The UK's Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple's credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Visit https://www.smashingsecurity.com/154 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: John Hawes.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- That "sophisticated" Labour cyber-attack - don't panic — Graham Cluley.
- General election 2019: Labour Party hit by second cyber-attack — BBC News.
- Election 2019: Security flaw leaves donors’ details online — The Times.
- Apple's 'sexist' credit card investigated by US regulator — BBC News.
- Apple's credit card caper probed over sexism claims – after women screwed over on limits — The Register.
- Google has access to detailed health records on tens of millions of Americans — Ars Technica.
- Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans — WSJ.
- Google buys Fitbit for $2.1 billion — Ars Technica.
- Smart condom ring i.Con is like a Fitbit for your man bits — CNET.
- The Missing Cryptoqueen — BBC Sounds.
- Undone — Amazon Prime.
- Speed Monopoly - How to Play in under 30 minutes! — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. I see that 10 times a day you appear to be running vigorously.
CAROLE THERIAULT. Okay, breathe, breathe, we don't want you to die.
ROBOT. Smashing Security, episode 154: A Butt-Tuck of Biometrics, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 154. My name is Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. Hey, and we're joined this week.
CAROLE THERIAULT. Okay, it's very late, everybody. We're doing this late. It's going to be a silly episode. I'm warning you now.
GRAHAM CLULEY. We are joined this week by John Hawes.
JOHN HAWES. Hello. I'm not being silly at all. I'm being very serious.
CAROLE THERIAULT. Good. Now, John, I'm going to describe you and I want you to tell me if this is a fair description or not. Okay. A diplomatic man who advises cyber companies around the world to get along and play nice and build fair standards.
JOHN HAWES. You missed handsome.
GRAHAM CLULEY. Oh. Yeah, you missed the beard. You missed 5— not 5 foot 4, you missed 6 foot 4.
JOHN HAWES. A 5 foot 4 man. That's how I like to start all descriptions.
GRAHAM CLULEY. There's nothing wrong with being any number of foot 4s. But he is notable by his ostentatious height, I feel.
JOHN HAWES. I don't do it on purpose.
GRAHAM CLULEY. That's what you say, John. Carole, what have we got coming up on the show this week?
CAROLE THERIAULT. First, thank this week's sponsor, LastPass. Their support helps us give you this show for free. On today's show, Graham is delving into the UK Labour Party DDoSed Non-Fiasco. John is looking into why Apple credit card is being called sexist. And I'm going to get on my soapbox about private health info and Google. All this and loads more coming up on this episode of Smashing Security. Smashing Security.
GRAHAM CLULEY. Super duper stuff. Now, chums, we here in Britain, we're all British.
JOHN HAWES. Chums?
GRAHAM CLULEY. Yes. Yes.
JOHN HAWES. Oh, don't.
GRAHAM CLULEY. Yes, John.
JOHN HAWES. Sorry. Yes.
GRAHAM CLULEY. Let's not even start. We have got an election on our hands. Election, I said. Yes, that's true. In one corner is the bumbling Etonian Boris Johnson. Now, we should explain the various participants for people who don't live in the UK, because not everyone around the world who listens, we are very popular around the world. We shouldn't just assume everyone knows what's going on in British politics. Shall we explain who everybody is?
CAROLE THERIAULT. Yeah, not everyone. Are you insane? Just the main players. Just the main players.
GRAHAM CLULEY. There are 4 main players. So we have in one corner the bumbling Nettonian Boris Johnson. From time to time he's been described as a malevolent baked Alaska.
CAROLE THERIAULT. He's like an ugly Hugh Grant.
JOHN HAWES. Or there's an image of Donald Trump's hair and Owen Wilson's face. Does look a lot like Boris Johnson. Anyone's wondering what he looks like.
GRAHAM CLULEY. It's also been suggested he looks a little bit like an unmade bed mixed up with a head injury. He, now he, he campaigned, remember the big Brexit referendum? He campaigned to leave Europe, but a lot of people suspect he really wanted to stay in. Whereas his opposite number in another corner is Jeremy Corbyn, right? He's the ultra left-wing.
CAROLE THERIAULT. He's our Sanders representative.
GRAHAM CLULEY. Yeah, yeah, yeah. He's the leader of the, like, the Labour Party. He looks like a geography teacher. Teacher, campaigned to stay in Europe, maybe because he loves geography.
JOHN HAWES. Very elderly geography teacher.
GRAHAM CLULEY. Yeah, quite elderly, with the patches on his elbows and everything. Now, somewhere in between these guys, we've got Nigel Farage.
CAROLE THERIAULT. Wait, whoa, somewhere in between? Like, this is like Pluto to Uranus.
GRAHAM CLULEY. No, sort of nestled in the nook of Boris Johnson, we have Nigel Farage. He's the plain-talking, beer-swelling, man of the people who happens to be a commodities broker who wants us to cut ourselves off from the continent at any cost. And we've also got, let's not forget, the head girl, goody two-shoes, Jo Swinson. She's leader of the Liberal Democrats. Yeah, she wants to kick Brexit to the curb, snuggle up with Europe, and promise to be their BFF forever.
CAROLE THERIAULT. Okay, so an easier way to put this, if you've got Jeremy and Jo in one corner and you've got Johnson and Farage in the other.
GRAHAM CLULEY. Yeah, well, I don't think Jeremy necessarily is in Jo's corner. It's slightly complicated when it comes to Jeremy.
CAROLE THERIAULT. But we're going to simplify for our listeners.
JOHN HAWES. Nigel and Boris all keep denying that they're each other's buddies, but keep trying to be buddies.
CAROLE THERIAULT. Yeah. Okay.
GRAHAM CLULEY. Anyway, in summary, Brexit's bloody confusing, has divided the country, and is the backdrop for what is probably going to be the most ruthless British general election in our lifetimes.
CAROLE THERIAULT. Okay. Yeah.
GRAHAM CLULEY. And of course, we've mentioned those four people, but let's not even begin to start on what other countries they might have a vested interest in a particular result. Anyway. Yes. We are recording this week's show on Tuesday, and I've had a crazy day. We were planning originally to record this at lunchtime, weren't we? Mm-hmm. And well, that, that got blown out of the water. And one of the reasons was that when I got up this morning, news broke that the UK's Labour Party said that they had suffered a sophisticated large-scale cyber attack, in their words.
CAROLE THERIAULT. Do you know, I had a problem with that as soon as I read that, because sophisticated, it takes a while to establish whether an attack is sophisticated.
GRAHAM CLULEY. Right. But so many companies claim it, they've suffered a sophisticated ransomware attack.
CAROLE THERIAULT. I know.
GRAHAM CLULEY. Well, it's like they don't want to say it was a really elementary one, do they?
CAROLE THERIAULT. Nope.
