Smashing Security podcast #304: Oxford’s dating disaster, cheap security robots, and faking a suicide

Ah, chums, the dream inspires of Oxford. The beautiful city in which we all live. Well, all of us apart from Andrew, of course.

No, I'll show you the damn self. You don't live in Oxford.

Well, I used to live in Oxford. I live close to Oxford.

You've never lived in Oxford in your life. Well, no, I haven't. You've lived close to Oxford. Okay, well, I, you know. I am the only one who lives in Oxford.

The lies have been exposed after this time.

Smashing Security, Episode 304, Oxford Dating Disaster, Cheap Security Robots, and Faking a Suicide, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 304. My name's Graham Cluley.

Happy New Year. I'm Carole Theriault.

Happy New Year, Carole, and Happy New Year to our special guest this week, who's joined us. He hasn't been on the show for a while. It is host unknowns, Andrew Agnes. Hello, Andrew.

Hello. Happy New Year. Hi, Andrew. Welcome to the show. It's great to be back. Yeah, it's so much more fun here, isn't it, than other places?

I think we've got to the point now where it's a bit weird to say Happy New Year.

Oh, yeah. It's our first show of the season. Get over it. Yeah,

So I actually meant the Chinese New Year, so we've not had that yet. That's 22nd of January.

We're good for another couple of weeks. Very thoughtful.

Before we kick off, let's thank this week's sponsors, Bitwarden, Zoho PAM 360 and Nord Layer. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?

Oh, I'm going to be talking about an Oxford student dating site, which has got itself into a bit of a pickle.

I didn't know you hung out on those sites. What about you, Andrew?

I am going to be talking about autonomous security robots working for less than minimum

And I'm going to be telling a tale of crazy social engineering. Or is it? All this and much more coming up on this episode of Smashing Security.

Ah, chums, the dream inspires of Oxford. The beautiful city in which we all live. Well, all of us apart from Andrew, of course.

All right, Oxford, the damn south.

You don't live in Oxford.

Well, I used to live in Oxford. I live close to Oxford.

You've never lived in Oxford in your life. Well, no, I haven't. You've lived close to Oxford. Okay, well, you know. I am the only one who lives in Oxford. The lies have been exposed after a few times. I can see the dreamy spires if I walk a block. So there

You go. Well, if I drove for about 25 minutes, I could find myself punting along the Isis with a wind-up gramophone, drifting past the ancient colleges, having a game of crazy golf. It's a lovely place, isn't it, to nibble a cucumber sandwich.

I have actually punted with my book group and read poetry, eating cucumber sandwiches while punting. There you go. There's nothing more Oxford than that, isn't it? It's a city of culture, a city of sophistication, a city of study and intellect and great thinking, genius minds. And it's also the city of Oxshag.

And do you have to be in Oxford to do it? Can you do 40 miles from your location?

Bet you're jealous now, Andrew.

You have to be a member of Oxford University.

Okay, I know a number of professors that work there. Check.

Oh, right. Okay. Well, for just three of your British pounds, it's about the cost of a pint in your junior common room, I expect. About 1980. Yeah, okay. You can sign up for Oxshag and be presented with a list of potential matches. Okay. So now there's a good chance that you'll be able to find a student who you fancy on Oxshag because they've got a list of every single student at Oxford University. Shut up. And their email addresses.

But is this as clever as it sounds? Because surely if you know the format for email addresses at the university and you've got the students list. Exactly.

It's probably first name dot double barrelled surname, isn't it? It's at Oxford University. Hyphen hyphen.

No, but I'm guessing some students probably have their email address listed somewhere.

Well, let me explain. Because it's not just students. For anyone feeling a little bit more adventurous. Maybe you think, well, maybe I can improve my grades. Maybe I'll find myself a sexy tutor, admin staff, even porters, college porters you might be able to match yourself up with. In fact, you can find anyone and everyone with a University of Oxford email address on Oxshag, which means even university IT staff might have a slim chance of getting a little bit of bedroom action, or at least a little bit of thunder. Yeah,

There's a lot of people that work at Oxford, right? There's a number of colleges, there's people from catering staff to security staff to professors. Absolutely.

