Smashing Security podcast #222: Facebook, deepfakes, and April Fools scandals – with Nina Schick

Industry veterans, chatting about computer security and online privacy.

Smashing Security podcast #222: Facebook, deepfakes, and April Fools scandals - with Nina Schick

Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook’s latest data fiasco, and some less-than-brilliant April Fool’s tricks.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast, hosted by cybersecurity veterans Graham Cluley and Carole Theriault.

0:00
0:00 0:00
0:00
Show full transcript
TranscriptThis transcript was generated automatically, probably contains mistakes, and has not been manually verified.
CAROLE THERIAULT
And you're thinking, okay, so it was a joke. It was a joke.
GRAHAM CLULEY
It's not. It's— well, you say it's— you say it's a joke. It's not a funny joke.
CAROLE THERIAULT
No, it's not a funny joke.
NINA SCHICK
It's just— but Graham, it's— it's a pun, you know. I thought every Englishman loved a pun.
GRAHAM CLULEY
Maybe in Germany it's funny, but I'm—
NINA SCHICK
I'm half German.
CAROLE THERIAULT
They're not funny. You're right, they're not funny.
Unknown
Smashing Security, episode 222. Facebook deepfake. Ransomware outbreaks and April Fools scandals with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security episode 222. My name is Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
And this week, Carole, we're joined by a special guest, someone who hasn't been on the show before. It is Nina Schick.
CAROLE THERIAULT
Very exciting.
NINA SCHICK
Great to be here, guys.
CAROLE THERIAULT
I'm thrilled that you're here because I heard you on Sam Harris's podcast, and I don't listen to a lot of Sam Harris, but occasionally I go through just to see if anyone's talking about technology or misinformation.

And there you were. So really exciting that you're here.
NINA SCHICK
Well, I'm really excited to be here with you guys. Thanks for having me.
GRAHAM CLULEY
So Nina, you are the deepfake expert, aren't you? You're the one who knows all about that and disinformation.
NINA SCHICK
That's right. I'm the deepfake person. I got into it quite a few years ago, and it seems to be getting quite popular. So it seems to be an interesting—
GRAHAM CLULEY
How can we tell we've got the real Nina Schick on the line right now rather than a deepfake person?
NINA SCHICK
Oh my God, Graham, you did it. You went there.
CAROLE THERIAULT
That's what everybody wants to know. They ask me.
GRAHAM CLULEY
Oh really? It's not, it's not original? Oh dear.
NINA SCHICK
No, you'd be surprised how often I get asked that.
CAROLE THERIAULT
Sorry.
NINA SCHICK
It's a good question, I like it. Yeah, I'm real still, although, you know, right, by and by.
CAROLE THERIAULT
That's why, of course, she'd say that. That's the point. Exactly, exactly, exactly. Nina, you've written a book.
NINA SCHICK
Yeah, so my book is obviously on deepfakes. It's called Deepfakes and the Infocalypse.

And it's all about the corroding information ecosystem and how basically AI-generated visual or synthetic media is the next step in the corroding information ecosystem.

But of course, when it comes to the future of deepfakes and synthetic media, it is going to be so much bigger than that.

It's actually a profound, I think, paradigm shift in the future of not only content creation but human communication.

And just as it will be weaponized by bad actors for disinformation or misinformation, like all powerful technologies of the exponential age, it's going to actually be transformative for entire industries and not only be used maliciously.
CAROLE THERIAULT
So yeah, guys, I told you she was smart. I told you she was smart. We're going to talk a lot more about this in your section. I cannot wait.

First, let's just thank this week's sponsors, 1Password and Duo Security. Their support helps us give you this show for free. Now coming up on today's show, Graham, what do you got?
GRAHAM CLULEY
I'm gonna be telling everyone Mark Zuckerberg's phone number.
CAROLE THERIAULT
Ooh, okay. And Nina, what about you? Well, I think we know. Ooh, could it be deepfakes?
NINA SCHICK
Is it actually me? I think we'll get into that and more.
CAROLE THERIAULT
Okay, and I'm gonna be revisiting April Fools' and see who pulled it off this year and who did not. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY
Now, chums, I don't know if you've heard, it's a big story right now in the technology press. Our good friends at Facebook— oh, how we love them. They've had a little glitch.
CAROLE THERIAULT
I just don't that you use good friends indiscriminately. What? I mean, you know, everyone from Piers Morgan to Mark Zuckerberg gets that label.

It's just, you know— Anyway, carry on.
GRAHAM CLULEY
All right, fair enough. Yes, so Facebook— uh-oh— they appear to have leaked half a billion Facebook account details onto the internet.

That's what's leaked out onto the internet and is now available for anyone to download and to access and to scroll through for free.
CAROLE THERIAULT
Unbelievable. That's gotta be 20%, right? That's 20% of their users. 'Cause don't they have something like 7 or 8 billion or something?
GRAHAM CLULEY
I don't know. How many people are there on Earth? They've probably got more users than the population of planet Earth at the moment.

Oh, I bet they do because people have more than one account. Of course we do, yes. How else are you supposed to stalk people online? You don't use your own account.
CAROLE THERIAULT
Whoa!
GRAHAM CLULEY
Well, you know.

So Facebook has had a serious data breach, which is getting it bad press at the moment, and Facebook doesn't appear to me to have actually notified the affected users, which I think is a little bit naughty.

The information which is out there right now is people's full names, email addresses, sex, location, marital status, phone number, occupation, and something called their account ID number.
CAROLE THERIAULT
I thank God relationship status isn't mentioned.
GRAHAM CLULEY
Well, it's complicated, is it, Carole?
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
Now, the details of 533 million users from 106 different countries were scooped up off Facebook back in 2019 via a vulnerability in their add friends feature.

So they had a bug in their software which hackers were able to exploit in order to access information which they shouldn't have been able to scrape quite so easily.