JOHN HAWES. You have to have a computer, which is quite sophisticated.
GRAHAM CLULEY. I suppose.
JOHN HAWES. You can't just do it with a pen and paper.
GRAHAM CLULEY. I suppose not.
JOHN HAWES. It's gonna be tricky.
GRAHAM CLULEY. Well, my phone went crazy at this news. BBC TV News, they wanted to get me to a studio, but I thought, well, we're planning to record a podcast. I can't do that. Sod that. So we ended up doing it via Skype. And while I was doing it, I was recording this while I was recording their TV slot. My camera started to slide down. It wasn't completely affixed.
JOHN HAWES. And so this doesn't sound very sophisticated. It wasn't.
CAROLE THERIAULT. So you had one of those moments like that guy whose kids came in while he was talking?
GRAHAM CLULEY. It wasn't quite like that, but it was a bit like 1960s Batman where the villains always have a sloping floor on their HQ. So bam, water. Wham! So anyway, not that sophisticated. Turns out that this attack on Labour wasn't that sophisticated either, because it was a DDoS attack, a distributed denial of service attack, which of course are often powered by botnets of computers around the world clogging up websites and making them fail to work properly.
CAROLE THERIAULT. Yeah, they've been around for more than a decade.
GRAHAM CLULEY. Yeah, yeah, yeah.
JOHN HAWES. Pretty cheap.
GRAHAM CLULEY. Not complicated at all.
JOHN HAWES. $50 for 3 hours or something.
GRAHAM CLULEY. Well, yeah, exactly. You could just purchase some DDoS time with a PayPal account virtually, couldn't you? I mean, ironically, Labour were using a DDoS mitigation service called Cloudflare, which many people will know, and they were ultimately able to get Labour back up and running as well. But there are many DDoS-as-a-service booter sites, so sort of online sites you can go to to sort of purchase a denial of service attack if you wanted to launch one, which are themselves protected by Cloudflare.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. There is some Cloudflare, you know, they're playing both sides of the coin. Yeah. Yeah. A bit like Facebook sometimes.
CAROLE THERIAULT. They'd like to say knitting with three needles.
GRAHAM CLULEY. Right. Now, inevitably, there's been lots of talk about who might be responsible for this DDoS attack.
JOHN HAWES. The Libyans.
CAROLE THERIAULT. Farage. Well, he was at the pub one night, had a few too many.
GRAHAM CLULEY. A bit drunk.
CAROLE THERIAULT. And he goes, I got an idea.
GRAHAM CLULEY. I got an idea.
CAROLE THERIAULT. Like I could do this.
GRAHAM CLULEY. Well, it could have been them. It could have been— maybe it was Russia, because of course Russia might have a vested interest in the pro-Boris party.
CAROLE THERIAULT. You're always blaming Russia for everything.
GRAHAM CLULEY. Oh yeah, bless them. Yeah, maybe it's the French. Maybe the French just don't like us. I mean, they're still technically at war with us 300 years later, aren't they? Maybe it was Boris himself.
JOHN HAWES. But do any of these people have a vested interest in slightly embarrassing Jeremy Corbyn?
GRAHAM CLULEY. Well, maybe they didn't know how embarrassing. Maybe they thought if we knock out Labour's digital campaign, they won't be able to do anything. They won't be able to to move and motivate their forces and get them, you know, canvassing wildly for Jeremy and his potential referendum.
JOHN HAWES. Definitely not sophisticated then.
GRAHAM CLULEY. Not that sophisticated. Maybe it was Boris himself. Remember Boris was getting private technology lessons from Jennifer O'Currie when he went round to her flat. That was the claim at least. Maybe it was kids, 'cause it could be a kid, right? With a DDoS attack.
CAROLE THERIAULT. It could be a kid. Hey, Graham, Graham, Graham. You digress. So, so the Labour Party got hit by DDoS.
GRAHAM CLULEY. Yes, yes.
CAROLE THERIAULT. And it wasn't anything complicated or, Did they steal anything? No, the DDoS doesn't steal anything. It just brings down services. So why did they go public?
GRAHAM CLULEY. Well, yeah, good question, I think, is should they have gone public about it? Should they have been so loud about it? I certainly think they tried to make a little bit of political capital out of it with the suggestion that maybe they were being targeted, whereas they didn't really know whether it was gonna be a 14-year-old kid or not who had done it against them.
CAROLE THERIAULT. Okay, but really, do you think that's a good PR strategy to say, let's go out there and say that we've been targeted? Because then what, you get more headlines? You get more inches in the papers.
GRAHAM CLULEY. We know what they got more of.
CAROLE THERIAULT. What?
GRAHAM CLULEY. They got more DDoS attacks because then it appears other people thought, well, little kids thought, oh yeah, that'd be a laugh, wouldn't it? Let's have a go at Uncle Jeremy with his political party. Let's launch a DDoS attack against him. So others began to do it as well. Any script kiddie with a botnet decided they could have a go and sort of encouraged, I think.
CAROLE THERIAULT. You can see the IT guy calling up Cloudflare going, um, hi, so we just need to have a few, a bit of ramp up.
GRAHAM CLULEY. So I think maybe the truth was that it didn't have that much impact on them for a relatively short time. And many companies up and down the country are being affected by DDoSes, you know, every week, right? And maybe they were a bit too quick and maybe they did over-egg what happened. And then the media of course were getting really excited about the fact that it could be a state-sponsored attack. Seems in truth it was very unsurprising.
CAROLE THERIAULT. This is tricky. This is tricky, right? 'Cause in a way I'm kind of happy that they came out and said, "Hey guys, we're having a problem." I don't like that they said sophisticated without actually looking at it. That seems a bit early in the game. I think anyone who uses any adjectives they can't defend, you know.
GRAHAM CLULEY. It seems to be the habit though, isn't it? Whenever a security incident does occur, people love to say sophisticated. They said it with TalkTalk, for instance, which was sophisticated.
CAROLE THERIAULT. Do you remember when APT came out as the new term?
JOHN HAWES. What was it?
CAROLE THERIAULT. Advanced? What was it? What's it stand for?
GRAHAM CLULEY. Persistent threat.
CAROLE THERIAULT. Persistent threat. And that was a way of basically saying, yeah, we got screwed by some—
JOHN HAWES. A thing.
CAROLE THERIAULT. A thing that we couldn't stop.
GRAHAM CLULEY. You can't blame us because it was advanced and it was persistent and it was a threat. And coincidentally, the same day they announced this problem, there was an exclusive report in the Times newspaper saying that they had stumbled across a data breach on the Labour website. Now, I don't think this is connected at all, and I don't actually think that the Labour website was hacked. What it appears they had was they had an online donation tool and it was generating an RSS feed containing people's names and the sums of money which they had donated to the Labour Party via this page.