This is the original Facebook idea, right? This is what Zuckerberg actually wanted when he first launched it, wasn't it? Facebook when Zuckerberg created it, it was all about getting himself a date, wasn't it? Or sort of a hot or not thing to sort of rate people based upon their photographs at his college.

Well that is quite offensive. We try not to be judgmental in 2023 on this podcast. Someone for everyone, exactly.

Okay, email me if you think he's hot. So what Oxshag realized is that people looking for love don't have any time to waste. They don't want to sign up for a service. Why sign up for a service? Oxshag takes that away from you, that pressure of signing up for a dating site. They've decided that the onus should be on the individual to opt out instead. So everyone is up there on the list of potential shags.

Yeah. Did they run into any EU regulation issues at all?

Well, EU, do we worry about EU anymore? GDPR.

GDPR. Yes, we do.

We've got control back, Carole. It doesn't matter what EU.

Yeah, hand on the rudder. Hands on the rudder.

So Oxshag, they decided to use a university tool that allowed you to look up anyone's contact details, and they just scooped it all up. They scooped up all the names and addresses and they plugged them into Oxshag.

And their view is that because they're already public, what's the problem? And who cares if you're married with three children, right? Legitimate interest.

They say well look, you probably know who you would rather be doing it with in your filthiest fantasies. Our job is to bring those fantasies to life, be it a sexy tutor, a shredded gym crush. These are words. I'm just making noises. I don't know what these mean. Or even that one friend you've been too afraid to make a move on. We can make the magic happen. So what their plan was, was that you can register your interest until February the 2nd and tell the site who you're interested in. You can pick anyone from the list. And then on Valentine's Day, they are going to send out the matches. And so people will get a message saying, so-and-so at the university. Well, they won't say who. They say someone at the university is interested in you. If you want to find out who.

You have these things in common. Fox hunting.

Can I ask, is there any pictures of these people? Or is it just literally name and email address?

I think it's just name and email address because when you're a student, you're not that picky. And quite right too.

Right, so you just go, oh, you know, I really want to shag a Pamela. That's what I do. Yeah, I'm going to Alt-F on Pamela and let's see what comes up. Okay, okay, this is fun.

So the chap who set up this website, his name is Ox Shagger. I'm assuming that isn't his real name, but that's the name he's using in the media reports. And to answer your question, Carole, he said, I didn't look into the intricacy. Let me do it with an Oxford accent. I didn't look into the intricacies of GDPR law when making Oxshag because all the information I used was available on the Oxford University website.

I could have totally predicted this kid. Yeah. I'm like an oracle.

So there's no privacy policy. There's no obvious way to remove yourself from the site. And I wondered, what do you think of all this? Is this a good thing? Is this doing people a favour? How do you feel about it?

Love it. Yeah. Great idea. They should do it all over the country.

Don't you think? I mean, what a brilliant idea because it's so intimidating. Is it? This is the question which I really have for you, right? Now, Andy, I know you've lost a lot of weight. I know that you're looking pretty shredded, pretty buff at the moment.

Shredded. Now you know what it means.

No, I don't know. I used it earlier, didn't I? So I'm imagining you sat in the office. Now, would you like a stream of people coming up to you in the office and saying, hey Andy, do you fancy going out for a drink sometime?

I would absolutely love that. These are the good old days of the dot-com era where we had rave of the year competition. HR was, you know, HR was, you know, they were everyone came down the pub drinking and then all of a sudden the laws changed and it's you're not allowed to—

God, women wanted rights. Jesus Christ.

So crazy. So yes, I mean, and if these people are taking us back to those days, count me in.

