Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.
Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
You know what?
This happens in restaurants a lot. You have a waiter, right? And you're working with that waiter. And the waiter's being amazing to you.
And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along.
And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along.
Someone from another table disguised as the waiter. Smashing Security, episode 399.
Ransomware, Bitcoin, honey in hot water, and reset your devices with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 399.
My name's Graham Cluley.
Ransomware, Bitcoin, honey in hot water, and reset your devices with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 399.
My name's Graham Cluley.
And I'm Carole Theriault.
Happy New Year to you, Carole. Happy New Year to our listeners and happy New Year to our special guest who hasn't actually shown up this week because he's ill.
So, well, we send him our best.
We do.
But we definitely have a guest for next week because next week is episode 400.
Oh, we're going to have to bring on someone very special for that, aren't we?
Yes, very special. You'll have to wait and see, listeners.
Yes. And if the very special person drops out, then we won't tell you. You'll just have to assume the person we're getting as a backup is the very special person. Yes.
Okay.
You'll never know.
How about we kick this show off? But first, let's thank this week's wonderful sponsors, 1Password and BigID. It's their support that helps us give you this show for free.
Now coming up on today's show, Graham, what do you got?
Now coming up on today's show, Graham, what do you got?
I'm gonna be talking all about a honey trap.
And I'm gonna find out just what's lurking in your drawers. All this and much more coming up on this episode of Smashing Security.
Now, chums, I'm not sure if you're aware, but buying things online, bit of a big deal these days. Quite a lot of people do it, don't they?
Yeah, I think there's been more online purchases during this holiday season than in-store purchases. And I'm sure we have to thank COVID for that.
Well, yeah, there's a lot of things we have to thank COVID for.
I mean, the fact I haven't seen you in a while.
So buying things online, obviously a really big deal and everyone's after a bargain.
Yes.
Everyone's scooting around trying to find the website which is offering the best deal or maybe somewhere which is offering you free post and packing.
It's a bit of a nuisance, isn't it? You can spend hours and hours trying to find the thing you want at the right price.
It's a bit of a nuisance, isn't it? You can spend hours and hours trying to find the thing you want at the right price.
Yeah, I have to admit, I am not one of these deal hunters. Obviously, I don't want to pay over the odds.
You know, I don't want to pay stupid money for stuff, but saving £5 for something, for me, is not worth an hour of scouring the web.
You know, I don't want to pay stupid money for stuff, but saving £5 for something, for me, is not worth an hour of scouring the web.
Yeah, I mean, if you're really strapped, then maybe it is. But I think what's great is if you're able to find, for instance, a promo code or a coupon or something.
If someone were to give you, Carole, a book full of vouchers, which would give you 10% off, 20% off the thing which you're trying to buy, and you're buying from a reputable site, maybe it's the actual manufacturer's website for whatever this thing is that you're buying, that'd be pretty good, wouldn't it?
If someone were to give you, Carole, a book full of vouchers, which would give you 10% off, 20% off the thing which you're trying to buy, and you're buying from a reputable site, maybe it's the actual manufacturer's website for whatever this thing is that you're buying, that'd be pretty good, wouldn't it?
Remember when there was the Zelda game came out and you gave me a code to go or a place to buy it for something a little bit cheaper?
That's right.
And it didn't work the first time. So I did it again. I bought it twice. And a very wonderful listener actually bought one of the versions. So thank you very much for that.
But I was just, why?
But I was just, why?
Why?
To save like $10? Why did I listen to Graham again?
Why did you listen to Graham? Well, a lot of people, they love to get a bargain.
That's true.
And there are browser extensions which can help you do this. And one of the most well-known is a browser extension called Honey. Have you heard of Honey?
Not the buzz, buzz, buzz kind, but the browser extension?
Not the buzz, buzz, buzz kind, but the browser extension?
I'm sure I have, but I've never used it, so I don't know anything about it. Tell me everything.
I've never used it either, but I see it promoted all the time.
This is a browser extension which, when you're going to the checkout of an online store, will automatically scour its database and fill in that little bit of the form which says, have you got a promo code or have you got a coupon which can save you some money?
And so it looks for it and it puts it in itself. I mean, it sounds really brilliant system.
This is a browser extension which, when you're going to the checkout of an online store, will automatically scour its database and fill in that little bit of the form which says, have you got a promo code or have you got a coupon which can save you some money?
And so it looks for it and it puts it in itself. I mean, it sounds really brilliant system.
So it's if I were buying some clothes at, say, H&M or wherever, Marks & Spencer's, and, you know, it's £100 and then Honey, it's a plugin to my browser.
So that would say, hey, you can put an M&S 15% off and then I would get a deal or something. That kind of thing?
So that would say, hey, you can put an M&S 15% off and then I would get a deal or something. That kind of thing?
Yeah, and it would put in the promo code itself. So it's a fairly seamless process. So just as you're hitting on checkout, it says, whoa, hang on, would you to look for coupons?
And you click a button, you say, yes, I would. And it goes chug, chug, chug. And it says, oh, I found one, I'll put it in for you. Or, oh, afraid I wasn't able to find one.
But you can understand why something that is really popular.
And you click a button, you say, yes, I would. And it goes chug, chug, chug. And it says, oh, I found one, I'll put it in for you. Or, oh, afraid I wasn't able to find one.
But you can understand why something that is really popular.
