Smashing Security podcast #311: TikTok, wiretapping, and your deepfake voice is your password

Do you have a particular problem with Angela Merkel? Is it true you called her an unfable lardass? No, I have never had any problems with Angela Merkel. Smashing Security, Episode 311. TikTok, wiretapping, and your deepfake voice as your password with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security episode 311. My name's Graham Cluley. And I'm Carole Theriault. And Carole, who have we got in the hot seat this week? We have the lovely Dinah Davis. Dinah, it's been, I don't know, a year since you've been on?

A couple of years. Yeah, I think so. I'm excited, though. I love listening to you guys and I love chatting with you guys. So it's going to be good.

And Dinah, tell us what you get up to in the world of cybersecurity these days.

Yeah. So I've been working with an organization called the Rogers Cybersecurity Catalyst. I'm on their board and they have been doing amazing work getting much more diverse people into cybersecurity, their nine-month speed program out of Toronto. And then just, you know, working with a lot of other startups and trying to help mentor them and help them get off their feet.

Marvelous. Let's think. This week's sponsors, Bitwarden, Collide, and Jurata is their support to help us give you this show for free. Now, coming up on today's show, Graham, what do you got? Hey, it's Amio. I'm a wiretapper.

Okay. Dinah, what about you?

I want to talk about the security value of biometric data.

Ooh, biometrics. And I'll be talking about why some adult TikTok addicts might be despairing. All this and much more coming up on this episode of Smashing Security.

Now, chums, chums, I want you to imagine the scene. There you are. You are a drug trafficker in Rome, Italy.

I don't know the first thing about that. How could I imagine that?

What kind of drugs here? Does that make a difference?

Yeah. What year are we talking? What city area? Are we in a gang?

We're in a druggie part of Rome, Italy, right? I'm sure that doesn't exist. You're checking out your wife's car because you're worried there might be something going on. And you find a GPS transmitter attached to your wife's car. And you think, oh, what's going on here? Someone is trying to track my movements.

It's just embarrassing, the accents, though, seriously.

Right? And you're wondering, is this the police you're thinking? What's going on? Might your phone be tapped as well?

Okay, this is moving very fast for your story. So basically, we've got a drug dealer. He's worried that he's being spied upon. He checks his wife's car, finds a GPS, and now is panicking. He's being listened to by somebody.

Exactly. Maybe it is. I mean, we have proved that, you know, if they're using a secure phone, that that's not going to be helpful. Right. Several times on this show, I think, over the years.

Yeah.

So he thinks, could my phone be tapped? And he calls his friend Camilla and Camilla says, don't worry. I know someone who can find out if you are being tapped or not by the police. I've got a friend at the court, she says. He does me lots of favours. This woman is 27-year-old Camelia Mariline Era. She is a trainee lawyer and she has allegedly, allegedly I better say that because she's a trainee lawyer, she's allegedly been finding out who the police are snooping upon in Rome. Now Italy, you may not know this, I didn't know this until I did some investigations, Italy is apparently the most wiretapped country in Europe.

According to whom? Really?

According to Italian politicians, some say it is more...

Then it's definitely true.

One side, one party says... They're very reliable, very trustworthy Italian politicians.

Some say it's more wiretaps than anywhere else in the world. They love tapping phones. In fact, 200 million euros every year is spent on bugging the phones of hundreds of thousands of mafia mobsters, drug dealers, fraudsters, ice cream salesmen, plumbers wearing dungarees, the whole caboodle of Italian people.

It's kind of weird. And probably some poor innocent people.

Yeah, right, just scooped up in the net. But I'm just surprised there's so many gangsters living there because of tax codes.

In Italy? Yeah, why wouldn't they go somewhere a tax haven?

Have you not heard of the mafia?

No, I have heard of the mafia. There is a criminal contingent. It's not just half a dozen of them. I've seen the movies.

Right. I mean, I've never, is that actually true? Or is it just the movies? I really don't know. I listen to podcasts, actually.

Apparently it is true. Let's stress to all of our lovely Italian listeners, we know there's lots of people in Italy who aren't criminals, but there is obviously a criminal issue as well, to some extent. And some of them are making a lot of money through things drugs and human trafficking and all sorts of nastiness. And sometimes people who aren't criminals are getting tapped as well. So, for instance, journalists have had their conversation steps. There have been journalists who were reporting on immigration and the handling of immigrants. They were being...

