Doctor Who’s TARDIS has sprung a data leak, Facebook’s creepy patents are unmasked, and an app to keep women safe on dates has surprising origins.
All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
What? For what purpose? Is that for advertising?
Yeah, no crap, it's for advertising.
You may need a funeral director's or something like that.
Yeah, I can just see this ad coming up on my feed going, you eat like crap, you don't exercise, you're going to drop dead in 5 years, so please go buy a casket.
Smashing Security, Episode 85. Ransomware, doxing, doxing, Facebook patents, and Bob's Burgers with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 85. My name is Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 85. My name is Graham Cluley.
I'm Carole Theriault.
We are joined by the wonderful and really rather popular— she seems to have her own fan club online— it's Maria Varmazis back on the show.
Hi.
Hello, Maria.
Hi.
I haven't paid any of these people, I promise.
Everyone's favorite moment.
There are more than one Maria? I just met a pony.
No, no, no, no, no, no.
You probably had a lot of that when you were a kid, right?
It has not stopped. I still hear it now. I shut that down real fast.
Yeah, so stop being so— stop being so fucking boring, Graham.
Yeah, stop being so predictable, Grape. Yeah. All right, gosh, well, I'll try not to be predictable now.
I'll just say, oh, let's pay the rent from the sponsors before we begin the show.
I'll just say, oh, let's pay the rent from the sponsors before we begin the show.
We get rent?
You get paid?
It's— shit, don't tell the guests that.
Hey Graham.
Hey Carole.
So you run your own business, right?
I do, yes.
I run my own business. Yes.
And how many different applications and services and software pieces do you need to buy or rent in order to run a business like ours in the technology space?
And how many different applications and services and software pieces do you need to buy or rent in order to run a business like ours in the technology space?
Scores, if not hundreds.
It would be physically impossible, would it not, to remember unique passwords for every single one of those apps?
Let alone your personal life and all the stuff you have there, all the chess and Doctor Who stuff you have.
Let alone your personal life and all the stuff you have there, all the chess and Doctor Who stuff you have.
Not completely impossible, because if your password was DoctorWho1 or Chess2, if you made, so you could have unique passwords.
They wouldn't be very good passwords though, would they?
They wouldn't be very good passwords though, would they?
Yeah. So you're recommending that people have crappy passwords or should they use a password manager like LastPass?
They should use a password manager like LastPass. I think all businesses have got to really, because otherwise your employees are going to choose sloppy, rubbish passwords.
And you're going to get lazy yourself and use the same password for different accounts.
Horrendous. So you want central control of everyone inside your business and how they're using passwords and properly manage it.
Check out lastpass.com/smashing.
I don't think you need to say forward slash. Anyone who's listening to this knows which way the slash goes.
You're probably right. Hey, Graham.
Hey, Carole.
Okay, quiz time, quiz time. All right. What percentage of data breaches originate from email?
7 out of 10.
It's a pretty good guess, but you're way wrong. 96%. Oh, bloody.
And one of the big things that companies have to worry about is phishing scams, because that's the kind of way that hackers and other baddies break into your company.
And one of the big things that companies have to worry about is phishing scams, because that's the kind of way that hackers and other baddies break into your company.
So that's how they get your passwords, I guess.
That's how they get your passwords. So MetaCompliance make it easier to train and prepare your whole environment to stop these kind of attacks.
They have information on phishing and cybersecurity and policy and privacy and incident management.
There's all kinds of training out there, and our listeners can get 10% off by quoting the code SMASHING.
They have information on phishing and cybersecurity and policy and privacy and incident management.
There's all kinds of training out there, and our listeners can get 10% off by quoting the code SMASHING.
Ooh. So all you've got to do is visit metacompliance.com, quote the code SMASHING, and save yourself a fortune and protect your business.
That's all you gotta do.
Well, let's get on with the show because hot breaking news from something close to my heart, the BBC. Is on the hunt for the Doctor Who leaker.
Oh, jeez, I've been fucked. We're doing Doctor Who again?
No, there is a security angle, and a very important one, Carole, because last week a clip of the brand new upcoming series of Doctor Who leaked out onto the internet.
And, oh wow, show-stopping news. Was it really a big deal?
Well, no, it was actually, it was actually a pretty big deal. Yes.
Tell us about the clip. Tell us what the clip showed. Tell us what secrets it revealed.
It was only about 50 seconds long, but fanboys and fangirls were squealing in excitement over their first—
Say that again. Squealing. It sounded like squealing.
No, that—
Yes, that is the correct word. Yes.
Really?
Yes.
Yes.
Yeah. Oh, you don't speak geek at all.
No, no, because I'm not really one.
No Doctor Who fans were squealing over their first sight of the brand new Doctor, Jodie Whittaker, who of course is the first female Doctor Who. Very, very thrilling indeed.
And so there was a short clip of her, presumably from episode 1, with potential new companions.
And so there was a short clip of her, presumably from episode 1, with potential new companions.
Did people know? Did people know that she was coming on?
Yes.
Oh, okay. So it wasn't a surprise that it was her.
This was a big deal when it was announced, what, a year ago?
Yeah, it was announced during Wimbledon last year. The Wimbledon final.
Maria, don't side with him all the time.
It was. He was on at Christmas. It's big flipping news in the world.
We talked about this.
Maria, the first female Doctor Who. Imagine if James Bond became J. Well, I don't know. Jenny Bond or something like that. Yes.
I just want you to know. I just want you to know it's a bit like the Peanuts cartoon, right? And I'm one of the kids. And what you sound like Graham to me is.
So I'm just going to wait for appropriate moments and go, oh, All right, okay, carry on.
So I'm just going to wait for appropriate moments and go, oh, All right, okay, carry on.