Oh, totally. 'Cause loads of people are cash-strapped these days, especially after Christmas, which you'll hear about in my story. But yeah, I think that sounds a great idea.
Sounds a great idea. And obviously, because this is the Smashing Security podcast, everyone's assuming that this is some kind of scam. But this isn't some flash in the pan.
Honey has been around since 2012. 13 years this has been around. It was acquired by PayPal 5 years ago for $4 billion. Wow.
Honey has been around since 2012. 13 years this has been around. It was acquired by PayPal 5 years ago for $4 billion. Wow.
And PayPal has a pretty good rep on these things, so that will give it credibility. Totally.
Yeah, absolutely. So it's part of the PayPal empire. And over the years, it's been really heavily promoted by influencers on social media.
Honey sponsors YouTubers' videos, their channels. They push it out in front of the faces of millions of people.
So if you go to a big YouTube channel, you'll find those guys, those cool people telling you all about the wonders of Honey, how it saved them hundreds of dollars by filling in these coupons automatically.
By the way, this is a free browser plugin. You don't have to pay. There's no subscription.
Honey sponsors YouTubers' videos, their channels. They push it out in front of the faces of millions of people.
So if you go to a big YouTube channel, you'll find those guys, those cool people telling you all about the wonders of Honey, how it saved them hundreds of dollars by filling in these coupons automatically.
By the way, this is a free browser plugin. You don't have to pay. There's no subscription.
Right. It's all happy news. You just get savings, savings, savings.
That's right.
Okay.
Everyone was really, really happy with Honey. Until last month, when a Kiwi YouTuber called MegaLag released a video that blew wide open a huge controversy about Honey.
By now, you've probably heard about Honey. You know, the browser extension that saves you money.
Do you have Honey installed? What's Honey? Oh, no, no, no. Honey is a free browser extension. Free browser extension. Free browser extension.
Free browser extension. That automatically applies coupon codes when you check out online.
Free money, basically.
It's literally free money.
It doesn't make sense to not be using this.
So what's the catch? There is no catch.
Join Honey.
Join Honey.
Join Honey. Honey.
Honey.
Honey. Honey. Honey. Yeah, I hate to break it to you, but your favorite influencers sold you a lie.
MegaLag alleges that Honey's browser extension doesn't just insert coupon codes when users buy things online.
MegaLag alleges that Honey's browser extension doesn't just insert coupon codes when users buy things online.
Okay.
He says it also modifies cookies on your computer, changing affiliate links. Now, what does that all mean? And why does that matter? Well, imagine you are Linus Sebastian.
He's the guy who runs the Linus Tech Tips YouTube channel, a really popular YouTube channel amongst tech people, has 16 million subscribers.
Or if you're Marques Brownlee, he runs MKBHD, again, a really popular YouTube channel. He's got 20 million subscribers.
If you've ever been on YouTube, you are likely to recognize these guys' faces. They make amazing videos about all the new tech that comes out. They've made thousands of videos.
They have had tens of billions of views on their videos.
He's the guy who runs the Linus Tech Tips YouTube channel, a really popular YouTube channel amongst tech people, has 16 million subscribers.
Or if you're Marques Brownlee, he runs MKBHD, again, a really popular YouTube channel. He's got 20 million subscribers.
If you've ever been on YouTube, you are likely to recognize these guys' faces. They make amazing videos about all the new tech that comes out. They've made thousands of videos.
They have had tens of billions of views on their videos.
Jealous much?
Oh yes. And because they're so popular, they make a very tidy income through sponsorship.
Right.
And years ago, along came Honey, you know, da da da da da. Hello, Mr. YouTuber, they said. And these YouTubers told their viewers about this free Honey browser extension.
They described how amazing it was at saving them money. They recommended it to their viewers and said, there's nothing to lose from using this. And Honey became super, super popular.
Millions of people use Honey.
They described how amazing it was at saving them money. They recommended it to their viewers and said, there's nothing to lose from using this. And Honey became super, super popular.
Millions of people use Honey.
Mm-hmm.
And if you're a YouTuber, there's a few different ways to make money.
If you're a YouTuber Linus or Marques, you can get cash from YouTube itself for having ads pop up during the videos, right?
We've all seen that, and they're very irritating, but you know, they pop up during your video.
If you're a YouTuber Linus or Marques, you can get cash from YouTube itself for having ads pop up during the videos, right?
We've all seen that, and they're very irritating, but you know, they pop up during your video.
Mm-hmm.
They can also partner with firms who want them to talk about their products in the form of an in-video host-read ad.
Yes.
Yeah. A bit we do ads in the middle of the podcast, right?
Exactly. It's our voices speaking rather than someone else's voice, and we are endorsing effectively that product when we do that.
Yeah. And so they will be there on the screen saying, hey, I'm just interrupting the video to tell you about our sponsor this week. And they will talk about, for instance, Honey.
Right.
And the other way in which they make money is they have links in their video descriptions which point to the products, the software products, the hardware, whatever it is that they've been making videos about.
And most of the times those links are affiliate links.
And so the YouTuber gets a percentage if you enjoy their video and you decide, I'm going to buy that product and use the link in their description, right?
Which passes on to the website a parameter which tells the website selling the product, oh, this came from Linus Tech Tips, for instance.
And most of the times those links are affiliate links.
And so the YouTuber gets a percentage if you enjoy their video and you decide, I'm going to buy that product and use the link in their description, right?
