Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.
Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Exposing the Honey Influencer Scam - MegaLag on YouTube.
- The Honey Scam: Explained - Marques Brownlee on YouTube.
- 14 million people don’t know how to erase their data from an old device - ICO.
- Electronics hoarding habit among Brits and Americans - SellCell.
- Practical advice for online and electronic devices - ICO.
- How to factory reset your Google Pixel phone - Google.
- How to factory reset your iPhone, iPad, or iPod touch - Apple.
- Reset your Android device to factory settings - Google.
- Erase your Mac and reset it to factory settings - Apple.
- Reset your PC - Microsoft.
- How do I perform a factory reset on my Samsung mobile device? - Samsung.
- Kagi search engine.
- Battery Heated Clothing - Fieldsheer.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- BigID - Start protecting your sensitive data wherever it lives with BigID. Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. You know what?
CAROLE THERIAULT. This happens in restaurants a lot. You have a waiter, right? And you're working with that waiter. And the waiter's being amazing to you. And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along.
UNKNOWN. Someone from another table disguised as the waiter. Smashing Security, episode 399. Ransomware, Bitcoin, honey in hot water, and reset your devices with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 399. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. Happy New Year to you, Carole. Happy New Year to our listeners and happy New Year to our special guest who hasn't actually shown up this week because he's ill.
CAROLE THERIAULT. So, well, we send him our best.
GRAHAM CLULEY. We do.
CAROLE THERIAULT. But we definitely have a guest for next week because next week is episode 400.
GRAHAM CLULEY. Oh, we're going to have to bring on someone very special for that, aren't we?
CAROLE THERIAULT. Yes, very special. You'll have to wait and see, listeners.
GRAHAM CLULEY. Yes. And if the very special person drops out, then we won't tell you. You'll just have to assume the person we're getting as a backup is the very special person. Yes.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. You'll never know.
CAROLE THERIAULT. How about we kick this show off? But first, let's thank this week's wonderful sponsors, 1Password and BigID. It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm gonna be talking all about a honey trap.
CAROLE THERIAULT. And I'm gonna find out just what's lurking in your drawers. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, I'm not sure if you're aware, but buying things online, bit of a big deal these days. Quite a lot of people do it, don't they?
CAROLE THERIAULT. Yeah, I think there's been more online purchases during this holiday season than in-store purchases. And I'm sure we have to thank COVID for that.
GRAHAM CLULEY. Well, yeah, there's a lot of things we have to thank COVID for.
CAROLE THERIAULT. I mean, the fact I haven't seen you in a while.
GRAHAM CLULEY. So buying things online, obviously a really big deal and everyone's after a bargain.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Everyone's scooting around trying to find the website which is offering the best deal or maybe somewhere which is offering you free post and packing. It's a bit of a nuisance, isn't it? You can spend hours and hours trying to find the thing you want at the right price.
CAROLE THERIAULT. Yeah, I have to admit, I am not one of these deal hunters. Obviously, I don't want to pay over the odds. You know, I don't want to pay stupid money for stuff, but saving £5 for something, for me, is not worth an hour of scouring the web.
GRAHAM CLULEY. Yeah, I mean, if you're really strapped, then maybe it is. But I think what's great is if you're able to find, for instance, a promo code or a coupon or something. If someone were to give you, Carole, a book full of vouchers, which would give you 10% off, 20% off the thing which you're trying to buy, and you're buying from a reputable site, maybe it's the actual manufacturer's website for whatever this thing is that you're buying, that'd be pretty good, wouldn't it?
CAROLE THERIAULT. Remember when there was the Zelda game came out and you gave me a code to go or a place to buy it for something a little bit cheaper?
GRAHAM CLULEY. That's right.
CAROLE THERIAULT. And it didn't work the first time. So I did it again. I bought it twice. And a very wonderful listener actually bought one of the versions. So thank you very much for that. But I was just, why?
GRAHAM CLULEY. Why?
CAROLE THERIAULT. To save like $10? Why did I listen to Graham again?
GRAHAM CLULEY. Why did you listen to Graham? Well, a lot of people, they love to get a bargain.
CAROLE THERIAULT. That's true.
GRAHAM CLULEY. And there are browser extensions which can help you do this. And one of the most well-known is a browser extension called Honey.
Have you heard of Honey? Not the buzz, buzz, buzz kind, but the browser extension?
