ProtonMail finds itself in a privacy pickle, the big problem with Facebook's algorithmic amplification, and strange things are happening on Banksy's website.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/242 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- 1Password: Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
- 1Password makes the secure thing to do the easiest thing to do.
- Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
- Find out more and try 1Password free for 14 days at 1Password.com
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
Links:
- ProtonMail logged IP address of French activist after order by Swiss authorities — TechCrunch.
- Important clarifications regarding arrest of climate activist — ProtonMail.
- Information for Law Enforcement Authorities — ProtonMail.
- Tweet by Andy Yen, founder of ProtonMail.
- Why Facebook Won’t Stop Pushing Propaganda — Mother Jones.
- Fake Banksy NFT sold through artist's website for £244k — BBC News.
- A fake Banksy sold for $330K is a perfect symbol of a wild NFT market — The Next Web.
- Banksy was warned about website flaw before NFT hack scam — BBC News.
- McCartney 3,2,1 - Trailer — YouTube.
- Classic Albums — BBC Four.
- Backyard Coaster POV | Little Thunder — YouTube.
- Inside the Most Impressive Backyard Roller Coaster I've Ever Seen: Little Thunder — Coaster 101.
- Pre-owned Rides for sale.
- Netflix Drops Trailer for New Norwegian Vampire Comedy Post Mortem: No One Dies in Skarnes — Netflix.
- Post Mortem: No One Dies in Skarnes — Netflix.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. You don't go to Europol for that, do you? I mean, is that what Europol is for? This guy needs a shower?
DAVE BITTNER. Get me Europol on the line.
CAROLE THERIAULT. You call Europol.
DAVE BITTNER. And Brexit isn't looking so stupid now, is it?
CAROLE THERIAULT. Wow, you haven't chosen your audience very well.
UNKNOWN. Smashing Security, episode 242. Ransomware, ProtonMail privacy questioned, and Banksy blunder with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 242. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And we're joined this week by returning guest, a semi-regular, it is the CyberWires Dave Bittner. Hello, Dave.
DAVE BITTNER. Hello, hello.
CAROLE THERIAULT. Do you like being known as the CyberWires Dave Bittner? Do you want to be Dave Bittner, popular on?
DAVE BITTNER. I don't know. They pay my mortgage, so I'm okay with it.
GRAHAM CLULEY. Yeah, but they aren't paying us, are they? They're not sponsoring. No, not yet. So why are we plugging them?
DAVE BITTNER. I mean, we're technically competitors, right? We're friendly rivals, wouldn't you say?
CAROLE THERIAULT. I wouldn't say we're rivals.
GRAHAM CLULEY. I wouldn't say we're friendly.
DAVE BITTNER. I mean, we go after some of the, yeah, exactly. We share some of the same advertisers, which is good.
GRAHAM CLULEY. We share Carole Theriault.
DAVE BITTNER. We share Carole. Most importantly.
CAROLE THERIAULT. If we're competitors, what the fuck am I doing? I'll have to quit one of you guys.
DAVE BITTNER. Yeah. Well, it's pretty good over here in the gold US of A, Carole.
GRAHAM CLULEY. It looks great.
CAROLE THERIAULT. My mind's made up. Let's thank this week's sponsors, privacy.com and 1Password. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I will be reporting from La Belle France.
CAROLE THERIAULT. Dave, what about you?
DAVE BITTNER. I'm going to be looking into Facebook's algorithmic amplification. Whoa.
CAROLE THERIAULT. Okay. And I'm getting all arty and talking Banksy. All this and much more coming up on this episode of Smashing Security. Almost said Cyberwire there.
GRAHAM CLULEY. Mwahaha. Now, chums, chums, France.
DAVE BITTNER. Ah.
GRAHAM CLULEY. Formidable. La belle France. Home of the beret, the stripy shirt, the guillotine. People smoking like chimneys, drinking wine, snorting cheese. You both fans of France? Ho ho ho! Wow.
CAROLE THERIAULT. I hate to say that I find this slightly offensive, just all round.
GRAHAM CLULEY. Dave, have you been to France?
DAVE BITTNER. I have been to France. I was only there once when I was a teenager. I was on one of those sort of band and choir trips where you visit all around Europe, and we were in Paris for a day or two, and it was delightful.
GRAHAM CLULEY. You got your little cultural injection.
DAVE BITTNER. Yeah.
CAROLE THERIAULT. Cultural injection.
DAVE BITTNER. Although I do remember that the waiters were quite rude, but I think that's not a bug, that's a feature, right?
GRAHAM CLULEY. Come, come, come, come. I don't think you'll find rude waiters in Paris. Surely not.
CAROLE THERIAULT. That has never happened to me.
DAVE BITTNER. Well, you speak fluent French. I do not.
CAROLE THERIAULT. Oh, you think it's a language thing? They think if you don't speak French, they're rude?
DAVE BITTNER. That's what I've heard. I don't know.
GRAHAM CLULEY. Well, I think it's a wonderful country. I think it's wonderful. Paris, fabulous place to visit. But alas—
CAROLE THERIAULT. Paris is just a city. You know that.
GRAHAM CLULEY. Yes, I know Paris is a city. Okay, just check. I'm just— that's like— What do you mean, just check?
CAROLE THERIAULT. Well, you just said, oh, la France, Paris. It's like, well, there's a lot more places.
GRAHAM CLULEY. England, London.
CAROLE THERIAULT. London, so great.
GRAHAM CLULEY. So can I explain how my segment of the show works, right? It's a little bit like watching a movie, right? You have the swooping helicopter shot at the first— the first thing you see is you see the Earth hanging in orbit around the Sun, and we zoom into Europe.
CAROLE THERIAULT. We know where we are.
DAVE BITTNER. Okay, like the opening image from Radio Garden. Oh, sorry, I didn't want to bring up a touchy point.
GRAHAM CLULEY. Not again. We swoop into the Arc de Triomphe, the Eiffel Tower.
CAROLE THERIAULT. Out, bang, clash, kapow.
GRAHAM CLULEY. But alas, Paris is changing. The cutesy independent shops and cafes have been swept away by the tide of moneyed gentrification. They've been replaced by luxury brands aimed at tourists and boutiques selling designer gear.
CAROLE THERIAULT. Who don't like coffee.
GRAHAM CLULEY. Well, quite possibly not, or they're selling coffee which is substandard, dare I say, maybe even coffee which comes from American multinationals. So France and Paris in particular are being culturally destroyed, wiped out, and this isn't a good thing. In fact, pas très bien. It means not very good.
CAROLE THERIAULT. I have no idea what you just said. Oh, pas très bien.
GRAHAM CLULEY. Yeah, pas très bien. What does that mean, Carole?
