Could America turn off Europe’s internet?
That’s one of the questions that Graham and special guest James Ball will be exploring as they discuss tech sovereignty. Could Gmail, cloud services, and critical infrastructure really become geopolitical leverage? And is anyone actually building a Plan B?
Plus we explore if Meta is quietly plotting to turn its smart glasses into face-recognising surveillance specs? With reports of internal memos suggesting they plan to launch controversial features while everyone’s distracted by political chaos, we ask: is this innovation really wanted by the public… or something far creepier?
All of this, and much more, in episode 455 of the award-winning “Smashing Security” podcast with cybersecurity veteran and keynote speaker Graham Cluley, joined this week by journalist and author James Ball.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
This is exactly how not to do it. This will go into training as being comedically dumb.
This is the worst PR since on 9/11, a Labour spad said, "Today is a terrific day to bury bad news," and ended her entire career, that of her colleagues, and that of her boss.
It is utterly idiotic. Smashing Security, episode 455. Face-off: Meta's glasses and America's internet kill switch with Graham Cluley and special guest James Ball.
This is the worst PR since on 9/11, a Labour spad said, "Today is a terrific day to bury bad news," and ended her entire career, that of her colleagues, and that of her boss.
It is utterly idiotic. Smashing Security, episode 455. Face-off: Meta's glasses and America's internet kill switch with Graham Cluley and special guest James Ball.
Hello, hello, and welcome to Smashing Security, episode 455. My name's Graham Cluley.
And I'm James Ball.
James, welcome to the show. First time on Smashing Security, although I've been following your work for many a long year.
For those people who don't know you, and shame on them if they don't know James Ball, what are you and what do you do?
For those people who don't know you, and shame on them if they don't know James Ball, what are you and what do you do?
I'm a journalist that covers technology and politics. So I write on politics for The New World, where I'm political editor, and I write on tech all over the place.
And I think I've been quoting you for 15 years or so now.
And I think I've been quoting you for 15 years or so now.
Gosh, a long time.
Yeah, I've been around the block a bit.
I think I first met you when you were at The Guardian.
Possibly.
Yes.
The early 2010s era.
A busy time for internet privacy and lots of big stories way back then, weren't there?
There were. We were doing the Edward Snowden leaks at that time, which is one of those nice stories where most things you do in journalism, you know, it's chip paper.
It's not even chip paper now because it's all digital. But the Snowden stuff still feels relevant nearly, you know, it's 13 years later now and that one still comes up.
So that's decent.
It's not even chip paper now because it's all digital. But the Snowden stuff still feels relevant nearly, you know, it's 13 years later now and that one still comes up.
So that's decent.
Yeah. And what have you been most recently working on, James?
I am finishing off a book about conspiracy theories and the internet. And I'm actually, I'm studying for a PhD on how we might regulate artificial intelligence.
So still very tech-centric for me.
So still very tech-centric for me.
You wrote a book about QAnon, wasn't it? And all those crazy theories coming out on the internet.
I did, yes. It was called The Other Pandemic: How QAnon Contaminated the World.
And of course, it's been quite strange sort of talking about conspiracy theories about big drops of email revealing sort of conspiracies around paedophilic activity.
And of course, it's been quite strange sort of talking about conspiracy theories about big drops of email revealing sort of conspiracies around paedophilic activity.
Yes.
When, you know, the big story of 2026 so far has been 3 million plus documents from the Epstein files coming out.
So trying to separate out the reality of these things, which is just lots of rich men talking in very clear terms about their crimes versus the conspiracy version, which was, well, what about when they say pizza, that means underground satanic murder site?
The sort of the reality and the difference feel very different when you actually look at it.
But on the surface, it does feel a lot I've written a book about conspiracy theories being ridiculous and then they've been proven right.
So trying to separate out the reality of these things, which is just lots of rich men talking in very clear terms about their crimes versus the conspiracy version, which was, well, what about when they say pizza, that means underground satanic murder site?
The sort of the reality and the difference feel very different when you actually look at it.
But on the surface, it does feel a lot I've written a book about conspiracy theories being ridiculous and then they've been proven right.
It is obviously utterly horrific what is coming to light and astonishing times. And I suspect amidst all the reality, there will be conspiracy theories which spring from it.
So even greater craziness still to come.
So even greater craziness still to come.
Oh, there already is. I mean, it's the nature of a conspiracy theory that you can't be happy with what you see. There's always got to be another twist or another reveal.
And so you've got this awful set of revelations about industrial-level abuse, huge abuses of power.
You know, the allegations against Mandelson aren't sexual, but he within minutes during a global financial crisis, forwarded the most sensitive of cabinet papers to his mate, who happened to be a convicted paedophile.
You have very serious stuff in there, but people always want to look for more.
So they want to prove it's Mossad, or they want to prove that there was a satanic element, or they want to sort of show there's extra. It can never just be what it is.
And the danger of having so many documents and them not being filtered is there's things like tip lines or unsolicited emails or all sorts in there.
So it is a very hazardous place for people to wander.
And so you've got this awful set of revelations about industrial-level abuse, huge abuses of power.
You know, the allegations against Mandelson aren't sexual, but he within minutes during a global financial crisis, forwarded the most sensitive of cabinet papers to his mate, who happened to be a convicted paedophile.
You have very serious stuff in there, but people always want to look for more.
So they want to prove it's Mossad, or they want to prove that there was a satanic element, or they want to sort of show there's extra. It can never just be what it is.
And the danger of having so many documents and them not being filtered is there's things like tip lines or unsolicited emails or all sorts in there.
So it is a very hazardous place for people to wander.
Well, listeners, I can promise you today we're going to have an Epstein-free podcast. We are going to be talking about some serious topics, though.
But before we kick off, let's thank this week's wonderful sponsors, Adaptive Security, Passwork, and Vanta. We'll be hearing more about them later on in the podcast.
This week on Smashing Security, we won't be talking about the malware developer who faked his own death in an attempt to evade the FBI.
You'll hear no discussion of how a sex toy manufacturer has revealed hackers have stolen its customer list.
And we won't even mention how Dutch police arrested a man after accidentally giving him their own sensitive files and then getting annoyed when he didn't hand them back.
So James, what are you going to be talking about this week?
But before we kick off, let's thank this week's wonderful sponsors, Adaptive Security, Passwork, and Vanta. We'll be hearing more about them later on in the podcast.
This week on Smashing Security, we won't be talking about the malware developer who faked his own death in an attempt to evade the FBI.
You'll hear no discussion of how a sex toy manufacturer has revealed hackers have stolen its customer list.
And we won't even mention how Dutch police arrested a man after accidentally giving him their own sensitive files and then getting annoyed when he didn't hand them back.
So James, what are you going to be talking about this week?
So I'm going to be talking about tech sovereignty, which I think most easily is understood as, could we manage an internet without the Americans?
And I'm going to be asking, how might Meta be planning to push the bounds of privacy once again? All this and much more coming up in this episode of Smashing Security.
Well, we've got time right now to hear from one of our sponsors, Passwork. If you work in cybersecurity, you already know this. Most secrets don't get stolen, they leak.
Passwords pasted into chat tools, shared admin accounts, those spreadsheets that everyone pretends don't exist. Passwork is built to stop that.
It's a password manager and secrets management platform designed for organizations that want on-premise deployment, meaning your sensitive data stays on your own infrastructure under your control.
