AI chatbots like ChatGPT have made quiet a splash. Companies are tripping all over themselves in a rush to add "AI" to everything, heedless of the security risks. But perhaps more insidious are the privacy risks. Most AI processing is done in the cloud, meaning that your queries and chats are subject to inspection, sharing, storing and monetizing. These AI systems are incredibly expensive to train and operate. And AI companies are desperate to feed them every scrap of data they can find. It's a recipe for privacy disaster. But there are ways to make it more private and today we'll discuss these approaches with Proton's head of AI, Eamonn Maguire.
Interview Notes
Lumo privacy and security model: https://proton.me/blog/lumo-security-model
AI privacy concerns: https://proton.me/blog/ai-privacy-concerns
How to build a private AI: https://proton.me/blog/how-to-build-privacy-first-ai
LaTeX: https://en.wikipedia.org/wiki/LaTeX
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:12:22: Defining some terms
0:15:29: What are the main privacy issues with modern AI?
0:22:53: What are the dangers of training AI models on personal data?
0:27:57: How do we make AI chatbots safer to use?
0:35:31: What are Proton's goals with Lumo?
0:42:41: How can Lumo protect a user's privacy?
0:52:19: Can we do more to anoymize cloud LLM queries?
0:56:50: What can we do to increase trust and transparency with AI?
1:02:55: Where does Proton store and process AI data?
1:10:35: Which LLM models does Lumo use?
1:15:38: Will Proton offer a local-only version of Lumo?
1:20:36: What's next for Lumo and AI at Proton?
1:27:59: Will Lumo ever be part of Proton pricing bundles?
1:31:24: Wrap-up
1:35:14: Patron podcast preview
1:36:04: Looking ahead
--------
1:36:32
--------
1:36:32
Securing Old Accounts
Now that we've tracked down all our old online accounts, it's time to make them more secure and review the data they contain. We should download a copy of that data for safe keeping before we ultimately delete or suspend the accounts. We'll discuss this next step in our journey of reducing our online data footprint - our Data Diet.
In the news: Windows 10 support has officially ended; seniors targeted with malware from Facebook groups; Tile trackers can also track you; massive Salesforce data leaked after refusing to pay ransom; dangerous Discord breach; Apple, Google to reluctantly comply with new Texas age law; California enacts age-verification law; EU Chat Control defeated; California makes GPC universally available; largest CCPA fine to date levied against TSC.
Article Links
Windows 10 support “ends” today, but it’s just the first of many deaths https://arstechnica.com/gadgets/2025/10/windows-10-support-ends-today-but-its-just-the-first-of-many-deaths/
Seniors targeted in global Facebook scam spreading new Android malware https://therecord.media/seniors-targeted-facebook-android-malware-scam
Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say https://www.wired.com/story/tile-tracking-tags-can-be-exploited-by-tech-savvy-stalkers-researchers-say/
ShinyHunters Leak Data from Qantas, Vietnam Airlines and Others https://hackread.com/shinyhunters-leak-data-qantas-vietnam-airlines-others/
The Discord Hack is Every Users’ Worst Nightmare https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare/
Apple and Google reluctantly comply with Texas age verification law https://arstechnica.com/tech-policy/2025/10/apple-and-google-reluctantly-comply-with-texas-age-verification-law/
California enacts its own internet age-gating law https://www.theverge.com/news/798871/california-governor-newsom-age-gating-ab-1043
Citizen Protest Halts Chat Control https://www.patrick-breyer.de/en/citizen-protest-halts-chat-control-breyer-celebrates-major-victory-for-digital-privacy/
California Governor signs first-in-the-nation privacy bill into law https://advocacy.consumerreports.org/press_release/california-governor-signs-first-in-the-nation-privacy-bill-into-law
CPPA fines Tractor Supply Company $1.4 million for privacy violations https://therecord.media/ccpa-tractor-supply-privacy-fine
Tip of the week: https://firewallsdontstopdragons.com/secure-old-accounts/
Further Info
How to freeze your credit: https://firewallsdontstopdragons.com/credit-freeze-now-is-the-time/
Setting up Global Privacy Control: https://firewallsdontstopdragons.com/how-to-enable-global-privacy-control/
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support our mission! https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:00:28: News preview
0:02:31: Win10 support ended
0:08:19: Seniors targeted with malware from Facebook groups
0:12:00: Tile trackers can also track you
0:19:51: Massive Salesforce data leak
0:26:50: Dangerous Discord breach
0:32:35: Apple, Google to comply with new Texas age law
0:39:47: CA enacts age-verification law
0:44:56: EU Chat Control defeated!
0:49:33: CA makes GPC universally available
0:55:02: Largest CCPA fine to date
0:57:02: Tip of the Week
1:01:41: Wrapping up
1:02:29: Looking ahead
--------
1:04:22
--------
1:04:22
Project Franklin Wants You
Our critical infrastructure is vulnerable and under attack by nation state actors, either for profit or perhaps even to establish a beachhead for future cyber conflict. During the pandemic, many of our core systems were automated and connected to the internet for remote administration, but this just created a larger attack surface. The federal government hasn't done nearly enough to protect these systems. Groups like DEF CON Franklin are working to find cyber volunteers to bring our national critical utilities above the 'cyber poverty line'. Today we'll explore the problems and solutions with Franklin co-founder Jake Braun, including what we can all do to help.
Interview Notes
DEF CON Franklin: https://defconfranklin.com/
For more info or help, email “defconfranklin” at gmail.com.
