Someone is collecting your personal data right now. Maybe it’s a government agency, maybe it’s a hacker. But most likely, it’s some corporation trying to sell you something. That’s why a lot of people are starting to get into privacy and security.
There’s no better place to turn for privacy and security tips than Carey Parker, creator of Firewalls Don’t Stop Dragons. In this episode, he provides some practical tips for everyone to use and we talk about how marketers can succeed in a more privacy-focused world.
Check out the Weird Marketing Tales website if you haven’t already. If you want to follow Weird Marketing Tales on social media, go to @WeirdMarketing on Facebook, YouTube, and LinkedIn. Go to @WeirdMarketers on Twitter, Instagram, and TikTok.
0:00 Why Firewalls Don’t Stop Dragons (Carey Parker, Privacy & Security)
0:48 What is Firewalls Don’t Stop Dragons?
2:18 Edward Snowden & The Origins of Firewalls
6:03 How privacy has taken on a new importance with the Dobbs decision
8:31 How privacy and security matters for free speech and protests
9:51 Privacy and getting watched by advertisements
14:04 Are privacy-invading ads really the future?
17:38 Security Tip #1: Backup your data
20:23 Security Tip #2: Use a password manager and two-factor authentication.
23:07 Security Tip #3: Update your software.
25:16 Security Tip #4: Uninstall programs, apps, and extensions you don’t need.
26:33 Does it make sense to use VPNs?
30:52 Incognito Browsing vs. Tor
33:00 Emerging trends in privacy and security
36:34 A shift away from blaming users for privacy issues
38:33 Apple’s unique position on privacy and security
41:22 What marketers should do about privacy and security changes
43:40 What Carey wished he knew when starting Firewalls Don’t Stop Dragons
Brandon Rollins: And just as a fun fact for listeners, you actually used a dummy email address when signing up on my Calendly for the show.
Carey Parker: I did.
Yeah! You did, because you’re like, you don’t know what Calendly is gonna do with your email.
Exactly it wasn’t you, I didn’t trust it was Calendly!
Brandon Rollins: I get it. I’m not offended… I’m slightly offended.
My name is Brandon Rollins, and this is the Weird Marketing Tales Podcast.
On this podcast, I interview small business owners, entrepreneurs, and creatives who are doing things that you probably didn’t know that you could do. And today on the show, I have invited a guest I’ve wanted to talk to on a recording for a little while now.
And that is Carey Parker who created the blog, book, and podcast, “Firewalls Don’t Stop Dragons.”
Carey. How’s it going?
Carey Parker: Really good, Brandon! Thanks for having me on.
Brandon Rollins: Yeah, absolutely.
So how’d you get into privacy and security?
What is Firewalls Don’t Stop Dragons?
Carey Parker: I was a software engineer for many years. I retired early, a couple of years ago, but, I have always, on the side, kind of been interested in security and privacy before I even really understood that those were different things. And I always wanted to write a book.
So I ended up writing this book on security and privacy, basically for dummies, but as you well know “For Dummies” has been taken. So, so I had to come up with a clever name and uh, I like to use a lot of analogies, you know, when I explain technical topics to non-technical people. I like to use a lot of analogies.
And one of the central analogies of the book is that cyber security, defending your computer and your technical stuff, your digital life, is kind of like protecting a medieval castle. Different places within the castle that have different protections. You’ve got defense and depth and so forth.
And so, anyway, so that was one of the central analogies and to take that analogy to its extreme, the dragon in the castle analogy is sort of like the NSA, or maybe cybercrime groups, some opponent, some adversary with a lot of money, a lot of time, and they’re specifically targeting you.
And in that case, you’re pretty much screwed. So my, the kinda the whole point of the book and the whole point of the name, was don’t bother trying to defeat the dragon. You’re gonna go broke trying to do it. It may not work anyway, honestly doing those kind of crazy, like over-the-top security protections often draw the attention of the dragon, which you didn’t wanna do in the first place.
And then their, their other option is to live in a cave, which is no fun either. So anyway, that’s a long way of saying that is where the funny name came from. And that is what I do. And that is where that title came from.
Edward Snowden & The Origins of Firewalls
Brandon Rollins: And so remind me, how long have you been doing the blog in the podcast?
Carey Parker: So the book came out when Edward Snowden released his bombshell reporting on what was going on in the mass surveillance that was happening in the United States, warrantless mass surveillance. That’s really what kind of woke me up. I was never a black helicopter or tin foil hat kind of guy.
And so when that actually came out and it was like, “oh my God, it’s that’s actually happening.” Like you, you might think, “yeah, maybe it’s happening” and then you’re just paranoid. No, it was actually happening. So that was kind of what tripped me into thinking about this. And then I’d always, I always wanted to write a book, so I thought, “okay, let’s do those things together” because as, you know, as uh, I’ve got a big family and as the IT guy in the family, everybody knows that carries a software engineer.
“Hey, what antivirus should I be using, Or, you know, “my computer’s running slow. Do I have a virus?” You know, What can I do to protect myself” and so on and so forth. So like, why don’t I just put all of that in a book and then I could say “”here. And so it started off with the book and that was probably 2014, I think, is maybe when the first edition of the book came out.
It’s in its fourth edition now. And I’m actually working on the fifth edition, which would be out shortly. And then somebody invited me on their podcast. They had a cybersecurity show and they brought me on their podcast. And, then they brought me back and after two visits, the guy reached out to me and said, ” hey, I’m quitting my podcast. I gotta move on. Would you like to take over for me?”
and, the reason he needed someone to take over is because he was actually part of this network of podcasts and you have to pay to be on this network and you have to also find your replacement if you leave, so I said, “okay.”
So, you know, I’d never done a podcast before.
I’d never thought about doing it. And so that was maybe a year, a year or two later. So the podcast started then. I’m now on my 290th episode almost, by the time this comes out almost 300. So yeah, so I’ve been doing both of those for quite a while. And along the way, I’ve got a blog in a newsletter too. And then I retired. So then I could focus on this as of a couple years ago, I retired and did my side hustle’s become my main thing.