That matters if you're dealing with regulatory requirements, data sovereignty, or simply don't want your most critical secrets living in someone else's cloud.
From a security perspective, Passwork uses a zero-knowledge architecture with strong, openly documented encryption, and its design is regularly tested by independent security researchers.
Operationally, it's built for real teams, role-based access control, integration with existing identity systems, support for MFA, highly available architecture, designed to keep things running when parts of your environment fail.
And unlike those tools that look cheap until you start paying for them in time and stress, Passwork focuses on long-term stability, a public development roadmap, and a lower total cost of ownership.
Passwork, it's not just a password management platform, it's a secure, adaptable secrets manager built to meet your business needs.
To find out more, go to smashingsecurity.com/passwork. That's smashingsecurity.com/passwork. Now, a lot of people wear glasses. You wear glasses, James. I've seen from your mugshot.
Well, we've got time right now to hear from one of our sponsors, Passwork. If you work in cybersecurity, you already know this. Most secrets don't get stolen, they leak.
Passwords pasted into chat tools, shared admin accounts, those spreadsheets that everyone pretends don't exist. Passwork is built to stop that.
It's a password manager and secrets management platform designed for organizations that want on-premise deployment, meaning your sensitive data stays on your own infrastructure under your control.
That matters if you're dealing with regulatory requirements, data sovereignty, or simply don't want your most critical secrets living in someone else's cloud.
From a security perspective, Passwork uses a zero-knowledge architecture with strong, openly documented encryption, and its design is regularly tested by independent security researchers.
Operationally, it's built for real teams, role-based access control, integration with existing identity systems, support for MFA, highly available architecture, designed to keep things running when parts of your environment fail.
And unlike those tools that look cheap until you start paying for them in time and stress, Passwork focuses on long-term stability, a public development roadmap, and a lower total cost of ownership.
Passwork, it's not just a password management platform, it's a secure, adaptable secrets manager built to meet your business needs.
To find out more, go to smashingsecurity.com/passwork. That's smashingsecurity.com/passwork. Now, a lot of people wear glasses. You wear glasses, James. I've seen from your mugshot.
I do indeed. I wear them all the time. I promise there are no cameras in them. Although I would say that, wouldn't I?
You would say that. I don't know if that's in order to make yourself look smarter because you need them.
I mean, a bit of both. I've just got a very big face without them. I need something to break it up about halfway through, you know?
I once worked with a colleague who had very large eyes. She looked a bit like a Disney princess, do you know, with those huge cartoon eyes?
Yes, very much so.
I remember that I and another colleague, in fact, the former co-host of Smashing Security, Carole Theriault, we actually decided to all measure our faces, work out the surface area, and with this, work out who had the big eyes, work out what percentage of her face was taken up by eyes.
It turns out I have quite small eyes. But that's not why I wear glasses sometimes. I do wear glasses sometimes. I mean, I think it's partly because I'm getting older.
You know, it's creeping up on me. I've been blessed with the budget version, effectively, of human eyesight. I've got Poundland eyesight is, I think, what I'm using.
But if you cast your mind back to 2013, you will remember that something slowly began to creep into the world's lives, and that was smart glasses because of Google Glass, of course.
Do you remember those? And did you ever wear a pair, James?
It turns out I have quite small eyes. But that's not why I wear glasses sometimes. I do wear glasses sometimes. I mean, I think it's partly because I'm getting older.
You know, it's creeping up on me. I've been blessed with the budget version, effectively, of human eyesight. I've got Poundland eyesight is, I think, what I'm using.
But if you cast your mind back to 2013, you will remember that something slowly began to creep into the world's lives, and that was smart glasses because of Google Glass, of course.
Do you remember those? And did you ever wear a pair, James?
I got to very briefly try someone's pair once, and they were rubbish. I mean, the key thing with Google Glass, as I recall, is they couldn't put prescription lenses into them.
So they made glasses that only worked for people who didn't need glasses, which as a sign that you might have launched too early, I think is pretty high up the list really, isn't it?
So they made glasses that only worked for people who didn't need glasses, which as a sign that you might have launched too early, I think is pretty high up the list really, isn't it?
Yes. It does seem like a bit of an oversight, frankly. You know, why not get the people who already wear glasses to wear the smart glasses?
Because they've already decided, okay, I'm happy wearing glasses.
Because they've already decided, okay, I'm happy wearing glasses.
Yeah, that's your captive market. Hey, we've got this improvement on this thing you already have.
Not, why not be a hipster weirdo who wears glasses that you don't need that cost an absolute fortune? They were a strange product.
Not, why not be a hipster weirdo who wears glasses that you don't need that cost an absolute fortune? They were a strange product.
They cost $1,500 or something. And they seem to be aimed at people who looked at their smartphone and thought, hmm, I wish this was strapped to my face rather than in my hands.
That would be great, wouldn't it? It was Google's first attempt at putting a computer on your face. And they said they were going to revolutionise everything.
Until, of course, it didn't. Didn't happen.
That would be great, wouldn't it? It was Google's first attempt at putting a computer on your face. And they said they were going to revolutionise everything.
Until, of course, it didn't. Didn't happen.
Well, they basically never escaped Silicon Valley, did they? But even there, everyone hated them.
I mean, the thing I can remember is, I think within about a week of them coming out— and bear in mind, these were niche as hell. You know, almost no one had them.
The term was glassholes, wasn't it?
I mean, the thing I can remember is, I think within about a week of them coming out— and bear in mind, these were niche as hell. You know, almost no one had them.
The term was glassholes, wasn't it?
It was.
I mean, well done whoever coined that, to be fair.
It was a brilliant name and it instantly destroyed the brand, I think.
And if you were walking around wearing Google Glass, you could be greeted with a cheery, oh, there's some weird shit on your face.
Or at worst, you'd be met with a swinging fist and a shout of, stop being an asshole.
But just because an idea by a big tech company has proven to be blooming awful, isn't going to stop another big tech company from having a go.
So Meta, the company formerly known as Facebook, that cared for its users' privacy and data in such a reckless manner it had to actually rebrand itself, they jumped on board the smart glass bandwagon a while back.
They partnered with the company that owns Ray-Ban, and they released smart glasses that looked, well, pretty much like an ordinary pair of glasses.
But glasses with a camera built in. As if anyone was saying to themselves, you know what would improve my glasses? If Mark Zuckerberg was somehow involved.
And if you were walking around wearing Google Glass, you could be greeted with a cheery, oh, there's some weird shit on your face.
Or at worst, you'd be met with a swinging fist and a shout of, stop being an asshole.
But just because an idea by a big tech company has proven to be blooming awful, isn't going to stop another big tech company from having a go.
So Meta, the company formerly known as Facebook, that cared for its users' privacy and data in such a reckless manner it had to actually rebrand itself, they jumped on board the smart glass bandwagon a while back.
They partnered with the company that owns Ray-Ban, and they released smart glasses that looked, well, pretty much like an ordinary pair of glasses.
But glasses with a camera built in. As if anyone was saying to themselves, you know what would improve my glasses? If Mark Zuckerberg was somehow involved.
And also using himself as the most famous model of them, because he sort of wears them at all of these events. And he is not a famously fashionable or cutting-edge guy.
You know, I don't think many of us go, "Hey, I want to look more like Mark Zuckerberg." And yet he is the face of this thing.
But it did at least, you're right, it partnered with a cool brand. They look sort of — I don't really like them. I think they look quite obvious, but yeah, people sort of agree.