You would love people to queue up. Because that's what I'm wondering is, is this actually better than it happening in real life? Is it less intimidating to get an unsolicited email saying someone's interested in you? Is that better?

How are they interested in me? How? How does that work? Right? What? No, no. But on this thing is just a name and an email address. How do they know anything?

Carole, because you go to Oxford University. So you see the porter. So you see your tutor. So you see your fellow students. And you know their name is Pamela Jenkins. And then you go, I'll search for Pamela Jenkins. Now I have her email address and I can stalk her. I could actually. Or just send her a lovely message saying I'm interested in, you know, mingling.

Why would I need to go through this website? Why wouldn't I just email directly if it showed all the email addresses?

Well, because that can be a bit scary. You only want them to know that you're asking them if they log into the site and do a match. If they say, well, I'm interested in Carole Theriault. Right, okay, that's clever. Yeah. Well, it's like Tinder.

Well, yes, so some of the people I know that went to Oxford, they were introverts. They wouldn't openly go out. And so this is why I think it's a great idea. Now, University of West England, they don't need any help in hooking up. So probably not suitable for them.

Do you know, the Yellow Pages and the phone books, BT should have got in on this because they have everyone's contact details in all cities. So they could have done citywide ox shag and gotten rid of the student requirement and just done it, you know, citywide.

I see. We should have this nationwide, you think? You could be

going like Pembroke shag, London shag, Birmingham shag.

So Rishi Sunak, he wants to tax us more, right? He would like some more money. He could run a website which asks us to subscribe and we can all have fun.

And if he legalises Mary Jane at the same time, people might think it's a good idea.

Well, Ox Shagger, he says, what could have been a fun event has now been ruined by the loud minority. Because the site, it was briefly taken down due to complaints. It was relaunched with a reduced fee of one pound, and it seems to have now gone completely, right? So they've taken it down. He says, loosen up a bit, have a laugh, take life a bit less seriously. I think those who are most against Ox Shag are probably the most in need of it.

Yeah. Ox Shag, if you're listening, get in touch. I think it might be interesting to interview you.

Well, I think there's a serious point here, though, because you may have religious reasons why you don't want to participate in this. You may be a victim of domestic abuse or have been stalked in the past.

Well, according to you, it's all fine because if I don't want to participate, I just don't log into the site.

Well, you still may not want those emails. I was just playing devil's advocate. Also, what if you're in a relationship and you receive one of these messages? That could cause a few problems, couldn't it?

That would be quite nice, actually. University. A relationship for 15 years now. It'd be all right. I wouldn't mind a little flirting.

Get him to perk up a little bit. Maybe he'd raise his game, would he? If he knew there's something else in the running. Who knows who, right? Anyway, the site has come down. Oxford University aren't very happy about it either. Branding issues.

I think he's going to do just fine, Mr. Ox Shagger. He's going to have more time to dream up his next venture. I think we'll hear from him again. He may have a different name. He may rethink that.

His name is probably Humphrey Ox Shagger or Basil, isn't it? Or Tim. Tim terribly nice for Ox Shagger.

That's very... No, I don't. His name could be just Geoff.

Oh, he'd go by Jeffrey, not Geoff.

He might go by Geoff. You guys have Oxford all wrong.

I went to the University of West England. I want to know why Andy's slagging it off. I know what I'm talking about. Andy, what have you got for us this week?

So CES 2020 was recently on in Las Vegas. And every year you see this cool tech and think either that is really cool or you think what is the point of that?

Can you tell us a bit about it? I've never been.

