Listen early, and ad-free!

222: Facebook, deepfakes, and April Fools scandals - with Nina Schick

With , ,
April 7, 2021
Read the transcript

Deepfake expert Nina Schick joins us as we discuss synthetic media, Facebook's latest data fiasco, and some less-than-brilliant April Fool's tricks.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast, hosted by computer security veterans Graham Cluley and Carole Theriault.

Visit https://www.smashingsecurity.com/222 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Nina Schick.

Sponsored By:

Support Smashing Security

Links:

Privacy & Opt-Out: https://redcircle.com/privacy

Transcript +

This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

CAROLE THERIAULT. And you're thinking, okay, so it was a joke. It was a joke.

GRAHAM CLULEY. It's not. It's— well, you say it's— you say it's a joke. It's not a funny joke.

CAROLE THERIAULT. No, it's not a funny joke.

NINA SCHICK. It's just— but Graham, it's— it's a pun, you know. I thought every Englishman loved a pun.

GRAHAM CLULEY. Maybe in Germany it's funny, but I'm—

NINA SCHICK. I'm half German.

CAROLE THERIAULT. They're not funny. You're right, they're not funny.

UNKNOWN. Smashing Security, episode 222. Facebook deepfake. Ransomware outbreaks and April Fools scandals with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 222. My name is Graham Cluley.

CAROLE THERIAULT. And I'm Carole Theriault.

GRAHAM CLULEY. And this week, Carole, we're joined by a special guest, someone who hasn't been on the show before. It is Nina Schick.

CAROLE THERIAULT. Very exciting.

NINA SCHICK. Great to be here, guys.

CAROLE THERIAULT. I'm thrilled that you're here because I heard you on Sam Harris's podcast, and I don't listen to a lot of Sam Harris, but occasionally I go through just to see if anyone's talking about technology or misinformation. And there you were. So really exciting that you're here.

NINA SCHICK. Well, I'm really excited to be here with you guys. Thanks for having me.

GRAHAM CLULEY. So Nina, you are the deepfake expert, aren't you? You're the one who knows all about that and disinformation.

NINA SCHICK. That's right. I'm the deepfake person. I got into it quite a few years ago, and it seems to be getting quite popular. So it seems to be an interesting—

GRAHAM CLULEY. How can we tell we've got the real Nina Schick on the line right now rather than a deepfake person?

NINA SCHICK. Oh my God, Graham, you did it.

GRAHAM CLULEY. You went there.

NINA SCHICK. That's what everybody wants to know.

CAROLE THERIAULT. They ask me.

GRAHAM CLULEY. Oh really? It's not, it's not original? Oh dear.

NINA SCHICK. No, you'd be surprised how often I get asked that.

CAROLE THERIAULT. Sorry.

NINA SCHICK. Uh, it's a good question, I like it. Um, yeah, I'm real still, although, you know, right, by and by.

CAROLE THERIAULT. That's why, of course, she'd say that. That's the point. Exactly, exactly, exactly. Nina, you've written a book.

NINA SCHICK. Yeah, so my book is obviously on deepfakes. It's called Deepfakes and the Infocalypse. And it's all about the corroding information ecosystem and how basically AI-generated visual or synthetic media is the next step in the corroding information ecosystem. But of course, when it comes to the future of deepfakes and synthetic media, it is going to be so much bigger than that. It's actually a profound, I think, paradigm shift in the future of not only content creation but human communication. And just as it will be weaponized by by bad actors for disinformation or misinformation. Like all powerful technologies of the exponential age, it's going to actually be transformative for entire industries and not only be used maliciously.

CAROLE THERIAULT. So yeah, guys, I told you she was smart. I told you she was smart. We're going to talk a lot more about this in your section. I cannot wait. First, let's just thank this week's sponsors, 1Password and Duo Security. Their support helps us give you this show for free. Now coming up on today's show, Graham, what do you got?

GRAHAM CLULEY. I'm gonna be telling everyone Mark Zuckerberg's phone number.

CAROLE THERIAULT. Ooh, okay. And Nina, what about you? Well, I think we know. Ooh, could it be deepfakes?

NINA SCHICK. Is it actually me? I think we'll get into that and more.

CAROLE THERIAULT. Okay, and I'm gonna be revisiting April Fools' and see who pulled it off this year and who did not. All this and much more coming up on this episode of Smashing Security.

GRAHAM CLULEY. Now, chums, chums, I don't know if you've heard, it's a big story right now in the technology press. Our good friends at Facebook— oh, how we love them. They've had a little glitch.

CAROLE THERIAULT. I just don't like that you use good friends indiscriminately. What? I mean, you know, everyone from Piers Morgan to Mark Zuckerberg gets that label. It's just, you know— Anyway, carry on.

GRAHAM CLULEY. All right, fair enough. Yes, so Facebook— uh-oh— they appear to have leaked half a billion Facebook account details onto the internet. That's what's leaked out onto the internet and is now available for anyone to download and to access and to scroll through for free.

CAROLE THERIAULT. Unbelievable. That's gotta be like 20%, right? That's 20% of their users. 'Cause don't they have something like 7 or 8 billion or something?

GRAHAM CLULEY. I don't know. How many people are there on Earth? They've probably got more users than the population of planet Earth at the moment. Oh, I bet they do because people have more than one account. Of course we do, yes. How else are you supposed to stalk people online? You don't use your own account. Yeah, they've—

CAROLE THERIAULT. Whoa!

GRAHAM CLULEY. Well, you know. So Facebook has had a serious data breach, which is getting it bad press at the moment, and Facebook doesn't appear to me to have actually notified the affected users, which I think is a little bit naughty. The information which is out there right now is people's full names, email addresses, sex, location, marital status, phone number, occupation, and something called their account ID number.

CAROLE THERIAULT. I thank God relationship status isn't mentioned.

GRAHAM CLULEY. Well, it's complicated, is it, Carole?

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. Now, the details of 533 million users from 106 different countries were scooped up off Facebook It appears back in 2019 via a vulnerability in their add friends feature. So they had a bug in their software which hackers were able to exploit in order to access information which they shouldn't have been able to scrape quite so easily. Now, this data surfaced, bubbled up on a hacking website in the middle of last year.

CAROLE THERIAULT. Like, like summertime type thing for—

GRAHAM CLULEY. Summer for the northern hemisphere, yes. Middle of last year.

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. Okay. What does the weather matter, Carole? As to when the data surfaced.

NINA SCHICK. I'm just trying to—

CAROLE THERIAULT. I'm trying to— I'm getting into the story. I'm trying to, you know—

GRAHAM CLULEY. You're making it more poetic.

NINA SCHICK. Context. Yes, yes.