Which passes on to the website a parameter which tells the website selling the product, oh, this came from Linus Tech Tips, for instance.
Yeah. Throw them a few pennies.
Yeah. Maybe more than a few pennies in some cases.
Mm-hmm.
So the YouTuber is getting a percentage. And when you follow one of those links with an affiliate link, the vendor's website sets a cookie containing the affiliate code.
And that's the way that they know the customer came from Marques Brownlee rather than Linus Tech Tips or whoever it might be.
And that's the way that they know the customer came from Marques Brownlee rather than Linus Tech Tips or whoever it might be.
Yeah.
And this is a little bit complicated. Let me try and explain this. Sometimes someone will watch a video and they won't instantly buy that product, right?
Or you'll do a bit more research. You may watch more than one video.
You may watch a whole bunch of videos about something, or you may read a review in a blog, or you may take a month saving up your cash before finally going and buying the new graphics card or whatever it is that's been promoted.
And you may have watched a video by both Marques and Linus.
Or you'll do a bit more research. You may watch more than one video.
You may watch a whole bunch of videos about something, or you may read a review in a blog, or you may take a month saving up your cash before finally going and buying the new graphics card or whatever it is that's been promoted.
And you may have watched a video by both Marques and Linus.
Mm-hmm.
So who should get the money? Should they go half and half?
I don't know. That's hard. I was going to guess that it might be the first person. Yeah.
Well, of course it may be the first person wasn't convincing at all. And it was the—
Yeah. Yeah.
What the industry tends to do is it follows a practice called last-click attribution, which means that the last affiliate link the user clicked on is the one that counts.
Ah, the most recent one.
Yeah. I mean, you can argue whether that's right or wrong, but there's no really very easy way to make it any fairer. So that tends to be the standard.
So the YouTubers don't share the cash. It's just the last one in the chain who gets it.
So the YouTubers don't share the cash. It's just the last one in the chain who gets it.
So in other words, I'm coveting this pair of shoes. It's being advertised. They're being advertised everywhere. And finally, the last one I see, I say, okay, I'll buy them.
I'll buy them. They're the ones who get the kickback.
I'll buy them. They're the ones who get the kickback.
Yeah.
And if they click through on your link, even if they previously clicked through on someone else's link, Carole, and didn't go through the purchase, the fact that you were the latest one to send them there, you're the one who gets the cash.
And if they click through on your link, even if they previously clicked through on someone else's link, Carole, and didn't go through the purchase, the fact that you were the latest one to send them there, you're the one who gets the cash.
Gotcha.
And obviously, if the user making the purchase has got Honey installed in their browser, then a coupon might be applied, which means obviously the YouTuber gets a little bit less because maybe there's 10% off than they would have done if the user had paid full price.
But, you know, it's all fair in love and war, right? And here's the thing. What Honey does is it jumps in, as I said, at the end of the checkout process to look for a coupon code.
After the YouTuber's video has been watched, just as the purchase is about to be made. And what Megalag discovered is that Honey changes the cookie.
So rather than it still containing an affiliate code for Linus Tech Tips or Marques Brownlee or Carole Theriault or whoever it is, it now uses Honey's code.
But, you know, it's all fair in love and war, right? And here's the thing. What Honey does is it jumps in, as I said, at the end of the checkout process to look for a coupon code.
After the YouTuber's video has been watched, just as the purchase is about to be made. And what Megalag discovered is that Honey changes the cookie.
So rather than it still containing an affiliate code for Linus Tech Tips or Marques Brownlee or Carole Theriault or whoever it is, it now uses Honey's code.
Stealing money effectively from all these other people.
Ah, who gets the affiliate money?
It's very sneaky.
It's very sneaky. And who do you think is pissed off about this? Everybody. Well, in particular, the YouTubers, because they're not earning any money from those video links.
So they've gone to the effort of making a video about a product. They've got the link.
Their supporters of the videos have clicked on the links in the description only for Honey to skim off the cash.
So they've gone to the effort of making a video about a product. They've got the link.
Their supporters of the videos have clicked on the links in the description only for Honey to skim off the cash.
And surely it's not just YouTubers. Surely it's any service.
Absolutely right. So anyone, it's not just the big guys. You don't have to have a big YouTube channel. You could have a blog, you could have a podcast, whatever it is.
Anyone who's hoping to get some affiliate cash, will find it has been swiped from under their nose at the last minute.
Anyone who's hoping to get some affiliate cash, will find it has been swiped from under their nose at the last minute.
I feel more sorry for the smaller ones, smaller people trying to make a buck than the big-ass YouTubers that are going, oh wow, I only saw $100 grand this month.
So sorry, sorry guys, sorry guys. I'm not saying it's fair. It's just, you know.
So sorry, sorry guys, sorry guys. I'm not saying it's fair. It's just, you know.
Now in Megalag's video, he describes it like this. He says, imagine you walk into a TV shop and there's a helpful salesman there.
He answers all your questions and you agree on what you want to buy and at what price. You've thought, this is the TV for me. And he tells you, go to the checkout.
He says, take this coupon with you, which basically has my name on it, and I will earn a little bit of commission.
He answers all your questions and you agree on what you want to buy and at what price. You've thought, this is the TV for me. And he tells you, go to the checkout.
He says, take this coupon with you, which basically has my name on it, and I will earn a little bit of commission.
Tell him Mark sold it to you.
