In this final episode of The Lockdown, I reflect on the journey of the podcast, and explaining why I’m redirecting my energy to other projects. I discuss the importance of practical privacy measures, measures over an ‘all-or-nothing’ approach, as well as sharing my thoughts on threat modeling, and address several listener questions about privacy tools and self-hosting. I also introduce a new concept from my recent blog post about the “space between” in cybersecurity, examining how compartmentalization of identities can serve as an early warning system against social engineering attacks.

In this week’s episode:

1. Why this is the final episode
2. The all-or-nothing fallacy
3. Airport facial recognition and the Clearview AI threat
4. Threat modeling for different life situations
5. The CIA triad and why 100% security doesn’t exist
6. UK and Swiss digital ID systems and their privacy implications
7. NPM breach case study and the psychology of social engineering
8. Why organizations should compartmentalize communication channels
9. Listener Q&A: MySudo virtual cards, self-hosting setup, and mobile hotspots
10. The new Privacy Tools page on PsySecure.com

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-intro:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-general:matrix.org

Show Links:

• Privacy Tools Page - https://psysecure.com/privacytools/
• PsySecure ODSF Framework - https://odsf.psysecure.com
• "The Space Between" Blog Post - https://psysecure.com/ma-the-space-between-breaches
• Swiss E-ID System Information - https://www.bk.admin.ch
• Cyber Kill Chain (Lockheed Martin) - https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
• Robert Cialdini's Principles of Persuasion - https://www.influenceatwork.com
• Daniel Kahneman's Thinking, Fast and Slow - https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555

“Nothing in life is as important as you think it is when you are thinking about it.”

- Daniel Kahneman, Thinking, Fast and Slow 

★ Support this podcast on Patreon ★

In this episode, I share news from my recent trip to the UK, noticing how it seems to have reached the epic proportions of a Black Mirror episode; from the absurd TV licensing program to the new Digital ID Brit cards that will track your behavior. I also explore how the UK may be serving as a testing ground for new levels of behavioral surveillance that could eventually spread globally. I dive into California’s $900 “smart” license plates that track your every move, centralized government digital currencies, and my predictions for the next 20 years of Orwellian surveillance.

Support the show on Patreon!

In this week’s episode:

1. The UK’s TV licensing system: Legal extortion through private contractors
2. The Reviver R-plate: $900 to track yourself in California and Arizona
3. Brit Cards: UK’s new “voluntary” Digital ID system
4. The Bank of England’s digital pound and programmable money
5. Historical patterns of control: From land ownership to neural interfaces
6. Why the UK is the blueprint for global surveillance rollout
7. Predictions for the next 20-50 years of biosurveillance

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-intro:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-general:matrix.org

Show Links:

• PsySecure ODSF Framework - https://odsf.psysecure.com
• LCD License Plate (not privacy friendly!) - https://reviver.com/rplate/
• Black Mirror S03E01 "Nosedive" - https://www.imdb.com/title/tt5497778/
• Bank of England's Digital Pound - https://www.bankofengland.co.uk/the-digital-pound
• Brit Card Digital ID System - https://www.labourtogether.uk/all-reports/britcard
• TV Licensing Detector Ads (1980s-90s): 
  • The Detector Van - https://www.youtube.com/watch?v=8NmdUcmLFkw
  • "We know exactly where he is" - https://www.youtube.com/watch?v=qF3-S2sCnb8
  • Keep One Eye Open - https://www.youtube.com/watch?v=mVfOmR7gAek
  • More Powerful Dector Vans! - https://www.youtube.com/watch?v=1Q9CsRRhWQI

“One believes things because one has been conditioned to believe them.”

- Mustapha Mond (Brave New World

★ Support this podcast on Patreon ★

In this episode I address listener feedback and questions, from clarifying my stance on the “Tea” controversy to sharing practical tips from the community about Privacy.com workarounds. This episode covers some loose ends before I take a brief hiatus. I also discuss why I won’t be at Black Hat this year, share thoughts on minimalism versus practicality in privacy, and reveal my favorite Indian restaurant in Vegas for those attending Black Hat!

In this week’s episode:

1. Addressing the “Tea” controversy and clarifying my positions on doxing
2. Community solution for Privacy.com and Plaid privacy concerns
3. Contact information protection strategies when family uses social media
4. Future of capture-the-flag challenges and OSINT considerations
5. Conference attendance updates and travel

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-general:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-intro:matrix.org

Show Links:

• Tea app leak article - https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/
• OSMOSIS Institute - https://osmosisinstitute.org/events/
• Privacy.com - https://privacy.com

“There are no facts, only interpretations.”