Brandon Rollins: Yeah. See, that’s really cool. And your timeline, you said something about 2014. I think it… Snowden was in 2013.
Carey Parker: Yeah, 2013. So it took me a year to write the book.
Brandon Rollins: Yeah, I mean, a year’s actually pretty quick to turn around a book when you come, when you stop and think about it, I’ve seen publishers or authors go through the whole publication process.
Man, 2013, I didn’t really understand what happened when it did. I was still in college at the time. And it is only after years that have actually really understood the kind of information that was collected, which if memory serves was primarily metadata, which I guess for like the, uh, people without a technical background, it’s the data about the data, that you have on your phone or on your computer, that kind of stuff.
So for example, it would be like call logs from Verizon. It can’t tell you what you said on the phone. That’s not the kind of data that’s collected, you can get a lot from just seeing what phone numbers you called and how long you were talking to him.
Carey Parker: Absolutely.
Brandon Rollins: It’s such a complicated technical kind of distinction to make that, I think, still to this day not a lot of people understand it. But for the people who were already predisposed to understand techy things, especially in the years of followed, as we understood more. It was kind of an eye opener for a lot of people.
Carey Parker: Well, I think, looking back, I wish there was more of a response than there was, I thought, for sure, that everybody else would be as upset as I was. And I think maybe people were, maybe shocked by it, but I didn’t see a lot of people changing their behaviors. I didn’t see, you know, I expected a lot more crackdown even from the government on this.
And there was some, and a lot more pushback, but it just really seemed to have been, I think, maybe it was still too esoteric. I think that a lot of people still kind of were under this impression of, “I am boring. I have nothing to hide. If that’s what it takes to keep me safe and secure, then you know, then so be it.”
How privacy has taken on a new importance with the Dobbs decision
Carey Parker: And I think certainly, even just this year, with the Dobbs decision, and Roe v. Wade being overturned, regardless of how you feel about that particular decision it’s brought into stark relief, how important metadata is like your location.
For example, like, all cars today have cellular radios in them, even if you’re not paying for the service they’re built in. And the, cars are collecting telemetry all the time. Meaning that even if you don’t have your phone with you, if you’re trying to go off the grid and you want to take someone across straight state lines, or just not be tracked, you’re still being tracked because your car is still reporting its location constantly.
Even if you’re not, subscribing to their Wi-Fi hotspotting service in your car or Sirius radio or any of those kind of things, your car could still be tracking you. And so metadata is crucial and location in particular. I saw a study that said, if you can get four data points on someone’s location, you can identify them within almost like 95% accuracy.
For example, if I know where you are at 3:00 AM, that’s probably your home. If I know where you are at 2:00 PM on a Wednesday, that’s probably where you work. If I see that you went to a certain church on Sunday mornings, that will tell me a lot about you. If I know in the morning that you in the afternoon, you always go to, particular school that tells me where you take your kids, just a couple data points like that would quickly winnow down, like how many people would share those same three or four locations, very few.
Yeah, metadata is extremely important. The EFF, the (Electronic Frontier Foundation), which is a fantastic organization had a thing about this, where they said. “Okay, so I know that you called your doctor, the gynecologist, then I know at 2:00 PM, then I know, 10 minutes later you called Planned Parenthood, but I don’t know what you talked about.”
Brandon Rollins: And that’s the kind of thing. I think a lot of Americans are thinking about that right now, particularly in places where that decision changed the laws that were currently in place. Cause it’s like a, it’s a big dramatic, important thing that’s happened. And now all of a sudden people are seeing in real time, meaningful applications of privacy and security law.
Carey Parker: Yeah.
Brandon Rollins: I’m glad that you brought that up, cuz I was just thinking about like, how do I even approach this, um, just really heavy subject. I think it is actually pushing more and more people to pay attention to privacy and security right now that in, in a way that they weren’t even at the beginning of the year.
How privacy and security matters for free speech and protests
Carey Parker: Yeah, well, let me throw another one at you. And that is protesting, there’s a lot of, you know, We’re really divided here in the United States, currently, and there’s a lot of people protesting on both sides of issues. But when you carry your cell phone with you to a protest, there are several ways by which law enforcement, if they want to see who the rabble-rousers are and so you attended a certain protest, can figure out that you were there.
Also Google, because they own Android, which many people don’t know, but if Google owns Android and therefore they own the phone and they know where you are. It’s not uncommon for police to go to Google and say, I wanna know all the devices that you know of that were in this two-block radius at this time on this day.
And Google can do that. There are license plate readers everywhere now. Not just a toll booth anymore. There are cops that have license plate readers built into their vehicles that monitor every license plate they drive past. And they often drive through parking lots, ostensibly looking for stolen cars or cars associated with criminals they’re looking for.
But all those license plates are logged and kept into a database. And because storage is cheap, that information is kept forever. Then third parties share that data with who knows who. So, it’s a wild west of data out there right now. And it’s gotten horrendous and it’s, we’re just starting to see the cases where this is really gonna bite us in the butt.
Privacy and getting watched by advertisements
Brandon Rollins: Even with the less frightening things going on right now, I mean, we, we all know that a lot of modern marketing is based on essentially collecting information about what you do online, your location, the kind of stuff that you Google, the kind of videos you watch on YouTube, a Google property, the stuff you look at on Instagram, a Facebook/Meta property.
All this stuff is used to essentially create dossiers, not exactly dossiers, but like that. They’re used to automatically match advertisers with, just, audiences of people who they might wanna communicate with. Know what that looks like is not necessarily Facebook recording you on your phone or whatever.
I don’t think that they actually have voice recognition nailed down, let me tell you that. But they’re very good at knowing that if you are a board gamer. They know how to pitch board games to you, and then an advertiser logs in “and they’re like, okay just target people who like board games and who are in these three states. And boom, you have an audience ready to go, very simple.”
Google also has, TikTok, YouTube, Instagram, and Twitter has a version of this as well. Every social media site, you can think of every search engine.
The point is, the major internet infrastructure that we rely on collects information, sells it to advertisers and uses it to pitch products that you may or may not want. Now, even though that’s not necessarily illegal or even scary, it’s still annoying. It’s a little creepy.