Let me explain what the big deal is here, because this new series, this upcoming season of Doctor Who, has had tighter security than ever before.
There's a new showrunner, virtually no details have emerged about what is going to be happening when the show launches.
We know that we've got a new Doctor, we know we've got some new companions, but we don't know who the writers are, we don't know who the guest actors are, we don't know where it's being set, we don't know who the monsters are.
There's a new showrunner, virtually no details have emerged about what is going to be happening when the show launches.
We know that we've got a new Doctor, we know we've got some new companions, but we don't know who the writers are, we don't know who the guest actors are, we don't know where it's being set, we don't know who the monsters are.
Go ahead, hold back your glee.
Well, it is pretty exciting, so there is feverish anticipation, and then this clip emerged and it was being posted on social media.
Now the BBC is going to court in the United States to try and track down who leaked the clip, because their belief, of course, is that it has to be someone on the inside who got hold of this.
Now the BBC is going to court in the United States to try and track down who leaked the clip, because their belief, of course, is that it has to be someone on the inside who got hold of this.
National hero.
Well, I must say, I couldn't resist. As soon as I saw it was there, I had to go and get it and watch it.
Are you telling me my BBC dollars are going to lawyers who are investigating who leaked this information?
Well, in a way, I think it's justified what the BBC are doing, right?
Because they obviously put a lot of money behind the marketing of TV shows and they don't want the newspapers and they don't want these sort of things leaking out early.
Because they obviously put a lot of money behind the marketing of TV shows and they don't want the newspapers and they don't want these sort of things leaking out early.
Do you really believe that?
I know, because I'm rolling my eyes here.
This is like everybody leaks this stuff and it's always done on purpose. And this is just their Streisanding their own story at this point to get people going, yeah, they leaked it.
They totally did it on purpose.
They totally did it on purpose.
No, no, I don't believe that. I really don't believe that. I think the way they've been approaching this series is entirely different.
Whereas we have had leaks the past, some of which appear to have been intentional. But there was a huge leak back in 2014, Peter Capaldi's first series as Doctor Who.
Whereas we have had leaks the past, some of which appear to have been intentional. But there was a huge leak back in 2014, Peter Capaldi's first series as Doctor Who.
That's right, I remember that.
Eight episodes leaked onto the internet because basically what had happened was there'd been a security breach.
They'd been left on an open internet server because someone was adding subtitles to them. They were in black and white. The CGI was rubbish. Did that stop me watching them?
No, of course it didn't.
They'd been left on an open internet server because someone was adding subtitles to them. They were in black and white. The CGI was rubbish. Did that stop me watching them?
No, of course it didn't.
That's devotion.
But it's big money and it's a big deal. It's one of the UK's top TV shows.
And it's a bit like the most popular kid on the BBC block crying foul because people are so excited about watching their show, they're leaking 50 seconds of nothing and people are getting all excited.
No, sorry, if they've spent millions producing a new series of Doctor Who, I can get their point of view.
If they've spent millions doing that, trying to make it as good as possible, trying to make it as much of a big deal to help all the merchandisers and the rest of it, they don't want stuff dribbling out without their approval, do they?
Because it may not show the show in a good light. And frankly, the clip which did come out wasn't terribly exciting.
If they've spent millions doing that, trying to make it as good as possible, trying to make it as much of a big deal to help all the merchandisers and the rest of it, they don't want stuff dribbling out without their approval, do they?
Because it may not show the show in a good light. And frankly, the clip which did come out wasn't terribly exciting.
But that's my point. It's not like it ruined any show unless the show is so boring.
But if there's someone on the inside who is leaking, aren't they right to want to plug that leak to prevent it?
Have they talked to Donald Trump and figured out how to get internal leaks top-down? Because I think he'd be very interested.
Anyway, they have got an attorney working on it, and I believe what they're asking for is information from a company called Tapatalk, which is a company which provides an app for— I think it's accessing message boards from your mobile phone.
It makes it easier. So they're hoping to identify who might have been behind this. But of course, this isn't the only leak.
Obviously, this is the main leak which has happened in the entire year, but there are other leaking stories.
We saw Reality Winner, who pleaded guilty Reality Winner was the US government contractor who leaked top secret documents about Russian hacking associated with the US election.
And she was exposed.
It makes it easier. So they're hoping to identify who might have been behind this. But of course, this isn't the only leak.
Obviously, this is the main leak which has happened in the entire year, but there are other leaking stories.
We saw Reality Winner, who pleaded guilty Reality Winner was the US government contractor who leaked top secret documents about Russian hacking associated with the US election.
And she was exposed.
It's kind of a different scale though, don't you think? Well, I can't wait to hear this. Go ahead. You've set yourself up beautifully.
Go, go, go.
Well, arguably, which one's more important?
Do you think, Maria? Really? Graham?
I don't know, Carole. I don't know. I mean, it's— oh, Mike, there's a lot of interest. Volcano was exposed by microdots on printouts.
Many people may not realise that when you print something out, it puts these little invisible little sort of yellow dots which you can't see on the printouts, but law enforcement can spot them.
Many people may not realise that when you print something out, it puts these little invisible little sort of yellow dots which you can't see on the printouts, but law enforcement can spot them.
I've watched Forensic Files, I know.
Okay, okay.
Well, she's an expert.
I wonder whether a paranoid BBC, which doesn't want information leaking as well, I wonder if they could be embedding something into their digital copies, whether there'd be something in the image there which might reveal clues as to where it may have originated as well.
It's interesting to consider.
The bad timing, of course, for Reality Winner was just last month we saw some German researchers publish their findings on how you can get round the printout tracking dots and how they can be obfuscated to hide your tracks.
So if you are planning to leak anything, maybe you want to read up about that.