Yeah, this has happened in the UK as well, right?

Yes. Yes. It's not the only country where this has happened. It's just you're saying it's the most... Or shockingly, it might be happening in the US.

Oh, my God. As if. As if.

Well, according to Italian prosecutors, it's the only way they can penetrate the mafia and listen to corrupt deals being struck by white-collar crooks, financial fraud, all these sort of things. And so what they do is they ring up the phone company and say, hey, you know, it's the police here. Can we monitor this call? And they say, of course, no problem. But when the criminals use an end-to-end encrypted messaging app Signal to communicate, or, as you mentioned, Dinah, one of these many secure messaging apps created by the police in order to spy on crooks.

Yeah.

Well, in those cases, the police may have to infect the mobile phone with spyware to listen in instead. Now, what might surprise you is normally right-wing political parties are very keen to clamp down on crime, aren't they? Say, we're tough on crime, we're tough on the causes of crime, we're going to lock people up and throw away the key.

Okay, who says that?

Oh, typically right-wing politicians, everyone, everyone who wants to get elected says we're not, we're going to give criminals a hard time.

Okay, right, yeah. Yeah. So, yeah. Politics 101. Okay. Yeah.

Because probably they're involved with the mafia.

Well, that's one theory, Dinah. Allegedly. Allegedly. Yes, careful, Dinah. Throw some allegedly's in. That could be a reason. Well, the reason that many people think is because they are furious that left-wing newspapers keep publishing juicy stories based on wiretaps. So the police hear all these things being said by right-wing politicians. They tip off the newspapers who then go and print it in their tabloid newspapers, all the juicy stuff. Do you remember Silvio Berlusconi, former prime minister of Italy?

Yes.

How could we forget, Graham? Come on. He was like a proto-Trump, wasn't he? He got into trouble because he used to have parties which were called bunga-bunga parties with showgirls. This is according to the English tabloids, of course, you're getting this information. And Italian tabloids. I didn't know you read Italian based on your accent. I assumed not, but, you know. 15 years ago, Berlusconi was being investigated and police heard him saying, amongst other things. He didn't want to hog the attention of all the female guests at a party that he was planning because he said the must go around. I'll bleep out that word. And in 2014, the BBC's Jeremy Paxman, in an interview with Berlusconi, asked him to confirm reports that he had been secretly recorded on a wiretap calling Angela Merkel, who was then German Chancellor...

Oh, yes. Yes. An unfuckable lardass.

Do you have a particular problem with Angela Merkel? Is it true you called her an unfuckable lardass? No, I have never had any problems with Angela Merkel.

Because that's important. Your fuckability is so important as to what kind of leader you could be. It's incredibly important. How many Italian people must have just put their heads in their hands and just gone, "Oh my God, he's so embarrassing." But here is this woman, remember this woman, Camilla Marinella, right, who allegedly was offering to find out if a suspected drug trafficker's phone was tapped. And guess what? His phone was tapped, which means that the police heard her allegedly offering to find out if his phone was tapped. What? Seriously? She just incriminated herself. And so the police, when they heard her alleged claim that she could find the person in the court that she'd just have to pay 300 euros to to find out if the tapping was occurring or not, the police then thought, "Right, we're going to have to find out who in the court is helping this woman allegedly find out who's been tapped and who isn't." We know that you go for a walk near a waterfall, right?

She did try.

Yes, you could do that. We know this. She did put the Hoover on. Exactly, she did go to the effort of using an encrypted messaging app. So she was using the Signal app. She was making a voice call via Signal. I use Signal.

Yeah, I use Signal too.

Yeah, right. So we all use Signal.

I'm not confirming or denying anything.

No comment, Carole. No comment.

Yeah, that's my voice as well. He's so good at accents, eh?

Anyway, what she didn't realize was that just using Signal, even though Signal isn't one of those apps written by the police as far as we know, the police had installed a trojan app on her phone and could monitor. They managed to do that and could monitor.

So they must have known something before that then.

Oh no, I'm sorry, I've misled you. I've got my research failing, so they had the guy tapped. They had the alleged drug dealer tapped, then they saw that he was having a call with her.