CES. So this is in Las Vegas every year. The Consumer Electronics Show. It's all of the new tech that's coming out and how it's going to change the future. This year I was very particularly interested in any sort of robots or anything to automate security or anything like that. So John Deere demonstrated this robot planter as an example. So people no longer have to go out on their tractors. You know, you can actually just send the tractor out to plant stuff itself. But my favorite thing that I saw this year was something called parking. So for anyone who's got an electric car, you know how they have this sort of range anxiety, you know, whether you do get to the car park, whether there's a space you can park in and charge your car. So there's this robot called Parky that actually comes to any space in the car park. So you can park anywhere, you know, supermarket or whatever. And it will come to you and just charge wherever you park rather than you needing particular spaces to be free. But anyway, so I was looking for anything sort of security. You know, I love that type of area. But in my searches, I did come across this story about a robot security guard, which suddenly became unemployed after Christmas. Now, obviously, terrible time of year to lose a job anyway. But, you know, my attention was more on the fact that this was a robot that was actively employed to do security. So this particular article is about a California utility company called Pacific Gas and Electric, or more commonly known as PG&E. And they started trialing these Autonomous Security Robots, or ASRs, in December. And this was after the fallout from the San Francisco Police Department debacle. And so the San Francisco police were authorized to use robots to deal with certain situations. And they sort of freaked people out when they tried to reassure them that the robot would not be authorized to carry firearms, only explosive. Much better. Obviously, most people are okay with that. Unfortunately, there was a small minority, most like Bob Shagger. A small minority of people managed to cause SFPD to backtrack on these plans for now. But there's still more advice to do it. So anyway, I am all for innovation. I love you, Jack. Wholeheartedly think we need to go through these trials to get something out of the works. But what I didn't realize was how long these ASRs have been out in use in the wild. Okay, so this ASR that was let go by PG&E after Christmas, obviously very sad. California is an at-will state, so it's not getting any severance pay, but I wanted to know what its prospects were. Hang on.

Andy, you're talking about a robot security guard here.

Nobody, I think the point is you can see why employers will prefer them because they don't have to shell out. Yeah, exactly. They don't have to shell out retirement fees and health care or anything. Well, maybe they need a little WD-40, you know?

Yeah. Don't get complaints. You can make it work overtime, all this kind of stuff. So it's actually a Californian company because, of course. Of course. It's called Nitescope, which makes these. But they're not the groundbreaking tech that I thought they were. Okay. So these robots were actually first deployed back in 2015. So sort of seven, eight years ago. And Nitescope they describe themselves as public safety innovators and these are fully autonomous they use self-driving technology and they're designed to alert police security incidents they've got sensors it can detect weapons they can read number plates and then they can detect other kinds of suspicious activities which they don't go into detail about but I'm assuming some type of facial recognition. And so that was in 2015, they first deployed. So by 2017, their clients included Microsoft, Uber, Juniper, LaGuardia Airport, NBCUniversal. And obviously it's not been all plain sailing over the years, as you can imagine with this type of tech. So back in 2016, one of the robots accidentally ran over a 16-month-old child whilst he was patrolling.

Sorry, I sense that you're laughing at this, Andy. You're finding this amusing. I don't think it hurt the child. I'm sure it wasn't going at top speed.

So, yeah, not the end of the world. Sounds a bit when the Peloton treadmill sucked up an infant, if I remember correctly. Yeah, but, you know, you live and learn, okay? It's only an issue if you don't learn.

cars that crash, okay? I'm looking at one right now, and they kind of look a large... Dalek?

Like a nappy bin or something. With a camera.

Well, they do look a bit like Daleks. They do, don't they?

There's another incident where one actually accidentally drowned itself in a fountain when they're supposed to be patrolling the Washington Harbour. It kind of went off track.

I'm seeing one here being advertised on their website for the homeowner associations Yes You could have this thing in your street So many use cases Monitoring you going, pick up your litter

Your bins are out You left them out long Ding

dong, ding dong, ding dong Stop

walking on the cracks in the pavement Why are you doing with that? Wearing that loud shirt

So the four models they've got. Starting with the K1, which is a stationary one. It's designed as a weapon scanner for entrances to buildings and things like that. The K3 is designed to patrol indoors, so I'm assuming like shopping malls and things like that in the US. The K5 is the one that goes outside and patrols areas. And they've got these sensors, like the Roombas, that go around and they build maps where they're allowed to go. And they've got a K7, which sounds like the daddy of all. It's like an all-terrain version that I've seen can track someone down bounty hunter style.