CAROLE THERIAULT. You know when I'd ask you if you went out one night, I'd be like, what are you wearing? You know, like, just get me into the scene.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. Okay.

GRAHAM CLULEY. So I imagine Mark Zuckerberg was wearing a hoodie.

NINA SCHICK. Gray t-shirt.

CAROLE THERIAULT. Yeah, yeah. I see him. I'm there. I'm there. Okay.

GRAHAM CLULEY. He had a designer dog with him. And the data bubbled up on some hacking website. And the hacker was asking around about $30,000 for this information if you wanted to grab it.

NINA SCHICK. What?

CAROLE THERIAULT. Seriously?

NINA SCHICK. Is that all?

GRAHAM CLULEY. Well, that was what it was at the time. At the time, of course, it wasn't in much circulation. Now, if you think, is that all?

CAROLE THERIAULT. I was thinking I could scrape it together, you know, that would help our show.

NINA SCHICK. For the entire database?

GRAHAM CLULEY. For the entire database of half a billion Facebook accounts, yes.

NINA SCHICK. Wait, and this would be like a unique transfer to the one person that paid $30,000 or $30,000 per access?

GRAHAM CLULEY. Oh, I love the way you're thinking.

CAROLE THERIAULT. It's like a screen print, yeah.

GRAHAM CLULEY. The interesting thing is the price subsequently lowered to less than $10. So I think—

CAROLE THERIAULT. What, for all of it?

GRAHAM CLULEY. So I think this is the way that breaches often go. They get hold of some valuable data. And this didn't include passwords, by the way. We need to stress it didn't include passwords. So there was sensitive information in there, which you probably didn't want falling into the wrong hands. But it didn't include passwords, which would've bumped up the price. But once some people have got access to some of it, of course, they could sell it on to others at cheaper and cheaper rates. And eventually, the first person thinks, maybe I'll get $10 for this.

CAROLE THERIAULT. Yes, like the last chicken at Sainsbury's. Last chicken at Sainsbury's.

GRAHAM CLULEY. Now, back in January of this year, somebody created a bot on Telegram, like a little automated routine which you could send queries to, and allowed anyone to query Facebook's database, the leaked database, for a small fee, just for a couple of credits. So you can send it a Facebook ID. That's the string of numbers associated with your profile. So even if you've got a Facebook username, which you probably do have, there's also a unique numeric identifier for you. And it's actually not that hard to find out someone's Facebook ID if you want to. There are websites even which can do that if you can't work it out.

CAROLE THERIAULT. Oh, thanks for the tip.

GRAHAM CLULEY. Links in the show notes. And the bot would spit back the associated phone number of that person. So if you were chatting to someone online, but you weren't able to get in touch with them any other way, you could have used that facility to get their phone number.

CAROLE THERIAULT. Oh, fun.

GRAHAM CLULEY. Which potentially is problematical, isn't it?

NINA SCHICK. Mm-hmm. Potentially.

CAROLE THERIAULT. Problematic, surely.

NINA SCHICK. Yes.

GRAHAM CLULEY. And now, what did I say?

CAROLE THERIAULT. Problematical. I don't know. I felt like I was in North America for a second.

GRAHAM CLULEY. Oh, I see. Well, you do the math for yourself.

CAROLE THERIAULT. Maths.

GRAHAM CLULEY. Isn't it weird how in the UK, sport is sport, and in America it's sports, and maths is maths here, and it's math in America? Yeah.

CAROLE THERIAULT. Drop the S, didn't need it.

NINA SCHICK. Graham, you're not the first British person I've come across who's very upset about the dropped S. Yeah, what do you say, Nina?

CAROLE THERIAULT. Because you're an international person.

NINA SCHICK. I think I've said math in the past, but my English friends have drilled it out of me. They've been very upset about it.

CAROLE THERIAULT. I'm still fighting strong 20 years on. Still fighting, fighting the real fight.

GRAHAM CLULEY. The real important one is aluminium. And whether you say that correctly. Aluminium? Aluminium. Well, well, now this data, this data which was feeding the bot, this data which was previously available for $30,000 reduced to $10, That's now available for everyone at the bargain price of zero. Anyone can now go and get it. Now, you would imagine that this is a PR disaster for Facebook, that everyone's talking about this, and that Facebook's corporate communications departments have leapt into action with a really strong message to reassure people. And what they've said is they've said, this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019.

CAROLE THERIAULT. We just didn't tell anybody.

GRAHAM CLULEY. Well, the thing is this, right? They might have fixed the vulnerability to stop any more data leaking out, but that doesn't mean the data is old. It might have been grabbed to, you know, maybe a year and a half ago. But I personally haven't changed my name since 2019. I haven't changed my email address, my sex, my phone number. They call it old data. It still works. Yeah.

CAROLE THERIAULT. You could get a facelift, Clue. You know, you're getting on. Maybe. I'm just, it's just, you know, no judgment, man. No judgment.

GRAHAM CLULEY. So I'm rather unimpressed with that as a response. It feels to me like they just said, oh, nothing new here.

CAROLE THERIAULT. I'm shocked at their response. So there was no sorry in that, right?

GRAHAM CLULEY. Oh, no, there was no sorry. And they don't appear to have reached out to any of the affected users at at this point. Facebook, it seems to me, is trying to argue that this isn't really a data breach. It's just what you signed up for when you created a Facebook account.

NINA SCHICK. Was it reported in 2019? Because I hadn't even heard this story.

GRAHAM CLULEY. So I've been searching around trying to find evidence of this, and I'm not sure. Maybe they talked about fixing a vulnerability, but I don't remember. I mean, there have been instances before. Facebook did, round about 2019, I remember they left probably not as many as half a billion records, but they left tens of millions of records on an unsecured Amazon Web Bucket, which then fell into people's hands.

CAROLE THERIAULT. So they at the time were feeling super lucky, right?

GRAHAM CLULEY. So I think, you know, you can't really call this old data. It may have been grabbed two years ago, but the data's now accessible to many more people who could exploit it. And so what's the danger of this, right, is not only that they know your sex and your vague location and, you know, all that kind of information, but your phone number. And if they know your phone number, they could potentially hijack your phone number. You know, we talk a lot about these sort of SIM jacking things.

CAROLE THERIAULT. SIM swap.

GRAHAM CLULEY. Yeah, SIM swaps where, where if you're using SMS as a form of two-factor authentication, which generally we say, look, don't use that for two-factor authentication, use something else instead. But if you were using that, If the bad guys were able to hijack your phone number effectively, which we know from the past does work, then they could break into maybe not just your Facebook account, but other accounts as well. Now they know the phone number associated with you, which isn't good.