Ah, okay.

And then they tapped, they put spyware on her phone to see who else she was speaking to because allegedly she was using Signal.

Sounds like a fun place to live, eh?

Exactly. So she was heard allegedly on this call saying she'd make contact amongst the people who have the headphones on. So she was going to speak to the wiretappers to find out if they were wiretapping this other guy, meanwhile not realizing the wiretappers were listening to her.

Hopefully different wiretappers.

Inception of the wiretapping.

You should have called this a bungle bungle party, part two. So she has allegedly refused to name her sources inside the court. She apparently has told accomplices that she's been very careful. So she only meets her contact, she only makes contact with him when she's got a list of people that she wants to check, not just one by one. And they phone each other up, they let it ring a number of times, then they hang up, and this means "I'm ready to receive your message or your list or whatever."

Any horse's heads?

No horse's heads.

What?

From the Godfather.

Oh, right. Yeah, yeah, yeah, yeah, yeah.

So, Camilla Marinella, she's now under arrest. She denies all wrongdoing, whose father just happens to be a convicted drug dealer.

That's maybe how she became a lawyer.

Oh, my God. Dinah, what have you got for us this week?

Yeah, so I wanted to talk about the value of biometric data. So, Graham, Carole, how many kinds of biometric data are you currently using in your daily life?

Can you define it for me just so I make sure I don't look dumb later?

Fingerprint, iris scan, face scan, that kind of stuff.

I think the only one I'm doing is fingerprints on my phone. So I don't have face ID turned on, I don't bank with anyone who asks to hear my voice. So yeah, finger and thumbprint, I suppose.

I don't even use that. I have actually a password.

Yeah. Okay, so I have fingerprint for my phone and my laptop and my iPad because I guess I'm lazy. And then I also have a Nexus card. And so if you don't know what that is, it's basically a program between Canada and the U.S. that lets me go in and out of the U.S. much more easily. It's the aisle in the airport that you watch them go to ding, ding, ding, and you're like "I hate you."

Yes, and especially since I live close to Toronto Pearson, and that place is a horror show, it is very important to have the Nexus card. Yep, I can imagine. You get through everything. It's a very difficult airport.

Yes.

And it lets you make replicas of people's voices and you know Dave played an example and it was really good. I thought it was amazing because it really did sound like Dave, didn't it?

I mean it did, it really did.

So that was interesting and then I came across an article by Joseph Cox and he decided to see if he could break into his own bank account via the telephone system using ElevenLabs. So cute. Long story short, he totally did it. So he put a whole bunch of samples of his voice into ElevenLabs, then he called the bank and only using files and audio clips from ElevenLabs, he was able to log in.

Welcome to Lloyd's Bank. So we can get you to the right place. In your own words, please say the reason for your call. Check my balance. Okay. Please say or key in your date of birth. Please say, my voice is my password. Unknown. My voice is my password. Thank you.

He was able to check his balance, list all of his recent transactions and transfers. And I mean, who knows what else he could get up to, right? Continue banking with the bank after you've done that because that must piss them off that someone, a journo, does this and then writes about it. Like I wonder if you clean out your account before you publish just in case. I don't. I mean, I feel like I would.

I think I would too. I bet he did. So that made me think about okay, but what should we be using biometric data for? And when is it okay? And the thing is I can't change my fingerprint, right? If somebody's got it, it's gone for life. And you know, I've seen it happen because when I worked at BlackBerry, we were putting fingerprint scanners into our smart card readers we were building for the government. And we would try and practice to see how many times we could get a gummy bear to lift a fingerprint and then use it.

That's so funny.

Because we thought is this a real attack vector or not? I mean, things have gotten a little bit better, but still, it's not good. Like the security of just a fingerprint alone is not strong.

Right.

Yeah. That's so scary. And so many people are in prison based on that. You know, I'm just saying forensically. Anyway.

Right.

Right. And so I thought, OK, well, I do use it all the time. My daughter even can access my phone because I put one of her fingerprints in it so she can change the music while we're driving. Okay, well, why is that okay or not okay? You know, somebody close to me could easily get into my phone, right? If I had face ID or fingerprint while I'm sleeping, no problem, I can get in.

You have the phone in front of them and then you scare them so their eyes open and then you catch it. That's what you got to do.

