revolutionizing how organizations protect their critical systems and data. Diving into the depths of cybersecurity, we clear up common myths and misinterpretations surrounding Zero Trust, illuminating its role as not just a defensive strategy but a comprehensive approach to modern threats.

Zero Trust operates on the principle of "never trust, always verify," but what does this mean in practice? Zero Trust doesn't just look outward; it recognizes that threats also come from the inside. By assuming that a breach is not just possible, but has already happened, Zero Trust strategies are uniquely positioned to mitigate damage by insiders, whether malicious or accidental.
Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown
This episode was recorded on November 09, 2023

This week's episode:

1. Introduction and Brill is living in a Faraday cage
2. How we got to Zero Trust by understadning the Cyber Kill Chain
3. The Principals of Zero Trust
4. Recommended Zero Trust Frameworks

NIST Zero Trust Architecture (SP 800-207): https://csrc.nist.gov/pubs/sp/800/207/final
CISA Zero Trust Maturity Model: https://www.cisa.gov/zero-trust-maturity-model
Cyber Kill Chain: https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Intro music: The Lockdown
"Security is always seen as too much until the day it is not enough." — William H. Webster

Welcome to episode two of The Lockdown - Practical Privacy and Security podcast. In this episode I share the saga of the LastPass breach, and my thoughts on password managers and authenticator apps.
Follow on Twitter (X): @privacypod
Support the show: https://www.patreon.com/TheLockdown
This episode was recorded on March 19, 2023
This week's episode:
1. The LastPass Breach
2. Password Managers: Dashlane, 1Password, BitWarden, and KeePassXC
3. Authenticator Apps: Google Authenticator, Aegis, and Authy.
Recommended Password Managers:
1. https://keepassxc.org (Desktop)
2. https://www.keepassdx.com (Android only)
3. https://strongboxsafe.com (iOS only)
4. https://bitwarden.com (Top recommendation for cloud hosted)
5. https://1password.com (Ease of use, and great option for cloud hosted)
6. https://www.dashlane.com (Expensive, no desktop app)
Recommended Authenticator Apps:
1. https://authy.com
2. https://getaegis.app (Android only)
Get Yubikey:
https://www.yubico.com
Intro music: The Lockdown
"In the long run, we will have to rebuild the universe of the online world to have security first and ease of use second." - Moxie Marlinspike

This week we go back to the basics of privacy and security for the average Joe or Jane, and discuss the latest iPhone settings for privacy. I also discuss the Twilio Authy API abuse that resulted in 33 million phone numbers for Authy accounts being exposed. Huge thank you to the Patreon supporters!
In this week's episode:

1. Back to the basics
2. Advice for the 'average Joe'
3. The Twilio Authy API breach
4. iPhone privacy settings
5. Listener question on doorbell cameras

Show Links:

• 1Password Security Audits: https://support.1password.com/security-assessments/
• Bitwarden Security Audits: https://bitwarden.com/help/is-bitwarden-audited/
• Twilio Breach: https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
• MySudo: https://mysudo.com/
• ProtonMail: https://protonmail.com/
• StrongBox: https://strongboxsafe.com/
• KeepassDX: https://www.keepassdx.com/
• Amcrest Cameras: https://www.amazon.com/gp/product/B07ZJS3L5Y

- Edward Snowden

Podcast music: Recluse by Ray Heffer