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. Well, guess whose number was in the data leak along with half a billion other people?

CAROLE THERIAULT. I think I read this. Wasn't it Marky Mark himself?

GRAHAM CLULEY. Mark Zuckerberg. Wow. His phone number is in there.

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. Which means that anyone who grabs this data could, I suppose, give Mark a call. And one of the—

NINA SCHICK. Should we do it right now?

CAROLE THERIAULT. Should we do it right now?

NINA SCHICK. Come on.

GRAHAM CLULEY. So all those people, should we invite him on the show? Why not? Should we bring him up?

CAROLE THERIAULT. Yeah, just put your phone on speaker and call it, see what happens.

GRAHAM CLULEY. You know, I have so many people who email me saying, oh, I can't get into my Facebook account. They're basically trying to break into someone else's account.

CAROLE THERIAULT. You have a hotline to the Zucks now.

GRAHAM CLULEY. Yeah, exactly. People trying to break into Facebook accounts. I could say to them, look, call this guy. He knows how to do it. He can help you. Now, one of the, one of the discoveries, once his phone number became public, people began to look for it in other services. And what they found was that Mark Zuckerberg has a Signal account. He uses the end-to-end encrypted messaging service Signal, which of course is very privacy conscious.

CAROLE THERIAULT. Not the one on WhatsApp?

GRAHAM CLULEY. Well, maybe he uses WhatsApp or Facebook Messenger as well, but he's It's interesting that you also created an account on TikTok.

CAROLE THERIAULT. Yes, maybe his CISO made him, you know?

NINA SCHICK. Yeah.

GRAHAM CLULEY. But you know what? Now people know his phone number, they could, I suppose, create bogus accounts, you know, with his name and details.

CAROLE THERIAULT. Oh, give me a break, he's gonna change his number.

GRAHAM CLULEY. Well, probably, I suppose so, until the next breach and then he'll have to change it again.

CAROLE THERIAULT. But he's gonna go through that horrible feeling though. If I had to change my number, of course you would, but it'd be annoying. It's like losing your wallet, right? It's like, oh God.

GRAHAM CLULEY. Yeah, horrendous.

CAROLE THERIAULT. Well, there you go. Poor you, Mark.

GRAHAM CLULEY. Because of the scale of the problem and public interest, Troy Hunt of Have I Been Pwned has made a change to his service. So you can now search for your phone number rather than your email address to see if it might have been breached, which seems like a good idea to me. But by the way, the interesting thing about Signal, I think, is I generally like Signal. I use Signal. You use Signal, don't you, Carole? It's quite a good encrypted messaging service. Yeah, yeah, yeah.

CAROLE THERIAULT. It took you a while to use it, actually. Well, there's— It took you a while to use it. I've been using it for a while.

UNKNOWN. Observations about it was that you have to associate your phone number with your account when you create an account, which I've never liked. And some of the services don't require that. And here's an indication of why that's not such a good idea, because now everyone knows Zook is on Signal. So it's not good. But anyway, for the rest of us, this leak could allow bad guys to exploit the information— social engineering, scams. So watch out for Smashing Watch out for spam calls, etc., etc. And if this is the thing which makes you want to quit Facebook, check out Smashing Security episode 75. From the—

CAROLE THERIAULT. No, seriously, just get off Facebook. You guys can live. You can live without Facebook. Nina, can I ask, are you on Facebook? No. You're not. You see, and she's great, guys.

NINA SCHICK. You see?

GRAHAM CLULEY. There you are. All the cool cats aren't on Facebook.

NINA SCHICK. Isn't it mostly the older demographic? I feel like, you know, it's like my mother-in-law.

CAROLE THERIAULT. Yes, yes.

NINA SCHICK. Spreading disinformation.

GRAHAM CLULEY. I wouldn't know what to do if I was on TikTok, for instance. I wouldn't— I can't do the dance moves, for one thing.

CAROLE THERIAULT. Couldn't you play chess or something?

GRAHAM CLULEY. Do they have chess?

CAROLE THERIAULT. To Lionel Richie? Something like that?

GRAHAM CLULEY. Oh, I'd love that.

CAROLE THERIAULT. Slow, slow, you know. Hello.

GRAHAM CLULEY. Nina, talk to us all about deepfakes.

NINA SCHICK. So I guess the obvious place to start is just, what is it? And essentially, a deepfake is a piece of synthetic media, that's to say, a piece of media that's been either manipulated by artificial intelligence or entirely generated by artificial intelligence. And it can come in the form of video, audio, or images. And the really amazing ability of AI to actually make fake media, in some cases from scratch, is really nascent and is due to kind of the revolution in deep learning over the past decade, which has to do with the masses of data availability and the ability of computers to kind of compute or churn through it all. And that's really only been possible for about 5 years. 2014 was kind of the first big breakthrough paper. But since then, kind of since it started emerging on the bleeding edge of AI research, it's really hit the public imagination. And one of the astonishing things about synthetic media is AI's ability to recreate humans. And this is manifesting in two ways. So scary. It is scary because until now, kind of all the best special effects or CGI, computer graphics, there's this idea of something called uncanny valley. And that's the more you try to make something look or appear human and it's not, the more it kind of becomes unnatural until it evokes almost a reaction of disgust in us. So that's why creepy robots are—

GRAHAM CLULEY. I got that when I watched the Polar Express movie. Do you remember that? It was a CGI sort of Disney-ish sort of movie with Thom Hanks doing all the voices. This Christmas thing on a train, and it had all these humans, but there was something a bit spooky about them all. They were trying to look like humans, but they weren't quite doing it. And the fact it was Thom Hanks as well made me slightly uncomfortable as well, because I'm not a big Thom Hanks fan. But yeah, it just felt weird because it was almost there but not quite.

NINA SCHICK. Exactly. And not to mention that, you know, he's a QAnon leader, right? Or he's a— he's leading— sorry, he's leading the Hollywood pedophile circle. Yeah, no, I find Thom Hanks creepy too. You know this theory, right?

GRAHAM CLULEY. These are Nina Schick's opinions, not necessarily the opinion of our podcast.

NINA SCHICK. That was obviously sarcastic. For the record, I don't think Thom Hanks is leading a pedophile ring in Hollywood.

CAROLE THERIAULT. No, no.

NINA SCHICK. But anyway, so—

CAROLE THERIAULT. I know he's gonna have a heart attack. This is not good. It's gonna— live on the air, live on the show. There he goes. Oh boy. One more and we're in trouble. Right.

NINA SCHICK. So this, like, amazing ability of AI to bridge uncanny valley is manifesting in two ways. The first is the use of deepfakes or synthetic media to create entirely AI-generated people who don't exist. And a good example of that is if you go to the website thispersondoesnotexist.com, every time you refresh the page, that's a GAN-generated image of a human who doesn't exist, and they look so real that you or I wouldn't be able to tell that that's not an authentic image, you know, that's a synthetic image.