I really hope they've got a canine, which tells you if you've left dog poop and not picked it up.

It's got to be coming up soon, mate. But they charge an hourly rate of $7, which is cheaper than a $16.99 minimum wage in some states. And as you say, obviously, they don't call in sick. They don't need bathroom breaks. They don't have family emergencies.

Well, not yet they don't. Not yet they don't have family emergencies or have to take the... I mean, you know, with the advancement of AI, it's only going to take a certain while before these robots start demanding union rights.

Yeah, unless the government changes the rules and ensures a minimum service requirement, which could happen. So security guards go and strike and these robots get to buoy it in their place for half the cost.

How soon before they have tasers and, you know...

Yeah. So we're only in the second week of this new year, and they've already signed four new contracts to deploy these ASRs to various clients. So this stuff started in 2015. Four new contracts already this year, and I'm sure that these things are not things you buy off the shelf.

I wonder what happens if someone suddenly jumps out, somehow misses the sensors and spray paints all 15 video sensors on it, or drops a bag from a great height on top of it. Do they all come running? Does it call its peers and they all kind of... Trundling.

That's where the K7 all-terrain one comes out. That would be like the enforcer model. Call your big brother sort of thing.

Carole, what have you got for us this week? Well, we are entering the world of self-publishing. I mean, it's got to be hard, right? Publishing with an agent and a publisher is hard enough. I've heard from various authors how they not only have to write the book, but they have to do much of the marketing activity as well and flog it and everything. Yeah. Didn't you once help someone to self-publish a book? Yes, I did, Carole. Yes. It was written by my father-in-law. It was arguments as to why Britain should leave the European Union.

That's right. And how did that go? Did you sell out? I think he sold about 30 or 40 copies in the end. But he needed some technical assistance. He self-published via Amazon. And somehow you offered your services.

Well, I'm just a kind person. Well, don't thank me because, of course, maybe it did actually tip the balance so that we did actually vote for Brexit as a country.

There's 30 votes, did it?

Yeah, I think possibly they did. So, yes. Let's move on, shall we? Thank you for mentioning it. I didn't. I asked. You talked. What? Paranormal bully? So, grumpy ghosts who want to stay here? So you're a bully, I guess.

Is this something that is just completely unprovable?

Well, when I say specialist, I mean she's a self-published author and specializes in writing books about paranormal bully romance. Anywho, I digress. So Miss Meachin also had a group. She found it on Facebook. And in September 2020, a post appeared. And it told the followers that it wasn't Susan, but her daughter writing, and that she was announcing that her mom, Susan Meachin, had committed suicide following bullying and harassment from members in the book community. And this is a big deal, right? The whole group is shocked. And a month later, in October 2020, this is all according to Rolling Stone, a new post was shared on the account clarifying that her mom obviously was no longer in charge of the account. Sorry, thought everyone on this page knew that my mom passed away, she writes. And she further clarifies, dead people don't post on social media. I've been on this account for a week, now finishing her last book.

You say dead people don't post on social media, but I follow a number of dead musicians online. So I follow John Lennon and George Harrison and Jimi Hendrix. They still seem to produce posts on Instagram and places like that all the time. So she's gone.

So she's gone. Her daughter's still working on the final book. And then there was another post, and it requested that the Susan Meachen account should not be reported to Facebook because Facebook would probably discontinue it as she's passed. And the reason for this would allow the account administrators to focus on dispersing the late author's remaining inventory throughout audiobook giveaways and in the aid to help her complete her final novel. And there was a lot of work. So the daughter sought out volunteers on the group to help put the book together, edit and promote it. That sounds fair enough. And there was a fellow author, Samantha Cole, said how the daughter wrote about how horrid the book world had been to Susan. And she writes, quote, apparently they wanted to honour their mother's memory by publishing the last book she wrote, which they did. So the fans and volunteers dedicated to the self-published author pulled together an anthology called Bully King—

A collection of her stories. I'm so fascinated by this whole concept now of paranormal bully romance.