CAROLE THERIAULT. I'm sure I have, but I've never used it, so I don't know anything about it. Tell me everything.
GRAHAM CLULEY. I've never used it either, but I see it promoted all the time. This is a browser extension which, when you're going to the checkout of an online store, will automatically scour its database and fill in that little bit of the form which says, have you got a promo code or have you got a coupon which can save you some money?
And so it looks for it and it puts it in itself. I mean, it sounds really brilliant system.
CAROLE THERIAULT. So it's if I were buying some clothes at, say, H&M or wherever, Marks & Spencer's, and, you know, it's £100 and then Honey, it's a plugin to my browser. So that would say, hey, you can put an M&S 15% off and then I would get a deal or something.
That kind of thing?
GRAHAM CLULEY. Yeah, and it would put in the promo code itself. So it's a fairly seamless process.
So just as you're hitting on checkout, it says, whoa, hang on, would you to look for coupons? And you click a button, you say, yes, I would. And it goes chug, chug, chug. And it says, oh, I found one, I'll put it in for you. Or, oh, afraid I wasn't able to find one. But you can understand why something that is really popular.
CAROLE THERIAULT. Oh, totally. 'Cause loads of people are cash-strapped these days, especially after Christmas, which you'll hear about in my story.
But yeah, I think that sounds a great idea.
GRAHAM CLULEY. Sounds a great idea. And obviously, because this is the Smashing Security podcast, everyone's assuming that this is some kind of scam.
But this isn't some flash in the pan. Honey has been around since 2012. 13 years this has been around. It was acquired by PayPal 5 years ago for $4 billion. Wow.
CAROLE THERIAULT. And PayPal has a pretty good rep on these things, so that will give it credibility. Totally.
GRAHAM CLULEY. Yeah, absolutely. So it's part of the PayPal empire.
And over the years, it's been really heavily promoted by influencers on social media. Honey sponsors YouTubers' videos, their channels. They push it out in front of the faces of millions of people. So if you go to a big YouTube channel, you'll find those guys, those cool people telling you all about the wonders of Honey, how it saved them hundreds of dollars by filling in these coupons automatically. By the way, this is a free browser plugin. You don't have to pay. There's no subscription.
CAROLE THERIAULT. Right. It's all happy news.
You just get savings, savings, savings.
GRAHAM CLULEY. That's right.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Everyone was really, really happy with Honey. Until last month, when a Kiwi YouTuber called MegaLag released a video that blew wide open a huge controversy about Honey.
CAROLE THERIAULT. By now, you've probably heard about Honey. You know, the browser extension that saves you money.
GRAHAM CLULEY. Do you have Honey installed? What's Honey?
Oh, no, no, no. Honey is a free browser extension. Free browser extension. Free browser extension.
CAROLE THERIAULT. Free browser extension. That automatically applies coupon codes when you check out online.
GRAHAM CLULEY. Free money, basically.
CAROLE THERIAULT. It's literally free money.
GRAHAM CLULEY. It doesn't make sense to not be using this.
CAROLE THERIAULT. So what's the catch? There is no catch.
GRAHAM CLULEY. Join Honey.
CAROLE THERIAULT. Join Honey.
GRAHAM CLULEY. Join Honey. Honey.
CAROLE THERIAULT. Honey.
GRAHAM CLULEY. Honey. Honey. Honey. Yeah, I hate to break it to you, but your favorite influencers sold you a lie. MegaLag alleges that Honey's browser extension doesn't just insert coupon codes when users buy things online.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. He says it also modifies cookies on your computer, changing affiliate links. Now, what does that all mean? And why does that matter?
Well, imagine you are Linus Sebastian. He's the guy who runs the Linus Tech Tips YouTube channel, a really popular YouTube channel amongst tech people, has 16 million subscribers.
Or if you're Marques Brownlee, he runs MKBHD, again, a really popular YouTube channel. He's got 20 million subscribers.
If you've ever been on YouTube, you are likely to recognize these guys' faces. They make amazing videos about all the new tech that comes out.
They've made thousands of videos. They have had tens of billions of views on their videos.
CAROLE THERIAULT. Jealous much?
GRAHAM CLULEY. Oh yes. And because they're so popular, they make a very tidy income through sponsorship.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. And years ago, along came Honey, you know, da da da da da. Hello, Mr. YouTuber, they said.