CAROLE THERIAULT. They must have clicked a box saying, I don't mind everyone knowing.
GRAHAM CLULEY. Well, I hope that's not how The Times portrayed. The Times say that the form asked for people's first names, but a number of people also entered their surnames. And that's why it ended up on the RSS feed.
JOHN HAWES. This was going out to anybody that subscribed to the feed, got a list of everybody that donated to the party.
GRAHAM CLULEY. I think that is basically the sum of it.
JOHN HAWES. That's not really a breach, that's just a boob.
GRAHAM CLULEY. And there'll probably be plenty more boobs.
CAROLE THERIAULT. It's gonna be boobtastic.
GRAHAM CLULEY. Boobtastic election, which the tabloids are going to love, aren't they?
JOHN HAWES. It already has been.
GRAHAM CLULEY. Jon, what have you got for us this week?
JOHN HAWES. Well, so I wanted to talk about Apple's sexist credit card.
CAROLE THERIAULT. Okay, not controversial.
JOHN HAWES. Well, no, actually a little.
CAROLE THERIAULT. Oh.
JOHN HAWES. So I'm not sure if you're aware, but Apple has a credit card.
GRAHAM CLULEY. Why? What's the point?
JOHN HAWES. Well—
CAROLE THERIAULT. To buy stuff, Graham. That's what credit cards are for.
JOHN HAWES. It's very Apple-y.
GRAHAM CLULEY. Oh, okay.
JOHN HAWES. It's laser-etched. White titanium.
CAROLE THERIAULT. Oh, it's sexy.
JOHN HAWES. It's very slick and shiny. Very Apple-y. If you're the kind of person that likes Apple stuff, you probably want one of these. As I say, white titanium with a name and a little Apple logo and the little chip and pin thing on it. There's no numbers. There's no numbers. It's just smooth.
GRAHAM CLULEY. Okay, well it's cool not having numbers maybe if you lose it. But if you're such an Apple fan, why wouldn't you just use Apple Pay?
CAROLE THERIAULT. Aha!
GRAHAM CLULEY. Oh, okay.
JOHN HAWES. Because, so the idea is, you can't apply for the credit card through any other means than through your iPhone or Mac.
CAROLE THERIAULT. Right. Okay. So only Apple users can get an Apple Card? Yes. Okay.
JOHN HAWES. It's proof that you're not just a person that likes Apple stuff, that you actually have Apple stuff.
CAROLE THERIAULT. Oh, okay.
GRAHAM CLULEY. So it's like your cult membership card.
CAROLE THERIAULT. Yeah.
JOHN HAWES. Right. And yeah, I don't know if they could be—
CAROLE THERIAULT. Are you wearing a black cashmere turtleneck? Check.
GRAHAM CLULEY. Exactly. Anyone can go out and buy a cashmere turtleneck these days. And people might think that you have an Apple Mac.
CAROLE THERIAULT. Yeah. Soya flat white? Check.
JOHN HAWES. Getting the Apple Card? Much more difficult.
GRAHAM CLULEY. Right.
JOHN HAWES. Although apparently the white titanium does get discolored if you put it in a leather wallet or a jean pocket, which is a little disappointing. But yeah, so they describe it as a new kind of credit card. It's created by Apple, not a bank.
GRAHAM CLULEY. Mm.
CAROLE THERIAULT. What could go wrong, right, Graham?
GRAHAM CLULEY. Yeah, so what's this? But you say it's sexist.
JOHN HAWES. Well, so it's not even a new thing. I think they announced it back in March. It was available sometime August. But suddenly in the last week or so, it's It's been all over the headlines. So about a week ago, a chap called David Heinemeier Hansson, who's a Danish tech entrepreneur, best known as the creator of Ruby on Rails.
GRAHAM CLULEY. Oh yeah, right.
JOHN HAWES. Yeah. So he tweeted, which is, you know, how, how news happens these days, that he applied for one of these cards and also his wife applied for one and he got a credit limit approved, which was 20 times higher than his wife.
CAROLE THERIAULT. 20 times?
JOHN HAWES. 20 times. 20 times.
CAROLE THERIAULT. So if hers was, if hers was 5 grand, his would be 100?
JOHN HAWES. Yes.
CAROLE THERIAULT. Oh my gosh.
GRAHAM CLULEY. Yeah, but they might have different credit histories.
JOHN HAWES. Well, no, they claim, they claim that they've shared everything together forever and ever. He's Danish. He's been living in America for, I don't know, 10, 12 years or something. She says, oh, my credit limit's actually higher than his, so I don't know why I've got a lower than his. And then Apple co-founder Steve Wozniak Woz, Cuddly Woz.
CAROLE THERIAULT. Yes.
JOHN HAWES. He stepped in and said, oh, same thing happened to me. I got 10 times more than my wife. Despite, you know, everything we have is shared, is mutual. So we should have exactly the same kind of credit limit.
CAROLE THERIAULT. So we have two quite big characters in the tech world basically saying, we're confirming this has happened to us.
JOHN HAWES. Yes.
CAROLE THERIAULT. And that they're in the cult. Yes. That's also what they're telling everybody.
JOHN HAWES. Well, obviously, I mean, Steve Wozniak is Well, he is officially still an employee of Apple.
GRAHAM CLULEY. Is he really?
JOHN HAWES. 1985, he stepped down, but apparently he's a ceremonial employee.
GRAHAM CLULEY. Bless him.
JOHN HAWES. I don't know what ceremonies he does.
GRAHAM CLULEY. Like a ceremonial goat.
JOHN HAWES. Yeah.
GRAHAM CLULEY. So, yeah, so, so what's this about? Right.
JOHN HAWES. Yes. Then, then somebody from the New York State Department of Financial Services tweeted saying, oh, this sounds like it all sounds awfully dodgy. We will investigate. And now suddenly there's headlines all over the world saying, oh, Apple's credit card massively sexist and Department of Financial Services is launching a probe.
GRAHAM CLULEY. So what, two people can tweet that their wives appear topless?
CAROLE THERIAULT. Not just anybody though. People that have a lot of followers.
GRAHAM CLULEY. I'm surprised that starts off a huge investigation if these people haven't even formally complained.
JOHN HAWES. Also, it's not necessarily a huge investigation. It's just somebody tweeting, oh, we'll have a look. Oh, yeah. Nobody has said we are launching a massive probe here. They've just said, oh, that sounds interesting. Let's have a look. Yes. I happen to work for the Department of Financial Services.
CAROLE THERIAULT. Not everything's dealing with Apple.
JOHN HAWES. I'm not necessarily qualified to say we're launching a massive probe right now.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Right.
JOHN HAWES. Anyway, so then.
GRAHAM CLULEY. Oh my goodness. Yes.
