Facebook’s Ray-Ban Stories glasses have got a problem

So I've got two solutions to this. Why don't these glasses have some sort of scrolling dot matrix display at the top which says, I am filming you. I'm filming you, I'm filming you, I'm filming you. You could just

Tattoo it on their forehead.

But more than that, what about visually impaired people and blind people? So shouldn't there also be an audio warning saying, I'm a twat, I'm a twat, I've just come into the room, I'm a twat. I'm wearing Facebook glasses, I'm a twat.

Smashing Security, Episode 244, Facebook Ray-Bans, VPN Spies, and AI Camouflage with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security, episode 244. My name's Graham Cluley. And I'm Carole Theriault. And this week, Carole, we're joined by returning guest. It's Mark Stockley. Hello, Mark. Hello. The wonderful Mark.

How are you? How are the chickens?

Chickens are... Yeah, never mind your family.

Thanks to this week's sponsor, 1Password. Its support helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?

Well, I'll be asking the important question, can you trust your VPN's VPs? And what about you, Mark?

I am going to be talking about Facebook's worst idea ever.

And I'll be talking about duping facial recognition. Can it be done? All this and much more coming up on this episode of Smashing Security.

Now chums, chums, I bring to you news of a legal nature. It comes from the United States where the Department of Justice has just revealed that three former U.S. intelligence personnel have admitted helping the United Arab Emirates get their hands on a series of zero-day exploits for the purposes of spying against people, including American targets.

Is this kind of like the CIA, what I know about someone internally, can't go to the FBI because they hate each other, so they get a third party to intercept and do it for them? Is that what this is?

I love your mind. I love your mind, Carole.

It's complicated, as they say. You've just made it significant. I mean, as if world politics were complicated enough, you've taken it to a whole new level, where the CIA is outsourcing, spying against its own nation. They've taken that to an enemy country.

I can only think of two reasons why someone would do this. One, disgruntled. Two, wonga.

Or maybe disgruntled with their wonga. Or disgruntled by their wonga. Yeah. Yes. He said one thing and meant another. And now he's gone to work for this foreign company, DarkMatter.

Boilerplate. We do the good stuff.

They don't say they help governments spy on their enemies. They put no effort at all into their website. It's a cut and paste kind of thing. It's dark. Now, these three men, they are accused of integrating an exploit into a UAE hacking tool, a hacking tool called Karma. Karma with a K. Well, that's ironic. Now, in early 2019, Reuters reported that Karma could basically give hackers access to your iPhones. All you have to do is a tool where you can upload loads of phone numbers or email addresses. And as if by magic, it would hoover up photos from the phones, emails, text messages. Users didn't have to click on anything. Last week, we had Thom Langford talking about zero-click exploits. It's a bit like that. Get location information from people's iPhones. Only works against iPhones, can't intercept phone calls, but clearly could cause a lot of mischief.

But you wouldn't even know it was on your phone. They're just kind of collecting all this stuff from you, hoovering it all up, and know everything about you.

Yeah. And the thing about iPhones is if you can successfully get on them, there's nothing on there that can detect you. Yeah. Because it's this complete walled garden, and you can't have antivirus or anything like that. So there's, you know, you hope that the great big wall that protects you holds up. But if it doesn't, then you have no idea, basically.

And targets include the Emir of Qatar, journalists, a senior Turkish official, a Nobel Peace Prize winning human rights activist in Yemen. And his claims that these attacks done with the Karma tool, they accessed compromising and sexually explicit photographs of some of their attacks.

How many people? How many people have sexually explicit photographs of themselves on their phone? All of them. Really?

Yes. Let's do a survey right now. Mark? No, obviously not. I do not. No, obviously everyone apart from Mark. But only because I don't know how to work the camera.

No, but I just don't get it. Just in case you forget what your boobs look like.

You're of a generation, Carole. You might want to take a photograph right now, Carole, so you can remember them in the future. Ouch. Because they're never going to get any better than they are now. Oh, see? not doing it for a quick thrill, right? That's not why they're getting the photos.

Yeah, but you didn't mention those things. No, I'm just — you were like, ha-ha, nudes.

