This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

CAROLE THERIAULT. Hey everybody, it's Carole Theriault here. So this is just a short message to extend extreme thanks and gratitude to our Patreon supporters. And this week we would like to feature Hades, Nathan, Richard Wade, Tapal Call, Sean Reifschneider, Jamie White, Mark Norman, Teppo Tastic, Gent B, and Roman Busser. Thank you, all of you. You help make Smashing Security what it is, as all our Patreon supporters do. If you would like to join our Patreon community, check out deets at smashingsecurity.com/patreon. Now let's get this show on the road.

---

GRAHAM CLULEY. By the way, Carole, OG, do you know what OG stands for? No. I can impress you now.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. Original gangster.

---

CAROLE THERIAULT. Okay, there you go.

---

GRAHAM CLULEY. I found that out from my 9-year-old. There's a lot of that kind of lingo going on in our house at the moment.

---

GEOFF WHITE. Whoa, it's so fly out in Oxfordshire, isn't it? Fly, fly with a PH.

---

UNKNOWN. Smashing Security, Episode 190: Twitter Hack Arrests, Email Bad Behavior, and Forks Versus Facial Recognition with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 190. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And this week we are joined by a regular guest, but also now a published author. It's Geoff White.

---

GEOFF WHITE. Hello, hello, hello. Not quite published. One week to go.

---

GRAHAM CLULEY. Oh!

---

GEOFF WHITE. Sorry.

---

CAROLE THERIAULT. Monday 10th, that's the big day.

---

GEOFF WHITE. Yes, yes, yes. It's been like a sort of very long pregnancy. Like a sort of elephantine pregnancy where they just—

---

CAROLE THERIAULT. Well, it's a frackload of work, isn't it?

---

GRAHAM CLULEY. It is, it is, yeah. And what has come out of the backside of this elephant is a book called Crime.com.

---

GEOFF WHITE. Indeed.

---

CAROLE THERIAULT. Are you comparing his book to elephant dung?

---

GRAHAM CLULEY. No. I hope not, because if I am, then I've got a pile of elephant dung beside my bed right now. I have managed to get my paws on an early copy of it, which I'm really excited by. I've begun to read it. It's a great old, it's a, oh, it's a, it's a, it's a good old, it's got some good yarns in there, hasn't it, Geoff?

---

GEOFF WHITE. Yarns is exactly, yes. Basically, this is written for techies, but also the general public. And for the general public, you have to tell them a yarn, you have to spin them a yarn. And that's, you've spotted it, that's my exact tactic.

---

CAROLE THERIAULT. Oh, even us techies like a yarn once in a while.

---

GRAHAM CLULEY. And so it's all stories about cybercrime, the bad guys, the hacking groups, what they've been up to, what they've been doing, how they've been caught in some cases. And, its impact on society as well.

---

GEOFF WHITE. Exactly that, yes. It goes through the really early days, like the hippie hackers of California. There's this amazing crossover with, with, with the hippies and the sort of psychedelic refugees and sort of early hacking culture. And it goes all the way through to the election manipulation and vote rigging and disinformation stuff of the present day, which I think, I think that's sort of cutting-edge type stuff. So yeah, it's a sort of full survey of the territory.

---

CAROLE THERIAULT. Yeah, perfect August read, right?

---

GRAHAM CLULEY. Now, Geoff, Geoff, if our listeners are interested in this but just want a little taster, would you be able to give them a little tease or something?

---

GEOFF WHITE. I think I could see my way clear to that. Yes, I think I could. In fact, the final chapter, the one that's all about the election hacking and the disinformation stuff, would be a doozy. Let's do that.

---

GRAHAM CLULEY. So we will put a link in our show notes so you can go and read that final chapter.

---

CAROLE THERIAULT. For free.

---

GRAHAM CLULEY. Yes, at smashingsecurity.com/crime.com. When I say crime.com, that hasn't got a dot. That's the word crime.com, like as in Dorothy. And you'll be able to read the final chapter of Geoff's book. Fantastic.

---

CAROLE THERIAULT. And then you're going to love it so much, you're going to race to go buy it.

---

GEOFF WHITE. Indeed.

---

GRAHAM CLULEY. He'll be too big and important to come on this podcast again, Carole. What's coming up on the show this week?

---

CAROLE THERIAULT. First, thanks to this week's sponsor, LastPass. Its support helps us give you this show for free. Now, coming up on today's show, Graham— looks at how sexy fox costumes could reveal your privates. Your privates? Geoff looks at the recent Twitter hack, now that FBI indictments are out. And I look at some of the ways people are trying to combat surveillance tactics. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, imagine for a moment that you're interested in checking out a book, maybe. Maybe a book by a celebrated, newly published author. And you think, oh, I'd love to find out more about that book. I'll visit an online bookshop. But then you change your mind. Maybe you're distracted by something else, right? And then maybe half an hour, an hour later, you receive an email saying, hey, we saw you visited our website. How would you feel?

---

GEOFF WHITE. What?

---

CAROLE THERIAULT. So what, have I given them my email address?

---

GRAHAM CLULEY. Nope.

---

CAROLE THERIAULT. I haven't logged in or anything like that.

---

GEOFF WHITE. I'm just perusing the shop.

---

GRAHAM CLULEY. You haven't logged in, you haven't given them your email address, and yet they know you came to their website and they've contacted you via email.

---

GEOFF WHITE. Well, surely, I mean, if Google or Facebook have got a tracking code on the site, then they could tie that together with your email. So all that's technically possible. In fact, I'm sort of— now you say, I'm kind of surprised that we haven't crossed that Rubicon yet. It's a big— is that happening? Is this a bit—

---

GRAHAM CLULEY. well, imagine this. Imagine you have a particularly niche porn interest. Maybe you're a bit of a furvert on the side. And you decide to go and visit. Wait, what's that? Fervourts.

---

GEOFF WHITE. You thought you'd throw that in as though—

---

CAROLE THERIAULT. Explain what you mean, Graham.

---

GRAHAM CLULEY. What's a fervourt? I am reliably informed that fervourts are people who like dressing up as furry animals, like mascots at a football game. And they get their kicks from these sort of things.

---

CAROLE THERIAULT. I wonder if I should make an outfit that looks like my husband because he's quite hairy.

---

GRAHAM CLULEY. I think you must be a secret fervourt.