Now, this data surfaced, bubbled up on a hacking website in the middle of last year.
CAROLE THERIAULT
Summertime type thing for—
GRAHAM CLULEY
Summer for the northern hemisphere, yes. Middle of last year.
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
Okay. What does the weather matter, Carole? As to when the data surfaced.
NINA SCHICK
I'm just trying to—
CAROLE THERIAULT
I'm trying to— I'm getting into the story. I'm trying to, you know—
GRAHAM CLULEY
You're making it more poetic.
NINA SCHICK
Context. Yes, yes.
CAROLE THERIAULT
You know when I'd ask you if you went out one night, I'd be "what are you wearing?" You know, just get me into the scene.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
Okay.
GRAHAM CLULEY
So I imagine Mark Zuckerberg was wearing a hoodie.
NINA SCHICK
Gray t-shirt.
CAROLE THERIAULT
Yeah, yeah. I see him. I'm there. I'm there. Okay.
GRAHAM CLULEY
He had a designer dog with him. And the data bubbled up on some hacking website. And the hacker was asking around $30,000 for this information if you wanted to grab it.
NINA SCHICK
What?
CAROLE THERIAULT
Seriously?
NINA SCHICK
Is that all?
GRAHAM CLULEY
Well, that was what it was at the time. At the time, of course, it wasn't in much circulation. Now, if you think, is that all?
CAROLE THERIAULT
I was thinking I could scrape it together, you know, that would help our show.
NINA SCHICK
For the entire database?
GRAHAM CLULEY
For the entire database of half a billion Facebook accounts, yes.
NINA SCHICK
Wait, and this would be a unique transfer to the one person that paid $30,000 or $30,000 per access?
GRAHAM CLULEY
Oh, I love the way you're thinking.
CAROLE THERIAULT
It's a screen print, yeah.
GRAHAM CLULEY
The interesting thing is the price subsequently lowered to less than $10. So I think—
CAROLE THERIAULT
What, for all of it?
GRAHAM CLULEY
So I think this is the way that breaches often go. They get hold of some valuable data. And this didn't include passwords, by the way. We need to stress it didn't include passwords.

So there was sensitive information in there, which you probably didn't want falling into the wrong hands. But it didn't include passwords, which would've bumped up the price.

But once some people have got access to some of it, of course, they could sell it on to others at cheaper and cheaper rates.

And eventually, the first person thinks, maybe I'll get $10 for this.
CAROLE THERIAULT
Yes, like the last chicken at Sainsbury's. Last chicken at Sainsbury's.
GRAHAM CLULEY
Now, back in January of this year, somebody created a bot on Telegram, like a little automated routine which you could send queries to, and allowed anyone to query Facebook's database, the leaked database, for a small fee, just for a couple of credits.

So you can send it a Facebook ID. That's the string of numbers associated with your profile.

So even if you've got a Facebook username, which you probably do have, there's also a unique numeric identifier for you.

And it's actually not that hard to find out someone's Facebook ID if you want to. There are websites even which can do that if you can't work it out.
CAROLE THERIAULT
Oh, thanks for the tip.
GRAHAM CLULEY
Links in the show notes. And the bot would spit back the associated phone number of that person.

So if you were chatting to someone online, but you weren't able to get in touch with them any other way, you could have used that facility to get their phone number.
CAROLE THERIAULT
Oh, fun.
GRAHAM CLULEY
Which potentially is problematical, isn't it?
NINA SCHICK
Mm-hmm. Potentially.
CAROLE THERIAULT
Problematic, surely.
NINA SCHICK
Yes.
GRAHAM CLULEY
And now, what did I say?
CAROLE THERIAULT
Problematical. I don't know. I felt like I was in North America for a second.
GRAHAM CLULEY
Oh, I see. Well, you do the math for yourself.
CAROLE THERIAULT
Maths.
GRAHAM CLULEY
Isn't it weird how in the UK, sport is sport, and in America it's sports, and maths is maths here, and it's math in America? Yeah.
CAROLE THERIAULT
Drop the S, didn't need it.
NINA SCHICK
Graham, you're not the first British person I've come across who's very upset about the dropped S.
CAROLE THERIAULT
Yeah, what do you say, Nina? Because you're an international person.
NINA SCHICK
I think I've said math in the past, but my English friends have drilled it out of me. They've been very upset about it.
CAROLE THERIAULT
I'm still fighting strong 20 years on. Still fighting, fighting the real fight.
GRAHAM CLULEY
The real important one is aluminum. And whether you say that correctly. Aluminum? Aluminum.

Well, now this data, this data which was feeding the bot, this data which was previously available for $30,000 reduced to $10.

That's now available for everyone at the bargain price of zero. Anyone can now go and get it.

Now, you would imagine that this is a PR disaster for Facebook, that everyone's talking about this, and that Facebook's corporate communications departments have leapt into action with a really strong message to reassure people.

And what they've said is they've said, this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.
CAROLE THERIAULT
We just didn't tell anybody.
GRAHAM CLULEY
Well, the thing is this, right? They might have fixed the vulnerability to stop any more data leaking out, but that doesn't mean the data is old.

It might have been grabbed, you know, maybe a year and a half ago. But I personally haven't changed my name since 2019. I haven't changed my email address, my sex, my phone number.

They call it old data. It still works.
CAROLE THERIAULT
You could get a facelift, Clue. You know, you're getting on. Maybe I'm just, it's just, you know, no judgment, man. No judgment.
GRAHAM CLULEY
So I'm rather unimpressed with that as a response. It feels to me like they just said, oh, nothing new here.
CAROLE THERIAULT
I'm shocked at their response. So there was no sorry in that, right?
GRAHAM CLULEY
Oh, no, there was no sorry. And they don't appear to have reached out to any of the affected users at this point.

Facebook, it seems to me, is trying to argue that this isn't really a data breach. It's just what you signed up for when you created a Facebook account.
NINA SCHICK
Was it reported in 2019? Because I hadn't even heard this story.
GRAHAM CLULEY
So I've been searching around trying to find evidence of this, and I'm not sure. Maybe they talked about fixing a vulnerability, but I don't remember.

I mean, there have been instances before.

Facebook did, round about 2019, I remember they left probably not as many as half a billion records, but they left tens of millions of records on an unsecured Amazon Web Bucket, which then fell into people's hands.
CAROLE THERIAULT
So they at the time were feeling super lucky, right?
GRAHAM CLULEY
So I think, you know, you can't really call this old data. It may have been grabbed two years ago, but the data's now accessible to many more people who could exploit it.

And so what's the danger of this, right, is not only that they know your sex and your vague location and, you know, all that kind of information, but your phone number.

And if they know your phone number, they could potentially hijack your phone number. You know, we talk a lot about these sort of SIM jacking things.
CAROLE THERIAULT
SIM swap.
GRAHAM CLULEY
Yeah, SIM swaps where if you're using SMS as a form of two-factor authentication, which generally we say, look, don't use that for two-factor authentication, use something else instead.

But if you were using that, if the bad guys were able to hijack your phone number effectively, which we know from the past does work, then they could break into maybe not just your Facebook account, but other accounts as well.