Now, now, these three gentlemen, right? These three gentlemen who've been charged by the Department of Justice, I was interested. So they used to work for this company, Dark Matter. What are they doing now? I know how to use LinkedIn. Yeah, I know how to use LinkedIn. Exactly. So I went on LinkedIn, and it turns out that these former U.S. intelligence personnel knew better than to maintain a LinkedIn profile. So I wasn't able to find out much about Mark Bayer. So I didn't find out much about him but the next guy, Ryan Adams have you heard of Ryan Adams at all? Didn't he go on to have a successful singing career? Exactly, everything I do, I do it for you. No, that's Bryan Adams. There's also a Ryan Adams. Ryan Adams and Bryan Adams? Yeah. How's that allowed? What do you mean? Well, Ryan obviously looked at Bryan and went well, it worked for him. Was it Twitter wouldn't allow him a B or something? So there's someone called Ryan as well as Bryan. It shouldn't. It should be like actors. They should have to have different names, I think. Anyway, so I couldn't find out much about Ryan Adams. But the third guy, ah-ha-ha, Daniel Garicchi. Okay. He's an interesting chap because he is currently working for a computer security company, specifically a company which is a well-known VPN company called ExpressVPN. But he's currently working for them. Yes, Daniel Garicchi has been hired since December 2019 as their CIO.

So the DOJ came out and said, hey, these three dudes have admitted to helping the UAE. Nothing we can do about it, so they're just going to crack on. Well, no. Thanks for listening. No, no. The press release.

Oh, okay. So how do we know they're not already assisting the authorities? Well, maybe they are. Maybe there's kind of wink, wink, if you assist us.

Well, so ExpressVPN CIO is this chap, Daniel Garicchi. What's the I stand for? Daniel Garicchi.

Yeah, not the I in the Daniel, no. Oh, CIO. CIO. Oh, I see. Chief Insecurity Officer, maybe.

And to be fair, most of them say that's what they do, right? That they dump and flush the data, they keep nothing, they're your best friend, privacy buddies. Yeah. Now, ExpressVPN are an interesting company. Oh, my God. They didn't even make it to a billion. I know, pathetic, isn't it? They could have tried harder. Exactly. The sort of thing that you wouldn't find particularly trustworthy.

You'd think that's a bit grubby.

Keep your friends close, your enemies closer, right?

Yeah. So they then pivoted from being an adware provider to becoming some kind of security firm and a provider of VPN services. They renamed themselves Cape. They bought up CyberGhost, Zenmate, Private Internet Access, three big VPN companies. And they also bought two leading VPN review websites.

This is fine. This is fine. So you will find, if you go to two particular, very popular VPN review websites, they will typically recommend VPNs which are run by this company or under their umbrella. Well, he obviously knows what he's doing.

Which is pretty much ExpressVPN's point of view. They have posted it up on their blog. They say, oh yeah, we knew about his background. We knew that he provided counterterrorism intelligence, both to the United States and, while employed to Dark Matter, to the UAE. But it says, we didn't know the details of what he got up to or any of his classified activities. Well, blow me down with a feather. They sure do know now. So what is ExpressVPN actually doing about this?

Putting out a press release saying we're very proud to have him on board. Yes, and publishing a blog post. What they're not doing is they're not saying they're firing him. I suspect he locked himself into a very beautiful contract saying, if you decide to get rid of me, you need to give me mucho, mucho wanga.

Because I think that they probably sat down for the meeting and he said before you fire me I just want to show you this very interesting thing I found on the internet.

I found some images, yeah, which appear to be taken on some of your phones. Is that you? Are those your knackers?

Is that what that is? Is that a bottle washer? I can't really tell. It's so close. It's like an episode of Naked Attractions.

So ExpressVPN, they say they are simply harnessing the firepower of our adversaries.

And that's how we protect our customers better. Who's the PR whiz kid that came up with this? Yeah. By applying his background and expertise, Daniel has been central in helping ExpressVPN protect our customers.

You know I wonder who created those controls. Mark, what have you got for us this week? I have got the worst thing Facebook has ever done.

That is big boots to fill, Mark Stockley.

I mean they've gone pretty low before.

This is, I mean this is a personal opinion so we'll see where you guys end up but my story is about Facebook's new product which is called Ray-Ban Stories.

Oh, okay, I know nothing about this at all. Nothing, nada.

It is, so I'm with you, it is the worst thing, okay.

So this, I'm gonna love it, this takes a bit of scene setting. I know that will come as a shock to you.

I love a scene set, let's take some.

