If aliens did contact us would it be safe to open the email? Why would MoviePass track film lovers after they leave the cinema? Would you know how to get around Malaysia when your car rental website lets you down? And will Graham *please* stop talking about text adventure games?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, who are joined this week by journalist (and possible spy) James Thomson.
Show notes:
Please check out the show notes for this episode of the podcast on the Smashing Security webpage.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
That a message being sent to Earth from outer space could cause harm.
Okay.
It could be a really simple one, right? It could be something saying, "Oh, by the way, your sun's going to blow up next Thursday just after tea time," right?
Now that may not be deliberately intended to destroy the world, but imagine the panic, right?
Now that may not be deliberately intended to destroy the world, but imagine the panic, right?
I don't think there'd be any panic. I think people would be like, "There's nothing we can do about that," right? Maybe NASA would be in a panic.
Maybe, you know, the Russian equivalent of NASA might be in a panic. But I think— I think I'd go punting.
Maybe, you know, the Russian equivalent of NASA might be in a panic. But I think— I think I'd go punting.
I've never heard it called that before. Smashing Security, Episode 68: Malware from Outer Space, with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 68.
Hello, hello, and welcome to Smashing Security, Episode 68.
My name is Graham Cluley, and I'm Carole Theriault.
And we're joined today by a very special guest, aren't we, Carole?
We are. This is my friend and at times colleague, James Thomson. James, so you're not really in the technology sphere, are you? Tell us a bit about where you're from.
Carole, I am now, it will come as a surprise to you, editing a network of European cultural journals.
It's no surprise at all knowing you for about 20 years.
Well, it is a surprise given that I am the least cultured person that you know, but—
That's not true.
Oh, wow. It's not true. It's not true. I'm happy.
Oh yeah, Graham, yeah, you really rock the whole culture wire.
Well, I'm sure, I'm fairly confident there's a big overlap between your listeners and the readers of European cultural journals, so that's the reason I'm here, I guess.
So yeah, check it out, it's eurozine.com, and it covers about 100 cultural journals around Europe.
Don't ask me what a cultural journal is, we have long arguments about that, and intermediaries who contribute content, and we republish it after translating some of it into English.
So yeah, check it out, it's eurozine.com, and it covers about 100 cultural journals around Europe.
Don't ask me what a cultural journal is, we have long arguments about that, and intermediaries who contribute content, and we republish it after translating some of it into English.
So basically you're a journalist. I mean, obviously a very important editor-in-chief sort of journalist. And you're based where in the world?
Based in Vienna, Austria.
Oh, Vienna!
And you used to work for BBC World Service, is that right?
I did, yes, indeed.
Yes. And what university did you go to?
One not far from you, actually.
Christ, what is this, the Spanish Inquisition?
You went to Oxford, didn't you?
I did.
I'm just going to put it out there right now. James Thomson. Are you a spy?
Well, I did not— All I can say, Graham, is that if I am, the pay should be better.
All right. We will start talking about computer security and privacy after the break. Thanks to MetaCompliance for supporting this episode of Smashing Security.
People are the key to minimizing your cybersecurity risk posture, and MetaCompliance makes this easier by providing a single platform for phishing, cybersecurity, Smashing Security training policy, privacy, and incident management.
Listeners can get a 10% discount off the high-quality cybersecurity e-learning catalog by quoting the code SMASHING. Just visit www.metacompliance.com. That's www.metacompliance.com.
And welcome back. And I want to talk to you, Carole Theriault, and James Thomson, about a very important topic. I want to talk to you about malware from outer space.
People are the key to minimizing your cybersecurity risk posture, and MetaCompliance makes this easier by providing a single platform for phishing, cybersecurity, Smashing Security training policy, privacy, and incident management.
Listeners can get a 10% discount off the high-quality cybersecurity e-learning catalog by quoting the code SMASHING. Just visit www.metacompliance.com. That's www.metacompliance.com.
And welcome back. And I want to talk to you, Carole Theriault, and James Thomson, about a very important topic. I want to talk to you about malware from outer space.
Oh, for God's sake.
No, it's a very, very serious issue.
Really? Really? Really?
Apparently so, because there is—
Pinky swear.
There is a new scientific paper which is warning us about the way that aliens could communicate with us and potentially destroy humanity through their communications with us.
Graham, you didn't read about this in the Daily Mail, did you? This isn't one of those— this isn't one of those, a new report, a new study has shown.
You might want to read up about this because it's the sort of thing you might want to cover in Eurozine. All right, all right, all right.
Lots of brainiacs and scientists have been putting their heads together over the years to consider the merits and possible downsides of searching for extraterrestrial intelligence, ETI as they're known.
Would contact with bug-eyed monsters—
Lots of brainiacs and scientists have been putting their heads together over the years to consider the merits and possible downsides of searching for extraterrestrial intelligence, ETI as they're known.
Would contact with bug-eyed monsters—
Sounds like a sexually transmitted disease.
Careful what you do with that tentacle.
Look, I know you've got regular listeners, but I mean, I think they might start to detect a common theme here. But anyway, yeah, carry on, Graham.
Would contact with bug-eyed monsters benefit or harm humanity?
I can't believe you're covering this.
Should we hunt for them or keep our heads down in order to protect the Earth from threats?
Some have even suggested we cloak our planet using lasers to hide telltale signs that might be leaking information about us into space, maybe drawing attention to us, right?
So there's a couple of guys, Michael Hippke of the Sonneberg Observatory in Germany and John G. Learned of the University of Hawaii.
They've written— great name, a wonderful name, a learned name.
He has written— they have written some scientific papers considering these big questions relating to extraterrestrial intelligence, and in particular their latest one covers interstellar communication.
And they think this is an issue because they have postulated it is cheaper for aliens to send a malicious message to eradicate humanity compared to sending battleships.
Some have even suggested we cloak our planet using lasers to hide telltale signs that might be leaking information about us into space, maybe drawing attention to us, right?
So there's a couple of guys, Michael Hippke of the Sonneberg Observatory in Germany and John G. Learned of the University of Hawaii.
They've written— great name, a wonderful name, a learned name.
He has written— they have written some scientific papers considering these big questions relating to extraterrestrial intelligence, and in particular their latest one covers interstellar communication.
And they think this is an issue because they have postulated it is cheaper for aliens to send a malicious message to eradicate humanity compared to sending battleships.
What kind of message?
A malicious message.
Okay, wouldn't it be equally as easy to send a nice message saying how do you—
Well, this is the thing, you see. We can't be certain if we're going to encounter good guys or bad guys.
There is a chance it could be a Vogon battle fleet rather than some lovely sort of Ewoks.
There is a chance it could be a Vogon battle fleet rather than some lovely sort of Ewoks.
No offence, but quite a small chance since nothing in history has suggested they've been round before. Right?
What if we're going to base the future upon your personal experience of the past, Carole? In fact, Carole, is it not the case?
I seem to remember, as soon as you've interrupted me, is it not the case that actually you once believed there was an alien invasion really happening?
I believe you were in Brighton at the time and there was some sort of spoof on the radio and you— Do you even want me to go there?
I seem to remember, as soon as you've interrupted me, is it not the case that actually you once believed there was an alien invasion really happening?