JOHN HAWES. People kind of think about this and like, hang on. So even though Apple's card says it's created by Apple, not a bank.
GRAHAM CLULEY. Yeah.
JOHN HAWES. Obviously it is a credit card. So it has to actually be provided by a bank of some kind. Which in this case is Goldman Sachs.
CAROLE THERIAULT. So they're backing it. They're backing all the money and they're backing like the background vetting.
JOHN HAWES. They're doing the credit card basically. Apple is creating it in the sense of designing what it looks like. Everything else is Goldman Sachs.
GRAHAM CLULEY. I can't help but notice that in the name Goldman Sachs is the word man, of course. Possibly a slightly sexist organization.
JOHN HAWES. Very. Also known as the vampire squid. And, you know, mainly an investment bank, so not with much history of consumer credit card business. So maybe they didn't really know what they were doing, whatever.
CAROLE THERIAULT. 2008 was a bit rough.
JOHN HAWES. In the last couple of days, Goldman Sachs put out a statement again on Twitter, obviously.
CAROLE THERIAULT. It's so weird, isn't it?
JOHN HAWES. With this, you know, starts off with the typical, you know, your concerns are important to us, we take them seriously, all that stuff, blah blah. But they also said, we do not know your gender or marital status.
GRAHAM CLULEY. I think we know Woz is a man.
JOHN HAWES. Blah, blah, blah, blah.
GRAHAM CLULEY. And we believe him when he says he's married.
JOHN HAWES. And they also say that some customers have told us they've received lower credit lines than expected. In many cases, this is because their existing credit cards are supplemental cards under their spouse's primary account.
CAROLE THERIAULT. Okay, so they're basically saying, look, there are reasons we're doing this. It's not all black and white like you think. There's complications. Yeah. Okay.
JOHN HAWES. Well, it seems to make sense, except Apple has said they don't offer joint cards. Everyone has to apply individually. You have to do it from your own phone, right? You can't just fill out a form and say, oh, can I have one for my wife too?
CAROLE THERIAULT. Correct. Gotcha.
JOHN HAWES. You have to do it yourself. So that bit seems to be self-debunking. And Mrs. Hansson, who described herself as a meek housewife who's not at all keen on publicity, she blogged about the matter and agreed to have the blog reposted on Fast Company.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. Or that kind of meek, right?
JOHN HAWES. Basically said, as a female person, I find this quite scary that I'm being offered much less credit limit than my husband just because he's a man, because that's the only difference that they can see between the two of us.
GRAHAM CLULEY. Wait, hang on. This is a bit peculiar. I mean, it's hard to imagine that there's an individual at Goldman Sachs or Apple who's making this kind of decision. So there probably is a bit of code or something.
JOHN HAWES. That was actually, that was another thing that Mr. Hansson said, that when he did get in touch with Apple, the Apple person said, oh, there's nothing we can do. It's all about the algorithm. We have no control over this.
CAROLE THERIAULT. No one's looking after that algorithm? No one's there to review it?
JOHN HAWES. Well, that's, this is the problem. So Goldman Sachs, whatever they say about we don't know about your gender status or your marital status, et cetera, et cetera. All they're doing is buying in a database from Experian or whatever. And they're saying, okay, so if someone has a score of this, then they get this, whatever. They're reading in somebody else's score that's been applied to you based on data that's been gathered about you from somewhere that you don't know about and that they don't know about and deciding how to interpret it pretty much at random really, because it's the first time they've done it because they've not done a credit card before.
CAROLE THERIAULT. Well, you haven't explained that it's not sexist though.
JOHN HAWES. Well, that's— I'm not saying it's not sexist. I'm not. I'm just saying it's not, it's not Apple that's being sexist. It's not necessarily Goldman Sachs that's being sexist. It's the, the whole—
GRAHAM CLULEY. John, I'm gonna put— no, come on. Is this sexism or not?
JOHN HAWES. John, AI algorithms, machine learning, what they are doing is they're taking in huge amounts of data and they're interpreting it. They're looking at it and if that data is biased towards a particular gender, then the output of the AI machine learning algorithm is gonna be biased.
GRAHAM CLULEY. And if there is hundreds of years worth of evidence that people with the occupation of meek housewife are worse at paying off their debts than developer of Ruby Rails.
JOHN HAWES. Yeah.
GRAHAM CLULEY. Or something like that.
CAROLE THERIAULT. No, but that's not what they're finding. Like, that's the problem here. They're not finding that. Her credit score was better than his. Isn't that what you said? Mrs. Hansen's credit score was better than Mrs. Hansen's?
JOHN HAWES. She did claim that. Yeah.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So she had a better credit score, yet he got 20 times, not 20%, 20 times more money. And now all this is not real money, this is just a loan, right, from someone. God knows what the interest rate is with the Apple Store. It's probably 25 APR just to have the cool tech in your hand.
JOHN HAWES. Oh, they claim it's very good.
CAROLE THERIAULT. Okay, well, maybe I should get one. Guys, I kind of think you guys are outrageous. You're both a bit of outrageous, actually. Like, if it was the other way around, you'd be freaking out. You'd be freaking out.
JOHN HAWES. I think, I think a lot of people—
CAROLE THERIAULT. if your wives went out and got like 20 times the money on their credit limit and you didn't, I wouldn't be aware. You would when you got the bills.
GRAHAM CLULEY. Is this all just a fuss because it's the Apple Card, which doesn't have a number and it is laser etched? And I wonder if this actually also happens on plenty of other cards.
CAROLE THERIAULT. Yeah, that's a really good point, Graham.
GRAHAM CLULEY. And people are just creating a fuss because it's got the word Apple attached.
JOHN HAWES. That's exactly what I was trying to say, is that it's not Apple that's doing this. It's not even Goldman Sachs that's doing this. It's whoever is providing them with, this is your credit rating data. Which is based on, you know, whatever they can find out about you, or they can be asked to find out about you. Maybe they're not, you know, going around to your house and looking through your bins.
CAROLE THERIAULT. Yeah. In other words though, this could be a much bigger problem. So Apple may be the tip of the iceberg, but it might be actually systemic across all credit cards.
JOHN HAWES. I think it's systemic across all, anything that involves machine learning, that it has to be fed with data. And the data, Data has to come from people, and people are biased. And if you have 20 years of historic data from something to base a decision on, you have no way of knowing how much of that data was gathered by racists or sexists or anti-ginger people or whatever.
CAROLE THERIAULT. Right. Well, hey, listeners, you know, follow John's advice. Just who cares? Just deal with it. Buy it. Like, deal with the bias.
JOHN HAWES. Put your money in gold, bury it at the end of the garden, never spend it. That's not what I'm saying. Have much better stuff to feed your machine learning algorithms.
GRAHAM CLULEY. Why are you pushing gold rather than silver or some other metal?