I think a lot of people are waking up to this that, uh, maybe it’s not a good thing that their information’s being sold in this way.
Carey Parker: Yeah. So this is a big topic for me as somebody who’s into security, particularly somebody who’s into privacy, as you can, well imagine, but obviously, I’m a creator as well. And I wanna reach people also and, and so what I, what I’m doing is not really for profit. What I’m really mostly doing is, my main goal is to reach more and more people, which still advertising is one way you can do that.
And I’ve dabbled it, not in the past, but here’s where I come down on this. So watching ads, I mean, if I have to, I realize that is how a lot of the web today is supported and funded. But I’m not okay with ads watching me, that is where we’ve gotten to now.
There is a real difference between contextual advertising that is based on general demographics. And if I’m on a fantasy football website or home cooking website. There, there are going to be some understood demographics that go along with people that visit those sites.
If nothing else, I’m interested in football and cooking right in those two cases. I’m okay with demographics general that kind of targeted in that sense by context and then by the way, that’s how that’s how DuckDuckGo works. They have ads, but they’re all contextual ads.
They will only show you something related to what you just searched for, not even things that you searched for in the past. But the problem is with the behavioral based advertising is they are really trying to build a picture of you, not just from the current context, but from everything you’ve done like ever.
You are well aware of what’s what these data brokers and Google and Facebook are tracking. It’s crazy the amount of data that they have on you. And it’s a wild west here in the United States. We don’t have privacy laws yet. Like they do in Europe with GDPR, which is not perfect, nothing ever is it, you gotta tweak it over time.
Brandon Rollins: You gotta start somewhere.
Carey Parker: You gotta start somewhere and we all learned that the whole cookie banner thing was a was a joke.
That came, from GDPR. You gotta try and fail and tweak. You’re not gonna get it right first thing, outta the box and we in the United States actually can benefit from that.
But Europe went first, we can look at their mistakes and tweak ours accordingly. But these data brokers are selling and trading information about us that is highly personal and will, if it hasn’t already, be used for things like denying you health insurance or denying you a mortgage or go the other way, it might show you higher prices for things than it shows somebody else, because it thinks you can pay more or will pay more, these things do affect us and it’s…
I understand the need for ads. We’ve had ads forever, but we, until modern history, those ads have not followed you and tracked you and built up information about you across multiple sites over many, many years. And we’ve got to go to stop that we not against advertising. I’m against behavioral based advertising.
We’ve got to fix that! Until we fix it until ads become something that are more private, people are going to go to ad blockers, it’s gonna be a self-defeating thing.
Are privacy-invading ads really the future?
Brandon Rollins: Yeah! And to be absolutely clear for anybody who’s honestly forgotten, or maybe even wasn’t born yet for or like really, old enough to understand yet… Pay-per-click ads and that kind of thing, that what we see on Google and Facebook is only, maybe 15 years old in its current iteration, before that it was like, you advertise on the television network and you either reached a massive audience, or you reached a niche one, depending on the channel, you were on a newspaper, same thing.
You reach out on magazines, you get a niche market. You go to individual groups and you make your pitch there. You cold call people or whatever, the point is, you either had to go with a truly mass media product and pitch something that way. Or you had to go super niche and find people where they were.
Now we’ve got this weird situation where you’ve got mass media. In that you have social media sites that function like mass media in a way, but you have niche advertisements on there, um, that aren’t necessarily based on you going there to look at that thing. Like you go to Facebook, you’re not necessarily expecting to look at your hobbies.
You’re expecting to look at your friends. A lot of marketers I think, would be terrified to lose access to the kind of tools that you know, we’ve come to rely on with Facebook, all that stuff, Google and, at first I was honestly, cuz because they’re, really, really valuable, but I have come to think, “wait a minute,” this is actually an enormous opportunity because we can get back to basics on content, on reaching people where they are via what we now call influencers and that sort of thing. In other words like it’s chaos, yes but it’s also opportunity.
Carey Parker: So let me just say, I think we can do a lot with contextual advertising and part of the problem is some of these companies are saying, we could do better so our stuff is worth more money, which by the way, we should talk about in a minute, Because I think I’ve seen some studies that say otherwise our ads worth more money. Because there you’re gonna reach more people that way.
But let’s just say there were regulations in place and now we all have a level playing field again. So now it, we are all competing on, with the same hobbling. So if, if nobody can do it, then we’re all back to the same place and, all the, it’s not like one ad company’s gonna be hurt more than another. Because they should all be in the same boat in terms of what they can and can’t do in terms of tracking people.
I actually think that Google’s Topics. The whole FLoC thing was ridiculous, but their Topics proposal has some value, what they’re trying to do with trying to put people in some very broad bins and giving you control of what those bins are and excluding a lot of really sensitive bins like health issues, gender issues, sexual orientation issues and political issues.
Now, of course it could just go down the slippery slope and get horrible again. But at least the proposal as they’ve got it, now it has some value. It might be a nice compromise, but I think we can get to that point where we can have a little bit of behavioral stuff where people could opt in, not opt out, it’s gotta be by choice, but if I can say, “yeah! You know what, I’m looking for appliances right now,”” or, you know what, I’m a football nut show, be anything related to football.”
If it’s participatory and I could pick and choose the kind of things where I register my interest in something anonymized well enough, I think that can still work. And if everybody’s on the same playing field, because there are regulations that prevent people from doing otherwise, then they’re all. Then, I would have to think that the market would just adjust.
Brandon Rollins: Honestly, I think that it would! If it were ruled down from above by fiat. I think that businesses would adjust partly because there’s a lot of opportunities to.
Carey Parker: Yeah, we could hope, I I’d like to try it and find out.
Security Tip #1: Backup your data
Brandon Rollins: Yeah, me too! So with that in mind, what are some relatively easy ways that a person can beef up their cyber security?
Carey Parker: Yeah, okay! So let’s, let’s talk about my, let’s talk about cyber security. To me, security enables privacy, so I’m gonna talk a little bit of both. First of all, back up everything. Anything you can’t replace needs to be backed up at least twice.