So bear with me as we set the scene. So when you were a child did you ever own a pair of spy glasses? They're spectacles with mirrors on the inside and if I remember correctly I think half the lens is taken up with the mirror so that you can look behind you, you can spy on somebody without you knowing. I did, I had those, they're quite cool. Yes, you could watch people behind you. Yes, so they were always sold in the backs of comics. Anyway, the point of my scene setting is that by the time you reach adulthood, at least in the English-speaking Western world, I reckon you're probably fully indoctrinated into the idea that spectacles are the perfect place to mount discrete surveillance equipment.

Of course. I've tried them before.

Really? Did you? You tried Google Glass?

Yes. They're ridiculous.

Only glass holes wear them.

Because you take little pictures, whether you just press a little button on the side and it takes snapshots.

They were really dorky looking, weren't they? They made you look like a ball.

He was wearing toe sandals, right? So, you know, he looked perfect. Were they equipped with cameras as well?

Probably.

Yeah, but that doesn't matter because there you just get fantastic pictures of other people's feet, wouldn't you? Okay, crack on, crack on. So, I mean, as you spelled out, Google Glass was basically glasses made by Google that had a camera on them. And they were kind of an Android phone in the form of a pair of glasses. I never heard that. I actually thought, Graham, you were a little clever there. The thing that really stuck out about Google Glass for me was they were actually films, I can't remember if they were filmed by the people wearing the Google Glass, I think they were, of people beating them up for wearing Google Glass, because you couldn't tell if you were being filmed. So if somebody walked into a crowded bar wearing Google Glass, there was a non-zero chance that actually they were going to get set upon. I don't understand this term form factor. Am I supposed to?

Just the form of spectacle. So the…

Oh, just the shape, right? Oh, the shape of the glass. The shape. I see. Okay. Got you.

Carole, imagine you're in a pub and two people walk in. One of them is wearing Google Glass and the other one is Michael Bublé. Which one are you going to punch first that's what you have to ask yourself

Well I wouldn't punch the person with the glasses because it's probably going to be uploaded directly to the cloud

Oh okay so for that reason you're going to punch Michael Bublé beloved of middle-aged women around the world

He's not don't insult women

Well I know a middle-aged woman who is quite keen on him okay friend of the show Yogi

Is she middle-aged? I don't know she's not middle-aged that's why I'm dying over here Mark please save him

So what I was trying to say was the fact of the existence of spy glasses is itself a problem but attaching that to the name Google I think is probably really a problem because nobody trusts Google right now can you think of another company out there that people might trust even less than Google.

Ding, ding, ding, ding, ding.

Facebook. Carole, can you think of anyone?

No, I think I have to agree. I mean, I can think of lots actually, but yeah, probably Facebook.

Well, I think it's really interesting that you have both identified Facebook because clearly Facebook itself couldn't because it has decided to pretend that Google Glass never happened. And it has invented something that has all the things that people hated about Google Glass, only it's made by a company that people hate the same, if not more. So what could possibly go wrong? So these glasses, by the way, they look like normal glasses and they've got a couple of five megapixel cameras in them.

They look like Ray-Bans, don't they? They look like Ray-Bans because they are Ray-Bans. Because it's possible that somebody at Facebook did actually put Google and Glass together and figure out that attaching Facebook to spy glasses might not go down brilliantly. So what they've done is they've done a partnership with Luxottica, who are the people that make Ray-Bans, and they've left their name off it. So they're called Ray-Ban Stories. No. I'm looking right now. So there's this little button on the side. Is that where you take pictures and do all your crap?

the button turns it on and off.

Right. Do you have to touch it?

It can be voice-activated. You can say, Facebook, start filming, and it'll start doing it.

fun for everyone else, wouldn't it? Film that, Facebook. Anyway, I think this collaboration with Ray-Ban is really interesting because, you know, obviously Facebook is trying to launder its name by attaching it to Ray-Ban, but I'm not sure that Ray-Ban has completely thought this through. That's some heavy lifting. Like, is Ray-Ban going to elevate Facebook, or is Facebook going to sink Ray-Ban? I'm going to go look at Ray-Ban stock pricing, stock prices, just to see if they hit some trouble. a few interesting things, I think, with these glasses. I mean, I'm not naturally a violent person and I wouldn't normally hit someone or break their nose. there is something... This is a bit, I'm not a

racist, but... But there is something about someone wearing Google Glass, for instance, which makes you want to do it. And it's not just that they're spying on you or might be spying on you. But there's something a bit dorky about it and just like you look a bit of a twat. I really don't like that you're spying on me. These ones from Facebook slash Ray-Ban aren't as offensive looking.