But right now, I suspect Doctor Who could be a little bit unhappy about what's been going on with the leaks and things.
It's interesting to consider.
The bad timing, of course, for Reality Winner was just last month we saw some German researchers publish their findings on how you can get round the printout tracking dots and how they can be obfuscated to hide your tracks.
So if you are planning to leak anything, maybe you want to read up about that.
But right now, I suspect Doctor Who could be a little bit unhappy about what's been going on with the leaks and things.
I doubt it.
You don't think so?
I doubt it. I think they're super thrilled that people are this psyched about it.
Because there was so much stupidity when they told the world that there was going to be a female Doctor. And I'm just going to say—
Because there was so much stupidity when they told the world that there was going to be a female Doctor. And I'm just going to say—
I think they're waiting for San Diego Comic-Con, aren't they? And then they're going to start revealing the clips.
But they will want to release a trailer which they've chosen rather than some little gutter snipe who's been pinching copies off a USB. There I am slagging them off.
Of course, I've been— Yeah, you watch. I've been watching this stuff. Of course I have. Of course I have.
But they will want to release a trailer which they've chosen rather than some little gutter snipe who's been pinching copies off a USB. There I am slagging them off.
Of course, I've been— Yeah, you watch. I've been watching this stuff. Of course I have. Of course I have.
Well, you and every other hardcore fan. That's how it is.
So, you know, please let's have a little bit of sympathy. All right.
Nope.
Carole, you sound so bored.
No, no.
Hey, you know, you guys go for it.
Sounds exciting.
Maria, what is your story for us this week?
Actually, I'm going to talk about Facebook. And a cold silence descended upon them both.
What have they done now?
So the most wonderful, venerable paper of record, the New York Times, did a little digging recently in the US Patent Office and found that our wonderful, lovely friends at Facebook have filed quite a few new patents in the past few years.
Yeah.
Yeah.
Yeah.
So this is not an uncommon thing. And it's important to note that a patent doesn't guarantee that this is what a company is going to do or they're even going to use this tech.
They're basically just protecting themselves from other people doing it.
But it's an interesting little behind-the-curtain peek at what Facebook thinks is an interesting priority or where tech might be heading in general. And they're trying to get ahead.
They're basically just protecting themselves from other people doing it.
But it's an interesting little behind-the-curtain peek at what Facebook thinks is an interesting priority or where tech might be heading in general. And they're trying to get ahead.
Because I could patent a hoverboard, for instance. You know, I could say, I think it'd be really nice to have a hoverboard.
A functional one?
A functional one.
Like one that actually hovers and not like a skateboard with wheels that people are calling hoverboard.
I would have a skateboard which doesn't have wheels and, you know, I'd patent that. And then eventually someone will invent one. I'll say, I'm sorry, I had that idea before you.
So it's not necessarily that Facebook are planning to do these things.
They've just come up with some, what, evil schemes or something, which maybe some other technology wizard might be able to exploit.
So it's not necessarily that Facebook are planning to do these things.
They've just come up with some, what, evil schemes or something, which maybe some other technology wizard might be able to exploit.
Yeah, and actually, when I was looking through this list that the New York Times put together, I actually thought Facebook was already doing a whole bunch of these things, to be honest.
So let's take a look at what they found, and we can just go through some of these. I'm drastically paraphrasing them.
So one of them is to classify a user's personality based on what they publicly post and send as messages in order to serve more targeted stories and ads.
To me, that's one of them that I really thought they were already doing.
So let's take a look at what they found, and we can just go through some of these. I'm drastically paraphrasing them.
So one of them is to classify a user's personality based on what they publicly post and send as messages in order to serve more targeted stories and ads.
To me, that's one of them that I really thought they were already doing.
Yeah. What's that called? Customer profiling, isn't it?
Yeah. I thought that they were already doing that one. So maybe they are. I don't know.
Another one is a patent to figure out who our closest friends are by tracking our phone's location relative to other phone locations, presumably your friends.
So again, I thought they were already doing this and that's one of the reasons I don't have the Facebook app on my phone.
Another one is a patent to figure out who our closest friends are by tracking our phone's location relative to other phone locations, presumably your friends.
So again, I thought they were already doing this and that's one of the reasons I don't have the Facebook app on my phone.
Yeah.
That's a bit spooky though.
I figured they'd do that.
I hate all that stuff.
Oh, we're just scratching the surface. Okay.
Another patent aims to uniquely identify cameras based on the flaws that Facebook's AI can discern, like a scratch on the camera glass or a bad pixel.
Another patent aims to uniquely identify cameras based on the flaws that Facebook's AI can discern, like a scratch on the camera glass or a bad pixel.
No. Yeah.
So it can identify if it's the same camera taking different photos and it can kind of piece together your camera's profile.
And again, I think given the sheer number of photos that people upload to Facebook, this again, I kind of figured that they're already doing this or it's just a quick matter of time until they are.
And again, I think given the sheer number of photos that people upload to Facebook, this again, I kind of figured that they're already doing this or it's just a quick matter of time until they are.
So if I had photographed a Doctor Who script which had come into my possession. It's possible Mark Zuckerberg could identify that it was me who had leaked it or something like that.
That's quite—
That's quite—
Because of some microscopic damage on your screen, on your little lens.
I am kind of impressed by them coming up with that idea, but it's—
They're not just a bunch of dodos working at Facebook. I don't think we'd be in this situation if they were.
For surveillance purposes, for really nefarious stuff.
Imagine that in the hands of, I don't know, a government That's now I'm getting my tinfoil hat on, but you know, that's not something I want everyone to know.
Imagine that in the hands of, I don't know, a government That's now I'm getting my tinfoil hat on, but you know, that's not something I want everyone to know.