CAROLE THERIAULT. That was not good. Yeah.
DAVE BITTNER. Oh, got it.
GRAHAM CLULEY. Now, some people aren't just grumbling into their dark black cups of coffee and listening to sorrowful accordion music.
CAROLE THERIAULT. Going zut alors.
GRAHAM CLULEY. Yeah. Mais non, malheureusement. No. They are revolting. They are protesting. For the past year or so, there is an anti-capitalist group called Youth for Climate. It's probably climate for youth or something.
CAROLE THERIAULT. I imagine. Anti-capitalistic or pro-climate? Which one would you think it'd identify with more?
GRAHAM CLULEY. Well, they do a bit of everything. They cover a number of things.
DAVE BITTNER. They have a long list of grievances.
GRAHAM CLULEY. They do. They do. They don't like Airbnb. They don't like rising property prices. They don't like posh restaurants. They don't like all the capitalism, all the money coming in. They do not like the gentrification of Paris. And so they have occupied some buildings in part of Paris called Place Sainte-Damien. What? And they are used— what?
CAROLE THERIAULT. Can you spell it, please?
GRAHAM CLULEY. Place. P-L-A-C-E. Yeah, thank you. Sainte. S-A-N-T-E. Yeah.
CAROLE THERIAULT. Is that Santa? Santa.
GRAHAM CLULEY. Okay, Santa. And then Marthe, which is like Martha but with an E on the end instead of an A.
CAROLE THERIAULT. Sainte Marthe. Okay.
GRAHAM CLULEY. Place Sainte Marthe. Place Sainte Marthe.
DAVE BITTNER. Very good.
GRAHAM CLULEY. So they've occupied buildings there, right? And they've been there for about a year. And of course they're using the internet to rally support and to coordinate their activities.
CAROLE THERIAULT. Are they paying rent?
GRAHAM CLULEY. They're not paying rent. That would rather go against the whole anti-capitalist bit, wouldn't it? If they were paying rich landlords.
CAROLE THERIAULT. I was just thinking during COVID maybe the rents were really, you know, slashed and, you know.
GRAHAM CLULEY. I don't think it's much of a protest if you're there with the permission of the landlord and paying rent. I think it just means you've moved in.
CAROLE THERIAULT. So this is part of the protest. Their headquarters is part of the protest. Okay.
GRAHAM CLULEY. They've occupied these buildings.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. And French police have been trying to identify who is operating the group's email account. Right. And this is an email account hosted at ProtonMail. Are you familiar with ProtonMail, guys? Mm-hmm. Mm-hmm.
DAVE BITTNER. Yep.
GRAHAM CLULEY. Right. For any listeners who are—
CAROLE THERIAULT. you use it, don't you? Yeah.
GRAHAM CLULEY. Yeah. I've got ProtonMail. I don't use it as my main account, but I, I do have a ProtonMail account. It's a really simple, easy way to get end-to-end encrypted email, which means that they can't read your messages and the authorities can't read your messages either because they're all encrypted. And it's much, much easier than setting up PGP or something like that.
DAVE BITTNER. Now, Graham, is ProtonMail a closed system? In other words, can you only communicate with other ProtonMail users?
GRAHAM CLULEY. So it is completely end-to-end encrypted if you are speaking to other ProtonMail users. If you're speaking to the outside world, you do have the option of importing their PGP keys, and then you can very easily communicate encrypted with the outside world as well. Ah, but by default it wouldn't be encrypting with the outside world, but certainly ProtonMail to ProtonMail, it's all end-to-end encrypted.
DAVE BITTNER. Mm-hmm.
GRAHAM CLULEY. Now, ProtonMail has become really popular over the last few years because it's got this really strong focus on privacy. A lot of the messaging on their website makes emphasis of the fact that they are based in Switzerland. Their servers aren't based in America, they're in Switzerland. All the user data is protected by strict Swiss privacy laws.
CAROLE THERIAULT. Yeah. And word on the street, like if you kind of listen in to little forums where a lot of techies hang out, they all kind of go, oh, ProtonMail, ProtonMail, ProtonMail. So yeah, it's got a kind of cachet, doesn't it?
GRAHAM CLULEY. Yeah. And not just people who are sort of privacy conscious for legitimate reasons, but also bad guys and cybercriminals. Will often use ProtonMail, or you will see messages inside ransom notes where they'll ask you to contact them via ProtonMail. Hmm. Spammers, scammers, and so forth will use that. And, and ProtonMail, to its credit, you know, it would obviously regard that as a breach of its terms and conditions because it's criminal activity, and they would shut down accounts. So ProtonMail, you pay for it by subscription. Um, you can get a free account as well, but use it full blast, you, you pay some money. So it's not advertisers. And so that's Another big difference from using things like—
CAROLE THERIAULT. It sounds like an advertising for it. Okay. Well, USBs. Jesus.
GRAHAM CLULEY. Well, is it?
CAROLE THERIAULT. Is it?
GRAHAM CLULEY. Is it?
DAVE BITTNER. But wait, there's more.
GRAHAM CLULEY. Because ProtonMail, like I said, makes this big thing about our encryption can't be bypassed. The email content can't be compromised by legal orders. But if you read the privacy policy, which I'm sure, Carole, you would have done if you were a user, It does admit that it can access some information. So what is accessible is the sender and recipient's email addresses, the IP addresses that incoming messages originate from, message subjects, and message sent and received times. So there is some—
CAROLE THERIAULT. So basically everything except for the content of the message.
GRAHAM CLULEY. Well, yeah, but that's really to do with the SMTP specification. Right.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Which is as old as time itself because the email headers aren't encrypted.
DAVE BITTNER. Mm-hmm.
GRAHAM CLULEY. So not really necessarily enough for the authorities to sort of hang their hat on. Anyway, French police, they wanted to identify who was operating this account, but ProtonMail, which is based in Switzerland, when they got the request from the French police, they'd kind of go, pshh. Ah, you've got no jurisdiction over us. You are French.
CAROLE THERIAULT. Not Swiss.
GRAHAM CLULEY. Yeah, yeah, exactly. You're not Swiss. Why should we do anything for you? We obey Swiss law. So the French went to Europol, and Europol got a Swiss court order which compelled ProtonMail to play ball and saying, you've got to gather some information, details of who is using this account. And this has kicked up an enormous stink amongst all the privacy wonks. It's like, oh, ProtonMail, you told us we were secure, but you've now gone and assisted French police with this investigation. It's not like this guy was a cyber criminal or, you know, something like that. He was an activist. And why are you doing this? And ProtonMail is saying, well, we have to abide by Swiss law.