Or if you're drunk as a skunk and careering around your living room, yeah, they could do, yeah. But presumably I trust these people anyway, right? They are my family, so I trust them anyway.

You're lucky.

No, I'm kidding.

I was kidding.

My husband's gorgeous. I'm just kidding. But what happens if you leave your phone on a plane? Which, by the way, I did this year, which is a horror show. You don't ever want to experience 16 days without a telephone.

Forget snakes on a plane. But yeah, forgetting your phone on a plane is even worse.

Yeah, in New Zealand. In New Zealand on your way home.

Oh, okay.

Yeah. I got it back. I got it back.

Wow.

And I wiped everything remotely. Yeah. So I was okay. I wasn't worried someone was getting in with my fingerprint ID, right? So if I randomly leave it someplace, I'm not worried about that. And it's more likely they would try to brute force the password on it or whatever. So I feel like okay, convenience is possibly a good use of it. It makes it super easy for me to get in. And there's always this balance of cybersecurity and usability. We all know that the best thing would be this amazing 12 to 18 digit password that no one else knows. But that's not very convenient to put into your phone all the time.

No, it's irritating, actually. I can tell you from my own. Carole, if it's irritating, I've got a great suggestion for you. You could just have 12 letters A or something. Or you know, you don't have to have a complicated password.

Yeah, just have a really easy one.

And then I was thinking, okay, what about my face ID for country entry, right? That seems like maybe it should be more serious, right? What happens then? But then I'm thinking, okay, well, I have to walk up to these booths, right? That scan my face. I put my passport in. And so I need to be there in person. So unless you're going to go all Mission Impossible, you 3D print somebody's face, put the mask on and then use my passport. I think it's okay.

I thought when you said Mission Impossible that you would actually use some wires to go above that whole fiasco and just fly over the border control.

Remember, they're always peeling off a face.

That's true. I was peeling off a face.

So I think for some things, biometric data is perfectly fine. I think getting into your bank account, things that are online only, I think maybe no. The voice, I think it's a total no now. Maybe only as a two-factor. But I wouldn't, I would totally not be cool if my bank did that.

What if they made you do a funny accent for the voice when you log into your bank account? I don't think that matters, does it?

Your Italian accent, that would be really good.

Exactly, exactly. If they've only got samples of your regular accent and they don't know what you sound like if you're pretending to be French, for instance, Dinah, then I'm just thinking the bank could record that. And I'm similarly thinking with facial recognition. If they asked you to gurn, pull a particularly ugly face. So again, if your real face is something which is shared with the public, you're not normally gurning or doing some really ugly thing. But I can picture people doing that as they try and get through passport control. Just a thought. Just a thought. These are just ideas. I'm just sharing them with the world.

I don't think it actually works that way.

It does not.

Carole, what have you got for us this week?

Before I start, do either of you TikTok?

No.

Okay, you laugh. You laugh. Okay I'm thoroughly addicted to Instagram and I know that if I went into the TikTok world I would not escape it so yeah. I loaded it once on my phone and realized how addictive it was and I'm no, this can't be on my phone.

Yeah. I don't think anyone wants to see me dancing. So I'm not going to become a TikToker.

Yeah, but not even a TikToker, but someone who also just hoovers all that stuff up. One of these, you know, talker stalkers.

Realistically, I am still seeing all the TikTok content on Instagram. So I guess republished.

I say, yeah.

Well, the thing is, you know, I would call it an internet sensation, right? But it's starting to worry governments and institutions. And we're going to endeavor to try and answer the hot question, what they are worried about? What are you guys worrying about? Are they worried that it's run by a Chinese company?

China seems to come up a lot, doesn't it, as a complaint about it?

Yes, because it started off as Musical.ly, right? And it was a platform to share lip-syncing service. This was in 2014. But four years later, Chinese firm ByteDance acquired Musical.ly and renamed it to TikTok. And it became more than just a platform to lip sync, right? It's now called the short form video hosting service. And it's used by millions. My niece is an athlete. And she sort of competes at hurdles and she's very good. And she told me she put up a video on TikTok the other day, and it had half a million views. It's unbelievable.

That's a lot. Wow.

So it is extraordinary. Now, it may be that they repeat themselves all the time, and maybe she left it on all night. So it was just playing. But still, everything. She got to half a million? Wow.