---

GEOFF WHITE. I can't figure out what would be more disturbing, Paul, if he found that attractive or unattractive.

---

GRAHAM CLULEY. So imagine you visit this site. Okay. And you get your fill of whatever it is you want. And then you receive an email saying, "Hey, see, you are a bit of a pervert." And again—

---

CAROLE THERIAULT. But what, it like throws it back in your face?

---

GRAHAM CLULEY. Well, or says, "We've got even more of that kind of stuff. Why don't you come back sometime?" If you had never given them your email address, you're gonna be rather disturbed, right?

---

GEOFF WHITE. Yes, considerably.

---

GRAHAM CLULEY. And also, of course, if someone's got your email address and you never gave it to them, there's the potential for doxing or blackmail or who knows what.

---

CAROLE THERIAULT. You better tell me how they got our email addresses.

---

GRAHAM CLULEY. Okay. There's a fascinating article on Jezebel. And Jezebel has written about an outfit called Get Emails, a startup. They claim to be the all-new audience growth tool for publishers. And they say they can convert—

---

CAROLE THERIAULT. Listen up, Geoff White.

---

GRAHAM CLULEY. They say they can convert anonymous website visitors into names email addresses, and even their home addresses.

---

CAROLE THERIAULT. Boom!

---

GRAHAM CLULEY. What? And I know—

---

CAROLE THERIAULT. Book sales sorted!

---

GEOFF WHITE. Post them out.

---

GRAHAM CLULEY. You may need to write another chapter, Geoff. Incredibly, they claim they can do this for around about a third of all US web traffic.

---

CAROLE THERIAULT. Jeez. Okay, well, their claims are impressive.

---

GRAHAM CLULEY. Well, okay, let's look a little bit more into this. They say that their service is already being used by— do you know that chap Tucker Carlson? On Fox News.

---

CAROLE THERIAULT. Dweeb.

---

GRAHAM CLULEY. Well, he is one of the founders of a website, quite right-wing website, surprise you, won't it, called The Daily Caller.

---

GEOFF WHITE. Oh, yes.

---

GRAHAM CLULEY. And that is one of the sites which is using exactly this technology right now. So potentially, someone could find out if you're partial to particular political views as well.

---

CAROLE THERIAULT. I don't understand. I'm sorry, you've lost me. Okay. So, okay. So how is The Daily Caller, this website, run by Tucker Carlson taking advantage of this technology.

---

GRAHAM CLULEY. So they are a customer of this firm called GetEmails.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. GetEmails is run by a guy called Adam Robinson.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. He's a former Lehman Brothers employee and his girlfriend Helen Sharp. And they've actually put together a video where they explain how their thing works. You can go and check that out on YouTube. I'll put in a link, but I can explain it in very simple terms.

---

GEOFF WHITE. Yeah, how does this all work?

---

GRAHAM CLULEY. Most importantly. Right. Okay. So There are lots of scammy kind of websites on the internet. Surprise, surprise.

---

GEOFF WHITE. No!

---

GRAHAM CLULEY. I know, it's a shock. So there are websites which will claim, oh, we can get you better health insurance, or we can get you better car insurance. Just enter all your details here and we will go away and find an answer for you, right? And what you don't do when you fill out those, or what most people don't do, is they don't read all the terms and conditions and the privacy agreement.

---

CAROLE THERIAULT. The thing you mock me about every week when I read through.

---

GRAHAM CLULEY. Well, exactly. You're one of the unusual people who actually does that, Carole. But those sites will gather all that information, and they're not really set up to sell you health insurance and car insurance. They might do that sometimes or refer you, but what they're really doing is creating a huge database of people's contact details. Okay. And they are then selling those to people. And that is all apparently legal because people chose to give their information and they agreed to the terms and conditions.

---

GEOFF WHITE. To be marketed at, presumably.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. I've always thought those sites, you know, like insurance compare sites or mortgage compare sites. I think that's exactly what a lot of them are doing.

---

GRAHAM CLULEY. Yeah, I think some of them are legitimate and they're getting a cut of the deals.

---

CAROLE THERIAULT. But they say, we are sharing this with interested parties on purpose to get you the numbers you want, right? They have to share that information with third parties and they don't have to give you a list, you know, here are the exact people we're doing, because it's changing all the time. And some of them might be, you know, very bona fide companies and some might be shady.

---

GRAHAM CLULEY. Well, one of the companies which is buying this kind of information is this company Get Emails. And what they've done is they've generated MD5 hashes, so a checksum for all of those email addresses. And they reckon they've got around about half a billion now, and they're adding about 1 million more every day. And they say they've also partnered with mailing lists firms so that when folks click on a link in a newsletter and go to a website, a cookie can be set on their computer containing that MD5 checksum for their email address on their computer. And so what they're able to do is when you go to the Daily Caller website or another website which is running GetEmail's script, they can compare the hash in the checksum to the hash in GetEmail's database, which they've gathered from all of these sites around the world. And they've got all your other information which you filled in on that form.

---

GEOFF WHITE. Yeah, that's really interesting. So I don't know, it's interesting because US law is obviously different to UK and European law, but like, There's just all sorts of legal issues with this. The idea is, you know, you give over the information for a particular purpose, you know, to get better car insurance, for example. The question would be, if I insert a clause saying, yeah, you're after better car insurance, but by the way, I'm going to keep your details handy and use it for this marketing exercise, possibly you've got my consent. But if it's just a kind of enter here for car insurance, and in some way in the terms and conditions is a vague reference to being marketed at, I'm not sure, like, what the UK and European rules would make of that, because it sounds like they're getting information for one purpose, but then using it for a slightly, well, quite different but slightly related purpose. I don't know.

---

CAROLE THERIAULT. Yeah, that's gonna be my question. GDPR.

---

GRAHAM CLULEY. You've put your finger on a very important point, and GetEmails admit that this isn't legal in Canada, it isn't legal in Europe, but it's 100% compliant with the US CAN-SPAM Act.

---

GEOFF WHITE. Oh, God bless America.

---

GRAHAM CLULEY. Under US law, you can send people unsolicited emails as long as you give them an opt-out at the bottom. And they claim that all this collection of data is perfectly legitimate, and that's how they're doing it.

---

CAROLE THERIAULT. See, I don't understand how this works, because I know that each state has its own privacy act that they employ. Some of them are pretty strict, like the California one, and some are really, really weak. I don't understand whether the federal act supersedes those, or, you know, like, Just because it may fit in with the federal act doesn't mean they comply with California's Privacy Act. And what happens then?