JOHN HAWES. Okay, tin. Tin works very well. As a West Country lad, do it in tin.
GRAHAM CLULEY. Or Cornish pasties?
JOHN HAWES. No, don't bury pasties. Do not bury a pasty.
GRAHAM CLULEY. Kroll.
JOHN HAWES. Sorry, yeah, carry right on.
GRAHAM CLULEY. Kroll, what have you got for us this week? Sweet.
CAROLE THERIAULT. Okay, well, first listen to this sound. Are you intoxicated by this sound? Do you feel like it's mocking you with its joyous tweet tweet? It is, of course, the nightingale. Ah, a brown thrush. And it's often referred to in poetry because it's the male bird's sweet, sweet, intoxicating nocturnal song that refer to.
JOHN HAWES. They don't refer to it as a brown thrush though.
CAROLE THERIAULT. No, no, they tend to avoid that. Uh, yeah, brown bird. How about that? Now I'm speaking of the nightingale because Google has a new secret project that's come to light called Project Nightingale. And I mean, what are they trying to say? Like that Google are our nightingale? That they have so intoxicated us with their free services that we can't think straight?
GRAHAM CLULEY. I expect they're not trying to say that. I expect that would be a bad marketing message.
JOHN HAWES. Are they trying to sing us to sleep?
CAROLE THERIAULT. No, you probably haven't heard of Project Nightingale, but don't worry, it's only hit the streets this week. The Wall Street Journal published an explosive article on the company's new foray into private medical data. So in an exclusive interview penned by Rob Copeland, we learned that Google had teamed up with Ascension Health to secretly collate and crunch personal health information of millions of Americans across 21 states. Who is Ascension, you ask?
GRAHAM CLULEY. Who is Ascension?
JOHN HAWES. I was asking.
CAROLE THERIAULT. Well, they're only the second largest nonprofit health system in the states, and their strapline on their homepage is, we are Ascension, driven by compassion and a dedication to provide personalized care for all, especially those most in need. Now, it turns out when they say personalized, they mean it. So Google have been reportedly mashing personal health information, such as diagnoses, laboratory test results, hospitalization records, basically a complete health history, including patient names and date of birth. And get this, the Wall Street Journal says neither patient nor doctor were notified.
JOHN HAWES. Ooh.
CAROLE THERIAULT. Whoa, right?
GRAHAM CLULEY. Sounds rather suboptimal.
CAROLE THERIAULT. Totally. So I did, of course, you know, I went and looked at the HIPAA privacy rule because that's what regulates—
GRAHAM CLULEY. You know how to have a good time. And thank goodness, Krill, that you are on our podcast and you are the person who reads the terms and conditions. You read the privacy policies.
CAROLE THERIAULT. I just looked at the summary this week. I was busy.
GRAHAM CLULEY. So that's more than any of us, the rest of us would do. All right, good.
CAROLE THERIAULT. A major goal of the HIPAA privacy rule is to assure that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high-quality healthcare. So you can already see the push-me-pull-you happening here, right? No, well, I also get it, right? You want to protect the identity of the person, but you also want to say, look, I've got someone here having a triple bypass, I need some help. Here's the stats, here's his blood type, what can I do? So I can understand that. Now, the Wall Street Journal reported that Ascension employees raised questions about the way the data was being collected and shared, but privacy experts said it appeared to be permissible under federal law because the HIPAA Act, which came into effect in 1996, apparently, quote, this is from the Wall Street Journal, generally allows hospitals to share data with business partners without telling patients, as long as the information is used only to help the covered entity, which would be the hospital, carry out its healthcare functions.
JOHN HAWES. Help is the important word there.
GRAHAM CLULEY. So people raised an alarm. People said, oh wait, should we really be doing this?
CAROLE THERIAULT. Should we be sharing Joe Schmo's private hospitalization records with Google?
GRAHAM CLULEY. And they were told, hush, hush, hush, hush.
CAROLE THERIAULT. Yes, hush, hush. Shh, shh, shh, shh. Don't speak. I know just what you're thinking. Yeah. That's what happened. Now, why didn't Google want to tell anybody? And they probably didn't want to tell anyone because they didn't want their competitors alerted. Because this must be a sword in the sides of Google's competitors, namely Apple, Microsoft, and Amazon, all of whom are also aggressively pushing into the health market. Now, do you guys remember? I'm just going to take a left slant here.
JOHN HAWES. Oh yeah.
CAROLE THERIAULT. Do you guys remember a few weeks ago, a few weeks ago, Google bought Fitbit for $2.1 $2.1 billion. Oh yes. $2.1 billion. Okay, now please don your conspiracy hats. I like them all because I have one for you to noodle on. So guy buys Fitbit gadget, right? Guy enters in all his data, right? So his height, his weight, where he goes, how fast he got there, what method of transport he used, how much sleep he got. Graham, you had one, didn't you have one of these?
GRAHAM CLULEY. I didn't have a Fitbit, no. I had something from another manufacturer. But there are a lot of these things around, aren't there? I remember there was a A few years ago, I can't remember if we spoke about it, there was the Icon Smart Condom, for instance. Do you remember that? And what it did was it— you were able to track the exercise of your man bits. And it would also detect chlamydia and syphilis and even had a micro USB port. So you could charge it.
JOHN HAWES. Yeah, you wouldn't want it running out, would you?
CAROLE THERIAULT. Mid-session. So there you are. Guy's bought the Fitbit gadget, paid money for it, entered in all his data, right? And then the Fitbit gadget company somehow amasses all of Guy's personal data over the years and months he's used this little gadget. And Fitbit's done this to millions of others out there as well. And then Fitbit decides to start flirting and sassing in front of some of the high rollers like Google. Right? Flashing a thigh full of PII. Butt cheek of biometrics.
GRAHAM CLULEY. Oh, right. Yes.
JOHN HAWES. Good.
GRAHAM CLULEY. Very good, Carole. Must have taken you hours. No wonder you're busy today.
CAROLE THERIAULT. Oh, about a minute. About a minute. Now, one of my Fitbit friends— I have a few, and I can speak for them.
GRAHAM CLULEY. Oh, right.
JOHN HAWES. Okay.
CAROLE THERIAULT. Yeah. So my best friends are Fitbit people. Said that they've never even thought to remove it when they were, you know, doing the five-knuckle shuffle stuff, pooping, right? So they deem— he deems he probably has all those behavioral biometrics as well.
GRAHAM CLULEY. Okay, I see that 10 times a day you appear to be running vigorously.
CAROLE THERIAULT. Okay, breathe, breathe. We don't want you to die.
GRAHAM CLULEY. I'm very funny.
