We bring back Yael Grauer onto the show to talk about privacy. We have discussed privacy in parts before, but specifically, Yael, did a huge opt out list that we want details on. Did you know your info is on these data broker sites. Yael tells out how to get rid of the info, or if it is even worth it. Big Ass Data Broker Opt Out List Yael Writes Twitter Mastodon SecurityPlanner TallPoppy Want to join our signal group?

On this show, we have Tom explain to us what oAuth is, and should we really care about it. Pros: Easy Less accounts to track/manage Cons: Account linking (kinda) [DEPENDING ON IMPLEMENTATION] Your login to a third-party website is controlled by your oauth provider (who you sign in with) Oauth provider bans will affect more than just your primary account Join our signal group. As always, Like, Comment, and Subscribe

On this episode we talk about un-needed security. These are the things that you shouldn’t buy/install/use. Virus Scanning Phone Scanning Apps Identity Protection Military Grade Encryption VPNs that claim to stop hackers Any tech product on an informercial email the show: hosts (at) shortexplanations (dot) com

On this show we discuss the big players in secure messengers. Not to spoil the fun, but we both highly recommend Signal. Threat Model discussion What is our “definition of secure messenger” WhatsApp Group and individual messages are encrypted Uses the Signal Protocol Can see metadata Meta harvests the data as much as possible Facebook Messenger Only in secret mode Secret mode is one device only Developed the same way as WhatsApp Threema Audited, recently had an issue Paid Uses usernames, not phone numbers iMessage Really good if you have Advanced data protection and/or icloud disabled iCloud data security overview Advanced Data Protection for iCloud RCS Google is the majority partner SMS fallback mode How it works Signal Telegram is BAD email the show: hosts (at) shortexplanations (dot) com

Editor’s Note: Sorry the first few seconds of the audio was bad. We bring Yael Grauer onto the show discuss her research: Turns out Yael liked our VPN show. Go check it out. Go follow her: Yael Writes Twitter Mastodon SecurityPlanner Consumer Reports Digital Lab White Paper PDF Consumer Reports - VPN Testing Consumer Reports - Top VPNS Consumer Reports - Should You Use A VPN Want to join our signal group?

Browsers: Use Firefox or Chrome (Tom prefers Firefox) Edge is fine Safari is fine (Haim uses iOS and Mac) Stay away from alternative / non-mainstream browsers Addons uBlock Origin Your favorite password manager Extension Security History of browsers iOS browers Android browsers email the show: hosts (at) shortexplanations (dot) com

VPNs: (we are not making a recommendation) What is a VPN What isn’t a VPN Should you use a VPN anonymous vs obfuscation VPN vs Tor Are VPNs safe pivpn.io tailscale Private Relay next show is from the consumer reports who tried all the VPNs Join the signal group by emailing us. email the show: hosts (at) shortexplanations (dot) com

We speak to InfoSecSherpa about what is bothering her in infosec. Turns out there is a lot of problems with companies and employers requiring a whole bunch of certificates and degrees for entry level jobs. Are certificates necessary (They are not), or are we just making life harder for everyone? InfoSecSherpa Linktree. InfoSecSherpa Twitter Join the signal group by emailing us. email the show: hosts (at) shortexplanations (dot) com

2FA: What are Factors (Knowledge, Have, Are, Location) Email SMS Dongle-based Code (RSA Tokens, etc) Push-Based Auth (Duo) TOTP (Google Authenticator, Authy, etc) Yubico OTP U2F, FIDO2, WebAuthn Fall Back Safety [If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.] email the show: hosts (at) shortexplanations (dot) com

[If you are not subscribed to short explanations, please sign up. We forwarded the feed from the other podcast for a month.] Show Notes: Don’t re-use passwords across sites How do you even remember each password? Using a password scheme (MyPassw0rd-facebook.com) - This is a bad idea because password cracking software knows this trick and will compromise all of your accounts First: Use your password manager generator Chrome Built in / Firefox built in Cred Stuffing Password Rules WEIRD password rules (8 chars, what?