I believe you were in Brighton at the time and there was some sort of spoof on the radio and you— Do you even want me to go there?
No.
Okay.
Look, I was very young and probably not of right sound mind.
Stoned. Anyway.
Or right of sound mind.
So we can't be certain if we're going to encounter good guys or bad guys. And the scientists warn that message decontamination is impossible. This is the finding of their paper.
And therefore any complex message we might receive from outer space might need to be destroyed to protect the planet. That'd be a real nuisance, wouldn't it?
And looking around, putting all these computers onto the SETI project, analyzing data which has been sent out there only to destroy the information when it comes out there.
So this is what they've said. They've said a complex message from space, may require the use of computers to display or analyze and understand.
And such a message can't be decontaminated with certainty. And there is a technical risk, albeit small, it could pose an existential threat.
Complex messages would need to be destroyed in the most risk-averse cases.
So what they're actually basically saying is, if we got a message, it might be wise for us to run it on a computer which is air-gapped, and so it can't cause too much of a problem.
And once we get to really analyze it, we can switch to a paper printout is what they're suggesting for offline analysis.
In fact, now, if that sounds crazy, they're suggesting that maybe we need to go even further because imagine it wasn't just a basic message.
And therefore any complex message we might receive from outer space might need to be destroyed to protect the planet. That'd be a real nuisance, wouldn't it?
And looking around, putting all these computers onto the SETI project, analyzing data which has been sent out there only to destroy the information when it comes out there.
So this is what they've said. They've said a complex message from space, may require the use of computers to display or analyze and understand.
And such a message can't be decontaminated with certainty. And there is a technical risk, albeit small, it could pose an existential threat.
Complex messages would need to be destroyed in the most risk-averse cases.
So what they're actually basically saying is, if we got a message, it might be wise for us to run it on a computer which is air-gapped, and so it can't cause too much of a problem.
And once we get to really analyze it, we can switch to a paper printout is what they're suggesting for offline analysis.
In fact, now, if that sounds crazy, they're suggesting that maybe we need to go even further because imagine it wasn't just a basic message.
How would this message come in? Via Gmail or something? Outlook? It would just be sitting there, an IM?
Well, it would— I don't know.
Meet me for coffee.
It would be a sort of radio signal or something, wouldn't it? Which would be analyzed and you get beep beep. Beep beep beep beep beep or something. Who knows, Carole?
Who knows? You mean Morse code?
Morse code. But see, there is a possibility that a message being sent to Earth from outer space could cause harm.
Okay.
An alien message, for instance. It could be a really simple one, right? It could be something saying, oh, by the way, your sun's going to blow up next Thursday just after tea time.
Right now, that may not be deliberately intended to destroy the world, but imagine the panic.
Right now, that may not be deliberately intended to destroy the world, but imagine the panic.
I don't think there'd be any panic. I think people would be like, there's nothing we can do about that, right? Maybe NASA would be in a panic.
Maybe, you know, the Russian equivalent of NASA would be in a panic. But I think I'd go punting.
Maybe, you know, the Russian equivalent of NASA would be in a panic. But I think I'd go punting.
Well, I've never heard it called that before.
Most people, when they're given a time limit and they're all talking about who they'd, you know, get off with and that sort of thing, you know, there could be rioting.
People could be getting widescreen TVs, HDTV or something, or they could be, you know, nobbing off with someone. Who knows? Who knows what could happen? It could be chaos.
Most people, when they're given a time limit and they're all talking about who they'd, you know, get off with and that sort of thing, you know, there could be rioting.
People could be getting widescreen TVs, HDTV or something, or they could be, you know, nobbing off with someone. Who knows? Who knows what could happen? It could be chaos.
You're making a real good story out of this.
Keep going.
You're doing great. I'm really buying it.
Well, now, if that sounds crazy enough, it gets even crazier because they then considered, well, what if it isn't a simple message that's sent to us, but something rather more complex?
What if there's a sort of header message, a frame around it which says, oh, hello, we're very friendly. We would like to send you our galactic library with every piece of knowledge.
All you have to do is build our artificial intelligence. Here are our instructions. It will quit.
What if there's a sort of header message, a frame around it which says, oh, hello, we're very friendly. We would like to send you our galactic library with every piece of knowledge.
All you have to do is build our artificial intelligence. Here are our instructions. It will quit.
This is basically an intergalactic Nigerian letter scam, isn't it? This—
Yeah, exactly. It's 101.
Seriously.
And these two guys have handed this paper in.
They have.
So what it says— this is what gives academics a bad name.
I'm sorry. I mean, I know his name is Learned, but really, please.
I really hope at the end of this Graham's going to be like "Isn't this a pile of poo?"
So it's not even April 1st yet.
So they say this is how you construct the AI. It will learn your language and it will answer your questions, and it may execute some code following these instructions, right?
And so these scientists have said, well, how would we handle this? And they said, well, we have to be very careful. So what we do is we isolate the computers.
We get the computer in a box on the moon.
And so these scientists have said, well, how would we handle this? And they said, well, we have to be very careful. So what we do is we isolate the computers.
We get the computer in a box on the moon.
They say we will only take Elon Musk's car to drive over to the moon.
We will execute the code there. There will be— we'll put safety devices in place.
And so they're describing things like remote-controlled fusion bombs to terminate the experiment at any time, right? Now, that sounds like they've thought of everything, doesn't it?
But they then say, our current research indicates that even well-designed boxes on the moon are useless because a sufficiently intelligent artificial intelligence will be able to persuade or trick its human keepers into releasing it.
And so they're describing things like remote-controlled fusion bombs to terminate the experiment at any time, right? Now, that sounds like they've thought of everything, doesn't it?
But they then say, our current research indicates that even well-designed boxes on the moon are useless because a sufficiently intelligent artificial intelligence will be able to persuade or trick its human keepers into releasing it.
Graham?
Yes?
Are you losing the plot?
Well, you know, it sounds like a whole load of poo to me. It sounds completely fucking crazy, doesn't it?
Thank God! Okay, I was really worried for your sanity there.
This makes me feel so much better about the story I've got as well. Can I just point out two fairly obvious flaws in this theory?
First of all, if an alien is clever enough to develop this ultra-complex AI system that we have to execute in a box on the moon in order to avoid being infected, they're probably intelligent enough just to zap us in the first place, right?
Secondly, in the early '70s we sent out the Pioneer probes.
First of all, if an alien is clever enough to develop this ultra-complex AI system that we have to execute in a box on the moon in order to avoid being infected, they're probably intelligent enough just to zap us in the first place, right?
Secondly, in the early '70s we sent out the Pioneer probes.
Pioneer and Voyager.
In the Voyager, but the Pioneer probes are the ones that had those plaques on them with anatomical pictures of human beings and our exact position in the galaxy.
So it's not like we've been trying to cover up where we are, or it's a bit late. We need to send someone out to get those back. So the aliens don't even need to be that smart.
So it's not like we've been trying to cover up where we are, or it's a bit late. We need to send someone out to get those back. So the aliens don't even need to be that smart.
Well, the main point of this paper, which people are welcome to read and have a good laugh about, is they're basically saying any message which comes through could potentially do something nasty on the computers.