Right. Yeah. But just as you are about to pay at the checkout, another salesman jumps in, rips the coupon out of your hands, and replaces it with one with his name on it.
You know what? Can I just digress slightly? This is a bit like— this happens in restaurants a lot. You have a waiter, right? And you're working with that waiter.
And the waiter's being amazing to you. And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along and takes the tip and all the money.
And you're like, hmm.
And the waiter's being amazing to you. And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along and takes the tip and all the money.
And you're like, hmm.
Someone from another table disguised as the waiter. Or sometimes it can be the manager of the restaurant, isn't it? Who wants to pocket it.
It's hardly going to be popular with colleagues, is it? If someone is stealing your commission.
It's hardly going to be popular with colleagues, is it? If someone is stealing your commission.
No, it's icky. It's definitely icky.
It really is. So maybe you don't care about this. Maybe you think, well, at least I'm getting money off. I've got a coupon. Honey's doing its job. I'm saving money.
I don't care about the salesman. You should care about the salesman, but maybe you're thinking you don't.
But it gets worse than that because Honey does this even when it can't find a coupon for you. So it says, I'll look for a coupon.
And when it fails and doesn't insert one, 'cause it says, oh, there's nothing around.
So even when there's no discount for it to plug into your checkout form, it still grabs the commission, stealing it from someone else.
I don't care about the salesman. You should care about the salesman, but maybe you're thinking you don't.
But it gets worse than that because Honey does this even when it can't find a coupon for you. So it says, I'll look for a coupon.
And when it fails and doesn't insert one, 'cause it says, oh, there's nothing around.
So even when there's no discount for it to plug into your checkout form, it still grabs the commission, stealing it from someone else.
This has moved from icky to outrageous.
And then it gets even worse than that.
I don't have a bigger word than that.
I don't know.
Okay, I'll think while you're talking.
Because it turns out that Honey doesn't always offer you the best deal anyway, even though it claims, oh, we've got the greatest database of all of the coupon codes in the world.
It turns out that companies who sell products, surprise, surprise, don't always want all of their customers benefiting from the biggest discounts available.
And so you as a business can partner up with Honey so it doesn't offer the 20% discount code.
They can say to Honey, look, yeah, there is a 20% discount code, but could you just offer the 5% one instead? And Honey will do that. So it's done deals with companies.
It's working in cahoots with them, not to get you the best deal possible, but to get the best deal for Honey and the companies it works with.
It turns out that companies who sell products, surprise, surprise, don't always want all of their customers benefiting from the biggest discounts available.
And so you as a business can partner up with Honey so it doesn't offer the 20% discount code.
They can say to Honey, look, yeah, there is a 20% discount code, but could you just offer the 5% one instead? And Honey will do that. So it's done deals with companies.
It's working in cahoots with them, not to get you the best deal possible, but to get the best deal for Honey and the companies it works with.
Yeah. And they're taking advantage of our laziness effectively by using this plugin to do this rather than go search the code out ourselves.
Right. Right. Now I would say, and I think you were gonna come up with a word to describe this. I was just gonna say underhand.
Shit.
Shit, right? Now, this is what occurred to me.
If there was some rogue browser extension which was messing with affiliate links like this to benefit its creators financially, we'd be asking why the cops aren't investigating, right?
Because this sounds the kind of thing cybercriminals and fraudsters do, doesn't it?
If there was some rogue browser extension which was messing with affiliate links like this to benefit its creators financially, we'd be asking why the cops aren't investigating, right?
Because this sounds the kind of thing cybercriminals and fraudsters do, doesn't it?
Mm-hmm. Mm-hmm.
So how is it possibly right that a company owned by PayPal is doing this and has been doing it for over a decade?
Because it's in their T&Cs. Am I right?
Well, I don't know. PayPal says they've released a statement saying we follow industry rules and practices, including last-click attribution work.
Well, I don't think deliberately removing all traces of original links that led a user to a product and replace them with its own affiliate ID is an industry standard.
And surprise, surprise, other people are pretty pissed off with this as well.
Not only the influencers, not only the YouTubers who've obviously been working with Honey in the past, who've— now Honey's getting rather a bad name.
But there's also now a class action which has been launched against PayPal.
So now it'll be the lawyers getting rich, I imagine, claiming that hundreds and hundreds of millions of people have been scammed through this.
Well, I don't think deliberately removing all traces of original links that led a user to a product and replace them with its own affiliate ID is an industry standard.
And surprise, surprise, other people are pretty pissed off with this as well.
Not only the influencers, not only the YouTubers who've obviously been working with Honey in the past, who've— now Honey's getting rather a bad name.
But there's also now a class action which has been launched against PayPal.
So now it'll be the lawyers getting rich, I imagine, claiming that hundreds and hundreds of millions of people have been scammed through this.
Yeah, I smell class action suit here.
Yeah, that's what's happened. That's what's happened. So my advice, don't install extensions like Honey on your computer.
It doesn't guarantee you're going to find the best coupons and you may be putting YouTubers out of pocket.
If you really want to find a deal, you may be better off, as you said, Carole, searching yourself.
It doesn't guarantee you're going to find the best coupons and you may be putting YouTubers out of pocket.
If you really want to find a deal, you may be better off, as you said, Carole, searching yourself.
Yeah, but even that can be risky. So don't listen to me ever, people.
Well, you know, dig around for honey, you may get stung. Maybe I could have thought of a better pun at that point. I'll work on it. Kroll, what have you got for us this week?