---

GRAHAM CLULEY. I don't know either. But all I can tell you is that Get—

---

CAROLE THERIAULT. You just say, interesting question.

---

GRAHAM CLULEY. Interesting question, Carole, which maybe should get examined on another day. But GetEmails, they claim they're 100% legal for US consumers to do this. And if you go to their website, you find out it's not just the Daily Caller. There's also like a fake news site called Western Journal. There's a trade publication focusing on stocks. There's a testimonial from a company called Newswire.com, which puts out press releases. They reckon within 60 seconds of putting the code on their website, they were getting hundreds of new contacts sent back to them. And you can see a legitimate need.

---

CAROLE THERIAULT. I mean, I would flip out.

---

GRAHAM CLULEY. Well, wouldn't you? Exactly. If you got an email, you'd think, how many emails would I get?

---

CAROLE THERIAULT. Yeah, about it.

---

GEOFF WHITE. Well, you'd have to have a weekly digest, wouldn't you? You went to Furry Friends, then Furverts, then Pussycats.

---

CAROLE THERIAULT. It's basically spam.

---

GEOFF WHITE. Yeah. But it's interesting, you know, as you've described it, I was thinking, well, how's this working? I thought, well, of course, it's obvious technically how it can work. And why haven't we— why has nobody tried to cross this Rubicon before? Obviously, in the UK and Europe, it doesn't sound like it'd be legal. But like, it makes perfect sense, you know, linking the cookie to the actual email address.

---

CAROLE THERIAULT. Is that difficult? Well, I'm not convinced. Just because they say they are 100% operating completely legally and are 100% compliant with US CAN-SPAM Act and every other federal law and state law, well, prove it.

---

GEOFF WHITE. But how is this different to the model of Facebook where if I visit a website and Facebook's code's on it and I then go to my Facebook page, the website that I visited that's got the Facebook code in it will then throw adverts at me on Facebook.

---

GRAHAM CLULEY. Yeah, that's right.

---

GEOFF WHITE. So to a certain extent, it's similar.

---

GRAHAM CLULEY. It is similar.

---

CAROLE THERIAULT. Yes, but they're not sending you a private message on email. You know, they're not, they're not kind of—

---

GRAHAM CLULEY. It is similar to what Facebook is doing. It's somehow a little bit more intrusive and a little bit more creepy, maybe just because we've just got used to Facebook acting like that. I don't know. The curious thing is These guys who are running the company, Adam and Helen and his girlfriend, Adam Robinson and his girlfriend Helen Sharp, they seem to be reveling in the slight grubbiness of their operations. So they always, always address the legality issue and they say, yeah, it is a bit creepy. It is a bit weird, but it's 100% legal. And I even found a video. So they've been making these short little videos in their homes, in their kitchen and wherever else. Promoting their service. And I think they're trying to be as outrageous as possible. Maybe this is why they initially contacted Jezebel, asking Jezebel if they wanted the service.

---

CAROLE THERIAULT. And then you covered it.

---

GRAHAM CLULEY. Was knowing that they would cover it. And we've just covered it as well. Well, you. Well, yeah. Yes. Okay. But one of the videos which I'm now going to drive traffic to, for instance, is one where Helen is calling Adam a very, very naughty boy.

---

CAROLE THERIAULT. So tell me, bad, bad boy, what does gay males do?

---

GRAHAM CLULEY. You put our script on your website and we identify 35% of your anonymous traffic and we give you email addresses you don't have on your list yet in real time.

---

CAROLE THERIAULT. Oh, that's so violating of people's privacy.

---

GRAHAM CLULEY. It's 100% CAN-SPAM compliant and CCPA compliant. It's totally legal in the USA.

---

CAROLE THERIAULT. Oh, that's so bad. Tell me more.

---

GRAHAM CLULEY. We send records directly to your email marketing account so you can get people back to your website. It's under 20% of the cost of getting an email any other way.

---

CAROLE THERIAULT. Click through to learn more. Click through to learn more.

---

GRAHAM CLULEY. Maybe you want to check that out, and then you'll get a sense of what these two are like. Click on the link.

---

CAROLE THERIAULT. What, me?

---

GRAHAM CLULEY. It's better than watching a Fervor video, girl.

---

GEOFF WHITE. And he used to work where?

---

GRAHAM CLULEY. Lehman Brothers.

---

GEOFF WHITE. Oh, of course. Well known for their high ethical standards, as I remember.

---

GRAHAM CLULEY. So if they're not calling each other very, very naughty, bad, bad boys for what they're doing, and some of the videos are quite funny. But they're obviously designed to provoke a reaction and try and get their name out there as much as possible. There's some other ones where she dresses up as a sexy fox.

---

CAROLE THERIAULT. Graham, this is not The Sun.

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. Smashing Security is not— isn't— what, were you trying to bring The Sun?

---

GRAHAM CLULEY. I'm not saying it's The Sun. It's an important, serious topic, this, Carole.

---

CAROLE THERIAULT. Okay, why? Tell me why it's important and serious.

---

GRAHAM CLULEY. Because I don't think people are aware that companies are able to get so much personal information, which they never gave those websites.

---

CAROLE THERIAULT. Oh, and this is just the fun factor now, kind of going back and forth.

---

GRAHAM CLULEY. This is the thing that they're doing to get people to sign up with them, and more and more companies are beginning to sign up with them.

---

CAROLE THERIAULT. Mm-hmm. Well, I'm sure they're going to send you a thank you hamper for mentioning them on the show and helping build their credibility.

---

GRAHAM CLULEY. This week's sponsors, getting announced. So Geoff, what have you got for us this week?

---

GEOFF WHITE. I'm just increasingly intrigued by the Twitter hack. I was intrigued when it happened.

---

GRAHAM CLULEY. Happened, obviously.

---

GEOFF WHITE. And now we've had two complaints come out from the FBI and three people charged in the US, including one person who comes from the UK but is charged in the US. And it's just the detail in the criminal complaints is fascinating.

---

CAROLE THERIAULT. I'm so glad you're covering this because I've not followed the story this week at all.