CAROLE THERIAULT. I kind of agree with that. Like, unless— I mean, I don't know what this activist group have done, right? I don't know if they have broken the law in ways that are as dangerous for the public or whatever.
GRAHAM CLULEY. I mean, obviously they're occupying some property without permission and they might be causing a nuisance. Maybe they haven't washed their hair enough. But again, you know, these are things which you could charge against many people in Paris.
CAROLE THERIAULT. You don't go to Europol for that. Do you? I mean, is that what Europol is for? This guy needs a shower?
GRAHAM CLULEY. Mm-hmm.
DAVE BITTNER. Get me Europol on the line.
CAROLE THERIAULT. You call Europol.
DAVE BITTNER. And Brexit isn't looking so stupid now, is it?
CAROLE THERIAULT. Wow, you haven't chose your audience very well.
GRAHAM CLULEY. First Radio Garden, now this. So I imagine the French managed to convince the Swiss authorities that this would be a crime under Swiss law as well as French law, whatever it might be. ProtonMail says, if you are breaking Swiss law, We can be legally compelled to log your IP address as you log in as part of a Swiss criminal investigation, and that is what's happened.
DAVE BITTNER. Well, and that was part of their marketing, was that even if they were able to see stuff, they weren't logging it, right?
GRAHAM CLULEY. That's right. They don't log it by default, all of this stuff, but they can be compelled under Swiss law to begin to log stuff. The thing is, ProtonMail said that if we are compelled to begin to log your IP address as you log into ProtonMail, we will inform you again under Swiss law. You're required to tell the user you are being monitored, right? But under certain circumstances, the notification of the user, quote, can be delayed. Under Swiss law. So if the authorities put together a convincing argument as to why, well, we don't really want you to tell the user that we're watching them right now.
CAROLE THERIAULT. This is like properly Dickensian. This is just— and Orwellian. This is just—
GRAHAM CLULEY. There's a lot of Ellions. Yes. Yes. So ProtonMail did, it appears, delay notifying Youth for Climate that they were being monitored. At least the owner of that email account, for 8 months.
CAROLE THERIAULT. So were they compelled by Europol not to tell them, or they chose not to tell them? Do you know?
GRAHAM CLULEY. I would assume that they were told, you may not tell them.
CAROLE THERIAULT. Ass, you—
GRAHAM CLULEY. Well, no, I want to come to the defense of ProtonMail here. I really believe ProtonMail are the equivalents of these guys who are protesting in Paris. They are activists as well. They are really hot on security and privacy, and they do seem to really believe in it. And I think this would have pained them greatly, but I think they were forced by the Swiss authorities to not tell their user that they were being monitored for 8 whole months.
CAROLE THERIAULT. You see this Europol guy going, "Of course, if you choose not to comply with our wishes, we could make life very difficult for you." Yeah, we'll cut off your supply of cuckoo clocks.
GRAHAM CLULEY. And holy cheese.
CAROLE THERIAULT. I think Europe will have more jurisdiction than that.
GRAHAM CLULEY. Do you think?
CAROLE THERIAULT. Yeah, I don't think they're just sticking in, you know, the Swiss food market.
GRAHAM CLULEY. So everyone's ganging up on ProtonMail right now, saying, oh, it's outrageous what you've done. And ProtonMail, I think, reasonably, reasonably, are saying, well, you know, it doesn't matter who you use unless you are based 15 miles offshore in international waters. The company you use to handle your email has to comply with the law, and it feels that it's done everything that it could to reduce the amount of information it was collecting and to play by the law in Switzerland. And Switzerland does clearly have stronger privacy laws than many other countries around the world.
DAVE BITTNER. Hmm. I see a market opportunity here.
GRAHAM CLULEY. Yes.
DAVE BITTNER. Right?
GRAHAM CLULEY. Yeah, I see it too. When are we going to get our rowing boat? Exactly. When are we going to get our pedal out?
DAVE BITTNER. All right, a solar-powered barge 15 miles offshore. Come on.
CAROLE THERIAULT. What is this, Waterworld all of a sudden? Who was it, Kevin Costner? Was that who it was?
DAVE BITTNER. Satellite? Yeah, satellite internet. Why not? I think we're on to something here, Graham.
CAROLE THERIAULT. Yeah, I'll visit occasionally.
GRAHAM CLULEY. Dave, what have you got for us this week?
DAVE BITTNER. Well, let's talk about Facebook, shall we? None of us are active on Facebook. Is that right?
GRAHAM CLULEY. No.
DAVE BITTNER. Graham?
GRAHAM CLULEY. No, I'm not on Facebook, no.
DAVE BITTNER. No, me neither. I didn't actually delete my account, but I made it inactive. So it's sort of there in—
GRAHAM CLULEY. A memorial to Dave Bittner.
DAVE BITTNER. Exactly. You can go look me up there, but I haven't done anything on there in probably about two years. Now, why did you choose not to be on Facebook? Carole, why don't you start off? What was your decision there?
CAROLE THERIAULT. So I think I was early to the game. But actually, within a year, I found it really quite like, oh my God, my life's so great. Like, I think it was— I didn't like where social media was going even then. So I kind of— and then people used to post pictures of me on it a lot. And I hated it tagging me. You know, I hated all that when people didn't ask. Yeah.
DAVE BITTNER. Graham, what about you?
GRAHAM CLULEY. Yeah, I, you know, I had an account for a while promoting my blog and things. But, you know, it's just vile, isn't it? And of course we shut down the Smashing Security Facebook page as well. We used to have it to promote the podcast, and then we thought, no, we shouldn't be doing this. But generally it's looking at Mark Zuckerberg and just thinking, oh, just wanting to give him a slap, really. Just thinking, oh, this is just so unpleasant and vile and just like—
CAROLE THERIAULT. Okay, two islands, Piers Morgan or Mark Zuckerberg. Which one do you swim to?
GRAHAM CLULEY. God, I just want to be eaten by the shark scroll. I don't— I'll drown. I'll drown. I mean—
DAVE BITTNER. It's like the end of Titanic. He'll just sink, sink to the bottom. Well, so we're talking this week about a story from Mother Jones, which, full disclosure, is a left-leaning nonprofit publication. They have a decidedly progressive bent, so take everything we're gonna talk about that comes from this article with that in mind. They did some digging into Facebook's algorithms and the way that they work. This is an article titled—
CAROLE THERIAULT. I'm sure it was perfect.