- Friedrich Nietzsche

★ Support this podcast on Patreon ★

In this episode, I discuss the challenges facing privacy-focused payment solutions like Privacy.com, exploring alternatives and the troubling rise of KYC requirements across the industry. I dive deep into the Switzerland privacy crisis that’s forcing Proton to consider relocating their infrastructure, and what this means for encrypted email providers globally. I also cover the catastrophic security failure at Tea, a women’s safety app that exposed 72,000 images including government IDs through basic incompetence, leading to harassment campaigns on 4chan.

I wrap up with thoughts on vehicle tracking through DCM/Telematics modules, why buying older vehicles might be the better privacy-conscious choice, and how embracing the stoic lifestyle aligns with both privacy and my own philosophical principles.

In this week’s episode:

1. Privacy.com troubles: Account freezes, limited alternatives, and the KYC nightmare
2. Switzerland’s surveillance crisis: Why Proton is threatening to leave and relocating to Germany/Norway
3. Email provider comparison: Proton vs Tutanota vs Atomic Mail, and understanding intelligence alliances
4. Tea app breach: How 72,000 IDs and 1.1 million private messages ended up on 4chan
5. Vehicle tracking: DCM modules, telematics, and why your car is spying on you
6. Philosophy of privacy: Stoicism, minimalism, and why less is more

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-general:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-intro:matrix.org

Show Links:

• Privacy.com - https://privacy.com
• Cloaked.com - https://cloaked.com
• Proton Warrant Canary - https://protonvpn.com/blog/transparency-report/
• Climate Activist Arrest - https://proton.me/blog/climate-activist-arrest and https://www.wired.com/story/protonmail-amends-policy-after-giving-up-activists-data/
• Tuta Crypt - https://tuta.com/documents/tuta-crypt-spec.pdf
• Proton elliptic curve cryptography - https://proton.me/blog/elliptic-curve-cryptography
• SimpleLogin - https://simplelogin.io
• HashiCorp Vault - https://www.vaultproject.io
• RAM IS SPYING ON YOU (Cozy Living Machine) - https://www.youtube.com/watch?v=0-Y1SUSRqNU
• Meditations by Marcus Aurelius - https://www.amazon.com/Meditations-New-Translation-Modern-Library-ebook/dp/B000FC1JAI

“Very little is needed to make a happy life; it is all within yourself, in your way of thinking.”

- Marcus Aurelius

★ Support this podcast on Patreon ★

In this episode, I address listener feedback and corrections regarding use of public Wi-Fi, MAC addresses, and aliases. I dive deep into the nuances of MAC address randomization on GrapheneOS versus Apple’s private Wi-Fi addresses, explaining why GrapheneOS offers superior privacy protection. I discuss the real threats of public Wi-Fi in 2025 (hint: it’s not hackers with Wireshark), and share my approach with aliases.

I also cover the rising threat of infostealers like Atomic Info Stealer for macOS, the dangerous intersection of gaming cheats and malware, and why I avoid third-party antivirus software. Most importantly, I address the GrapheneOS controversy: the loss of a senior developer to military conscription, Google’s strategic pivot that threatens custom ROMs, and why claims of GrapheneOS “dying” are misinformation spread by those with competing agendas.

In this week’s episode:

1. Clarifications and Corrections: Public Wi-Fi, MAC addresses, and alias management
2. MAC address randomization: GrapheneOS vs Apple’s implementation
3. The real threats of public Wi-Fi in 2025
4. Info stealers and video games can be a privacy nightmare
5. GrapheneOS controversy: Developer conscription, Google’s lockdown, and the future of custom ROMs
6. Why antivirus software might be the malware you’re trying to avoid

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-general:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-intro:matrix.org

Show Links:

• MAC Address Lookup - https://maclookup.app/
• OUI Lookup - https://oui.is/
• 33mail - https://www.33mail.com/
• OpenSnitch - https://github.com/evilsocket/opensnitch
• Privacy.com - https://privacy.com
• Lithic - https://lithic.com
• Kaspersky and Russian Government - https://en.wikipedia.org/wiki/Kaspersky_and_the_Russian_government
• Google Not Killing AOSP - https://www.androidauthority.com/google-not-killing-aosp-3566882/
• GrapheneOS on Developer Conscription - https://grapheneos.social/@GrapheneOS/114359660453627718
• GrapheneOS on OEM Partnerships (June 19) - https://grapheneos.social/@GrapheneOS/114671100848024807
• GrapheneOS Response to Misinformation - https://grapheneos.social/@GrapheneOS/114825492698412916
• GrapheneOS on iPhone Security - https://grapheneos.social/@GrapheneOS/114824816120139544

“Social engineering bypasses all technologies, including firewalls.”