---

GEOFF WHITE. When it happened, frankly, okay, you've got access, seemingly backend access to Twitter. That's a huge amount of power. And whoever did it used it for a fairly crap bitcoin get-rich-quick scheme. And as soon as I saw that, I thought, oh God, bitcoin get-rich-quick quick scheme using Twitter hacks. This is going to be youngsters. And so when the arrests came out, the charges came out, they are 17, 18, and 22, I think, from memory. And I thought, oh, that's skewing a bit old for what I thought was going to happen. People don't realize there's this whole community of Twitter hackers, and it's like kids who are just obsessed with personalized number plates on their cars, and they trade for thousands of dollars these accounts, particularly what are called OG accounts. So like "@123" or "@xyz" or "@abc." But it's weird to describe because, as I say, the trade around this is really, really febrile. And also, because a lot of it's teenagers, they're all doxing each other and trying to hack each other's accounts. And when one of them pays one for the account, it doesn't come through, they blaze them on Twitter. There's all this stuff going on. So as soon as I saw Twitter and bitcoin, I thought, "Okay, potentially juvenile culprits here, not exactly organized crime." geniuses. So yes, 3 charges have been laid. The 17-year-old officially can't be named. The FBI hasn't named them, although they are named elsewhere on the web, weirdly, by the people who are charging that person in Florida, because in Florida a 17-year-old could end up being charged as an adult. But what's interesting is that inside the criminal complaints is this massive detail which the FBI always put out as to how they actually found these guys. Okay, yeah, this is obviously subjudice. It's subject to legal proceedings, so these are allegations at the moment. But they followed the breadcrumb trail along. So there was a Discord chat in which two people were discussing. One person claimed to be an employee of Twitter, and person number two said, "Oh, great. Can you get me access to these accounts?" And person number one said, "Yes, what's the price?" And they negotiated back and forth. So very early on, there was this confusion as to whether the Twitter hack was because there was an insider at Twitter, or whether it was somebody had hacked Twitter employees.

---

CAROLE THERIAULT. And I think, Graham, you thought that might be the outcome.

---

GRAHAM CLULEY. It was an early theory, that's right, that there could be an insider who'd either had their account hijacked and their credentials stolen, which I think is what they're now leaning towards.

---

CAROLE THERIAULT. It makes sense as well.

---

GRAHAM CLULEY. Or whether it was someone knowingly assisting the hackers.

---

GEOFF WHITE. Mm-hmm. So looking at this chat, you could understand why a complicit insider was the theory. Twitter obviously have said, no, this was phishing, and seem to be pouring cold water on that. What's interesting is The FBI have charged the buyer, if you like, of this service, the other side of the chat who was saying, "Hey, can you get me this account? I'll pay you X amount." But they haven't named the person who claimed to be a Twitter insider. So we don't know whether that person yet is actually a Twitter insider or not.

---

CAROLE THERIAULT. Interesting. Interesting.

---

GEOFF WHITE. But then what happens is, so the person who's buying the Twitter accounts and buying access to this says, "Oh, here's my bitcoin address." So what's the next step for the FBI? They find where the wallet address has been set up. It's a cryptocurrency exchange. And they say, well, okay, here's a subpoena. Who set up this wallet address? And you get through a few more steps. And of course, as anybody who's recently experimented with cryptocurrency, they ask for your passport or your driver's license.

---

GRAHAM CLULEY. Yes.

---

GEOFF WHITE. So sure enough, the cryptocurrency exchange says, oh, here's the driver's license that was used to set up this account. And that's led to, allegedly led to arrest number one, charge number one.

---

GRAHAM CLULEY. Which is kind of crazy. I mean, even though they're Teenagers, you would think if you're asked for something like that, if you're setting up a cryptocurrency wallet for criminal purposes, the first thing you do is you probably go and buy—

---

GEOFF WHITE. Yes.

---

GRAHAM CLULEY. Some fake ID, right?

---

CAROLE THERIAULT. A fake passport at the fake passport shop?

---

GRAHAM CLULEY. Right.

---

GEOFF WHITE. Fake passport to us.

---

CAROLE THERIAULT. 'Cause you're 17?

---

GEOFF WHITE. A, the OPSEC was not exactly spectacularly high the whole way along. B, as Carole points out, they're 17. But C also, I'm not sure whether this wallet address was originally set up for crime, it was just— Right. And this is the thing, You know, if you look back at the Silk Road case, actually years ago, Ross Ulbricht originally didn't set up his email addresses for criminal purposes. It's just later on when he was later in the criminal purposes, he reused that early email address. So remembering what ID you attached to what in the past is actually quite difficult.

---

GRAHAM CLULEY. Yes.

---

GEOFF WHITE. Other thing that's interesting about this is they start to unravel this. Then there's this issue of, okay, there's a forum called OGUsers. So OG are these Twitter accounts @123, @abc, and so on.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. By the way, Carole, OG, do you know what OG stands for?

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. I can impress you now.

---

GEOFF WHITE. Oh gosh.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. Original gangster.

---

GEOFF WHITE. Boom.

---

CAROLE THERIAULT. Okay. There you go.

---

GRAHAM CLULEY. I found that out from my 9-year-old who's very—

---

CAROLE THERIAULT. You sure he's right?

---

GRAHAM CLULEY. He's, yeah, no, I do. I think there's also OP as well as the other one is.

---

GEOFF WHITE. What's OP?

---

GRAHAM CLULEY. Overpowering or something. Yes. But there's a lot of that kind of lingo going on in our house at the at the moment.

---

GEOFF WHITE. Whoa, it's so fly out in Oxfordshire, isn't it? Fly with a PH. Do you spell Oxfordshire with like two zeros instead of two?

---

GRAHAM CLULEY. It's Oxford, O-X-P-H-O-R-D.

---

CAROLE THERIAULT. Classy.

---

GEOFF WHITE. Anyway, so OGUsers is the forum where a lot of these guys hang out trading Twitter accounts. OGUsers got hacked a while ago, presumably by a rival site, and the database of OGUsers users was leaked. And this includes a lot of stuff, email addresses, IP addresses, and so on. So the FBI starts sniffing around some of the people who are involved in this Twitter hack, allegedly, and they have a copy of the leaked database. So they start looking up the users on OGUsers who are involved in this, and they start coming out with email addresses, IP addresses, and so on. And what I find fascinating is cybercriminals have been hacking into websites and leaking databases for years. What they haven't sort of realized is They think that they're doing that as a criminal act for other criminals, but now it raises the prospect that the FBI and other law enforcement agencies are using this like a sort of Google search engine.