I don't take mine off anymore.
I just leave it.
No, it's tightly on. I just, I duct taped it to my head. So anyway, so these are the relatively harmless ones. So other patents go quite a bit further than this.
And frankly, a lot of these push the boundaries on not only what I'm comfortable with Facebook potentially knowing, but what I'm comfortable knowing about myself.
So one of them, again, I'm going to go from easy to crazy stuff.
One of them is a patent to listen in on the TV shows we're watching at all times and to discern whether or not we listen to the ads that are served to us.
Joke's on them, I'm a cord cutter, so there are no ads.
And frankly, a lot of these push the boundaries on not only what I'm comfortable with Facebook potentially knowing, but what I'm comfortable knowing about myself.
So one of them, again, I'm going to go from easy to crazy stuff.
One of them is a patent to listen in on the TV shows we're watching at all times and to discern whether or not we listen to the ads that are served to us.
Joke's on them, I'm a cord cutter, so there are no ads.
Yeah. You know what? I read that this morning. It's unbelievable. I find that just an unbelievable invasion of privacy. What's it called? It's called passively listening or something.
There's a word for it.
There's a word for it.
Yeah, what does Facebook need to know about my TV watching habits? Why is that something they really want to know? I mean, I know why.
They're greedy.
I mean, yeah, well, yeah.
Another one is a patent to track our daily routines, including where we are and when and how often we go there, and potentially notifying someone else if we deviate too far from that normal routine.
And I shudder to think what that would mean in the hands of a controlling or abusive domestic partner, for one thing, which is getting really dark, kind of a Black Mirror episode thing.
I feel like I do these a lot.
Another one is a patent to track our daily routines, including where we are and when and how often we go there, and potentially notifying someone else if we deviate too far from that normal routine.
And I shudder to think what that would mean in the hands of a controlling or abusive domestic partner, for one thing, which is getting really dark, kind of a Black Mirror episode thing.
I feel like I do these a lot.
I guess that could be handy if you felt you were at risk of being kidnapped or abducted by aliens or something like that. You know, you could—
Honestly, I can imagine Facebook saying, do this to your kid.
Not that I would want to do that, but I could see them saying, hey parents, if you want to know if your wayward child is going off, I could just see that as the next step to how people have GPS for their kids.
And you know, your kid's doing something they shouldn't be doing, get a text message about it.
And my absolute least favorite is a patent that the New York Times says, quote, uses your posts and messages in addition to your credit card transactions and location to predict when a major life event such as a birth, graduation, or death is likely to occur.
What?
Not that I would want to do that, but I could see them saying, hey parents, if you want to know if your wayward child is going off, I could just see that as the next step to how people have GPS for their kids.
And you know, your kid's doing something they shouldn't be doing, get a text message about it.
And my absolute least favorite is a patent that the New York Times says, quote, uses your posts and messages in addition to your credit card transactions and location to predict when a major life event such as a birth, graduation, or death is likely to occur.
What?
For what purpose? Is that for advertising? Oh, you—
Yeah, no crap, it's for advertising.
You may need a funeral director or something like that.
Yeah, maybe it's for insurance or something. Maybe.
Yeah, I can just see this app coming up on my feed going, you eat crap, you don't exercise, you're gonna drop dead in 5 years, so please go buy a casket.
I can see that.
I can see this is gonna happen. Of course it's for advertisers. Yeah, I'm noticing a pattern with many of the segments I do on this podcast.
They're, the internet is bad and you should feel bad. And this is another one.
They're, the internet is bad and you should feel bad. And this is another one.
It's kind of what we always do.
Yeah, we're thinking of actually renaming the entire show to that.
The internet is bad and you should feel bad.
But that's what we have Pick of the Week later, right?
Oh yeah, that's always very jolly. Very jolly.
Yeah, bad cop, good cop.
So okay, we agree that this all sounds kind of creepy, but sometimes we say stuff that is creepy on this podcast and a lot of other people go, you know what, I'm okay with it because it gives me some sort of benefit, or I'm already doing this stuff, so I'm cool with it.
So I'm curious that, say, even a few of these patents become reality, maybe just one of them. Are people actually going to be comfortable with this?
This whole thing is this boiling frog situation. And I just wonder how much people are going to continue to say this is fine until people say, no, it's no longer okay.
So I'm curious that, say, even a few of these patents become reality, maybe just one of them. Are people actually going to be comfortable with this?
This whole thing is this boiling frog situation. And I just wonder how much people are going to continue to say this is fine until people say, no, it's no longer okay.
I just wonder if they are spending as much effort filing patents to deal with trolls and fake news and Russian bots and things like that, and things which aren't actually of any benefit to them in terms of advertising.
Yeah, yeah, yeah, yeah, wouldn't that be nice?
Yeah, high five!
Great, yeah, high five!
Carole, what is your story for us this week? Make it a good one because Maria's had a good story and I have to say, my story was fantastic last week. So what have you got for us?
I don't think you always have to make it competitive, Graham. It's gonna be collaborative. This has happened a lot last episode.
You're always saying, is yours good enough to match up? I think I'm pretty good normally.
You're always saying, is yours good enough to match up? I think I'm pretty good normally.
Feeling threatened?
I have a question for Maria, actually. So why don't you butt out?
Okay.
Maria, do you know the name Emma Sayle? Does that ring any bells? Because I'm pretty sure Graham is very much aware of her work.
She describes herself on her website as CEO, wife, mother, liberator, and feminist.
She describes herself on her website as CEO, wife, mother, liberator, and feminist.
Is this someone I should know? And I'm feeling really embarrassed.
She's buds with Kate Middleton.
Oh, I've heard of her.
I'm familiar with that name.
And she's also one of the UK's leading sex entrepreneurs.