If you like a chunky sort of sunglass look, they're all right, apparently.
You know, I don't think many of us go, "Hey, I want to look more like Mark Zuckerberg." And yet he is the face of this thing.
But it did at least, you're right, it partnered with a cool brand. They look sort of — I don't really like them. I think they look quite obvious, but yeah, people sort of agree.
If you like a chunky sort of sunglass look, they're all right, apparently.
Quite what Ray-Ban was thinking about getting into bed with Facebook, that's anyone's guess. I imagine it just involved a large chunk of money, frankly.
That's my guess too, to be honest.
That's normally the way these things work, isn't it? So millions of pairs apparently of these things have been sold.
So there are lots of people out there with face-mounted cameras walking around in the wild. If you think there's a problem with too many CCTV cameras, just remember that.
Now, in theory, there is a small LED light on the front of these glasses that is supposed to indicate when they're recording. That's your protection as a member of the public.
So the idea is that you will notice that little indicator and realise you're being filmed.
So there are lots of people out there with face-mounted cameras walking around in the wild. If you think there's a problem with too many CCTV cameras, just remember that.
Now, in theory, there is a small LED light on the front of these glasses that is supposed to indicate when they're recording. That's your protection as a member of the public.
So the idea is that you will notice that little indicator and realise you're being filmed.
Yes, to be fair, it is quite a conspicuous light when you see it.
Is it?
It's quite bright. It's quite obvious. And because you don't usually see glowing lights on the frames of people's glasses, you notice it even if it's sort of in a bit of a crowd.
The issue is that if you're going to have anything that, someone is going to sell a black sticker.
The issue is that if you're going to have anything that, someone is going to sell a black sticker.
Yes.
And if you've got something about the thickness of duct tape, you know, that goes on.
They sell these little bespoke stickers that can match the colour of your frame because of course the creepers do that.
And because they haven't put anything in to check the lights there or a sensor to see if it's obstructed before it will record.
They sell these little bespoke stickers that can match the colour of your frame because of course the creepers do that.
And because they haven't put anything in to check the lights there or a sensor to see if it's obstructed before it will record.
Oh, I think they have now. I believe in the latest Meta Glasses, it does detect if that light is covered. So there is a sensor in there.
Oh, well, that's promising because, you know, you can go on Amazon and literally just search glass cover-up. And they're there. And so the light does work.
You're not gonna miss it if someone's not covered it. But at the moment, I think they're easy to cover.
You're not gonna miss it if someone's not covered it. But at the moment, I think they're easy to cover.
But it depends upon you knowing what that means, doesn't it?
It's not someone's wearing an LED sign on their forehead, which is scrolling the words, "I am watching you." You kind of want that to let everyone in your vicinity know to be on their guard.
It's not an automated voice is saying, "Warning, warning, a twat wearing Facebook-connected spectacles is in your vicinity." There are more obvious ways to indicate to people what is going on.
It's not someone's wearing an LED sign on their forehead, which is scrolling the words, "I am watching you." You kind of want that to let everyone in your vicinity know to be on their guard.
It's not an automated voice is saying, "Warning, warning, a twat wearing Facebook-connected spectacles is in your vicinity." There are more obvious ways to indicate to people what is going on.
I mean, just quickly on this, then.
Yeah.
Because I'm a journalist and part of our job involves writing about people who don't want to be written about, or sometimes taking photos of people who don't want their photos taken, people sometimes have a bit of a distorted understanding about the rules here.
You don't have a right to not have your picture taken. If you're in public, if you're on the street, people can take your photo. Now, they can't take intimate photos.
They shouldn't be using it to harass you. They can't stalk you. There are other rules, but public photography is allowed.
There are certain different rules about if you're going to put it on TV, etc.
But for general purposes, you can take photos, and we all carry around at all times devices that can take very good, very high-definition photos, much better than anything a lens can take, and there's no noise requirement on that.
There's no sound requirement on that. Our phones can silently take pictures as we pretend we're scrolling social media or whatever.
And so for me, there's a slight sort of sense of something a bit odd going on with glasses, because if you think about most obvious creep shots, they're easier to do on a phone than with glasses.
You don't have a right to not have your picture taken. If you're in public, if you're on the street, people can take your photo. Now, they can't take intimate photos.
They shouldn't be using it to harass you. They can't stalk you. There are other rules, but public photography is allowed.
There are certain different rules about if you're going to put it on TV, etc.
But for general purposes, you can take photos, and we all carry around at all times devices that can take very good, very high-definition photos, much better than anything a lens can take, and there's no noise requirement on that.
There's no sound requirement on that. Our phones can silently take pictures as we pretend we're scrolling social media or whatever.
And so for me, there's a slight sort of sense of something a bit odd going on with glasses, because if you think about most obvious creep shots, they're easier to do on a phone than with glasses.
Yes.
You know, if you're going to upskirt someone while wearing a pair of glasses, I think you'd get caught.
Yeah.
Sorry, that sounds like I'm trying to be funny. I think it's foul doing that. And of course, often points to other offences.
I think Gisele Pelicot's husband got caught because he was upskirting people.
I think Gisele Pelicot's husband got caught because he was upskirting people.
Right.
And then they saw the even more horrifying photos on his phone.
Yeah.
You know, let's not make light of it. But I think because they're obviously on someone's face, it feels more intrusive or it feels different.
Okay, so it may well be legal, as you've said, to do this kind of thing, but it feels socially unacceptable. It clearly makes people really uncomfortable.
It certainly makes me feel uncomfortable. I wouldn't like it if someone were doing that.
It certainly makes me feel uncomfortable. I wouldn't like it if someone were doing that.
Yes. I mean, one thing that I think is a little bit missing from the glasses debate, I was talking to someone who's used one quite a lot because they were testing it.
Right.
And they went, it's just bad tech still.
Ah.
Between, you know, your problem with anything is always battery versus processing versus weight. You know, this is on your face.
And even if you wear glasses, I wear glasses all the time.
And even if you wear glasses, I wear glasses all the time.
Right.
There's only so much weight that you want on the front of your face. And it's not very much.
And so what they can do in terms of processing versus keeping the battery life, given they don't want a wire down to have a pocket battery pack.
They are underpowered, they crash quite often, they lag. The tech is apparently just not very impressive.
And so what they can do in terms of processing versus keeping the battery life, given they don't want a wire down to have a pocket battery pack.
They are underpowered, they crash quite often, they lag. The tech is apparently just not very impressive.
Oh, but can you imagine the battery storage of Dame Edna Everage or Elton John though?
Yeah, I mean, you're probably getting somewhere there, aren't you? But it's still pretty weak tech.
And so I think any use case, it's a bit easier to just think, well, why can't this just be done with a phone? And I'm sure there will come a point where that pivots.
But the thing is, wearable tech is the dog that never quite barks. Everyone's wanted to sell it.
I remember watching Tomorrow's World in the '90s as a kid, and they were telling you that VR would be coming.
And two or three years ago, when everything was going to be the metaverse, and I bought a VR headset because I knew— well, because I knew I'd get commissions.
I got about 5 pieces going, I got in VR, and is it any good? And it's, I genuinely, I had a bit of an existential thing on just how bleak it was. It was horrible. It was just rubbish.
And you're thinking, tens of billions are going in this and no one's going to use it. It's awful. And I think this is the attempt to salvage that work.
