The FBI has issued a warning that, in an attempt to gain access to sensitive data at organisations, crooks are using deepfake video when applying for remote working-at-home jobs.
The FBI’s Internet Crime Complaint Center (IC3) says there has been an increase in reports that deepfake video and audio is being used by criminals when applying for positions that involve access to personal identifiable information (PII), financial data, corporate IT databases, and proprietary information.
According to the warning, the fraudsters can also use stolen PII when applying for remote positions, perhaps to skirt around pre-employment background checks.
In the advisory, the IC3 explains that there can be tell-tale clues that the video call may be deepfaked:
Complaints report the use of voice spoofing, or potentially voice deepfakes, during online interviews of the potential applicants. In these interviews, the actions and lip movement of the person seen interviewed on-camera do not completely coordinate with the audio of the person speaking. At times, actions such as coughing, sneezing, or other auditory actions are not aligned with what is presented visually.
Gesundheit!
Individuals or companies who identify that deepfake technology is being used by someone applying for a job are advised to report it to the IC3.Companies or victims who identify this type of activity should report it to the IC3.
For more on the problems that could be caused by Zoom deepfakes, including an example where a deepfaked Elon Musk joined a video call, listen to this episode of the “Smashing Security” podcast from 2020:
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Or you could be one of your colleagues. Right?
Colleagues? You mean my cats? Meow, meow, meow, meow, meow, meow, meow, meow, meow, meow.
Smashing security episode 175 zoom deepfakes Zadoz and Rona Tracing With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 175.
My name's Graham Cluley.
My name's Graham Cluley.
And I'm Carole Theriault.
And we're joined this week by a returning guest, a very popular guest. It can only be the one, the only, Maria Varmazis.
The best guest, Maria.
Yay.
I'm not Gary. I'm sorry that I'm not Gary, but I'm Maria.
Oh no, Gary was great, but you're great. Yeah, it was pretty cool having him on.
And it's also pretty cool receiving voicemails.
Who's it from?
I think you're going to recognize who it is.
I really enjoy Smashing Security. I listen to each new episode every week.
Is it my hubs?
Yes.
I talk to my wife about this podcast all the time. Sure, she finds this really annoying. I do wish there were more talks about chess and that Maria was on way more often.
Aww. Aww.
Aww.
Oh, it's my sweetie pie.
Aww.
There he is.
He likes the podcast so much, he married the guest. There you are. I don't know if that's you or Graham.
After hearing me on Smashing Security. He's a lucky guy. Yes, after.
He's a lucky guy. We all know that.
Before that, you were just a spinster. Nobody wanted you, Maria. But you appear—
You made— You both made my dreams come true.
I don't think you can be a spinster at 24. Oh, I think you can.
You think I'm 24?
Well, before you met Eric.
So, Carole, what's coming up on the show this week?
Well, first, Graham, let's thank this week's sponsors, Boxcryptor and LastPass. Their support helps us give you this show for free.
Now, on today's show, Graham zooms off to find yet another snafu with the video conferencing app everyone's talking about.
Maria is once again knocking on Facebook's door asking WTF, and I chat about the Rona tracing apps that might help us get back up and running.
All this and much more coming up on this episode of Smashing Security.
Now, on today's show, Graham zooms off to find yet another snafu with the video conferencing app everyone's talking about.
Maria is once again knocking on Facebook's door asking WTF, and I chat about the Rona tracing apps that might help us get back up and running.
All this and much more coming up on this episode of Smashing Security.
Now, chums, I almost think we should have a rule.
Just like we have a rule about not discussing the weather on the podcast, I feel maybe we shouldn't keep on talking about Zoom because Zoom's been everywhere, hasn't it?
It's been in the headlines every—
Just like we have a rule about not discussing the weather on the podcast, I feel maybe we shouldn't keep on talking about Zoom because Zoom's been everywhere, hasn't it?
It's been in the headlines every—
Well, then why are you talking about it now?
Well, because—
It feels kind of unfair to pick on them. You know?
It does a little bit. It's so strange, isn't it, that they are the one which sort of captured the zeitgeist.
Everyone suddenly was installing Zoom rather than Skype, which has been around for donkey's years and does pretty much the same job as far as I can see.
For some reason, Zoom was the one which captured people's imagination.
Everyone suddenly was installing Zoom rather than Skype, which has been around for donkey's years and does pretty much the same job as far as I can see.
For some reason, Zoom was the one which captured people's imagination.
Well, yeah, because they had 10 million users, and then a month later they had 50 million users.
So it's kind of good that a bunch of security boffins went out and checked out to see how secure or insecure they were. I know why everybody went to Zoom.
So it's kind of good that a bunch of security boffins went out and checked out to see how secure or insecure they were. I know why everybody went to Zoom.
That's easy. You don't have to download an app for it. You can just run it out of your browser.
And they'll install it whether you want it or not. That's very true.
So even my aunt, who has absolutely no technical skills, can use Zoom, but she can't download Skype.
Now, it's not just middle managers and middle-aged book club members who are finding themselves tuning into Zoom calls and feeling the pressure of curating their bookshelf and tidying up mess.
By the way, that's one of the most fun things I'm doing when watching TV at the moment.
Is every time someone pops up on a news or a magazine program, I'm not really interested in what they're saying, but we're playing the game of checking out their bookshelf and seeing what books they've got.
By the way, that's one of the most fun things I'm doing when watching TV at the moment.
Is every time someone pops up on a news or a magazine program, I'm not really interested in what they're saying, but we're playing the game of checking out their bookshelf and seeing what books they've got.
You need to get one of those green screens that pops onto the back of your chair. Yeah, those are great.
Doesn't Zoom have some weird background that you can employ to blur it up?
Yes. My background alternates between a huge stack of toilet paper and the Engineering from the Starship Enterprise. I alternate between the two.
What are these? These are apps that you can download to sex it up?
They're just images. Just pick it.
Oh, you just put an image? You can just literally just—yeah, behind you.
I also had Sean Connery in Zardoz as my background. Nobody could look at me with a straight face when you saw him in the red loincloth with all his chest hair. It was great.
I love it.
I love it.
I hope you were positioned appropriately to—
I absolutely was. Absolutely. So you could just see all of his glory.
Well, it's not just Maria and her ilk who use it. My son, who's only 9 years old, he received a Zoom meeting invitation from his young friends, Rex and Phoebe.
My niece who's 5 gets them.
Right.
I'm having a Zoom birthday party for my daughter. Oh. See?
My kid hasn't seen any other kids for weeks. So we thought he'd be chomping at the bit to have some contact with someone less than 5 foot tall.
And it was all set up and it's, okay, yes, let's go into the— Let's go, come on, come on, little Timmy. His name's not Timmy. Come on, Timmy, come on, follow me.
Let's go down to the pleasure palace at the bottom of the garden. Let's sit up on the big screen. And he comes down and everything. Suddenly gets all camera shy.
So basically it's the two mums chatting to each other and the kids.
And it was all set up and it's, okay, yes, let's go into the— Let's go, come on, come on, little Timmy. His name's not Timmy. Come on, Timmy, come on, follow me.