Oh, okay. Cool.
Hello.
That's why I was—
I was waiting for Graham to go, yeah, of course, of course. Yeah, yeah, yeah.
I was like, anyone who calls themselves a liberator, that's pretty cool. So, all right.
Yeah, so she, Emma Sayle, is the founder of Killing Kittens. A company name that I do not approve of in any way, shape, or form.
Is this a reference to every time you blanky blanky blank, God kills a kitten?
I don't know.
That is a reference to an old meme from the—
Yes, do something, otherwise the kitten gets it, right?
Basically, right? Okay, okay. Well, it's also known as— and I gotta make sure I don't stutter here— KK.
Wait, just two, right?
Just two.
I'm American. It's a sensitive thing right now.
Okay, it is described as an exciting, erotically charged world.
The KKK is an erotically charged word. Carry on, carry on.
Quote, joining KK opens you up to liberation you have previously only dreamed about.
Okay, liberation in this context.
Okay, basically you pay a fee to become an elite global adult party person.
What does any of this mean? What does it mean?
Are they co-sponsoring the podcast? Like, what's going on?
No, I'm trying to stay away from— basically, it's a sex club.
Yeah.
Oh, okay, okay. She runs— a friend of Kate Middleton's runs a sex club is what you're telling us.
She rode with Kate Middleton in university or something, or in school, so who cares?
I probably was on the subway at the same time as her one time, so I'm gonna put that in my profile.
Anywho, exactly, exactly. But of course, the Daily Mail and other papers like that made a huge deal about it.
So basically she runs this kind of adult party brand and they have special events. They claim to have 80,000 members.
And according to The Telegraph, Killing Kittens brand also sells adult toys and organizes events like kidnap role-play experiences for £3,500, so about $4,500.
Now, earlier this month, Emma launched a sister brand called Curious Kittens. Also under KK, but this is a milder version.
This has mindful, you know, conferences and chats and more like, I think it's gentler.
So basically she runs this kind of adult party brand and they have special events. They claim to have 80,000 members.
And according to The Telegraph, Killing Kittens brand also sells adult toys and organizes events like kidnap role-play experiences for £3,500, so about $4,500.
Now, earlier this month, Emma launched a sister brand called Curious Kittens. Also under KK, but this is a milder version.
This has mindful, you know, conferences and chats and more like, I think it's gentler.
We're definitely doing Smashing Security after dark now. This is the one.
I'm actually getting to the point.
I have no idea what is going on at all.
I mean, either—
I'm enjoying the ride. I mean, why not?
But okay, well, you know, I had to hook you all in somehow. So she's now also launching a new mobile app called Safe Date, and this is what I wanted to talk to you about.
So basically, this app, Safe Date, gives a person an easy way to share their dating plans with friends and alert them if something goes wrong. So I get that, right?
I did that as a kid. Well, kid, as a teen, as I was going on a date, I might say to my flatmate, hey Tara, I'm going out with, you know, Joe. We're gonna be at the Burger King.
So basically, this app, Safe Date, gives a person an easy way to share their dating plans with friends and alert them if something goes wrong. So I get that, right?
I did that as a kid. Well, kid, as a teen, as I was going on a date, I might say to my flatmate, hey Tara, I'm going out with, you know, Joe. We're gonna be at the Burger King.
Nice, nice.
That sounds like a rollicking good date.
I was a poor student. Anyway, this is how the app works, okay? So you add your date plans into the app. Let's say, Graham, you're going on a date, right?
And you say, Maria— and Maria, I really trust you, okay? I'm gonna make you my safe mate, and I'm gonna set on my app a safe time to check in after the date finishes.
So say you expect to go on your date until 11 o'clock, and you say, 12 o'clock, I'm gonna check in.
And you say, Maria— and Maria, I really trust you, okay? I'm gonna make you my safe mate, and I'm gonna set on my app a safe time to check in after the date finishes.
So say you expect to go on your date until 11 o'clock, and you say, 12 o'clock, I'm gonna check in.
Okay.
And if you don't check in by the time you've set, it will alert your SafeMate, aka Maria.
Okay, so she will get a message saying that I haven't checked in and maybe I've come to harm or been abducted or something.
Yeah, and provide information. So she'll get information about your date.
Right.
And then she can decide what to do with that information.
Okay, so the cool thing about this is I don't have to tell Maria I'm going on a date. She doesn't even know that I'm going on a date until it goes horribly wrong in some fashion.
So I don't have to brief her in advance. I don't have to—
So I don't have to brief her in advance. I don't have to—
I don't need to know the gory details of your sex life. I do appreciate that.
Right. Okay. I can see how that would be perhaps good.
I've known of apps that do something similar where it's, actually I remember hearing about one where you need to maintain finger contact with the screen at all times, and if at one point you lift your finger for more than 30 seconds, I think it automatically calls your emergency contact.
Whoa.
I've never heard of that one.
Yeah, I remember hearing about that. It was targeted at young women who were walking alone at night kind of thing. So in case they got mugged or something.
I mean, I've heard of stuff like this. I cannot remember the name of it.
I mean, I've heard of stuff like this. I cannot remember the name of it.
This app similarly is also targeted at women, although of course anyone could use it, but that's the idea, is to try and keep women safe.
And Emma Sale, she's into all this stuff, and that's great. I love all that. But there's a few things to think about here.
Okay, so according to Wired, the app lets you complete a profile page for the person you're meeting, including their phone number, email, any social profiles you might know, information where you first met them.
So the issue I've got here is that you're entering info about a person who hasn't necessarily given them consent.
They may not even know you're doing this, and you're putting this into a third-party app, right? Now let's say, give me examples.
Let's say Tina is gaga about her sexually charged date with Italian stallion Jimmy Pesto.
