.png)
Privacy Please
Welcome to "Privacy Please," a podcast for anyone who wants to know more about data privacy and security. Join your hosts Cam and Gabe as they talk to experts, academics, authors, and activists to break down complex privacy topics in a way that's easy to understand.
In today's connected world, our personal information is constantly being collected, analyzed, and sometimes exploited. We believe everyone has a right to understand how their data is being used and what they can do to protect their privacy.
Please subscribe and help us reach more people!
Privacy Please
S7, E264 - Season Seven, New Threats
We kick off season seven with a tour of the year’s early privacy & security news: neighborhood watchtowers from Ring, a rival-led hack of Breach Forums, a massive stitched leak in France, a heavy Microsoft patch drop, AI agents on the rise, and new state privacy laws. We share practical steps: self-host cameras, freeze your credit, harden identity portals, and keep humans in the loop when AI handles sensitive data.
• CES unveils Ring’s neighborhood watchtower and its surveillance tradeoffs
• Why self‑hosted DVR systems beat cloud video for privacy
• Breach Forums doxxed by rivals and lessons in OPSEC
• France’s 45 million record “combo” leak and re‑identification risks
• Credit freezes, hard vs soft inquiries, and portal security
• Microsoft’s 114 patches and sane patch management
• AI agents escalating breach risk and human‑in‑the‑loop controls
• New privacy laws in Indiana, Kentucky, and Rhode Island and actionable rights
Please go to theproblemlounge.com and sign up for the newsletter
If you have guests or topics or anything, please reach out to us!
Alrighty then, ladies and gentlemen. Welcome back to another episode of Privacy Please. I'm Cameron Ivey alongside Gabe Gums. It's 2026, man.
SPEAKER_02:2026. Here we are. We're doing it again. We're doing it again. What season are we pulling into? I think this is season seven. See, it is season seven. This is season seven. Show number one of season seven. Yeah.
SPEAKER_01:If you're still listening and you've been around since season one. Congratulations and condolences.
unknown:Yes.
SPEAKER_01:Oh my gosh. It's been this is a this is, I don't know. This is so cool. Seven, seventh season. It's crazy.
SPEAKER_02:Yeah. We're gonna have to do some big things for this season.
SPEAKER_01:We got some big things, and we we've been talking about it the last few months of the last year, and we weren't kidding, though. We got a lot of good things coming this year.
SPEAKER_02:No, no. We want to tease one more? We want to tease one more. Want to tease the uh newsletter? Yeah, we should. Newsletter drops starting next week. Starting next week. Um we'll uh we'll let you guys know how you can sign up. Actually, by the time you hear this, they will be able to sign up. Yeah, just head on over to the problemlounge.com and you can sign up for the newsletter. It's uh it's all live on the site now. Now being in the future. So go now. Go now. Sign up. But newsletter drops. Um we got some new we got some new socials dropping too, but newsletter's the first one that we'll tease out. We got some new guests coming up at the top of the year, too. Some real fun folks. Yeah, we got a couple of CISOs, we got some folks from the VC world. We're gonna we're gonna get messy with it this year.
SPEAKER_00:It's gonna get a little messy, and that's you know, that's the world we live in, man. It ain't clean. No.
SPEAKER_01:It ain't clean. Anyways, let's dig into it. We're gonna do top five stories of the last few weeks and the new year. So um let's touch on the first one and kind of dig into it.
SPEAKER_02:Let's go.
SPEAKER_01:Um, all right, so uh the first week of so last week, um let's see. We have the uh Eye of Sauron, if that's how you say it.
SPEAKER_02:The Eye of Sain, yeah, from uh Lord of the Rings.
SPEAKER_01:Yes, which by the way, I'm on uh we're we're about to watch the third installment. We just went through the first two, which the extended versions, which are holds up well. It does hold up well. There's some cheesiness though in that first one with um Legolas. So when he was like jumping and jumping on that uh, I forget what that anyways, I digress. Um, so CES happened last week in Vegas.