Let's go down to the pleasure palace at the bottom of the garden. Let's sit up on the big screen. And he comes down and everything. Suddenly gets all camera shy.
So basically it's the two mums chatting to each other and the kids.
Bored as always.
He just didn't want to do the video call. And I think truth is many of the rest of us want to get out of video meetings. We're doing anything we can to make them bearable.
Maria, you've got your toilet roll mounting.
Maria, you've got your toilet roll mounting.
Yes, I do.
I think you're being a bit harsh. I am grateful to the back of my teeth that we have video calls and the like to keep me connected with people I like.
Do you like it on video? We never video call each other.
Yeah, I said people I like. People I like. Not people I work with.
So, some people are being very creative to keep themselves engaged. So for instance, Iain Thomson, friend of the show, he was a guest way back when.
Oh yeah, yeah.
He's been doing fancy dress every Zoom call. Different one each day. And on the 38th day, he dressed up as Joe Exotic from Tiger King. So he's there in his leopard print.
I hope he didn't really look like him, 'cause that would be a very sad state of affairs.
Oh no, no, no, no, no. I think he just has a lot of leopard print in his cupboard. But you can understand why people are nervous.
What if you have acne, bad hair, spinach between your teeth? What if you're just fucking ugly?
What if you have acne, bad hair, spinach between your teeth? What if you're just fucking ugly?
No one's looking at the other people when they're doing these things. They're just looking at themselves, aren't they?
It's impossible not to. It's like you see a mirror in front of you. I have to disable my video of myself, otherwise I can't really—
I have to as well.
Yeah.
Exactly.
It's too distracting.
I just look into those beautiful eyes, those deep pools of desire, and I just think, look at that hot hunk of love there. And so I have to turn it off. I have to disable the webcam.
True.
Sorry, Crow, you alright?
Yeah, I'm fine.
Well, look, help is at hand if you're one of those people who don't want to be on the video call, because there is now an open source piece of software called Avatarify.
Avatarify, I don't know.
Avatarify, I don't know.
They did not work with marketing. Avatarify.
Avatarify. Avatarify. I keep on saying Avafartify.
I'm avatarified of that name.
You're terrified of it. What it does is it takes the input from your webcam and then deepfakes someone else's face onto yours.
So, it doesn't care what video conferencing app you're using.
So, it doesn't care what video conferencing app you're using.
So I really can be Sean Connery from Zardoz?
You could be!
I need to do this! I'm getting on that.
Or you could be one of your colleagues. Right?
Colleagues. You mean my cats? Meow, meow, meow, meow, meow, meow, meow, meow, meow, meow. I could be pickles or chili. Which one?
It doesn't care if you're using Skype or Zoom because it's just looking at the webcam thing and just meddling with it before it goes to the app. Right.
Now, in the old days, June last year, Jessica Barker in episode 134, she told us how scammers in France had made a stage set, had created a silicone mask, they dimmed the lights, and pretended to be the French Defence Minister.
Now, in the old days, June last year, Jessica Barker in episode 134, she told us how scammers in France had made a stage set, had created a silicone mask, they dimmed the lights, and pretended to be the French Defence Minister.
Oh yeah.
And they conned €80 million out of people via a dodgy video call. Nowadays, they could do all of that with software. So you don't need an amateur dramatics group to help you out.
Now, avatarify—
Now, avatarify—
Avatarify. It's not hard.
It is hard.
Avatarify. Avatarify.
It's avatarify.
It's a bit like cesia. It's one of those words which is very tricky to say. Avatarify. Yes.
So Avatarify was released by a programmer called Aliyev on GitHub, based upon existing deepfake projects.
So he didn't recreate it from scratch, but it works in real time, replacing your faces. It only took him a couple of hours to whisk it up.
So Avatarify was released by a programmer called Aliyev on GitHub, based upon existing deepfake projects.
So he didn't recreate it from scratch, but it works in real time, replacing your faces. It only took him a couple of hours to whisk it up.
I'm sure he did great security testing.
Well, before you know it, he was testing it on his colleagues on their regular Monday morning Zoom call.
And he's actually produced a video which you can check out, which purports to be a Zoom call between two of his colleagues when an unexpected visitor arrives.
And he's actually produced a video which you can check out, which purports to be a Zoom call between two of his colleagues when an unexpected visitor arrives.
Wait a second. Somebody's trying to connect to our conference. Okay, who is it? I don't know, one second. Hey guys! Are you Elon Musk?
Yes, looks like I got into the wrong conference in Zoom. How are you doing, guys? Good, how are you? I'm nice, thank you.
Yes, looks like I got into the wrong conference in Zoom. How are you doing, guys? Good, how are you? I'm nice, thank you.
Yeah, I'm sorry. No, that looks weird. That's not gonna convince anybody.
Right. It's not entirely convincing, but then—
The dead eyes. Oh my god. Dead fish eyes going on, and the mouth going—
Well, maybe that is convincing Elon Musk, right? I mean, you know, he's not entirely convincing.
Oh, is that what you're trying to suggest, that he's not as good-looking and fetching as you, Graham?
I'm just saying he's a little bit alien anyway. So maybe people would fall for it.
And if you have a rubbish internet connection, you're used to seeing low-quality video and artifacting.
Or if you're in a meeting with 10 other people all streaming their webcam, your picture's quite small and blurry anyway. Now, it's not perfect, as you can see.
It is pretty easy to work out the moment, and it doesn't do voices, but surely that is only a matter of time, and some of these issues will get fixed.
And if you have a rubbish internet connection, you're used to seeing low-quality video and artifacting.
Or if you're in a meeting with 10 other people all streaming their webcam, your picture's quite small and blurry anyway. Now, it's not perfect, as you can see.
It is pretty easy to work out the moment, and it doesn't do voices, but surely that is only a matter of time, and some of these issues will get fixed.
Are you seriously suggesting that this is how people deal with their shyness on video content?
No.
Is that what this is about?
No, I'm just suggesting this is a scary new way in which deepfake technology is going.
If you think about how far we've come in the last two years, and now this is happening in real time. We know already some people are capable of deepfaking audio.
This doesn't do voices, but—
If you think about how far we've come in the last two years, and now this is happening in real time. We know already some people are capable of deepfaking audio.
This doesn't do voices, but—
So you're thinking that in a year or two, someone's gonna call me up purporting to be you, have your mug on his or her face, and go, hey, hey, hey, Carole, podcast stuff, blah, blah, blah, blah, and I'm gonna fall for it.
Or somebody could Zoom bomb one of the current Zoom meetings. I mean, do you really know what people sound like, though? I mean, voices, does it even matter?
Unless the person has a distinctive voice and you're really familiar with them. If you just fake it, if it's a male voice and you're a man, most people would probably go, okay.
Unless the person has a distinctive voice and you're really familiar with them. If you just fake it, if it's a male voice and you're a man, most people would probably go, okay.
Or maybe you pretend you got a cold. You're talking about that all the time, right?
Yeah, I think if somebody Zoom bombed a meeting, I don't know why you would do this and why this would convince somebody, but if you tried it, it might actually be crazy enough to work.