But I think that's a bit of a long stretch myself, that they would have built in some sort of Microsoft Word exploit or Flash zero-day into the message which they're sending.
It reminds me a little bit of Geoff Goldblum. Do you remember in Independence Day?
But I think that's a bit of a long stretch myself, that they would have built in some sort of Microsoft Word exploit or Flash zero-day into the message which they're sending.
It reminds me a little bit of Geoff Goldblum. Do you remember in Independence Day?
Oh, I know Geoff called them. Yum, yum, yum.
Well, he uploaded that virus onto the alien mothership, didn't he? And thank goodness they had an Apple Mac like the one he was using.
That was a bit of a choice he had to make there. It could have been 50/50, but he said, you know what, those aliens look like they're Mac users. That's what I'm going to go for.
And that's how he managed to save the world. So thank you very much to Geoff.
And I think it's marvelous that these scientists are busy working on stuff like this rather than, you know, something less important, like, I don't know, global warming.
That was a bit of a choice he had to make there. It could have been 50/50, but he said, you know what, those aliens look like they're Mac users. That's what I'm going to go for.
And that's how he managed to save the world. So thank you very much to Geoff.
And I think it's marvelous that these scientists are busy working on stuff like this rather than, you know, something less important, like, I don't know, global warming.
Thank you very much. Thank you very much for bringing this to our attention.
Well, it was the most important computer security story I saw in the last 7 days, so I thought it was important to bring it to everyone's attention.
James, what have you got for us this week?
James, what have you got for us this week?
Well, being the solipsist I am, and also the complete lack of technical knowledge that I have, I've decided to make this about myself. I mean, it's sort of tech-related.
That's perfect!
It's sort of tech-related. Because, like many other ordinary Joes who use consumer websites, I've discovered that some of them aren't quite true to their word.
Good, who'd have thought?
You might remember a few months back, Ryanair, that purveyor of high-quality air transport services, decided to cut thousands of flights across Europe and leave people actually stranded in various towns and cities where they'd gone for weekend breaks and things without any obvious way of getting home.
Now, I had a—
Good, who'd have thought?
You might remember a few months back, Ryanair, that purveyor of high-quality air transport services, decided to cut thousands of flights across Europe and leave people actually stranded in various towns and cities where they'd gone for weekend breaks and things without any obvious way of getting home.
Now, I had a—
To their credit, that is more pleasurable than actually being on the Ryanair plane.
Yeah, well, that's true. Yeah, I mean, a bus ride back from Bulgaria probably is more fun than traveling on a Ryanair plane and being abused by the in-flight staff.
But anyway, I was a bit further away a few weeks ago in Malaysia, and for reasons which I won't go into now, I decided that renting a car would be a good idea.
So I went to a site called RentalCars.com, who glory in and claim RentalCars.com is the world's biggest online car rental service.
But anyway, I was a bit further away a few weeks ago in Malaysia, and for reasons which I won't go into now, I decided that renting a car would be a good idea.
So I went to a site called RentalCars.com, who glory in and claim RentalCars.com is the world's biggest online car rental service.
I'm assuming they're like Avis.
Well, yeah, they're not quite.
They're one of these kind of aggregator sites where you put in what you want, they offer you various options from Avis and Hertz and all the rest of them.
Then you book a car, you give them your credit card details, and, you know, lo and behold, in 3 or 4 days you expect to pick up the car, or however long it is.
So I book a car to get out of a town in Malaysia during Chinese New Year, which is a busy time of year over there, 4 days before I leave.
And then 12 hours before I'm supposed to pick this car up, I get an email from somebody at RentalCars.com saying, "Oh, very sorry, we couldn't find you a car."
They're one of these kind of aggregator sites where you put in what you want, they offer you various options from Avis and Hertz and all the rest of them.
Then you book a car, you give them your credit card details, and, you know, lo and behold, in 3 or 4 days you expect to pick up the car, or however long it is.
So I book a car to get out of a town in Malaysia during Chinese New Year, which is a busy time of year over there, 4 days before I leave.
And then 12 hours before I'm supposed to pick this car up, I get an email from somebody at RentalCars.com saying, "Oh, very sorry, we couldn't find you a car."
See you later. And really, like, just see you later? Like, thanks very much, enjoy your trip?
More or less, yeah, more or less.
But had they earlier confirmed that they had got you a car?
Yep, they sent me a message saying, "Your booking is confirmed, thank you for using RentalCars.com," and then proceeded to send me emails every 12 hours promoting their services and trying to get me to rent another car.
And they're still sending them to me, actually, despite what happened later.
Now, insofar as this is tech-related, it's to do with the way that the average person interacts with tech firms.
I mean, not that these firms are really tech firms, but they're online.
And they're still sending them to me, actually, despite what happened later.
Now, insofar as this is tech-related, it's to do with the way that the average person interacts with tech firms.
I mean, not that these firms are really tech firms, but they're online.
But they're providing services that we rely on.
Exactly. And you never used to have this problem when Q Branch supplied you with vehicles, right?
Never. Those Aston Martins were as reliable as Swiss watches.
But the thing about these people was that when I phoned them up, and I got some guy and he said, "Well, the trouble is, you see, Malaysia, it's the other side of the world." And I said to him, "Well, it may be, my friend, but you are supposed to be running a global website and I'm on the other side of the world.
So what are you going to do about it?" "Try to pick up my freaking car." "Where is the car from the world's biggest online supplier of rental cars or whatever you are?" And this conversation went on for a couple of hours on and off.
The top and bottom of it was that they offered me a very generous discount on my next rental from RentalCars.com and then told me to bugger off, basically.
But the thing about these people was that when I phoned them up, and I got some guy and he said, "Well, the trouble is, you see, Malaysia, it's the other side of the world." And I said to him, "Well, it may be, my friend, but you are supposed to be running a global website and I'm on the other side of the world.
So what are you going to do about it?" "Try to pick up my freaking car." "Where is the car from the world's biggest online supplier of rental cars or whatever you are?" And this conversation went on for a couple of hours on and off.
The top and bottom of it was that they offered me a very generous discount on my next rental from RentalCars.com and then told me to bugger off, basically.
Oh, well, you're rushing to take them up on that generous offer, aren't you?
Very much so. Yeah, of course, there's no record of them offering me this.
So even when I do come around to booking something, which I won't, on their site, they won't honor it, I dare say.
But the thing about this is that, first of all, these sites are offering something that they don't actually have.
That's to say, they're offering all these things from Hertz and Avis and all these other car companies which are branded and look reliable.
But the fact is that they haven't actually got those cars.
And when they went to them to say, right, this guy, we've got a sucker, they turned around and said, well, we've already rented our cars at this rate anyway.
Of course there would have been cars. These companies all keep cars on standby for full rate, the people who walk in customers.
But of course the aggregator site isn't going to pay the full rate because they've already offered it to me at less. So they just walk away from the deal.
And that's the second part of this. That's to say, it's a one-way bet. You choose something on the site, you click on it, you give them your credit card details.
And if they can find it, they take your money. If they can't, they just walk away. And the same thing happened with Ryanair a few months back.
If you remember, they had got people who'd booked flights, some of whom had already traveled to the destinations and had paid for them, and then they just canceled the flights and walked away and said, well, it's your problem, get yourselves back.