SPEAKER_02:Um consumer electronic show, biggest electronic show on the planet. They unveil all of the new hotness in IT from televisions to digital girlfriends. Oh well, you know, the digital girlfriends in your television, the televisions with digital girlfriends, you name it.
SPEAKER_01:Now we're talking like into it. So online only, or are we talking actual robot girlfriends?
SPEAKER_02:We're talking all of it. It's CES. We're talking, we're talking all of it. It gets gets crazy down in in Vegas.
SPEAKER_01:Oh man, the world is getting a little wild here in the if you're if you're in the dating world. Anyways. So they announced the mobile security trailer. Um so I guess imagine those solar-powered uh police surveillance towers you see at Walmart, like those blinking lights, the blue blinking lights. Um the ring is now selling a smaller version for neighborhoods.
SPEAKER_02:Interesting. So I'll be honest with you, those those little mobile security trailers that like I do. I see them at Walmart, I see them at like uh the home goods stores. Yeah, they they make me not want to go to those places. Like I literally like I see them and I'm like, I don't want to be here. Um I don't like them. So so essentially your neighborhoods are now going to be able to just like pop up a watchtower. That's gonna be that's gonna be fabulous. So like that, and and if you've ever lived in a place with an HOA, then then I'm certain you know what I'm talking about. But there's always that one member of the HOA that's already going around the blocks just looking for just looking for a hedge out of place. And so now they're gonna get a literal watchtower in the middle in the middle of your your your city, in the middle of your your little hamlet. I mean development. Just uh I get it from a quote security perspective, but I don't I don't get it at all, actually.
SPEAKER_01:Well, I mean n tr try being a thief in uh in these times. You're on camera almost everywhere.
SPEAKER_02:I mean, in this economy, it's hard, man.
SPEAKER_01:Hey. Unless you gotta put food on the table somehow. If if that's the way you gotta do it. Um do what you gotta do. So what I mean, what are your thoughts on this, Gabe? So you don't like it. Um is it the I mean, you don't think that it's another sense of like uh safety security when it comes to like look neighborhoods?
SPEAKER_02:It's ring, right? So, you know, it's Amazon. And I'm not suggesting Amazon is good, bad, or indifferent, but essentially what we're what we're doing here is we are we're just gonna pop up an entire digital watchtower in the middle of our home and developments that could see everything, obstensibly for the purpose of security. Like ostensibly, that's the reason. Um but that's a lot of that's a whole lot of privacy to give up and to throw all of that into the cloud, into into a one organization, but b just, you know, into a place where it certainly can be tapped into. I know it'll be tapped into by law enforcement. That's not kind of a question.
SPEAKER_01:Well, they I mean, we already, we already get I already get that. I'll get police officers coming to my door all the time because I have ring cameras and they're like, hey, we had something that happened around the corner, we just wanted to see if you caught it on camera. So now they're getting a way to probably bypass that to where they can just access whatever.
SPEAKER_02:Whoa. I have not gotten that. I've also had the hey, something happened, can we see? Yeah. And I'm absolutely like that's yeah, right. Like I live in a society, like let's go. Yeah. But the request to like have access to my system, I was like, so that's gonna be a hard pass. It's gonna be a hard pass. But I also don't use one of these, these, uh, these systems that that I don't use one of these SaaS systems. I I use a system that is it's self-hosted at at home that's not not even difficult. Like you can buy them, right? Like you can buy them from any of the big box stores, Costco's, BJs, Target, whatever. You can get a D VR system like with cameras for your own home. So you don't have to use the cloud. I I highly suggest it.
SPEAKER_01:Yeah. That's smart. Any other tips on on this if anybody's thinking about doing something like this?
SPEAKER_02:Yeah, to make tell your HOA not to do this. Like I would much rather the HOA invested in everyone getting their own private DVR systems, right? Like that's not gonna happen.
SPEAKER_01:Hey, a girl can dream. But you know what? A girl can dream. You know what this reminds me of? This is this is the Truman Show. We are it it's normal normalizing being monitored 24-7 anywhere you are.
SPEAKER_02:It's definitely the Truman Show, dude.