And we have what we call the 3-2-1 backup rule. You should have three backups of anything you should have the original and two copies, probably. The two part of that is that it should be on at least two different mediums. So back in the old days, a lot of people would have like a second hard drive next to their computer.
They would have software like Time Machine running, or Windows Backup that would create snapshot backups every so often to the hard drive sitting next to you. Cloud storage has gotten a lot cheaper and cloud backup has gotten a lot better, and the nice thing about that is it’s in two different locations, that’s the two.
So if your house burns down or it’s flooded or a tornado or whatever, the hard drive setting next year, computer’s gonna go to. It’s good to have it in a separate place. Back in the old days, I used to have two hard drives. Every month I’d swap out and take one to work. Uh, But now cloud, cloud, backup’s gotten so much better.
Brandon Rollins: Which cloud store ,do you think you would commend?
Carey Parker: So a lot of people kind of use Dropbox and Google, OneDrive, and Apple’s iCloud. This is where privacy comes in. So a lot of those are good. They are encrypted both in transit and at rest, but the keys are held by Dropbox, Microsoft, Google, meaning that at any point they can and do access your stuff.
Often it’s just computer programs looking for child porn or copyright violations or things like that. So I want a cloud storage backup where I can control the encryption keys and the one I’d use is called SYNC.COM and SYNC.COM, but there are others there’s iDrive and Tresorit, and there’s some other ones, but definitely look into ones, if you look for privacy based cloud storage with ended encryption, those are the key words you’re looking for. So you definitely wanna have a backup cloud backup where you can control those encryption keys.
And the way to test that is if you ask their support folks, “Hey, I forgot my password, can you get my stuff?” Their answer better be no. Because if you’ve protected it with your password and they should have no access to it, that it should be encrypted blob to them. So that’s backup! Number one, make sure if you’ve got any file, family photos, family recordings, and documents that you cannot replace, make sure you’ve got them backed up.
Brandon Rollins: Yeah. And a quick interjection. Anybody who’s got, for example, a desktop and a laptop. If you have a cloud backup that you like, you can actually get to that three forms of backup pretty quickly just by having your original copy. Your cloud storage and cloud that syncs your other device. This is actually one thing that I like to do.
I like to have my desktop, my laptop has everything that’s on my desktop. And of course, there’s also the backup in the cloud too.
Security Tip #2: Use a password manager and two-factor authentication.
Carey Parker: Yep exactly.
Uh, The other one and people hate this. The other one though, is you really need to be using a password manager and you really should be using two-factor authentication. Humans are just horrible at remembering stuff. When we come up with passwords, we either use the same password all over the place, or we use the same password with minor variations and the bad guys know that.
If there’s a breach at some Yahoo or somewhere where your password gets stolen, it should be encrypted at Yahoo.
The bad guys have ways to get around that. If they figure out what your password is, the first thing they do is they take that same username and password and try it everywhere else.
So you absolutely positively must be using unique, strong, crazy random passwords for every site that you have. One and the only way that is possible is to use a password manager. Then it just happens for you, it’s magic. You don’t have to remember any passwords. The only password you need to know is your master password.
And then you really need 2-factor authentication on top of that, because sometimes these authentication systems, even if you’ve got a great password, sometimes they are bypassed. Sometimes there’s vulnerability in the software somehow that maybe gets them past that point. And so you still want to have a second factor which, in our case, tends to be your smartphone, because you get a text message or you have a PIN code. For your two factor and that gives them one more thing they have gotta get through.
And by the way, between those two, you definitely wanna use, like a Google Authenticator like authenticator. I personally, instead of Google Authenticator, because I don’t tend to like Google. But that’s way better than SMS, there’s too many holes in the cellular network, security wise.
And bad guys if they really wanna target you can get those SMS based codes from you.
Brandon Rollins: About password managers, a lot of folks are afraid to use because it sounds complicated. And honestly I put it off until this year myself. I think it was like my credit card, somebody did a fraud charge on it or something.
Anyway, point is I was so irritated by it that I said, “you know what? Screw, I’m getting a Dashlane account. I’m just gonna do this freaking thing.” And I did it and it was like two hours of hassle. And basically once I updated all my passwords, once all that was in the system, I have not had to enter in a password by hand, in a long time on my phone, on my computer.
It’s actually quite easy once you get over that hurdle. So, don’t be afraid of that, it’s a pain at first, but it’s so worth it, even for the convenience.
Carey Parker: Absolutely! A lot of the password managers. The good ones. And I tend to recommend either 1Password or LastPass or Bitwarden and Dashlane’s pretty good too, will have the option to import your passwords. If you have been saving them in your browser, which a lot of people do. I recommend you don’t because browsers are not terribly good at that in terms of security. Import them from your browser where they had been saved.
Put them in your last into your password manager and then once that’s working well, delete them from your browser. So your browser no longer saves them, doesn’t prompt you to save them. Just turn all that off and just use the password manager.
Security Tip #3: Update your software.
Carey Parker: Uh, another one, make sure all your software is up to date. I’m a software engineer. I’ve been doing it for 30 years. All software has bugs, guaranteed, it’s just, it’s not possible to make perfect software. So as they find them, they get fixed and you need to make sure you have those fixes. A lot of those fixes can be, can cause you to have your whole computer and then every device on your home network.
It can be bad, so that’s how, that’s how you get viruses. So make sure that your operating system on both your phone and your computers are all up to date. If it has an option, then they should for automatic updates, turn that on. Then, make sure your applications are up to date as well.
And if you’ve got any applications that are old enough that they’re no longer getting updates, I would seriously recommend replacing them with ones that are current. And if you have a computer that is so old, that the operating system is no longer getting updates, then that’s your queue to either update to an auto. Newer operating system that will get updates or a new computer that will get with a more modern operating system that will be updated.
Brandon Rollins: Air gap it and demote it to the garage.
Carey Parker: Okay. So that’s a great point. And that, I’m glad you said that because I think a lot of people get extremist about this stuff. And actually, I am not that way. A lot of the stuff that I recommend, in fact, almost everything I recommend is low hanging fruit, simple stuff, 80/20 rule, it’s, there’s so many simple things.