Now they know the phone number associated with you, which isn't good.
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
Well, guess whose number was in the data leak along with half a billion other people?
CAROLE THERIAULT
I think I read this. Wasn't it Marky Mark himself?
GRAHAM CLULEY
Mark Zuckerberg. Wow. His phone number is in there.
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
Which means that anyone who grabs this data could, I suppose, give Mark a call. And one of the—
NINA SCHICK
Should we do it right now?
CAROLE THERIAULT
Should we do it right now?
NINA SCHICK
Come on.
GRAHAM CLULEY
So all those people, should we invite him on the show? Why not? Should we bring him up?
CAROLE THERIAULT
Yeah, just put your phone on speaker and call it, see what happens.
GRAHAM CLULEY
You know, I have so many people who email me saying, oh, I can't get into my Facebook account. They're basically trying to break into someone else's account.
CAROLE THERIAULT
You have a hotline to the Zucks now.
GRAHAM CLULEY
Yeah, exactly. People trying to break into Facebook accounts. I could say to them, look, call this guy. He knows how to do it. He can help you.

Now, one of the discoveries, once his phone number became public, people began to look for it in other services. And what they found was that Mark Zuckerberg has a Signal account.

He uses the end-to-end encrypted messaging service Signal, which of course is very privacy conscious.
CAROLE THERIAULT
Not the one on WhatsApp?
GRAHAM CLULEY
Well, maybe he uses WhatsApp or Facebook Messenger as well, but he's... It's interesting that you also created an account on TikTok.
CAROLE THERIAULT
Yes, maybe his CISO made him, you know?
NINA SCHICK
Yeah.
GRAHAM CLULEY
But you know what? Now people know his phone number, they could, I suppose, create bogus accounts, you know, with his name and details.
CAROLE THERIAULT
Oh, give me a break, he's gonna change his number.
GRAHAM CLULEY
Well, probably, I suppose so, until the next breach and then he'll have to change it again.
CAROLE THERIAULT
But he's gonna go through that horrible feeling though. If I had to change my number, of course you would, but it'd be annoying. It's losing your wallet, right? It's oh God.
GRAHAM CLULEY
Yeah, horrendous.
CAROLE THERIAULT
Well, there you go. Poor you, Mark.
GRAHAM CLULEY
Because of the scale of the problem and public interest, Troy Hunt of Have I Been Pwned has made a change to his service.

So you can now search for your phone number rather than your email address to see if it might have been breached, which seems like a good idea to me.

But by the way, the interesting thing about Signal, I think, is I generally like Signal. I use Signal. You use Signal, don't you, Carole?

It's quite a good encrypted messaging service.
CAROLE THERIAULT
It took you a while to use it, actually. It took you a while to use it. I've been using it for a while.
Unknown
Observations about it was that you have to associate your phone number with your account when you create an account, which I've never liked.

And some of the services don't require that. And here's an indication of why that's not such a good idea, because now everyone knows Zook is on Signal. So it's not good.

But anyway, for the rest of us, this leak could allow bad guys to exploit the information— social engineering, scams. So watch out for spam calls, etc., etc.

And if this is the thing which makes you want to quit Facebook, check out Smashing Security episode 75.
CAROLE THERIAULT
No, seriously, just get off Facebook. You guys can live. You can live without Facebook. Nina, can I ask, are you on Facebook? No. You're not. You see, and she's great, guys.
NINA SCHICK
You see?
GRAHAM CLULEY
There you are. All the cool cats aren't on Facebook.
NINA SCHICK
Isn't it mostly the older demographic? I feel it's my mother-in-law. Spreading disinformation.
GRAHAM CLULEY
I wouldn't know what to do if I was on TikTok, for instance. I can't do the dance moves, for one thing.
CAROLE THERIAULT
Couldn't you play chess or something?
GRAHAM CLULEY
Do they have chess?
CAROLE THERIAULT
To Lionel Richie? Something that?
GRAHAM CLULEY
Oh, I'd love that.
CAROLE THERIAULT
Slow, slow, you know. Hello.
GRAHAM CLULEY
Nina, talk to us all about deepfakes.
NINA SCHICK
So I guess the obvious place to start is just, what is it?

And essentially, a deepfake is a piece of synthetic media, that's to say, a piece of media that's been either manipulated by artificial intelligence or entirely generated by artificial intelligence.

And it can come in the form of video, audio, or images.

And the really amazing ability of AI to actually make fake media, in some cases from scratch, is really nascent and is due to the revolution in deep learning over the past decade, which has to do with the masses of data availability and the ability of computers to churn through it all.

And that's really only been possible for about 5 years. 2014 was the first big breakthrough paper.

But since then, since it started emerging on the bleeding edge of AI research, it's really hit the public imagination.

And one of the astonishing things about synthetic media is AI's ability to recreate humans. And this is manifesting in two ways. So scary.

It is scary because until now, all the best special effects or CGI, computer graphics, there's this idea of something called uncanny valley.

And that's the more you try to make something look or appear human and it's not, the more it becomes unnatural until it evokes almost a reaction of disgust in us.

So that's why creepy robots are—
GRAHAM CLULEY
I got that when I watched the Polar Express movie. Do you remember that? It was a CGI Disney-ish movie with Thom Hanks doing all the voices.

This Christmas thing on a train, and it had all these humans, but there was something a bit spooky about them all. They were trying to look humans, but they weren't quite doing it.

And the fact it was Thom Hanks as well made me slightly uncomfortable as well, because I'm not a big Thom Hanks fan.

But yeah, it just felt weird because it was almost there but not quite.
NINA SCHICK
Exactly. And not to mention that, you know, he's a QAnon leader, right? Or he's leading— sorry, he's leading the Hollywood pedophile circle. Yeah, no, I find Thom Hanks creepy too.

You know this theory, right?
GRAHAM CLULEY
These are Nina Schick's opinions, not necessarily the opinion of our podcast.
NINA SCHICK
That was obviously sarcastic. For the record, I don't think Thom Hanks is leading a pedophile ring in Hollywood. But anyway, so—
CAROLE THERIAULT
No, no.
NINA SCHICK
But anyway, so—
CAROLE THERIAULT
I know he's gonna have a heart attack. This is not good. It's gonna— live on the air, live on the show. There he goes. Oh boy. One more and we're in trouble. Right.
NINA SCHICK
So this amazing ability of AI to bridge uncanny valley is manifesting in two ways.

The first is the use of deepfakes or synthetic media to create entirely AI-generated people who don't exist.

And a good example of that is if you go to the website thispersondoesnotexist.com, every time you refresh the page, that's a GAN-generated image of a human who doesn't exist, and they look so real that you or I wouldn't be able to tell that that's not an authentic image, that's a synthetic image.
CAROLE THERIAULT
Even in the time that I've known of that site, it has improved.
GRAHAM CLULEY
Oh, has it?
CAROLE THERIAULT
Exactly. Yep, yep, it really has. It's unbelievable.
NINA SCHICK
That website is only images, right? So it's actually the easiest challenge when it comes to synthetic media, and that's already basically perfect.

