This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. If my bare buttocks are protruding high up in the air because I'm up to some shenanigans in the back of a Tesla, I don't want some oily, horrible Tesla bloke.

---

CAROLE THERIAULT. But let's say that image gets uploaded to some kid who's working at Tesla.

---

GRAHAM CLULEY. Imagine the trauma it would cause them. I'm worried about them, not me.

---

CAROLE THERIAULT. If I got the image of your, you know, moon bouncing up and down the back backseat of a Tesla, having no idea it was you.

---

UNKNOWN. You'd know it was me. You'd know it was me. Smashing Security, Episode 318: Tesla Workers Spy on Drivers and Operation Foxhunt Scams with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 318. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And Carole, it's a bit lonely, isn't it, here in the studio today because, well, there's no one else here.

---

CAROLE THERIAULT. I'm not enough?

---

GRAHAM CLULEY. Well, just no guests this week. I mean, we did warn people in April we might not have as many guests. You're off on a top secret mission somewhere.

---

CAROLE THERIAULT. Yes, called R&R. Cannot wait. Cannot wait.

---

GRAHAM CLULEY. We're recording this episode a little bit earlier than usual, but lots of good stuff to come today.

---

CAROLE THERIAULT. Yes, as you will see. But before we kick off, let's thank this week's sponsors Bitwarden, Kolide, and Drata. It's their support that helps us give you this show for free. Now coming up in today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going on a fox hunt.

---

CAROLE THERIAULT. And I'm going to discuss, is it okay for employees to share certain types of information? All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chum, fox hunting. Have you ever been on a fox hunt?

---

CAROLE THERIAULT. What? I live in England. I have actually seen fox hunts on a number of different occasions. Not because I have chosen to go and watch these things, but because I have rented a house in the countryside and suddenly all these guys come tripping up on horses with lots of dogs.

---

GRAHAM CLULEY. Exactly.

---

CAROLE THERIAULT. Yeah, it's not cool.

---

GRAHAM CLULEY. It's not nice, is it? It's not very cool. To picture the scene, people who aren't aware of this, how we have fox hunts in the UK is you get a whole bunch of chinless toffs on horseback.

---

CAROLE THERIAULT. I don't think I'd call them that.

---

GRAHAM CLULEY. Okay, well, I would. They're engaging in an entirely fair fight between on one side, 20 hounds, and on the other, a wild fox scared out of its wits that it's going to be ripped to shreds. And yeah, anyway, they're on horses and it's unpleasant.

---

CAROLE THERIAULT. And they often have guns. Right? Just in case.

---

GRAHAM CLULEY. Machine guns? What sort of guns do they have? They don't have guns, do they?

---

CAROLE THERIAULT. Well, they used to. I don't know if they are allowed anymore, actually.

---

GRAHAM CLULEY. I wouldn't think that they— Maybe one person has a mallet in case the fox isn't completely killed by the— Anyway.

---

CAROLE THERIAULT. I'm looking it up.

---

GRAHAM CLULEY. They're not supposed to chase foxes anymore. It's supposed to be all done with scents and smells.

---

CAROLE THERIAULT. Yeah, it's illegal to hunt foxes with packs of dogs.

---

GRAHAM CLULEY. At the moment. But who knows when the government might change this. This because it's the sort of thing that they care a great deal about. Anyway, that's what we picture here in England. But to Chinese people, a fox hunt can mean something quite different.

---

CAROLE THERIAULT. OK.

---

GRAHAM CLULEY. Since 2014, Chinese authorities have been running what they describe as an anti-corruption operation around the world, and they have named it Operation Fox Hunt.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. And what this involves is Chinese agents who've been sent out into the rest of the world by Beijing, hunting down Chinese nationals who the Chinese authorities say have committed financial crimes or fled abroad with billions in public money, and their aim is to bring them back to China to face justice.

---

CAROLE THERIAULT. I imagine most governments do that. If someone got away with billions or millions, they may want to try and get them to face justice. Yeah, it makes sense to me.

---

GRAHAM CLULEY. Well, there is a little bit of controversy associated with Operation Fox Hunt.