Yeah. That's amazing maths there. I think that'd be a bit hard to manufacture, but okay.

All the bots. All the bots. All the bots in the whole world. Well, you know, according to Cloudflare back in 2021, it was actually it made it to number one position ahead of Google. Can you believe that?

Yeah, I mean, we were all really bored in the pandemic. So I think there was a serious amount of TikToking happening.

Right. And it's gone back down. So it's now below the other main socials, the Instas, the Twitters, the Facebooks. Right. As a non-TikToker, I was OK, well, let me just see what's, you know, hot right now. You know, what's going on in the TikTok world? And so I saw one news piece about a TikToker who quits every job she's ever had over the most minor inconveniences. This is what our channel focuses on apparently.

Yeah, yeah.

So quote, I started doing this thing where I could clock in and I would sit in the break room for 10 hours every single day and I did this for a month until I got caught and then they wanted me to explain myself so I just quit. So you know, this is intense a high quality kind of person there, you know.

Right.

And the other one was this UK TikTok star radio presenter attempted to do the world's highest pancake flip and in the article I saw it didn't even explain if he managed it or not. He went up the i360 in Brighton and then flipped a pancake while sailing down the viewing tower. So you know I'm just thinking really important stuff, right?

Yeah, I'm pretty sure TikTok's just full of all of that because my Instagram feed is full of all that stuff too.

Right. So why the heck are some high-powered folks not happy? Because this week the European Commission announced its ban of TikTok from government-issued devices. So more than 35,000 workers need to remove TikTok from official handsets as well as personal phones with access to EU council services and it cites, as you predicted, growing concerns about the Chinese-owned video sharing app.

Well, think about this, though. What permissions does TikTok need for you to be able to post TikToks, right? It needs a microphone. It needs video. It probably needs access to storage folders to pick up videos you've already played. And you're not a savvy person and say only while in this app. And even then, what else are they doing? They've got the permissions. They can be going through the rest of your document folders. So I think it's not necessarily what the app can do. It's what it's supposed to do, but what it can do clandestine behind the scenes.

Totally, 100%. And the EU commission agrees with you, I think. So they say that workers are required to remove the app at their earliest convenience, quote unquote, as long as that's before March 15th. At which point devices with the app installed will be considered non-compliant within the corporate environment. I'm blown up, exploded, destroyed. Well, if they miss this 2.5 week deadline, the commission's email and Skype for business will be bricked, apparently. Because they're not playing around.

So do none of these devices have MDM on them?

Yeah.

Yeah. To do it remotely.

Yeah. See, I wonder if it's in some environments, it's your personal phone, but it has work capabilities. So that's the one. So if it's the work phone, if it's a device provided you by work and you then install TikTok on it.

Yeah, that's easy. They can take it off. And they say take it off. That's kind of you can understand that. But if it's your own personal phone that they've asked you to bring into the office and access certain device, you know, through certain apps, it's a different kettle of fish. Can they legally do that? Can they legally tell you what can be on your own personal phone? Because I know that's come up a lot at different places that I've worked, right? Where you bring your own phone and then you basically, they have a management tool that allows you to put work apps onto your phone and then nothing from your phone can talk to those work apps, right?

Yeah.

They were always very clear to say, we cannot see anything on your phone. We cannot delete anything on your phone that's not inside the work app part. So that's until bossware came along.

Well I mean that's what they were saying because they probably, you know, presumably wanted to at least appear to be good companies and be good companies, right?

Yeah. So that's interesting. Can they force you to do stuff with your own personal items?

Yeah, yeah. I mean they can just go all NSA and CSE on you and make you leave your phone at the door and not allow you to take any personal device into the office at all.

And that's true.

And the EU Commission is not the first, you know, I don't know, governmental organization to do this. The FCC last year called on Apple and Google to remove TikTok from the app stores. Do you remember?

Yeah.

Yeah. I do remember that. Yeah.

Over its pattern of surreptitious data practices following a report which revealed that ByteDance officials in Beijing had repeatedly accessed TikTok sensitive data that it had collected on US citizens.

I suspect these balloons that have been floating around are probably getting people even more nervous about it.

The Wi-Fi beeps. Are they just to help the TikTok service? Is that what they are? They connect to TikTok?