No, they look like Ray-Ban. But what they're doing is

really upsetting. But what they look like is the spy glasses on the spying equipment website. The only other one, the really high profile one out there is the Snapchat. I can't remember what they're called. Oh, yes, I remember. But, I mean, they look ridiculous. You're absolutely meant to see that someone is filming you. It's got this sort of big circle of LEDs going and the lenses are really big. But the Ray-Bans look just like the spy glasses, although they do have a little tiny LED on them. Although there's already various privacy bodies are going, well, how big is that LED? Is that really enough? Well, and why doesn't the LED flash, right? It's a solid

light. Exactly. Like a rangefinder. On the other side, right over the other eye, there should be a flashlight so that you can just get really perfect lighting, right? A bit like Orbital in concert.

So what's going to upset people is that people might be filming them without their permission, right? And indeed, they may not realise that they're being filmed because there is this little LED, but who's going to notice that anyway? Otherwise, the glasses look fairly normal. It's not flashing. But

also, I shouldn't have to watch a Facebook product video to learn that there's an LED. To understand that if somebody walks in to a room and has camera lenses in their glasses, that I should expect to see an LED. That if I don't see an LED, I'm not being filmed. And if I turn my back, I'm not going to see the LED anyway. So why don't they? So I've got two solutions to this. Why don't these glasses have some sort of scrolling dot matrix display at the top, which says, I am filming you. I'm filming you, I'm filming you, I'm filming you.

tattoo it on their forehead.

But more than that, what about visually impaired people and blind people? Don't they have a right not to be filmed and photographed by someone wearing these glasses? So shouldn't there also be an audio warning saying, I'm a twat, I'm a twat, I've just come into the room, I'm a twat, I'm wearing Facebook glasses, I'm a twat?

Before we wrap up have you seen the launch video?

No, is this like the promo launch video? So this is an actual product? This isn't a joke? This isn't like this product is on

sale right now but the launch video I mean I love it and I hate it at the same time. It's one of those so bad it's good videos. Okay, so I want you to imagine that you're Facebook and you've decided your name's a bit toxic or you know you need to up your cool because Facebook is decidedly not cool and you've landed a partnership with Ray-Ban and you've made sure the Ray-Ban name is on it and you're going to do a cool launch video to get your product going. I want you to choose somebody really cool to be on your video. Who are you going to put on the video? I knew you were going here. I have no idea. Mark Zuckerberg, obviously. Obviously. Oh no!

The most relaxed natural person on earth. Mark Zuckerberg.

What have you got for us this week? So we have a perfect storm brewing and tell me if you agree with this concept, right? So COVID has made us much more wary about touching stuff we don't need to touch. Do you guys keep sanitization gel in the car, for example? In the car? In the car, that's a step too far. Just smear it all over your vehicle when you go to the market or whatever, the supermarket or whatever. You don't paw all the oranges as you might have pre-COVID in order to find the juiciest ones. You might kind of go, I'm going to use my eyes to just and just pick the ones that I want so that I don't, you know. Am I being crazy?

I'm just imagining you smooshing an orange into your eye for some reason that I realized you meant looking at them.

You just don't touch as much. I don't think, Graham, you and I have hugged in, I don't know, years probably.

Yeah, yeah, it's been great.

Okay. And also, I haven't had a cold in two years. I mean, that must be a total record. And it, I mean, it sucks not hugging kids that you like and all this, but you know, the silver lining is good health, right? So I've just had a horrible cold. Yeah, but you have kids.

Exactly. I hadn't realized how much I had enjoyed not having colds. And then, but it kind of, you know, it's like the germs have been saving it up. So when you finally get one, it's not a normal cold.

A lot of people have talked about this, saying that they're getting a lot less colds. And so they want to avoid that. So I don't know, think about it now. So now post-pandemic times, certainly, well, currently in the UK, you know, with quotation marks.

We have big quotation marks.

Yeah, I agree. I agree. People need to get from A to B, you know, for work or to pick up their kids or all the things. And you know, maybe some people are going to gyms and, you know, people are now looking to facial recognition to help them process people like hotel chains or gyms. And how do you feel about these people, say, you know, maybe even public spaces like local government. How do you feel about these people having your facial recognition information or data or data points and then storing that? Does that make you feel so similar to Mark's story? How do you feel about that? Is that good or do you not care?