And these YouTubers told their viewers about this free Honey browser extension. They described how amazing it was at saving them money.
They recommended it to their viewers and said, there's nothing to lose from using this. And Honey became super, super popular.
Millions of people use Honey.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And if you're a YouTuber, there's a few different ways to make money. If you're a YouTuber Linus or Marques, you can get cash from YouTube itself for having ads pop up during the videos, right?
We've all seen that, and they're very irritating, but you know, they pop up during your video.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. They can also partner with firms who want them to talk about their products in the form of an in-video host-read ad.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Yeah. A bit we do ads in the middle of the podcast, right?
CAROLE THERIAULT. Exactly. It's our voices speaking rather than someone else's voice, and we are endorsing effectively that product when we do that.
GRAHAM CLULEY. Yeah. And so they will be there on the screen saying, hey, I'm just interrupting the video to tell you about our sponsor this week. And they will talk about, for instance, Honey.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. And the other way in which they make money is they have links in their video descriptions which point to the products, the software products, the hardware, whatever it is that they've been making videos about. And most of the times those links are affiliate links.
And so the YouTuber gets a percentage if you enjoy their video and you decide, I'm going to buy that product and use the link in their description, right? Which passes on to the website a parameter which tells the website selling the product, oh, this came from Linus Tech Tips, for instance.
CAROLE THERIAULT. Yeah. Throw them a few pennies.
GRAHAM CLULEY. Yeah. Maybe more than a few pennies in some cases.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. So the YouTuber is getting a percentage. And when you follow one of those links with an affiliate link, the vendor's website sets a cookie containing the affiliate code.
And that's the way that they know the customer came from Marques Brownlee rather than Linus Tech Tips or whoever it might be.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And this is a little bit complicated. Let me try and explain this. Sometimes someone will watch a video and they won't instantly buy that product, right? Or you'll do a bit more research.
You may watch more than one video. You may watch a whole bunch of videos about something, or you may read a review in a blog, or you may take a month saving up your cash before finally going and buying the new graphics card or whatever it is that's been promoted. And you may have watched a video by both Marques and Linus.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. So who should get the money? Should they go half and half?
CAROLE THERIAULT. I don't know. That's hard. I was going to guess that it might be the first person. Yeah.
GRAHAM CLULEY. Well, of course it may be the first person wasn't convincing at all. And it was the—
CAROLE THERIAULT. Yeah. Yeah.
GRAHAM CLULEY. What the industry tends to do is it follows a practice called last-click attribution, which means that the last affiliate link the user clicked on is the one that counts.
CAROLE THERIAULT. Ah, the most recent one.
GRAHAM CLULEY. Yeah. I mean, you can argue whether that's right or wrong, but there's no really very easy way to make it any fairer. So that tends to be the standard. So the YouTubers don't share the cash. It's just the last one in the chain who gets it.
CAROLE THERIAULT. So in other words, I'm coveting this pair of shoes. It's being advertised. They're being advertised everywhere. And finally, the last one I see, I say, okay, I'll buy them. I'll buy them. They're the ones who get the kickback.
GRAHAM CLULEY. Yeah. And if they click through on your link, even if they previously clicked through on someone else's link, Carole, and didn't go through the purchase, the fact that you were the latest one to send them there, you're the one who gets the cash.
CAROLE THERIAULT. Gotcha.
GRAHAM CLULEY. And obviously, if the user making the purchase has got Honey installed in their browser, then a coupon might be applied, which means obviously the YouTuber gets a little bit less because maybe there's 10% off than they would have done if the user had paid full price. But, you know, it's all fair in love and war, right? And here's the thing. What Honey does is it jumps in, as I said, at the end of the checkout process to look for a coupon code. After the YouTuber's video has been watched, just as the purchase is about to be made. And what Megalag discovered is that Honey changes the cookie. So rather than it still containing an affiliate code for Linus Tech Tips or Marques Brownlee or Carole Theriault or whoever it is, it now uses Honey's code.
CAROLE THERIAULT. Stealing money effectively from all these other people.
GRAHAM CLULEY. Ah, who gets the affiliate money?
CAROLE THERIAULT. It's very sneaky.