So a number of very fortunate people this past holiday were thrilled to be gifted a brand new device for Christmas.
Like a friend of the show, who shall remain nameless, was telling me how he bought both his children the latest iPads for Crimbo, put them in their stockings.
And I was like, can you adopt me, please?
Like a friend of the show, who shall remain nameless, was telling me how he bought both his children the latest iPads for Crimbo, put them in their stockings.
And I was like, can you adopt me, please?
Yeah, kind dad.
Kind dad, right?
Yeah.
Did you go down the route of devices in your household?
No, I just bought a couple of books for my son. That's what— that's—
Love you, Dad.
A bit of rip-off Lego. It wasn't even real Lego. It was sort of Chinese knockoff Lego is what he got.
My other half didn't even get his present yet. I know, how bad is that, right?
Thing is, is if I buy something for him and he's not there to vet it, it ends up in the back of the cupboard never to be seen again.
Thing is, is if I buy something for him and he's not there to vet it, it ends up in the back of the cupboard never to be seen again.
Yeah.
So I know what I want to get him. I just need him to choose it when we get there.
Yeah, my wife and I, we don't do presents because we figure it's going to end in disappointment. We'll just be nice to each other instead.
Exactly. But I wanted to look at how much we as a collective spent on devices this past holiday. So in the USA, 1 in 5 said they dreamed of finding a new device in their stocking.
And now we're talking— when I say devices, we're talking gaming consoles, mobile handsets, computers, tablets, all that kind of stuff.
And now we're talking— when I say devices, we're talking gaming consoles, mobile handsets, computers, tablets, all that kind of stuff.
Okay. Technology.
Tech. Yeah. Yeah. But so, you know, so is a washing machine, right?
So— Oh, yeah. OK, so yeah, sort of entertainment tech and mobile device. Yeah.
OK. And these aren't cheap gifts.
No.
Holiday shoppers tend to spend more on electronics than they do in any other gift category.
An estimated $55 billion is expected to have been spent on electronics in the US during the recent holiday, says Capital One. $55 billion on electronics. I can't believe that.
An estimated $55 billion is expected to have been spent on electronics in the US during the recent holiday, says Capital One. $55 billion on electronics. I can't believe that.
I wonder what that works out to per adult.
Yeah, well, I'd throw out $350 million. You do the math while I continue talking.
In the UK, more than a quarter of adults were planning to treat themselves or a loved one to a new device this Christmas, according to the Information Commissioner's Office, the ICO.
So that's 1 in 4. All this to say that there were a lot of devices that had been bought, wrapped up, and gifted this past season.
And the question that occurred to me when I read this is, what's going on with all the retired tech?
Most people who are receiving a new phone or new tablet or new computer most likely already have one of these devices, right?
In the UK, more than a quarter of adults were planning to treat themselves or a loved one to a new device this Christmas, according to the Information Commissioner's Office, the ICO.
So that's 1 in 4. All this to say that there were a lot of devices that had been bought, wrapped up, and gifted this past season.
And the question that occurred to me when I read this is, what's going on with all the retired tech?
Most people who are receiving a new phone or new tablet or new computer most likely already have one of these devices, right?
Yeah, good point.
So what do we do with these devices? Actually, what do you do? What do you— you have had loads of electronics through your lifetime.
I've just done this just recently, actually, which is that I sold an old computer.
Excellent.
Yep, I did that.
And so I've been foraging around in all my drawers looking for old phones and all kinds of old tech because, you know, either they're going to cycle it for parts or maybe they'll be able to use it themselves.
And so I've been foraging around in all my drawers looking for old phones and all kinds of old tech because, you know, either they're going to cycle it for parts or maybe they'll be able to use it themselves.
Exactly. But the thing is, what do you think most people do?
Do people take them down the dump? Or do people give them to their kids or something? Or what would they do?
They hoard them. The vast majority, 80% of Americans and Britons, are holding on to two or more old tech devices. And I mean, I have a drawer full of tech crap, right?
Mostly wires and cables, old headphones.
Mostly wires and cables, old headphones.
Yes.
Different, you know, different ends, you know, because the phones keep changing their little connectors. So I've got tons of that.
I would almost guarantee that every listener to Smashing Security has a drawer full of wires and cables and micro mini USB things. And you're thinking, oh, that'd be useful one day.
I'll keep that here.
I'll keep that here.
Or you can't even be bothered to untangle the rats—what's that called? When all the rats' tails get kind of combined together? I think it's called a king rat.
But anyway, it's this huge monstrosity of tangle of stuff. And you just close the drawer. A family member of mine passed away in December and we've been going through all this stuff.
The amount of tech this person has been hoarding would blow your mind. We found at least 3 brand new Rokus. Haven't even been opened. There's tons and tons and tons of stuff.
There's a single room full of old computers and tablets and phones and cameras and all their power supplies and cables and whatnot. And it's really just overwhelming.
It's overwhelming to go through and to decide what's useful and what's not.
But anyway, it's this huge monstrosity of tangle of stuff. And you just close the drawer. A family member of mine passed away in December and we've been going through all this stuff.
The amount of tech this person has been hoarding would blow your mind. We found at least 3 brand new Rokus. Haven't even been opened. There's tons and tons and tons of stuff.
There's a single room full of old computers and tablets and phones and cameras and all their power supplies and cables and whatnot. And it's really just overwhelming.