I was going to open this story with an excerpt of one of her books. I thought that'd be the way to do it, and I just couldn't get there in time. And inside the book, this collection that they put together, the dedication reads, the world is a little less bright without her. Words can hurt, but they don't have to. Words can also heal. Let's keep bullying where it belongs, in fiction. Now, by January 2021, this is three months after the initial suicide announcement, Susan's daughter revealed that the page views and sales had basically reached zero. And she posted an announcement saying the account would be going back to a private page for memories only. And occasionally, fundraisers benefiting nonprofits like American Foundation for Suicide Prevention and the National Suicide Prevention Lifeline appeared on the profile. But other than that, the page went dark. And that should be the end of that. Except that Susan Meachen is not dead. More than two years after the announcement, the suicide announcement, Meachen has decided that she wants her life back and returned to Facebook to reveal, tada, I was never dead in the first place. I'm here, guys, stop crying, I'm right here. Quote, she writes, I debated on how to do this a million times and still not sure if it's right to do so. She wrote in her back from the dead to the Facebook group on January 2nd.

I imagine she was welcomed back with open arms by everyone. And everyone said, oh, we're so happy.

Exactly. They're all Fuseys. We thought you were a, it was really fun working on your book volunteering all our free time to pull it together because you had apparently committed suicide. But yeah, so ACC Nightmare on Twitter spotted that our author Susan Meachen had been on TikTok the entire time under her whole name. So she'd been posting TikTok videos and people hadn't noticed this. Another person on Twitter reported that one of her book rankings on Kindle jumped from place, this is positions on Kindle store, so at first it was 267 thousandth and it went up to 82 thousandth. So a huge jump.

Big jump on the paranormal bullying romance chart. So she sold more books because people were memorializing or thinking oh I'll buy her last book and support her family, but she wasn't actually dead.

She wasn't actually dead. So I guess my question to you guys is how bad of a crime is this? So she faked her own death and then tried to profit from that. There's lots of fighting as to who did it, my sister not my sister blah blah.

So this is really tricky obviously everything I say will be immortalized and it's going to be, oh God, you thought this. But this, you know those people that sort of pretend their kids are sick and shave their hair and stuff like this strikes me as that type. Like Munchausen by proxy. Yeah, that's it. And so that's where it's, you know, it's an illness. And so you can't fault the person for doing, but that's what this strikes me as.

There might be some sort of mental health element to this perhaps. It's rather distasteful. I mean, if you're going to fake your death, it's rather distasteful, I think, to claim suicide as opposed to died in your sleep or something or fell off a roller coaster. I don't know. But I mean, it just feels, that feels quite wrong to me.

Yeah, I totally agree. As Andrew says, if this is a mental health issue, then I hope she gets help because this is very not cool. It's not cool to pretend that you're dead and it's not cool to be involved in somehow profiting from it and getting people to volunteer their time in honor of something that hasn't happened. Are you having a stroke?

No, I just got bored. I think we should just fade to black.

So there's probably a lot of smashing security listeners out there who might be concerned after hearing about the data breach which recently occurred at LastPass. Now, that allowed hackers to steal customers' password vaults, and unfortunately there were parts of those password vaults which were astonishingly unencrypted. There's no doubt a lot of questions users are going to ask LastPass about how that could have happened and why some of that data was left in that insecure state. But one password manager that isn't making that mistake is our sponsor Bitwarden. Customers of Bitwarden know that their vaults are entirely end-to-end encrypted with zero-knowledge encryption, including, unlike LastPass, the URLs for the websites which you have saved passwords for. You can learn more about that in the Bitwarden Help Centre and at bitwarden.com slash privacy. And if you happen to be looking to switch password managers right now, well, Bitwarden makes it easy. They support importing from lots of other solutions. And there's even a LastPass migration guide available. Learn more at bitwarden.com slash migrate. That's bitwarden.com slash migrate. And stay safe.