- Kevin Mitnick

★ Support this podcast on Patreon ★

In this episode, I explore the difference between the military mindset and the more stealth approach of minimization in cybersecurity. I share the results from the Ghost in the Source Capture the Flag (CTF) challenge, revealing how the winners cracked the AES encryption using dictionary attacks, keyword harvesting and the cipher tool hidden in robots.txt. I discuss why the “assume breach” mentality just leaves the doors wide open, using examples from Kevin Mitnick’s 1981 Pacific Bell infiltration to modern ransomware groups like Scattered Spider who breached MGM and Marks & Spencer through social engineering.

I also cover practical tactics for using public Wi-Fi, data curation techniques, the invisible surveillance net including Stingray devices, and provide a deep dive into GrapheneOS covering user profiles, app sandboxing, network controls, sensor permissions, and the proper use of sandboxed Google Play services.

In this week’s episode:

1. Ghost in the Source Capture the Flag challenge results
2. The military mindset problem in cybersecurity
3. Strategic use of public Wi-Fi for account creation and privacy techniques
4. Data curation tactics, and “Minimizing What Can Be Known”
5. Invisible surveillance net and Stingray devices
6. GrapheneOS discussion on user profiles, app sandboxing, network controls, sensors permissions, sandboxed Google Play services, and security architecture

Matrix Community Rooms

• Matrix Community Space - https://matrix.to/#/#psysecure:matrix.org

Individual Room Links:

• https://matrix.to/#/#lockdown-general:matrix.org
• https://matrix.to/#/#lockdown-podcast:matrix.org
• https://matrix.to/#/#lockdown-intro:matrix.org

Show Links:

• Noam Chomsky on Internet Privacyhttps://www.youtube.com/watch?v=QIWsTMcBrjQ
• Noam Chomsky on Advertising - https://www.youtube.com/watch?v=PfIwUlY44CM
• TryHackMe Platform - https://tryhackme.com
• Hack the Box - https://hackthebox.com
• Wired Article on DNC Stingray Surveillance - https://www.wired.com/story/2024-dnc-cell-site-simulator-phone-surveillance/
• IntelTechniques Data Removal Guide - https://inteltechniques.com/workbook.html
• Optery Data Broker Removal - https://optery.com
• Graphene OS - https://grapheneos.org

“We’re dragons. We’re not supposed to live by other people’s rules.”

- Hajime Ryudo

★ Support this podcast on Patreon ★

In this episode, I discuss three key strategies for maintaining privacy and security across your physical mailbox, email, and phone. I discuss the growing Matrix community, explore alternative mailing solutions using co-working spaces, detail a four-tier email strategy, and examine the concerning spread of Flock ALPR cameras. I also share insights on anonymous eSIM options and answer listener questions about dealing with Know-Your-Customer requirements. In this week’s episode: Joining the Mat...

In this episode, I discuss breaking free from the Apple ecosystem, the dangers of social media oversharing, and introduce our new Matrix community. I also cover the upcoming capture the flag challenge, share thoughts on the OSINT Defense & Security Framework progress, and rant about security theater at airports and online services that block VPNs. In this week’s episode: Apple’s $95 million lawsuit and the ecosystem lock-in problemWhy people overshare on social media and how OSINT can exp...

In this brief episode between travels, I announce the “Ghost in the Source” capture the flag challenge, a cryptographic hunt on my website starting June 21st, 2025. At the end of June I will pick 3 lucky winners which will receive a 6-month TryHackMe subscription voucher. I also provide an update on our new Matrix community. In this week’s episode: Announcing the “Ghost in the Source” CTF challengeChallenge details and rulesPrize information: 3 x 6-month TryHackMe vouchers!Matrix community up...