Well, I have full confidence in the powers that be storing such information securely and only using it appropriately. I'm sure it would never come to any harm and would never fall into the wrong hands.

I agree with Graham. I think after three decades of nobody having their data breached and everybody understanding perfectly how to secure systems and keep data safe, we can all rest easy that no bad will come of this.

I cannot wait to use those quotes out of context. Who needs Liarbird?

So I think the thing that really disturbs me about these sorts of systems is not even so much who's going to store it or whether or not they're going to store it safely. It's that the more complex you make things, the more unintended consequences you have. Yes. I think that's what's happening with facial recognition now is there was an initial sort of burst of enthusiasm for it. And loads and loads of police forces around the world will kind of embrace this technology. And then there's a lag and then you start to see the unintended consequences. And the fact that so many of these things rely on machine learning, which is prone to whatever bias you have in the material it's trained on. Because it's a machine that learns. You give it examples of the things you want it to spot and it spots them, whether it's faces or whatever.

I don't think anyone would say, though, it's not in its nascent age, so to speak. So I would agree. I believe that it's completely probably biased to an nth extent because the samples have not been representational of the world in any way. But as they use it more, I can imagine the argument being used like, well, look, if you can use it in all these places everywhere across the world internationally, our data will become very accurate. Which raises a second problem, which is public, or rather the users of facial recognition. See, isn't that weird to say that, if it's in a public domain, that you're a user of facial recognition? But you have not consented to being scanned, right? So, similar to Mark's story, you've not said okay. Well, you might have done. But I don't think my face should be my license plate.

There might be a little sign on the outside of the building saying, and by entering here, you agree that we will be using facial recognition and we'll be doing X, Y, and Z.

Okay, but what if your local government decides to do it across the city? Yeah. In a shopping mall, I suppose, you know. And how big should that sign be? Can it be in 10-point font, near the door where they say CCTV in action, you know?

As long as it's about the same size as the one which tells people who are wearing Google Glass or Facebook Ray-Bans. So fuck off! Then I'm happy.

So, anywho, not everyone's happy about facial recognition, as we've learned. So, there's a few researchers out there trying to push the boundaries and see if it's possible to dupe facial recognition. Now, we talked a little bit about this in episode 168, where we talked about CV Dazzle. This was an artist who explored how fashion could be used as a camouflage from face detection technology. Now, one of the arguments at the time was, okay, cool, but people will see you coming a mile off with, you know, that sort of razor haired, you know, basically structures in front of your face to mask your actual face.

CV Dazzle, they sort of had crazy haircuts and things, didn't they? And bizarre makeup. Exactly. Now, there's been a recent new study that I wanted to share with you to see if you thought this was more legit or not, okay? So Motherboard covered this. This is where researchers found a rather easy way to bypass facial recognition technology. When you say they used makeup, do you mean like Justin Trudeau uses makeup or some other sort of thing?

Hey, hey, hey, hey. Hey, come on. What happened with the elections yesterday? I haven't even looked yet.

He got in. Did he? Yeah. Still has a minority. Snigger. I don't mean that. I mean, in Parliament. Okay. Sorry, but being a man, I'm sure Mark can agree with this. We're not big fans of Justin Trudeau.

Okay. Why? He's too hot?

Yeah. Yeah. He's too bloody hot. Basically, yes. Yeah. He's too hot. He's tall, handsome. He's young. He's powerful. Okay. This is what Motherboard wrote about this research, okay? In their experiment, the researchers defined 20 participants as blacklisted individuals, right, on the facial recognition software, so that their identification would be flagged by the system when recognized. Make sense?

So when you said makeup, I assumed you meant makeup.

How does the... Oh, no, she meant makeup, Mark. She didn't mean makeup.

Okay, I've sent you guys a link, okay? And here, let me give you the timestamps just so you can quickly see the looks that can be created by... Oh, my God. So, what it says on this video is how to become a TikTok e-girl with just a few taps, right? And you can go through a few of the looks there. This is how you glow up your YouCam makeup. These are all the words that they use.

Oh, I see. So it adds makeup virtually to your little video thing. So if I was doing a TikTok dance.