GRAHAM CLULEY. It's very sneaky. And who do you think is pissed off about this? Everybody. Well, in particular, the YouTubers, because they're not earning any money from those video links. So they've gone to the effort of making a video about a product. They've got the link. Their supporters of the videos have clicked on the links in the description only for Honey to skim off the cash.
CAROLE THERIAULT. And surely it's not just YouTubers. Surely it's any service.
GRAHAM CLULEY. Absolutely right. So anyone, it's not just the big guys. You don't have to have a big YouTube channel. You could have a blog, you could have a podcast, whatever it is. Anyone who's hoping to get some affiliate cash, will find it has been swiped from under their nose at the last minute.
CAROLE THERIAULT. I feel more sorry for the smaller ones, smaller people trying to make a buck than the big-ass YouTubers that are going, oh wow, I only saw $100 grand this month. So sorry, sorry guys, sorry guys. I'm not saying it's fair. It's just, you know.
GRAHAM CLULEY. Now in Megalag's video, he describes it like this. He says, imagine you walk into a TV shop and there's a helpful salesman there. He answers all your questions and you agree on what you want to buy and at what price. You've thought, this is the TV for me. And he tells you, go to the checkout. He says, take this coupon with you, which basically has my name on it, and I will earn a little bit of commission.
CAROLE THERIAULT. Tell him Mark sold it to you.
GRAHAM CLULEY. Right. Yeah. But just as you are about to pay at the checkout, another salesman jumps in, rips the coupon out of your hands, and replaces it with one with his name on it.
CAROLE THERIAULT. You know what? Can I just digress slightly? This is a bit like— this happens in restaurants a lot. You have a waiter, right? And you're working with that waiter. And the waiter's being amazing to you. And then when the bill comes, some guy you've never seen before wearing a waiter's outfit comes along and takes the tip and all the money. And you're like, hmm.
GRAHAM CLULEY. Someone from another table disguised as the waiter. Or sometimes it can be the manager of the restaurant, isn't it? Who wants to pocket it. It's hardly going to be popular with colleagues, is it? If someone is stealing your commission.
CAROLE THERIAULT. No, it's icky. It's definitely icky.
GRAHAM CLULEY. It really is. So maybe you don't care about this. Maybe you think, well, at least I'm getting money off. I've got a coupon. Honey's doing its job. I'm saving money. I don't care about the salesman. You should care about the salesman, but maybe you're thinking you don't. But it gets worse than that because Honey does this even when it can't find a coupon for you. So it says, I'll look for a coupon. And when it fails and doesn't insert one, 'cause it says, oh, there's nothing around. So even when there's no discount for it to plug into your checkout form, it still grabs the commission, stealing it from someone else.
CAROLE THERIAULT. This has moved from icky to outrageous.
GRAHAM CLULEY. And then it gets even worse than that.
CAROLE THERIAULT. I don't have a bigger word than that.
GRAHAM CLULEY. I don't know.
CAROLE THERIAULT. Okay, I'll think while you're talking.
GRAHAM CLULEY. Because it turns out that Honey doesn't always offer you the best deal anyway, even though it claims, oh, we've got the greatest database of all of the coupon codes in the world. It turns out that companies who sell products, surprise, surprise, don't always want all of their customers benefiting from the biggest discounts available. And so you as a business can partner up with Honey so it doesn't offer the 20% discount code. They can say to Honey, look, yeah, there is a 20% discount code, but could you just offer the 5% one instead? And Honey will do that. So it's done deals with companies. It's working in cahoots with them, not to get you the best deal possible, but to get the best deal for Honey and the companies it works with.
CAROLE THERIAULT. Yeah. And they're taking advantage of our laziness effectively by using this plugin to do this rather than go search the code out ourselves.
GRAHAM CLULEY. Right. Right. Now I would say, and I think you were gonna come up with a word to describe this. I was just gonna say underhand.
CAROLE THERIAULT. Shit.
GRAHAM CLULEY. Shit, right? Now, this is what occurred to me. If there was some rogue browser extension which was messing with affiliate links like this to benefit its creators financially, we'd be asking why the cops aren't investigating, right? Because this sounds the kind of thing cybercriminals and fraudsters do, doesn't it?
CAROLE THERIAULT. Mm-hmm. Mm-hmm.
GRAHAM CLULEY. So how is it possibly right that a company owned by PayPal is doing this and has been doing it for over a decade?