Volt Typhoon: https://en.wikipedia.org/wiki/Volt_Typhoon
Initial Franklin trials: https://harris.uchicago.edu/news-events/news/first-water-utilities-take-volunteer-cyber-help
Franklin Almanac: https://defconfranklin.com/almanack.html
Franklin launch (DEF CON 32): https://www.youtube.com/watch?v=0TdY9JUaybc
DEF CON 33 Franklin update: https://defconfranklin.com/water_cybersec.html
Jake’s books: https://www.amazon.com/s?i=digital-text&rh=p_27%3AJake%2BBraun
More help: https://www.cybervolunteers.us/en
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:03:19: Why did you start the DEF CON Franklin project?
0:07:58: Why did you focus on protecting water systems?
0:12:41: Why target our water systems?
0:17:10: How do protect 50,000+ water facilities?
0:22:01: What are key takeaways from your first trials?
0:24:53: What are some of challenges you've faced?
0:29:13: Why did we ever put critical infrastructure on the internet?
0:31:05: Are there third parties involved in facility security, too?
0:32:45: How do you coordinate your efforts with other, similar orgs?
0:36:32: How do you know when your job is finished?
0:39:14: Are you getting support from the US government?
0:41:31: What's next for Franklin? How can we help?
0:43:38: What's the long term roadmap for Franklin?
0:45:00: Interview wrap-up
0:46:54: Patron podcast preview
0:47:52: Looking ahead
0:49:11: My other stuff
--------
49:51
--------
49:51
Tech Time Bombs
There are literally billions of devices connected to the internet today - many of them cheap, insecure IoT devices... smart thermostats, doorbell cameras, webcams, cheap WiFi routers and other smart appliances. As we like to say, the "S" in "IoT" is for security. And when insecure devices are no longer supported, the security bugs will never be fixed. We'll discuss the implications of this growing problem and potential solutions with a passionate right-to-repair advocate and the founder of the Secure Resilient Future Foundation, Paul Roberts.
Interview Notes
Secure Resilient Future Foundation: https://secure-resilient.org/
The Security Ledger: https://securityledger.com/
Tech Timebombs: https://www.youtube.com/watch?v=koZERADCyug
Secure Repairs: https://securepairs.org/
Paul’s Congressional testimony: https://judiciary.house.gov/committee-activity/hearings/there-right-repair
FULU Foundation: https://fulu.org/
US PIRG: https://pirg.org/
Institute for Security and Technology: https://securityandtechnology.org/
NIST 800-232: https://csrc.nist.gov/pubs/sp/800/232/ipd
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Send me your questions! https://fdsd.me/qna
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:01:42: Interview terminology
0:03:22: How did you come to found SRFF?
0:08:24: Why are abandoned IoT devices "tech time bombs"?
0:16:53: What are the dangers of hacked IoT devices?
0:18:28: Is there any real liability for making insecure IoT devices?
0:23:36: How important is transparency to law making?
0:29:07: How does the right to repair interact with IoT security?
0:38:33: How should consumers be made aware of abandoned devices?
0:43:56: Can we rely on ISP's to block insecure devices?
0:46:42: What other groups are working on improving IoT security?
0:52:24: Should the gov't be funding research into securing IoT devices?
1:01:20: What can we do to help?
1:06:58: Patron podcast preview
1:07:31: Looking ahead
--------
1:08:54
--------
1:08:54
Ente: Private by Design
It's rare these days to find a well-designed and useful application that was made to be private from the get-go. Too many apps today view your personal data as a cash cow to be mercilessly milked, claiming to value your privacy when they really value the extra revenue they can make off of your private data. When I find useful apps that are private by design, especially ones that can replace more popular apps that harvest our data, I like to call attention to them: in this case, Ente Photos. Today I'll ask the founder and CEO why privacy is important to him and how it influenced his design approach.
Interview Notes
Ente Photo: https://ente.io/
Ente Auth: https://ente.io/auth/
Ente’s Machine Learning: https://ente.io/ml/
Ken Thompon’s lecture on trust: https://dl.acm.org/doi/10.1145/358198.358210
Further Info
My book: https://fdsd.me/book
My newsletter: https://fdsd.me/newsletter
Support the mission: https://fdsd.me/support
Give the gift of privacy and security: https://fdsd.me/coupons
Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch
Table of Contents
0:00:00: Intro
0:04:08: interview terminology
0:06:44: Why did you start Ente and why do you care about privacy?
0:15:23: Why should we trust Ente with our private data?
0:20:14: What private information does Ente collect?
0:25:12: How hard is it for 3rd party apps to integrate with the OS?
0:29:39: Is Ente more private than Apple Photos with ADP enabled?
0:31:40: How hard is it to migrate from Google or Apple Photos to Ente?
0:34:30: Is facial recognition metadata in a standard, portable format?
0:35:51: How hard is it to export photos from Ente?
0:37:57: Does Ente Auth allow for easy export and backup?
0:39:28: How do you backup your Ente photos?
0:41:12: How much of Ente's AI photo processing is purely on-device?
0:45:51: How do you vet third party software libraries for privacy?
0:49:07: What data could Ente give, if required, to law enforcement?
0:52:43: How can we pass on our legacy of memories to our kids?
0:54:55: What's next for Ente?
0:59:43: Interview wrap-up
1:00:56: Patron podcast preview
1:01:36: Looking ahead
Listen to Firewalls Don't Stop Dragons Podcast, The AI Daily Brief: Artificial Intelligence News and Analysis and many other podcasts from around the world with the radio.net app
New Zealand