This is the attempt to go, yeah, okay, VR is still not it, but look, augmented reality is clearly the future. It's clearly there.
And I still think, It is a solution in search of a problem.
And so I think any use case, it's a bit easier to just think, well, why can't this just be done with a phone? And I'm sure there will come a point where that pivots.
But the thing is, wearable tech is the dog that never quite barks. Everyone's wanted to sell it.
I remember watching Tomorrow's World in the '90s as a kid, and they were telling you that VR would be coming.
And two or three years ago, when everything was going to be the metaverse, and I bought a VR headset because I knew— well, because I knew I'd get commissions.
I got about 5 pieces going, I got in VR, and is it any good? And it's, I genuinely, I had a bit of an existential thing on just how bleak it was. It was horrible. It was just rubbish.
And you're thinking, tens of billions are going in this and no one's going to use it. It's awful. And I think this is the attempt to salvage that work.
This is the attempt to go, yeah, okay, VR is still not it, but look, augmented reality is clearly the future. It's clearly there.
And I still think, It is a solution in search of a problem.
Yeah. And now Meta wants to add facial recognition. And according to the New York Times, Mark Zuckerberg's Meta has been working on a feature internally called Name Tag.
And what it will do is it will let you identify people just by looking at them through your spectacles.
So you point your face at somebody and you ask Meta's AI assistant who they are, and you'll get a name and whatever other information Meta can scrape together about them.
Now, you would think that a company like Meta, which has in the past had to pay out billions of dollars in privacy settlements, would tread very carefully around this.
They've been fined over $2 billion in the past for collecting facial data without permission.
I think it was during the Cambridge Analytica case, they got fined $5 billion by the FTC for various privacy violations.
You'd think someone in their legal department might raise a hand saying, are we sure that we're comfortable with this?
But according to the New York Times, they say they've got hold of an internal memo from Meta's Reality Labs dated from last May, and it contains this, and I'm going to read it out verbatim.
It says, we will launch during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns.
In other words, everyone's too distracted by political chaos, you know, and the psychodrama which is going on every day, quite frankly.
They're not going to be able to give us any grief about what we're doing. So while they're busy, the civil liberty groups, they're going to be putting out other fires.
This is our chance to launch this feature in our glasses.
And what it will do is it will let you identify people just by looking at them through your spectacles.
So you point your face at somebody and you ask Meta's AI assistant who they are, and you'll get a name and whatever other information Meta can scrape together about them.
Now, you would think that a company like Meta, which has in the past had to pay out billions of dollars in privacy settlements, would tread very carefully around this.
They've been fined over $2 billion in the past for collecting facial data without permission.
I think it was during the Cambridge Analytica case, they got fined $5 billion by the FTC for various privacy violations.
You'd think someone in their legal department might raise a hand saying, are we sure that we're comfortable with this?
But according to the New York Times, they say they've got hold of an internal memo from Meta's Reality Labs dated from last May, and it contains this, and I'm going to read it out verbatim.
It says, we will launch during a dynamic political environment where many civil society groups that we would expect to attack us would have their resources focused on other concerns.
In other words, everyone's too distracted by political chaos, you know, and the psychodrama which is going on every day, quite frankly.
They're not going to be able to give us any grief about what we're doing. So while they're busy, the civil liberty groups, they're going to be putting out other fires.
This is our chance to launch this feature in our glasses.
It's astonishing, isn't it? It's genuinely jaw-dropping stuff.
It's quite a launch strategy. Isn't it?
This is the sort of stuff that villains write in movies for 6-year-olds to make sure that they know who the bad guy is.
Just to first react as a comms professional, this is exactly how not to do it. This will go into training as being comedically dumb.
This is the worst PR since on 9/11, a Labour spad said, "Today is a terrific day to bury bad news." and ended her entire career, that of her colleagues and that of her boss.
And rightly so. This is rubbish.
I mean, also, the civil liberties groups are delighted because they've all put out fundraising claims off the back of this and promised to make sure they will be glued to Meta.
It is utterly idiotic. They suck at this.
Just to first react as a comms professional, this is exactly how not to do it. This will go into training as being comedically dumb.
This is the worst PR since on 9/11, a Labour spad said, "Today is a terrific day to bury bad news." and ended her entire career, that of her colleagues and that of her boss.
And rightly so. This is rubbish.
I mean, also, the civil liberties groups are delighted because they've all put out fundraising claims off the back of this and promised to make sure they will be glued to Meta.
It is utterly idiotic. They suck at this.
So the civil liberties groups, They're all deciding we're going to leave one person back at the office just in case today's the day that Meta launches the glasses.
Yeah, sort of designated survivor just staring at Facebook. So just firstly, terrible PR.
Second, the worry for me as someone who sort of goes, look, actually accountability and sort of rights and expressions, we need some ability to be able to take pictures or video in public.
That shouldn't just be licensed and authorized. That's actually a tool for autocracy.
I worried that idiotic overreach is how we lose those rights that my job relies on, that expression relies on.
I do think there is such a huge difference in loading out facial recognition, and I think it's awful. I think it's intrusive. I think it's invasive. I think it's bad.
And the thing that strikes me is they want to do it because they think it sounds cool. They don't have a case for this. What is this supposed to be good for?
Why does a normal person going about their day need to be able to facially recognize a stranger?
What is the legitimate use case to go against the huge invasiveness and creepiness factor here? And they haven't even bothered to come up with one. It's a dreadful idea.
Second, the worry for me as someone who sort of goes, look, actually accountability and sort of rights and expressions, we need some ability to be able to take pictures or video in public.
That shouldn't just be licensed and authorized. That's actually a tool for autocracy.
I worried that idiotic overreach is how we lose those rights that my job relies on, that expression relies on.
I do think there is such a huge difference in loading out facial recognition, and I think it's awful. I think it's intrusive. I think it's invasive. I think it's bad.
And the thing that strikes me is they want to do it because they think it sounds cool. They don't have a case for this. What is this supposed to be good for?
Why does a normal person going about their day need to be able to facially recognize a stranger?
What is the legitimate use case to go against the huge invasiveness and creepiness factor here? And they haven't even bothered to come up with one. It's a dreadful idea.
So one of the things which they're thinking of doing, apparently, to help launch the product, is to begin, and again, I'm gonna quote their word, is to wash the product launch through the disabled community.
So their planning, they said, was to first introduce this facial recognition as an accessibility feature at a conference of blind users before unleashing it on the general public.
That was how they were hoping to weave it in. People who are blind, people who have low vision, they're going to try and sell it as a feature to them.
So their planning, they said, was to first introduce this facial recognition as an accessibility feature at a conference of blind users before unleashing it on the general public.
That was how they were hoping to weave it in. People who are blind, people who have low vision, they're going to try and sell it as a feature to them.
I mean, it's everything about accessibility done wrong, isn't it? I mean, there is a regular complaint.
I'm a little bit more familiar with the sort of deaf community than people with visual impairments, but a lot of stuff comes around, things that people who don't have the disability think people with it would like.
I'm a little bit more familiar with the sort of deaf community than people with visual impairments, but a lot of stuff comes around, things that people who don't have the disability think people with it would like.
Right.
Yeah. Or tools that they think you would need that you don't. So, I'd grown up in a house with a largely deaf father, for example.
And a lot of things people think you would need an indicator light or whatever for, you can just wave.