CAROLE THERIAULT. Because it's in their T&Cs. Am I right?
GRAHAM CLULEY. Well, I don't know. PayPal says they've released a statement saying we follow industry rules and practices, including last-click attribution work. Well, I don't think deliberately removing all traces of original links that led a user to a product and replace them with its own affiliate ID is an industry standard. And surprise, surprise, other people are pretty pissed off with this as well.
Not only the influencers, not only the YouTubers who've obviously been working with Honey in the past, who've— now Honey's getting rather a bad name. But there's also now a class action which has been launched against PayPal. So now it'll be the lawyers getting rich, I imagine, claiming that hundreds and hundreds of millions of people have been scammed through this.
CAROLE THERIAULT. Yeah, I smell class action suit here.
GRAHAM CLULEY. Yeah, that's what's happened. That's what's happened. So my advice, don't install extensions like Honey on your computer. It doesn't guarantee you're going to find the best coupons and you may be putting YouTubers out of pocket. If you really want to find a deal, you may be better off, as you said, Carole, searching yourself.
CAROLE THERIAULT. Yeah, but even that can be risky. So don't listen to me ever, people.
GRAHAM CLULEY. Well, you know, dig around for honey, you may get stung. Maybe I could have thought of a better pun at that point. I'll work on it. Kroll, what have you got for us this week?
CAROLE THERIAULT. So a number of very fortunate people this past holiday were thrilled to be gifted a brand new device for Christmas. Like a friend of the show, who shall remain nameless, was telling me how he bought both his children the latest iPads for Crimbo, put them in their stockings. And I was like, can you adopt me, please?
GRAHAM CLULEY. Yeah, kind dad.
CAROLE THERIAULT. Kind dad, right?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Did you go down the route of devices in your household?
GRAHAM CLULEY. No, I just bought a couple of books for my son. That's what— that's—
CAROLE THERIAULT. Love you, Dad.
GRAHAM CLULEY. A bit of rip-off Lego. It wasn't even real Lego. It was sort of Chinese knockoff Lego is what he got.
CAROLE THERIAULT. My other half didn't even get his present yet. I know, how bad is that, right? Thing is, is if I buy something for him and he's not there to vet it, it ends up in the back of the cupboard never to be seen again.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So I know what I want to get him. I just need him to choose it when we get there.
GRAHAM CLULEY. Yeah, my wife and I, we don't do presents because we figure it's going to end in disappointment. We'll just be nice to each other instead.
CAROLE THERIAULT. Exactly. But I wanted to look at how much we as a collective spent on devices this past holiday. So in the USA, 1 in 5 said they dreamed of finding a new device in their stocking. And now we're talking— when I say devices, we're talking gaming consoles, mobile handsets, computers, tablets, all that kind of stuff.
GRAHAM CLULEY. Okay. Technology.
CAROLE THERIAULT. Tech. Yeah. Yeah. But so, you know, so is a washing machine, right?
GRAHAM CLULEY. So— Oh, yeah. OK, so yeah, sort of entertainment tech and mobile device. Yeah.
CAROLE THERIAULT. OK. And these aren't cheap gifts.
GRAHAM CLULEY. No.
CAROLE THERIAULT. Holiday shoppers tend to spend more on electronics than they do in any other gift category. An estimated $55 billion is expected to have been spent on electronics in the US during the recent holiday, says Capital One. $55 billion on electronics. I can't believe that.
GRAHAM CLULEY. I wonder what that works out to per adult.
CAROLE THERIAULT. Yeah, well, I'd throw out $350 million. You do the math while I continue talking.
In the UK, more than a quarter of adults were planning to treat themselves or a loved one to a new device this Christmas, according to the Information Commissioner's Office, the ICO. So that's 1 in 4. All this to say that there were a lot of devices that had been bought, wrapped up, and gifted this past season.
And the question that occurred to me when I read this is, what's going on with all the retired tech? Most people who are receiving a new phone or new tablet or new computer most likely already have one of these devices, right?
GRAHAM CLULEY. Yeah, good point.
CAROLE THERIAULT. So what do we do with these devices? Actually, what do you do?
What do you— you have had loads of electronics through your lifetime.
GRAHAM CLULEY. I've just done this just recently, actually, which is that I sold an old computer.
CAROLE THERIAULT. Excellent.