It's overwhelming to go through and to decide what's useful and what's not.
Yeah.
So, okay. So I can understand we do that because, hey, we're excited about the new device. Who cares about the old one? Throw it in the drawer. Forget about it.
The reason, it turns out, that many of us do let this happen has to do with us not being comfortable in wiping them.
The reason, it turns out, that many of us do let this happen has to do with us not being comfortable in wiping them.
Right.
Most of us know that there's sensitive information, but we are not sure how to delete that stuff off the device.
Yeah.
So instead, we put these rather expensive items in a drawer and forget about them.
Yeah, I can well believe that's true.
Yeah, but the ICO's recent figure says that 30% of adults simply don't know how to wipe their personal information from old devices or tech products.
And I'm going to guess that's similar for the US and the rest of the world.
And I suppose there's a silver lining here that people recognize that their electronics have sensitive information. So that's a good thing.
And I'm going to guess that's similar for the US and the rest of the world.
And I suppose there's a silver lining here that people recognize that their electronics have sensitive information. So that's a good thing.
Yes, in some ways it's encouraging, isn't it?
Because you think, oh, they're quite savvy to the fact that it could be an identity thief's dream to have access to your old hard drive or your old phone if it were unlocked.
Because you think, oh, they're quite savvy to the fact that it could be an identity thief's dream to have access to your old hard drive or your old phone if it were unlocked.
And the thing is, as you were saying, there's money to recoup in selling old devices.
And values can range, obviously, but you could be hoarding a few hundred pounds in your bottom drawer. And a few hundred is, it's something.
Certainly not something to be sneezed at, right? So what we want to do with these devices is effectively to factory reset them, also known as a hard reset.
And I think once that's done, the phone or the device can be sold or given away to someone in need without having to worry about them having access to your banking or your personal info or your diary or whatever.
And in the show notes, I have links to resetting Apple devices, Samsung devices, and Google devices. I think those are the 3 big ones.
Is there any more you can think of that might be useful?
And values can range, obviously, but you could be hoarding a few hundred pounds in your bottom drawer. And a few hundred is, it's something.
Certainly not something to be sneezed at, right? So what we want to do with these devices is effectively to factory reset them, also known as a hard reset.
And I think once that's done, the phone or the device can be sold or given away to someone in need without having to worry about them having access to your banking or your personal info or your diary or whatever.
And in the show notes, I have links to resetting Apple devices, Samsung devices, and Google devices. I think those are the 3 big ones.
Is there any more you can think of that might be useful?
Certainly, I mean, that's good for mobile phones, but there's also, of course, laptops and computers. So you may want instructions for Windows.
Yeah, that's a good idea. I always forget about Windows because I never use it. OK, it's been added. And you can find these in the links wherever you found this podcast.
But also you can Google because all these websites, so Samsung, for instance, will have a how to factory reset your phone.
Or Apple will have that for your iPad, your iPhone, or your MacBook. And maybe adding hard resetting to our New Year's resolution list might be a good idea.
Because one, if you're short on cash, this is a great way to make a few bucks. It's also think about how many people who can't afford these things.
And I've donated all my old phones after I've done a hard reset.
I've donated them to people that couldn't afford phones and they were extremely happy to be able to have one that worked. And it just makes their lives a little bit easier.
But also you can Google because all these websites, so Samsung, for instance, will have a how to factory reset your phone.
Or Apple will have that for your iPad, your iPhone, or your MacBook. And maybe adding hard resetting to our New Year's resolution list might be a good idea.
Because one, if you're short on cash, this is a great way to make a few bucks. It's also think about how many people who can't afford these things.
And I've donated all my old phones after I've done a hard reset.
I've donated them to people that couldn't afford phones and they were extremely happy to be able to have one that worked. And it just makes their lives a little bit easier.
And also, we're over a week into the new year now. So all the other resolutions that we made at the beginning of the year, it's time to move on from those now.
I think most of those we failed. So make this actually the real resolution.
I think most of those we failed. So make this actually the real resolution.
Speak for yourself, Graham. I have a number of resolutions that I am going strong.
Oh, well done.
Yes, we'll learn about that. We'll see how long I go. I don't want to tell anyone what they are until I've succeeded at my goal.
But either way, all this is better than letting these things rot in the bottom of your drawers. Am I right or am I right?
But either way, all this is better than letting these things rot in the bottom of your drawers. Am I right or am I right?
I wouldn't want anything rotting in the bottom of my drawers other than my bottom. Even then, I wouldn't want it to rot. I would— Oh my God. Ads! Sorry.
BigID helps you uncover dark data, identify and reduce risk, take action through remediation, and scale your data security strategy through seamless integration with your existing tech stack.
Start protecting your sensitive data wherever your data lives by visiting bigid.com/smashing.
Get a free demo to see how BigID can help your organization reduce data risk and accelerate the adoption of generative AI.
Also, there's a free new report that provides valuable insights and key trends on AI adoption, challenges, and the overall impact of GenAI across organizations.
So go visit bigid.com/smashing, and thanks to the folks at BigID for sponsoring the show. Quick question.
Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
BigID helps you uncover dark data, identify and reduce risk, take action through remediation, and scale your data security strategy through seamless integration with your existing tech stack.
Start protecting your sensitive data wherever your data lives by visiting bigid.com/smashing.
Get a free demo to see how BigID can help your organization reduce data risk and accelerate the adoption of generative AI.