But as the technology accelerates, it's going to be the same with synthetic voices and also synthetic film, right? So videos.

But the second way this amazing ability of AI to recreate humans is manifesting is in its ability to clone real humans, right? And hijack biometrics.

Because all that you need to do in order to recreate someone synthetically is get the right training data.

In this case, it might be images of that person, video of that person, or audio of that person's voice, and train your algorithms on that training data in order to basically clone that person.

And here's an example of how scary quick this technology is advancing.

At the time deepfakes first came out at the end of 2017, in order to synthetically recreate someone's voice, it was really difficult.

And I was working with an AI company at the time, and we were running experiments to see how easy or difficult it would be to synthetically recreate Donald Trump.

And we had to use hours and hours of his voice for training data to train our algorithms, you know, 3 or 4 months. And in the end, we had something that sounded a bit like him.

I mean, it was pretty impressive, you know, that this was all AI-generated, but it didn't sound perfectly like him.

But I can actually provide for your show notes, we did a little article at the time with, I think it was CNBC, where we did a little quiz where it's like, can you guess which one's real Trump or fake Trump?
GRAHAM CLULEY
All right.
NINA SCHICK
And it was pretty much, even at the time, it was almost 50/50, even though the voice then wasn't pitch perfect.

But now in 2021, 3 years later, and there are already companies out there who say they need 5 seconds of somebody's voice in order to be able to recreate their voice perfectly using AI.

So obviously from a—
GRAHAM CLULEY
5 seconds?
NINA SCHICK
5 seconds.
GRAHAM CLULEY
That's astonishing, isn't it? Because of course he could have used that as a defense. Remember the whole Access Hollywood tape when he was on that bus and he was—
NINA SCHICK
Exactly.
CAROLE THERIAULT
Oh yeah, no, we all forgot about that.
GRAHAM CLULEY
All the locker room talk. But, you know, he could have said, look, this isn't me.

'This has been deliberately manufactured.' And that's the other problem, I suppose, with deepfakes, is not just dodgy content, but also that things that really did happen can be excused or explained away.
NINA SCHICK
That's already happening.
CAROLE THERIAULT
Yeah.
NINA SCHICK
And you're spot on to notice that, because I think most people are always like, 'Oh my God, that's crazy. Anyone can create fake media of me.' But the more profound effect...

Because right now the technology isn't ubiquitous.

And I should say that the other really potentially scary thing about deepfakes is that the AI is going to do the heavy lifting, right?

So creating this kind of sophisticated fake content before would have been only in the domain of an extremely well-resourced actor like a Hollywood studio or a state actor.

But AI is going to democratize it. So by the end of the decade, it will be accessible to anyone with no special skills, no big budgets, and on easy to use platforms.

To use interfaces like software, smartphone apps, things like that.

But before that happens, the malicious effects of deepfakes and synthetic media is already that it undermines trust in all authentic media.

And that's a phenomenon called the liar's dividend. And as for Trump, he already started saying that about the, you know, the grab them by the pussy tape in 2017.

I mean, in 2016, he said okay, locker room talk. Yeah, he apologized churlishly. By 2017, it was already saying it's a fake.
CAROLE THERIAULT
Wow.
NINA SCHICK
And I mean, astonishingly, I saw that even in the context of a piece of video that was so powerful, right?

Because it was the George Floyd death video that united millions of people, not only in the United States, right, but around the world in protest, because that was so visceral, so powerful.

It was so symbolic.

At the time, as I was watching that, I didn't watch the whole video because it was too brutal, but as I was watching this anti-racism movement unfold and also picking up on how polarizing it was politically, I was thinking to myself, you know, it won't be long before the authenticity of that video is litigated.

And it happened two weeks afterwards, and it didn't come from some kind of 4chan troll or anonymous person on the web, but an actual African-American candidate who is standing for the House.

She has a PhD. Her name is Dr. Winnie Hartstrong, and she basically released a 23-page paper arguing that the entire George Floyd video is a deepfake hoax.
CAROLE THERIAULT
Oh my God, disgusting.
NINA SCHICK
And that George Floyd had died in 2016 and that at the hands of Thom Hanks. Yeah, exactly.

That the guy in the video is an ex-NBA basketball player who looks a little bit like George Floyd, and that George Floyd's face had been swapped onto his, and that the police officer Derek Chauvin is this retired game show host.

And she didn't— I saw it. Yeah, it's crazy. You should read the paper. The thing is, I saw it because I was obviously monitoring this phenomenon known as the liar's dividend.

And in 2020, okay, it didn't get that much currency, but she still launched a website, she went on numerous podcasts, you know, she was really outspoken on social media about her theories.

But in 2024, or in 2028, or in 2030, where there is no more trust in the information ecosystem, people will— the information ecosystem will be inundated with synthetic media, and nobody will know, we won't be able to tell what's authentic, what's synthetic.

You can see how even a video like that, which is still widely accepted as something that happened today, will just become a matter of opinion.
CAROLE THERIAULT
Yeah. And think of the history channels in 20 years, 30-year time, they're going to be able to just fake everything. Yeah, I saw a website.

I don't even know where I was somewhere on my feeds. But it was, oh, see people you basically upload a picture of someone that has died is the concept, right?

Say your grandmother, and then they'll make that picture move in a way that she'll—
NINA SCHICK
It's Deep Nostalgia.
CAROLE THERIAULT
Deep Nostalgia. There you go.
NINA SCHICK
And that's actually had a lot of good press because people have been, wow, it's like bringing a loved one back to life.

There's a really profound philosophical debate to be had here because, as I said, this unique ability of AI to recreate someone's biometrics is relevant even to those who are dead, right?

You literally have this ability to resurrect the dead. So there's some amazing deepfake content out there on YouTube.

Right now, there is a project which is about resurrecting James Dean, you know, the dead actor, in a film synthetically to make an entire new movie with, this is something being worked out with James Dean's estate.
CAROLE THERIAULT
Didn't this start off with ABBA, Graham?
GRAHAM CLULEY
ABBA?
CAROLE THERIAULT
Didn't ABBA do a tour recently, and it was kind of mini-AI where they were—
GRAHAM CLULEY
Holograms of how they looked in the '70s. Yeah!
CAROLE THERIAULT
You see how far we've come? Yeah.
GRAHAM CLULEY
And didn't Kanye West resurrect Kim Kardashian's dad or something?
NINA SCHICK
He did.
GRAHAM CLULEY
It was on Instagram to say what an amazing guy Kanye West was, which is what Kim had to say on stage.
CAROLE THERIAULT
Just, oh my God.
GRAHAM CLULEY
So, Nina, whenever I hear about deepfake technology and all this synthetic media and things, I can't help but feel that we're going to hell in a hay cart.