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. So a couple of years ago, FBI Director Chris Wray, for instance, he was describing Operation Fox Hunt and he said it isn't actually about fighting corruption at all. He said instead what it is, is Beijing targeting Chinese nationals who are viewed as threats.

And of course, Chinese nationals who live outside China. So it's political rivals, dissidents, critics of China's human rights record are being targeted according to Wray.

And they're trying to force those people under the pretext of they've committed some kind of financial crime to come back to China, and who knows what might happen to them.

---

CAROLE THERIAULT. Hmm. I just would assume that if, say, there was someone who lived in Canada that the Chinese government was saying, hey, they've done all this awful stuff, the Canadian government would go, prove it, show us.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. You know, and discuss extradition based on what is shared. Not so much, you know, I don't know, if they have no information, just say, give us this guy.

I don't know why anyone would play.

---

GRAHAM CLULEY. Well, often this is occurring with the help of foreign governments and international law enforcement like Interpol, where the Chinese will come to them and say, look, we need this person, they've committed this crime, we need you to issue an arrest warrant and bring them back. That's one way in which it can occur.

But of course, is that information delivered by the Chinese authorities, is that legitimate or not, is one of the questions. Or is it being made up in order to bring people of interest back to Chinese soil?

According to FBI Director Wray, when the Chinese aren't able to locate some individuals, they can actually go round to their families' homes in the United States and give them a message to pass on. So, this is one of the messages which Chris Wray said the Chinese were passing on, which is that, oh, your dad, yeah, your dad, he's got two options.

He can either return to China right now, or he can commit suicide. Which isn't—

---

CAROLE THERIAULT. What?

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. So they're able to, this is a face-to-face interaction?

---

GRAHAM CLULEY. Face-to-face. They show up on your door or on your family's door and begin to threaten you, surveil you, stalk you.

And people are saying that they've been coerced into leaving the United States and other countries around the world and go back to China. And there's a great deal of pressure being put on people to do this.

And furthermore, if you have any family members who are back home in China, it's been claimed that there's been a lot of pressure being put back on them. Some cases they've been arrested in order to create leverage for you to return to China.

And it sounds, I mean, it's not very jolly really. It sounds about—

---

CAROLE THERIAULT. Yeah, I'm trying to come up with something funny to say here.

---

GRAHAM CLULEY. Yeah. Yeah, it's pretty serious.

So it sounds a bit like a visit from the heavies or the mob or some sort of organized crime syndicate, doesn't it, rather than the police?

---

CAROLE THERIAULT. And also that your loved ones are being, you know, threatened, victimized, you know, incarcerated.

---

GRAHAM CLULEY. Hundreds, if not thousands of people are said to have been repatriated back to China as part of Operation Fox Hunt. And often with the help of foreign governments.

Now, what's happened now is the FBI has issued a warning. So this has been known about for some years and people like Obama and others have said, you know, this is outrageous what's going on. You know, there are some people maybe are being brought back legitimately who may have committed some sort of corruption, but maybe there's not sufficient evidence, or maybe they're sort of stretching things too far.

The FBI has just issued a warning related to Operation Fox Hunt, and that's why I'm talking about it today. According to the FBI, there are now criminals who are posing as Chinese law enforcement officials in the United States.

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. And what they're trying to do is they're trying to defraud members of the US-based Chinese community.

---

CAROLE THERIAULT. Pretending.

---

GRAHAM CLULEY. Pretending they are part of Operation Fox Hunt. They are saying, "Oi, you're suspected of committing these crimes. We're going to duff you up or arrest you or take you back to China unless you pay up."

So give us some money and we'll go away, but otherwise we're going to take you back to Beijing.

---

CAROLE THERIAULT. Holy shit, right? The risk is that you have to go back or they tell the Chinese authorities where you are and what you're doing.

---

GRAHAM CLULEY. Maybe they could do that, but maybe you're not on the list anyway of people who are actually of interest.

---

CAROLE THERIAULT. So they're just targeting anybody who is US-based Chinese community. That's the—

---

GRAHAM CLULEY. They certainly could, couldn't they? Because people might think, well, I haven't done anything wrong, but they read so many stories about others.