SPEAKER_01:That's weird.
SPEAKER_02:I'm gonna go ahead and I'm gonna go ahead and pass on this one.
SPEAKER_01:Yeah. And from I was just gonna make a joke from the Truman Show movie. But anyways. Number four. Number four. Um Well, it's a Jim Carrey movie. I don't blame you. It's a hot one. It's a good one. I need to rewatch it. I I haven't seen it in many years. Good stuff. Yeah, yeah, go do it. Number four. Um Breach Forums. The biggest hacker, hangout, and the dark web. They got hacked themselves. Interesting.
SPEAKER_02:I'm not saying I know them, but I know them. Look, I'm not suggesting I know them, but I know them. But um it's always it's always interesting when the bad guys get doxxed. I mean, interesting for me. Look, they're people too, you know, that they are they are real people also, and they go, they go to great lengths usually, usually, usually preserve their privacy. Um and so it's a good reminder that like if if the guys who are breaching your privacy and are also going out of their way to protect their privacy but get their privacy breached, you know, there should be a lesson in there somehow. And so I don't know if there's any, you know, real today you have learned moment, other than any time we give our information, whatever that information is, to some system online, it is it's possible it might get exposed. So what did they get though? What did they get?
SPEAKER_01:Um, well, th uh 324,000 users to be exact uh from their records, usernames, emails, addresses, IP addresses of the people who buy and sell your stolen data. That's interesting.
SPEAKER_02:That's interesting. So they're they're doxing the people who dox us. What do you call that? Is that checkmate? Is that 4D chess is what is what that is. 4D checkers. So somewhere out there, there's a guy named Dark Lord 99 who's in his mom's basement freaking the hell out because I told her he was a security researcher. Yeah.
SPEAKER_01:Any any tips here, Gabe?
SPEAKER_02:I mean look, it's even for the bad guys, it's it's buyer beware, caveat and petour, right? Like, you know, if you if if you are again, you any day any system you put your data in, just know that it it's it's susceptible to be stolen, even even the bad guys. The doxers got docs.
SPEAKER_01:The doxers got docs.
SPEAKER_02:There's no there's no uh there's no no love and war, really. As I understood it, wasn't it like their competitors or or one of their rivals? It was one of their rivals that something like that, yeah.
SPEAKER_01:Yeah, it was a rival hacker leaked. So obviously, you know. Expect retaliation. That's fun.
SPEAKER_02:I like that. If I know anything about hackers and I I may have met one or two at my travels, expect expect they will be back.
SPEAKER_01:Well, that's exciting. Everybody be on your toes about that because that's gonna be fun to watch uh some bad guys go after each other. Some some hacker soap opera. Get the popcorn, baby. Let's go. I just see that meme of the Michael Jackson eating popcorn.
SPEAKER_02:That's it, right? That's it.
SPEAKER_01:Um the whole country leak uh from France. So massive data leak involving 45 million records from French citizens. That's huge.
SPEAKER_02:That's almost like that's like the entire working force of France. That's like every working age adult in France. That is huge.
SPEAKER_01:You think 45 million people in France actually work? Come on. You know what?
SPEAKER_02:Check me. I mean that's that's about right. Uh I mean, look, if I know the French, A, they're not terribly worried about it. Um and B, you're you'd be right.
SPEAKER_01:Uh just uh I mean, just you know, but yeah, for uh whatever. I mean, it makes sense. That's a lot of records. Um, some of those records were social security numbers, that's massive. Uh health insurance IDs and birth dates.
SPEAKER_02:Yeah. So what's interesting about this one is it looks like one of those you can call them combo list breaches, but like it's uh, you know, another way to look at this is kind of a re-identification attack. So what they did was they stitched together data from a bunch of attacks and simply identified those individuals across those different data sets and then stitched it all together. So, you know, one data set may have just been like your use your email address and your birth date, and another one may have been your health insurance information and your birth date. And they just started correlating a bunch of information um to come up with this combo list, but it's a different form of a re-authentication attack that we talked about re-authentication attack a few years ago. Like we were pre-pandemic, I was about to get into some deep research on it before I got, you know, like the rest of the world sent home uh to live in a cave for a while. Um but yeah, that's uh that's no fun.