And Emma Sale, she's into all this stuff, and that's great. I love all that. But there's a few things to think about here.
Okay, so according to Wired, the app lets you complete a profile page for the person you're meeting, including their phone number, email, any social profiles you might know, information where you first met them.
So the issue I've got here is that you're entering info about a person who hasn't necessarily given them consent.
They may not even know you're doing this, and you're putting this into a third-party app, right? Now let's say, give me examples.
Let's say Tina is gaga about her sexually charged date with Italian stallion Jimmy Pesto.
Jimmy Pesto? You've been watching Bob's Burgers.
Oh yes, yeah, she forgets to check in, right?
Her phone—
Her phone's on silent. And then her safe mates Tina and Jean freak out.
You've definitely been watching Bob's Burgers and end up calling the cops.
So also, at the time of recording, this app is not out in the Apple or Google stores yet, okay?
But there are kind of Ts and Cs on the Safe Date website that— and I'm not a lawyer, but basically according to my reading they say they are liable for nada, including information being incorrect and everything's at your own risk.
Of course. Interestingly, inside the T&Cs, it says, check out our privacy policy in our terms, but there's nowhere in the terms that anything about privacy.
So that may come at the time of launch, but right now it just seems to loop into nothing.
But there are kind of Ts and Cs on the Safe Date website that— and I'm not a lawyer, but basically according to my reading they say they are liable for nada, including information being incorrect and everything's at your own risk.
Of course. Interestingly, inside the T&Cs, it says, check out our privacy policy in our terms, but there's nowhere in the terms that anything about privacy.
So that may come at the time of launch, but right now it just seems to loop into nothing.
So, Carole, in summary, if you were going on a date, would you use an app like this? I know it's been a long time.
Well, it's not been that long. I go on dates with my husband regularly.
Well, you go on dates. You're not going to fill in the form if you're going on a date with your husband, surely.
Can I suggest you get out of that marriage if you suspect you might come to harm with your husband?
Can I suggest you get out of that marriage if you suspect you might come to harm with your husband?
We need to intervene here.
Okay, so this is what I would say.
I would say, just as with any brand new app, do your research first and think about the information that you're going to put in before you put in the information about you and other sensitive info.
Because you got to think about things like what data is it taking from you? Like, is it taking your location? Yes, in this case it is. Personal info? Yes, in this case it is.
You know, there's a lot of information it's taking. And what are they doing with the data that you're entering? Are they sharing it with third parties?
Are they using it to improve their services? All of the above? None of the above? And what security do they have in place? Is the passwords hashed? Do they encrypt the information?
I don't even know how they can do this with GDPR, actually.
I would say, just as with any brand new app, do your research first and think about the information that you're going to put in before you put in the information about you and other sensitive info.
Because you got to think about things like what data is it taking from you? Like, is it taking your location? Yes, in this case it is. Personal info? Yes, in this case it is.
You know, there's a lot of information it's taking. And what are they doing with the data that you're entering? Are they sharing it with third parties?
Are they using it to improve their services? All of the above? None of the above? And what security do they have in place? Is the passwords hashed? Do they encrypt the information?
I don't even know how they can do this with GDPR, actually.
You've become so cynical and paranoid, haven't you? They're trying to do something wonderful with this app. They're trying to protect young people when they go out on dates from—
Yes, you know what?
I think Emma Sale is doing that, but I suspect she's not the one who coded the app.
And I suspect we don't necessarily know what's in the app, and we need to read the privacy terms and conditions in order for you to make an educated decision as to whether you want to put your information there or not.
And I suspect we don't necessarily know what's in the app, and we need to read the privacy terms and conditions in order for you to make an educated decision as to whether you want to put your information there or not.
Told me. Boom.
This is not the only dating-related app I've heard of where that is a concern. I've heard of other situations where people leave reviews. I think we've covered one.
Is it the one where people leave reviews on the person they've dated?
And they, like, different people can weigh in on whether this person was like a good date or not.
And that's vile, isn't it, that kind of thing?
Yeah, I find these kinds of apps very cynical, actually, and that whole— in the whole industry about that. But that's all— that's a whole other discussion.
But the dating world has changed dramatically since I have dipped my toe into it. So, Graham, you're quite right. No, I like the idea of the app. I agree, right?
And I kind of like Emma Sale. She's certainly, you know, more saucy than your average lady.
And I kind of like Emma Sale. She's certainly, you know, more saucy than your average lady.
Whoa, whoa, whoa, whoa, whoa, whoa.
She makes me blush a little.
You're prepared to get into bed with this woman who is running these sex parties and things like that? That's very interesting, Carole.
You trust her so much, do you need to have a little moment?
You trust her so much, do you need to have a little moment?
A man moment?
No, I don't. I don't want to be here for this.
I'll go mute. Hang on.
I still don't want to be here for this. Oh, yeah, like I do.
I do not consent.
This is not okay.
Okay, I'm back. Now, is that better?
That was alarmingly fast.
I've been practicing.
Hey, Graham.
Hey, Carole.
Did you register with MetaCompliance yet and use our discount code so that you could get some training on cybersecurity?
Oh, for goodness sake. I've been doing a podcast. I haven't had a chance to register on their website. I promise to do it as soon as this podcast is over. All right.
Okay, then.
What do I have to do again?
Geez, Graham. You have to go to MetaCompliance.com and quote the code Smashing Security.
And that'll save me 10%.
I hope you wrote it down. Wait, wait, one more thing.
LastPass has this automated password generator, so no more do you have to sit there and dream up silly long passwords that mean nothing to you.
You can just press a button and presto, you've got a 25-character, 50-character password that's impossible to guess.
LastPass has this automated password generator, so no more do you have to sit there and dream up silly long passwords that mean nothing to you.