These criminals who are posing as members of the Chinese authorities are often phoning up their victims using spoofed numbers to appear as though they come from the Chinese ministry or a US-based Chinese consulate as well. They're showing their victims fraudulent documents as proof of the accusations.

---

CAROLE THERIAULT. Thanks, ChatGPT.

---

GRAHAM CLULEY. Yeah, realistic-looking arrest warrants. Thank you very much, Photoshop.

And intricate details about the lead schemes. And of course, they will show basic knowledge of their victims to appear more legitimate. Oh yeah, say, oh yeah, we know about Uncle Frank. You know, whatever they've managed to pick up from social media as well.

---

CAROLE THERIAULT. Oh my God.

---

GRAHAM CLULEY. So people are obviously petrified.

---

CAROLE THERIAULT. Right, yeah.

---

GRAHAM CLULEY. Because, 'Whoa, if I resist, what's going to happen to me?

---

CAROLE THERIAULT. I don't want to go back to China because it's a fairly serious charge.' This is a little different from, you know, being on the Ashley Madison leak list.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. So one of the thoughts I actually had is, who are the people who are actually committing this crime? Who are the people who are going around contacting members of the Chinese community pretending to be investigators for China, rounding up criminals?

And I thought, well—

---

CAROLE THERIAULT. Good question, yeah.

---

GRAHAM CLULEY. Surely one group of people who have to be considered as possible suspects could be the actual Chinese agents. Because the actual Chinese agents would have a list of these are the people we want to bring back to China.

They could show up on their door because they presumably have got the means to find out where these people live in some cases. And say to them, well, look, pay up, otherwise we really will be taking you back to Beijing.

---

CAROLE THERIAULT. Oh, so they're just making a little extra. They're just padding their—

---

GRAHAM CLULEY. Well, maybe.

---

CAROLE THERIAULT. Pretty risky considering the Chinese government may not look very kindly on that should they get caught out.

---

GRAHAM CLULEY. Well, exactly, because you are actually defrauding then Beijing, aren't you? Because you're getting paid to bring people in and then you're trying to skimp the money. It's a dangerous game to play.

---

CAROLE THERIAULT. You're skimming the money and not dobbing them in.

---

GRAHAM CLULEY. Right?

---

CAROLE THERIAULT. Presumably, because you'd want to hit them up again saying, you know, this is an annual donation you're making.

---

GRAHAM CLULEY. Right. Yeah, this is your protection fee.

It's a little bit like being a crooked cop who might know who the local drug dealers are and saying, well, you know, I'm not going to bring you down to the station, but, you know, can you give me some of your proceeds?

---

CAROLE THERIAULT. This is so outrageous.

---

GRAHAM CLULEY. Pretty terrifying stuff. So the FBI has some advice you'll be pleased to hear.

So, if you believe that you've been contacted by individuals claiming to be a Chinese authority, they say contact your local FBI field office instead. Don't just trust them, obviously.

Whether they're a criminal or whether they are legitimate Chinese investigators, speak to the FBI because foreign government officials who are conducting legitimate investigations in the United States have to act in coordination with the US federal authorities. So call the FBI.

What I'd suggest you don't do is don't call your local Chinese consulate, because just in case you are in the list and they say, oh, oh, thank you for this report, where, where exactly are you calling from today? Where, where, where you— because you might get— you might find yourself on the next slow boat to China.

---

CAROLE THERIAULT. Yeah, I think that advice is great if you're legal. Right?

And if everything's tickety-boo with your residency in country of choice, yeah, this is a real pickle, man.

---

GRAHAM CLULEY. Now, Carole, you are originally a Canadian.

---

CAROLE THERIAULT. Still am, through and through.

---

GRAHAM CLULEY. And now you're a British citizen as well, aren't you? You went through the whole process.

Do you ever worry that a, you know, member of the Mounted Police Force may show up on his moose?

---

CAROLE THERIAULT. One could only hope. I did meet a man of police once.