GRAHAM CLULEY. Yep, I did that. And so I've been foraging around in all my drawers looking for old phones and all kinds of old tech because, you know, either they're going to cycle it for parts or maybe they'll be able to use it themselves.
CAROLE THERIAULT. Exactly. But the thing is, what do you think most people do?
GRAHAM CLULEY. Do people take them down the dump? Or do people give them to their kids or something? Or what would they do?
CAROLE THERIAULT. They hoard them. The vast majority, 80% of Americans and Britons, are holding on to two or more old tech devices.
And I mean, I have a drawer full of tech crap, right? Mostly wires and cables, old headphones.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Different, you know, different ends, you know, because the phones keep changing their little connectors. So I've got tons of that.
GRAHAM CLULEY. I would almost guarantee that every listener to Smashing Security has a drawer full of wires and cables and micro mini USB things. And you're thinking, oh, that'd be useful one day. I'll keep that here.
CAROLE THERIAULT. Or you can't even be bothered to untangle the rats—what's that called? When all the rats' tails get kind of combined together? I think it's called a king rat.
But anyway, it's this huge monstrosity of tangle of stuff. And you just close the drawer. A family member of mine passed away in December and we've been going through all this stuff.
The amount of tech this person has been hoarding would blow your mind. We found at least 3 brand new Rokus. Haven't even been opened.
There's tons and tons and tons of stuff. There's a single room full of old computers and tablets and phones and cameras and all their power supplies and cables and whatnot.
And it's really just overwhelming. It's overwhelming to go through and to decide what's useful and what's not.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So, okay. So I can understand we do that because, hey, we're excited about the new device. Who cares about the old one? Throw it in the drawer. Forget about it.
The reason, it turns out, that many of us do let this happen has to do with us not being comfortable in wiping them.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Most of us know that there's sensitive information, but we are not sure how to delete that stuff off the device.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So instead, we put these rather expensive items in a drawer and forget about them.
GRAHAM CLULEY. Yeah, I can well believe that's true.
CAROLE THERIAULT. Yeah, but the ICO's recent figure says that 30% of adults simply don't know how to wipe their personal information from old devices or tech products. And I'm going to guess that's similar for the US and the rest of the world.
And I suppose there's a silver lining here that people recognize that their electronics have sensitive information. So that's a good thing.
GRAHAM CLULEY. Yes, in some ways it's encouraging, isn't it? Because you think, oh, they're quite savvy to the fact that it could be an identity thief's dream to have access to your old hard drive or your old phone if it were unlocked.
CAROLE THERIAULT. And the thing is, as you were saying, there's money to recoup in selling old devices. And values can range, obviously, but you could be hoarding a few hundred pounds in your bottom drawer.
And a few hundred is, it's something. Certainly not something to be sneezed at, right?
So what we want to do with these devices is effectively to factory reset them, also known as a hard reset. And I think once that's done, the phone or the device can be sold or given away to someone in need without having to worry about them having access to your banking or your personal info or your diary or whatever.
And in the show notes, I have links to resetting Apple devices, Samsung devices, and Google devices. I think those are the 3 big ones. Is there any more you can think of that might be useful?
GRAHAM CLULEY. Certainly, I mean, that's good for mobile phones, but there's also, of course, laptops and computers. So you may want instructions for Windows.
CAROLE THERIAULT. Yeah, that's a good idea. I always forget about Windows because I never use it.
OK, it's been added. And you can find these in the links wherever you found this podcast.
But also you can Google because all these websites, so Samsung, for instance, will have a how to factory reset your phone. Or Apple will have that for your iPad, your iPhone, or your MacBook.
And maybe adding hard resetting to our New Year's resolution list might be a good idea. Because one, if you're short on cash, this is a great way to make a few bucks.
It's also think about how many people who can't afford these things. And I've donated all my old phones after I've done a hard reset.
I've donated them to people that couldn't afford phones and they were extremely happy to be able to have one that worked. And it just makes their lives a little bit easier.
GRAHAM CLULEY. And also, we're over a week into the new year now. So all the other resolutions that we made at the beginning of the year, it's time to move on from those now.
I think most of those we failed. So make this actually the real resolution.
CAROLE THERIAULT. Speak for yourself, Graham. I have a number of resolutions that I am going strong.
GRAHAM CLULEY. Oh, well done.