CAROLE THERIAULT. Even in the time that I've known of that site, it has improved.

GRAHAM CLULEY. Oh, has it?

CAROLE THERIAULT. Exactly. Yep, yep, it really has. It's unbelievable.

NINA SCHICK. That website is only images, right? So it's actually the easiest challenge when it comes to synthetic media, and that's already basically perfect. But as the technology accelerates, it's going to be the same with synthetic voices and also synthetic film, right? So, so videos. But the second way this amazing ability of AI to recreate humans is manifesting is in its ability to clone real humans, right? And hijack biometrics. Because all that you need to do in order to, recreate someone synthetically is get the right training data. In this case, it might be images of that person, video of that person, or audio of that person's voice, and train your algorithms on that training data in order to basically clone that person. And here's an example of how kind of scary quick this technology is advancing. At the time deepfakes first came out at the end of 2017, in order to synthetically recreate someone's voice, it was really difficult. And I was working with an AI company at the time, and we were kind of running experiments to see how easy or difficult it would be to synthetically recreate Donald Trump. And we had to use hours and hours of his voice for training data to train our algorithms, you know, 3 or 4 months. And in the end, we had something that sounded a bit like him. I mean, it was pretty impressive, you know, that this was all kind of AI-generated, but it didn't sound perfectly like him. But I can actually provide for your show notes, we kind of did a little article at the time with, I think it was CNBC, where we did like a little quiz where it's like, can you guess which one's real Trump or fake Trump?

GRAHAM CLULEY. All right.

NINA SCHICK. And it was pretty much, even at the time, it was almost 50/50, even though the voice then wasn't pitch perfect. But now in 2021, 3 years later, and there are already companies out there who say they need 5 seconds of somebody's voice in order to be able to recreate their voice perfectly using AI. So obviously from a—

GRAHAM CLULEY. 5 seconds?

NINA SCHICK. 5 seconds.

GRAHAM CLULEY. That's astonishing, isn't it? Because of course he could have used that as a defense. Remember the whole Access Hollywood tape when he was on that bus and he was—

NINA SCHICK. Exactly.

CAROLE THERIAULT. Oh yeah, no, we all forgot about that.

GRAHAM CLULEY. All the locker talk. But, you know, he could have said, look, this isn't me. 'This has been deliberately manufactured.' And that's the other problem, I suppose, with deepfakes, is not just dodgy content, but also that things that really did happen can be kind of excused or explained away.

NINA SCHICK. That's already happening.

CAROLE THERIAULT. Yeah.

NINA SCHICK. And you're spot on to notice that, because I think most people are always like, 'Oh my God, that's crazy. Anyone can create fake media of me.' But the more profound effect Because right now the technology isn't ubiquitous. And I should say that the other really potentially scary thing about deepfakes is that the AI is going to do the heavy lifting, right? So creating this kind of sophisticated fake content before would have been only in the domain of an extremely well-resourced actor like a Hollywood studio or a state actor. But AI is going to democratize it. So by the end of the decade, it will be accessible to anyone with no special skills, no big budgets, and on easy to use platforms. To use interfaces like software, smartphone apps, things like that. But before that happens, the kind of malicious effects of deepfakes and synthetic media is already that it undermines trust in all authentic media. And that's a phenomenon called the liar's dividend. And as for Trump, he already started saying that about the, you know, the grab them by the pussy tape in 2017. I mean, in 2016, he said Okay, locker room talk. Yeah, he apologized churlishly. By 2017, it was already saying it's a fake.

CAROLE THERIAULT. Wow.

NINA SCHICK. And I mean, astonishingly, I saw that even in the context of a piece of video that was so powerful, right? Because it was, um, it was the George Floyd death video that it united millions of people, not only in the United States, right, but around the world in protest, because that was so visceral, so powerful. Was so symbolic. At the time, as I was watching that, I didn't watch the whole video because it was too brutal, but as I was watching this, you know, anti-racism movement unfold and also picking up on how polarizing it was politically, I was thinking to myself, you know, it won't be long before the authenticity of that video is litigated. And it happened two weeks afterwards, and it didn't come from some kind of 4chan troll or anonymous person on the web, but an actual African-American candidate who is standing for the House. She has a PhD. Her name is Dr. Winnie Hartstrong, and she basically released a 23-page paper arguing that the entire George Floyd video is a deepfake hoax.

CAROLE THERIAULT. Oh my God, disgusting. Oh yeah.

NINA SCHICK. And that George Floyd had died in 2016 and that at the hands of Thom Hanks. Yeah, exactly. Uh, that the guy in the video, um, is an ex-NBA basketball player who looks a little bit like George Floyd, and that George Floyd's face had been swapped onto, onto his, and that the police officer Derek Chauvin is this retired game show host. And she didn't— like, I saw it. Yeah, it's crazy. You should, you should read the paper. The thing is, I saw it because I was obviously monitoring, like, like this phenomenon known as the liar's dividend. And in 2020, like, okay, it didn't get that much currency, but she still launched a website, she went on numerous podcasts, you know, she was really outspoken on social media about her theories. Um, but in 2024, or in 2028, or in 2030, where there is no more trust in the information ecosystem, people will— the information ecosystem will be inundated with synthetic media, and nobody will know, you know, we won't be able to tell what's authentic, what's synthetic. You can see how even a video like that, which is still widely accepted as something that happened today, will just become a matter of opinion.

CAROLE THERIAULT. Yeah. And like, think of the history channels in 20 years, 30-year time, like they're going to be able to, you know, just fake everything. Yeah, I saw a website. I don't even know where I was somewhere on my feeds. But it was like, oh, see people like you basically upload a picture of someone that has died is the concept, right? Like, say your grandmother, and then they'll make make that picture move in a way that she'll—

NINA SCHICK. It's a deep nostalgia.

CAROLE THERIAULT. Deep nostalgia. There you go.

NINA SCHICK. And that's actually had a lot of good press because people have been like, wow, it's like bringing a loved one back to life. There's a really profound philosophical debate to be had here because, as I said, this unique ability of AI to recreate someone's biometrics is relevant even to those who are dead, right? You literally have this ability to resurrect the dead. So there's some amazing— kind of deepfake content out there on YouTube. Right now, there is a project which is about resurrecting James Dean, you know, the dead actor, in a film synthetically to make an entire new movie with, you know, this is like something being bashed out with James Dean's estate.

CAROLE THERIAULT. This— Didn't this start off with ABBA, Graham?

GRAHAM CLULEY. ABBA?