And again, I like my analogies. This is like wearing a seatbelt. This is like putting in a smoke detector. This is like brushing your teeth. It’s like putting on sunscreen. These are all things that as humans in the real world, we’ve all decided we’re gonna do, because they’re smart things to do. They’re all kind of inconvenient. It sucks you gotta lock your car every time you leave it and home. We didn’t used to have to do those things. We do now, but you just get used to it and it’s just part of daily life. You gotta suck it up a little bit, do those things. They’re really not that difficult.
I’m not talking about Edward Snowden level security here. I’m not talking about, Fort Knox. You don’t need to be that. There’s a lot of things we should be doing that just are common sense things you just need to kinda work into your daily life. And they’re really, they’ve gotten pretty good.
Brandon Rollins: Yeah, absolutely. And I like that you stick to the relatively simple stuff, because for the most part, it’s important to just get people to take some kind of action, period. It doesn’t even have to be perfect. It’s update your software, get a password manager. Back up your stuff, and you are better off than 99% people out there probably.
And really it’s just, take a little bit of action to get a little closer.
Security Tip #4: Uninstall programs, apps, and extensions you don’t need.
Carey Parker: There’s one more thing we’ll throw out and this is something that’s come to me over more recently, and that is minimization. That, which is, for example, uninstall any apps that you’re not using anymore. Go through and find all those old apps you downloaded. They were free, they had trials, the crapware that came with your computer.
If you’re not using it, get rid of it. Those are all potential chinks in the armor, because all software has bugs. So the more software you have, the more bugs you have. So find those applications that you’re no longer using and ditch ’em, on your phone as well.
That includes by the way, plugins in your browser. Sometimes people throw those really fun plugins in, and then they never use. Again, those plugins. Could be compromising your privacy and or security. So find plugins you’re not using get rid of those too. Be careful of ones like Honey, like a lot of people like to find deals on the web. So they, put these plugins that help them find the best deals on stuff.
That means that plugin probably knows everywhere you go on the web, knows everything you’re shopping for, and who knows who they’re sharing that with? So to me, the only plugins I have on my browser are privacy and security plugins. I don’t have any of those other kind of plugins on my browser.
Brandon Rollins: Yeah. And sometimes I’ll need something like really specific for marketing, but honestly, it’s probably a good idea to it. It’s past time to go through the extensions again, cuz it’s way too easy to install too much stuff that, just kind of sits there and opens up security holes.
Carey Parker: And you forget about it, but it’s still a threat. Yep.
Brandon Rollins: Yeah, absolutely.
Does it make sense to use VPNs?
Brandon Rollins: So, how do you feel about VPNs in general?
Carey Parker: That’s a great question. And I think the real issue with VPNs and the first question, if anybody asks me about VPNs, the first question I ask them is what is it you’re trying to do? Because they’re good at solving certain problems and not good at solving other problems that I think people think they do.
I mean, it’s got private right in the name, for example. So a lot of people immediately think, oh, it’s gonna gimme privacy on the web. No, what you’re doing when you use a VPN is you are trading your trust for your internet service provider. Is not just who you have at home, but it’s, whoever’s currently giving you access to the internet.
So that could be your cell phone provider that could be Starbucks or McDonald’s, or the airport or the hotel you know, if you’re using public Wi-Fi, they are your internet service provider. So when you’re using a VPN, you are trading your trust from one to the other, because now you’re VPN provider knows everything you’re doing and all the places you’re going to on the web.
You’re preventing, whoever’s giving you access to the internet from seeing those things. A VPN is an opaque pipe. I, again, I like my analogies. So if you ever watched this, will date me, but if you’ve ever watched Hogan’s Heroes, old TV show. These guys were in a German prisoner camp, but they had a tunnel from under their huts or their little homes or their cells or whatever.
They had dug a tunnel that led outside the camp. That’s what a VPN is. Once they’ve come up outta that tunnel, anybody can see them. The tunnel doesn’t go from your computer all the way to Amazon or all the way to the porn site you’re going to, or whatever. It goes to a public server out on the internet and pops up.
And then at that point, you’re as visible as you ever were. But you’re coming up from a weird place. So if you had a tunnel under your house from your basement to two blocks away in an alley, anybody looking at your home would not see you coming and going, but anybody who knew where that tunnel came out could see where you were coming and going.
A weird analogy maybe, but that is how VPNs work. So if what you’re trying to do is, you’re trying to protect your privacy from whoever is giving you internet access, then yes, that can work, but you have to pick a VPN provider that will actually protect your privacy.
Most of the free ones don’t. They’ve gotta keep the lights on somehow, they gotta pay the bills. So more than likely they’re selling your information to somebody else, you’ve gotta pay. That doesn’t guarantee it, but at least gets you a lot closer to being sure you’ve got a private VPN, so you really want a VPN that for example, doesn’t log anything.
If the cops come knocking on the door and say “Hey, I wanna know where Carrie was going on this day of this time using your VPN service.” What you want is a VPN service that can say, ” I don’t know cause I don’t have any logs of that.” Express VPN, Nord VPN, Proton VPN, some of these are very privacy oriented VPNs that make a point of protecting that kind of information.
So again, it really depends on what you wanna use it for. Some people wanna use it to. They say, I wanna be able to access Netflix when I’m traveling abroad.
Okay, VPNs can do that because they can make you appear to be, that tunnel pops up, you can make that tunnel. If you’re in Europe, you can make that tunnel pop up in Atlanta. So that Netflix, oh, “Hey, Carey is in Atlanta for some reason. Let me serve him as content, because he’s still in the United States” when he is not. But, as you can well imagine Netflix and all these companies that are copyright bound and have licenses that they’re trying to protect based on region have figured out a lot of the IP addresses that correspond to these VPN services and have blocked them anyway. So it really depends on what you wanna use a VPN for. Those are the probably the two most common ones, you know, back in the day it was for road warriors. People at companies who wanted to get on the corporate network, that’s a whole different subject and that’s fine.