CAROLE THERIAULT. Okay, here's a serious question, serious question. So $2.1 billion. How much of that do you think basically been given to Fitbit for the data that Fitbit has collected throughout the years and processed at the user's expense effectively? Because some people actually pay more, right? They paid for additional services so they can give even more intrusive data to Fitbit. So people have actually paid monthly services to Fitbit when they're using it. So in other words, think about it, right? How valuable would Fitbit have been if they could sell themselves without any data, right? Without the data at all. And I get it, right? I get the service becomes moot because without the data history, you don't want to use it as a user, right? You don't have any service. You can't, you know, you'd cry because it's like, oh, my big records with my Five Knuckle Shuffle. You know, I've lost all that.
GRAHAM CLULEY. So surely Fitbit users have the right and ability to log into their account and wipe it out. Out, don't they? Do they? If they felt strongly enough about it. I'm sure many wouldn't.
CAROLE THERIAULT. I'm sure it's really simple to do as well.
JOHN HAWES. And also, what proportion of Fitbit users actually paid any attention to the news in the Financial Times that Google had bought a stake in their company or whatever?
CAROLE THERIAULT. But I have a solution. Unlike John, who delivered a story with just doom and gloom saying, yeah, well, there you go. The bias is there. Right? I have a solution.
GRAHAM CLULEY. Thank you, Carole.
CAROLE THERIAULT. Okay. So when a company sells itself, I say a third party has to value the company with and without its collated data from its big mass of users. And the company value associated with the collected user data, so basically the money that they make because they're snarfling up all the user data, should be distributed amongst the users who gave that data. So effectively, like a financial shareholder system, but with information. So you've given us free information, we've become billionaires off your back, here's a little kickback, thank you very much. It's pretty good.
GRAHAM CLULEY. Well, that sounds wonderful, Carole. Can you imagine any companies doing this?
JOHN HAWES. Yes. Oh, excellent.
CAROLE THERIAULT. Go, go do it, people. Prove me right.
JOHN HAWES. And what are people going to do with this data once they've become owners of it again.
CAROLE THERIAULT. Well, they're owners that can lease out their data when they put it into these services. Rather than services saying, hey, here's a little shiny thing you can wear on your wrist that helps you keep fit, which was the sales pitch, and people put it on and they use it and all that data gets amassed, now it's being used in ways that they didn't ever predict beforehand. Don't you think they should be asked, going, oh, by the way, you gave us, you lent us this information, do you mind if we sell it on?
JOHN HAWES. You're thinking people would get some money out of this? They'd be saying, oh, you've been wearing this pedometer for 6 months. You can have—
GRAHAM CLULEY. You can't say pedometer.
JOHN HAWES. We're not allowed to say pedometer? What, they get like 0.3 cents or something for their 6 months of walking time?
CAROLE THERIAULT. I used to have Irwin Toy Shares when I was a kid and I would get like something like 61p a quarter.
JOHN HAWES. That's pretty good going. Very nice.
CAROLE THERIAULT. Thank you, Grandad. Yes.
GRAHAM CLULEY. Well done, Carole. Good to see a—
CAROLE THERIAULT. It's a great suggestion, and I look forward to hearing the first companies that take it on. Yes.
GRAHAM CLULEY. And well done you for coming up with a topic where you have some positive advice at the end. A suggestion, unlike you, John. You could learn something from that, John. You could learn something from that.
JOHN HAWES. Can I just put a slight downer on this one?
GRAHAM CLULEY. Oh, I thought you would.
JOHN HAWES. Well, not in a— but in a positive way.
GRAHAM CLULEY. You're going to put a downer in a positive way. This will be interesting. With a smile. We'll be the judge of whether this is done in a positive way or not.
CAROLE THERIAULT. Fuck my life.
JOHN HAWES. Look, Google, what Google is doing here, right, is trying to amass massive amounts of data about people's walking and wanking habits and making use of it to analyze the human and be better at spotting when something weird's happening with your butt or whatever. You're sick. And we can tell because 10 million other people, when they suddenly, their left knee went wobbly, a month later developed, I don't know, some horrible brain disease. And they're doing that for the good of humanity to be able to, it's not ideal that Google's doing it. It should be someone, it should be governments and universities really. but somebody has to be doing it.
CAROLE THERIAULT. No, no, exactly. That's the sales pitch too, right? That's what Ascension and anyone else who partners in this way with other companies, tech companies, are gonna say to you. They're gonna say, look, this saves lives. That's why you wanna do this, right? And that is the sales pitch. But the other side, the flip side of the coin is, well, when is it gonna be that insurers get access to the data and can deny you? Or when is it when employers get access to this data and they decide, oh wow, you're gonna be, you're, you're at risk of Parkinson's, so we're not gonna hire you. I see how it's going to be sold to us as a really great thing, but I don't hear enough about how the flip side, when it's going to be misused and how we're going to—
JOHN HAWES. Yeah, I don't imagine Google saying that to people.
CAROLE THERIAULT. Here's a really serious point, Graham. I didn't smile once.
GRAHAM CLULEY. Well, lots of gravitas. Well done.
CAROLE THERIAULT. Gravitas. That's me. Middle name.
GRAHAM CLULEY. Gravity-ass.
CAROLE THERIAULT. Okay, hand on heart time. How many of you can say that your password hygiene is squeaky clean? If you're feeling it could use a tune-up, maybe check out LastPass Enterprise. With central admin oversight, controlled shared access, automated user management, you help every employee become part of your security solution. Find out more at lastpass.com/smashing. Plus, I would like to extend a personal invitation to an upcoming LastPass event on Wednesday, November 27th in the wonderful city of Manchester. Occasional Smashing Security guest host Jessica Barker and yours truly are going to be talking about all things security related. We would love to see you there. Check out the registration page on lastpass.com/Manchester. On with the show and welcome back.
GRAHAM CLULEY. And you join us on our favorite part of the show, the part of the show that we like to call pick of the week.
CAROLE THERIAULT. Pick of the week.
JOHN HAWES. Pick of the week.
GRAHAM CLULEY. Pick of the week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a red record, a podcast, a website or an app, whatever they like.
JOHN HAWES. Have you ever had a record?
GRAHAM CLULEY. Yes, I have actually, yes.
JOHN HAWES. Like vinyl?
CAROLE THERIAULT. After 154, you've had everything.
GRAHAM CLULEY. Doesn't have to be security related necessarily.
CAROLE THERIAULT. Should not be.
GRAHAM CLULEY. And my pick of the week this week is a podcast. I was going up to a conference up north in Cheshire and I had to entertain myself listening to something. And so I listened to—
CAROLE THERIAULT. Is it Smashing Security?
GRAHAM CLULEY. Not Smashing Security.
JOHN HAWES. No, no, no. That's security related, surely.
GRAHAM CLULEY. We have had people come on and recommend their own podcasts in the past, of course, during the Pick of the Week.
CAROLE THERIAULT. It may not be the right forum for this one.