DAVE BITTNER. It's titled Why Facebook Won't Stop Pushing Propaganda. It's written by Monica Bowerline and Clara Jeffery. And Mother Jones admittedly has a horse in this race. They saw their numbers fall off significantly when Facebook made some adjustments to their algorithms. But really, this article is focused on what they refer to as algorithmic amplification. And that is the tools that Facebook has to amplify the things that it thinks are going to make you more engaged with the platform. So as anyone who's been on Facebook knows, there are the things you see from your friends and family, your baby pictures and friends on vacation and just all the things that remind you how much better everyone else's life is than yours.
CAROLE THERIAULT. Yeah. Oh my God, it's so brilliant!
DAVE BITTNER. Right. So all of that stuff comes by, but then there's things that just sort of pop up randomly. They could be news things, they could, you know, all sorts of things. But Facebook figures out based on it analyzing your interests and things that you click on, it gives you more of the things that it thinks are going to lead to more engagement. And that's really the key thing here is that it's not giving you more things that it thinks you're generally interested in from a learning point of view, from a bettering yourself point of view. It's really about getting you to spend more time on Facebook.
CAROLE THERIAULT. It's like having a baby and going, gee, baby likes applesauce. Let's feed him applesauce, more applesauce. Give him applesauce, applesauce.
DAVE BITTNER. So every time the baby is crying, I give it applesauce and it's happy. Yeah, right. Next thing you know, the baby's dead.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. Right.
DAVE BITTNER. Right. Right.
GRAHAM CLULEY. So Facebook is looking for the stickiest content, the stuff which it knows you're going to keep on coming back for in order that you keep on coming back to Facebook. Is that right?
DAVE BITTNER. Right. Absolutely. Absolutely. And some interesting things I pulled from this article here that speak to this. There was a scholar from the Stanford Internet Observatory named Renee DiResta, and they said free speech is not the same as free reach. And I think that's really— isn't that interesting? Yeah.
GRAHAM CLULEY. And so what does that mean? I'm a little bit stupid. What does that mean? Free speech? Well, same as free reach?
DAVE BITTNER. Well, the ability to say things without someone deleting the thing you say is not the same thing as having the thing you said amplified and spread around to millions of people.
CAROLE THERIAULT. So if you're Graham Cluley tweeting versus you're Carole Theriault tweeting, you will just naturally get way more reach. Now, I would argue that Graham gets way more reach because he's spent a fuck ton more time, you know, curating his following and posting stuff and being hilarious in his socials. Right? So deserving, you know, of this class of people. And I haven't. So, and I don't have it. So I can't.
DAVE BITTNER. What this reminded me, this This notion of free speech not being the same as free reach reminded me of when former President Trump was kicked off of Twitter and went to start his own blog where he could basically do the same sort of information sharing that he had done on Twitter. His blog was a flop, right? So it wasn't what he was saying. It was the amplification that came from the platform. It was that there were hundreds of millions of people who had this automatically spoon-fed to them every day as part of their feed. That was the real power from social media. At least that's my interpretation of it.
CAROLE THERIAULT. Also, the power came from naysayers, right? Naysayers may not go to his blog, but it's there in front of them on Twitter. And by dissenting, they're still contributing to the conversation, not making him irrelevant, right?
DAVE BITTNER. Right. And incentivizing other people to chime in with with their opinions.
CAROLE THERIAULT. Yeah, yeah, Joe, I agree. Yeah. Yeah.
DAVE BITTNER. A couple other polls here. It says the real problem is that Facebook profits partly by amplifying lies and selling dangerous targeting tools that allow political operatives to engage in a new level of information warfare. Its business model exploits our data to let advertisers aim at us, showing each of us a different version of the truth and manipulating us with hyper-customized ads.
CAROLE THERIAULT. I don't disagree with that.
DAVE BITTNER. No, I think this is interesting too, because imagine if you had a billboard on the side of the road, right? And you put something provocative on that billboard that half of the population would agree with and half would find very offensive. Well, chances are the people who found it offensive would reach out to the billboard company. They'd reach out to the people who paid for the billboard and so on and so forth. But if they never saw that ad, if that ad was only shown to the people who would already agree with it, That's a very different proposition, isn't it? And Facebook enables advertisers to do that in a much more powerful way than I think was available previously.
CAROLE THERIAULT. Oh, totally.
GRAHAM CLULEY. Easily, yeah.
DAVE BITTNER. So the article talks about how there are some legislators who are trying to kick in what they're calling algorithmic accountability. Senator Cory Booker from New Jersey, Ron Wyden from Oregon, he's always on top of these sorts of things. Yvette Clarke from New York. They have introduced legislation that would require companies to analyze and disclose highly sensitive automated decision systems on social platforms and in artificial intelligence tools. I have thought about this, and I wonder if we don't need an algorithmic equivalent of the FDA, where before you turn loose an algorithm on the general public, at the scale of which companies like Facebook, companies like Google operate, that first you must prove that it will do no harm. It must be— there's some regulatory organization will analyze it, and that doesn't necessarily mean that it has to be shared with the general public. Maybe it is still kept a trade secret the way that drugs are, but at least you have to demonstrate— a third party has to agree that this algorithm will do no harm. I realize people are going to say that's going to stop innovation and they won't be able to iterate on their algorithm and so on and so forth. But I think we've just seen that the way these algorithms function, and when you combine that with the fact that, in my opinion anyway, when given the choice, Facebook will always do what is in the best interest of Facebook.
GRAHAM CLULEY. Of course.
DAVE BITTNER. You cannot trust Facebook to do the right thing. And again, some people will say, well, that's capitalism. Yes, it's partially capitalism. But I think there are also capitalistic companies who are good citizens, who are within the confines of doing their business and, you know, making their money, are also trying to do the right thing. And I'm not convinced that that's a core value that Facebook believes in.
CAROLE THERIAULT. Yeah, capitalism without any morals or lacking in morality or ethics kind of is chaos, really.
DAVE BITTNER. And let's not forget Facebook's origin story, right? I mean, Facebook was, it's a website to judge female college students by their looks. Hot or not.
GRAHAM CLULEY. Yeah.
DAVE BITTNER. Yeah. So that is the foundation on which this was built. And I think it's worth remembering.
GRAHAM CLULEY. So good. We're all doomed. We're all doomed.
CAROLE THERIAULT. Another fun topic.
GRAHAM CLULEY. There's no fix. Zuckerberg has ruined Save us, Carole.
DAVE BITTNER. Save us. You're our only hope.
CAROLE THERIAULT. I always do.
GRAHAM CLULEY. Carole, what have you got?
CAROLE THERIAULT. You may remember a little while ago, we did an intro to NFTs on Smashing Security. So that was episode 226. And by we, I mean, of course, me, because Graham, you were there, but I did the story.
GRAHAM CLULEY. I wasn't really there. I wasn't really present during that bit.
CAROLE THERIAULT. That's so nice.