And it feels like the end of civilization as we know it. Am I right to think that? Are we all completely and utterly doomed, or is there any chance we're going to survive this?

Because I feel quite negatively about it all.
NINA SCHICK
No, we're not going to hell in a handcart. I mean, I felt pretty negatively about it when I first learned about it because I was coming at it from a disinformation angle.

And the first use case of deepfake technology, widespread malicious use case, is in non-consensual pornography. I mean, it's really similar to the origins of the internet, right?

When people are, oh, this thing will never take off, this is just for weirdos who want to share porn.

And, you know, look at us 30 years later where, you know, the internet is synonymous with—
GRAHAM CLULEY
Was it ABBA? Was it Benny and Björn who were in these porn videos? Or what was the—
CAROLE THERIAULT
No, no.
NINA SCHICK
Disturbing. It was actually Maisie Williams and, you know, these actresses who had been introduced to us as children.

But since then, there's been an entire deepfake porn ecosystem that's flourished online. It's a uniquely gendered phenomenon.

There is no deepfake porn of men, but every single female celebrity or K-pop star, Ivanka Trump, Ann Coulter, you name it, you can find deepfake fake porn of almost every woman in the public eye.

But alarmingly, it's not just famous women who are targeted. It's increasingly normal women as well.
CAROLE THERIAULT
I feel so incensed, though, that there is no way that you can fight back, right?

So if someone uses your image, and someone uses your voice, and someone makes you do something that you're completely not comfortable with or didn't agree to, there's absolutely fuck all you can do.
NINA SCHICK
There's fuck all you can do.

And right now, if you are the victim of deepfake porn, and there were early instances where they basically put women's faces into authentic porn videos, right?

So if you wanted to have that content taken down, it was better to try and get a copyright claim from the production company that made the actual porn film.
CAROLE THERIAULT
Oh my God.
NINA SCHICK
But you know what, I've been talking a lot with people in the security industry.

And you know, there has to be some kind of products and services developed for individuals, because what could be more damaging than having your identity hijacked in this way?

So going back to Graham's question, though, there are obviously devastating downsides, and this technology is going to be weaponized not only against women.

I actually find the porn case study as a harbinger of what's to come, right?

Because this principle that you can clone anyone and hijack anyone's biometrics is obviously going to be used in fraud, right? Obviously going to be used for spear phishing.

Obviously, and we're starting to see the first instances of that.

There was a case in 2019 where the CEO of a British energy company was conned out of a quarter of a million dollars because he thought he was speaking to the CEO of his parent company, but it was actually fraudsters using AI-assisted voice technology.

But more than that, it is actually a paradigm change in the way that we communicate and actually the way that we perceive the world, because it's going to transform entire industries like fashion, entertainment, sport.

It's not only going to be used for bad, but it's also being used for real good.

There are companies out there that are using synthesized voice to help people who've lost their ability to speak through stroke or Parkinson's or any number of diseases, you know, to resurrect their voice, give them a voice back.

So again, it's far too basic to say, oh, this is all bad. You know, of course the technology is going to be weaponized by malicious actors.

However, to me, it's just another case study of the profound technology-led exponential changes that are happening to our society.

I mean, arguably, we're going to see more change in our lifetime than the entirety of humanity that came before us did, right?
CAROLE THERIAULT
Yeah. Fuck you, Industrial Age. You thought you had it in the bag.
GRAHAM CLULEY
Yeah. Yeah.
NINA SCHICK
Exactly. So then it's about how do we build a society that is fit for purpose?

Because a lot of our institutions, for example, our legal system, you can't deal with the challenge of deepfake porn with the existing legal system. What do you do?

How do you reconstruct society so it's fit for purpose? That's really the big question.
CAROLE THERIAULT
Yeah, and I'm guessing you don't have an answer yet. That's a big one.
NINA SCHICK
Oh, not just yet. I just diagnosed the problem.
CAROLE THERIAULT
Well, Graham, any answers? You like to think you're quite smart.
GRAHAM CLULEY
Maybe on next week's episode.
CAROLE THERIAULT
Okay, excellent.
GRAHAM CLULEY
Carole, what have you got for us?
CAROLE THERIAULT
Okay, we're going to lighten the tone a little bit. April Fools'. You guys fans?
GRAHAM CLULEY
You know, a few years ago, I liked an April Fool's. I used to quite enjoy it. And I think something has changed in the world in the last 5 years or so and I'm finding—
NINA SCHICK
You got old.
GRAHAM CLULEY
I got old. I'm getting a little bit tired of it. Corporate April Fools' in particular. It's just a little bit like, oh, really? You know, isn't the world—
CAROLE THERIAULT
You are outrageous. You used to do corporate April Fools' all the time.
GRAHAM CLULEY
When I did them, but when I decided that their time had gone, then it was right time for everyone else to stop doing them as well.
CAROLE THERIAULT
What about you, Nina?
NINA SCHICK
I think my only interaction with April Fools', nobody I know seems to do it. They all forget it. It's just my one friend, and she always does something really lame.
CAROLE THERIAULT
If you want an April Fools' buddy, I'll be it, because I love a good—
GRAHAM CLULEY
I have been the victim of some of Carole's April Fools' on many occasions, and her April Fools' are really mean. So, oh, like Carole.
NINA SCHICK
So the year I just had my daughter, you know, I'd just literally gone through this amazing experience of motherhood and giving birth and felt very empowered and, you know, willing, wanting to talk to all other women who are going through the same experience about how great it could be.

And so she texts me and she's like, I'm pregnant.
CAROLE THERIAULT
I'm like, oh my God, I'm so happy for you!
NINA SCHICK
Let's talk, I have so much to tell you about.
CAROLE THERIAULT
And calling her, and you're crying with joy and hormones.
GRAHAM CLULEY
Yeah, yeah, yeah.
NINA SCHICK
And she just screened my calls and then was "Sorry, I'm busy.
CAROLE THERIAULT
April Fools." Wow.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
So, don't you feel lucky, Graham? That never happened to you.
GRAHAM CLULEY
No.
CAROLE THERIAULT
Yeah.
NINA SCHICK
Don't do that to a hormonal new mother. It's just mean.
CAROLE THERIAULT
But even as a professional, Graham, when we were in the corporate space, we both used to enjoy doing some April Fools.