Also, there's a free new report that provides valuable insights and key trends on AI adoption, challenges, and the overall impact of GenAI across organizations.
So go visit bigid.com/smashing, and thanks to the folks at BigID for sponsoring the show. Quick question.
Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch.
Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security-related necessarily.
Better not be.
Well, my Pick of the Week this week, is it security-related? It's possibly privacy-related. Okay.
If it's good, I'll let it go.
I think it's pretty good.
Okay.
So do you remember before we shut up shop for the end of last year, on Smashing Security, I recommended a site called UDM14.
Mm-hmm.
I think you may have even bookmarked it, Crow.
Mm-hmm.
I explained how you can add a little parameter onto the end of your Google searches and set it up to happen automatically.
So it cuts out all the cruft, all the stuff you don't want, all the ads and all the nuisance.
So it cuts out all the cruft, all the stuff you don't want, all the ads and all the nuisance.
Yes.
And this got me thinking a lot about search engines because I've never been a huge fan of the Google search engine.
I feel like it's deteriorated over the years and they've been doing unpleasant things and I've tried various alternatives to Google.
Well, I've come across and I've been messing around with another alternative to the Google search engine. It is called Kagi, K-A-G-I.
I feel like it's deteriorated over the years and they've been doing unpleasant things and I've tried various alternatives to Google.
Well, I've come across and I've been messing around with another alternative to the Google search engine. It is called Kagi, K-A-G-I.
Okay.
And the thing about Kagi is it's not a rebadged version of Google search results or Bing or something like that. And there are other search engines out there.
Of course, there's DuckDuckGo is very well known. That uses Bing. Startpage uses Google search results. Kagi isn't like that.
Kagi has its own search engine, which it's working from, but you pay for Kagi every month.
You subscribe to it, which means there aren't any ads, which means that you are in control and it's got some really nice features.
So it can, for instance, summarise webpages for you. It's ad-free. It minimises any data collection. It avoids tracking you. You can tweak it with your preferences.
So when it gives you results, you can say, oh, that's a site I like.
So remember to sort of promote that in the search results in future, or don't ever bother giving me a link to that site because I know it's a load of old rubbish.
And so you can set it up like that. It even has a built-in AI.
So if you search for something and put a question mark on the end, it will give you a quick answer to the question as well.
Of course, there's DuckDuckGo is very well known. That uses Bing. Startpage uses Google search results. Kagi isn't like that.
Kagi has its own search engine, which it's working from, but you pay for Kagi every month.
You subscribe to it, which means there aren't any ads, which means that you are in control and it's got some really nice features.
So it can, for instance, summarise webpages for you. It's ad-free. It minimises any data collection. It avoids tracking you. You can tweak it with your preferences.
So when it gives you results, you can say, oh, that's a site I like.
So remember to sort of promote that in the search results in future, or don't ever bother giving me a link to that site because I know it's a load of old rubbish.
And so you can set it up like that. It even has a built-in AI.
So if you search for something and put a question mark on the end, it will give you a quick answer to the question as well.
That's— have you been using it?
I've been using it. And don't worry about, oh, I can't use Google anymore because you can easily, if you wanted to, you can just prefix your search.
So what you do is you can put exclamation mark G and then your search, and that will use Google to do the search.
Or you can go exclamation mark YT for YouTube or exclamation mark R for Reddit, and it will search those instead. So it does cost some money.
So what you do is you can put exclamation mark G and then your search, and that will use Google to do the search.
Or you can go exclamation mark YT for YouTube or exclamation mark R for Reddit, and it will search those instead. So it does cost some money.
Yeah, I'm checking the prices right now.
Yeah. You can try it out for free. The cheapest price tier is $5. I'm currently trying out the $10 tier, which basically allows me unlimited searches. I quite like it.
I'm quite impressed by it.
I'm quite impressed by it.
$10 a month you're paying?
$10 a month. It's obviously cheaper if you were to buy for a year. But I think it's quite good.
Yeah, it's working for you?
It is definitely working for me. And it has some really cute things built into it, like the Wayback Machine.
So if a web page no longer exists, you can find it automatically in the Wayback Machine and other things like that. It has lots and lots of features.
And I think it's, I mean, search is important, right? It's one of the ways in which we all do our job. We all say, oh, Google that, Google that. But I don't really like Google.
So maybe it is worth spending a little bit of money on a search engine instead. So it's called Kagi, K-A-G-I. I would suggest give it a try. See what you think.
So if a web page no longer exists, you can find it automatically in the Wayback Machine and other things like that. It has lots and lots of features.
And I think it's, I mean, search is important, right? It's one of the ways in which we all do our job. We all say, oh, Google that, Google that. But I don't really like Google.
So maybe it is worth spending a little bit of money on a search engine instead. So it's called Kagi, K-A-G-I. I would suggest give it a try. See what you think.
Yeah, you can try it for free, it says here, for 100 searches. Because I've been using DuckDuckGo recently and I've been having, I mean, I like DuckDuckGo. I like its premise.
I like its mission, all that.
But I've been finding when I was searching for stories, for example, a lot of the news is not in my region at all, or not the regions I want to look for.
So typically in my case, it often is ending up in India, a lot of the stuff. Like I would say 90% of the results that are on the first few pages. And I can't seem to get around it.
So it's been, you know, and I don't know if I'm doing something wrong, but you know, I've been searching for another—
I like its mission, all that.