You can just press a button and presto, you've got a 25-character, 50-character password that's impossible to guess.
Will it put all kinds of crazy characters in?
You can choose to put them in or not, depending on the website, because some websites don't let you do the crazy characters, do they?
Blinking websites which don't allow you to have decent passwords.
Ah, grumble, grumble. Check out lastpass.com/smashing.
I'm glad you said slash that time.
You're welcome.
And welcome back to our favorite part of the show, the part of the show that we call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security-related necessarily.
Shouldn't be. Shouldn't be.
And my pick of the week this week is not security-related at all, but it is.
It better not be Doctor Who related either, just saying right now.
It's gonna be Doctor Who. It's gonna be. Go watch that clip.
My pick is going to allow you to travel in space because it is a website called geoguessr.com.
Yes, I love that thing.
Now let me just spell that for you: G-E-O-G-U-E-S-S-R. So it's guesser without the final E.
And if you go to geoguessr.com, it makes use of Google Earth and it plants you anywhere in the world.
And you're going, you're having your little walk around, it's like Street View, you're walking around and the game is to work out where in the world you are.
And when you think you've worked it out, you press a button and you choose your location on the globe and it tells you how many miles out you are, whether you're in the same country, whether you're even on the same continent.
And I have to say, it's an awful lot of fun.
What I try and do is I try and go down the road and I'm exploring the local countryside and I'm looking at signs and I'm looking at the people or the workmen who are working on the side of the street and I think, oh yeah, they look a little bit like—
And if you go to geoguessr.com, it makes use of Google Earth and it plants you anywhere in the world.
And you're going, you're having your little walk around, it's like Street View, you're walking around and the game is to work out where in the world you are.
And when you think you've worked it out, you press a button and you choose your location on the globe and it tells you how many miles out you are, whether you're in the same country, whether you're even on the same continent.
And I have to say, it's an awful lot of fun.
What I try and do is I try and go down the road and I'm exploring the local countryside and I'm looking at signs and I'm looking at the people or the workmen who are working on the side of the street and I think, oh yeah, they look a little bit like—
Oh, that's cool.
I saw some signs in Spanish and then I'm thinking, well, is it Spain? Is it South America?
And I look at the plants. I'm a plant person, so I look at all the different plants around and I go, what's native? What kind of area is that native to?
That's been my method, but you have to really like plants.
That's been my method, but you have to really like plants.
You're a very impressive woman, Maria. I don't know if I've told you that before.
I didn't say I was good at the game. But it's like, I've actually— I've known about this for a little bit, and it's one— it's a nice time waster on Alien.
I really like it, especially if you like plants.
I really like it, especially if you like plants.
There you go. Well, that is my GeoGuessr, is my pick of the week.
That was a good one.
I think it's actually great. It's a great—
Now I feel like shit because mine's not very good.
Oh, well, give us— give her stress, Graham. Give her stress about how yours was so brilliant.
No, no, I'm not mean to our guests, particularly the popular ones like Maria. What have you got for us?
I have another app that has come in handy for me that other people might find handy.
It's called Playground Buddy and helps you find playgrounds all over the world if you are with a child, whether it's your child or not, who really needs to burn off some energy.
And it helps you find a playground in the vicinity of where you are or where you're traveling to, because it's not always obvious where these places are hiding out.
And it has saved my bacon a few times, and I'm going to be doing. And there's also a Dog Park Buddy app, for the record.
So if you're a pet parent who needs to do something similar for your dog, that also exists.
And this Playground Buddy is, I believe, it's a volunteer effort by some very brilliant folks in Vancouver. Other people around the world contribute the info.
It's called Playground Buddy and helps you find playgrounds all over the world if you are with a child, whether it's your child or not, who really needs to burn off some energy.
And it helps you find a playground in the vicinity of where you are or where you're traveling to, because it's not always obvious where these places are hiding out.
And it has saved my bacon a few times, and I'm going to be doing. And there's also a Dog Park Buddy app, for the record.
So if you're a pet parent who needs to do something similar for your dog, that also exists.
And this Playground Buddy is, I believe, it's a volunteer effort by some very brilliant folks in Vancouver. Other people around the world contribute the info.
So this is a crowdsourced—
Yeah, crowdsourced thing. And I'm gonna be doing some traveling later this year with my kid, and I already have scouted out the playgrounds in the vicinity where I'm going.
Are you coming anywhere near Is Japan near you?
Are you coming anywhere near Is Japan near you?
No, but that's a cool trip.
Yeah, I love that.
That's a great pick of the week.
I think it's a very good one.
Oh, well, thank you.
Carole, what's your pick of the week?
So I like cartoons like Rik and Morty and Family Guy and Bob's Burgers. Yes, well done for spotting it. It wasn't very hard. No, exactly.
I just wanted to know if you were in the family, and you definitely, definitely are. So it's just beautifully written and drawn, and I freaking love it.
And Graham, you probably have never watched it. So basically, the premise of the show is that Bob owns a burger joint somewhere on the East Coast, and he makes a burger of the day.
And as a viewer, you only know about the burger of the day if the shot glances across the board behind the cash register that gives you the name.
And the burgers that he will do would be names like Don't Go Brocking My Heart Burger, brackets with broccoli and artichoke hearts, right?
That was in season 3, episode 11, Nude Beach. Or there's Texas Chainsaw Massacurred Burger, comes with cheese curds.
I just wanted to know if you were in the family, and you definitely, definitely are. So it's just beautifully written and drawn, and I freaking love it.
And Graham, you probably have never watched it. So basically, the premise of the show is that Bob owns a burger joint somewhere on the East Coast, and he makes a burger of the day.