CAROLE THERIAULT. Didn't ABBA do a tour recently, and it was like kind of mini-AI where they were like kind of—

GRAHAM CLULEY. Holograms of how they looked in the '70s. Yeah!

CAROLE THERIAULT. You see how far we've come? Yeah.

GRAHAM CLULEY. And didn't Kanye West resurrect Kim Kardashian's dad or something?

NINA SCHICK. He did.

GRAHAM CLULEY. It was on Instagram. To say what an amazing guy Kanye West was. Which is what Kim had to say on stage.

CAROLE THERIAULT. Just, oh my God.

GRAHAM CLULEY. So, Nina, whenever I hear about deepfake technology and all this synthetic media and things, I can't help but feel that we're going to hell in a hay cart. And it feels like the end of civilization as we know it. Am I right to think that? Are we all completely and utterly doomed, or is there any chance we're going to survive this? Because I feel quite negatively about it all.

NINA SCHICK. No, we're not going to hell in a handcart. I mean, I felt pretty negatively about it when I first learned about it because I was coming at it from a disinformation angle. And the first use case of deepfake technology, widespread malicious use case, is is in non-consensual pornography. I mean, it's really similar to the origins of the internet, right? When people are like, oh, this thing will never take off. Like, this is just for weirdos who want to, like, share porn. And, you know, look at us 30 years later where, you know, the internet is synonymous with—

GRAHAM CLULEY. Was it ABBA? Was it Benny and Björn who were in these porn videos? Or what was the—

CAROLE THERIAULT. No, no.

NINA SCHICK. Disturbing. It was actually like Maisie Williams. And, you know, these, these, these actresses who had been introduced to us as children. But since then, there's been an entire deepfake porn ecosystem that's flourished online. It's a uniquely gendered phenomenon. There is no kind of deepfake porn of men, but every single female celebrity or K-pop star, Ivanka Trump, Ann Coulter, you name it, you can find deepfake fake porn of almost every woman in the public eye. But alarmingly, it's not just famous women who are targeted. It's increasingly normal women as well.

CAROLE THERIAULT. I feel so incensed, though, that there is no way that you can fight back, right? So if someone uses your image, and someone uses your voice, and someone makes you do something that you're completely not comfortable with or didn't agree to, there's absolutely fuck all you can do.

NINA SCHICK. There's fuck all you can do. And right now, if you are the victim of deepfake porn, and there were early instances where they basically put women's faces into authentic porn videos, right? So if you wanted to have that content taken down, it was better to try and get a copyright claim from the production company that made the actual porn film.

CAROLE THERIAULT. Oh my God.

NINA SCHICK. But you know what, I've been talking a lot with people in the security industry. And you know, there has to be some kind of products and services developed for individuals, because what could be more damaging than having your identity hijacked in this way? So going back to Graham's question, though, there are obviously devastating downsides, and this technology is going to be weaponized not only against women. I actually find the porn case study as a harbinger of what's to come, right? Because this principle that you can clone anyone and hijack anyone's biometrics is obviously going to be used in fraud, right? Obviously going to be used for spear phishing. Obviously, and we're starting to see the first instances of that. There was like a case in 2019 where the CEO of a British energy company was conned out of a quarter of a million dollars because he thought he was speaking to the CEO of his parent company, but it was actually fraudsters using AI-assisted voice technology. But more than that, it is actually a paradigm change in the way that we communicate and actually the way that we perceive the world, because it's going to transform entire industries like fashion, entertainment, sport. It's not only going to be used for bad, but it's also being used for real good. There are companies out there that are using synthesized voice to help people who've lost their ability to speak through stroke or Parkinson's or any number of diseases, you know, to resurrect their voice, give them a voice back. So again, it's far too basic to say, oh, this is all bad. You know, of course Of course, the technology is going to be weaponized by malicious actors. However, to me, it's just another case study of kind of the profound technology-led exponential changes that are happening to our society. I mean, arguably, we're going to see more change in our lifetime than the entirety of humanity that came before us did, right?

CAROLE THERIAULT. Yeah. Fuck you, Industrial Age. You thought you had it in the bag.

GRAHAM CLULEY. Yeah. Yeah.

NINA SCHICK. Exactly. So then it's about how do we, how do we build a society that is fit for purpose? Because a lot of our kind of institutions, for example, our legal system, you can't deal with the challenge of deepfake porn with the existing legal system. What do you do? How do you reconstruct society so it's fit for purpose? That's really the big question.

CAROLE THERIAULT. Yeah, and I'm guessing you don't have an answer yet. That's a big one.

NINA SCHICK. Oh, not just yet. I just diagnosed the What's the problem?

CAROLE THERIAULT. Well, Graham, any answers? You like to think you're quite smart.

GRAHAM CLULEY. Maybe on next week's episode.

CAROLE THERIAULT. Okay, excellent.

GRAHAM CLULEY. Carole, what have you got for us?

CAROLE THERIAULT. Okay, we're going to lighten the tone a little bit. April Fools'. You guys fans?

GRAHAM CLULEY. You know, a few years ago, I liked an April Fool's. I used to quite enjoy it. And I think something has changed in the world in the last 5 years or so And I'm finding—

NINA SCHICK. you got old.

GRAHAM CLULEY. I got old. I'm getting a little bit tired of it. Corporate April Fools' in particular. It's just a little bit like, oh, really? You know, isn't the world—

CAROLE THERIAULT. you are outrageous. You used to do corporate April Fools' all the time.

GRAHAM CLULEY. When I did them, but when I decided that their time had gone, then it was right time for everyone else to stop doing them as well.

CAROLE THERIAULT. What about you, Nina?

NINA SCHICK. I, I think my only interaction with April Fools', like, nobody I know seems to do it. They all forget it. It's just my one friend, and she always does something really lame.

CAROLE THERIAULT. If you want an April Fools' buddy, I'll be it, because I love a good—

GRAHAM CLULEY. I have been the victim of some of Carole's April Fools' on many occasions, and her April Fools' are really mean. So, oh, like Carole.

NINA SCHICK. So the year I just had my daughter, you know, I'd just literally gone through this amazing experience of motherhood and giving birth birth and felt very like empowered and, you know, willing, wanting to talk to all other women who are going through the same experience about how great it could be. And so she texts me and she's like, I'm pregnant.

CAROLE THERIAULT. I'm like, oh my God, I'm so happy for you!

NINA SCHICK. Let's talk, I have so much to tell you about.

CAROLE THERIAULT. And calling her, and you're crying with joy and hormones.

GRAHAM CLULEY. Yeah, yeah, yeah.

NINA SCHICK. And she just like screened my calls and then was "Sorry, I'm busy.