Not that I'm going to do it as Sean Connery, but I mean, I don't know why you mentioned that.
Not that I'm going to do it as Sean Connery, but I mean, I don't know why you mentioned that.
I reckon it's only a matter of time, Maria, until you're donning his mankini, his space-age mankini. You've got the fake chest wig on.
Have you not seen Zardoz?
Carole, do you not know this movie?
You've not been drinking enough. Are you hydrated?
What?
Have you not seen Zardoz, Carole?
No.
No, I'm sorry. Oh, well, okay. Well, a giant floating head with guns coming out of its mouth just how the movie starts. So, you know, I'm running to it now. You need to see it.
You need to see it. That's my pick of the week, by the way.
You need to see it. That's my pick of the week, by the way.
Maria, what's your story for us this week?
Can we just talk about Zardoz some more? Would that be all right?
I think we should do maybe a commentary on it.
I don't think that would be good for our Patreon supporters. Come on.
What have you got for us, Maria?
Facebook is doing a thing. Actually, you know, Facebook's not— I mean, it kind of is. All right, so here's my story.
So in the special kind of stupid that only America can provide, there are people in this great land protesting coronavirus quarantine measures in large groups.
So in the special kind of stupid that only America can provide, there are people in this great land protesting coronavirus quarantine measures in large groups.
Which of the states are the worst for this?
I don't know about worst, but it's basically every state has had one of these protests. Even my state of Massachusetts, we had one.
Really?
Even Massachusetts?
Yeah, tiny, tiny little—
Practically British.
Yes, we're New England, dammit. We've had, I think every state has had one at this point. Sure feels like it. And they're very small gatherings.
Like, my wedding was bigger than most of these gatherings.
Like, my wedding was bigger than most of these gatherings.
But you are Greek.
No, no, I had a small wedding actually. Okay, point of correction.
But I mean, these gatherings are not terribly big, but they are happening, and people are not social distancing at these, and they're certainly not wearing any kind of protection most of the time.
Sometimes you see people with masks on anyway. It's really weird.
But I mean, these gatherings are not terribly big, but they are happening, and people are not social distancing at these, and they're certainly not wearing any kind of protection most of the time.
Sometimes you see people with masks on anyway. It's really weird.
It is weird when you see them having a banner and they've got a mask on.
Yeah, the cognitive dissonance is, I mean, I've been living here for my whole life and even I'm just stunned by it. I just didn't think it was possible.
So are these protests saying we want to go back to work and we don't want to wait for the go-ahead? This is unfair. It's against our amendment, right?
Yeah.
These are protests that are sort of directed usually at the governor of everyone's respective state saying these measures are too draconian and we need to just go back to normal and let people die who are going to die and cull the herd kind of thing.
Absolutely. I mean, I wish I was exaggerating, but people actually have signs saying things like, "Let the weak die." I mean, it's just, I just—
These are protests that are sort of directed usually at the governor of everyone's respective state saying these measures are too draconian and we need to just go back to normal and let people die who are going to die and cull the herd kind of thing.
Absolutely. I mean, I wish I was exaggerating, but people actually have signs saying things like, "Let the weak die." I mean, it's just, I just—
It's one of your constitutional rights, I imagine, isn't it? To choose the moment of your death, perhaps, and the method.
Well, I mean, so the reason I'm even talking about this story on this podcast is there is actually a Facebook tie-in.
So Facebook has announced, as part of their whole trying to actually help and squash misinformation about COVID-19, that they're actually trying to quash these events because I think people are organizing them in large part through Facebook events.
So they're waiting for the states to tell them, hey, there's a protest being planned, you should put a stop to this, Facebook.
It sounds like they're not actually going out and seeing them and taking them down themselves unless the state is telling them to.
So Facebook has announced, as part of their whole trying to actually help and squash misinformation about COVID-19, that they're actually trying to quash these events because I think people are organizing them in large part through Facebook events.
So they're waiting for the states to tell them, hey, there's a protest being planned, you should put a stop to this, Facebook.
It sounds like they're not actually going out and seeing them and taking them down themselves unless the state is telling them to.
Oh, so Facebook is saying if we're asked by the authorities, then we will take these Facebook events down.
Right.
I think it's maybe more complicated than that.
How does this work?
So you have— you've got Donald Trump who keeps flirting with let's open up the states. Sorry, the states.
Yeah, the states. Just business. Yeah.
But it's the governors that make that decision, that make that call.
Correct.
So Trump's saying open them up, please. And you've got the governors going no way, Jose.
And some are saying, oh, okay, if you say so, then that's great for me because we have no money. You know, we need to get people back to work.
And some are saying, oh, okay, if you say so, then that's great for me because we have no money. You know, we need to get people back to work.
So, yeah, I mean, people are certainly hurting.
I mean, even where I'm at, a lot of my neighbors are really, really hurting and nobody's been getting the money from the government that we were told we would be getting.
So I get the why in some cases why people are hurting.
The sort of weird catch-22 of Facebook waiting for a state to tell them, the reason this is sort of a flag to me is that that can flirt kind of dangerously with a governor saying you can't protest, which is basically a First Amendment violation.
So there's a great quote here from Ohio Governor Mike DeWine that says, the governor values the First Amendment and asks that protesters practice social distancing by standing at least 6 feet apart.
I mean, even where I'm at, a lot of my neighbors are really, really hurting and nobody's been getting the money from the government that we were told we would be getting.
So I get the why in some cases why people are hurting.
The sort of weird catch-22 of Facebook waiting for a state to tell them, the reason this is sort of a flag to me is that that can flirt kind of dangerously with a governor saying you can't protest, which is basically a First Amendment violation.
So there's a great quote here from Ohio Governor Mike DeWine that says, the governor values the First Amendment and asks that protesters practice social distancing by standing at least 6 feet apart.
So you're saying governors can't actually ask this because it's a First Amendment problem?
I don't know if they can't or they might and then just wait and see what happens later. It might be one of those, like, we'll deal with the ACLU later.
Right now we need to keep people alive. Certainly some state authorities have asked Facebook to do this.
I don't know if it's literally the governor, but I imagine if states come in and say, we need to put an end to this, Facebook, stop it, people are gonna say, actually, it's my right to protest and get other people sick.
This country, I swear to God.
So, but Zuck was saying that his company is working to remove posts that violate basically the best practices, and they are also going to try to put a stop to anything that violates social distancing measures.
So I can imagine someone would be, I'm creating an event, but it's required that all attendees stand at least 6 feet apart. That might be enough to get around this. Who knows?
It's such weird times.
Right now we need to keep people alive. Certainly some state authorities have asked Facebook to do this.
I don't know if it's literally the governor, but I imagine if states come in and say, we need to put an end to this, Facebook, stop it, people are gonna say, actually, it's my right to protest and get other people sick.
This country, I swear to God.
So, but Zuck was saying that his company is working to remove posts that violate basically the best practices, and they are also going to try to put a stop to anything that violates social distancing measures.
So I can imagine someone would be, I'm creating an event, but it's required that all attendees stand at least 6 feet apart. That might be enough to get around this. Who knows?
It's such weird times.