CAROLE THERIAULT. Yes, we'll learn about that. We'll see how long I go.
I don't want to tell anyone what they are until I've succeeded at my goal. But either way, all this is better than letting these things rot in the bottom of your drawers.
Am I right or am I right?
GRAHAM CLULEY. I wouldn't want anything rotting in the bottom of my drawers other than my bottom. Even then, I wouldn't want it to rot. I would— Oh my God. Ads! Sorry.
BigID helps you uncover dark data, identify and reduce risk, take action through remediation, and scale your data security strategy through seamless integration with your existing tech stack. Start protecting your sensitive data wherever your data lives by visiting bigid.com/smashing. Get a free demo to see how BigID can help your organization reduce data risk and accelerate the adoption of generative AI.
Also, there's a free new report that provides valuable insights and key trends on AI adoption, challenges, and the overall impact of GenAI across organizations. So go visit bigid.com/smashing, and thanks to the folks at BigID for sponsoring the show.
Quick question. Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices? Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch. Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing.
And thanks to the folks at 1Password for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week, is it security-related? It's possibly privacy-related. Okay.
CAROLE THERIAULT. If it's good, I'll let it go.
GRAHAM CLULEY. I think it's pretty good.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. So do you remember before we shut up shop for the end of last year, on Smashing Security, I recommended a site called UDM14.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. I think you may have even bookmarked it, Crow.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. I explained how you can add a little parameter onto the end of your Google searches and set it up to happen automatically. So it cuts out all the cruft, all the stuff you don't want, all the ads and all the nuisance.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. And this got me thinking a lot about search engines because I've never been a huge fan of the Google search engine. I feel like it's deteriorated over the years and they've been doing unpleasant things and I've tried various alternatives to Google.
Well, I've come across and I've been messing around with another alternative to the Google search engine. It is called Kagi, K-A-G-I.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And the thing about Kagi is it's not a rebadged version of Google search results or Bing or something like that. And there are other search engines out there. Of course, there's DuckDuckGo is very well known. That uses Bing.
Startpage uses Google search results. Kagi isn't like that. Kagi has its own search engine, which it's working from, but you pay for Kagi every month.
You subscribe to it, which means there aren't any ads, which means that you are in control and it's got some really nice features. So it can, for instance, summarise webpages for you.
It's ad-free. It minimises any data collection.
It avoids tracking you. You can tweak it with your preferences.
So when it gives you results, you can say, oh, that's a site I like. So remember to sort of promote that in the search results in future, or don't ever bother giving me a link to that site because I know it's a load of old rubbish.
And so you can set it up like that. It even has a built-in AI.
So if you search for something and put a question mark on the end, it will give you a quick answer to the question as well.
CAROLE THERIAULT. That's— have you been using it?
GRAHAM CLULEY. I've been using it. And don't worry about, oh, I can't use Google anymore because you can easily, if you wanted to, you can just prefix your search.
So what you do is you can put exclamation mark G and then your search, and that will use Google to do the search. Or you can go exclamation mark YT for YouTube or exclamation mark R for Reddit, and it will search those instead.
So it does cost some money.
CAROLE THERIAULT. Yeah, I'm checking the prices right now.
GRAHAM CLULEY. Yeah. You can try it out for free.
The cheapest price tier is $5. I'm currently trying out the $10 tier, which basically allows me unlimited searches.
I quite like it. I'm quite impressed by it.
CAROLE THERIAULT. $10 a month you're paying?
GRAHAM CLULEY. $10 a month. It's obviously cheaper if you were to buy for a year.
But I think it's quite good.
CAROLE THERIAULT. Yeah, it's working for you?
GRAHAM CLULEY. It is definitely working for me. And it has some really cute things built into it, like the Wayback Machine.
So if a web page no longer exists, you can find it automatically in the Wayback Machine and other things like that. It has lots and lots of features.
And I think it's, I mean, search is important, right? It's one of the ways in which we all do our job.
We all say, oh, Google that, Google that. But I don't really like Google.
So maybe it is worth spending a little bit of money on a search engine instead. So it's called Kagi, K-A-G-I.
I would suggest give it a try. See what you think.
CAROLE THERIAULT. Yeah, you can try it for free, it says here, for 100 searches. Because I've been using DuckDuckGo recently and I've been having, I mean, I like DuckDuckGo.