GRAHAM CLULEY. No, the podcast which I listen to is called The Missing Crypto Queen.
CAROLE THERIAULT. Ah, darn it, I was supposed to listen to that. Yes, you were.
GRAHAM CLULEY. I did tell you.
CAROLE THERIAULT. I'm sorry, you did tell me.
GRAHAM CLULEY. Yes, I did.
CAROLE THERIAULT. I've been very busy.
GRAHAM CLULEY. Well, you know what, Crow? I've been very busy, but I've watched two of your art documentaries on YouTube.
CAROLE THERIAULT. Aren't they great?
GRAHAM CLULEY. They are wonderful. I'm really loving them. So if anyone hasn't checked out your Pick of the week from last week. Go and do that.
CAROLE THERIAULT. It was a doozy.
GRAHAM CLULEY. Anyway, The Missing Crypto Queen is a fascinating podcast about the millions of people who invested huge amounts of money in a bogus cryptocurrency called one coin, and how they used a cult-like multi-level marketing operation to get other people to give all of their earthly belongings and invest them as well.
CAROLE THERIAULT. Ooh, so why didn't you tell me that when you were telling me listen to it? All you said is listen to this.
JOHN HAWES. Yeah, yeah.
GRAHAM CLULEY. And Okay, so the interesting thing about OneCoin was it turned out it didn't have a blockchain. It was a cryptocurrency without a blockchain. If you bought some OneCoin, what that gave you was access to a website which told you there was a number on the website which showed you what the value of 1:1 coin was.
CAROLE THERIAULT. Are you kidding?
GRAHAM CLULEY. Every day the number would go up and you would think, da da da da da da da da da da da da da, I'm going to be so rich. and then you'd get all of your friends to buy OneCoins and you would make more money that way and you'd get more and more OneCoin. This was all been masterminded by a woman called Dr. Ruja Ignatova, who was very public and giving presentations. And then a couple of years ago, she vanished. And the big question of the podcast is why did she vanish and where did she go?
CAROLE THERIAULT. And What happened to her?
GRAHAM CLULEY. Jamie Bartlett from the BBC presents this story, and it is fascinating. At the end of every episode, there's like a cliffhanger and you go and go, oh, you're thinking, what is going to happen?
CAROLE THERIAULT. No, I don't think any human would make those noises, but yeah, maybe a whale.
GRAHAM CLULEY. But it takes you, it takes you all around the world. At one point you're in a sort of marina filled with luxury yachts because they're trying to track her down. Then there are a Romanian beauty pageant being run by the OneCoin cryptocurrency.
CAROLE THERIAULT. Okay, I'm totally, I'm gonna totally download this. I love this. It sounds great.
GRAHAM CLULEY. I really recommend it. No spoilers, but, um, it was put together by the BBC, but you will find it in most good podcast apps as well as BBC Sounds, and it's called The Missing Crypto Queen.
JOHN HAWES. Cool.
CAROLE THERIAULT. Great suggestion. Okay, it sounds great.
JOHN HAWES. Sounds interesting.
CAROLE THERIAULT. Looking forward to it. Yeah.
GRAHAM CLULEY. John, what's your pick of the week?
JOHN HAWES. Um, so I want to talk a little bit about a, uh, TV show which is on Amazon. Amazon Prime. I assume you can just kind of rent it from Amazon too, if you don't like the Prime thing. Um, it's called Undone and it's, it's, it's, it's, they, they actually describe it in the, um, the blurb on the Amazon page as genre bending, not gender bending, genre bending.
CAROLE THERIAULT. It really is.
JOHN HAWES. It's, it's, it's It's really well written and it's really, it's kind of, it's interesting and there's good characters and there's good dialogue.
GRAHAM CLULEY. What's the premise of the show though, John?
JOHN HAWES. Well, exactly, it's bonkers. So it's a kind of relationship stroke personal drama about a young lady in Texas who's got a boyfriend and has had a car crash and her dad's died and—
CAROLE THERIAULT. Basically, is she losing her mind or she got secret powers?
GRAHAM CLULEY. Exactly. Thank you.
JOHN HAWES. When I, when I looked this up though, it's, um, it's on Wikipedia. It's in the mental illness in television category, which is very underpopulated. It only has 10 entries, but it includes Legion, which is a great, great show. Flowers, which was also excellent. Nighty Night, which is great. Um, Mr. Robot. I'm not sure how that's not strictly supposed to be there, I guess. But yes, there is a, there is a kind of a, you know, it is she crazy or is she time traveling? Nobody knows. There's a, there's a whole thing about that. But for me, I mean, the main thing about it is the, just the look of it. It's so it uses rotoscoping. Oh, so like coloring in of, so filming actual live people and then drawing over them afterwards, like, uh, the, uh, the famous A-ha Take on Me video, the 1970s Lord of the Rings movie, which was also great.
GRAHAM CLULEY. Yes, I remember that.
JOHN HAWES. Apparently the lightsabers in the original Star Wars movies, they did like that too. New.
CAROLE THERIAULT. Oh really?
JOHN HAWES. Yeah, so someone was— they were just carrying sticks and then someone drew over them frame by frame.
GRAHAM CLULEY. And someone said, why did we film it like this? This looks ridiculous.
JOHN HAWES. Why didn't we just have glowy sticks? They're in every shop, right?
GRAHAM CLULEY. Exactly.
JOHN HAWES. Oh yeah. And then so the background— so the backgrounds are like either oil paintings and sometimes they're cartoons and sometimes they're 3D animations and sometimes it's a mixture of all of them.
GRAHAM CLULEY. And it doesn't feel too gimmicky? It doesn't take away?
JOHN HAWES. No, no, it looks— it It looks spectacular and it really works with the story because it's all a bit kind of, you know, is this a dream? Is this real? So the kind of slightly wobbly, slightly weird looking visuals really kind of worked with that. And it's only, it's very short. It's like 8 30-minute episodes. So 4 hours, you can totally binge it in a night.
CAROLE THERIAULT. Isn't that funny how that's become short to us in this time? It's like, I could do that in a night.
JOHN HAWES. Totally, totally do it in a night. I didn't do it in a night, but I totally could have done. It's very much, you get to the end of each episode, it's like, what the hell is going on?
GRAHAM CLULEY. What's going on? I want to see more.
JOHN HAWES. And I loved it. It was great.
CAROLE THERIAULT. I agree. I've watched it as well. I think it's awesome. And what I liked— I love the rotoscoping as well because that's just underused. But in this one, it's used quite well and kind of quirkily. But it's the script. It's tight. And you really, really believe, like, you're really in the situation the characters are finding themselves in. And the characters are all believable and kind of just a little squiff. And I love it.
GRAHAM CLULEY. And it's called Undone on Amazon.