And a lot of things people think you would need an indicator light or whatever for, you can just wave.
Right.
Or you stand on the right side, or you set up your house in certain ways.
And so, people come up with all sorts of daft tools that it's like, well, if you ever spoke to a deaf person for 20 seconds, they could tell you this is useless.
What do people need versus what does someone— you know, someone's built a tool and then wants a use case for it, wants to be able to say, oh no, but you can't be against this because that smacks of something that they've decided, oh well, blind people.
Yeah, that's who will use blind people. And especially when you're saying washing through, it just very clearly has nothing to do with the actual use case.
It is, they think glasses are cool. They want a market for this and they are looking for a PR strategy because they know that there'll be a terrible public reception.
They're not even good at being cynical.
And so, people come up with all sorts of daft tools that it's like, well, if you ever spoke to a deaf person for 20 seconds, they could tell you this is useless.
What do people need versus what does someone— you know, someone's built a tool and then wants a use case for it, wants to be able to say, oh no, but you can't be against this because that smacks of something that they've decided, oh well, blind people.
Yeah, that's who will use blind people. And especially when you're saying washing through, it just very clearly has nothing to do with the actual use case.
It is, they think glasses are cool. They want a market for this and they are looking for a PR strategy because they know that there'll be a terrible public reception.
They're not even good at being cynical.
It feels to me Mark Zuckerberg is using people with visual impairment as a human shield to soften the PR launch of this mass surveillance feature, which is going to be used by creeps and people creating TikToks.
There is serious creepy potential. I think people should be alarmed at facial recognition in this and should push back, and all power to the civil liberties groups.
I might up my donation to them. But it's a rubbish product. I keep wanting to say crap, and I'm not sure if you have— sorry, they're crap.
I might up my donation to them. But it's a rubbish product. I keep wanting to say crap, and I'm not sure if you have— sorry, they're crap.
You can say it.
They're dreadful. I am just generally reminded that Facebook hasn't launched a good product in years.
And the last good product it launched was Instagram Stories, and that was a direct rip-off of a rival. And I just don't think this is the one.
And the last good product it launched was Instagram Stories, and that was a direct rip-off of a rival. And I just don't think this is the one.
I have to say, of course, there are legitimate purposes for this.
One of the reasons why ICE agents in the States might be covering their faces is because I'm sure people protesting about what's happening in the likes of Minnesota, some of them will be wearing the likes of Meta glasses in order to film what is going on.
So you can put this technology to uses which I think were acceptable. Well, Meta apparently is working on an enhancement to Meta glasses.
They are internally calling something super sensing glasses. These were glasses which would continuously run cameras and sensors to keep a record of your entire day.
Always on, always watching. It's a bit like having a dashcam on your face. So everything would be recorded. Again, I don't know how they're going to do that battery-wise.
I don't know how people are going to feel about it. I don't know who's going to buy such a thing.
It does seem to be pushing the bounds, I think, of some of their earlier agreements with the FTC. It's a fascinating article in the New York Times.
I'd recommend people look at it because it does appear that Meta is really trying to push the limit a great deal.
They did introduce a risk review process, internal privacy risk review process, as part of their most recent FTC judgment.
And it seems that they are trying to water that down considerably in the last 12 months or so.
And I think it's something we have to keep an eye on because, well, they've been fined $7 billion already.
But apparently the lesson seems to have been learnt that all they need to do is be sneakier next time.
One of the reasons why ICE agents in the States might be covering their faces is because I'm sure people protesting about what's happening in the likes of Minnesota, some of them will be wearing the likes of Meta glasses in order to film what is going on.
So you can put this technology to uses which I think were acceptable. Well, Meta apparently is working on an enhancement to Meta glasses.
They are internally calling something super sensing glasses. These were glasses which would continuously run cameras and sensors to keep a record of your entire day.
Always on, always watching. It's a bit like having a dashcam on your face. So everything would be recorded. Again, I don't know how they're going to do that battery-wise.
I don't know how people are going to feel about it. I don't know who's going to buy such a thing.
It does seem to be pushing the bounds, I think, of some of their earlier agreements with the FTC. It's a fascinating article in the New York Times.
I'd recommend people look at it because it does appear that Meta is really trying to push the limit a great deal.
They did introduce a risk review process, internal privacy risk review process, as part of their most recent FTC judgment.
And it seems that they are trying to water that down considerably in the last 12 months or so.
And I think it's something we have to keep an eye on because, well, they've been fined $7 billion already.
But apparently the lesson seems to have been learnt that all they need to do is be sneakier next time.
I think the good faith era for Meta and Facebook passed a while ago, didn't it?
Yes, yes. Many years ago, perhaps.
Okay, chums, hands up if you've ever clicked a dodgy link and then immediately thought, oh no, I've just handed my entire life over to a bloke in a tracksuit somewhere.
Don't worry, you're not alone. That's why adaptive security exists, to stop your staff from doing precisely that.
Adaptive Security is the first cybersecurity company backed by OpenAI, and they provide proper security awareness training that doesn't feel like death by PowerPoint.
We're talking real-world examples tailored to your company, with phishing, vishing, smishing, and yes, even AI deepfake scams all covered.
If someone tries to ring up accounts pretending to be the boss, your team will be ready. And their phishing simulations aren't just any old click this fake delivery email malarkey.
You can help prepare your team for advanced social engineering attacks via email, voice, SMS, and video, which take advantage of the sort of information attackers could actually dig up about you and your staff.
And now Adaptive's new AI content creator helps security teams instantly generate custom training by just pasting in a news article.
Whether it's a break-in threat or an internal policy update, Adaptive can spin it into interactive multilingual training in seconds.
So if you'd rather your employees didn't become the weakest link, head over to smashingsecurity.com/adaptive. That's smashingsecurity.com/adaptive.
And thanks to Adaptive Security for supporting the show. James, what's your story for us this week?
Okay, chums, hands up if you've ever clicked a dodgy link and then immediately thought, oh no, I've just handed my entire life over to a bloke in a tracksuit somewhere.
Don't worry, you're not alone. That's why adaptive security exists, to stop your staff from doing precisely that.
Adaptive Security is the first cybersecurity company backed by OpenAI, and they provide proper security awareness training that doesn't feel like death by PowerPoint.
We're talking real-world examples tailored to your company, with phishing, vishing, smishing, and yes, even AI deepfake scams all covered.
If someone tries to ring up accounts pretending to be the boss, your team will be ready. And their phishing simulations aren't just any old click this fake delivery email malarkey.
You can help prepare your team for advanced social engineering attacks via email, voice, SMS, and video, which take advantage of the sort of information attackers could actually dig up about you and your staff.
And now Adaptive's new AI content creator helps security teams instantly generate custom training by just pasting in a news article.
Whether it's a break-in threat or an internal policy update, Adaptive can spin it into interactive multilingual training in seconds.
So if you'd rather your employees didn't become the weakest link, head over to smashingsecurity.com/adaptive. That's smashingsecurity.com/adaptive.
And thanks to Adaptive Security for supporting the show. James, what's your story for us this week?
So I've been digging around the issue of tech sovereignty. We've had the Munich Security Conference recently, and of course we have a land war in Europe.
It's not just a cybersecurity event, it's all the sort of politicians talking security.
But one issue that sort of comes up quite a lot is, as we have these clashes between the US and Europe, what would happen if Europe really, really fell out with America?
What if the Greenland situation had got worse and we start being in a full-scale trade war?