SPEAKER_01:No? So uh freeze your credit and then live your life?
SPEAKER_02:Should be frozen anyway, because if you're not shopping for credit Yeah, right?
SPEAKER_01:What happens what happens when you freeze your credit? What does that mean? Does that mean you just don't even do a hard inquiry?
SPEAKER_02:And so like, you know, if when you go to like, you know, buy a house, buy a car or something, yeah, yeah. Not a loan of some sorts, like they perform a a hard inquiry against your credit.
unknown:Yeah.
SPEAKER_02:Okay. Some folk folks will do like a quote, soft inquiry, which is they're essentially buying your data. They're buying your data, um, either firsthand or in the bl or second market, and then they essentially know, yeah, Cam has roughly a blank quite credit score. Okay. But a hard pull like gives you firm confirmation from one of the three reporting agencies, right? Like, ah, this is what it is. So you cannot usually get any form of credit without that hard inquiry. So you're allowed to lock your credit with those three with those big three guys, you know, Xperian, um, Equifax, Transunion, um, such that hard inquiry cannot be performed. Got it. Yeah, so like hard inquiry, can't get a lock.
SPEAKER_01:So if somebody gets your information, they can't go open a line of credit in your name.
SPEAKER_02:Unless, of course, they get your information to log in to say you're transunion and then like undo it.
SPEAKER_01:Yep. And you know what? That's actually becoming a thing for uh companies, I forget what it's called, but that's like a new way in, um, or at least that's what I was reading. I don't know if it's a new way, but instead of spamming you or um getting you to click a link, you basically, if let's say someone logs into their work e um like sign-in, right, they can get into their to the company instead of you individually. So they get into the company. Um I forget what that's called, but someone did that recently. Uh anyways, um, okay, so number two, Microsoft. Oof, big name. Uh Patch Tuesday. First one of the year. Yeah. So January uh last week, last Tuesday, they fixed uh 114 vulnerabilities.
SPEAKER_02:That would have been a nice Christmas present. I mean, so you gotta imagine they fixed 114 vulnerabilities. So, first of all, what the 114 bones? But, you know, give it a big platform, it's a huge platform, and there's a lot of people targeting the platform. So kudos to Microsoft for decades of just you know constant patches and and staying on top of it. Not so kudos to to Microsoft for lots of other reasons, but um I'm not here to bash on them. Um what do you think? I I think they released these in January because there's there's no sysadmin in the universe who is who's gonna fucking patch all these in December. Like it's the whole world essentially change freezes and don't don't update their systems at the end of the year. Plus, no one wants to be frickin' firefighting uh bad patch on Christmas Day. So, you know, if I Microsoft and I released this in December.
SPEAKER_01:We all know Eric was checked out for the last two weeks on leave.
SPEAKER_02:So they so look, they did they did the world a solid. They were like, look, we'll leave your phones on patch for another month. Giving you plausible, plausible deniability into why you didn't install them. Because otherwise you weren't going to anyway, because it was the holidays. So, you know, this is all about that's a that's a late Christmas gift, is what that is. That's a late Christmas gift. That's what that is.
SPEAKER_01:So, Gabe, from your from your experience, um now obviously 114 is a lot, but is it really I think you kind of alluded to this that it's Microsoft, they're one of the biggest companies in the world. So is it really that much considering who that is? Because Oh, it's huge.
SPEAKER_02:Yeah, yeah, yeah. The market share for Microsoft on on the desktop is is massive. And one of the the patches that um was released is already being exploited in the wild, which again goes back to that it's a huge attack surface. So as an attacker, it behooves me to you know attempt to attack a Windows machine more so than some other systems. Although, you know, the internet runs on Linux, but that's a different conversation.
SPEAKER_01:Well, that does it for that one. So let's move on to the last one.
SPEAKER_02:Number one drumroll.