And for people, I mean, all right, at the end of the day, I was lucky. I know Malaysia a little bit, I know the deal, I managed to find another way out.
But for people who've never been to Łódź, Poland, or Timișoara, Romania, and are there on a weekend break and may not have been abroad very often before.
You know, you try and get yourself back from Timișoara in a hurry.
So even when I do come around to booking something, which I won't, on their site, they won't honor it, I dare say.
But the thing about this is that, first of all, these sites are offering something that they don't actually have.
That's to say, they're offering all these things from Hertz and Avis and all these other car companies which are branded and look reliable.
But the fact is that they haven't actually got those cars.
And when they went to them to say, right, this guy, we've got a sucker, they turned around and said, well, we've already rented our cars at this rate anyway.
Of course there would have been cars. These companies all keep cars on standby for full rate, the people who walk in customers.
But of course the aggregator site isn't going to pay the full rate because they've already offered it to me at less. So they just walk away from the deal.
And that's the second part of this. That's to say, it's a one-way bet. You choose something on the site, you click on it, you give them your credit card details.
And if they can find it, they take your money. If they can't, they just walk away. And the same thing happened with Ryanair a few months back.
If you remember, they had got people who'd booked flights, some of whom had already traveled to the destinations and had paid for them, and then they just canceled the flights and walked away and said, well, it's your problem, get yourselves back.
And for people, I mean, all right, at the end of the day, I was lucky. I know Malaysia a little bit, I know the deal, I managed to find another way out.
But for people who've never been to Łódź, Poland, or Timișoara, Romania, and are there on a weekend break and may not have been abroad very often before.
You know, you try and get yourself back from Timișoara in a hurry.
Oh no, think of— I'm thinking of, you know, maybe our parents, right? Traveling.
Our parents are resourceful, Carole. They'd have just chartered a helicopter or something. But for ordinary folk like us, you know, or they'd have—
Oh yeah, you're pretending you're ordinary now. Why? Why don't you tell us about your trip to Tirana, Salata? Yeah, very interesting. Good cover. Good cover.
Anyway, the silver lining to this story was that I then managed to get an Uber taxi up into the mountains, a 300-kilometer journey for about 40 quid.
And I know because I saw, and me and my traveling companions saw the driver fill up the car and pay motorway tolls that came to more than the fare.
So we got quite a bargain out of Uber. I suspect this is because Uber is subsidizing drivers in order to capture market share over there.
So while one bunch of greedy venture capitalists was taking my money or attempting to take it with one hand, another bunch of greedy venture capitalists from Silicon Valley was giving it to me with the other.
So, you know, what goes around comes around in the end.
And I know because I saw, and me and my traveling companions saw the driver fill up the car and pay motorway tolls that came to more than the fare.
So we got quite a bargain out of Uber. I suspect this is because Uber is subsidizing drivers in order to capture market share over there.
So while one bunch of greedy venture capitalists was taking my money or attempting to take it with one hand, another bunch of greedy venture capitalists from Silicon Valley was giving it to me with the other.
So, you know, what goes around comes around in the end.
Well, I just hope your driver did all right out of that.
Mohammed was a very cheerful little fella.
He did his maths at the end of the day. Who knows?
I don't know. I mean, yeah, I don't know. But he seemed cheerful right off the end.
Do you think though that the upshot of this is that we shouldn't necessarily trust third-party sites that basically take deals from, you know, individual companies and try and provide a better service.
What I would say is this: I've used other rental car sites, aggregator sites, and some of them—in fact, I'll name one, Auto Europe, I've used before—and they've actually been very good.
When something's gone wrong, I've phoned them up and they've sorted it out. The problem is that these other guys notice that there's money in the market.
They go in with poorer customer service, and then they clean up because most of their deals go through.
So what I'd say is if you get good service from one of these companies, then stick with them. The only reason I didn't use them was that they had no cars in Malaysia.
It turns out they were all rented, actually, but that's why, probably.
When something's gone wrong, I've phoned them up and they've sorted it out. The problem is that these other guys notice that there's money in the market.
They go in with poorer customer service, and then they clean up because most of their deals go through.
So what I'd say is if you get good service from one of these companies, then stick with them. The only reason I didn't use them was that they had no cars in Malaysia.
It turns out they were all rented, actually, but that's why, probably.
So a nice recommendation there from James, the editor-in-chief of Eurozine, recommending Auto Europe. Interesting, similar names and great—
That is not an official endorsement. That is not an official endorsement.
No, then you're not affiliated. No, no, no connection. No connection. Okay. Carole, what's your story this week?
So I personally need to understand whether people like you and me, typical users, are actually cool with this business model, because I don't think I am.
So, you know the saying, if you aren't paying, you are the product. I get that. We know with free apps that makes sense, right?
Like Google provides you things like YouTube and Gmail, but in exchange they take things like, oh, everything that you search for, all the images of you, all the videos you watch, where you happen to be at the time, what IP address you're using, and what device you're using at the time.
So what about apps or services that we fork out money for, right? There's this company called MoviePass, a U.S.
firm headed by CEO Mitch Lowe, and this is a company that wants to deglue U.S.-based butts off the couch and put them into the movie theater.
Well, they're not targeting my butt or your Austrian butt.
So, you know the saying, if you aren't paying, you are the product. I get that. We know with free apps that makes sense, right?
Like Google provides you things like YouTube and Gmail, but in exchange they take things like, oh, everything that you search for, all the images of you, all the videos you watch, where you happen to be at the time, what IP address you're using, and what device you're using at the time.
So what about apps or services that we fork out money for, right? There's this company called MoviePass, a U.S.
firm headed by CEO Mitch Lowe, and this is a company that wants to deglue U.S.-based butts off the couch and put them into the movie theater.
Well, they're not targeting my butt or your Austrian butt.
Bloody hope not.
Degluing butts. Is there a problem of sticky bottoms in America?
Yeah, well, you know, if you're sitting on your couch watching Netflix all day, right? And sitting there and you're eating maybe on the couch all the time, might be getting sticky.
Right, you're getting fused to the cushion. Right, okay.
Oh, you're being rude and lewd again.
No, no, not again. Not after last week.
We've been told many times.
I cleaned up my act.
Right, so they want to get you off the couch and get you into movie theaters. Now, how are they going to do this? Well, why not just steal the model made by Netflix?
So have a movie theater subscription service.
So you pay about $10 a month, or about £7, and the service uses a mobile app where registered users check into a cinema and choose a film and a showtime, and then you present your voucher and the theater actually collects payment from third-party credit cards, including, says TechCrunch, one that belongs to a bunch of venture capitalists.
So according to this article in MediaPlay News, the CEO, Mr.
Lowe, claims to currently have around 2 million users and is looking to onboard 3 million more by the end of the year, bringing him to a total of 5 million.
Boom, this is all looking fantastic. Now, back to the topic of data tracking. What kind of data tracking would we expect in a paid service like this?
Now, you might think, hey, they might know what movies I go watch, right? Or what time I watch them.
So have a movie theater subscription service.
So you pay about $10 a month, or about £7, and the service uses a mobile app where registered users check into a cinema and choose a film and a showtime, and then you present your voucher and the theater actually collects payment from third-party credit cards, including, says TechCrunch, one that belongs to a bunch of venture capitalists.