The US has got this incredible soft power over us in that they can essentially turn off access to their online tools.
Some human rights groups and activist groups get sanctioned by America and they suddenly find the internet's almost unusable. You can't access Gmail and Office and obvious tools.
But trying to get a web stack, trying to get anything is quite nightmarish. And it turns out essentially the internet is American territory.
And so Europe's actually doing this quite big set of initiatives to try and address that.
It's not just a cybersecurity event, it's all the sort of politicians talking security.
But one issue that sort of comes up quite a lot is, as we have these clashes between the US and Europe, what would happen if Europe really, really fell out with America?
What if the Greenland situation had got worse and we start being in a full-scale trade war?
The US has got this incredible soft power over us in that they can essentially turn off access to their online tools.
Some human rights groups and activist groups get sanctioned by America and they suddenly find the internet's almost unusable. You can't access Gmail and Office and obvious tools.
But trying to get a web stack, trying to get anything is quite nightmarish. And it turns out essentially the internet is American territory.
And so Europe's actually doing this quite big set of initiatives to try and address that.
Yes.
And that started with data sovereignty, actually in the wake of the Snowden stuff, saying that if you were processing information on EU citizens, you should store it within the EU.
I think to essentially try and make backdoor access by America or other countries more difficult, to make physical regulation easier, that sort of thing.
And it seems to have been relatively successful. Big Tech kicked off about it and then broadly complied with it. The UK, our data has all gone back to America now.
It was in EU servers and post-Brexit, we're back to the lower tiers of protection. Although there's complexities around that, data protection law is never thrilling.
I think to essentially try and make backdoor access by America or other countries more difficult, to make physical regulation easier, that sort of thing.
And it seems to have been relatively successful. Big Tech kicked off about it and then broadly complied with it. The UK, our data has all gone back to America now.
It was in EU servers and post-Brexit, we're back to the lower tiers of protection. Although there's complexities around that, data protection law is never thrilling.
Yeah. And unlike Europe, which is built up its own platforms, the UK appears to be very comfortable signing huge deals with American tech companies.
Yeah. Didn't it?
We're getting into bed with them much, much more.
Yeah. So Europe's now trying to go, well, that worked for data. Can we do it for the actual technology? And so they're trying to do things lighter touch regulation for startups.
You know, if you're an American startup, you can access a home market of 300 million people with one regulatory regime.
If you're Europe, you've got 27 countries, about 30 different languages, 27 different regulatory regimes.
They're trying to at least make it easier by saying, until you get to a certain size, here's one lighter EU-wide regulatory regime. Here's some investment funds.
Now, I'll add the brief caveat. None of this has really worked yet. There isn't an amazing European tech startup scene. There aren't alternatives to most of these providers.
But they're trying, and it's better to start late than never. As you say, the UK is kind of doing the opposite.
Just as these relations are getting trickier, as it all looks quite fraught, we have signed defence deals and health deals with Palantir.
We've signed a big tech prosperity partnership with the US, which very much ties together our AI scene because we've got one of the sort of biggest AI startup environments, AI networks in the world outside America, but it's very tied into the American ecosystem and it's now signed in by treaty.
We are essentially signing ourselves as a bit of a US dependency.
You know, if you're an American startup, you can access a home market of 300 million people with one regulatory regime.
If you're Europe, you've got 27 countries, about 30 different languages, 27 different regulatory regimes.
They're trying to at least make it easier by saying, until you get to a certain size, here's one lighter EU-wide regulatory regime. Here's some investment funds.
Now, I'll add the brief caveat. None of this has really worked yet. There isn't an amazing European tech startup scene. There aren't alternatives to most of these providers.
But they're trying, and it's better to start late than never. As you say, the UK is kind of doing the opposite.
Just as these relations are getting trickier, as it all looks quite fraught, we have signed defence deals and health deals with Palantir.
We've signed a big tech prosperity partnership with the US, which very much ties together our AI scene because we've got one of the sort of biggest AI startup environments, AI networks in the world outside America, but it's very tied into the American ecosystem and it's now signed in by treaty.
We are essentially signing ourselves as a bit of a US dependency.
Just to correct one point, James, Palantir, I don't believe it's US-based, is it? I believe it's actually based in Mordor, isn't it?
Yes, I apologize for the error.
CEO Saruman. Will be the one looking after our health data.
Well, of course, Saruman is in fact being controlled by Sauron there because even one of— is it the Valar? Even the Valar can't look in without going to madness.
God, I hate the amount of Lord of the Rings lore you have to know to cover tech these days.
God, I hate the amount of Lord of the Rings lore you have to know to cover tech these days.
I think it'd be fair to say that things aren't running along quite as smoothly in the world as maybe they used to be.
I mean, there's obviously been huge injustices and horrible disparities in terms of what's going on in the world.
But things do seem less stable for one reason or another at the moment. And it is a frightening time.
And it feels like our desperate desire to try and reboot the British economy and at the same time not be seen as being too chummy with Europe in case that puts off some of the voters is leading us down a particular path.
Well, we will do anything to put a huge amount of money into the pockets of some tech bro in California.
I mean, there's obviously been huge injustices and horrible disparities in terms of what's going on in the world.
But things do seem less stable for one reason or another at the moment. And it is a frightening time.
And it feels like our desperate desire to try and reboot the British economy and at the same time not be seen as being too chummy with Europe in case that puts off some of the voters is leading us down a particular path.
Well, we will do anything to put a huge amount of money into the pockets of some tech bro in California.
It just all smacks a bit of incoherence. You know, you've got a government that does say it wants closer relations with Europe and the EU.
It wants to do defence cooperation with the EU. But then we didn't get in SAFE, which was the big procurement round on defence, even though Canada managed it.
So when Canada can get into a European defence initiative and the UK can't, you've got a mess.
When you sort of say that we want a startup scene, we want an independent tech scene, and then we tie into America, it just feels very, very scattergun.
And in the absence of a strategy, they end up just grabbing on whatever moves and also hoping to not antagonize Donald Trump.
And so it feels like Europe is at least trying to do something a bit distinct and perhaps a bit more interesting.
You know, it will be good for everyone to have a more balanced, you know, a more globally balanced internet.
You know, the only major tech company that isn't American is TikTok, and it's Chinese.
It wants to do defence cooperation with the EU. But then we didn't get in SAFE, which was the big procurement round on defence, even though Canada managed it.
So when Canada can get into a European defence initiative and the UK can't, you've got a mess.
When you sort of say that we want a startup scene, we want an independent tech scene, and then we tie into America, it just feels very, very scattergun.
And in the absence of a strategy, they end up just grabbing on whatever moves and also hoping to not antagonize Donald Trump.
And so it feels like Europe is at least trying to do something a bit distinct and perhaps a bit more interesting.
You know, it will be good for everyone to have a more balanced, you know, a more globally balanced internet.
You know, the only major tech company that isn't American is TikTok, and it's Chinese.
Yes.
You know, Europe is the biggest economic continent. We are still a very significant global player, and we just don't exist in the digital world.
And the UK just seems to be resigning itself to an American internet and to essentially being a bit of a vassal state. And it seems to lack in imagination to me.
You know, I'm very much not doing a, let's shut off the internet and have a British internet for British people.
And the UK just seems to be resigning itself to an American internet and to essentially being a bit of a vassal state. And it seems to lack in imagination to me.