But I've been finding when I was searching for stories, for example, a lot of the news is not in my region at all, or not the regions I want to look for.
So typically in my case, it often is ending up in India, a lot of the stuff. Like I would say 90% of the results that are on the first few pages. And I can't seem to get around it.
So it's been, you know, and I don't know if I'm doing something wrong, but you know, I've been searching for another—
You're not running a VPN or anything? No, no, no, no, no, no.
It doesn't think I'm in India. I've turned off the VPN and all this. No problem. So I don't know. Anyway, so I'll try this out. This is cool.
Give it a try. Give it a try. I mean, obviously $10 per month is quite a lot, but right now I'm trying it out and I'm quite impressed by it. Cool. Anyway, Kagi is my pick of the week.
Kirill, what's your pick of the week?
Kirill, what's your pick of the week?
So my pick of the week comes from... Yes, she's lovely, and she lives in Canada, and it's been extremely cold there for the last few weeks.
I mean, no surprise, because it is January now, and winter is fully set in. But anyway, my mom, she's a huge walker.
Walks every day, rain or shine, freezing or sweltering, she's out doing her walk. She typically gets 12,000 to 15,000 steps in every day. Amazing.
I mean, no surprise, because it is January now, and winter is fully set in. But anyway, my mom, she's a huge walker.
Walks every day, rain or shine, freezing or sweltering, she's out doing her walk. She typically gets 12,000 to 15,000 steps in every day. Amazing.
Very good.
But recently, despite wearing appropriate winter apparel — hat, parka, moon boots, face mask, mitts, scarves — her feet get cold, right? Her feet get cold.
And that's very unpleasant, right? If you're walking, you know, 15,000 steps, you know, it's not very fun.
And that's very unpleasant, right? If you're walking, you know, 15,000 steps, you know, it's not very fun.
Yeah. Yeah.
So one of her friends told her about heated socks. Have you heard about this? So heated socks.
Are these USB powered or something? No, no. What do you charge them up?
Yeah, they are battery-operated heated socks. Let me send you a link here. I'll put it into the show notes for you. So the name of the ones she's using are called Field Sheer.
They don't just do socks. They do everything. Heated jackets and vests and hoodies and base layers and gloves and socks and everything. So these are machine washable.
There's apparently 3 heat settings. So low, medium, high. The charge lasts 5 to 16 hours per charge.
They don't just do socks. They do everything. Heated jackets and vests and hoodies and base layers and gloves and socks and everything. So these are machine washable.
There's apparently 3 heat settings. So low, medium, high. The charge lasts 5 to 16 hours per charge.
Right.
You have 2 rechargeable batteries, which I assume you have to remove before you put it in the washing machine. Plus it's remote controlled.
Oh yes, I can see it. It's got a little remote control with high, medium, and low. I guess that's where you choose the heat.
Yeah. And so she bought these. They're not cheap. These are $60.
Where do the batteries go? Where do you put your battery?
I have no idea. Because I, of course, this is not my purchase.
Right.
But she loves them. She's been wearing them for the last few days. She says her feet are as toasty as anything.
So I'm sure there are other companies that do these, but the Field Sheer ones, she bought them at Costco. So I think they were $60, but she loves them.
And she, you know, she's going to wear them as a double pair of socks. So a thin pair of socks underneath. I'll wash them once a week. Done, done, done. And there we go.
Warm tootsies for my mom. And that is my pick of the week, the Field Sheer Mobile Warming Socks.
So I'm sure there are other companies that do these, but the Field Sheer ones, she bought them at Costco. So I think they were $60, but she loves them.
And she, you know, she's going to wear them as a double pair of socks. So a thin pair of socks underneath. I'll wash them once a week. Done, done, done. And there we go.
Warm tootsies for my mom. And that is my pick of the week, the Field Sheer Mobile Warming Socks.
Very seasonal for all of our listeners in the Northern Hemisphere.
There you go.
For those of you who are in the South, well—
Get a fan.
Buy them in 6 months' time.
Oh, it seems they do cooling clothing as well. It's designed for the hottest climates, so they wick moisture and keep you from overheating during outdoor activity.
So there you go. Terrific. Well, that just about wraps up the show for this week. You can find Smashing Security on Blue Sky, unlike Twitter, which wouldn't let us have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, BigID and 1Password, and of course to our wonderful Patreon community.
It's their support that helps us give you this show for free.
And for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 398 episodes, check out smashingsecurity.com.
It's their support that helps us give you this show for free.
And for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 398 episodes, check out smashingsecurity.com.
Until next time and episode 400. Dun dun. Cheerio. Bye bye.
Bye. You better be good next week. Yeah, we'll blame Bitdefender if it isn't.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Exposing the Honey Influencer Scam – MegaLag on YouTube.
- The Honey Scam: Explained – Marques Brownlee on YouTube.
- 14 million people don’t know how to erase their data from an old device – ICO.
- Electronics hoarding habit among Brits and Americans – SellCell.
- Practical advice for online and electronic devices – ICO.
- How to factory reset your Google Pixel phone – Google.
- How to factory reset your iPhone, iPad, or iPod touch – Apple.
- Reset your Android device to factory settings – Google.
- Erase your Mac and reset it to factory settings – Apple.
- Reset your PC – Microsoft.
- How do I perform a factory reset on my Samsung mobile device? – Samsung.
- Kagi.
- Battery Heated Clothing – Fieldsheer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BigID – Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