I think you were there, and I wound like a weirdo. I just, yeah, it was ridiculous.

---

GRAHAM CLULEY. Crow, what have you got for us this week?

---

CAROLE THERIAULT. Ah, well, we are talking Tesla. On April 6th, Reuters issued a special report about Tesla, right?

This is the company famously co-founded by that idiot savant Elon Musk. And the story thankfully does not revolve around Elon, but more about his staff, who according to plaintiffs, severely jeopardized the privacy of their customers, Tesla car owners.

And this has all to do with Tesla cars and their cameras. So I first decided to go check out, I don't own a Tesla, right?

So I went to the Tesla website to just see how many cameras there are on the car. And there's quite a few.

---

GRAHAM CLULEY. Hang on, these are cameras on the inside of the car? Are they?

---

CAROLE THERIAULT. And on the outside, yes.

---

GRAHAM CLULEY. Okay.

---

CAROLE THERIAULT. So you've got cameras on the outside of the car. There's one mounted above the rear license plate.

There's a camera mounted in each door pillar. And there's a camera mounted on each front fender.

A lot of cameras on the outside of the car. And there's 3 cameras mounted on the windshield above the rearview mirror.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. And the point of these is to help you with lane assist, collision avoidance assist, speed assist. There's also the cabin camera, which is available, and this helps alert the driver in case they're not paying enough attention, right?

It might provide you an audible alert to remind you to keep your eyes on the road and stop looking at your Tinder account or something.

---

GRAHAM CLULEY. Because Teslas, I mean, the eventual aim, and maybe some Teslas already do this, they drive themselves, or that's what they're all working on. So I suppose there's something to say, you know, occasionally maybe, 'Pay some attention to what's going on.

Stop reading a book. Stop playing Scrabble.' Right.

---

CAROLE THERIAULT. And I mean, the whole point is to grab the images around that perhaps maybe it can't understand, right? So maybe, maybe the car has no idea what that is in front of it.

And so it sends it back to base to get some information, right?

---

GRAHAM CLULEY. Yeah. Yeah. Yeah.

Makes sense.

---

CAROLE THERIAULT. You know, it's a learning model. So here's a statement I've just put in the show notes.

Maybe you can read it for us. This is a statement from Tesla explaining how these images and videos that they collect work.

---

GRAHAM CLULEY. Okay, so it says, by default, images and video from the camera do not leave the vehicle itself and are not transmitted to anyone, including Tesla, unless you enable data sharing. If you enable data sharing and a safety-critical event occurs, such as a collision— I love that, safety-critical event.

---

CAROLE THERIAULT. Crash, bang, boom.

---

GRAHAM CLULEY. Yeah. The Model 3 shares short cabin camera video clips with Tesla to help us develop future safety enhancements and continuously improve the intelligence of features that rely on the cabin camera.

---

CAROLE THERIAULT. Sounds pretty legit, right? So these cameras are there for our protection if we're a Tesla driver, to improve services diagnostics, right?

And I checked out its privacy notice and it opens its privacy notice with, "Your privacy is and will always be enormously important to us." And it also says in it, "Even if you choose to opt in," and this is to data sharing, "unless we receive the data as a result of a safety event," you know, vehicle collision, airbag deployment, "camera recordings remain anonymous and are not linked to you or your vehicle." Right. Okay?

---

GRAHAM CLULEY. Right, yes.

---

CAROLE THERIAULT. So we got a lot of, you know, privacy is really important to you and us messaging. Here to assuage people's fears that they might be being watched.

---

GRAHAM CLULEY. Yeah, and you have to enable data sharing. So you have to opt into this from the sound of things.

---

CAROLE THERIAULT. Yes, but I think in this situation, I would be more compelled to opt into this kind of data sharing because it's a freaking car and I could die if it didn't understand something. And we all know it's crowdsourced in that way.

So I don't know. And yet, Graham, and yet, and yet, and yet, between 2019 and 2022, according to interviews by Reuters with 9 former employees, groups of Tesla employees used internal messaging systems to share videos and images recorded by customer car cameras.