Did you know that misuse of privileged credentials is often the entry point into your network for attackers? And enterprises can combat these threats using an enterprise PAM solution like Zoho's Manage Engine PAM 360. PAM 360 is a fully functional privileged access management suite offering a holistic picture of all the privileged devices, users, and credentials in your IT infrastructure. It's easy to adopt and implement and has been recognized in the 2022 Gartner Magic Quadrant for privileged access management. No wonder it's trusted by more than 280,000 enterprises around the world. Get PAM360 to achieve world-class privileged access management capabilities without denting your IT budget. Learn more at smashingsecurity.com slash PAM 360. And thank you to Zoho PAM 360 for sponsoring the show. Today's podcast is also brought to you by NordLayer. Now, NordLayer safeguards your company's network, but it's much more than just a VPN for business.

You always pretend it's your son, Graham. It's okay, we're okay with it. Well, This is a rare example of a game that I've actually been capable of playing and it is called Vampire Survivors. And when you look at Vampire Survivors, you'll probably think, well, these graphics are rubbish. There's nothing fun here because it's all sort of pixely. It looks like it's from about 1990.

Like every single computer game. No, not like every single computer game. It's, Ars Technica called it their game of the year. It's a minimalistic indie game. It looks like it's rubbish. It's really addictive and fun. I like the name. Well, you know. I'm not a gamer. I'm not a gamer. I'm

Not actually much of a gamer either.

For someone who's not much of a gamer, you play a lot of games.

No, I don't. My son plays a lot of games. I normally just observe. But this is one where I actually joined in and had a go because the controls were so simple, which will appeal to my kind of brain. Andy, what's your pick of the week? So I have a fantastic pick of the week, or maybe one of the worst pick of the weeks you could possibly ever consider, depending on where you land on this. And it's a huge debate for me. Andy, are you running this software at the moment while we record this podcast? I am not running this software at the moment with the conversation we had before we officially started.

I wonder if you can, is there a button that says monthly report and then it tells you how much you talked about food, how much you swore, how much porn you watched? Oh right yeah it was on a beach. I signed up for it and it took a while till my signing came so they launched in November but I was really debating.

Is this information getting uploaded to the cloud?

They say it stays local. So everything stays local on your machine. What was that Charlie Brooker thing, though? They had something like this where a couple had been recording themselves fighting and then had to go back and find all the tapes. Well, especially if it's indexed, makes it much easier to search. This is appalling.

Are you asking permission from the people who come into your room or who you have?

Rewind actually have a very useful article on their site that says the importance of consent and they give you the phrase you should say. "Hey look, for my note-taking purposes would anyone have an issue with me recording this?" I'm looking at the website.

Right now I kind of like the idea of doing it during meetings when you have audio coming into your computer because then everything is captured that anyone said in the meeting. Yeah, oh interesting. I have to think about this.

No, I hate it. I hate.

Why? Because you're a big liar?

Yes, well okay at the moment I'm able to rely on the "oh no you didn't say that."

Oh yeah, it totally has been working for you for the last 20 years. Totally never once have I questioned it.

This sounds awful.

Interesting, I think the word is.

How much does it cost?

So it's $39 a month I want to say. I can't remember, finance is not my strength. I sort of have a card that I use for online, it just auto stops when it runs out.

So we're not sure if that's a pick of the week or a nitpick of the week. Do we like that or not?

I think our listeners should tell us, do you like it? Do you know it?

Carole, what's your pick of the week?