Okay, but you know, so is that— I think it is, but you know, on Thursdays in the UK, in the evenings, we have a little clap-a-thon from our gardens for first responders.
Yeah.
And I don't know if you saw on Friday last week, there was a huge hoo-ha because the Met Police organized a clap-a-thon on Westminster Bridge. Loads of people showed up.
They're all hanging out on the bridge. Some people holding babies. Nobody's masked. Everyone's just hanging around clapping.
Ironically for the health first responders who were actually going to probably save some of the people's lives.
They're all hanging out on the bridge. Some people holding babies. Nobody's masked. Everyone's just hanging around clapping.
Ironically for the health first responders who were actually going to probably save some of the people's lives.
They're all going, "Go home!"
"Go home!" And I saw first responders responding to it on Twitter.
Yes, don't blame them.
And saying, "What the bloody hell do you think you're doing?" Yes!
It was just incredible, and it was just such a huge— It was embarrassing to see, and I'm sure those involved were just, "Oh my God." I mean, that is certainly a bad idea, what they're doing.
It's sort of misplaced kindness. Road to hell. Yeah, yeah.
The protests though that are happening around the states, as many of us have been reading about, there is some credible evidence that they have been astroturfed.
They have been not exactly a groundswell of grassroots support, that maybe some folks with malicious intent have been planting the seeds on this discussion to try and manipulate people into this kind of action.
The protests though that are happening around the states, as many of us have been reading about, there is some credible evidence that they have been astroturfed.
They have been not exactly a groundswell of grassroots support, that maybe some folks with malicious intent have been planting the seeds on this discussion to try and manipulate people into this kind of action.
I would not be surprised at all, especially after all the things that were unveiled after the 2016 election.
Yeah.
Oh, whoa, whoa, whoa. I'd be very surprised if someone was meddling in such a fashion. There's no track record of anything like that, is there?
Are you individual number one? Is that what you're saying? Yeah, it's interesting, scary, sad. Thankfully, these folks that are doing this kind of protesting are the tiniest minority.
The vast majority of people here regardless of their political affiliation have good sense.
The vast majority of people here regardless of their political affiliation have good sense.
Hey, but you still have cell phone masks, so there's that.
Oh, please.
Again, I understand the economic pressures that people are under. I'm around it all the time. I'm out of work. I get it. It's just, I mean, you can't shoot a virus, America.
It just doesn't work that way.
And there certainly is a contrarian streak in this country of folks seeing everybody doing one thing for the common good, and there's always going to be other folks that go, well, F that.
It just doesn't work that way.
And there certainly is a contrarian streak in this country of folks seeing everybody doing one thing for the common good, and there's always going to be other folks that go, well, F that.
Do you not think it's just an effort in gaslighting? Do you think the people that are there are really saying, we want all the lockdown lifted and it's okay?
Well, listen, I mean, tomorrow in Massachusetts, Governor Baker could say, hey, lockdown's lifted, go about your business. Everybody's still gonna stay home around here.
Nobody wants this. I mean, the governor could say whatever, but that doesn't change what's actually happening in the hospital.
So, you know, I'm not waiting for the governor to give me the okay. Let me put it that way.
Nobody wants this. I mean, the governor could say whatever, but that doesn't change what's actually happening in the hospital.
So, you know, I'm not waiting for the governor to give me the okay. Let me put it that way.
So would you like it if Facebook and other social media sites were being more proactive about doing something about this, or do you think that's the wrong approach as well?
Yeah, that's what I've been chewing on a lot, because I do understand the First Amendment issue that could come up with this.
That said, I mean, this actively puts people in harm's way.
I mean, even if these folks just infect each other, there are more bodies in the hospital, could get more health workers sick and get out and, you know, infect innocent people.
To me, it's— oh my God, I can't believe I'm about to say this— it's a hair away frankly. So, oh boy, I'm gonna get reamed for that.
That said, I mean, this actively puts people in harm's way.
I mean, even if these folks just infect each other, there are more bodies in the hospital, could get more health workers sick and get out and, you know, infect innocent people.
To me, it's— oh my God, I can't believe I'm about to say this— it's a hair away frankly. So, oh boy, I'm gonna get reamed for that.
Well, on that cheery note—
What, the reaming? No, no, just— oh man, nobody's gonna like that I said that, but I think these people are crazy dangerous.
You know what, we're gonna censor it. No one's gonna know what you actually—
Okay, okay, thank you.
Just that word's gonna be bleeped.
All right, whatever, I'm already out of work. Nobody can get me less out of work now, so it's fine. Whatever, my reputation's already in the shitter. It's because I come on this show.
Carole, what's your story for us this week?
Okay, well, you know, it ties in well with Maria's topic, right?
So, is it about coronavirus?
Well, what isn't these days, right? So people need to get back at work. The economy needs people back to work. Companies want their staff back.
People want to go back to work so they can keep a roof over their heads and food in their bellies. And the question is, how do we do this safely?
We don't want companies to become big breeding grounds for the virus.
People want to go back to work so they can keep a roof over their heads and food in their bellies. And the question is, how do we do this safely?
We don't want companies to become big breeding grounds for the virus.
No.
And we don't want to overwhelm hospital capacity like we talked about. So we need something that protects the economy, first responders, and everybody else.
Yet countries are right now relaxing lockdown rules. We're seeing it happen in places like you said in the States, but also in Europe.
Germany is just starting to do it as well with small shops.
But there seems to be a general consensus amongst the scientists that tracking infections is the key to controlling the spread.
So in other words, if you can trace, contact trace, how would I put this?
Yet countries are right now relaxing lockdown rules. We're seeing it happen in places like you said in the States, but also in Europe.
Germany is just starting to do it as well with small shops.
But there seems to be a general consensus amongst the scientists that tracking infections is the key to controlling the spread.
So in other words, if you can trace, contact trace, how would I put this?
I think that's it. So if you can identify who's been infected and who they've come into contact with, gives you a heads up as to who else might be spreading it, right?
It would help contain future flare-ups, right?
So there's all these guys out there, these countries and even businesses that are trying to find a way that we can actually contact trace people.
There's pluses to it because you could automate the assessment of who's at risk and telling them to go see a doctor or to get tested or to self-isolate.
There's an international scramble to get all these track and trace systems up and running. And there's— I read somewhere, in a plague, civil liberties are suspended.
The trick here is to balance the limiting of the spread of the disease without us waking up in an Orwellian surveillance state.
Because there's careful balancing here, because once we put something in place, it isn't gonna be easy to get rid of.
So there's all these guys out there, these countries and even businesses that are trying to find a way that we can actually contact trace people.
There's pluses to it because you could automate the assessment of who's at risk and telling them to go see a doctor or to get tested or to self-isolate.
There's an international scramble to get all these track and trace systems up and running. And there's— I read somewhere, in a plague, civil liberties are suspended.
The trick here is to balance the limiting of the spread of the disease without us waking up in an Orwellian surveillance state.
Because there's careful balancing here, because once we put something in place, it isn't gonna be easy to get rid of.
Even if that isn't the intention. The problem is perception, isn't it?
Because you need the public to be on board with whatever you're going to do, your way of using technology to track and trace people.