---

GRAHAM CLULEY. This is the Roomba thing all over again. Do you remember when the—

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Yes. When the vacuum cleaners—

---

CAROLE THERIAULT. Maybe that's what set it off. Maybe Tesla were like, oh, we could do that too.

---

GRAHAM CLULEY. They took videos of people on the loo and stuff like that. And there were Roomba employees who were having a good old laugh about that.

So Tesla workers are doing this as well. Great.

---

CAROLE THERIAULT. Well, not all Tesla workers, right?

---

GRAHAM CLULEY. Presumably they're not sitting on the loo inside the Tesla either. I mean, God, I hope not.

That would cause an accident.

---

CAROLE THERIAULT. Two former employees said that in their normal work duties, they were sometimes asked to view images of customers in and around their homes, including inside their garages. One person recalled seeing embarrassing objects such as certain pieces of laundry, certain sexual wellness items, which I love that word. This is a quote.

---

GRAHAM CLULEY. So I'm just— so hang on. It sounds like they are collecting video footage and pictures even when the vehicle isn't moving. So if it's in a, for instance, in a garage, it's not moving.

---

CAROLE THERIAULT. If you—

---

GRAHAM CLULEY. If I were in a lay-by with my partner and, you know, I mean, this wouldn't happen to me, obviously, because I'm of a certain age. But if I were a young man and I thought, oh, maybe we could just have a little a little, you know, a little chat, a little fumble around on the back seat. Could that potentially be uploaded? Yes.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Oh no.

---

CAROLE THERIAULT. Especially if your car is plugged in, right? And getting battery charging, as you get your batteries recharged in the back seat. So it—

---

GRAHAM CLULEY. I'd be lucky to be plugged in.

---

CAROLE THERIAULT. But anyway, yes. With the less sensationalist stuff, some of these employees at Tesla would create memes and post them to the internal messaging system in order to get kudos from other employees. Some said basically those that were considered funny and getting high fives around the coffee machine afterwards saying, "Oh, that was a really funny one," tended to get promoted.

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. Because they got popular. They were funny. They were liked. They're a bunch of 20 and 30-year-olds, right? A lot of them have to basically look at images all day and explain in a database, this is what it is to teach the algorithm. There's still some manual processes through that. So I can imagine it could be a mundane task.

---

GRAHAM CLULEY. And we do know that the boss of Tesla, Elon Musk, he loves a meme, doesn't he? He loves posting up juvenile—

---

CAROLE THERIAULT. Yeah, I'm not convinced that he wouldn't have a chuckle at these things, right? Of course. But then there was one clip of someone being dragged into a car seemingly against their will. An ex-employee told Reuters, one ex-employee described a video of a man approaching the vehicle completely in the nude.

---

GRAHAM CLULEY. Oof.

---

CAROLE THERIAULT. And there's crash and road rage incidents. So one crash video in 2021 showed a Tesla driving at high speed in a residential area, hitting a child riding a bike, according to an employee. The child flew in one direction, the bike in the other. The video spread around the Tesla office in San Mateo, California, via private one-to-one chats like wildfire, the employee told Reuters.

---

GRAHAM CLULEY. It sounds like sharing a snuff movie or something. How unpleasant. Who'd want to see a crash?

---

CAROLE THERIAULT. Yeah, no, no, it's crazy stuff. And about 3 years ago, some employees stumbled upon and shared a video of a unique submersible vehicle parked inside a garage. And this is according to two ex-employees who viewed it. Nicknamed Wet Nelly, the White Lotus Esprit sub had been featured in the 1977 James Bond film The Spy Who Loved Me. Who owned this car?

---

GRAHAM CLULEY. I'm going to think it would have to be someone with a lot of disposable income.

---

CAROLE THERIAULT. About $968,000.

---

GRAHAM CLULEY. Who also owns a Tesla. I wonder who would be very rich to buy such a piece of movie memorabilia. Hmm. Who could that be?

---

CAROLE THERIAULT. Tesla Chief Executive Elon Musk bought it at auction in 2013. It's not clear that Musk was aware of the video that had been shared. So maybe even he is not safe from his employees.