So according to this article in MediaPlay News, the CEO, Mr.
Lowe, claims to currently have around 2 million users and is looking to onboard 3 million more by the end of the year, bringing him to a total of 5 million.
Boom, this is all looking fantastic. Now, back to the topic of data tracking. What kind of data tracking would we expect in a paid service like this?
Now, you might think, hey, they might know what movies I go watch, right? Or what time I watch them.
Maybe they'd recommend similar movies, you know, so if they find out that you like thrillers, maybe they say, oh, by the way, there's a thriller out now next week at this cinema, you may want to go and see it.
I don't know, something like that.
I don't know, something like that.
Yeah, yes, okay, exactly. That makes sense to me, right?
What date you went to see it, you know, how many tickets you bought, when you go, and then they can kind of tailor the experience for you.
So I headed over to the website, the MoviePass website, to learn a bit more, and I found their policy just to kind of take a look around. And here's just a quick snippet from it.
So, we keep track of your interactions with us and collect information related to your use of our services.
Including but not limited to the online activity, title sections and ratings. Fine, fine, fine, I think. Payment history and correspondence as well as internet protocol addresses.
Interesting. Device types, operating system and related activity. So there's a few things that make me nervous in there. The words not limited to and related activity, right?
Those are the two that make me a little nervous. I'm no lawyer, but they just give me a bit of the heebie-jeebies.
So on March 2nd at the Entertainment Finance Forum in Hollywood, of course we've all heard about this. MoviePass CEO Mitch Lowe was the keynote presenter at this event.
And the title of his talk was, "Data is the New Oil: How Will MoviePass Monetize It?" Well, he tells us during his keynote, he seems to literally crow about how much data they are currently hoovering up from their paying customers.
The company, of course, knows its subscribers' addresses and can glean demographic information based on where they live. This was reported by TechCrunch.
The company can also track subs via the app and phone GPS. So let me quote here. We get an enormous amount of information, he said. We watch how you drive from home to the movies.
We watch where you go afterwards. Well, what? What? Right?
What date you went to see it, you know, how many tickets you bought, when you go, and then they can kind of tailor the experience for you.
So I headed over to the website, the MoviePass website, to learn a bit more, and I found their policy just to kind of take a look around. And here's just a quick snippet from it.
So, we keep track of your interactions with us and collect information related to your use of our services.
Including but not limited to the online activity, title sections and ratings. Fine, fine, fine, I think. Payment history and correspondence as well as internet protocol addresses.
Interesting. Device types, operating system and related activity. So there's a few things that make me nervous in there. The words not limited to and related activity, right?
Those are the two that make me a little nervous. I'm no lawyer, but they just give me a bit of the heebie-jeebies.
So on March 2nd at the Entertainment Finance Forum in Hollywood, of course we've all heard about this. MoviePass CEO Mitch Lowe was the keynote presenter at this event.
And the title of his talk was, "Data is the New Oil: How Will MoviePass Monetize It?" Well, he tells us during his keynote, he seems to literally crow about how much data they are currently hoovering up from their paying customers.
The company, of course, knows its subscribers' addresses and can glean demographic information based on where they live. This was reported by TechCrunch.
The company can also track subs via the app and phone GPS. So let me quote here. We get an enormous amount of information, he said. We watch how you drive from home to the movies.
We watch where you go afterwards. Well, what? What? Right?
So hang on.
So let's go back to the policy. But first, before you start, because I know, I know, let's go back to the policy. Policy.
So the policy says that MoviePass collects information related to my use of the service. How is where I go beforehand and afterwards any way related to the service use?
Yeah, it's not. It's actually related to their future service.
I'm assuming all this data is going to help them forge alliances with nearby restaurants, cafes, bars, and clubs and give you deals, two-for-one drinks, etc., etc.
So the policy says that MoviePass collects information related to my use of the service. How is where I go beforehand and afterwards any way related to the service use?
Yeah, it's not. It's actually related to their future service.
I'm assuming all this data is going to help them forge alliances with nearby restaurants, cafes, bars, and clubs and give you deals, two-for-one drinks, etc., etc.
Because they could pop up something on the app, couldn't they, to say, oh, maybe you'd like to go to Domino's now for a pizza or something like that?
No, two-for-one. Two-for-one larges for you and your date. Mega Gulps for free. Yeah.
This CEO, basically, he was on stage.
CEO!
He was on stage and he got a little bit— he's thinking, hey, look at me, right? I'm on stage. I'm only at the Entertainment Finance Forum in Hollywood. Everyone's listening to me.
I've got this great speech about data being the new oil. And he can't stop himself from crowing about it.
I've got this great speech about data being the new oil. And he can't stop himself from crowing about it.
He's a bit like someone on CNN I saw this morning.
Yeah, there've been some extraordinary appearances on CNN lately, yes.
Now here is my big beef about this. I want peddlers of services like this to be upfront. Is that too much to ask?
I want to make an informed decision and I want to decide whether I want to sign up for that service or not based on the interaction of what they get and what I get.
It worries me that lots of apps many of which we're paying for, are taking a lot more from us than we realize.
Even if those of us who go and read the policy aren't really any wiser to that information.
I want to make an informed decision and I want to decide whether I want to sign up for that service or not based on the interaction of what they get and what I get.
It worries me that lots of apps many of which we're paying for, are taking a lot more from us than we realize.
Even if those of us who go and read the policy aren't really any wiser to that information.
Well, that's the thing, isn't it? Because it's not just being upfront about it and put it in the privacy policy, which clearly they didn't do on this occasion.
It wasn't clear because they just said, oh, related activity. Nobody reads the privacy policy apart from you, Carole, on this occasion.
It wasn't clear because they just said, oh, related activity. Nobody reads the privacy policy apart from you, Carole, on this occasion.
Well, I was doing a story on it. I had to do my homework.
Yeah.
Right.
Okay. But normally what you need is a great big fat dialogue saying, "Oh, by the way, we're going to spy on where you go to after the movie.
Is that all right?" And the default should be, "No, of course it's bloody not all right." Or alternatively, "Yes, I'm a complete idiot.
Is that all right?" And the default should be, "No, of course it's bloody not all right." Or alternatively, "Yes, I'm a complete idiot.
I don't mind you tracking me." I know I was fantasizing earlier about having this fantastic app that would just basically read all these contracts for us and then just give us alerts on things that we've told that we don't want.
You know, there's some alien intelligence which could actually— They've promised that they can provide us with that. We've just got to run the code on the moon.
Look, I don't think I'm being crazy here. Is it nuts that I think that they should be upfront about, you know, the details of the exchange between us?
Or are we so desensitized by piss-poor privacy that we don't give a shit anymore? And we're just like, yeah, well, that's the cost of business.
Or are we so desensitized by piss-poor privacy that we don't give a shit anymore? And we're just like, yeah, well, that's the cost of business.
Of course not. But just to give you a kind of insight, these sort of issues are actually kind of live political issues here in Austria.
This kind of data privacy thing is a big deal here. The idea that apps are tracking you is something that people here get really concerned about.
This kind of data privacy thing is a big deal here. The idea that apps are tracking you is something that people here get really concerned about.