And so they need to be reassured that there's no chance that something dodgy might happen in the future.
Because you need the public to be on board with whatever you're going to do, your way of using technology to track and trace people.
And so they need to be reassured that there's no chance that something dodgy might happen in the future.
I don't know. I think it's more than that, but there's lots of different approaches. So I almost didn't do this story because it's just too crazy, right?
Every single country is applying this slightly differently.
Every single country is applying this slightly differently.
Yes.
So I'd love to be able to say this is what they're doing, but I kind of have two camps here. One camp is the centralized network-based location tracing.
The reason people use this approach is it means you eliminate the need for apps, right? They need the phone, but they don't need to download an app.
So you get rid of people voluntarily downloading or basically choosing not to.
These network-based solutions basically have access to raw location data and they can alert you if you've been near somebody. Significant privacy problems, many say.
The reason people use this approach is it means you eliminate the need for apps, right? They need the phone, but they don't need to download an app.
So you get rid of people voluntarily downloading or basically choosing not to.
These network-based solutions basically have access to raw location data and they can alert you if you've been near somebody. Significant privacy problems, many say.
Oh yeah.
South Korea, instead of using a dedicated app, used a system gathering tracking information from a variety of sources, including your mobile device tracking data, card transaction data, and combined all these to generate notices or SMS messages to potentially infected individuals.
And in addition to using this information to alert potential contacts, the government also made this location information publicly available. So basically saying, oh, right.
And this is something that wouldn't be permitted here in the UK. Thank you, privacy laws. But this happened because of the MERS outbreak.
And so back then they changed some of the privacy laws.
And in addition to using this information to alert potential contacts, the government also made this location information publicly available. So basically saying, oh, right.
And this is something that wouldn't be permitted here in the UK. Thank you, privacy laws. But this happened because of the MERS outbreak.
And so back then they changed some of the privacy laws.
Being too nerdy, and I know it's your favorite topic, but wouldn't GDPR have an impact there?
Because even if it's happening in South Korea, if you were a European who was visiting South Korea and your personal information and you were being tracked, wouldn't that potentially be?
Because even if it's happening in South Korea, if you were a European who was visiting South Korea and your personal information and you were being tracked, wouldn't that potentially be?
Yeah, but no one's traveling right now, dude.
Okay, yes, true, true. Okay, ah, damn, damn, you ruined it.
Sorry, gotcha.
Oh, shit. Zing zang. Okay, so that's the centralized network-based location tracing, right? Now the other approach, the other camp is privacy-preserving contact tracing.
Personally, I find that name a little rich. I would say privacy-friendlier solution. OK. And this uses Bluetooth, right? BLE.
So it basically uses that to log a user's proximity to other mobiles.
And then users can receive a message they've been in close contact with someone who tested positive for COVID-19.
Personally, I find that name a little rich. I would say privacy-friendlier solution. OK. And this uses Bluetooth, right? BLE.
So it basically uses that to log a user's proximity to other mobiles.
And then users can receive a message they've been in close contact with someone who tested positive for COVID-19.
Interesting. OK.
So that wouldn't track your specific location, but it'd be basically pinging to see what other devices are in your vicinity.
And over time, if one device is known to belong to someone who has the disease, they can say, oh, but they also came into close contact with these people as well, or these devices too.
That's right.
And over time, if one device is known to belong to someone who has the disease, they can say, oh, but they also came into close contact with these people as well, or these devices too.
That's right.
But you can imagine, think about it in actual practice, right? So imagine we all, along with, I don't know, 30 other people— how many?
I don't know how big the supermarket is, but we're all in a supermarket, right? And there's one guy there who's infected.
I don't know how big the supermarket is, but we're all in a supermarket, right? And there's one guy there who's infected.
Yeah.
And everyone's phone goes off but his, right? Saying, ding, ding, ding, potential infection! And everyone runs out of the store.
I don't think it works in real time quite like that. I don't think it's Scarlet Letter, I don't think it's diagnosing someone and saying, whoop, whoop, whoop.
It's not a radar or a Geiger counter telling you someone's close to the grenade.
It's not a radar or a Geiger counter telling you someone's close to the grenade.
No, maybe it's just play an obnoxious ringtone like it's the early 2000s again, like Crazy Frog, and everyone's gonna go, "Ah, fuck," and then just— Oh yeah, and that'll get everybody running.
So Apple and Google say they're working together on interoperability for their Bluetooth, so that people with Android iOS devices— It would be nice. Yeah, wouldn't it be nice?
It took this, guys.
It took this, guys.
Heal the world. World healing.
Took a pandemic to finally get you guys to play nice together.
But it would have to be turned on all the time.
It would have to be turned on all the time. And there's a number of— you know, this isn't a perfect solution either.
I mean, does this mean that people have to carry their phones around with them all the time?
I mean, does this mean that people have to carry their phones around with them all the time?
Yeah, 'cause a lot of people don't. And a lot of people don't keep Bluetooth on. I certainly don't. I know my husband doesn't.
What's gonna happen to your battery life?
Also privacy issues. My husband never has his on. He just always has it turned off.
And Graham, when I was talking to him about this story earlier, he said, "Well, what if someone just duct taped the phone to a cat and let it run around?"
You know, an infected flare.
Around the neighborhood.
See, I give you credit. I didn't steal it clean.
Hey, cats can get coronavirus, but dogs can't.
Oh, that's true. That's true.
Or what if you're in a tower block and the people on the floor below have got it. You never come into contact with them, maybe other than perhaps in the elevator.
Your phone's constantly pinging, "You're still there!" Exactly, but some data's being collected that you were in the vicinity.
It's a very difficult thing to do reliably, and I think if it's prone to making lots of mistakes—
Your phone's constantly pinging, "You're still there!" Exactly, but some data's being collected that you were in the vicinity.
It's a very difficult thing to do reliably, and I think if it's prone to making lots of mistakes—
Well, I don't know, I don't think anyone knows whether it's prone to make a lot of mistakes yet, and also you have to remember we're in a— We're in a fricking pandemic, clearly, so something has to be done.
So we can sit there and poke holes in all the suggestions, but take this. This is one of the biggest problems with this.
Modeling by researchers at Oxford University suggested that 80% of all smartphone users in a city of 1 million people would have to use the tracking system to halt the virus spread.
So 80% of people in a 1 million people city have to be using it, otherwise it won't work.
So we can sit there and poke holes in all the suggestions, but take this. This is one of the biggest problems with this.
Modeling by researchers at Oxford University suggested that 80% of all smartphone users in a city of 1 million people would have to use the tracking system to halt the virus spread.
So 80% of people in a 1 million people city have to be using it, otherwise it won't work.
Oh no, you're poking holes in it.
Okay, so that means you've got to get a lot of people to use it.
Right.
And Germany are saying, "Hey, we really like this idea, but we want this to be voluntary." Colombia did something like what I expect maybe the UK or the United States to try and do to get people on board is to give them a little treat, an incentive.
As a treat.
So the Corona app in Colombia is a government mobile app, and it's been downloaded by 1.2 million users.
So it's still quite small in terms of population, but it's a free application which doesn't consume any data.