I like its premise. I like its mission, all that.
But I've been finding when I was searching for stories, for example, a lot of the news is not in my region at all, or not the regions I want to look for. So typically in my case, it often is ending up in India, a lot of the stuff.
Like I would say 90% of the results that are on the first few pages. And I can't seem to get around it.
So it's been, you know, and I don't know if I'm doing something wrong, but you know, I've been searching for another—
GRAHAM CLULEY. You're not running a VPN or anything? No, no, no, no, no, no.
CAROLE THERIAULT. It doesn't think I'm in India. I've turned off the VPN and all this.
No problem. So I don't know.
Anyway, so I'll try this out. This is cool.
GRAHAM CLULEY. Give it a try. Give it a try.
I mean, obviously $10 per month is quite a lot, but right now I'm trying it out and I'm quite impressed by it. Cool.
Anyway, Kagi is my pick of the week. Kirill, what's your pick of the week?
CAROLE THERIAULT. So my pick of the week comes from... Yes, she's lovely, and she lives in Canada, and it's been extremely cold there for the last few weeks. I mean, no surprise, because it is January now, and winter is fully set in.
But anyway, my mom, she's a huge walker. Walks every day, rain or shine, freezing or sweltering, she's out doing her walk. She typically gets 12,000 to 15,000 steps in every day. Amazing.
GRAHAM CLULEY. Very good.
CAROLE THERIAULT. But recently, despite wearing appropriate winter apparel — hat, parka, moon boots, face mask, mitts, scarves — her feet get cold, right? Her feet get cold. And that's very unpleasant, right? If you're walking, you know, 15,000 steps, you know, it's not very fun.
GRAHAM CLULEY. Yeah. Yeah.
CAROLE THERIAULT. So one of her friends told her about heated socks. Have you heard about this? So heated socks.
GRAHAM CLULEY. Are these USB powered or something? No, no. What do you charge them up?
CAROLE THERIAULT. Yeah, they are battery-operated heated socks. Let me send you a link here. I'll put it into the show notes for you. So the name of the ones she's using are called Field Sheer. They don't just do socks. They do everything. Heated jackets and vests and hoodies and base layers and gloves and socks and everything. So these are machine washable.
There's apparently 3 heat settings. So low, medium, high. The charge lasts 5 to 16 hours per charge.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. You have 2 rechargeable batteries, which I assume you have to remove before you put it in the washing machine. Plus it's remote controlled.
GRAHAM CLULEY. Oh yes, I can see it. It's got a little remote control with high, medium, and low. I guess that's where you choose the heat.
CAROLE THERIAULT. Yeah. And so she bought these. They're not cheap. These are $60.
GRAHAM CLULEY. Where do the batteries go? Where do you put your battery?
CAROLE THERIAULT. I have no idea. Because I, of course, this is not my purchase.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. But she loves them. She's been wearing them for the last few days. She says her feet are as toasty as anything. So I'm sure there are other companies that do these, but the Field Sheer ones, she bought them at Costco. So I think they were $60, but she loves them. And she, you know, she's going to wear them as a double pair of socks. So a thin pair of socks underneath. I'll wash them once a week. Done, done, done. And there we go. Warm tootsies for my mom. And that is my pick of the week, the Field Sheer Mobile Warming Socks.
GRAHAM CLULEY. Very seasonal for all of our listeners in the Northern Hemisphere.
CAROLE THERIAULT. There you go.
GRAHAM CLULEY. For those of you who are in the South, well—
CAROLE THERIAULT. Get a fan.
GRAHAM CLULEY. Buy them in 6 months' time.
CAROLE THERIAULT. Oh, it seems they do cooling clothing as well. It's designed for the hottest climates, so they wick moisture and keep you from overheating during outdoor activity.
GRAHAM CLULEY. So there you go. Terrific. Well, that just about wraps up the show for this week. You can find Smashing Security on Blue Sky, unlike Twitter, which wouldn't let us have a G. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And huge, huge thank you to our episode sponsors, BigID and 1Password, and of course to our wonderful Patreon community. It's their support that helps us give you this show for free. And for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 398 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time and episode 400. Dun dun. Cheerio. Bye bye.
CAROLE THERIAULT. Bye. You better be good next week. Yeah, we'll blame Bitdefender if it isn't.
-- TRANSCRIPT ENDS --