I'm so glad to hear that.
Being someone who doesn't really use apps, I mean, what benefits do you get from— if you're running these dozens of apps on your phone or hundreds, some people, and they're all tracking you, are the benefits really worth it?
I mean, which apps do you use or would you recommend where you have to trade off this loss of privacy for benefit.
I mean, which apps do you use or would you recommend where you have to trade off this loss of privacy for benefit.
I do use some Google apps, right? And I use tons of apps. I'm sure loads of apps are saying, yes, we're going to kind of track your data. GDPR is going to help protect EU residents.
But as far as I could see, MoviePass doesn't give a hoot about the EU at the moment. In fact, they're moviepass.co.uk if anyone wants to buy it. It's available for grabs.
But as far as I could see, MoviePass doesn't give a hoot about the EU at the moment. In fact, they're moviepass.co.uk if anyone wants to buy it. It's available for grabs.
So I think the vast majority of free apps are certainly going to be doing something with your data, even if it's simply to target you with advertising. The majority are doing that.
What is upsetting particularly about this MoviePass thing is you're actually paying a subscription, aren't you, for this service? And so these add-ons, even if—
What is upsetting particularly about this MoviePass thing is you're actually paying a subscription, aren't you, for this service? And so these add-ons, even if—
For the pleasure of being monitored.
Exactly. Even if they can promote the benefits of tracking you and explain why that's a really good idea, it should be optional.
It should be something which you have to knowingly opt into rather than to have to try and find out how to opt out.
As it is, you only found out about this because the CEO couldn't keep his mouth shut on stage.
It should be something which you have to knowingly opt into rather than to have to try and find out how to opt out.
As it is, you only found out about this because the CEO couldn't keep his mouth shut on stage.
Yeah, and it makes you wonder how many more apps are doing this.
And look, I'm not a big fan of layers upon layers of legislation, you know, but you know, if people are gonna behave like this, it's maybe the only option we have to protect our privacy.
And look, I'm not a big fan of layers upon layers of legislation, you know, but you know, if people are gonna behave like this, it's maybe the only option we have to protect our privacy.
We could all move to Austria.
Australia. I'm not sure I'd recommend that.
Well, you don't want me coming to Australia?
You're very welcome. You're always welcome.
So, and I know there's some people are going to say, "Hey, but look, you get a real deal with MoviePass, right? It's so much cheaper going through this way.
What are you complaining about, dude?" But that's the problem. I don't know what apps like this, paid or unpaid, are actually taking in exchange for my patronage. I don't know.
And if I knew and I could make an educated guess, fine. But I don't know why we're leaving it up to them just to hoover up off our phone what they want.
What are you complaining about, dude?" But that's the problem. I don't know what apps like this, paid or unpaid, are actually taking in exchange for my patronage. I don't know.
And if I knew and I could make an educated guess, fine. But I don't know why we're leaving it up to them just to hoover up off our phone what they want.
And it's a slippery slope, Carole, because it becomes the new normality, right? Every time this happens—
You know I know about that stuff, yes.
And before you know it, they're filming you in your bed or they're stealing your—
And on that bombshell!
At risk of sounding like Victor Meldrew, sorry for non-English listeners, Can I just make a request for them to bring back Orange Wednesday, when to get a half-price cinema ticket, you just had to borrow your mate's Orange phone and get them to send you a code, and then they let you in for half price?
I think that actually still—
I mean, that just seems so much simpler than having to have an app. Sounds to me like fraud, James. No, that is fraud.
And I cannot believe that someone who worked on Her Majesty's Secret Service is suggesting such a thing.
And I cannot believe that someone who worked on Her Majesty's Secret Service is suggesting such a thing.
I think that's what Hope Higgs would call a little white lie, and I think we can all live with that.
Right, off to our sponsors!
And thanks once again to MetaCompliance for supporting this episode of Smashing Security. People are the key to minimizing your cybersecurity risk posture.
You can save 10% as a Smashing Security listener off the high-quality cybersecurity e-learning catalog by going to metacompliance.com and quoting the code SMASHING.
That's metacompliance.com, and don't forget the code SMASHING. On with the show. And you join us at our favorite part of the show, which we like to call Pick of the Week.
You can save 10% as a Smashing Security listener off the high-quality cybersecurity e-learning catalog by going to metacompliance.com and quoting the code SMASHING.
That's metacompliance.com, and don't forget the code SMASHING. On with the show. And you join us at our favorite part of the show, which we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where we all choose something that we like.
Could be a funny story, a book we've read, a TV show, a movie, a record, an app, a website, podcast, whatever we like. Doesn't have to be security-related necessarily.
Could be a funny story, a book we've read, a TV show, a movie, a record, an app, a website, podcast, whatever we like. Doesn't have to be security-related necessarily.
Definitely not security-related this week.
Well, mine is not security-related this week, Carole.
No aliens, Graham.
It's no aliens. No, I'm going to talk to you about another aspect of my life.
Before I was in the crazy world of computer security, I used to be in the world of interactive fiction, also known as text adventure games.
I used to write text adventure games when I was a wee lad, which was great fun, and I loved them as well.
They were the only kind of computer games I was really any good at writing or playing. And my pick of the week is a documentary called Get Lamp.
These are the kind of games which were purely words, okay?
Where you'd say something like, "Go north, pick up everything apart from the Dweezil, stroke the octopus" or whatever, and it would then relay what happened in text.
So it was like a book, but an interactive book.
Before I was in the crazy world of computer security, I used to be in the world of interactive fiction, also known as text adventure games.
I used to write text adventure games when I was a wee lad, which was great fun, and I loved them as well.
They were the only kind of computer games I was really any good at writing or playing. And my pick of the week is a documentary called Get Lamp.
These are the kind of games which were purely words, okay?
Where you'd say something like, "Go north, pick up everything apart from the Dweezil, stroke the octopus" or whatever, and it would then relay what happened in text.
So it was like a book, but an interactive book.
Okay. I used to play two of these. One was called— one started with Z, the other one was called Zork. Zork and Enchanter.
I like that. Yes, Enchanter. Well, both of those games were published by a company called Infocom.
Okay.
There's both a documentary where they interview the people who wrote those games, and they were fantastic games.
The ones you've just spoken about were written by people like Steve Meretzky, who also wrote Leather Goddesses of Phobos. Very funny game.
The ones you've just spoken about were written by people like Steve Meretzky, who also wrote Leather Goddesses of Phobos. Very funny game.
Pardon? Say that again?
Leather Goddesses of Phobos. Did you never play that game? It's very funny. It's like a 1950s schlock.
You know, I realize my youth wasn't nearly misspent enough.
Where were you living? Under a rock?
He also co-wrote with Douglas Adams, no less, the computer game of Hitchhiker's Guide to the Galaxy. And they wrote some tremendous creative games.
Other people included Brian Moriarty and Dave Liebling, who wrote The Lurking Horror, which is sort of an H.P. Lovecraft-inspired text adventure game.
Scott Adams didn't work for Infocom, but also wrote some famous games.
Other people included Brian Moriarty and Dave Liebling, who wrote The Lurking Horror, which is sort of an H.P. Lovecraft-inspired text adventure game.