I'm not sure I'd call any of these things makeup, though. I don't know if you saw the one where she's actually wearing clouds across her nose. So we have the look, the sweetheart look, which has hearts across her nose, as though they're like, you know, I don't know, like Pippi Longstocking freckles. And then you've got clouds, desert, sandy glow look. I'd love, you should show your daughter, Mark, and see if she thinks this is amazing or horrific. I think she's already very well-versed in this, I'm sure. I'm amused by the idea of trying to dodge facial recognition by wearing clouds in front of your face. Yes, well, here's part two. So I'm thinking, hmm, this is going to be fairly obvious to people if Graham Cluley walked down the street with a bunch of clouds over his nose and eyes.

I wouldn't walk down the street like that. I'd sashay.

Sashay, but then I got it wrong because, quote, a makeup artist then emulated the digital makeup from YouCam makeup onto the participants, but using natural pigmented looking makeup in order to test the target model's ability to identify them in a realistic situation. So the one with the clouds, for example, across the face, they would put them all in flesh tones across your face. Yes. They say they did it in different lighting and they had two or three different cameras set up along a hallway. There is a YouTube video. Let me send it to you guys so you can take a look and I will put it in the show notes for our listeners.

Maybe CCTV cameras use that special wavelength of light that reveals weapons and pants. Yeah. So here it says this. It says, participants wearing the makeup walk through a hallway to see whether they could be detected by a facial recognition system. I'm a little bit confused about why they had to do clouds. Is this actually just a really elaborate advert for some makeup app? They could have just done wacky lines. No, I think that's exactly it. They can do any different type of pattern. All it needs to do is obfuscate the face in a way that changes the heat map of the face, at least as far as I understand it. So when you say random, do you mean just normal patterns of makeup?

Yeah, I guess, yeah. And using the researcher's method of applying makeup to the highly identifiable parts of the attacker's face, they were only recognized in 1.2% of the frames. Wow.

So makeup can bugger up facial recognition systems is what they found.

And that is probably due to the biases instilled in the current algorithmic back catalog. Because if they were mostly white men, middle-aged white men or young white men, then most of them wouldn't be wearing makeup.

Can I ask a question? So my question is this. You know how they have controls and provisions to prevent people from buying lots of fertilizer in case they create a fertilizer bomb or munitions or big knives and things like that because you're going to cause some sort of terrorist outrage. Should they similarly be policing makeup counters inside department stores in case some dodgy folks come on? You buy too much slap? And begin to, because if people who normally wouldn't buy those kind of products suddenly begin to buy them, you might begin to say, well, what do you want this for?

What I find interesting is that Dolly Parton is circumnavigating the future. Like, she wears a lot of slap, and she's going to get through everywhere.

Can I say, I just love her. She's completely unrecognizable. I love the fact that you've used the word Dolly Parton and circumnavigating at the same time. It had a certain image for me in my head.

What? It's not circumcision. No. Goodness me. I think

Graham was thinking more about orbiting globes. Thanks to this week's sponsor, 1Password. Did you know around 80% of business data breaches result from weak or reused passwords. Well, using 1Password can close the gaps in your company's security, combat shadow IT, and help your employees stay both productive and secure wherever they are. So I hope now you are going to play the piano for us. So I'm ready for this, Graham. This is an absolute treat. Without further ado. Ladies and gentlemen, what was it called? Prelude number one C

major so basically the key that the piano is tuned to at all times.

Yes, yes. Now I can't play all of it as you can hear right now. I can't play all of it but I can play about the first 30 seconds. That's because I haven't really been doing my homework. I'm supposed to spend, how long have you had the book? About two years, yeah.

So he said six weeks, he said. You've had it for two years and you've learned 30 seconds of it. That's meanwhile I learned to become a painter.

Anyway it's a great book and I've also recently, well for some of those two years can I say I didn't have access to a piano which rather stunted my ability.

I would have given you my, I would have lent you my keyboard, yeah.

Well thank you for mentioning that now. We didn't ask. Well your keyboard doesn't have enough keys on it.

Oh that's right you bitch because it only has two and a

half octaves, yeah. So I have recently purchased an electronic keyboard with weighted keys which is rather good and rather affordable. And if anyone else is in the same position as me and wants a little bit more tinkle tonkling in their life then I can recommend the Yamaha P45. Better pianos are out there, but it's rather splendid. And that's why I've been using, links in the show notes. We can both find out about the book, watch James Rhodes speak about music, or indeed find the keyboard. And that is my pick of the week. And we talk.