---

CAROLE THERIAULT. Yeah.

---

GEOFF WHITE. So when they get a suspect in a case, they can go after them. Amazing.

---

CAROLE THERIAULT. It is, actually.

---

GEOFF WHITE. They've turned some of the criminals' tools, potentially, allegedly.

---

CAROLE THERIAULT. The road to good intentions.

---

GEOFF WHITE. Yeah.

---

CAROLE THERIAULT. No matter what they are, can always flip.

---

GEOFF WHITE. Exactly. But I mean, they made 100 grand, I think, in bitcoin out of this scam, 'cause basically it's—

---

CAROLE THERIAULT. I can't even believe that, 'cause I'm not surprised they're 17 based on the messages they put out on Twitter. Graham tried to profess that loads of people fell for it, and I was looking at them going, really?

---

GEOFF WHITE. The original hacks were cryptocurrency exchanges. So I think Binance was one of the Twitter accounts that was affected.

---

CAROLE THERIAULT. Binance, interesting pronunciation.

---

GRAHAM CLULEY. We've covered that, Carole, I think.

---

GEOFF WHITE. Just saying. Binance.

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. Binance. Some people think it's like Beyoncé.

---

CAROLE THERIAULT. Some people think it was Beyoncé, okay?

---

GEOFF WHITE. I'm not gonna say who. But anyway, so then obviously they end up getting into like Barack Obama and all these people. Obviously, nobody's going to believe Barack Obama's like, hey, I'm into bitcoin now, I'll double your money. I'm a tech god. Had they stuck with the cryptocurrency exchanges, they might have more luck.

---

CAROLE THERIAULT. Me and my buddy Musky.

---

GEOFF WHITE. But anyway, so this is yet to be heard. Obviously, nobody's guilty until they're proven guilty. So we'll see where this happens. But I suspect when these youngsters come to court, it'll be— which presumably will happen.

---

CAROLE THERIAULT. They must be bricking themselves.

---

GRAHAM CLULEY. Well, one of them is based in the UK, isn't he?

---

GEOFF WHITE. Yes, yes, yes.

---

GRAHAM CLULEY. Yeah, he's in Bognor Regis. Glamorous Bognor Regis.

---

CAROLE THERIAULT. Oh, Bognor Regis.

---

GRAHAM CLULEY. And I wonder whether the Americans will want to get their hands on him or not.

---

CAROLE THERIAULT. Well, BoJo's standing between that, so.

---

GRAHAM CLULEY. Chlorinated chicken, get emails, and the kid from Bognor Regis.

---

GEOFF WHITE. Those are our three demands.

---

GRAHAM CLULEY. That's them.

---

GEOFF WHITE. Further emails. Chlorinated chicken and that kid from Bognor Regis.

---

GRAHAM CLULEY. And then we're done.

---

GEOFF WHITE. Done. Then we're done.

---

GRAHAM CLULEY. We can sign off. That's it. Carole, what's your story for us this week?

---

CAROLE THERIAULT. Okay, so we start back in June. Now, in June, IBM made the rather surprising announcement that it would stop selling, researching, or developing facial recognition services. And we were all like, whoa, that's a big deal. And then Amazon and Microsoft kind of followed similar suit, right? And this was largely due to pressure related to increased visibility of unwarranted police brutality. So these were all good first steps for these big firms. But there is a firm here that should be listed and isn't. And that is Clearview AI, a company we've mentioned a number of times on this podcast. But a quick refresher. So this is a company that has scraped billions of faces off the web from sites like Facebook, Twitter, LinkedIn, Google, et cetera, et cetera, et cetera, and made them available to places like law enforcement. So any pic of a person you have, you could just drop it into the Clearview AI app and presto, here are all their images of that person that have been scraped.

---

GEOFF WHITE. Yeah.

---

CAROLE THERIAULT. If you click on one that's LinkedIn, you'll get to their LinkedIn profile. If it's a Facebook one, you go to the Facebook profile.

---

GRAHAM CLULEY. And it was incredible. It wasn't available on the iPhone App Store, but I know they made it available to some influencers, for instance, in those early days.

---

GEOFF WHITE. Yeah.

---

GRAHAM CLULEY. And people would show it off in restaurants or things. It's like, oh, you fancy that girl over there? "Let me tell you what her name is." And you take a picture. I mean, really scary, creepy stuff.

---

CAROLE THERIAULT. So I went and looked at their website just to see how they're handling this, right? And you know what their slogan is on the front and center? Computer vision of safer world, which I don't even know what it means. Computer vision for safer world.

---

GEOFF WHITE. But anyway.

---

GRAHAM CLULEY. That's true of most mission statements though. You can't really understand what they're saying.

---

CAROLE THERIAULT. Yes. Yeah, so they're very strongly pushing. They're saying they're a research tool used by law enforcement agencies to identify perps and victims of crime. And, you know, it's, you know, been— it's helped track down hundreds of at-large criminals, including pedophiles, terrorists, and sex traffickers. Already I'm really kind of annoyed with the inflammatory language here, right? There's a lot of words that are basically saying without us, you know, the world is going to go to shit. And you know, you're reading this and you're thinking, I wonder what the Electronic Frontier Foundation, the EFF, think about this. They must be totally on board, right? So I just put in Clearview AI and EFF to see what would come up. And the first thing that came up was an article called, "Yet Another Example Why We Need a Ban on Law Enforcement Use of Facial Recognition." So reading on that, there are two big arguments as to why facial recognition is considered scary. Because some people are thinking, what's the big deal? Like in the States, in Canada at least, real estate people, for example, put their actual mugs and their full names on billboards across the city crooning about their real estate prowess, right? And people on social media, I mean, we all have somewhere where we're kind of publicly billboarding about ourselves. So what's the big deal with the surveillance aspect? So the two big arguments, one is that it's gonna disrupt relationships between enforcers and communities. And I think we can all look and see the disruptions that have happened in the States in the last few months and see that that is indeed happening. And imagine women who are outside in public and they could get snapped and cyberstalked by someone with this app, just go tappity tap tap tap on their phone.

---

GRAHAM CLULEY. Yeah, it's very creepy.