Scott Adams didn't work for Infocom, but also wrote some famous games.
What, the Dilbert Scott Adams?
No, it's a different Scott Adams. I don't think it is that Scott Adams.
That would be just too weird.
That would be just too weird.
But it's a great documentary, loads of background features, including a 50-minute documentary all about Infocom, who were really the kings of the text adventure.
Great packaging, fantastic quality, and eventually the company went bust for an interesting reason. But you can watch the documentary to find out more.
My only complaint about the movie is that it's very US-centric, and there were a lot of European games as well, and European text adventure companies back then, like Level-9 and Magnetic Scrolls.
But it's a great documentary, loads of background features, including a 50-minute documentary all about Infocom, who were really the kings of the text adventure.
Great packaging, fantastic quality, and eventually the company went bust for an interesting reason. But you can watch the documentary to find out more.
My only complaint about the movie is that it's very US-centric, and there were a lot of European games as well, and European text adventure companies back then, like Level-9 and Magnetic Scrolls.
Maybe Europe wouldn't put any money towards it.
No, I think this was really a labor of love by the director, Jason Scott.
Now, I bought the DVD from his website, Get Lamp website, but you can actually watch it for free on YouTube. He presented it as a Google Tech Talk. So if you—
Now, I bought the DVD from his website, Get Lamp website, but you can actually watch it for free on YouTube. He presented it as a Google Tech Talk. So if you—
Did you really? Did you really buy it?
Yes, I did.
Yeah.
Did you really? I did. Oh, yeah, I know. Surprising. You can check it out as a Google Tech Talk as well and watch the documentary about Infocom. Really recommend it.
Terrific documentary and talks about a long-lost era of computer gaming, which I miss.
Terrific documentary and talks about a long-lost era of computer gaming, which I miss.
I miss too. And I've actually played your games, Graham.
Oh.
And I would recommend them because they are good. I don't even know what they're called.
The most famous one is called Jacaranda Jim.
Oh yeah, I remember.
And its sequel— well, not a sequel really, but the next one I wrote was called Humbug. Humbug is a much better game.
Yes, both of them are available on my website, GrahamCluley.com.
Yes, both of them are available on my website, GrahamCluley.com.
Why don't we play a bit so people know what they're getting into?
I am in the pantry. It is a small, dark room, the only source of light being a barred oval window built close to the ceiling and the west wall.
A definite niff of seaweed wafts around the shelves. Small mountains of marzipan and icing sugar are liberally scattered across the damp stone floor.
A shark is leaning against one of the mounds of marzipan. He gives me a knowing wink. A small mouse pokes its head around a mound of marzipan and squeaks at me.
I can also see a caddy. An exit exists. Next, James. Show me.
A definite niff of seaweed wafts around the shelves. Small mountains of marzipan and icing sugar are liberally scattered across the damp stone floor.
A shark is leaning against one of the mounds of marzipan. He gives me a knowing wink. A small mouse pokes its head around a mound of marzipan and squeaks at me.
I can also see a caddy. An exit exists. Next, James. Show me.
What's your pick of the week, baby?
I'm afraid to say there are no games on my website, and there wouldn't be even if I had one.
But I also have to confess, I'm afraid I haven't listened to every one of the 67 preceding podcasts.
I have listened to most of them, but not every one, so this may have come up before. I'd be surprised if it hasn't. And I'm talking of the Warrington Cycle Campaign.
But I also have to confess, I'm afraid I haven't listened to every one of the 67 preceding podcasts.
I have listened to most of them, but not every one, so this may have come up before. I'd be surprised if it hasn't. And I'm talking of the Warrington Cycle Campaign.
Oh yeah, we did that, episode 34.
Next, the Warrington— what? Warrington's a place in the UK.
The Warrington Cycle Campaign, which promotes safer cycling for existing cyclists in Warrington and aims to encourage more people to travel by bicycle in the— Ah, now, now you'd wonder why this would be my pick of the week.
Well, yes, they have this genius subpage which is called Facility of the Month. This documents in photographs every month the most idiotic cycling facilities in the world.
And I'm talking about dedicated cycle lanes.
Well, yes, they have this genius subpage which is called Facility of the Month. This documents in photographs every month the most idiotic cycling facilities in the world.
And I'm talking about dedicated cycle lanes.
Oh, I'm looking at one right now. Yeah, yeah.
So the ones that require cyclists to get off their bicycle every 20 yards or feed cyclists directly into oncoming traffic or put lampposts in the middle of cycle lanes.
Have you seen this before?
Have you seen this before?
No. This is extraordinary. I'm looking at some of them. It's quite dangerous, isn't it, being a cyclist? It seems if you obey the laws of the road, if you follow these instructions.
Well, some of them are just— I mean, most of them are just crazy.
They've been put in by council workmen who've just been operating according to some plan they've been given without any thought for whether this makes any sense or not.
Most of them are things like cycle lanes that last literally 3 yards and then end in a steel gate. But they also have these superbly sarcastic captions that they use for them.
So if you look at July last year, 2017, for instance, picture of a sign in the middle of a cycle path blocking it entirely that just says cyclists caution Signage in Cycleway, and the caption reads, this month's facility was inspired by an undergraduate philosophy assignment: a sign that only purpose is to warn of its own existence.
They've been put in by council workmen who've just been operating according to some plan they've been given without any thought for whether this makes any sense or not.
Most of them are things like cycle lanes that last literally 3 yards and then end in a steel gate. But they also have these superbly sarcastic captions that they use for them.
So if you look at July last year, 2017, for instance, picture of a sign in the middle of a cycle path blocking it entirely that just says cyclists caution Signage in Cycleway, and the caption reads, this month's facility was inspired by an undergraduate philosophy assignment: a sign that only purpose is to warn of its own existence.
So charming, it's lovely, it's fantastic, and it's from the Hackney Council.
There are hundreds of them there, they're brilliant, so I recommend that you scroll through that.
That's, this is like a website from 1990.
I know, that's what I love about it as well, it's very old school.
Cool.
But they're really down to earth as well. They're not cycling Nazis. They're not sort of anti-motorist. They're just pointing out that things could be done better.
And so I salute them.
And so I salute them.
Cycle Nazis. And then you mentioned saluting. That would be quite dangerous actually doing the Nazi salute while cycling, wouldn't it?
Well, I'm not going to make any comments about Vienna. Not to be recommended. But you know what I mean by cycling Nazis.
I mean, if you read any articles about cycling in the press, if you read the comments underneath, they're divided between people who think that anyone who drives a car should be executed and people who think that anybody who rides a bicycle should be executed.
People get really anxious about this.
I mean, if you read any articles about cycling in the press, if you read the comments underneath, they're divided between people who think that anyone who drives a car should be executed and people who think that anybody who rides a bicycle should be executed.
People get really anxious about this.
James, James, it's one thing for us to upset Donald Trump fans on this podcast. Don't start getting cyclists annoyed. They're much scarier. I am a cyclist.
Oh yes, some of my best friends are cyclists. Look, we don't want those sort of people leaving us negative reviews on iTunes, you know.
Oh yes, some of my best friends are cyclists. Look, we don't want those sort of people leaving us negative reviews on iTunes, you know.
No, no, no.