GRAHAM CLULEY. Non-fungible tokens, right?
CAROLE THERIAULT. That's right. It's an identification of ownership of something original in the digital or physical realm. Okay. And it's not the same as copyright. It's an identification of ownership. So now loads of people are playing around, well loads, a smattering of people are playing around with it and making a fast buck. Other are testing its mettle. Some are saying it's the biggest scam since doctors advertising cigarettes as good for us. And enter graffiti art god Banksy. Now, everyone listening has heard of Banksy. What do you know of him, Dave Grimm?
DAVE BITTNER. Well, he's certainly, he's a hot property, isn't he? Whether or not you like his stuff, and I do think that there is a good amount of talent there. I don't know that I agree with the enthusiasm that comes with the collectors of his work. But that's my opinion. I mean, art is worth whatever someone's willing to pay for it. So there you go.
GRAHAM CLULEY. I think he's awesome. I think he's great. I think he's a good artist. And he regularly will take some— the side of someone's rubbish building and dramatically increase its worth by daubing on it overnight. And I think it's great.
CAROLE THERIAULT. He's one of the top earners in the art world, like Damien Hirst, earning well over a million quid for some of his well-known works. And do you remember, Graham, one of his early art coup d'états was in 2004 at the Notting Hill Carnival. He handed out fake £10 notes with the face of Lady Di replacing the Queen's. And it was stamped "Banksy of England." 2004.
GRAHAM CLULEY. I was only 14 at the time, so I don't really remember that. What?
CAROLE THERIAULT. 2004? You were 14?
GRAHAM CLULEY. I was a bit young. I don't remember that one. But anyway, carry on. Hmm.
CAROLE THERIAULT. What is going on? The biggest thing about Banksy is that no one seems to know who he is. Well, obviously, some people know who he is, but the public, the general public, does not know who he is, 'cause he does everything on the down low. Right. And you often have to wait till after the event of his unveiling of his artwork for him to take, you know, his invisible bow and take ownership of it. Okay. So setting the scene here. Last Tuesday morning, a piece of digital art popped up on Banksy's official website. Okay.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And this was like Banksy.co.uk/NFT. And on this page was a JPEG. The JPEG was called The Great Redistribution of the Climate Change Disaster. And with this was a digital image showing like a pixelated man in shades puffing on a Gasper in front of some smoking chimneys. Now, no surprise to our super switched on listeners that the blockchain tech is seen by many as an environmental shit show. Politely put, it's extremely energy hungry, right? Like those hot dog eating contestants. Like none of us stand a chance. And so, so maybe this was a commentary from Banksy on the climate change blockchain thing going on because underneath was a link to the auction site OpenSea, a crypto NFT site.
GRAHAM CLULEY. Okay, so you could buy the NFT of this image, right?
CAROLE THERIAULT. The picture obviously doesn't look like much. It's kind of very pixelated, very basic. But then I would say a lot of the hype around the NFT market is ridiculously simple pixel artwork. Like all that, you know, all that stuff, that CryptoPunk hype. You guys remember that?
DAVE BITTNER. Yeah.
CAROLE THERIAULT. Where you've got these kind of like, there's like 10,000+ little drawings that people are selling on Ethereum. Yeah, yeah.
GRAHAM CLULEY. Right.
DAVE BITTNER. The million-dollar webpage. Remember that?
CAROLE THERIAULT. Exactly. They're at a billion dollars now. They're at a billion-dollar market now. Yeah.
GRAHAM CLULEY. But I mean, even if it looks amateurish, if it's an image which, you know, an NFT from Banksy, someone's gonna want that 'cause it's by Banksy, right?
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. Yeah. Right.
CAROLE THERIAULT. Like it's a little bit different than his normal style, but then if he's poking fun at this whole NFT game and, you know, mocking the whole CryptoPunk hype and maybe you're gonna give the money afterwards to some charity. So we get this art collector, right? Who gets wind of this webpage. And he's perusing the official website and he sees this and he's like, I have to act quick, right? You know, to get ahold of this NFT, because this is fricking gold. And thank the gods that he was rich enough to play this NFT game. So, so this art dude being no chump, you know, gets his skates on and goes to the auction. And you know, there's people bidding, there's people bidding, and he jumps in and offers 90% more than any of the rival bidders.
GRAHAM CLULEY. Boom.
CAROLE THERIAULT. That's £250,000. Okay. Over $300,000. And no one else bids. And he secures the NFT for the Banksy GIF work and making him the owner. And bada bing, bada boom. Or is it? Is it? It turns out that the GIF was not created by the graffiti king Banksy. And it turned out that the official Banksy website got hacked. And the image and the link uploaded was uploaded by an unauthorized third party.
GRAHAM CLULEY. So, okay, so the thing being auctioned on Banksy's website wasn't authorized by Banksy, wasn't a Banksy, and someone has just made off with, what did you say, $300,000? Yeah. Yeah. Crumbs.
CAROLE THERIAULT. There was just a link from the Banksy official website to the OpenSea crypto market for this particular work. And as soon as it was achieved, right, as soon as it was accepted, this huge offer of $300,000, the money went straight off to the scammer, not to Banksy Incorporated or whatever.
DAVE BITTNER. Via cryptocurrency.
CAROLE THERIAULT. Via cryptocurrency.
GRAHAM CLULEY. Or so Banksy says. Well, yes, we're going to come to that.
CAROLE THERIAULT. We're going to come to that. We're coming to that. So yeah, keep that head on, Dave. Now apparently the art collector explained to Joe Tidy, friend of the show, right, on the BBC, said, I confirmed the URL on PC and mobile before bidding. I only made the bid because it was hosted on his site, meaning Banksy's. When the bid was accepted, I immediately thought it was probably fake. And I don't know why he says— why would he think that? Maybe because it was too low. Maybe he thought, like, you know, maybe he was just doing a dumb bid, right? Because maybe he doesn't have $300,000. He's like, oh my Oh my God.
GRAHAM CLULEY. We've all been there. Yeah.
CAROLE THERIAULT. So, so who was this digital scallywag that took all his cash, right? The auction, you know, the art collector wants to know. So he goes out on Twitter, talks to people and tweets out and makes a bit of a stink. And funnily enough, the money gets returned to his Ethereum account.
GRAHAM CLULEY. Hmm.
CAROLE THERIAULT. So that's interesting, right?
GRAHAM CLULEY. Mm-hmm.
CAROLE THERIAULT. Now he got all his money back except for the transaction fee that OpenSea takes. So £5,000 or $6,000, $7,000. Oh, and I haven't told you the name. Well, the moniker of this art collector who's been going around to the press.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Are you ready for this?
DAVE BITTNER. Graham Cluley.