But for personal use, those are the two reasons I most often hear. And that’s the responses I usually.
Brandon Rollins: Yeah. That makes sense, especially with trying to find a place that does zero logging. Because it’s not gonna do you any good if the VPN’s just watching you anyway.
Those records can be found anyway, it doesn’t even do anything, even if you use something really good Express VPN or Nord VPN or something, if you log into Facebook. I think just forget it.
Carey Parker: That is a great point.
Brandon Rollins: Check your Gmail or something. You’re not gonna get that much protection from it, relatively speaking. Because you’re already, you’re signing into the kind of services that require information from you in the first place. You need to look up something like that, you don’t want seen.
I think maybe you could probably do that in a private tab on a VPN, but you might actually disagree with me on that point.
Incognito Browsing vs. Tor
Carey Parker: Yeah, that brings up two other points I wanted to talk about and you’re absolutely right. I’m glad you brought it up. It doesn’t protect you from the sites that you go to can still track you in any way that they could normally track you. Certainly, if you log into that site, then they know whatever you’re doing on that site, that’s still how that works.
All you’re doing is you’re creating this opaque tunnel at your local access point. So all it really means is that anybody watching locally and in the digital sense, that would be your internet service provider or whoever is currently giving you access to the internet over Wi-Fi or whatever, they won’t be able to see what you’re doing, but everything else on the web happens as it normally does. The other thing that if a lot of people don’t understand is what it means to have incognito mode on your browser or private mode on your browser.
A lot of people think that gives them privacy too. It honestly, it doesn’t, it’s really horribly named. All it does, when you do that, when you open a private tab or, are surfing private mode or incognito mode on your browser.
All it does is prevent any local breadcrumbs from being dropped for what you did, all your history is gone. All the websites, you went to, any cookies that were tried to be saved won’t get saved. Which so all that protects you from is maybe your spouse or your significant other, or your kids who might be sharing a computer with you to be able to go back and see what you did.
That’s it! It has no effect whatsoever on your ISP being able to snoop on you or all the regular tracking that happens on the web already.
Brandon Rollins: Honestly, can probably get that data from the router.
Carey Parker: Maybe. Yeah. If you knew what you were doing, maybe!
So the other thing that people maybe have heard of is the Tor network or the Tor browser, and you can download the Tor browser for free, it’s based on Firefox. And that really is a much closer to anonymous web surfing tool. It’s better than a VPN for what a lot of people want if they really wanna try to surf the web anonymously.
So if you’re really interested in doing that, it’s slow, it’s clunky. That will give you more what you’re looking for if you’re really trying to surf the web anonymously, look up the Tor browser.
Brandon Rollins: Yeah, I think that’s a good place for people to look. So have you noticed just some broader trends in cybersecurity going on right now that you think people should be aware of, or that you just think are interesting?
Emerging trends in privacy and security
Carey Parker: One of the interesting things, that it goes back to passwords, is there’s finally going to be a replacement for passwords that I think everybody can get behind. And it’s gonna come in the next two or three years, it’s called passwordless or pass keys. Some people will call it. It’s really pretty cool technology.
The cool part about it is instead of having a password, which is a shared secret, it’s a symmetric thing where I have the secret, you have the secret and we compare those secrets to make sure that I am who I say I am. So when I set up my password, you store that password in a very special way and I have that password as well. And when we compare those two, they should be the same.
The problem is, is now my secret is actually somewhere else as well. And all those places that have my passwords need to go to great lengths, to keep those things safe. And if they screw up, potentially my password, especially if I’ve reused it, multiple places is in, now I’m in deep trouble.
Passwordless and pass keys as a new technology, it’s gonna be probably based on your mobile phone, kind of like 2FA. In that, you have to have your phone with you to kinda authorize yourself, but you could be on your computer while you do it. And it sets up behind the scenes. This is gonna get a little bit technical.
It’s called a public-private key pair. And this is if you ever heard of PGP, that’s how PGP works. And a lot of, actually, a lot of encryption on the web works this way. Instead of having a shared secret where it’s symmetric, it’s the same password or same thing on both sides. Two part thing you could think of it like a two part lock.
It takes one key to lock it and one key to unlock it, as it might imply with public and private key pairs, the public key can be giving out freely, it doesn’t matter who has it. So when you set up in the future, when you set up an account with a website like Amazon or Yahoo or Google and you wanna log in, behind the scenes, your computer will verify that you are you, and then it will do this dance with this public-private key thing.
Basically the website will challenge your computer behind the scenes. You don’t have to do any of this. We’ll send a challenge to your computer. It’s a challenge that only somebody who has the matching private key could possibly answer correctly, that just gets rid of passwords. And it also gets rid of the problem of these other websites now having secret information that if it gets lost is a problem. If those public keys get out, it doesn’t matter.
This will be coming in the next two or three years and I can’t wait because people hate passwords, I do too. And this technology will make a lot of that, finally, it’ll give us an alternative to using passwords.
Brandon Rollins: You know, at first I just thought, “oh, this will be nice,” but now I’m thinking that’s actually really, that has huge implications for experience design, that kind of thing. Because for people who aren’t familiar with user experience design, or just UX, for short. Basically anything you can do that reduces the amount of obstacles somebody has to go between where they are now and what they want to do.
Well, UX is the art of, like, refining this to make it easier to use systems. Getting rid of passwords would be huge because, for many businesses, how you interact with software is actually a huge part of the experience. If you can just eliminate one of the things that gives people a ton of trouble, it’s like, that’s gonna have massive implications on its own on the business end, not just the consumer end.
Carey Parker: It’s often said that convenience and security go, you know, in opposite directions, that they’re diametrically opposed. And if you wanna be more secure, you have to be less convenient. That’s why actually a lot of cases where the operating systems, you know, Apple and Google and Microsoft, they don’t wanna make things inconvenient.
They don’t wanna upset their customers. They try to make things as convenient as possible. So they didn’t wanna push all these things at them and prompt them to make these changes. And do you really wanna do this? And because they knew that would just annoy the user, but we’ve had to go that route over the years because it’s gotten so bad.