So okay, so how do you feel about this? I know there's something distasteful here, right? But I'm going to argue for the other side for, you know, for our listeners' interest's sake, right? These are employees who work at hip and cool Tesla office where memes are cool. Most of them are 20 to 30 years old doing mundane work like labelling images to improve the car's understanding of what is around them and you land upon something unusual, like maybe it's scary, hilarious, salacious, and you share it. You kind of nudge your employee next to you, "Hey, check this out, check this out." It's not like the information went outside the company, right?

---

GRAHAM CLULEY. If my bare buttocks are protruding high up in the air because I'm up to some shenanigans in the back of a Tesla, I don't want some oily, horrible Tesla bloke.

---

CAROLE THERIAULT. Sure, I completely understand that. But let's say, because you had the data sharing that you did, or there was a fault or whatever, that image gets uploaded to some kid who's working at Tesla.

---

GRAHAM CLULEY. Imagine the trauma it would cause them. I'm worried about them, not me.

---

CAROLE THERIAULT. If I got the image of your, you know, moon bouncing up and down the back seat of a Tesla, okay. Having no idea it was you.

---

GRAHAM CLULEY. You'd know it was me. You'd know it was me.

---

CAROLE THERIAULT. Would I nudge someone next door and go "check this out"? I probably would. And that's what these guys have done. And it's seriously bad. So it's very good that I don't work in a very serious job like this, right?

---

GRAHAM CLULEY. Yes. Very, very good. You'd be an awful employee.

---

CAROLE THERIAULT. Well, yes. And also Tesla is now facing a lawsuit because of this.

---

GRAHAM CLULEY. Of course. Of course it is.

---

CAROLE THERIAULT. So last week, plaintiff Henry Yeh, a California resident who owns a Model Y, sued Tesla on behalf of himself and all the other people in the US who owned at least a Tesla any time in the past four years. He says, quote: "Tesla captures recordings of people vulnerable on their own property, in their own garages, and even in their own homes, including at least one instance where Tesla cameras were captured a video of a man naked in his home. Tesla has also captured and disseminated videos and images of customers' pets and even their children, a group that society has long recognised as vulnerable to exploitation and manipulation. Parents' interest in their child's privacy is one of the most fundamental liberty interests society recognises."

So yet this is a serious sticky pickle for this idiot savant, Musky Musk, to crawl out of. I know, at least you can run on Twitter, right?

---

GRAHAM CLULEY. There's a bit—

---

CAROLE THERIAULT. Keep his pecker up. There's what?

---

GRAHAM CLULEY. There's a bit of me which thinks bloody Americans suing everyone left, right, and centre and trying to make a million bucks out of—yeah, this company's stupidity. But then I think well, no, why shouldn't he? Because what the bloody hell are Tesla doing allowing their employees to do this and act in this inappropriate way?

---

CAROLE THERIAULT. But to your point earlier, if you spent gazillions on one of these new flashy, flash, flash cars and all over their website is privacy is important, privacy number one, privacy, privacy, and then you hear about this. Yeah, you'd be pissed. I'd want my money back. So I understand.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. I wonder if Elon wants his money back from buying that James Bond submarine car.

---

CAROLE THERIAULT. He might want to sell it just to help prop Twitter up.

---

GRAHAM CLULEY. Twitter up? Twitter up? It's not that kind of show.

---

CAROLE THERIAULT. No, definitely not.

---

GRAHAM CLULEY. Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it. With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work.

And with a new open API and plenty of customization, you can build your program your way. With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2.

Countless security professionals from companies like Notion, Lemonade, and BambooHR have shared how crucial it's been to have Drata as their trusted compliance partner. So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata.

That's smashingsecurity.com/drata.

---

CAROLE THERIAULT. Our sponsor Kolide has some big news. If you're an Okta user, then you can get your entire fleet to 100% compliance.

---

GRAHAM CLULEY. How?

---

CAROLE THERIAULT. If a device isn't compliant, the user can't log into your cloud apps until they fix the problem. It's that simple.

Kolide patches one of the major holes in zero-trust architecture: device compliance. Without Kolide, IT struggles to solve basic problems keeping everyone's OS and browser up to date.