You'll never have to listen to Graham play again. No, Graham, you're great. I think it's great. You should do more of it. You should do half an hour a day. Come on. I should. Yes. Discipline. Art is good. Yeah, I know.

Mark, what's your pick of the week? My pick of the week? It's a book called Origins. It's by Lewis Dartnell. Now, way back on a previous episode where you invited me on, I mentioned The Knowledge, which was Lewis Dartnell's first book. And that was the book where he basically said, this is how you reboot civilization. This is the technology that you would need to acquire after an apocalypse in this order. And it was really a kind of grand tour of humanity's technological evolution, and he wrote that book and he took a step back and he went, no, I don't think I've covered enough ground. It wasn't really big enough. So he's decided to write another book which covers a bit more ground and it's literally the origin of everything. It's a fascinating book and it's all about how things like tectonic movement of the Earth's plates around the Earth and the variations in the Earth's orbit and wobble and things like that affected the evolution of life on earth and the development of humanity. So why did humans develop big brains when they developed big brains and that sort of thing? And probably my favourite thing from the book so far is just the fact that all of human civilisation, the entire thing, the whole decision to settle down, domesticating animals, growing crops, industry, all of that kind of stuff is happening in a pause between ice ages, that we're actually living in an era of enormous ice ages that last for hundreds of thousands of years with brief pauses in between them. And we're about 12,000 years into a 15,000 year pause between ice ages. So it's that kind of stuff. Big stuff. Do they talk about chickens? We haven't got to the chickens chapter yet. I'm about halfway through this, but I'm looking forward to that tremendously. So as we know, chickens are dinosaurs. And if you doubt me, then just come and visit my chickens. This is great. My husband will love this. I've put it in my basket and buying it for him. And as he never listens to the show, it will be a surprise.

Run out of water carry on

Okay I'm almost done sorry I go see this is how Graham hurries me through my bits. This is how he makes me less relevant on the show. He gets tired by the end. He's getting old, Carole.

I know, I know. And it's always, yeah. It's a long, you know, hour, hour and a half. It's, you know, at his age, that's a lot. But you know, you see how she handles, helps victims, but also spots time wasters and some criminals. It's all fiction, but it's gripping. I mainlined it like a podcast addict. So you spotted it last week and you've mainlined three series well

They're 15 minutes right and there's maybe six episodes per series so yeah and I made dinner for about I made homemade falafel hummus Yeah it makes sense I watched a whole load of Married at First Sight UK in the last week or so, which is similarly highbrow. What did you make while you were doing that? I love it. Lifelines, Pick of the Week, BBC Sounds, or Drama of the Week podcast, wherever you get your podcasts, check it out. It's great.

Well, we've had some terrific picks of the week this week. Mark, your book sounds fascinating. Carole, your drama thing sounds all right. And the piano, however, wins, I think.

Sounded better than your piano. Six weeks to learn it and you've learned 30 seconds in two years.

I'm sure lots of our listeners would love to follow you online, Mark, and see what you have to say for yourself. What's the best way for folks to do that? You can follow me on Twitter. I'm at Mark Stockley. Simples. And you can follow us on Twitter at Smash Security. No G. Twitter at the last of a G. And we've also got a Smash Security subreddit. And don't forget to ensure you never miss another episode. Follow Smash Security in your favourite podcast app, such as Apple Podcasts, Spotify, and Overcast.

Thanks to this week's episode sponsor, 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 243 episodes, check out smashingsecurity.com. Until next time, cheerio. Bye-bye. Bye-bye. Bye. Okay, I'm going to find this picture of this girl and delete it from my phone because, no, but Mark, thank you because you're right. It's absolutely appalling. It's fucking appalling. So why did you take the photo again? She had cool hair, and I was taking the picture for a friend who was looking to get her haircut and didn't know how to do it. And I said, oh, my God, that would look perfect on her. Let me grab a picture. Oh, I'm too embarrassed to go up to her and ask if I can take a picture of her face. So I'll do it surreptitiously. And then I sent the picture. You sent the picture? Yes, I did. This is, I have to admit this was 15 years ago or 10 years ago, 10 years ago when you know it'll be everywhere. By now so that's like 10 years in privacy years.