---

CAROLE THERIAULT. The other big argument is that democracy is threatened, right? There are countless studies that show that people who think the government is eavesdropping or watching them alter their behavior to avoid scrutiny. So it means people don't speak out because they're afraid of being identified, targeted, hunted down, whatever. So those are the two big kind of camps of argument. Now, the problem is, is it's not just authorities that have access to the software. Like you mentioned earlier, you know, these rich guys in clubs were using it. The New York Times did a big exposé on that. But it's companies like Macy's and the NBA and like that little-known company called Best Buy, right? Why are they using this software? Ultimately, the main problem here is there's not nearly enough legislative oversight, right? Let alone understanding of its power from, you know, from our federal authorities. But there's evidence of people getting fed up with waiting for legislation and they're kind of taking privacy-screwing mass surveillance into their own hands. Okay, so I've got two that I want to introduce you to.

---

GRAHAM CLULEY. So these are people who, because legislation's taken so long, they're looking for ways to mess up facial recognition?

---

CAROLE THERIAULT. Not just mess up, but redress the balance of power. Okay, so one is something that the EFF put together called the Atlas of Surveillance. Okay, and this is a database of surveillance technologies across the US. And just this week, this Atlas of Surveillance has been updated to include searchable— it's like it's a searchable interactive database. And you can now see which cops are using body cameras, drones, automated license plates readers, Ring Neighbors app. Camera registries. Like, I don't know, if you kind of looked in your neighborhood, either of you, right, and you saw that the cops were using all these kind of facial recognition-y software and predictive policing measures, would you feel happy?

---

GEOFF WHITE. In a word, no. But anybody who's seen my previous output on facial recognition won't be surprised by that answer, yeah.

---

GRAHAM CLULEY. Yeah, I was about to say, you've been quite outspoken on this, haven't you, in the past, Geoff?

---

GEOFF WHITE. I created a website called facialrecognitionmap.com. Which is an online record of all, you know, as far as I know, all the facial recognition uses going on in the UK. And I just find with this, you know, when Facebook was formed and we all merrily uploaded our pictures to our Facebook profiles, it just shows you the unintended consequences that come down the line. You say, oh, what's the problem, what's the problem? And then suddenly it's like, well, yes, you can basically be snapped in the street and somebody can stalk you and find out, you know, what your name is and where you live and who your friends are. Just by pointing a phone at you. That's actually a genuine potential consequence now. So yeah, it's fascinating.

---

GRAHAM CLULEY. It is.

---

CAROLE THERIAULT. One of the findings from this Atlas of Surveillance was the US had 130 law enforcement tech hubs that are able to process real-time surveillance data. That's kind of scary, eh? If you're thinking you're in a neighborhood in the States, you want to know what cops are doing or you want to know what the authorities are doing, this is a good site to go and find out what your local cops are up to. Here's another wackier approach, okay? It's called an image cloaking device. They called it Fox after Guy Fawkes. And this comes from a recently published paper from the University of Chicago, okay? So here's the gist.

---

GRAHAM CLULEY. Is it a balaclava?

---

CAROLE THERIAULT. It's so great. It's so great.

---

GRAHAM CLULEY. Okay.

---

CAROLE THERIAULT. Okay. At a high level, Fox takes your personal images and makes tiny pixel-level changes that are invisible to the human eye, Oh, in a process they call image cloaking. Okay, so you can use these cloaked photos as you normally would. You share them with your friends, put them on social, print them, whatever. And you just use them like you would any other photo. The difference, however, is that when someone tries to use these photos to build a facial recognition model, the cloaked images will teach the model a highly distorted version of what it thinks you look like. And they claim it's 100% effective.

---

GRAHAM CLULEY. So the photos still look like you?

---

CAROLE THERIAULT. Okay, that is a very good— oh, so, so I was thinking, you know, we could take, you know, tiny little bits of Piers Morgan, right? Clue. Tiny little bits of him and put little— his little pixels into your face. Maybe a few Thom Hanks, right?

---

GRAHAM CLULEY. We're both quite poor sign. Oh, don't bring Thom into it.

---

CAROLE THERIAULT. Okay, so New York Times journo, uh, Kashmir Hill wrote about this. She tested it. So she goes to test the tool.

---

GRAHAM CLULEY. All right.

---

CAROLE THERIAULT. I asked the team to cloak some images of me and my family. I then uploaded the originals and the cloaked images to my Facebook to see if I fooled the social network's facial recognition system. It worked. Facebook tagged me in the original photo, but it did not recognize me in the cloaked version. However, the changes to the photo were noticeable. To the naked eye. In the altered image, I look ghoulish. My 3-year-old daughter sprouted what looked like facial hair, and my, my husband appeared to have a black eye. Oh, now apparently later on in the article they talk about how they really amped it all the way up just to make sure it would work completely for her stuff. But still, there's an issue, right?

---

GRAHAM CLULEY. Just a small one.

---

CAROLE THERIAULT. Well, yeah, because the whole problem with people sharing stuff on, on Insta and on, on Facebook is to look fantastic and have the most perfect life ever. They don't want to have hair coming out of their eyeballs. So, uh, so then the New York Times went to the Clearview CEO, right, to find out what his views are of the Fox data poisoning approach. And he said, there are billions of unmodified photos on the internet, all of them all on different domain names. In practice, it's almost certainly too late to perfect technology like Fox and deploy it at scale. And you know what? I think he's probably right. That's why we need legislation. Jesus. Um, it's like we've all become celebrities, and the— and, you know, these police and corporations are the paparazzi constantly hounding us to turn a dime.

---

GRAHAM CLULEY. You're totally right. You're totally right.

---

CAROLE THERIAULT. Hey, but it's not that bad, right? You can flip those frowns upside down. Like, we could just go to Zoom, can't we, and share our deepest, darkest secrets, and no one's ever going to know about any of those.

---

GEOFF WHITE. Depends who's on the other end of the Zoom conversation, doesn't it?

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Or who's— who's decided doombomb you. So yeah, fun old world right now. It's a digital Wild West.

---

GRAHAM CLULEY. So right now, your best advice for avoiding facial recognition is to wear a sombrero or something like that?

---

CAROLE THERIAULT. Well, wear your coronavirus masks.

---

GEOFF WHITE. One thing that I've never figured out about facial recognition is they largely rely on eye pupils, basically. The pupils are super reflective, and most of them, not all, but most of them rely on pupils. Aviator shades, mirrored shades. It's the one question I've forgotten to ask all the facial recognition people. Does it work with mirrored shades? Oh, some of them do nose and chin and all that kind of thing. But again, if you've got a mask and mirrored shades on these days, I reckon you're good to go.