CAROLE THERIAULT. No, no, it's about that. It's almost— it's close. It's close. Are you ready? Are you ready?
GRAHAM CLULEY. I'm ready.
CAROLE THERIAULT. Pranksy.
GRAHAM CLULEY. Pranksy.
CAROLE THERIAULT. Pranksy.
GRAHAM CLULEY. Of course, of course. He's the purchaser, or he was this—
CAROLE THERIAULT. He's the purchaser, and apparently he created this moniker or pseudonym or whatever ages ago in honor of Banksy, but it doesn't bode very well during this little media parade.
GRAHAM CLULEY. Okay, right. I'm beginning to get a bit suspicious.
CAROLE THERIAULT. Okay, talk to me, talk to me. I'm listening.
GRAHAM CLULEY. Well, first of all, Banksy's a bit of a prankster himself, isn't he? Do you remember he was having that famous piece of art? I think it was the one with the girl.
CAROLE THERIAULT. Yeah, girl with the heart balloon. Yeah.
GRAHAM CLULEY. And the balloon. Yeah. It was being auctioned and it was like a televised auction. And then as the auction finished and someone had won it, and then the frame sort of stirred into action and went— and the art was shredded. So it became a new piece of art.
CAROLE THERIAULT. Well, half of it.
GRAHAM CLULEY. Yeah. Which was awesome, wasn't it? But obviously—
CAROLE THERIAULT. It was. And it's interesting because it's just now going back up to market. So the guy who bought it for $1.1 million probably got bored of seeing half a work of art.
GRAHAM CLULEY. Yeah, but it's now even more famous, right? Because—
CAROLE THERIAULT. Well, I know, but is it going to be worth more money? Like, it's just—
GRAHAM CLULEY. Because is that not modern art itself? So if the— So let's— Right. Okay. This is really interesting. I didn't know all this about this Banksy thing. If Banksy's website got hacked and someone managed to direct people to an auction and they stole $300,000, a large amount of money.
CAROLE THERIAULT. Yeah, not a wonga.
GRAHAM CLULEY. It feels unlikely that they would return the money. It's the kind of stunt which Banksy himself would pull off because he has been brilliant at manipulating the media over the years.
CAROLE THERIAULT. Well, he has, but also interestingly, he is very much not a fan of copyright or any of this, and that's a source of a lot of his dramas because it means that people can reproduce his images, like card companies, and use his images, and he's not going to claim rights. And the reason he doesn't have copyright is because you have to declare who you are as the owner.
GRAHAM CLULEY. Oh, really?
CAROLE THERIAULT. So I don't know why he wouldn't just say someone else is the owner, but then that would give them legitimate rights over all his artwork. So he trades and trades Or he works in trademarks, not copyrights.
GRAHAM CLULEY. Could you not claim that the copyright owner is someone who is in a permanent vegetative state in some hospice or something? And yeah, and so they wouldn't be able to—
CAROLE THERIAULT. Banksy, if you're listening, you know, take notes.
GRAHAM CLULEY. Okay, so I think either Banksy was in on it or maybe Pranksy—
CAROLE THERIAULT. so ridiculous—
GRAHAM CLULEY. was someone who found a vulnerability on Banksy's website set up this fake thing, put in this ridiculous bid knowing that he was going to get his money back, and got plenty of attention. Yeah, which is—
CAROLE THERIAULT. and now he's getting tons of press attention, including on Smashing Security.
GRAHAM CLULEY. And so is Banksy as well.
DAVE BITTNER. What if it was someone who wasn't expecting this much money and now is afraid of the amount of heat that could be—
CAROLE THERIAULT. oh, I'm sure— put on your poll, right?
DAVE BITTNER. Oh no, well, we don't know where they are, but I mean, because this isn't the first— this isn't the only incident here where cryptocurrency has is being returned.
CAROLE THERIAULT. No, no, no. People are maybe getting nervous if it's too much moolah. Yeah, right. Now the last thing in the tale is a US-based ethical hacker has recently come out, uh, saying, uh, they had previously noticed the Banksy site was vulnerable, quote, allowed you to create arbitrary files on the website and post your own pages and content, they told the BBC. And they said they reached out and told them and even tried to reach them out on Instagram and got no response from Team Banksy.
GRAHAM CLULEY. Even on Instagram, they didn't get a response. I know, I know. From them, they should have made a TikTok video. That's how you get attention these days. You can't just use Instagram.
CAROLE THERIAULT. That's right, you gotta— yeah, find a song.
DAVE BITTNER. Yeah, should have had it amplified on Facebook.
GRAHAM CLULEY. This all seems a bit of a rum old story to me.
CAROLE THERIAULT. The Banksy team have said nothing to do with us, we have nothing to do with NFTs, nothing. They have not made a comment about their website being hacked or anything like that, but they are saying nothing to do with us, gov.
GRAHAM CLULEY. Hmm. Do we know from The Ethical Hacker whether the vulnerability still exists?
CAROLE THERIAULT. No, the page has been taken down. I haven't gone and checked the website out to see.
DAVE BITTNER. It does point to a serious security issue that lots of companies fall victim to, which is that people can gain access to their website and then they're able to post something using the actual URL from the website. Like the— as you said, Carole, the buyer here He checked on mobile and on desktop to make sure the URL was correct, and it was.
CAROLE THERIAULT. I know, I know. And you kind of think, well, Team Banksy, look, you probably have a lot of wonga in the bank. Maybe you need to hire a better IT, you know, risk assessors and get your site up to scratch. But then they were never expecting— they weren't doing NFTs. It was just some web page. Yeah, it's, uh, I don't know, as a fellow artist, you know?
DAVE BITTNER. Well, more publicity for Banksy, right? So there's that.
GRAHAM CLULEY. Are you a fellow artist, Carole? Do you have a website where you are promoting your art?
CAROLE THERIAULT. I do, I do, which is gonna be updated soon, Graham. So watch this space.
GRAHAM CLULEY. Is it securecarole.wtf? Is that website?
CAROLE THERIAULT. It will be by the time the show goes out, right, Cluley?