And the idea is it helps detect affected areas and nearby people with a positive diagnosis. Graham, listen, listen up.
So it's still quite small in terms of population, but it's a free application which doesn't consume any data.
And the idea is it helps detect affected areas and nearby people with a positive diagnosis. Graham, listen, listen up.
No, I'm listening, I'm listening.
Corona app facilitates the real-time monitoring of data collected to the emergency operations center in the Instituto Nacional de Salud. Ooh la la! Real-time monitoring.
And as an added benefit of the app, the government will finance 1 gig per month and 100 minutes for users of prepaid lines that install it.
And as an added benefit of the app, the government will finance 1 gig per month and 100 minutes for users of prepaid lines that install it.
But real-time doesn't necessarily help you, does it? Because—
Well, I don't know. If you're walking down Waitrose or wherever you—
No, no, no. If you've got the damn thing, Carole, if you've got the symptoms, you're not meant to be down the supermarket, are you?
You're meant to be in bed or you're meant to be in hospital.
You're meant to be in bed or you're meant to be in hospital.
Well, I suspect they might use this app to tell you as well that your results have come in.
And the—
Open the envelope, ding, ding, ding.
All I'm thinking is that people are spreading the disease while they haven't actually got the symptoms, right, for a couple of weeks.
Absolutely.
But I think there's a bigger problem with this, right? You're talking about this being compulsory.
What about all the 70-year-olds and 80-year-olds, the ones we're meant to be trying to protect right now?
What about all the 70-year-olds and 80-year-olds, the ones we're meant to be trying to protect right now?
Yeah, they don't have cell phones, yeah.
Or they certainly don't have a nice smartphone. They'll have an iPhone 3GS if you're lucky. And God knows that's not gonna get the operating system update from Apple, is it?
It's not gonna be able to run the app.
It's not gonna be able to run the app.
Yep, good point.
So are they going to supply us all with a brand new phone? That'd be rather nice.
They're probably gonna have to supplement this with good old-fashioned, a person actually doing contact tracing. That's what they're doing in my state at least.
They've got the National Guard making phone calls to people, doing it manually, and it's not working very well 'cause nobody's answering the phone. They think it's spam.
But that's what's happening right now is that we're trying to get to where South Korea was. We're trying to model them a lot.
And so we have a lot of people actually doing a manual contact trace.
They've got the National Guard making phone calls to people, doing it manually, and it's not working very well 'cause nobody's answering the phone. They think it's spam.
But that's what's happening right now is that we're trying to get to where South Korea was. We're trying to model them a lot.
And so we have a lot of people actually doing a manual contact trace.
I don't know if they had people running around the streets saying, hey, let us out.
Okay, so Amnesty International and over 100 other organizations just issued a statement calling for limits on this kind of surveillance, right?
They're really worried about what some organizations or government organizations might include or allow in the app, the flexibility they might allow to add future surveilling components to it.
Okay, so Amnesty International and over 100 other organizations just issued a statement calling for limits on this kind of surveillance, right?
They're really worried about what some organizations or government organizations might include or allow in the app, the flexibility they might allow to add future surveilling components to it.
Or a nasty government, not like the British government, for instance, one of those other countries, right, Maria?
What? Yeah.
So they're saying there's 8 stipulations, but a few of the important ones is it has to be lawful, necessary, and proportionate, the surveillance.
And extensions of monitoring and surveillance would have to have a sunset clause, which means when the alarm goes down, this stuff goes away.
You can't just remain enforced indefinitely.
And extensions of monitoring and surveillance would have to have a sunset clause, which means when the alarm goes down, this stuff goes away.
You can't just remain enforced indefinitely.
Yeah, I mean, there's certainly an instinct from a lot of people to be privacy just should go immediately out the window, it doesn't matter, everybody.
And I'm happy to hear about that sunset clause. At least gives me some comfort.
And I'm happy to hear about that sunset clause. At least gives me some comfort.
But you know what, Maria, if you've got all those crazy people right now protesting, how are they going to feel about having to carry their phone and the app being installed.
That's going to really rile them up.
That's going to really rile them up.
Yeah, yeah, it is. I mean, a lot of those folks, I know there's the Venn diagram has a large overlap with anti-vaxxer, anti-5G stuff.
Uh, yeah, Auntie Margaret. Just my Auntie Margaret.
I think, you know what, I think they're extremely small part of the population.
I think they make a lot of noise because it's sensational and our media are too focused on trying to get clicks.
I think they make a lot of noise because it's sensational and our media are too focused on trying to get clicks.
I have a feeling it's gonna have to be, there's a certain percentage of the population will need to have some sort of interfacing with this.
And if, I don't know, the epidemiologists will know the answer, but say it's just 80%.
If we have 80% of the people doing or interfacing with the system in some way, that's enough to give us a sense of herd immunity.
That doesn't make sense, but I'm sure 100% is just not, doesn't seem possible.
And if, I don't know, the epidemiologists will know the answer, but say it's just 80%.
If we have 80% of the people doing or interfacing with the system in some way, that's enough to give us a sense of herd immunity.
That doesn't make sense, but I'm sure 100% is just not, doesn't seem possible.
They do talk about digital herd immunity.
Interesting. Yeah, there's no way we can get 100% of everybody for all sorts of reasons.
Look, I get it, right? The least physically invasive solution is using technology we already have, and particularly one we keep on our person virtually at all times.
Using mobiles to track and trace infections makes sense, but it's vital that governments and tech firms operate with morality, transparency, and respect for our current civil liberties.
If their security is not baked into these apps from the very start, we risk a massive shit show on our hands. 1984 is a great read, but none of us want our future to be like it.
See, cheery, right?
Using mobiles to track and trace infections makes sense, but it's vital that governments and tech firms operate with morality, transparency, and respect for our current civil liberties.
If their security is not baked into these apps from the very start, we risk a massive shit show on our hands. 1984 is a great read, but none of us want our future to be like it.
See, cheery, right?
Well, excellent. So, Carole, thank you very much. I think I'm just gonna hibernate until 2525 and put my head in the sand.
You know you are going to wake up in Zardoz's world if you sleep that long. Who is Zardoz? I really need to see this.
He is Zardoz.
Okay, just Google Zardoz for me right now. Z-A-R-D-O-Z. Just duck, duck, go it. Use your search engine of choice. Z-A-R-D-O-Z.
I'm just afraid.
Don't be afraid.
It's nothing you haven't seen before.
Ooh, sexy. You haven't met my husband, have you?
I don't know how to answer any of these questions. I'm pretty sure I have. But also, what?
I don't know. I kind of like it. Hey, Graham?
Yes?
So I've got a problem.
Yes?
I use a cloud service. I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?
Yeah, you've got to encrypt it. So what I would recommend is use a piece of software like Boxcryptor. It's what I run on my computer.
And any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
So the cloud service itself can't see the contents of the files, which I'm putting on the cloud drive. It's all encrypted.
And any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control.
So the cloud service itself can't see the contents of the files, which I'm putting on the cloud drive. It's all encrypted.
Cool. I'll check it out.
Well, now's a great time to do it because they're offering a fantastic 40% discount to listeners of the Smashing Security podcast.