Insecure devices are logging into your company's apps, but there's nothing there to stop them. Kolide is the only device trust solution that enforces compliance as part of authentication, and it's built to work seamlessly with Okta.

The moment Kolide's agents detect a problem, it alerts the user and gives them instructions to fix it. If they don't fix the problem within a set time, they're blocked.

Kolide's method means fewer support tickets, less frustration, and most importantly, 100% fleet compliance. Wanna learn more?

Of course you do. Visit kolide.com/smashing.

That's kolide.com/smashing. And thanks to Kolide for sponsoring the show.

---

GRAHAM CLULEY. Our friends at Bitwarden have been busy this month adding some fab new features to their open-source password management solution. Now, did you know that you can log into Bitwarden using a secondary device instead of your master password?

Well, now you do. Logging in with a device is a passwordless approach to authentication.

It removes the need to enter your master password by sending authentication requests to other devices you're currently logged into for approval. With Login for Device, it can be initiated on the Web Vault, browser extension, desktop app, mobile app, and you can approve access on your mobile and desktop app version of Bitwarden.

Very, very cool. And the Bitwarden team has hardened the security of its vaults, protecting new vaults with 600,000 iterations by default.

And of course, existing accounts can also update themselves to the same level. These and many other great security features are incorporated all the time into Bitwarden, keeping your passwords secure from hackers.

Learn more, try Bitwarden for yourself at bitwarden.com/smashing. That's bitwarden.com/smashing.

And welcome back. Can you join us at our favorite part of the show, the part of the show that we to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they.

Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my pick of the week this week is not security related. It is musical. Musical? It's musical and videographical. It's visual as well. So that's the word I'm looking for. It's both musical and visual. It comes to you in the form of a YouTube channel. And this YouTube channel is called the Device Orchestra.

Have you heard of Device Orchestra? There is a guy out there who plays music covers, but not using musical instruments. He uses electric toothbrushes, credit card machines, typewriters, all kinds of gizmos which go. He's given them googly eyes. Some have got wigs and pipe cleaner arms.

---

CAROLE THERIAULT. I was just listening to Wannabe.

---

GRAHAM CLULEY. Some of them are pretty good. So maybe we can check out a little bit. Here's that Deep Purple song, Smoke on the Water, as played on two electric toothbrushes and a steam iron.

---

CAROLE THERIAULT. Oh my God, it's so beautiful.

---

GRAHAM CLULEY. It is beautiful. The creations remind me a little bit of some of your cartoons, actually, Kryll.

---

CAROLE THERIAULT. Oh, look at the iron.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Oh, I might have to leave my husband. Is this a man?

---

GRAHAM CLULEY. Is he available?

---

CAROLE THERIAULT. I don't even mind. I'm into women too.

---

GRAHAM CLULEY. Anyway, so there are scores of these videos covering different songs and Thom Langford, I hope you're listening.

---

CAROLE THERIAULT. Check it out. This is right up his alley.

---

GRAHAM CLULEY. There's lots of songs. Eye of the Tiger.

---

CAROLE THERIAULT. Total Eclipse of the Heart. Hello from Lionel Richie.

---

GRAHAM CLULEY. Oh, now you're pulling out the big guns. Don't know about those, but you can make requests.

---

CAROLE THERIAULT. Yeah, I've just made them on air, live. Okay.

---

GRAHAM CLULEY. Anyway, my recommendation, I think you'll probably also find him on Instagram and other places as well, but the main place to go is YouTube. YouTube and check out Device Orchestra. And very entertaining and creative it is too. And that is why it is my pick of the week.

---

CAROLE THERIAULT. Brilliant.

---

GRAHAM CLULEY. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Graham, I just want to pat you on the back for that one. That's an excellent one.

---

GRAHAM CLULEY. Oh, thank you very much.

---

CAROLE THERIAULT. Yeah, that's very good.

---

GRAHAM CLULEY. Are you saying that because you want me to be appreciative of whatever your pick of the week is?

---

CAROLE THERIAULT. No, I don't need you at all for mine.