GRAHAM CLULEY. This episode is brought to you by the folks at Privacy.com. Privacy lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. What a fantastic idea that is, and a great way of keeping your details out of the hands of the bad guys. Right now, new customers will automatically get $5 to spend on their first purchase. All you've got to do is go to privacy.com. Smashingsecurity.com/smashing to sign up now. And thanks to privacy.com for supporting the show. Around 80% of business data breaches result from weak or reused passwords. Using 1Password in your company can close the gaps in your security, combat shadow IT, and help your workers stay both productive and secure wherever they are. With the right tools and the right mindset, You can create a culture with 1Password where your employees feel empowered to share responsibility for security risk management. Everyone needs to be on board, working together to stay protected. Find out more and try 1Password for free for 14 days at 1password.com. And thanks to 1Password for sponsoring the show. And welcome back. And you join us for our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
DAVE BITTNER. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week is not security related. I have been watching something called the television. And on this invention called the television, I've been watching a streaming program available on Hulu and Disney+ called McCartney 321, which you won't be surprised to hear is all about Paul McCartney. Rik Rubin, who's, he's basically Gandalf, he's the Gandalf of record producers. He has a cozy black and white chat with the former Beatle about his songwriting and songs. And they're basically sat there at a mixing board, fiddling with their buttons and listening to some old songs and asking, why did you do that? Or what's all this about? It's, it's not okay. Although this is my pick of the week and I did enjoy it, there's 6 episodes, 30 minutes. It's not incredible.
CAROLE THERIAULT. Well, thanks for making it your pick of the week and telling all our thousands and thousands of listeners about it.
DAVE BITTNER. Well, get right on that.
GRAHAM CLULEY. It was enjoyable, but if you're a Beatles obsessive like me, you've kind of heard it all before.
CAROLE THERIAULT. Okay, can I ask a question?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. If you're watching the show and you needed to go for an urgent bathroom break, would you press pause?
GRAHAM CLULEY. I would press pause.
CAROLE THERIAULT. If the remote was on the opposite direction of you, it wasn't on your way to the bathroom, you'd have to walk—
GRAHAM CLULEY. How urgent is the bathroom break? I mean, what sort of—
CAROLE THERIAULT. Pretty urgent.
GRAHAM CLULEY. Is it like a brown alert? What are we talking about here?
CAROLE THERIAULT. I don't know.
DAVE BITTNER. Is it going to be a quick bathroom break or are you going to be in there a while?
CAROLE THERIAULT. I don't know. You just have to— Jesus, guys, guys, guys, guys, guys.
GRAHAM CLULEY. There's a couple of things which annoyed me about this. I do think it's worth watching, but there's— just as with any work of art, there can be some flaws. Whoa. And McCartney's voice isn't what it is, right? So he doesn't always sing along. Sometimes he sort of hums along.
CAROLE THERIAULT. Is he still alive?
GRAHAM CLULEY. He is still alive, but he's getting on a bit and his voice is broken. Meanwhile, Rik Rubin, who is a very— you know, he did all those Johnny Cash LPs. Didn't he set up Def Jam or something like that? You know, he's a world-renowned producer.
CAROLE THERIAULT. Dude.
GRAHAM CLULEY. He's a dude, right? McCartney will say something and Rik Rubin will go, wow. Like, well, of course, you know, Paul McCartney saying, well, so what we did was we went one octave lower because we slowed it down. You know, it's like, and he's going, oh, that's amazing. And you think, no, it's not that amazing.
DAVE BITTNER. It's like the Chris Farley interview on Saturday Night Live.
GRAHAM CLULEY. Remember that?
DAVE BITTNER. With Paul McCartney.
CAROLE THERIAULT. Graham, you would love if I did that to you.
GRAHAM CLULEY. What, if I told you?
CAROLE THERIAULT. Every time you spoke, I would go, wow, Graham, you're so smart. That's an amazing, amazing point you just made. Wow, what great research you've done.
GRAHAM CLULEY. Yeah, you've just done it in a very sarcastic fashion. I don't think Rik Rubin was doing it out of sarcasm. Anyway, there's great music in it. You do get to hear some incredible bass playing, and it's worth checking out. It's McCartney 321. It's on Disney Plus and Hulu. I've enjoyed it, but I just thought it could have been a bit better. What I'm actually looking forward to is Peter Jackson's Get Back documentary. That's going to be awesome.
DAVE BITTNER. There's a series of documentaries from, I don't know, probably a decade ago called Classic Albums.
GRAHAM CLULEY. Oh, yes.
DAVE BITTNER. And it's a similar sort of thing where they sit down at the mixing board with the artists and just go deconstruct how the songs were made. And they are fun. I do enjoy those. And so it sounds like this is along the same lines.
GRAHAM CLULEY. Along the same lines, but not as good, Dave. To be honest, Classic Albums is better.
DAVE BITTNER. So would you like to change your pick of the week to Classic Albums?
GRAHAM CLULEY. Yeah, I'm going to change it now to Classic Albums, which is a great documentary series.
DAVE BITTNER. You're going to have to figure out how to handle this in the show notes.
GRAHAM CLULEY. Dave, what's your pick of the week?
DAVE BITTNER. Well, when we were growing up, I don't know about you, but there was always that one kid in the neighborhood who just seemed to have the coolest swing set, or, you know, the boys down the street who had dirt bikes and go-karts, yeah, BB guns, you know, everything. They had all the Star Wars action figures and just like, they had everything. Right. Typically it was a group of boys. They also had permissive parents who would just let them run wild throughout the neighborhood. And so no one could compete with them. Well, my pick of the week this week is someone who is definitely out there trying to be the home in the neighborhood that no one can compete with. And this is a gentleman by the name of Sean LaRochelle.
CAROLE THERIAULT. Sean LaRochelle. Well, perfectly said.
DAVE BITTNER. Thank you, Carole. I was hoping that would pass your muster. He has built a backyard roller coaster called Little Thunder, which is inspired by Big Thunder Mountain at Disney World and Disneyland. All the Disney parks have their Big Thunder Mountains. And he and his family and friends have built a small-scale version of Big Thunder Mountain Railroad, and it is amazing. They have a YouTube ride-through of the ride.
GRAHAM CLULEY. Oh my goodness. I'm checking it out right now.
DAVE BITTNER. Yeah.
GRAHAM CLULEY. This is extraordinary.
CAROLE THERIAULT. I love that they have what looks like flamethrowers, which I'm really hoping are just LEDs and smoke machines.
DAVE BITTNER. Well, you never know.
GRAHAM CLULEY. So he's basically got a mountain with waterfalls and the like in his backyard.
DAVE BITTNER. Yep.
GRAHAM CLULEY. It's quite big and a roller coaster going round it as well.
DAVE BITTNER. Built a whole western village to go with it.
CAROLE THERIAULT. And lockdown is generous to some folk.
GRAHAM CLULEY. Yeah.
DAVE BITTNER. Well, that's the thing. This is— this was their COVID project. And what's even more amazing, this is not their first one. Right? He built a version of the Matterhorn, which is another Disneyland ride. That's the one with the Yeti where you go through the mountain. It's supposed to be like a bobsled run. They built a miniature version of the Matterhorn, tore that one down to have the room to build the Big Thunder Mountain.