---

CAROLE THERIAULT. I love a pair of aviator mirrored shades. I'm going to get myself a pair.

---

GEOFF WHITE. Thom Cruise, Tastic.

---

CAROLE THERIAULT. Oh no, no, don't bring him up. Hey, you IT security guys out there, I know that you have a tough job. If you want increased security without impacting productivity, if you want to secure every entry point to your business, if you want to unify access and authentication, then check out LastPass. They have the tools to make your life easier. Learn more at smashingsecurity.com/lastpass. Oh, and the rest of you out there, don't freak out. There's a free password manager for home use. Check it out at smashingsecurity.com/lastpass.

---

GRAHAM CLULEY. And welcome back. Can you join us on our favorite part of the show? The part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GEOFF WHITE. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone choose something they like. Could be a funny story a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security-related necessarily.

---

CAROLE THERIAULT. Oh, it better not be.

---

GRAHAM CLULEY. And I have been trying to play some, because of course it's August now, summer holidays, and I've been trying to play some games with my son, which are not video games, but old-fashioned, good old board games.

---

CAROLE THERIAULT. Oh, have you?

---

GEOFF WHITE. Yes.

---

GRAHAM CLULEY. And so I have found a game, which is called Rush Hour, which is similar to a wooden block game called Klotsky, if you've ever seen Klotsky, which I believe a version of it did ship in a Windows— a Microsoft Windows Entertainment Pack many years ago. So Rush Hour is a sliding block puzzle game invented by a guy called Nob Yoshigahara in the 1970s. It's produced by ThinkFun Games.

---

CAROLE THERIAULT. This is like a physical game.

---

GRAHAM CLULEY. It is a physical game. And it's played on a 6x6 grid, and you have little cars, vehicles, and lorries of different sizes. And they're all kind of jam-packed. It's like a traffic jam, or imagine a really crowded car park. And what you have to do is just slide in cars back and forth. You can't go around corners, you can't turn them. So just going up, left, right, or up and down. You have to manoeuvre them in order to get your car out of the car park.

---

CAROLE THERIAULT. How does a car move horizontally?

---

GRAHAM CLULEY. Ah, well, let me explain. So some of them are placed perpendicularly to the others. So they're all going forwards and backwards, but some are sort of north-south and others are east-west. Yeah?

---

GEOFF WHITE. This sounds like, you know, every Saturday in the IKEA car park before lockdown for me. I don't know how— Well, how is this entertainment?

---

GRAHAM CLULEY. Oh, it's It's so much fun because of course you start with really easy puzzles. So it gives you about 60 or so little puzzles with layouts which you can put them in. And you start with these and you think, this is a doddle.

---

CAROLE THERIAULT. Oh, this is like Unblock Me.

---

GRAHAM CLULEY. Yes, exactly. I was about to say.

---

CAROLE THERIAULT. Yes, we should have just said that at the beginning. Everyone knows Unblock Me.

---

GRAHAM CLULEY. Oh, do they? Well, anyway, so there was allegedly a Rush Hour app for Android and iOS, but I can't find them any longer. So the closest I found is Unblock Me. As you mentioned, which is for iOS. And I'm sure there are similar ones for Android as well. We're putting a link to Unblock.me so you can check it out if you're a cheapskate. But I've had a lot of fun with this, and some of them are extremely complicated.

---

CAROLE THERIAULT. Is your son having fun?

---

GRAHAM CLULEY. Surprisingly, yes.

---

CAROLE THERIAULT. Oh!

---

GRAHAM CLULEY. This has been the big shock to me. This morning, he ran upstairs. I was in bed snoring away. He said, Dad, Dad, Dad, I've finally done number 23. Because I'd got—

---

CAROLE THERIAULT. Does he really speak like that?

---

GRAHAM CLULEY. Pretty much. I had been— He wants to come on the podcast to promote his YouTube channel. I'm not sure if he's ready yet. Maybe for episode 10.

---

CAROLE THERIAULT. Oh, you don't think he's ready yet?

---

GRAHAM CLULEY. 9?

---

CAROLE THERIAULT. 9?

---

GRAHAM CLULEY. Maybe he is.

---

GEOFF WHITE. Do it now. Do it now, because in a few years' time, you'll be begging to go on his YouTube channel.

---

CAROLE THERIAULT. He'll be like, not yet, Daddy.

---

GRAHAM CLULEY. Not now.

---

CAROLE THERIAULT. When you're 65.

---

GRAHAM CLULEY. Anyway, my recommendation is Rush Hour, or if If you can't get hold of a copy of that, you can get the digital equivalent, which is Unblock Me. And it's good fun, good fun, good brain. You're thinking logically, you know, you have this visualization and it's quite clever little game. I enjoy it.

---

CAROLE THERIAULT. Great.

---

GRAHAM CLULEY. Cool. And that is why it's my pick of the week. Geoff, what is your pick of the week?

---

GEOFF WHITE. Pick of the week, I guess at the moment, there's a book I'm reading, which is amazing, amazing book called called Origins. It's written by a guy called Lewis Dartnell, who's an astrobiologist of all things. I have no idea what the fuck that means.

---

CAROLE THERIAULT. I was gonna say, like aliens?

---

GEOFF WHITE. What I am, an astrobiologist, and your eyes just glaze over and go, yeah, okay. This book basically is how geography and geology and like our geological history of the world has basically shaped everything about us. Like you can trace everything, all of, you know, our entire sort of current existence, you can trace it all back to the sort of geological age-old sort of shifts and stuff. So, you know, the reason we have family units, the reason, Graham, you have a kid who wakes you up early in the morning with information about game, is because of the Panama Canal. Right. So basically the Panama Canal used to be open, that gap between North and South America, and so warm water from the Pacific would go to the Atlantic, and that closed that gap. Before we opened up the Panama Canal. The Atlantic got colder, Africa started to dry out, and the trees started to die. So we came down from the trees, and instead of walking on all fours, we started to walk upright. And when you walk upright, your pelvic bones have to come together to support your body. And because your pelvic bones come together, the amount of baby you can push out between the pelvic bones reduces. So you have to give birth to a younger child, which means when babies are born, they are are they any looking after. So mummies and daddies have to look after the little baby. So basically the reason we have a family unit is thanks to Panama. It's full of stuff like that. It's the most amazing book. It's incredible stuff.