And as a viewer, you only know about the burger of the day if the shot glances across the board behind the cash register that gives you the name.
And the burgers that he will do would be names like Don't Go Brocking My Heart Burger, brackets with broccoli and artichoke hearts, right?
That was in season 3, episode 11, Nude Beach. Or there's Texas Chainsaw Massacurred Burger, comes with cheese curds.
Oh, clever.
Season 5, episode 2, Tina and the Real Ghost. Okay, then one more, one more. Sergeant Poblano Pepper Lonely Artichoke Hearts Club Burger. That's a hard one to say.
It comes with artichokes and poblano peppers.
It comes with artichokes and poblano peppers.
Oh, oh boy. Right?
So anyway, my pick of the week is that now recipe kit company Blue Apron have partnered with Bob's Burgers.
Didn't know this.
So people can get the ingredients delivered to their door and can make homemade Bob's Burgers like Poutine on the Ritz burger, comes with poutine fries. Episode 2.
Oh, I thought you're gonna say Vladimir Putin.
No, poutine. Poutine. You have to just say it right. Yeah, okay, maybe that's better. Yeah, you get a big slab of poutine on it, some Russian dressing.
Poutine on Ritz.
On that bombshell, we have just about wrapped it up for this episode. Thank you very much, Maria.
Maria, if people wish to follow you online, increase your fan case, how should they do that?
Maria, if people wish to follow you online, increase your fan case, how should they do that?
Find me on Twitter. It's M-V-A-R-M-A-Z-I-S, @mvarmazis.
Super easy. Super easy.
Easy as is, as is following us on Twitter @smashingsecurity. There's no G. Twitter wouldn't allow us to have a G.
You can purchase t-shirts and stickers and all kinds of other tat at our online store at smashingsecurity.com/store. And, well, there's nothing much more to say.
If you like the show, why not leave us a review or a rating up on iTunes or Apple Podcasts. That'd be fantastic if you could do that.
You can purchase t-shirts and stickers and all kinds of other tat at our online store at smashingsecurity.com/store. And, well, there's nothing much more to say.
If you like the show, why not leave us a review or a rating up on iTunes or Apple Podcasts. That'd be fantastic if you could do that.
Tell them I'm your favorite guest.
They will, they will.
They will, they will. Oh God. Until next time.
Cheerio.
Bye-bye.
Toodles. Hey Maria, speaking of that, we met some of your biggest fans when we were at our live event.
Oh my goodness, you need to explain that.
These two guys, they were mature students at some university in the south of England, and wait, what?
So they were really big fans of the show, and I was, you know, basking in it a bit, and I said, who's your favorite guest? And they went, oh, Maria!
Both of them screamed it right away. Maria, Maria's our favorite! Maria, Maria, Maria!
So they were really big fans of the show, and I was, you know, basking in it a bit, and I said, who's your favorite guest? And they went, oh, Maria!
Both of them screamed it right away. Maria, Maria's our favorite! Maria, Maria, Maria!
For real? For real? Oh, fuck, fuck. Oh, fuck.
Oh my fucking God.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Maria Varmazis:
Show notes:
- BBC Goes to Court to Identify 'Doctor Who' Leaker
- Doctor Who episodes leak online – should you download them?
- Reality Winner pleads guilty after being unmasked by microdots
- German researchers defeat printers' doc-tracking dots
- Are you happy with this technology that Facebook’s developing?
- Emma Sayle – CEO. Wife. Mother. Liberator. Feminist.
- Killing Kittens Parties Liberating Women Worldwide
- Kate Middleton's friend holds orgies in sharia hotel
- Safe Date – Stay Safe And Get Peace Of Mind When Dating
- Killing Kittens sex party founder hopes new DateSafe app can improve women's safety
- GeoGuessr – Let's explore the world!
- Playground Buddy – Helping Families Find Playgrounds
- Blue Apron is releasing a smart, strong, sensual Bob’s Burgers meal kit
- Every Burger From Bob's Burgers Ranked
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses
Sponsor: MetaCompliance
People are the key to minimizing your Cyber Security risk posture. MetaCompliance makes this easier by providing a single platform for Phishing, Cybersecurity training, Policy, Privacy and Incident management. Listeners can get a 10% discount off the high-quality CyberSecurity eLearning catalog by quoting the code SMASHING. Visit www.metacompliance.com now.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Great episode! Though isn't she the first female "Doctor", rather than "Doctor Who" (I don't really care, just thought it was odd, don't follow the lore enough… at all).
Is there a patreon or similar setup to get an ad free version of the podcast?
If you ask most fans they'll say that the lead character is *almost* always referred to as "The Doctor" rather than "Doctor Who" within the narrative. I say almost as there was an instance where a megalomaniac computer in London's Post Office tower said "Doctor Who is required" back in the 1960s (watch it here https://www.youtube.com/watch?v=gbbegb4qyP8), and there has been a fairly long history of characters making the lame "Doctor? Doctor who?" joke.
However, for most of the original series run and when the show came back in 2005, the character was credited at the end of the show as either "Dr Who" or "Doctor Who". So, I think we have to accept the possibility that maybe – just maybe – it's okay for us to refer to him/her as "Doctor Who".
There's a good discussion of this, including the views of former showrunner Steven Moffat, in this article: https://www.radiotimes.com/news/2017-06-24/is-his-name-really-doctor-who-the-history-of-the-time-lords-moniker-and-showrunner-steven-moffats-view/
Moffat himself fairly directly joked about the “Doctor”/”Doctor Who” thing in an episode from the Peter Capaldi era. Quite amusing: https://www.youtube.com/watch?v=Visr3FBl_9c
We don't offer an ad-free version of the podcast presently. Maybe we'll look into Patreon in the future. If you want to support the show, please tell your friends about it!