GRAHAM CLULEY. Wow. Oh my goodness.
DAVE BITTNER. Yeah, isn't this amazing?
CAROLE THERIAULT. Yeah.
DAVE BITTNER. So I also included a link here that if you— if this is something you want to get into, but you don't have the time to really design your own, I have a link to a company who sells used full-size amusement rides. So full-size, full-size. So if you ever wanted to, it's amusement-rides.com website here. You'll see in the show notes there. I never really thought about the fact that sometimes Theme parks, they turn over their roller coasters and they just don't get scrapped and melted down for the metal. No, they get put on the used market. And so if you want a roller coaster, if you want a zipper, if you want a drop tower, this company has it all and you can buy them.
CAROLE THERIAULT. And what, I buy them and then what? Anyone can just come on and I put it together? Like, I presume it comes in parts.
DAVE BITTNER. Just put it in the back garden. Yeah.
GRAHAM CLULEY. Right.
DAVE BITTNER. Why not?
CAROLE THERIAULT. You know, the Oxford St. Giles' Fair is on right now.
DAVE BITTNER. Yeah.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. And that has rides. Yeah. I don't go on those rides either. Out of just fear. I just think, why would I go on something that's taken, you know, put up and taken down and traveling around from city to city?
DAVE BITTNER. No, that is a good point. My, yes, my wife and I have often looked at each other at the county fair and said, do we really want to put our children's life in the hands of people who are traveling from town to town?
GRAHAM CLULEY. Yeah.
DAVE BITTNER. I don't know, but, and yet we do. But yeah, there are, I mean, there are, you can get a Ferris wheel, you could get a carousel, but you could get a full-sized roller coaster that can carry 28 people at a time on this website.
CAROLE THERIAULT. This website could give the prices.
DAVE BITTNER. Well, if you have to ask, Carole.
CAROLE THERIAULT. I just wanna know how much does a double combo tower go for? Right.
DAVE BITTNER. I don't know. I don't know. But who knew there was a used market for that? Now we know.
CAROLE THERIAULT. We all do now. We all do now.
DAVE BITTNER. Right. And so the backyard Little Thunder Railroad and the amusement rides used market for full-size theme park rides combined, those are my pick of the week.
GRAHAM CLULEY. Terrific. And if any listeners have got an amusement park ride in their back garden, let us know. Send us the photographs, tweet us.
CAROLE THERIAULT. Yeah, send us a pic. Yeah, we'll make a whole show about it.
GRAHAM CLULEY. Right. Krow, what have you got for us?
CAROLE THERIAULT. Um, a Netflix series that dropped globally just a few weeks ago called Post Mortem: No One Dies in Skarnes.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Now, first, this is probably not for you, D-Dog, because I know that you're not a fan of the horror scary stuff.
DAVE BITTNER. Although I did start watching, based on your recommendation, I started watching What We Do in the Shadows.
CAROLE THERIAULT. Uh, good, right?
DAVE BITTNER. Very funny, very funny, very funny.
GRAHAM CLULEY. I, I saw a bit of that as well and it was quite fun. I particularly like the modern vampire who—
CAROLE THERIAULT. yeah, yes, yes, yes, yeah, totally. Okay, you might like this then. This might, this might be, this might be right up your alleys, guys. The show opens with Liv, okay, she's, I don't know, 20-something, being declared dead. Hours later, she wakes up on the forensic table just as the knife is about to cut her open. And she realizes that she's developed a dislike for food, but a yearning for blood. And the only funeral place in this small town is run by her brother, who is facing mounting debt to people's refusal to die as they used to. No one dies in Skarnes. That's probably why the name of the show is named this. Now, it is a bit spooky and a bit gross, but it's also very funny. Like, it's a perfect dark comedy. And I think one of the things that I loved most, and I don't know if this is the case, so I'd love for you to watch it, Dave, and tell me if in the States it's the same. But the dubbing, so I'm watching it, and I never do that. I normally watch in original language and read it. But for some reason, we were watching it dubbed. And in the UK, at least, it's bloody fantastic. Like, whoever chose the voice of actors. They're all UK voices from all around, but it's just a hat tip to them because there's really strong characters in the voices and they're just done with really great care.
GRAHAM CLULEY. They're beautiful. Are you sure it's dubbed? Because if this does come from— Yes. Because sometimes what they do is they refilm, don't they? They do every take in different languages. Yeah.
CAROLE THERIAULT. I think you need to watch it and you'll see that I'm pretty on point with that. Yeah. And the thing is, is the writing is excellent. The twists and turns that happen are seriously unexpected. Like, I normally go, "I think I've got it, I've got it, I've got it," but it's taken to about episode 5 to actually nail it down. And it's beautifully filmed, so just watch it. It's called Post Mortem: No One Dies in Skarnes, and it's beautiful in a very dark way. And you can find it on Netflix. Cool.
GRAHAM CLULEY. Fantastic. Sounds great. Well, a good and motley collection of picks of the week this week, which just about wrapped up the show for this week. Dave, I'm sure lots of our listeners would love to follow you online. What is the best way for folks to find out what you're up to?
DAVE BITTNER. On Twitter, I am @Bittner. That's B-I-T-T-N-E-R. And other than that, just go to thecyberwire.com.
GRAHAM CLULEY. And you can follow us on Twitter @SmashingSecurity, no G, Twitter must have a G. And we're also on Reddit in the Smashing Security subreddit. And don't forget, to ensure you never miss another episode, follow Smashing Security in your favorite podcast app. Go on, do it now.
CAROLE THERIAULT. And thanks to this week's episode sponsors, Privacy.com and 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 242 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye, bye-bye.
CAROLE THERIAULT. Hello peeps, it's Carole. So as some of you know, I am trying to make headway into art land and in learning When you're learning a skill, you don't make cash. In fact, you spend cash in order to better yourself at the skill. Plus, you have to devote hours and hours every day to get better. Thing is, I wouldn't be able to do it without you listeners, you sponsors, you Patreon supporters, and reviewers. Like Doodie Fish, who wrote this week: This is undoubtedly the best lighthearted entertaining podcast that covers cybersecurity, technology, and just about everything else. The hosts Graham and Carole are wonderfully team and have a brilliant rapport. The content is enjoyable and interesting. The guests are part of the family, new or revisiting. Certainly one to try. I listened to one episode recently and now I'm going through the entire back catalog. I love it. Keep it up, guys. 5 stars from dutyfish. So from the bottom of this little artist wannabe's heart, and on behalf of Graham, we thank you all for supporting the Smashing Security community, because you make a difference. Stay safe and see you next week.
GRAHAM CLULEY. Oh!
-- TRANSCRIPT ENDS --