---

GRAHAM CLULEY. No?

---

CAROLE THERIAULT. You can just stay.

---

GRAHAM CLULEY. All right.

---

CAROLE THERIAULT. I'm okay.

---

GRAHAM CLULEY. Fuck you.

---

CAROLE THERIAULT. I'm very confident in mine.

---

GRAHAM CLULEY. Fine.

---

CAROLE THERIAULT. I have a fresh and fun romantic comedy, which I'm not normally into, right? It's a TV series. It's called Colin the Accountant. It's an Aussie comedy. And it starts off with a car accident and an injured dog, which bring our two protagonists, Ashley, a student doctor, and Gordon, a microbrewery owner together.

---

GRAHAM CLULEY. So did you say brewery? I wasn't quite sure.

---

CAROLE THERIAULT. How do you say— how do you say it? Brewery. And I watched the first episode and I was like, okay, I got it, right? Yeah, yeah, yeah. Cute, cute, meet cute. But then there's extra reveals in store. The characters get complex and a little not perfectly— you know what I mean? They're not cookie cutouts. They've got some dark patches as well. There's one character that has a big poo at the other's house when they're both only to discover that the water has been turned off.

---

GRAHAM CLULEY. We've all been there.

---

CAROLE THERIAULT. What do you do now? Right? I'm actually going to use that. I'm going to use that in my next Ticky Pickle, I think, literally.

Now, Colin the Accountant has a similar flair to When Harry Met Sally, Catastrophe. Right? Like smart, smart, comedic, meet cute. And it's like, "Will they, won't they?" A pull between the characters. I think you'd love it, Graham.

---

GRAHAM CLULEY. And I think it's— It is on my radar because I have already seen the trailer. And I read, I think it's on The Guardian website, they did a little review of it, and they raved about it and said how wonderful it was.

You read that as well, did you?

---

CAROLE THERIAULT. I saw it today because I was just checking to see, to make sure that I wasn't alone. Because I'm happy to be alone. I'm happy to present that and say, "Everyone bitched about it. I loved it." Happy to do that.

But I just wanted to know. But it seems as though it's a crowd pleaser.

---

GRAHAM CLULEY. It does. It does. So I definitely do want to check it out sometime.

And it sounded quite amusing how the show starts.

---

CAROLE THERIAULT. Yeah, because I'd had guests in the house for the last week. And last night was the first night where me and the hubs were on our own.

And he'd sourced this show. And it was very cute to have a little kind of R&R time.

---

GRAHAM CLULEY. Oh, I thought you were going to say you got in the back of a Tesla.

---

CAROLE THERIAULT. We didn't exactly Netflix and chill, but you know, put a smile on her face, the show.

---

GRAHAM CLULEY. Is that because it's on Amazon Prime rather than Netflix?

---

CAROLE THERIAULT. There are no real accountants, okay? But I'll just say that the actor who plays Colin the accountant works like a dog to deliver a paw-fect performance.

Quote The Guardian. It's streaming on Binge. Yeah, streaming on Binge, which is an Aussie streaming platform, and it has just been released on Amazon Prime. So enjoy Colin the Accountant.

---

GRAHAM CLULEY. Well, that sounds quite fun. Thank you for the recommendation, Carole.

---

CAROLE THERIAULT. You're very welcome.

---

GRAHAM CLULEY. And that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't allow us to have a G.

We also have an account on Mastodon. Look for Smashing Security up there. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts and Spotify.

---

CAROLE THERIAULT. And massive shout out to this episode's sponsors, Bitwarden, Kolide, and Drata, and to our wonderful Patreon community. It's thanks to them all that this show is free.

For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 317 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye.

---

CAROLE THERIAULT. Bye. I'll see you on the other side of a holiday.

---

GRAHAM CLULEY. Yeah, have fun.

---

CAROLE THERIAULT. Bloody hope so. It's gonna be hot. It's gonna be hot.

I gotta get and find my summer clothing. Jesus. Gotta go.

---

GRAHAM CLULEY. Bye.

-- TRANSCRIPT ENDS --