CAROLE THERIAULT. April Fools." Wow.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. So, don't you feel lucky, Graham? That never happened to you.

GRAHAM CLULEY. No.

CAROLE THERIAULT. Yeah.

NINA SCHICK. Don't do that to a hormonal new mother. It's just mean.

CAROLE THERIAULT. But even as a professional, Graham, when we were in the corporate space, we both used to enjoy doing some April Fools. Like, we convinced, you know, we convinced the people that wear the blue Brooks Brothers shirts and the sports slacks to let us put out some outrageous April Fools, which, you know, maybe today would be considered irresponsible. But at the time, in the olden days, they were quite fun. And I agree, I think now it would be a bit remiss to do it. I don't think I would be doing it if I was in, you know, a head of a corporate entity, you know. And it's actually the second year that Google doesn't do April Fools.

GRAHAM CLULEY. Oh really?

CAROLE THERIAULT. They did a load of them.

GRAHAM CLULEY. Ah, they've stopped, have they?

CAROLE THERIAULT. They're the old prankster Yeah, yeah, yeah. They're the old pranksters. Yeah, they—

NINA SCHICK. They're the big boys now.

CAROLE THERIAULT. Yeah, they had like in 2013, they introduced a smell feature on their browser. That's what they announced. Yeah. And in 2018, they hid Waldo in various Google Maps for kids to find. So I thought that was cool.

GRAHAM CLULEY. Oh, that's nice though.

NINA SCHICK. That's nice. That's nice.

GRAHAM CLULEY. Yeah, that's not tricking anyone. It's just a bit of fun. Yeah.

CAROLE THERIAULT. Evil. Yeah. So I have found, however, that a number of corporations decided to go ahead and do some April Fools', and I thought we'd go through them and you guys could say success or fail. So Sky Mobile, okay, they announced this year that they were launching a new SIM tariff for pet owners so they could continue to share more pictures of their pets online. And they claimed that there was free data allowance for a whole year.

GRAHAM CLULEY. Well, that sounds like a wonderful idea.

CAROLE THERIAULT. So, yeah, hahaha, no, there isn't.

GRAHAM CLULEY. Now that sounds like a really shitty thing to say, doesn't it?

CAROLE THERIAULT. Fail!

GRAHAM CLULEY. That's not an April Fool's, that's just lying.

CAROLE THERIAULT. It's just being mean. Yeah, it's saying we have something and yeah.

GRAHAM CLULEY. Yeah, and then taking it away.

NINA SCHICK. It's like the pet version of my mother's story.

CAROLE THERIAULT. Yeah, exactly. I had a cat, he was It's like my baby. I would die if— Yeah, anyway, I would have totally been all over that. Okay, number 2, Volkswagen. The automaker briefly posted, then removed, a press release on its website announcing it was changing its name to Voltswagen in an effort to promote electric vehicle purchases.

GRAHAM CLULEY. Oh. That sounds a good idea. They should do that, shouldn't they?

CAROLE THERIAULT. Yes, right? The whole idea was a public declaration of the company's future forward investment in e-mobility. And now this was on April Fools', this went out. And you're thinking, okay, so it was a joke. It was a joke.

GRAHAM CLULEY. It's not. Well, you say it's a joke. It's not a funny joke, is it?

CAROLE THERIAULT. No, it's not a funny joke.

NINA SCHICK. It's just— but Graham, it's a pun. As an Englishman—

CAROLE THERIAULT. German.

NINA SCHICK. Well, every Englishman loved a pun.

CAROLE THERIAULT. They are German, Graham. They are German.

GRAHAM CLULEY. Maybe in Germany it's funny, but—

NINA SCHICK. I'm half German.

CAROLE THERIAULT. They're not funny. Right. They're not funny, really. They're not funny. I've watched a lot of German TV when I was there. Yeah, it's not funny. It's not funny. Now, the car industry influencers, right, say this is super not funny. Thom Morton, chief strategy officer at New York advertising firm, said, This is mainly being done by fast food brands where the stakes are lower and they need a bit of hoopla. Okay, you shouldn't be joking about electric car branding.

GRAHAM CLULEY. It doesn't sound like he's very much fun either.

CAROLE THERIAULT. I think it's fun.

GRAHAM CLULEY. That's even worse than the pun, I think, his response.

CAROLE THERIAULT. Yeah, I think it's funny now. Yeah, exactly.

NINA SCHICK. Based on his response.

CAROLE THERIAULT. Now, it's interesting. It's interesting. So, yeah, Volkswagen, Volkswagen, yawn. Come on, right? Not really. You wouldn't write about that in your top 10, you know, top April Fools, really, whatever.

GRAHAM CLULEY. No, no, not that great.

CAROLE THERIAULT. Next, right? Next, next.

GRAHAM CLULEY. Try harder.

CAROLE THERIAULT. Yeah, so it's interesting that you brought up fast foods because Deliveroo also got a spotlight. So Deliveroo in France sent thousands of customers an email confirming an order, hilarious, get this, 38 anchovy pizzas, okay, worth 400 quid or about $500. And this was sent to their inboxes for them to kind of receive and go, "Ah, zut alors, c'est drôle, poisson d'avril." Yeah.

GRAHAM CLULEY. Oh, it was a poisson d'avril.

CAROLE THERIAULT. Poisson d'avril, exactly. I'm trying to say it with an English accent because it's funnier. Poisson d'avril. Now, according to the BBC, these fake invoices included the customer's first name, not the full name, but first name. I think that would have gone, hmm. And preceded by the words, "Excellent choice." And Deliveroo added that as a loyalty reward, 50 sachets of hot sauce were going to be thrown in for free.

GRAHAM CLULEY. So did it say, "Psst, this was actually an April Fool's," or did it make people—

CAROLE THERIAULT. "Non, non, non, monsieur. Non, non, non." And that is why the Deliveroo customer base in France saw rouge. Okay. One cumbie almost had a stroke on the BBC after receiving this fake order.

GRAHAM CLULEY. I would if I thought I had an anchovy pizza coming my way. What a terrible thing to have to put—

CAROLE THERIAULT. I have something that's going to give you a stroke later. My last one is just for you. So you have to be careful. You're going to be— sit down and have a drink of water ready. Loosen your tie.