We convinced the people that wear the blue Brooks Brothers shirts and the sports slacks to let us put out some outrageous April Fools, which, you know, maybe today would be considered irresponsible.

But at the time, in the olden days, they were quite fun. And I agree, I think now it would be a bit remiss to do it.

I don't think I would be doing it if I was in, you know, a head of a corporate entity, you know. And it's actually the second year that Google doesn't do April Fools.
GRAHAM CLULEY
Oh really?
CAROLE THERIAULT
They did a load of them.
GRAHAM CLULEY
Ah, they've stopped, have they?
CAROLE THERIAULT
They're the old pranksters. Yeah, yeah, yeah. They're the old pranksters. Yeah, they—
NINA SCHICK
They're the big boys now.
CAROLE THERIAULT
Yeah, they had in 2013, they introduced a smell feature on their browser. That's what they announced. Yeah. And in 2018, they hid Waldo in various Google Maps for kids to find.

So I thought that was cool.
GRAHAM CLULEY
Oh, that's nice though.
NINA SCHICK
That's nice. That's nice.
GRAHAM CLULEY
Yeah, that's not tricking anyone. It's just a bit of fun. Yeah.
CAROLE THERIAULT
Evil. Yeah.

So I have found, however, that a number of corporations decided to go ahead and do some April Fools', and I thought we'd go through them and you guys could say success or fail.

So Sky Mobile, okay, they announced this year that they were launching a new SIM tariff for pet owners so they could continue to share more pictures of their pets online.

And they claimed that there was free data allowance for a whole year.
GRAHAM CLULEY
Well, that sounds like a wonderful idea.
CAROLE THERIAULT
So, yeah, hahaha, no, there isn't.
GRAHAM CLULEY
Now that sounds like a really shitty thing to say, doesn't it?
CAROLE THERIAULT
Fail!
GRAHAM CLULEY
That's not an April Fool's, that's just lying.
CAROLE THERIAULT
It's just being mean. Yeah, it's saying we have something and yeah.
GRAHAM CLULEY
Yeah, and then taking it away.
NINA SCHICK
It's like the pet version of my mother's story.
CAROLE THERIAULT
Yeah, exactly. I had a cat, he was my baby. I would die if— Yeah, anyway, I would have totally been all over that. Okay, number 2, Volkswagen.

The automaker briefly posted, then removed, a press release on its website announcing it was changing its name to Voltswagen in an effort to promote electric vehicle purchases.
GRAHAM CLULEY
Oh. That sounds a good idea. They should do that, shouldn't they?
CAROLE THERIAULT
Yes, right? The whole idea was a public declaration of the company's future forward investment in e-mobility. And now this was on April Fools', this went out.

And you're thinking, okay, so it was a joke. It was a joke.
GRAHAM CLULEY
It's not. Well, you say it's a joke. It's not a funny joke, is it?
CAROLE THERIAULT
No, it's not a funny joke.
NINA SCHICK
It's just— but Graham, it's a pun. As an Englishman—
CAROLE THERIAULT
German.
NINA SCHICK
Well, every Englishman loved a pun.
CAROLE THERIAULT
They are German, Graham. They are German.
GRAHAM CLULEY
Maybe in Germany it's funny, but—
NINA SCHICK
I'm half German.
CAROLE THERIAULT
They're not funny. Right. They're not funny, really. They're not funny. I've watched a lot of German TV when I was there. Yeah, it's not funny. It's not funny.

Now, the car industry influencers, right, say this is super not funny.

Thom Morton, chief strategy officer at New York advertising firm, said, "This is mainly being done by fast food brands where the stakes are lower and they need a bit of hoopla." Okay, you shouldn't be joking about electric car branding.
GRAHAM CLULEY
It doesn't sound like he's very much fun either.
CAROLE THERIAULT
I think it's fun.
GRAHAM CLULEY
That's even worse than the pun, I think, his response.
CAROLE THERIAULT
Yeah, I think it's funny now. Yeah, exactly.
NINA SCHICK
Based on his response.
CAROLE THERIAULT
Now, it's interesting. It's interesting. So, yeah, Volkswagen, Volkswagen, yawn. Come on, right? Not really.

You wouldn't write about that in your top 10, you know, top April Fools, really, whatever.
GRAHAM CLULEY
No, no, not that great.
CAROLE THERIAULT
Next, right? Next, next.
GRAHAM CLULEY
Try harder.
CAROLE THERIAULT
Yeah, so it's interesting that you brought up fast foods because Deliveroo also got a spotlight.

So Deliveroo in France sent thousands of customers an email confirming an order, hilarious, get this, 38 anchovy pizzas, okay, worth 400 quid or about $500.

And this was sent to their inboxes for them to kind of receive and go, "Ah, zut alors, c'est drôle, poisson d'avril." Yeah.
GRAHAM CLULEY
Oh, it was a poisson d'avril.
CAROLE THERIAULT
Poisson d'avril, exactly. I'm trying to say it with an English accent because it's funnier. Poisson d'avril.

Now, according to the BBC, these fake invoices included the customer's first name, not the full name, but first name. I think that would have gone, hmm.

And preceded by the words, "Excellent choice." And Deliveroo added that as a loyalty reward, 50 sachets of hot sauce were going to be thrown in for free.
GRAHAM CLULEY
So did it say, "Psst, this was actually an April Fool's," or did it make people—
CAROLE THERIAULT
"Non, non, non, monsieur. Non, non, non." And that is why the Deliveroo customer base in France saw rouge. Okay.

One customer almost had a stroke on the BBC after receiving this fake order.
GRAHAM CLULEY
I would if I thought I had an anchovy pizza coming my way. What a terrible thing to have to put—
CAROLE THERIAULT
I have something that's going to give you a stroke later. My last one is just for you. So you have to be careful. You're going to be— sit down and have a drink of water ready.

Loosen your tie.
GRAHAM CLULEY
So this looked just like a regular confirmation. So if you had ordered pizzas from Deliveroo— Yeah. This email looks just like— so people would think—
CAROLE THERIAULT
There's so many problems in this. Number one, okay, I've got a little list here of things that piss me off about this.

Number one, many, many people in France, French people like me like anchovies. Okay, anchovies and bread is a normal thing.

There's a thing called pissaladière, which is like a kind of French tart with loads of anchovies on it. It's delicious.

Okay, so it's like me sending you 48, you know, I don't know, pepperoni pizzas to you. You'd be like, oh, maybe I did order that last night. You know, it's one of those things.