I thought the balloons were controlled by TikTokers who were taking drone footage of themselves flipping pancakes while they abseiled down buildings.

The thing is, though, is TikTok is trying its darndest to avoid this type of situation. Because a few days ago, they announced two more data centers will be placed in Europe to really underline the fact that European data put on TikTok will stay in Europe. But they may have been too late because also in the news this week is Canada. Dinah, you're in my homeland.

Yeah. Because soon after the EU Commission's announcement, Canada's privacy protection regulators launched an investigation into TikTok over its collection of user data. So and they initiated it in the wake of now settled class action lawsuits in the United States and Canada as well as numerous media reports related to TikTok's collection use and disclosure of personal information. So they're basically saying we have a total right to do this based upon the evidence we have collected so far. Not owned by ByteDance, not owned by ByteDance, not owned by ByteDance.

Yeah, I think it's just it's not a Chinese company. Is that so it's OK as long as it's not a Chinese company?

Yeah. Oh, God, we live in a weird world.

I hear you. But if we come back to what we were saying before, right, it does collect a lot of information. Those other apps do it too, right? Microphones, phone access, all that stuff. But weirdly, and it's just interesting to watch right now, so politically, the BBC report that the UK is not yet following suit. So UK Prime Minister Rishi Sunak is resisting calls to ban government officials from using TikTok amid renewed concerns from some conservative MPs. So Alicia Kearns, she's the Common Foreign Affairs Committee chairwoman. She's leading the call for the UK government to follow the European Commission. So it's kind of hot waters right now for TikTok, right?

Yeah. The thing is, what are they worried about? The other question, I guess, because I asked you at the beginning, if you had TikTok, if you were TikTokers, what adults in very important jobs in government actually have TikTok on their phone?

Oh, probably lots, actually. I think you'd be surprised, Carole.

Yeah, I think so. I mean, you asked some security conscious people, right, about it. And I knew about the China thing. So I haven't loaded it as well as I think it will be too addictive for me. But so we are not, I don't think we're the target audience here.

I know, but you can just imagine you're walking down the halls of power and you're seeing people reading memos on their phone. No, no, they're just giggling at cats bouncing on trampolines in time to Bonnie Tyler or something.

Hang on. I'm joining TikTok if they've got stuff like that on it. That sounds great. No wonder we're freaking doomed, guys.

Pick of the Week. Pick of the Week.

Pick of the Week is the part of the show where everyone chooses to say, could be a funny story, a book, that they've read, a TV show, a movie, a record, a podcast, a website or an app, whatever they wish. It doesn't have to be security related necessarily.

Better not be.

Well, my Pick of the Week is not security related.

Good.

I want to cast my mind back to when I was a young man going to school in 1980. There I was. I was out of short... I was thinking of the 30s there for some reason. There I was in short trousers.

Walking to school. What I want to know is what kind of hairdo did you have? And that was nice. Probably a mullet. Did you have the mullet?

I was very, very square. I was the only kid at school who had a briefcase.

Did you really?

I had a briefcase, yes. And a shoelace for a zipper as well, but that's for another show.

That's the best.

Anyway, I remember that one of the pressing issues at the time in the very early 1980s was, of course, the threat of imminent nuclear war. And there were sort of infomercials on the TV.

That just took a dark turn.

Yeah, no, comedy show, comedy show. Well, that's what it was. That's what it was. When I was about 11 or 12, there was lots to talk about that and painting your windows to stop the radiation blast, hiding under the table, that kind of thing. And it was something we were quite worried about. This was sort of pre-Gorbachev, and it seemed to be quite a possibility.

You listened to a lot of Sting. No, things were never that bad, Carole. If there was a nuclear war, what horrors could we expect? Well, imagine a one megaton bomb hitting Tyneside as a ground burst and the same size bomb on Teesside exploding as an air burst.

Teenagers. And I was watching this thinking, what a wonderful thing that we're not living in that era. Well, maybe we are actually. Maybe we are. We're just blind to it. Maybe we should be worried about this. Do you like the screenshots I've included there? Someone described it as like having a nuclear holocaust explained to you by Rod, Jane and Freddy from Rainbow. I did. Oh my god, those are incredible. But look at that chemical toilet is made out of a garbage can. Yeah, it's a cat litter here where they've taken the top of the chair off and they've got pink toilet paper beside it because apparently you need pink toilet paper which is probably something you could get in the 80s because you know people like to coordinate their bathroom colors. But it is a fascinating time capsule and I'll link to it in the show notes. It's my pick of the week. Check it out, the TV program for teenagers in 1980. The Métis Nation, yeah.