A shift away from blaming users for privacy issues
Carey Parker: We also have to stop blaming the users. We push lot of the stuff on the users we say, oh, you should have had a better password. You should have been using password 2FA, but if we can make it so they don’t have to do any of that, we can, we’ve shown time again, that we can redesign things to have the security built in so they don’t have to worry about those things.
We shouldn’t be forcing the user to do all these things if we don’t have to. And so I think that is another shift you’re gonna see in the next three to five years, where we’re gonna try to make this stuff built in as much as possible. So that the users don’t have to worry about it. Cause if you rely on the user to do these things, it’s just not gonna get done.
Brandon Rollins: Oh, I hear you on that because before I was doing marketing, I worked in IT for over six years and then before that, I was getting a degree that was related to business and IT, so I go in and I find a lot of this stuff still confusing. Just keeping privacy and security. It’s like on, how on earth is a regular person supposed to keep up with that? It’s like, get real guys. We’ve got to have better systems in place. I think things are starting to change for the better, honestly the fact that every YouTuber is hocking password managers now is a good sign.
Yeah, we’ve got that going for us, speaking of easy. I don’t know if you’ve noticed this. Oh who am I kidding, I know you’ve noticed this. So on the latest version of the iPhone or not even the latest version, I think it was like 14.5 or something. Apple started asking people whether they actually want to be tracked and gave them the option made it very easy.
I can’t remember if they asked them proactively or just put it in the settings, but the point was…
Carey Parker: Oh, no proactively.
Brandon Rollins: Proactively. Okay! I just wanted to be sure, but they start asking people and all of a sudden, email tracking broke advertising tracking broke. Facebook’s revenues went down, all this stuff happened, as a result.
But the very good thing is that a lot of people using iPhones are, if only a little bit safer, for having made an extremely simple decision.
Carey Parker: Yeah.
Apple’s unique position on privacy and security
Brandon Rollins: Apple seems to be surprisingly good about privacy as far as Big Tech goes from what I’ve noticed.
Carey Parker: Apple’s in a, kind of a unique position. They don’t make money on information. Google is an advertising company that happens to make a browser, that happens to make a mobile operating system, that happens to make a search engine.
They’re an advertising company, 90-some percent or close of their is ads. They’re an ad company. Facebook is too. Apple is not, Apple’s a hardware company. They make money on selling products. And so they give away their operating system. They give away a lot of their key apps.
They are not into software, so they don’t need your information. So it’s, again, whether or not that was the plan all along or whether they just looked at it and said, “oh, hey we don’t need that information. Let’s make ourselves, let’s tout our privacy cuz we don’t need it.” So whatever, they actually do have a very minor ad business.
Which, I honestly, I wish they would just drop, because that’s a conflict of interest that I wish they didn’t have. But yeah, Apple, in general, if I had to pick, certainly, they’re a lot more secure by default. They’re a lot more private by default. They really pay attention to that UX.
You were talking about the UX. So when they did the popup, they forced the user. If they forced the people, if they were gonna ask permissions for something, they had to have this popup if they’re gonna be tracked. They chose the phrasing because if they let the company with the app, choose the phrasing, they would use dark patterns.
Like they would say, you know, would you like more personalized ads? Would you like a more personal experience? All those things mean tracking, so Apple said we’re gonna write the copy. And then we’re gonna give them the button with the right choices that aren’t gonna try to trick them into going the way you want them to go.
So we get to choose that. And they did the same thing when they did the “sign in with Apple.” because when you use things like “sign in with Facebook” or “sign in with Google,” what you’re doing is you’re saying, oh, that’s one more account, I don’t have to create one more password. I don’t have to keep track of. So it’s convenient, let me just sign into this other site with Google or Facebook. You’re creating a data sharing agreement between all three of those parties. And so what Apple did is they said, you know what, we’re gonna have a sign in with Apple, but ours is gonna be private.
And oh, so here’s the deal, everybody. If on an Apple device or an Apple phone, in particular, you’re gonna pop up a dialogue that says sign with Google or sign those with this with Facebook, you also have to show ours, it has to be at the same size font, it has to be the same, it has basically look identical. It has to be an equal choice to all these other ones. If you’re gonna offer those, you have to offer ours and Apple made a point of doing it so that you don’t share information. In fact, you could even give them a dummy email address that will route to your regular address, but won’t give them your regular email address.
It was beautiful.
Brandon Rollins: Yeah, that actually is a huge change for the better. And just as a fun fact for listeners, you actually used a dummy email address when signing up on my Calendly for the show.
Carey Parker: I did.
Yeah! You did, because you’re like, you don’t know what Calendly is gonna do with your email.
Exactly it wasn’t you, I didn’t trust it was Calendly.
Brandon Rollins: I get it. I’m not offended. I’m slightly offended. No, I’m not offended.
What marketers should do about privacy and security changes
Brandon Rollins: So for the marketers just listening to this and you’re, if you’re noticing that, like you’re not getting good data in Mailchimp or ActiveCampaign or ConvertKit on your emails, it’s like a lot of that’s because it’s harder to track email opens on iOS now.
So now you gotta pay attention to clicks. It’s like for those who are starting to feel like their pay-per-click ads are not performing anymore, there’s actually probably a good chance that they’re not. So it’s time to not entirely divest in that stuff, I wouldn’t advise that, that would be wild, but it’s time to consider putting a little more money onto content creation, search engine optimization, and I’m gonna say, sponcon/influencers, just so you can reach people with contextual ads and not behavioral. Simple stuff, it’s kinda like you wanna have a balanced portfolio of approaches and now is, I think is a good time to spend a little bit less on advertising and a little bit more on the other stuff.
Carey Parker: As somebody who has newsletter, I like to know when people open the newsletters. I also get data, they have their privacy too. I think we will find compromised solutions to some of those things. For analytics, I use a company called Plausible. Supposedly a privacy centric analytics company, unlike say Google.
Brandon Rollins: Google Analytics.