SPEAKER_01:AI agents. Um where so uh speaking of Experian, um let me see here. What do you got? Hit me with it. So AI agents will overtake human error as the leading cause of data breaches in 2026 is the prediction.
SPEAKER_02:So not AI hacking us, but AI messing us up.
SPEAKER_01:Interesting. I can actually well you know, I this might be off topic, but I remember seeing a video where someone was talking to ChatGPT about the word strawberry, and it was saying that it only and ChatGPT kept saying that strawberry only has two R's in it, but it actually has three. You have an R in the beginning and then stre Barry has two R's. But it wouldn't it kept saying there was only two even after correcting it, which I thought was interesting. But I wonder I wonder where this prediction is coming from in terms of like bigger picture.
SPEAKER_02:I think what I read was that Experian was saying that, you know, a combination of hackers using AI agents to automate attacks faster. Um, but also a lot of companies are letting AI bots handle sensitive data without supervision. And so the combination of those two things will lead to a lot more data leakage. I can buy that argument. Yeah. I definitely buy that argument.
SPEAKER_01:Well, I mean, some some humans, well, not some, but a lot of humans are lazy too. You got AI doing it, you're not gonna check it.
SPEAKER_02:That's the real problem, though, isn't it? Right? Like, is it really AI that's gonna it sounds like the problem is still gonna be human era, but human error multiplied by AI. Or it will be human malfeasance like ransomware multiplied by AI. But ultimately, the underlying problems still haven't been solved for. Like, we still haven't solved for the ransomware problem, and we still haven't solved for the human problem.
SPEAKER_01:But this is this is where we can define They're both viruses, by the way. Yeah. Different kinds of so I mean, so what what's some good tips here in terms of like, let's give a real world example.
SPEAKER_02:Um look, I think a good tip is be mindful of companies that use AI to do their business, right? Like, know that that puts your data at an increased risk of of exposure. Like you certainly may not know how even your current bank is using AI. Make no mistake about it, they're using it. Everybody is. Everyone is, everyone is just assume that. Yeah, yeah. I think what One of the places where people need to be most careful though is in phishing attacks. The use of AI to write better phishing emails has long been adapted by phishing attackers. But I think you're going to see that get better. Um especially as they you know attack multiple individuals within an organization, use AI to analyze an inbox and quickly understand how to solicit other information from others across the business. Yeah, I think you're gonna see AI. Yeah, I'm gonna agree with uh with Experian on this one. Um, AI is going to continue to be a trend for 26 and a threat, a major threat.
SPEAKER_01:Yeah. I agree. And one more that I wanted to throw in here. I know it's supposed to be top five, but it is a new year and there are new laws that are out. I just wanted to kind of throw in a few things for reminders for everybody. So as of January 1st, Indiana, Kentucky, and Rhode Island officially joined the club of states with comprehensive privacy laws. That's pretty awesome. Welcome to the club. Welcome to the club. We're not in the club, but welcome to the club. Um, Rhode Island's law is pretty hot. It requires companies to disclose the specific names of the third parties they sell that sell your data. Oh, excuse me, sorry. It requires companies to disclose the specific names of the third parties they sell your data to. Um, not just vague categories like marketing partners. Um so just remind remember that. Um, even if you don't live in Rhode Island, I would try changing your account location to Rhode Island and your s and your settings and data data broker sites. You might unlock some transparency features that uh the rest of us don't get.
SPEAKER_02:Pro, pro tip. When also emailing organizations asking them to remove your uh your data, you can tell them you live in places like Rhode Island.
SPEAKER_01:That's true. What are they gonna do? I'm just saying you can. Yeah. That's a good point. All right, cool. Well, Gabe, first episode of 2026. Welcome back. Yeah, same. And thank you guys for listening. Again, if you haven't gone to the website, problem the problemlounge.com, go check it out. You can listen to the episodes there. We got a newsletter starting to come out next week, or by the time you listen to this, it's already out. So please go on. If you have guests or topics or anything, please reach out to us at theproblemlounge.com. We'll see you guys next week.