And their experience is much different from that of like the Inuit or First Nations groups. They are descendants of First Nations women and a group of European men called les voyageurs.

And for non-French speakers, it just means voyagers. Yeah, the term voyager originally described all explorers that came to Canada for exploring, for trade, all that kind of stuff. To freeze, to hopefully not die of scurvy. It's all good.

But in this book, one super cool thing that they talk about is that they used to go and canoe and travel for 16 hours a day at a paddle rate of 60 paddles per minute.

Wow. For 16 to 20 hours, right? And the way they kept up this pace or whatever was they sang. And so they have this really rich history, right? Yeah, not yellow snow. But not yellow snow. We learned that very young. Guilt trip? No, I'm kidding.

And it's just really interesting. So the book is called The Northwest is Our Mother. So that's my pick of the week.

So it's The Northwest is Our Mother and the author is?

Jean Teillet. I guess it's T-E-I-L-L-E-T. Cool. Fantastic. I've sorted out Carole's Christmas present. As a Canadian, she should be listening to that.

Well, before I get into that, I'd just like to thank you both for teeing me up with, you know, nuclear holocausts and genocide. So thanks very much.

We're very cheery today.

My pick of the week, listeners, is a new streaming series. It's basically for those people who like kind of smart relationship dramas. It's called Fleishman is in Trouble. It's based on a book.

Right. Yeah. I wish so much I had read the book before I'd watched the series. The book, I just never got into my echo chamber. And then the series was there and I just ran to it.

So just saying the scene, Toby Fleishman is played by Jesse Eisenberg.

Oh, okay.

He's a recently divorced New Yorker in his 40s, and he starts using dating apps for the first time. And while he finds lots and lots and lots of romantic success, surprisingly amount of romantic success that he never achieved in his youth before that, his ex-wife Rachel, played by Claire Danes, disappears. Okay? And they have kids and she's not showing up to pick them up or call or anything.

This took a turn I did not expect. Okay. Right, right. And I'm hoping that's not giving anything away, but I don't think it is. I think that happens fairly early in the show. But there's a lot of twists and turns in this. And you have to watch a man learn how to multitask more than he ever had to before because, you know, he's got the children. He works at a hospital. He has all these sexual partners, right, in Manhattan. So it's hard to balance and juggle all that. But, you know, he also is really wanting to find where his wife is. So that's kind of the story. Oh, God, we don't want that.

Or nude scenes or nudie scenes.

Oh, the worst.

A lot of, yeah, a lot of self-love, a lot of self-love.

Oh, my goodness.

But the show is good. It has an unusual rhythm. It has nice honesty to it. So two thumbs up. That's not a euphemism from me. Fleishman is in Trouble streaming on FX and Hulu. And it's my pick of the week.

Fantastic. It's the guy from The Social Network, isn't it?

Yeah, The Social Network. Yeah. See, I don't find him at all attractive physically.

No, you wouldn't give him two thumbs up?

No, not in that. I would kick him out of bed for eating crackers.

Anyway, that just about wraps up the show for this week. I think we should get out there before we're arrested. Dinah, I'm sure lots of our listeners would love to follow you online and find out what great stuff you're up to. What's the best way for folks to do that?

LinkedIn, Dinah Davis. And also you can follow codelikeagirl.io, which is my online publication where there's lots of different women telling their stories in technology. Cool. Super. And you can follow us on Twitter at Smash Security. No G, Twitter won't allow us to have a G. We also have a Mastodon account. You can find it most easily by going to smashsecurity.com slash Mastodon.

Bye-bye.

Bye.

Bye. Bye. Toodaloo.

Thank you Dinah. Yeah, no problem. Thanks for having me on. I really love it. It's so much fun.

Oh yay. Well now that we know that you're free and easy, she's not working, she's still doing stuff.

Girl sure, she understands what I mean.

I don't think. Yeah. Yeah.