And also an invoice is not funny. What is an invoice funny? Like, when? Never! Like, if someone sent me an invoice for 38 hot pink toupees, I would be like, "Oh, oh, shit.

What happened? Husband? Husband?" Right?

But, you know, Deliveroo did face the music and apologize publicly, which— and it called it a failed April Fools' joke, which I think is fair.

You know, everyone's allowed to fail because the spirit of it was good. I saw—
GRAHAM CLULEY
Malheureusement, I saw. So their marketing department thought that would be a good idea. That's what amazes me is how this goes through the process, the chain of command.
CAROLE THERIAULT
Oh, get over yourself. You have worked with marketing departments. You have worked with many departments.
GRAHAM CLULEY
Yes, but something—
CAROLE THERIAULT
Very, very weird decisions. Come on.
GRAHAM CLULEY
But something like that would have to be approved by the head of French Deliveroo marketing or something. Why didn't they do something involving kangaroos?

Something more absurd, seeing as it's Deliveroo? Wouldn't that have been more amusing, or is that just my sense of humor?
CAROLE THERIAULT
Yeah, that is definitely just your sense of humor. Okay, see, again, jeu de mots, like you said, Nina. See, Deliveroo kangaroo, that's what he likes about it.

All right, Graham, this is the one to give you a heart attack, so don't, don't, you know, don't start breathing crazy yet.

Okay, so tweeting to his almost 8 million followers, Piers Morgan announced that ITV had offered him a return to Good Morning Britain after his exit from the show last month, having heavily criticized remarks by Meghan Markle.
GRAHAM CLULEY
Yeah, he's just desperate for attention, isn't he? So he said that as an April Fool's—
CAROLE THERIAULT
Has he not started his own YouTube channel yet?
GRAHAM CLULEY
I think he's waiting for GMB or whatever that— what are they called?
GBTV
Oh right, Andrew Neil's bunch are gonna scoop him up, I suspect. So what he— and everyone—
CAROLE THERIAULT
Yeah, yeah, yeah.
GRAHAM CLULEY
Did anyone laugh at that?
NINA SCHICK
Well, I don't know.
CAROLE THERIAULT
You follow him on Twitter, you tell me. I don't do that stuff.
GRAHAM CLULEY
No, I do not. I've actually— he's blocked me.
CAROLE THERIAULT
Has he?
NINA SCHICK
Has he really?
GRAHAM CLULEY
Yes.
NINA SCHICK
Were you trolling? What did you do?
GRAHAM CLULEY
I was once contacted by, publicly via Twitter by one of the researchers on the— on Good Morning Britain asking if I could come on the sofa to talk about something. Something.

And I said, every time I think of Piers Morgan, I throw up a little bit in my mouth, I said.

And so that got— I did tag him on that reply, and that got me a bit of a dick move, actually.
CAROLE THERIAULT
Wow.
NINA SCHICK
No, I mean, he must get so much, you know, stuff like that every day. So it's amazing that he just, like, blocks everyone who might—
GRAHAM CLULEY
I suspect he's blocked quite a few. Yeah, he's not my cup of tea.
CAROLE THERIAULT
No, he's a bit of an empty. Anyway, there you go.

You know, April Fools', maybe not a good idea until people get back on their feet, especially trying to charge them cash and 500 quid when people are trying to scrape their money together for monthly outgoings.

So, you know, tap on wrist for that, not well thought out. But, you know, I do think that I don't want the April Fools' joke to go away.

I think there should be one day, there's like, you know.
GRAHAM CLULEY
Maybe they're okay to do in your own home, Carole. Maybe they're all right to do in your family, but they shouldn't be done by a corporation.
CAROLE THERIAULT
Yes, I think they should be done by corporations.

I think it can show the true spirit of humanity, that the people that power corporations, and they should be accountable for their thing, but you know, they should put their brains together, come up with something good.

You know, after all, they're being paid. Geez, mine, I could come up with 5 better ones than this off the top of my head. Ah, honestly.
GRAHAM CLULEY
Using a password manager like 1Password can help increase productivity and save you money. How does it do that?

Well, a password generator tool creates strong, unique passwords that are saved and filled in automatically.

Features like Watchtower alert you to any issues with your employees' accounts, giving you oversight and more security control, and you can get notified immediately when a breach occurs with domain breach reports.

Find out more. Check out 1Password for yourself at 1password.com. And thanks to 1Password for supporting the show.
CAROLE THERIAULT
Protect your workforce with simple, powerful access security from Duo, powered by Cisco. The rapid expansion of remote work has presented challenges for all of us.

At Duo Security, it's their mission to make application access more secure for organizations of all sizes.

Its modern access security is designed to safeguard all users, devices, and applications so you can stay focused on what you do best.

So, want to proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device, and enforce policies to secure access to every single application?

Thought you would. Why not give your organization the peace of mind that only complete device visibility can bring? Visit duo.com to sign up for a 30-day trial. That's duo.com.

I mean, how easy is that to remember?
GRAHAM CLULEY
And welcome back, and you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT
Pick of the Week. Pick of the Week.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.

Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
CAROLE THERIAULT
Mm, better not be.
GRAHAM CLULEY
Well, my Pick of the Week this week is not security-related. My Pick of the Week this week is all to do with video game consoles, and specifically old video game consoles.

And there is a wonderful section of the BBC archives.

I do love the BBC archives and trawling through it, which details the 8 generations of video game consoles with lots of retro TV clips from yesteryear, going back as far as Pong, if you remember Pong in 1972.

Oh my goodness. Apparently is when that came out. The Grandstand, which is called something else in America. I can't remember what.

The Atari 2600, and then onto the Nintendo, Sonys, Microsofts, and et cetera, et cetera. Some feature friend of the show, Rory Cellan-Jones.
CAROLE THERIAULT
Oh, do they talk about ColecoVision? That's what I had. I had a ColecoVision.
GRAHAM CLULEY
Well, that may be there as well, Carole. It may well be there. I didn't really have a video games console when I was young. I just had a little home computer.
CAROLE THERIAULT
Shoelace to play with. Yeah.
GRAHAM CLULEY
Couple of twigs. That's how we made our entertainment in my day. But yes, I was always jealous of people.
CAROLE THERIAULT
Nina, what were you gonna say?
NINA SCHICK
I'm just gonna say I have no idea what you guys are talking about.
CAROLE THERIAULT
Have you never had a gaming console? You've never been a gamer, online gamer?
NINA SCHICK
No, no. I had a Game Boy.
CAROLE THERIAULT
Did you love it?
NINA SCHICK
Super Mario. Yeah, I loved Super Mario. That was it. One Game Boy, one game. That was the limit of my experience.
CAROLE THERIAULT
Did you ever play three hours in one shot? Oh yeah, for sure. Okay. All right. You're on the team.
GRAHAM CLULEY
Anyway, I will put a link in the show notes where you can watch these little videos and read some more about the eight generations of video game consoles. So enjoy it.