GRAHAM CLULEY. So this looked just like a regular confirmation. So if you had ordered pizzas from Deliveroo— Yeah. This email looks just like— so people would think—

CAROLE THERIAULT. There's so many problems in this. Number one, okay, I've got a little list here of things that piss me off about this. Number one, many, many people in France France, French people like me like anchovies. Okay. Anchovies and bread is a normal thing. There's a thing called pissaladière, which is like a kind of French tart with loads of anchovies on it. It's delicious. Okay. So it's like me sending you got 48, you know, I don't know, pepperoni pizzas to you. You'd be like, oh, maybe I did order that last night. You know, it's one of those things. And also an invoice is not funny. What is an invoice funny? Like, when? Never! Like, if someone sent me an invoice for 38 hot pink toupees, I would be like, "Oh, oh, shit. What happened? Husband? Husband?" Right? But, you know, Deliveroo did face the music and apologize publicly, which— and it called it a failed April Fools' joke, which I think is fair. You know, everyone's allowed to fail because the spirit of it was good. I saw—

GRAHAM CLULEY. Malheureusement, I saw. So their marketing department thought that would be a good idea. That's what amazes me is how this goes through the process, the chain of command.

CAROLE THERIAULT. Oh, get over yourself. You have worked with marketing departments. You have worked with many departments.

GRAHAM CLULEY. Yes, but something—

CAROLE THERIAULT. Very, very weird decisions. Come on.

GRAHAM CLULEY. But something like that would have to be approved by the head of French Deliveroo marketing or something. Why didn't they do something involving kangaroos? Something more absurd, seeing as it's Deliveroo? Wouldn't that have been more amusing, or is that just my sense of humor?

CAROLE THERIAULT. Yeah, that is definitely just your sense of humor. Okay, see, again, jeu de mots, like you said, Nina. See, Deliveroo kangaroo, that's what he likes about it. All right, Graham, this is the one to give you a heart attack, so don't, don't, you know, don't start breathing crazy yet. Okay, so tweeting to his almost 8 million followers, Piers Morgan announced that ITV had offered him a return to Good Morning Britain after his exit from the show last month, having heavily criticized remarks by Meghan Markle.

GRAHAM CLULEY. Yeah, he's just desperate for attention, isn't he? So he said that as a— as an April Fool's—

CAROLE THERIAULT. has he not started his own YouTube channel yet?

GRAHAM CLULEY. I think he's waiting for GMB or whatever that— what are they called?

GBTV. Oh right, Andrew Neil's bunch are gonna scoop him up, I suspect. Um, so what he— and everyone—

CAROLE THERIAULT. yeah, yeah, yeah.

GRAHAM CLULEY. Did anyone laugh at that?

NINA SCHICK. Well, I don't know.

CAROLE THERIAULT. You follow him on Twitter, you tell me. I don't do that stuff.

GRAHAM CLULEY. No, I do not. I've actually— he's blocked me.

CAROLE THERIAULT. Has he?

NINA SCHICK. Has he really?

GRAHAM CLULEY. Yes.

NINA SCHICK. Were you trolling? What did you do?

GRAHAM CLULEY. I was once contacted by, uh, publicly via Twitter by one of the researchers on the— on Good Morning Britain asking if I could come on the sofa to talk about something. Something. And I said, every time I think of Piers Morgan, I throw up a little bit in my mouth, I said. And so that got— I did tag him on that reply, and that got me a bit of a dick move, actually.

CAROLE THERIAULT. Wow.

NINA SCHICK. No, I mean, he must get so much, you know, stuff like that every day. So it's amazing that he just, like, blocks everyone who might—

GRAHAM CLULEY. I suspect he's blocked quite a few. Yeah, he's not my cup of tea.

CAROLE THERIAULT. No, he's a bit of an empty. Anyway, there you go. You know, April Fools', maybe not a good idea until people get back on their feet, especially trying to charge them cash and 500 quid when people are trying to scrape their money together for monthly outgoings. So, you know, tap on wrist for that, not well thought out. But, you know, I do think that I don't want the April Fools' joke to go away. I think there should be one day, there's like, you know.

GRAHAM CLULEY. Maybe they're okay to do in your own home, Carole. Maybe they're all right to do in your family, but they shouldn't be done by a corporation.

CAROLE THERIAULT. Yes, I think they should be done by corporations. I think it can show the true spirit of humanity, that the people that power corporations, and they should be accountable for their thing, but you know, they should put their brains together, come up with something good. You know, after all, they're being paid. Geez, mine, I could come off like 5 better ones than this off the top of my head. Head. Ah, chivvies, honestly.

GRAHAM CLULEY. Using a password manager like 1Password can help increase productivity and save you money. How does it do that? Well, a password generator tool creates strong, unique passwords that are saved and filled in automatically. Features like Watchtower alert you to any issues with your employees' accounts, giving you oversight and more security control. Control, and you can get notified immediately when a breach occurs with domain breach reports. Find out more. Check out 1Password for yourself at 1password.com. And thanks to 1Password for supporting the show.

CAROLE THERIAULT. Protect your workforce with simple, powerful access security from Duo, powered by Cisco. The rapid expansion of remote work has presented challenges for all of us. At Duo Security, it's their mission to make application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications so you can stay focused on what you do best. So, want to proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device, and enforce policies to secure access to every single application? Thought you would. Why not give your organization the peace of mind that only complete device visibility can bring? Visit duo.com to sign up for a 30-day trial. That's duo.com. I mean, how easy is that to remember?

GRAHAM CLULEY. And welcome back, and you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.

CAROLE THERIAULT. Pick of the Week. Pick of the Week.

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.

CAROLE THERIAULT. Mm, better not be.

GRAHAM CLULEY. Well, my Pick of the Week this week is not security-related. My Pick of the Week this week is all to do with video game consoles, and specifically old video game consoles. And there is a wonderful section of the BBC archives. I do love the BBC archives and trawling through it. It, which details the 8 generations of video game consoles with lots of retro TV clips from yesteryear, going back as far as Pong, if you remember Pong in 1972. Oh my goodness. Apparently is when that came out. The Grandstand, which is called something else in America. I can't remember what. The Atari 2600, and then onto the Nintendo, Sonys, Microsofts, and et cetera, et cetera. Some feature friend of the show, Rory Keflin-Jones.

CAROLE THERIAULT. Oh, do they talk about ColecoVision? That's what I had. I had a ColecoVision.

GRAHAM CLULEY. Well, that may be there as well, Carole. It may well be there. I didn't have— I didn't really have a video games console when I was young. I just had a little home computer.

CAROLE THERIAULT. Shoelace to play with. Yeah.

GRAHAM CLULEY. Couple of twigs. That's how we made our entertainment in my day. But yes, I was always jealous of people.

CAROLE THERIAULT. Nina, what were you gonna say?

NINA SCHICK. I'm just gonna say I have no idea what you guys are talking about.

CAROLE THERIAULT. Have you never had a gaming console? You've never been a gamer, online gamer?

NINA SCHICK. No, no. I had a Game Boy.

CAROLE THERIAULT. Did you love it?