You know, I'm very much not doing a, let's shut off the internet and have a British internet for British people.
The Great British Internet.
Yes. But it feels like we could have a little bit more imagination here and a bit more resilience as well.
I do think when we are in these times, it feels quite fragile to me to have so much dependence without alternatives on the American stack.
I do think when we are in these times, it feels quite fragile to me to have so much dependence without alternatives on the American stack.
Especially if there's someone fairly temperamental in charge of part of the relationship who, you know, may vacillate somewhat as to who is his friend that particular week.
I mean, to put this in really simple terms, if you were going to school, for instance, right?
If all of your homework and your photos and your messages were stored on your mate's computer and your mate suddenly decided that they didn't like you anymore, or their parents made some new rules, you'd really be in real trouble, wouldn't you?
What on earth would you do? You'd be up shit's creek without a paddle.
I mean, to put this in really simple terms, if you were going to school, for instance, right?
If all of your homework and your photos and your messages were stored on your mate's computer and your mate suddenly decided that they didn't like you anymore, or their parents made some new rules, you'd really be in real trouble, wouldn't you?
What on earth would you do? You'd be up shit's creek without a paddle.
Yeah, and it is that reminder. The cloud is just always someone else's computer. And we are entirely reliant on America for pretty much every bit of the stack.
And even the bits that don't look like it behind the scenes are almost all American too. And that's fine if there are alternatives. And at the moment, there aren't.
And it does feel like both politically, there's potential growth in here, there's potential jobs in it, there's economic reasons, but there's certainly security reasons.
And even the bits that don't look like it behind the scenes are almost all American too. And that's fine if there are alternatives. And at the moment, there aren't.
And it does feel like both politically, there's potential growth in here, there's potential jobs in it, there's economic reasons, but there's certainly security reasons.
Yes.
At the moment, institutions are just forced to be completely reliant on the whims of an American administration that has shown it is willing to use almost every bit of leverage at its disposal.
And we're sort of lucky that Trump doesn't understand the internet and is kind of in hoc to big tech donors that he hasn't realized quite the potential of online soft power at his disposal because if he was leveraging sanctions and a little bit more, it actually might be even more damaging and even more coercive than everything he's tried with tariffs.
And we're sort of lucky that Trump doesn't understand the internet and is kind of in hoc to big tech donors that he hasn't realized quite the potential of online soft power at his disposal because if he was leveraging sanctions and a little bit more, it actually might be even more damaging and even more coercive than everything he's tried with tariffs.
Oh, James, don't give him ideas, please.
Well, someone worse could come along next. If Trump had a coronary tomorrow, we've got JD Vance and who knows what he would try.
And so I don't like our security and our sort of digital future. Its guarantor is Donald Trump. That doesn't feel great, does it?
And so I don't like our security and our sort of digital future. Its guarantor is Donald Trump. That doesn't feel great, does it?
Okay, before we go any further, we've got time to chat quickly about one of our sponsors today, Vanta. So a question for you.
What do you worry about at 2 o'clock in the morning when it comes to your company's cybersecurity? Is it, do we actually have the right controls in place?
Is it, are our vendors quietly on fire? Or the truly terrifying one, why are we still trying to do all this with spreadsheets? Well, if that sounds like you, enter Vanta.
Vanta takes all that painful manual security busywork, chasing audit evidence, filling out questionnaires, updating the same spreadsheet for the thousandth time, and it automates it.
Their trust management platform continuously monitors your systems, pulls everything into one place, and helps keep your security program audit ready all of the time.
And yes, it uses AI, but in the useful way, flagging risks, streamlining evidence collection, and fitting neatly into the tools you already use so you can move faster, scale with confidence, and maybe even sleep through the night.
Get started today at vanta.com/smashing. That's vanta.com/smashing. Smashing Security. And thanks to Vanta for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
What do you worry about at 2 o'clock in the morning when it comes to your company's cybersecurity? Is it, do we actually have the right controls in place?
Is it, are our vendors quietly on fire? Or the truly terrifying one, why are we still trying to do all this with spreadsheets? Well, if that sounds like you, enter Vanta.
Vanta takes all that painful manual security busywork, chasing audit evidence, filling out questionnaires, updating the same spreadsheet for the thousandth time, and it automates it.
Their trust management platform continuously monitors your systems, pulls everything into one place, and helps keep your security program audit ready all of the time.
And yes, it uses AI, but in the useful way, flagging risks, streamlining evidence collection, and fitting neatly into the tools you already use so you can move faster, scale with confidence, and maybe even sleep through the night.
Get started today at vanta.com/smashing. That's vanta.com/smashing. Smashing Security. And thanks to Vanta for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily. Well, my Pick of the Week this week is not security related.
My Pick of the Week came across my eyeballs because I wandered into my living room and my lovely wife was there watching a movie and I had a laptop and I was doing a bit of work and she was watching this movie and it sort of caught my attention.
I looked up and thought, oh, this looks good. And I started watching and I started to forget my laptop after a while.
I stopped doing any work at all because I was watching a movie which came out in 2019, which I hadn't seen before, called Just Mercy with Michael B. Jordan and Jamie Foxx.
And this is the story— turns out it's a true story— the story of a lawyer called Bryan Stevenson, and specifically his defence of a man called Walter McMillian, who had been wrongly convicted for a murder.
A jury chose to sentence him to life in prison, but a judge overruled and sentenced him to death. And Bryan Stevenson is an extraordinary fellow.
I watched his TED Talk earlier today. And it's great. There he is fighting for justice and for people who found themselves in a particularly ghastly situation.
And one of the things that you realize is, well, he was kind of railing against a world which seemed to treat you much better if you were rich and guilty than if you were poor and innocent.
And there does seem to be, once again, a real imbalance in terms of who is on death row, and just how many of them indeed turn out to be innocent. It's an alarming number.
As he put it in his TED Talk, if we were to take that statistic and apply it to air flights, none of us would get on planes.
We'd ask for there to be a proper examination as to what on earth was going wrong. Just Mercy is a terrific movie, and I would recommend it. And that is my pick of the week.
James, what's your pick of the week?
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like.
It doesn't have to be security related necessarily. Well, my Pick of the Week this week is not security related.
My Pick of the Week came across my eyeballs because I wandered into my living room and my lovely wife was there watching a movie and I had a laptop and I was doing a bit of work and she was watching this movie and it sort of caught my attention.
I looked up and thought, oh, this looks good. And I started watching and I started to forget my laptop after a while.
I stopped doing any work at all because I was watching a movie which came out in 2019, which I hadn't seen before, called Just Mercy with Michael B. Jordan and Jamie Foxx.
And this is the story— turns out it's a true story— the story of a lawyer called Bryan Stevenson, and specifically his defence of a man called Walter McMillian, who had been wrongly convicted for a murder.
A jury chose to sentence him to life in prison, but a judge overruled and sentenced him to death. And Bryan Stevenson is an extraordinary fellow.
I watched his TED Talk earlier today. And it's great. There he is fighting for justice and for people who found themselves in a particularly ghastly situation.
And one of the things that you realize is, well, he was kind of railing against a world which seemed to treat you much better if you were rich and guilty than if you were poor and innocent.
And there does seem to be, once again, a real imbalance in terms of who is on death row, and just how many of them indeed turn out to be innocent. It's an alarming number.
As he put it in his TED Talk, if we were to take that statistic and apply it to air flights, none of us would get on planes.