Carey Parker: Yeah! I think we, there will be alternatives and I think there will be things that we can use. We’ll need to find that balance because analytics has their, a purpose and the classic saying, of course, I’m sure that you know well is “half my money on advertising goes to the wrong place. I don’t know which half.”
Brandon Rollins: Yep.
Carey Parker: Right? The classic conundrum with advertising. And we’re still gonna have that problem. But I think we will find, especially if we get some regulations that force us to, I’ve sometimes said that regulation is the mother of invention. A lot of people think regulations make things harder.
How many times, when someone tells you, you can’t do this, this way, which is the way everybody does it, then you find a different way. Look at California emissions on cars, if it weren’t for their, for California unilaterally., Because there was a federal law, saying your cars must not pollute as much, the auto industry would never have done a lot of the changes that they did.
So you know, a lot of times putting these regulations in place, these limitations, forces innovation. I think we will see that if we ever get a privacy law. And I think we, in some sense, we will be able to have our cake and eat it too. We’ve gotta do it better.
What Carey wished he knew when starting Firewalls Don’t Stop Dragons
Brandon Rollins: Totally agree, so I’ve got one last question for you. Something I’ve gotten in the habit of asking everybody.
So what do you wish you knew when you first started Firewalls?
Carey Parker: I think that what I wish I knew or wish I understood better, is when I first started this, especially, as I’m writing the book and I’m seeing that, there wasn’t a lot of response to this known revelations. And more than I thought there would be, I really got depressed and I really thought people, I thought there was an apathy around privacy, in particular, that people just didn’t care.
Like it just went, they saw it, they thought “eh” and went on with their lives. There probably were some of that, but what I have learned over the years and maybe it’s actually changed since then too as more things have happened is that, I think what it really is more of is that people just feel two things.
Firstly, they feel overwhelmed. They feel like that I can’t, there’s too many things, I have to opt out everywhere and I can’t find them all. And I’m sure I’m missing some and I just give up. I can’t. And then I think there’s another set of people who think that it’s too late.
Like the horse has left the barn and I there’s nothing I can do now. So what’s the point of trying to control my privacy, all my data’s out there anyway, I give up. So I think what I’ve come to learn over the years it’s less that people don’t care. I think people care a lot about privacy, actually, especially when they run into situations where it becomes a problem.
Identity theft really is a form of privacy theft. As Cambridge Analytica and some of these other scandals hit where it shows that this data can be used for truly nefarious purposes and guiding us in ways that, in subtle ways, that we’re not even aware of with all these algorithms and all this engagement stuff. Facebook and TikTok and all these companies are doing based on this information.
And I think people are finally getting to understand that it really does matter. And I’ve learned since we’ve started this. I think that there’s, it’s not so much apathy as it’s people getting just exhausted. They’re tired of trying to protect their privacy and then a lot of people just giving up, thinking it’s too late.
And, what I tell people is that it’s not too late. And if you start even just right now, you’ve been a huge Facebook user and all over YouTube and Google and they have all your information, there are still things you can do. First of all, you can have them delete that data. If you really want, you can switch to some other.
In some cases, you can switch to some other providers that are more private. You can also have them limit your data. You can change your permissions to share less. Here’s the thing, though, is that data has a half life. The information about you gets stale and the marketing people know that.
Over time, even the information that is out there now will get thrown out, or weighted less because if I have information on you, but that information is year old or two years old, it’s not nearly as valuable as more recent information, so it does get better. You can, taking the steps now will improve things down the line.
Brandon Rollins: I think that’s really good advice, even small changes in behavior seemingly too late can still have a very positive impact.
All right. So I guess with that. I’ll just ask, where can people find you online?
Carey Parker: As you might imagine, firewallsdontstopdragons.com is the main place to go. From there you can find links to the book. You can find links to the podcast, the newsletter, the blog. I also maintain a list of resources there, if I’ve got a really nice list of privacy and security resources beyond my own, if you just wanna find some more information that’s really the place to go.
Uh, YouTube and Facebook too. I, Of course, as a privacy person, I don’t like them, but as a missionary for privacy, I’ve gotta go where the sinners are, so to speak. So I have to have a place there too. So if you like videos, you know, my podcasts are converted to videos too.
There’s lots of ways to get at it. I try to cover all the bases, because I really wanna reach as many people as possible.
Brandon Rollins: Absolutely! And for anybody who’s wondering, all those links, the blog, the podcast, the social media, the book. All of that is in the transcript and in the show notes. So if you just scroll down on whatever app you’re using, or if you stumbled across us on the blog, you’ll find it all there.
Carey Parker: If I could say one more thing before we go. And that is, by the time this comes out a couple of interesting things will be happening. I will be reaching the 300th episode of the podcast. That’s 300 weeks. So quite a long time, I will have a really special interview guest for that.
It’ll be a lot of fun. Also the fifth edition of the book will be coming out soon. Probably at the Christmas time, maybe after the first of the year. We’ll see. But around all of that, I’m gonna be having some really kind of fun promotions that I’ll be doing. So you might wanna check in if you’re gonna check in, that would be a good time to do it.
Brandon Rollins: Yeah, definitely check those things out if you’re listening. All right, Carey I’ve had a lot of fun talking to you on this show.
Carey Parker: Me too.
Brandon Rollins: Really appreciate your time!
Carey Parker: Absolutely.
Brandon Rollins: My name is Brandon Rollins this has been the Weird Marketing Tales Podcast. Thank you very much for listening to this show.
We really appreciate it. If you haven’t done so already, please take a moment to subscribe wherever you get your podcasts. If you happen to be on Apple podcasts, please leave a five star review. It helps us out more than you know. If you wanna follow Weird Marketing Tales on social media, we’re either @WeirdMarketers or @WeirdMarketing on pretty much every social media network known to man.
If you wanna visit our website, that is weirdmarketingtales.com. Again, thank you very much for listening. We really appreciate it.
Check out the Weird Marketing Tales website if you haven’t already. If you want to follow Weird Marketing Tales on social media, go to @WeirdMarketing on Facebook, YouTube, and LinkedIn. Go to @WeirdMarketers on Twitter, Instagram, and TikTok.