JOHN HAWES. Yes, Undone. It's on Amazon Prime, Amazon stuff, generally streaming, downloading from Amazon.
GRAHAM CLULEY. Fantastic. Crow, what's your pick of the week?
CAROLE THERIAULT. Okay, I got a weird one this week. So I was just, you know, mooching along my feeds, right? I have pick of the week feeds. I don't know if you do, Graham. But you know, it gets hard after 150-something episodes to come up with cool picks of the week. Oh, really? Oh really, you don't have any trouble?
GRAHAM CLULEY. No, never had any trouble at all.
CAROLE THERIAULT. All right, okay, good. So, uh, so I have a few feeds and I came across this kind of nascent YouTube channel. How often does that happen, right? Like a tiny little thing with hardly any followers but somehow just as magical in a way. This video, this YouTube video, is all about how to play Monopoly in less than 30 minutes. Now I love Monopoly, I seriously love Monopoly, but I freaking hate how long it can go. Wow. Right? Like I lose the will to live.
JOHN HAWES. It's an all-day thing, right?
CAROLE THERIAULT. I love to finish the game. It can be. And like, it's so obvious, like an hour in or two in the game, who's gonna slam dunk the game, right? You always know who's gonna do it. And by then you don't care. You're beyond caring. You don't care who's gonna win. You just wanna get outta there. I lie on the ground just going, "I just don't care." But I can care for 30 minutes. Even I can do that. And this little vid had some very good tips. Now take a listen. I'm just gonna do a snippet here.
GRAHAM CLULEY. Everyone loves a good old-fashioned game night, but when it comes to playing Monopoly, we usually end up hating our friends by the end of the game. And that's partially because the game lasts way too long. So this video is going to teach you how to play Monopoly in under 30 minutes. In this video, I'll teach you how to speed up the game, but I assume that you already know the basics of how to play. My first tip is to draw a question mark on the back of all the chance cards and a CC on the back of all the community chest cards. Although this might sound silly to do, people always seem to forget which one is which during the game. Now take all that fake money that comes with the game and toss it out the window.
JOHN HAWES. We're not going to use any of it.
GRAHAM CLULEY. We're gonna use poker chips instead, which are much more efficient. Those fake bills are always hard to count because they stick together and there's never enough of them and they always get lost. Oh, and you know the other thing? In, in modern Monopoly sets They only print the denomination of the money on one side, and the other side is blank.
CAROLE THERIAULT. Yeah, because they're so cheap.
GRAHAM CLULEY. It's so cheap. In fact, with a lot of these games now, I will go onto eBay and buy old 1970s versions of the board games because they're so much better quality.
CAROLE THERIAULT. I've done that too, actually.
JOHN HAWES. Scrabble, the old Scrabble board, spectacular.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. I'm going to tell you something, okay? And I should have researched this before I got on the call, okay? But this is a memory of two years ago listening to a podcast, so I may get some facts wrong. I think it was, uh, Stuff You Should Know, and they were doing a podcast about like Monopoly, right? Yeah, stuff you should know about Monopoly. And apparently, if I remember correctly, a woman created the game because she was so frustrated with the banks and the lending system and how the rich got richer and the poor got poorer, and created the game against the capitalists. And who's the game company that bought it? I can't remember, but that company tried to buy it from her and she said, no, you can't have it, right? It's, it's to make fun of you, not for you. And so they created, if I remember correctly, a fake persona to buy it from her, and she didn't know it was them. And they got the rights, and then they created it to this big capitalistic game.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So there you go. Monopoly was really on Bernie Sanders' side. Who knew?
GRAHAM CLULEY. Who would have guessed that? Fascinating.
JOHN HAWES. Does everybody that's involved have to be in on it, or is it—
GRAHAM CLULEY. are there different rules, Carole?
CAROLE THERIAULT. Yes, there's, there's tiny different rules. So if you watch the video, when you pass Go, you only get $100. So basically the whole game is prolonged by how much money you make. So you never collect money in the parking section when you, you know, the free parking, you get all the money, you don't do that.
GRAHAM CLULEY. I don't think you were ever meant to get money on free park. I mean, that was a rule we played in our house, but I think that's because they wanted to keep it under an hour. But I think in the official rules, you don't get money if you land on free parking.
JOHN HAWES. Listen, I think you are wrong.
CAROLE THERIAULT. I think you're wrong.
GRAHAM CLULEY. I think it's an urban myth.
CAROLE THERIAULT. I think you're incorrect. Anyway, I think, you know, anyone who can play Monopoly for 30 minutes, anyone can do that. And if you have a Monopoly lover in your house, check out the rules and then you can play for 30 minutes and everyone's happy. Win-win.
JOHN HAWES. I think it would be a lot better if you could just rock up at a Monopoly game and everyone else is playing seriously and you force the game to finish in 30 minutes using special talent that you've learned from this YouTube video.
GRAHAM CLULEY. You're so underhand, John.
JOHN HAWES. What? No, not—
CAROLE THERIAULT. no, I feel sorry for your wife. That's what I feel.
GRAHAM CLULEY. So yes, what a way to think. Well, on that controversial note, we've just about wrapped it up for this episode. John, I'm sure lots of our listeners would love to know more about what you do, but you have no social media presence whatsoever, do you?
JOHN HAWES. No, no, I'm very secretive. I'm just a meek housewife.
GRAHAM CLULEY. But you can follow us on Twitter @SmashingSecurity, no G G. Twitter wouldn't allow us to have a G. And we're also on Reddit if you want to carry on the discussion up there. Just look for the subreddit with the name Smashing Security.
CAROLE THERIAULT. And once again, thank you to this week's Smashing Security sponsor, LastPass. Its support helps us give you this show for free. And thank you awesome, wonderful listeners and Patreon supporters. It would literally be futile and ridiculous for Graham and I to do this show without you. So thank you for existing. Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
GRAHAM CLULEY. Until next time, cheerio, bye-bye, later. Cheerio. I can't remember if we spoke about it. There was the iCon Smart Condom, for instance. Do you remember that? The world's— and what it did was it, it met— you were able to track the size of your man hand bits. Um, and it would also detect chlamydia and syphilis and even, even had a micro USB port. I'm just gonna charge it up.
JOHN HAWES. So, yeah, you wouldn't want it running out, would you? Mid-session.
CAROLE THERIAULT. You know what, for Christmas, for the Christmas special, I reckon we should get out of being timely and just choose one of the best stories of all time.
GRAHAM CLULEY. I think we should do We should just do an unboxing and review.
CAROLE THERIAULT. You can.
GRAHAM CLULEY. Yeah, you can't.
CAROLE THERIAULT. Yeah. Okay.
GRAHAM CLULEY. Ew.
JOHN HAWES. No, let's not. Let's get some bananas in.
-- TRANSCRIPT ENDS --