We'd ask for there to be a proper examination as to what on earth was going wrong. Just Mercy is a terrific movie, and I would recommend it. And that is my pick of the week.
James, what's your pick of the week?
Mine feels very trivial after that one, but I'm going to recommend The Residence, which is on Netflix.
And it is a very light, cozy murder mystery, but it's set in the White House on the night of a state dinner.
In fact, a state dinner for the Australians at which Kylie Minogue is performing. And she does an excellent series of cameos.
You are reminded that she used to be an actor, of course. She started out on Neighbours, and she's delightful in it. And it's not very complex.
You know, you're not going to sort of go, Oh, this is the cleverest mystery I've watched in ages. But it's quite fun.
It also, as someone who— I've worked in America, I've been a reporter out there. They have got such an accurate layout of the White House and how it all works and all of that.
It's a fictional president, it's a fictional staff, you're not going to get any heavy politics.
It's got the obligatory sort of quirky detective figure who's— a sort of woman who is very obsessed with bird spotting.
It's entirely irrelevant to the plot, but the president's married to a man. You know, it's a gay couple. So it's all very escapist.
It's all very sort of light, other than being a murder mystery. And it was just quite delightful. Sort of 8 episodes.
You know, at the moment, I sort of sometimes feel you need something very escapist, quite silly. And this really ticked the box. I was kind of delighted by it.
So I cannot claim it's got anything the worth or the public value of yours, but it is quite good fun.
And it is a very light, cozy murder mystery, but it's set in the White House on the night of a state dinner.
In fact, a state dinner for the Australians at which Kylie Minogue is performing. And she does an excellent series of cameos.
You are reminded that she used to be an actor, of course. She started out on Neighbours, and she's delightful in it. And it's not very complex.
You know, you're not going to sort of go, Oh, this is the cleverest mystery I've watched in ages. But it's quite fun.
It also, as someone who— I've worked in America, I've been a reporter out there. They have got such an accurate layout of the White House and how it all works and all of that.
It's a fictional president, it's a fictional staff, you're not going to get any heavy politics.
It's got the obligatory sort of quirky detective figure who's— a sort of woman who is very obsessed with bird spotting.
It's entirely irrelevant to the plot, but the president's married to a man. You know, it's a gay couple. So it's all very escapist.
It's all very sort of light, other than being a murder mystery. And it was just quite delightful. Sort of 8 episodes.
You know, at the moment, I sort of sometimes feel you need something very escapist, quite silly. And this really ticked the box. I was kind of delighted by it.
So I cannot claim it's got anything the worth or the public value of yours, but it is quite good fun.
Don't worry about that, James. I am grateful to you because we needed a bit of frivolity. You know, this has been a terribly serious episode of the podcast.
I think we needed something a little bit frothy just to pep people up at the end of the show. So I'm very grateful to you. And that just about wraps up the show for this week.
Well, I am off up to Newcastle where I'll be speaking at the NHS's Skills Development Network conference. If you see me there, come up and say hello.
Thank you so much, James, for joining us. I'm sure lots of people would love to follow you online and find out what you're up to. What's the best way for folks to do that?
I think we needed something a little bit frothy just to pep people up at the end of the show. So I'm very grateful to you. And that just about wraps up the show for this week.
Well, I am off up to Newcastle where I'll be speaking at the NHS's Skills Development Network conference. If you see me there, come up and say hello.
Thank you so much, James, for joining us. I'm sure lots of people would love to follow you online and find out what you're up to. What's the best way for folks to do that?
So the best way is James R Ball on Blue Sky or jamesrball.com for my newsletter.
And you can find Smashing Security on social media as well. You can find me, Graham Cluley, on LinkedIn and Bluesky and Mastodon.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of 455 or so episodes, check out smashingsecurity.com. Until next time, cheerio, bye-bye.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of 455 or so episodes, check out smashingsecurity.com. Until next time, cheerio, bye-bye.
Goodbye.
You've been listening to Smashing Security with me, Graham Cluley, and thanks so much to James Ball for joining us this week and to this episode's sponsors, Adaptive Security, Vanta, and Passwork.
And of course, I have to thank those fellows over on Patreon.
Smashing Security Plus is what they have signed up for, which means amongst other perks such as getting the episodes early and without ads, they also have the opportunity to have their names read out at the end of the show.
So I'm going to reach into the hat right now and pick out a few of them. Who have we got?
Kenneth Ingham, Khajitan Kazimierzak, who sounds like he should be conducting a symphony, Dave Ellefson, who always knows where his HDMI cable is. Greg Bailey. Henry Walshaw.
The solid and dependable Justin Dale. David Smith, or is it Smythe? He has a Y in it. Just confused podcast hosts, I suppose.
And finally, someone who just uses the single letter J, clearly operating on a need-to-know basis.
Well, would you like to hear your name read out at the end of the show from time to time, join Smashing Security Plus. Go to smashingsecurity.com/plus to sign up there.
Costs as little as $5 a month. Of course, I realize not everyone can stretch to that, and that's absolutely fine.
What you could do instead of that is you could go and tell your friends, or you could leave us a 5-star review. You can like, you can subscribe, whatever you wish.
Just spread the word. And every little bit helps. I really appreciate it, and I hope you will be doing just that and will be tuning in to the show next week.
Until then, cheerio, bye-bye.
And of course, I have to thank those fellows over on Patreon.
Smashing Security Plus is what they have signed up for, which means amongst other perks such as getting the episodes early and without ads, they also have the opportunity to have their names read out at the end of the show.
So I'm going to reach into the hat right now and pick out a few of them. Who have we got?
Kenneth Ingham, Khajitan Kazimierzak, who sounds like he should be conducting a symphony, Dave Ellefson, who always knows where his HDMI cable is. Greg Bailey. Henry Walshaw.
The solid and dependable Justin Dale. David Smith, or is it Smythe? He has a Y in it. Just confused podcast hosts, I suppose.
And finally, someone who just uses the single letter J, clearly operating on a need-to-know basis.
Well, would you like to hear your name read out at the end of the show from time to time, join Smashing Security Plus. Go to smashingsecurity.com/plus to sign up there.
Costs as little as $5 a month. Of course, I realize not everyone can stretch to that, and that's absolutely fine.
What you could do instead of that is you could go and tell your friends, or you could leave us a 5-star review. You can like, you can subscribe, whatever you wish.
Just spread the word. And every little bit helps. I really appreciate it, and I hope you will be doing just that and will be tuning in to the show next week.
Until then, cheerio, bye-bye.
Host:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Guest:
James Ball:
@jamesrball.com
Episode links:
- IcedID malware developer fakes his own death to escape the FBI – Risky Business.
- Sex toys maker Tenga says hacker stole customer information – TechCrunch.
- Dutch police arrest man for “hacking” after accidentally sending him confidential files – Hot for Security.
- Meta Plans to Add Facial Recognition Technology to Its Smart Glasses – New York Times.
- Trading Sovereignty for Scale? The Costs of the US – UK Tech Prosperity Deal – Just Security.
- Just Mercy – Wikipedia.
- Just Mercy trailer – YouTube.
- Bryan Stevenson’s TED talk: We need to talk about an injustice – YouTube.
- The Residence – Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Passwork – a reliable secrets manager and password management solution.
- Adaptive Security – request a custom demo featuring a real CEO deepfake simulation.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Join Smashing Security PLUS for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