NINA SCHICK. Super Mario. Yeah, I loved Super Mario. That was it. One Game Boy, one game. That was the limit of my experience.

CAROLE THERIAULT. Did you ever play 3 hours in one shot? Shot. Oh yeah, for sure. Okay. All right. You're on the team. You're on the team. You're on the team.

GRAHAM CLULEY. Anyway, I will put a link in the show notes where you can watch these little videos and read some more about the 8 generations of video game consoles. So enjoy it. And that's my pick of the week.

CAROLE THERIAULT. Good one.

NINA SCHICK. Nice one.

GRAHAM CLULEY. Nina, what's your pick of the week?

NINA SCHICK. My pick of the week, keeping with my light theme, is—

CAROLE THERIAULT. very upbeat and optimistic. No, it's on BBC iPlayer now.

NINA SCHICK. It's actually Ridley Lee Scott's kind of directed. It is a documentary series called The Terror, and, um, it's about the real-life story, one of the greatest mysteries of naval exploration. It was the 1845 attempt to sail the Northwest Passage. So from, from— oh yeah, so these two boats set off from England to try and sail from the from the Atlantic to the Pacific. And the two ships, Erebus and the Terror, off they set, the best kind of like ships of their time. And these, these two ships unfortunately got stranded in the Arctic ice, and they had 3 years of provisions, and they were sure that, you know, they'd be rescued. But, you know, after I think it was 2 years, they decided that no one was coming for them, so they decided they had to kind of trek out of there and try to make it into Northern Canada. And it is just the craziest story because no one really knew what happened. They eventually— the ships just disappeared. Many years later, they kind of came across the bones of some of the survivors, and it turned out that, you know, they had turned to cannibalism in the bitter end. So—

CAROLE THERIAULT. oh, I was hoping it would have been poutine. No.

NINA SCHICK. So it is, it It is a crazy real-life story, but the drama, the way that it's done, it is fantastic.

CAROLE THERIAULT. Yeah, because you're a history buff, aren't you?

NINA SCHICK. Totally, total history buff.

CAROLE THERIAULT. I'm going to take that recommendation.

GRAHAM CLULEY. Oh, that sounds fantastic. That's totally up my street.

NINA SCHICK. You'll binge-watch it. Yeah, it's very, very good.

CAROLE THERIAULT. Cool.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. Good one. Thank you, Nina. That's excellent.

GRAHAM CLULEY. It's much better than my pick of the week, to be honest. Sounds— Krow, what's your pick of the week?

CAROLE THERIAULT. Mine is also— a kind of documentary on Netflix. It is a 7-part series called Pretend It's a City. And it's directed by Martin Scorsese. And it features just one-person conversation interviews with Fran Lebowitz. Now you may not know who she is.

GRAHAM CLULEY. Right.

CAROLE THERIAULT. But she moved to like New York in the '70s, and then really soon started hobnobbing with all the arty crowd, like really made it like so Andy Warhol and Martin Scorsese became friends. And, like, you know, they're friends still. She's in her 70s now. And she says of him, the kind of connection we have is really rare, as true love and romance. It's not the same. But there's something chemical about it. Something just happened.

NINA SCHICK. It's—

CAROLE THERIAULT. there's not really an explanation for it.

GRAHAM CLULEY. It's like you and me, Carole.

CAROLE THERIAULT. It is a little bit. It's a little bit.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. It's not the same. It's not the same.

GRAHAM CLULEY. I'm Scorsese because I've got the eyebrows. And you know, you're the—

CAROLE THERIAULT. I kind of— I'm kind of in with this woman. I do really hope— Well, I hope to be like her, actually. I've now got a new goal. So it's really, really brilliantly done because Scorsese's always behind the camera. You hardly see him. You see his shoulder, right? You hear an encouraging laugh. You hear him nod her on. But it's all about Fran. And she's like this kind of wit, raconteur person. And she's hilarious. She's kind of— She'd hate me to— people are gonna hate me for saying this, but she's kind of like Diane Keaton and Woody Allen rolled into one with a sprinkle of, you know, I don't know what. And she has like this great hyperbole that comes out in her outrage, like, you know, like about New York, like the lawn chairs that were put in New York cost $70 million. I mean, $70 million. So she has a lot of that. Anyway, I love it.

GRAHAM CLULEY. I love it.

CAROLE THERIAULT. I love it.

GRAHAM CLULEY. She—

CAROLE THERIAULT. I thought, why haven't I never heard of her? But she hates the internet, like hates the internet. It, doesn't go near it. And she's never written a book. She's just this kind of local star in a small New York pool. Anyway, go check it out. It's on Netflix. It's called Pretend It's a City with Fran Lebowitz and Martin Scorsese. And I think it's fascinating. Good.

GRAHAM CLULEY. Sounds good.

CAROLE THERIAULT. I think you will like it, both of you, based— Nina, just based on this conversation, I think you'd like it. She's kind of cool.

GRAHAM CLULEY. I would like—

CAROLE THERIAULT. And she's cool. She wears always this huge, almost military-like coat and these oversized jeans that are rolled up like one big roll and cowboy boots. I mean, she's been doing that for like 30, 40 years. I kind of feel like she's trapped in her look, but there you go.

GRAHAM CLULEY. I'd quite like to be rolled into Diane Keaton. That's what I was thinking. There you are. You can leave Woody Allen out of it. Anyway, on that note, That just about wraps it up for this week. Nina, I'm sure lots of our listeners would love to follow you online and find out what you're talking about and learn more about you. Um, what's the best way for folks to do that?

NINA SCHICK. You can follow me on Twitter, Nina D Schick, or my website, NinaSchick.org.

GRAHAM CLULEY. Brilliant. And you can follow us on Twitter at Smashing Security, no G, Twitter won't allow us to have a G. And we're also up on Reddit, so look for the Smashing Smashing Security subreddit up there. And to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Spotify, Google Podcasts, and Apple Podcasts.

CAROLE THERIAULT. Huge, huge thank you to this episode's sponsors, Duo Security and 1Password, and to our wonderful Patreon community. It's thanks to all of them that this show's free for all. And for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 221 episodes, one episodes, check out smashingsecurity.com.

GRAHAM CLULEY. Until next time, cheerio, bye-bye.

NINA SCHICK. Bye-bye.

CAROLE THERIAULT. Bye. Yay!

GRAHAM CLULEY. Great.

CAROLE THERIAULT. How was it, Nina? Was it okay? Baptism of fire.

NINA SCHICK. It was so fun. I loved it. You guys are great. You have like an awesome dynamic. It's really, really fun being on.

CAROLE THERIAULT. It's because we hate each other.

-- TRANSCRIPT ENDS --