I am merely highlighting the debate. I am not coming down on either side. As I say, I cycle to work every day on Austrian cycle paths. My day is enlivened every morning.
I say this to people. They say, why do you cycle to work? And I say, well, the adrenaline from Austrian motorists attempting to murder me every morning is what keeps me going.
So no, I'm a committed cyclist. I love it. But I hate a crappy cycle facility.
I say this to people. They say, why do you cycle to work? And I say, well, the adrenaline from Austrian motorists attempting to murder me every morning is what keeps me going.
So no, I'm a committed cyclist. I love it. But I hate a crappy cycle facility.
Well, thank you for that pick of the week. I think actually this is a perfect time waster for late Friday afternoon.
Anyone who's into cycling, this is definitely where I would recommend people to go this week.
Anyone who's into cycling, this is definitely where I would recommend people to go this week.
So, Carole, what is your pick of the week?
Mine is a podcast and actually an episode of a podcast. So this is the podcast called We the People Live, created by Josh Zepps, a journalist hailing from Australia.
I really like this podcast. It's interesting, it's refreshing, it's got a bit of political bite.
It talks about ethics, has a little splash philosophy here and there, and he interviews really great guests, much like we do. Not today.
I really like this podcast. It's interesting, it's refreshing, it's got a bit of political bite.
It talks about ethics, has a little splash philosophy here and there, and he interviews really great guests, much like we do. Not today.
No.
Now, I really like this particular episode, episode 116, Money: Free Money for All. This is an interview with Rutger Bregman.
This is a Dutchman who is a champion of universal basic income. This is basically where government gives you free money.
And Rutger talks about the 15-hour work week, whether AI will impact our working lives, and whether we're basically wasting our lives in meaningless jobs in order to keep up with the Joneses.
It's just really interesting the way they bounce around the ideas, and I really enjoyed it.
So if you have an hour or so free, I'd recommend you check out episode 116 of We the People Live.
This is a Dutchman who is a champion of universal basic income. This is basically where government gives you free money.
And Rutger talks about the 15-hour work week, whether AI will impact our working lives, and whether we're basically wasting our lives in meaningless jobs in order to keep up with the Joneses.
It's just really interesting the way they bounce around the ideas, and I really enjoyed it.
So if you have an hour or so free, I'd recommend you check out episode 116 of We the People Live.
Okay, 15-hour work week.
Yeah, doesn't it sound great? Well, you know, the 15-hour workweek doesn't belong to Rutger. It's someone in the '30s. I think it's John Maynard Keynes.
Yeah, John Maynard Keynes.
He talked about that. And they expected by this time, that's what we'd be doing. And in fact, we're doing exactly the opposite, aren't we?
I think most people work over 40 to 45 hours at the moment, which is crazy.
I think most people work over 40 to 45 hours at the moment, which is crazy.
Yes. It's more like a 15-hour workday sometimes, isn't it? In fact, you know what? AI is probably a bigger threat than those aliens.
I don't know why we're worried so much about these aliens sending us some messages. All those are Alexas. I just said the word. It's all these dinguses in people's homes.
They're the things we should be watching, I reckon.
I don't know why we're worried so much about these aliens sending us some messages. All those are Alexas. I just said the word. It's all these dinguses in people's homes.
They're the things we should be watching, I reckon.
Yeah, exactly. Anyway, worth listening to. Might give you some new ideas on how to handle this stressful life we're all living.
I was just going to add that if you read The Road to Wigan Pier by George Orwell in the 1930s, in which he talks about the appalling conditions in which people were working in industrial parts of England, he at the same time also considers how mechanization is going to reduce demand for physical labor and how are we going to manage that and what's everyone going to do when no one needs to work anymore.
So yeah, these issues have been around for a while.
So yeah, these issues have been around for a while.
They're going to tweet and post Facebook updates. In fact, that is what people are — that is the work they're doing, isn't it?
They're just feeding Mark Zuckerberg and his empire by constantly pouring data onto his servers.
They're just feeding Mark Zuckerberg and his empire by constantly pouring data onto his servers.
Well, less and less every day.
On that cheery note—
Poor sausages.
We've just about wrapped up the show, haven't we, Carole?
We have. So first, thanks to everyone who listens to the show. It occurred to me today that this would be an exceptionally futile exercise if we didn't have listeners. So thank you.
And thanks, of course, to our sponsors, who help fund the cost of producing and publishing the show.
And thanks, of course, to our sponsors, who help fund the cost of producing and publishing the show.
Oh, aren't they lovely? Now, if you like us, you can follow us on Twitter @SmashingSecurity, no G. Twitter wouldn't let us have a G. We're on Facebook as well.
We've got a Facebook group, and we have an online store at smashingsecurity.com/store. We don't just buy t-shirts.
Someone contacted us the other day and said, why do you only sell t-shirts up there? It's not just t-shirts. We've got cushions.
We've got a Facebook group, and we have an online store at smashingsecurity.com/store. We don't just buy t-shirts.
Someone contacted us the other day and said, why do you only sell t-shirts up there? It's not just t-shirts. We've got cushions.
Stay away from the cushions, guys. Seriously.
We've got stickers. We've got mugs. The mugs are all right, aren't they?
Yeah, no, I do drink out of my Smashing Security mug.
Graham, Graham, what should I do if I don't like you?
If you don't like us, what you should do is... But if you do rate us on Apple Podcasts, it really does help new listeners discover the show.
And you can go to smashingsecurity.com to grab past episodes and for details on how to get in touch with us. So thank you very much for joining us, James Thomson.
And you can go to smashingsecurity.com to grab past episodes and for details on how to get in touch with us. So thank you very much for joining us, James Thomson.
My pleasure. Thank you for having me.
Carole Theriault, as always, you've been terrific.
I wish I could say the same, Graham Cluley.
Until next time, cheerio. Bye-bye. Bye.
My flatmate just come through the door.
I'm just going to say hello to Lena. Hello, how are you? Yeah, they just don't— yeah, could you just come here, Lena, and tell them that I'm not a spy? Oh yeah, they're accusing me.
We've never met Lena, so Lena is my wonderful Russian flatmate.
Russian?
Well, because I live in Vienna, apparently that's enough. That's enough. But so do you. So, I mean, yeah, yeah, exactly. Thank you. Yeah, it's a wonderful culture place, isn't it?
Yeah, it is very convenient. People of all nations, isn't it, meeting up and exchanging information in dead letter drops?
It's good. They're talking in my ear at the same time, so I'm sorry if I'm not making any sense. It's all right.
No, you go and chat with your flatmates. Yeah, it's fine.
Don't worry about us. No, no, don't worry.
I'm not going to get ripped off.
I'm not. Fine. Fine. Okay.
No whispering. I heard that, cruel.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
James Thomson (who’s too cool to be on Twitter)
Sponsor: MetaCompliance
People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Listeners can get a 10% discount off the high-quality CyberSecurity eLearning catalog by quoting the code SMASHING. Visit www.metacompliance.com now.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
This is the plot from A for Andromeda.
https://en.wikipedia.org/wiki/A_for_Andromeda
You may not believe this, but I actually tried to track down the music from "A for Andromeda" to accompany the piece… I decided in the end that something else worked better, but maybe I should have stayed with my first instinct.