This is very difficult to do on audio but there you go. So my pick of the week is an inflatable sofa slash lounger. I got one for Christmas from my brother-in-law. It's produced by a company called Orson and the thing is amazing. Imagine you had a sleeping bag, quite a wide, broad sleeping bag if you were a portly person, but inflated. And imagine two of those sewn together so you kind of have a sofa type thing. It's easy to inflate because there's no pump or anything like that. You do a little swoosh with the openings and the air gets trapped inside. Or you do it like my niece did and you take a hairdryer because she's lazy. She used a hair dryer to fill it. It has two channels that collect air and then you compress it by rolling the opening over to tighten the whole sofa into place. And then it clicks into place, a bit like those bags that you fold over the top, those rain bags.

I don't know what you're talking about. No idea.

OK, it doesn't deflate. I had mine up during my New Year's Eve little soiree and people sat three at a time. Some people dived on it, whatever, and it did not deflate.

So it supports people. You don't sort of roll off it or anything.

No, it's got two channels so you can either sit in one and you can sit right inside it. You can look it up, no pump required. And it has pockets and pegs so if you're outside and it's a bit windy you can peg it down so it doesn't take off when you get up and go get yourself a drink or whatever. It deflates in less than two seconds because you just literally open it up and it goes whoosh. You fold it up and it's a tiny little thing, maybe eight inches by eight inches by three. So you can slap it in your backpack and bring it camping.

How thick is it? Would it sort of burst on some rocks or where there's some gravel you didn't see?

If you were sitting on knife shards, you would probably want a tarp underneath it. It is inflated, but it feels quality, man, it feels quality. It's 40 bucks or 40 quid. You can find it on Amazon, you can go to Orson. I love it, it's great. The kids loved it. It's a great gaming chair that you can put away when people aren't there needing to game. It's a great TV chair, great reading chair.

Would it support the more corpulent gentleman, the more generously proportioned?

Up to 440 pounds. So that's quite a lot, I think you'll be fine. That's 0.2 tons.

OK, I'll just about manage that.

It's really great. Kids would love it, teenagers would love it. It's like an occasional chair they can put in their bedrooms. Anyway, check it out. Orson, the inflatable sofa or lounger. Find it on Amazon or wherever you shop, it's great. And that's my pick of the week.

Well Carole, I expect to see this next time I'm round for a little drinky poo in your back garden. Let's get it out, I can try it out.

Yeah, I've had it out in the house. I've had it in the front room and everything.

Well on that note we've just about wrapped up our first show of 2023. Andrew, I'm sure lots of listeners would love to follow you online. What's the best way for folks to do that?

Oh, right. So last time I was on I actually gave out my number and was surprised when a few people actually did message me, which is surprising. So I got rid of that number after 15 years of having it. On your LiveJournal blog you can...

I am 100% serious. Yes, I have two social media apps. I have TikTok and Tumblr. I don't want people talking to me on TikTok.

All right. You can follow us on Twitter at Smashing Security. No G. Twitter wouldn't let us have a G. We've also got a Mastodon account. So look for Smashing Security up there. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify and Google Podcasts.

And huge, huge thank you to this episode's sponsors, Bitwarden, NordLayer, and Zoho Pam360. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For show notes, sponsorship information, guest lists, and the entire back catalogue of more than 303 episodes, check out smashingsecurity.com.

Until next time, cheerio. Bye-bye. Bye-bye. Bye. Lovely. Thank you very much, Andy. Really appreciate you coming on. Interesting topics and pick of the week. No, I absolutely love it. It was really good.

No, that pick of the week is scary. No, interesting, though. I don't know how they got funding. $75 million they're worth, apparently.

Well, you know, people fund Facebook and the like, don't they? So, you know.

Yeah, but Facebook, you're getting the data out of it, right?

I suppose. What are people getting out of this? That's the scary thing.

No, but basically it's heroin. You get people addicted to this and change the terms. Yeah, change the terms. And then you make a cloud version, so you can access it anywhere on different devices. And you got them. You're hooked.

Vampire Survivors is very addictive, I can tell you. Definitely. Give that a shot.