---

CAROLE THERIAULT. As a woman, I don't think any lady out there would want to give birth to a bigger baby.

---

GEOFF WHITE. Well, exactly, exactly.

---

GRAHAM CLULEY. You might do if you had a wider pelvis.

---

CAROLE THERIAULT. Yeah, no, no, I don't think anyone would be like, yeah, yeah, give me a 40-pounder.

---

GRAHAM CLULEY. But it might be a kind of— don't you think that if men were the ones who gave birth Earth, they would be bragging about the size of it.

---

CAROLE THERIAULT. Is it the Olympics?

---

GEOFF WHITE. It's true, you don't see women on Instagram, you just had a kid, it's 8 pounds something, yes, get in there, or get out of there, as it were. But exactly, you might have mended it, it might be a different story. That's hilarious.

---

CAROLE THERIAULT. Okay, cool. So that sounds fascinating, astrobiology. You'll tell us what that is next time.

---

GRAHAM CLULEY. Very nice. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, so mine is season 2 of Umbrella Academy. It just came out on Netflix. Did any of you watch the first season?

---

GRAHAM CLULEY. No. What is an Umbrella Academy?

---

CAROLE THERIAULT. It's a TV series, right? And it revolves around a dysfunctional family of adopted sibling superheroes.

---

GRAHAM CLULEY. Always bloody superheroes, isn't it?

---

CAROLE THERIAULT. Who— well, no, no, it's dark, it's dark, it's dark. they would be bragging about the size of. It's like the Olympics.

---

GEOFF WHITE. It's true.

---

CAROLE THERIAULT. You don't see women on Instagram.

---

GEOFF WHITE. You just had a kid.

---

CAROLE THERIAULT. It's £8 something.

---

GEOFF WHITE. Yes.

---

CAROLE THERIAULT. Get in there or get out of there. As it were. But exactly.

---

GRAHAM CLULEY. You might.

---

CAROLE THERIAULT. If men did it, it might be a different story. That's hilarious. fascinating. Astrobiology. You'll tell us what that is next time. Yes, there's loads of famous people, but I don't pay attention to that. Of course, no, there are loads. Literally, my husband's like, oh wow, wow, wow, wow. I don't even know. I don't know anybody. But yes, and good acting. But what I love is they've kind of done some movie pastiches that you'll recognize. So there's some really great kind of Hitchcock-styled shots, and there's— they just paid attention to like the composition of images, and it really shows. And I like that a lot. And it's also a bit dark and quite clever And it's not kind of cutesy-wootsy. It's got a real edge to it. And it's from a comic book. It was a comic book first published in 2008, written by Jared Way and illustrated by Gabriel Ba. And it looks awesome. I haven't read it yet, but it's on my list, Graham. Birthday, just saying.

---

GRAHAM CLULEY. All right. Noted. Right.

---

CAROLE THERIAULT. So dark, clever superhero mystery thriller is what I'd say.

---

GRAHAM CLULEY. So people who are in it include Ellen Page. Remember her from Juno?

---

CAROLE THERIAULT. Yes, that's right. Yes.

---

GRAHAM CLULEY. Excellent. And also Mary J. Blige. Beach apparently is in it.

---

CAROLE THERIAULT. Yes, she is in it. So see, I did know that, I just didn't remember.

---

GEOFF WHITE. Plié, actually. Plié.

---

CAROLE THERIAULT. Yeah, Graham, of course.

---

GEOFF WHITE. And you, and you thought you were fly out in Oxfordshire. Ox fatshire.

---

CAROLE THERIAULT. Graham, fly. Um, right, so if, uh, this sounds like it's your thing, check it out.

---

GRAHAM CLULEY. You—

---

CAROLE THERIAULT. I don't think you'll be disappointed. Umbrella Academy, Netflix.

---

GRAHAM CLULEY. Season 1 and 2 are now Well, that just about wraps it up for this week. Although I've got a little shout out to do. First of all, I was contacted by a chap called Julius out in the Philippines who is teaching InfoSec to some of the kids out there. And it turns out what they really like to do is listen to the Smashing Security podcast. Can you believe that? It's one of the projects they've been doing and they were put into teams and one of the teams Is he a lazy teacher? They— One of the teams at the De La Salle University in Manila, they have named their team Team Graham Cluley.

---

CAROLE THERIAULT. Oh. They're gonna lose.

---

GRAHAM CLULEY. I've been asked to give a little shout out to Erica Chan, Miles Chan, Shereen Ching, and Stanley C., I think. I apologize if I've got your names wrong. Thank you for listening from me. Me and Carole and Geoff, of course.

---

GEOFF WHITE. But also, if they're in the Philippines, they will— they, um, not to plug my book again, but they— there are two entire chapters in which the Philippines and its hackers feature strongly. So guys, if you're out there, it's available on amazon.com as well.

---

GRAHAM CLULEY. And keep, keep your noses clean, kids, so that you don't end up in Geoff's next book. Now, now, uh, Geoff, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do to do that.

---

GEOFF WHITE. Best place on Twitter, I am Geoff, Geoff with a G, G-O-double-F White, like the color, and numbers 247, because I'm Geoff White all day, all week.

---

GRAHAM CLULEY. And you can follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G, and you can also join our Smashing Security subreddit. And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast apps such as Apple Podcasts, Spotify, or Pocket Casts.

---

CAROLE THERIAULT. And a big thank you for listening, supporting us, and sharing our work with friends, family, and even enemies. Also, high five to this week's Smashing Security sponsor, LastPass. Its support helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and a free chapter of Geoff's new book.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye. Bye. Geoff, I was sort of Googling your facial recognition stuff as we were talking about because I remembered you had done some sort of website. You've got an article where it's called Accuracy and Facial Recognition, but you've spelt it feckognition in the title. I've just sent you a link. So you can—

---

GEOFF WHITE. Oh, oh gosh. Okay.

---

GRAHAM CLULEY. All right.

---

GEOFF WHITE. Okay. That's useful.

---

CAROLE THERIAULT. Yeah. That Graham, Graham's very good at the shit sandwiches. He, what he meant to say was really, really good website. Notice a tiny, tiny typo. I'll send it to you by email. Amazing site. Amazing work.

---

GEOFF WHITE. Shit sandwich. I love that.

-- TRANSCRIPT ENDS --