And that's my pick of the week.
CAROLE THERIAULT
Good one.
NINA SCHICK
Nice one.
GRAHAM CLULEY
Nina, what's your pick of the week?
NINA SCHICK
My pick of the week, keeping with my light theme, is very upbeat and optimistic. No, it's on BBC iPlayer now. It's actually Ridley Scott directed.

It is a documentary series called The Terror, and it's about the real-life story, one of the greatest mysteries of naval exploration.

It was the 1845 attempt to sail the Northwest Passage. So these two boats set off from England to try and sail from the Atlantic to the Pacific.

And the two ships, Erebus and the Terror, off they set, the best ships of their time.

And these two ships unfortunately got stranded in the Arctic ice, and they had three years of provisions, and they were sure that they'd be rescued.

But after I think it was two years, they decided that no one was coming for them, so they decided they had to trek out of there and try to make it into Northern Canada.

And it is just the craziest story because no one really knew what happened. They eventually, the ships just disappeared.

Many years later, they came across the bones of some of the survivors, and it turned out that they had turned to cannibalism in the bitter end. So—
CAROLE THERIAULT
Oh, I was hoping it would have been poutine. No.
NINA SCHICK
So it is a crazy real-life story, but the drama, the way that it's done, it is fantastic.
CAROLE THERIAULT
Yeah, because you're a history buff, aren't you?
NINA SCHICK
Totally, total history buff.
CAROLE THERIAULT
I'm going to take that recommendation.
GRAHAM CLULEY
Oh, that sounds fantastic. That's totally up my street.
NINA SCHICK
You'll binge-watch it. Yeah, it's very, very good.
CAROLE THERIAULT
Cool.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
Good one. Thank you, Nina. That's excellent.
GRAHAM CLULEY
It's much better than my pick of the week, to be honest. Carole, what's your pick of the week?
CAROLE THERIAULT
Mine is also a kind of documentary on Netflix. It is a seven-part series called Pretend It's a City. And it's directed by Martin Scorsese.

And it features just one-person conversation interviews with Fran Lebowitz. Now you may not know who she is.
GRAHAM CLULEY
Right.
CAROLE THERIAULT
But she moved to New York in the '70s, and then really soon started hobnobbing with all the arty crowd, really made it so Andy Warhol and Martin Scorsese became friends.

And, you know, they're friends still. She's in her 70s now. And she says of him, the kind of connection we have is really rare, as true love and romance. It's not the same.

But there's something chemical about it. Something just happened.
NINA SCHICK
It's—
CAROLE THERIAULT
there's not really an explanation for it.
GRAHAM CLULEY
It's like you and me, Carole.
CAROLE THERIAULT
It is a little bit. It's a little bit.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
It's not the same. It's not the same.
GRAHAM CLULEY
I'm Scorsese because I've got the eyebrows. And you know, you're the—
CAROLE THERIAULT
I kind of— I'm kind of in with this woman. I do really hope— Well, I hope to be like her, actually. I've now got a new goal.

So it's really, really brilliantly done because Scorsese's always behind the camera. You hardly see him. You see his shoulder, right? You hear an encouraging laugh.

You hear him nod her on. But it's all about Fran. And she's this kind of wit, raconteur person. And she's hilarious.

She's kind of— She'd hate me to— people are gonna hate me for saying this, but she's kind of like Diane Keaton and Woody Allen rolled into one with a sprinkle of, you know, I don't know what.

And she has this great hyperbole that comes out in her outrage, about New York, the lawn chairs that were put in New York cost $70 million. I mean, $70 million.

So she has a lot of that. Anyway, I love it.
GRAHAM CLULEY
I love it.
CAROLE THERIAULT
I love it.
GRAHAM CLULEY
She—
CAROLE THERIAULT
I thought, why haven't I never heard of her? But she hates the internet, hates the internet. Doesn't go near it. And she's never written a book.

She's just this kind of local star in a small New York pool. Anyway, go check it out. It's on Netflix. It's called Pretend It's a City with Fran Lebowitz and Martin Scorsese.

And I think it's fascinating. Good.
GRAHAM CLULEY
Sounds good.
CAROLE THERIAULT
I think you will like it, both of you, based— Nina, just based on this conversation, I think you'd like it. She's kind of cool.
GRAHAM CLULEY
I would like—
CAROLE THERIAULT
And she's cool. She wears always this huge, almost military-like coat and these oversized jeans that are rolled up like one big roll and cowboy boots.

I mean, she's been doing that for 30, 40 years. I kind of feel like she's trapped in her look, but there you go.
GRAHAM CLULEY
I'd quite like to be rolled into Diane Keaton. That's what I was thinking. There you are. You can leave Woody Allen out of it.

Anyway, on that note, that just about wraps it up for this week.

Nina, I'm sure lots of our listeners would love to follow you online and find out what you're talking about and learn more about you. What's the best way for folks to do that?
NINA SCHICK
You can follow me on Twitter, Nina D Schick, or my website, NinaSchick.org.
GRAHAM CLULEY
Brilliant. And you can follow us on Twitter at Smashing Security, no G, Twitter won't allow us to have a G.

And we're also up on Reddit, so look for the Smashing Security subreddit up there.

And to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Spotify, Google Podcasts, and Apple Podcasts.
CAROLE THERIAULT
Huge, huge thank you to this episode's sponsors, Duo Security and 1Password, and to our wonderful Patreon community. It's thanks to all of them that this show's free for all.

And for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 221 episodes, check out smashingsecurity.com.
GRAHAM CLULEY
Until next time, cheerio, bye-bye.
NINA SCHICK
Bye-bye.
CAROLE THERIAULT
Bye. Yay!
GRAHAM CLULEY
Great.
CAROLE THERIAULT
How was it, Nina? Was it okay? Baptism of fire.
NINA SCHICK
It was so fun. I loved it. You guys are great. You have an awesome dynamic. It's really, really fun being on.
CAROLE THERIAULT
It's because we hate each other. [Laughter]

Hosts:

Graham Cluley:

Carole Theriault:

Guest:

Nina Schick – @NinaDSchick

Show notes:

Sponsor: 1Password

With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now at 1password.com

Sponsor: Duo Security

While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications – so you can stay focused on what you do best.

Proactively reduce the risk of a data breach, verify users’ identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial.

Follow the show:

Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.