If you want a Boxcryptor personal license for private use or a Boxcryptor business account perfect for the self-employed, go to smashingsecurity.com/boxcryptor.
If you want a Boxcryptor personal license for private use or a Boxcryptor business account perfect for the self-employed, go to smashingsecurity.com/boxcryptor.
So many of us now are realizing that moving to a fully work-from-home environment isn't always easy, but LastPass is here to make that transition easier, all without decreasing security.
LastPass ensures your employees have secure access to their work applications and provides remote employees the ability to securely share passwords across teams in order to stay on top of critical projects.
If you want to learn more, visit lastpass.com/smashing.
LastPass ensures your employees have secure access to their work applications and provides remote employees the ability to securely share passwords across teams in order to stay on top of critical projects.
If you want to learn more, visit lastpass.com/smashing.
On with the show.
And welcome back, and you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week, Zardoz—
I mean, Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be Zardoz-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be Zardoz-related necessarily.
It can't be unless it's Maria's choice.
It's not my Pick of the Week.
Well, my Pick of the Week this week is a website called Sketchplanations.
Okay.
And Sketchplanations is a cute little website run by a chap called Jono Hay.
And once per week, he grabs his iPad Pro and his Apple Pencil, and he draws a sketch explaining something. And I think it has a certain charm.
And he also writes a few paragraphs explaining the thing which he is explaining in the sketch and giving you some more details. We can read more about it.
And it can be about all manner of subjects, everything from business to Chindogu. Are you familiar with Chindogu? I don't know if it's Japanese or Chinese.
It is the art of unuseless inventions. And so he gives the example.
And once per week, he grabs his iPad Pro and his Apple Pencil, and he draws a sketch explaining something. And I think it has a certain charm.
And he also writes a few paragraphs explaining the thing which he is explaining in the sketch and giving you some more details. We can read more about it.
And it can be about all manner of subjects, everything from business to Chindogu. Are you familiar with Chindogu? I don't know if it's Japanese or Chinese.
It is the art of unuseless inventions. And so he gives the example.
Unuseless? So useful.
Yes. I'm pretty sure that's Japanese.
He gives the example of the back scratch shirt, which is a t-shirt which has coordinates on the back of it, rather like a game of battleships, which can help someone work out where you want to be scratched.
Okay, I like that idea a lot. Except the image you have here is totally outside. It doesn't even cover the areas that I like.
Oh, it's just an example—
Well, you need to make your own. Clearly you need to tattoo coordinates on your back.
Yes. Yes.
Just tattoo it.
But all manner of other things as well. And he has very cute little drawings.
And Carole, when I saw these cute little drawings, when I first visited Sketchplanations, I thought of you, not because you're cute and little. That would be ridiculous.
But because the drawings you do are a little bit in this style. I know you're quite artistic. So I quite like it. Check out Sketchplanations.
And Carole, when I saw these cute little drawings, when I first visited Sketchplanations, I thought of you, not because you're cute and little. That would be ridiculous.
But because the drawings you do are a little bit in this style. I know you're quite artistic. So I quite like it. Check out Sketchplanations.
You know, I'm gonna try not to be— Yeah, okay. Thanks very much, Graham. That's very sweet. These are stick men.
Okay?
Everybody?
Stick men. That's all I gotta say.
Oh, the Peter Principle. That's my favourite one.
Yes.
Is that why I never got promoted? I was just too smart. No, that's not why.
Why is that called the Peter Principle, by the way? Does anyone know?
Is it a Dilbert thing, I think?
Oh, I don't know.
Probably.
I wonder if Peter was another word for— A bit like the cock principle. I just wanted to—
What do you mean?
Anyway, Sketchplanations is my pick of the week.
Cute.
Maria, what have you got for us this week?
You're gonna be surprised. It's not about the movie we've been discussing. It's about coronavirus. Yay!
That's your pick of the week? You're recommending?
Yes, my pick of the week is coronavirus.
I think we need to add that into our pick of the week no-nos, Graham.
What? Coronavirus?
No Rona refs.
No Rona refs? I see. I was wondering if you were gonna come down hard on me on that one.
We won't this time because we didn't say anything, but from now on I had a feeling though you might be like, no more, but these are actually uplifting. I'm just saying.
We won't this time because we didn't say anything, but from now on I had a feeling though you might be like, no more, but these are actually uplifting. I'm just saying.
Let's hear it.
So, okay, so I mean, to me they're uplifting.
So I mean, I think it's pathetic that there's no PPE for a lot of people right now, and folks like me who know how to use a sewing machine are making masks for friends and family.
It's pathetic, but it makes me feel like I'm doing something slightly helpful while just sitting on my ass.
So I love how much the maker community has really rallied to figure out how to homebrew a lot of stuff that people need.
And when I say maker, I like the phrase maker is basically like men who figured out you can make things.
So I mean, I think it's pathetic that there's no PPE for a lot of people right now, and folks like me who know how to use a sewing machine are making masks for friends and family.
It's pathetic, but it makes me feel like I'm doing something slightly helpful while just sitting on my ass.
So I love how much the maker community has really rallied to figure out how to homebrew a lot of stuff that people need.
And when I say maker, I like the phrase maker is basically like men who figured out you can make things.
It's like women have been doing this forever, but whatever. So in this, again, another phrase I'm just going to get yelled at for.
In this case, I'm including in makers like more quote traditional domestic types, like people who sew, as well as people who use a 3D printer.
And Makezine, which is a really cool magazine of all sorts of recipes for making stuff, has some really awesome resources for make these projects to fight COVID-19 right now.
So whether you know how to use a sewing machine or even just want to cut up a t-shirt to make your own mask, or if you have access to a 3D cutter or 3D printer, there's a whole list of free resources and free recipes and stuff you can make.
In this case, I'm including in makers like more quote traditional domestic types, like people who sew, as well as people who use a 3D printer.
And Makezine, which is a really cool magazine of all sorts of recipes for making stuff, has some really awesome resources for make these projects to fight COVID-19 right now.
So whether you know how to use a sewing machine or even just want to cut up a t-shirt to make your own mask, or if you have access to a 3D cutter or 3D printer, there's a whole list of free resources and free recipes and stuff you can make.
It's very cool.
It's super cool. And if you're handy with your hands in any way, if you know how to make stuff, there's probably something on that list for you.
My absolute favorite one is 3D printing a bias tape maker, which is basically if you've got a 3D printer, you can help out people like me who know how to sew.
You can buy them at stores, but they're all sold out now.
My absolute favorite one is 3D printing a bias tape maker, which is basically if you've got a 3D printer, you can help out people like me who know how to sew.
You can buy them at stores, but they're all sold out now.
So it's just a tiny little doohickey that a 3D printer can really easily make, and it's very, very helpful for people who know how to sew and drastically speeds up their process.
It really does, actually, because it's super great.
Yeah. So especially now that also elastic is sold out everywhere, bias tape duct tape is the next best thing for affixing a mask to your head. It just makes a very strong tie.
And sort of a secondary pick of the week is this website called Fix the Mask.