In this episode, I explore the privacy implications of using AI apps like ChatGPT and Claude on mobile devices. I discuss why ChatGPT’s requirement for Google Play Store login and audio recording storage led me to Claude on my GrapheneOS device. I also cover my daily app setup, Windows telemetry blocking with SimpleWall, macOS privacy with Little Snitch, and the potential of System76 Linux laptops. In this week’s episode: Privacy comparison between ChatGPT and Claude AI appsChatGPT’s audio re...

In this episode, I discuss what has been keeping me away from the mic, the Open Source Intelligence Defense and Security Framework (ODSF), and share updates on privacy topics including browser security, autonomous taxis, airport security cameras, and managing cryptocurrency. I also address listener questions about anonymous SIM cards and creating separate online identities. Official Website: https://psysecure.com In this week’s episode: Introducing the Open Source Intelligence Defense and Sec...

In this episode, we dive into Apple’s latest privacy retreat with the removal of Advanced Data Protection (ADP) for iCloud in the UK. We break down why Apple made this move, how ADP works, and what it means for users who care about encryption and data security. If you’re in the UK and using Apple’s ecosystem, this episode is a must-listen as I cover strategies to keep your data secure despite Apple’s decision. In this week’s episode: The UK’s Investigatory Powers ActA technical breakdown of h...

In this week’s episode, we take a deep dive into Session, a private messaging app, with its co-founder Kee Jefferys. We discuss the philosophy behind Session, its technical architecture, and the broader implications of privacy in a world increasingly hostile to anonymous communication. Kee shares insights on the importance of decentralized networks, the risks of phone number-based messaging, and the role of cryptocurrency in supporting private infrastructure. We also touch on operational secu...

In this week's episode we dive deep into both the psychological and privacy implications of social media apps. I reflect on my observations during recent travels, and explore how social media platforms are distorting human connections while simultaneously collecting vast amounts of personal data. The episode also tackles the technical aspects of email systems to the limitations of encrypted messaging apps, providing practical advice for maintaining privacy. In this week's episode: Listener Q...

This week on The Lockdown, The Practical Privacy & Security Podcast, we’re kicking off the new year with reflections, updates, and a deep dive into key privacy issues that are shaping 2025. From privacy settings on iOS and GrapheneOS, to AI assistants and their potential privacy pitfalls, this episode covers practical advice, insights, and solutions for everyday users. Additionally, I explore new state-level privacy laws across the U.S. and what they mean for both businesses and individua...

In this episode I speak with Luke Mulks, who is the VP of Business Operations at Brave Software. We discuss the privacy concerns over traditional web-based ads, and why Brave is offering a privacy-first alternative. Show Links: Brave Software: https://brave.com/podcast/ The Brave Technologist Podcast: https://brave.com/podcast/"Well who's gonna monitor the monitors of the monitors?" - Carla Dean (Enemy of the State) Podcast music: Recluse by Ray Heffer Official Website: h...

In this episode, we go back to the basics as I discuss what I would do today if I were starting from scratch. It begins with deleting social media accounts, especially Facebook. Additionally, we have an update from Optery in response to listener feedback. We discuss tools like LibreWolf, Brave, and GrapheneOS, and compare privacy approaches for mobile devices, including Pixel and iPhone. A segment is dedicated to starting a privacy-first journey, from deleting social media accounts to adopti...

In this episode, recorded on October 10, 2024, I dive into privacy and security during natural disasters, highlighting essential tools like iOS 18’s satellite messaging and Starlink for maintaining communication when traditional systems fail. Next I dive into self-hosting in depth, particularly focusing on Nextcloud for privacy-conscious file sync. The episode concludes with a detailed analysis of a critical vulnerability in Firefox and the merits of switching to LibreWolf for enhanced privac...

In this episode, we have a special guest, Tyler Murphy, co-founder of EasyOptOuts, a data removal service focused on helping people remove their personal information from publicly accessible people search sites. Tyler discusses the inspiration behind EasyOptOuts, the challenges of maintaining privacy in a world of constant data breaches, and offers insights into data removal from various brokers. This conversation is packed with advice for anyone looking to regain control over their online pr...

In today’s show, I discuss the National Public Data (NPD) breach, which contains 2.7 billion records, including the social security numbers of US residents. I cover how to check if your SSN is part of the breach and emphasize the importance of setting up a credit freeze for yourself and your kids. I also explore some useful tools for searching large datasets and share my thoughts on a Reddit post. In this week's episode: On the brink of giving up!Using OnlyOffice as a Google Docs alternativeN...