It's a very interesting makeshift solution to making a surgical mask slightly more tight-fitting on the face and provide a better seal using just rubber bands.
And sort of a secondary pick of the week is this website called Fix the Mask.
It's a very interesting makeshift solution to making a surgical mask slightly more tight-fitting on the face and provide a better seal using just rubber bands.
I thought it was, I don't know if it's actually as good as the site purports it to be, but I thought it was a very fascinating potential fix.
I have also a very good mask design, which I'll add to the— your links, if I may.
Absolutely. I mean, my personal favorite, the one that I've been making, is called the Foo Mask, and it's on freesewing.org.
I've made a ton of these for friends and family, but it's hard to breathe through by design.
You're supposed to put a heavy fabric layer in it, so it's not going to be comfortable in warmer weather.
I've made a ton of these for friends and family, but it's hard to breathe through by design.
You're supposed to put a heavy fabric layer in it, so it's not going to be comfortable in warmer weather.
So, and I've just shared with you both a link to a tweet with a video of a chap.
I think he's Italian or something like that, demonstrating how you can make a face mask out of a t-shirt, just the way you fold it and wrap it around your head.
I think he's Italian or something like that, demonstrating how you can make a face mask out of a t-shirt, just the way you fold it and wrap it around your head.
Oh yeah, absolutely. There's so many interesting solutions.
It's quite clever, quite imaginative, the way some of these things work. Well, there you go. What an uplifting and wonderful Pick of the Week, Maria.
Oh, thank you.
And also Zardoz. We'll try to prevent you from mentioning it.
Next time I won't. Next time my pick will be Zardoz. Just Zardoz.
Us. Crow, what's your pick of the week?
So many of us are starting to watch our pennies if we hadn't already started, and some of us are getting rid of services that might feel slightly more indulgent now that we might be more worried about bills or feeding the fam.
If you're one of those people, or you know someone who is, you might be happy to hear that Netflix has made 30 of its educational productions available for free on YouTube.
If you're one of those people, or you know someone who is, you might be happy to hear that Netflix has made 30 of its educational productions available for free on YouTube.
First one's always free.
Yeah, so you've got 30. Now what's cool about these is they're all family friendly. They're a lot of Attenborough videos. The Planet videos are part of that list.
There's this documentary that Netflix did on babies which I haven't seen, but I've heard everyone talk about it, but I haven't seen it myself yet. So it's a good mix.
There's probably about 1,000 hours of viewing pleasure there where you'll actually learn some stuff. Am I making that up? Oh, that's probably impossible.
There's this documentary that Netflix did on babies which I haven't seen, but I've heard everyone talk about it, but I haven't seen it myself yet. So it's a good mix.
There's probably about 1,000 hours of viewing pleasure there where you'll actually learn some stuff. Am I making that up? Oh, that's probably impossible.
I don't know about that, but no, 30 shows, that's literally impossible.
It's probably gonna be more like 100. I knew there was a 1-0-0. It's probably 100 hours.
The Art of Design series on there, which I love. Yes, that I was excited.
Yeah, yeah, yeah. So that's cool. Now if you do have Netflix and you're like, oh, boring, I have another thing.
Okay.
Yes, right. So the Faroe Islands I've never been. Here it's beautiful. However, no tourists are allowed on the island right now.
So what they've created is a remote tourism tool, and basically it works via mobile, tablet, or PC.
You can explore the Faroes' rugged mountains, see waterfalls, and spot traditional grass-roofed houses by interacting live with a local Faroese who will act as your eyes and body on a virtual exploratory tour.
So what they've created is a remote tourism tool, and basically it works via mobile, tablet, or PC.
You can explore the Faroes' rugged mountains, see waterfalls, and spot traditional grass-roofed houses by interacting live with a local Faroese who will act as your eyes and body on a virtual exploratory tour.
And what, you go around the Faroes, do you?
Yeah, exactly.
So basically, the local is equipped with a live video camera, allowing you not only to see views from the on-the-spot perspective, but also allows you to control where you go, what you look at, and even walk, run, and jump.
So if you click on the link, so it's remote-tourism.com.
So basically, the local is equipped with a live video camera, allowing you not only to see views from the on-the-spot perspective, but also allows you to control where you go, what you look at, and even walk, run, and jump.
So if you click on the link, so it's remote-tourism.com.
Okay, yes, I'm there right now.
Now you'll see it says the next tour starts at a particular time.
Yes.
And each trip lasts for an hour, and people can take turns to be controller for 1 minute each.
Oh.
Well, hang on a minute. So, oh, so this is actually— you're directing someone live? Go a bit closer to the cliff.
Yeah, I was just thinking is this gonna get really dark really fast or what?
I have a feeling she'll be like, no. Anyway, it's very cool, and it's quite fun.
So brilliant. That is honestly really brilliant. I love that. Yay, that's so brilliant.
Cool. Okay, well, all the links that you need, and there's a video in it, all that's going to be in the show notes, which is on our Smashing Security website.
Marvelous. Well, I think on that wonderful note, it just about wraps it up for this week.
Being dramatic.
Wow.
Well, I was— yeah, anyway. So, Maria, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
I mean, I guess Twitter. I'm not really online much.
She doesn't really want people following her right now. Well, I mean—
Okay?
Keep your distance.
I'm out of work and caring for a kid full-time at the moment, so I'm not tweeting much of anything interesting while I'm chasing a 3-year-old.
I'm on Twitter @mvarmazis, but don't expect much right now.
I'm on Twitter @mvarmazis, but don't expect much right now.
And you can follow us on Twitter @smashingsecurity, no G, Twitter doesn't allow us to have a G. And you can also join the Smashing Security subreddit. Go and look for us up there.
And as always, many, many murky buckets. It's French, Graham, for listening to us. You keep Smashing Security alive by listening to us each week, literally.
Also, a huge thank you to this week's Smashing Security Sponsors: Boxcryptor and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Also, a huge thank you to this week's Smashing Security Sponsors: Boxcryptor and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio. Bye-bye.
Bye. Stay safe.
The gun is good, the penis is evil.
Is that a Zardoz—
Is that a quote?
Do you know why you love him? Because he's got, he's got a rather big package, doesn't he? He does.
The movie is batshit insane.
That's why I just want you to look at the images, the Zardoz images.
I've seen Zardoz so many times, girl, in various states of mind.
I'm just saying, he's very endowed.
That's just so not part of the appeal of the movie for me.
Well, he is trying to show it off quite a lot with his 1970s weird—
Yeah.
I'm going to get one for my husband.
I've just seen a picture of a woman.
The woman dressed up for Halloween?
Just, have you seen it? Have you seen that one?
Yep. What an outfit! I had a friend who introduced me to that movie, I want to say 15 years ago, at a 24-hour bad movie marathon at our local cinema.
And it became a yearly thing where we would take somebody new every year and we would just watch the person, not the movie, but the person, just watch their reaction as the horror comes over their face and they're like, what am I in for?
It's great. It's just great.
And it became a yearly thing where we would take somebody new every year and we would just watch the person, not the movie, but the person, just watch their reaction as the horror comes over their face and they're like, what am I in for?
It's great. It's just great.
