The Complete Privacy & Security Podcast-Episode 041

Posted on August 19th, 2017

EPISODE 041: Just 30 More Things…

This week we clear out our inbox yet again and tackle your questions.

Listen to all episodes at

Subscribe at:




Disney Fingerprint Scanning:

HotSpotShield Issues:


What do you guys do when you come across a website requesting personal information but they do not have SSL enabled?  Do you email them?  Boycott the site?  If you do contact, what do you ask of them?

Michael said that he was done with Uber, but has he found anything else?

If one were to have a mac as the primary OS, for the second… you recommend windows 7 or windows 10 or neither?

I noticed both you and Michael use GoDaddy for domain registration. Using them with the privacy option is that my best option to remain private? I know they have good pricing and coupons so I was wondering if that is the recommendation before purchasing some new domains.


Once in a while when I start my vehicle I get an audio message “this vehicle is connected to OnStar limited services”. I phoned OnStar to make sure I wasn’t being billed for the service and found out the limited services are offered ongoing at no cost and provides the ability to remotely unlock the vehicle and for roadside assistance. The “free” limited OnStar service does not provide car accident detection assistance. a) What are the privacy threats for having a service like OnStar in the vehicle having GPS, microphone and cell data. b) Can the microphone in the vehicle be activated without the owners knowledge by government/state actors or even (unlikely) the car manufacture for unknown reasons?

I have recently renewed the insurance for my wife’s car. When searching for quotes, the option includes the use of telematics. Of course I chose not to use this as they collect all your driving data to provide you with a “more accurate risk profile” which will be reflected in renewal costs. What I wanted to know is whether Google maps scrapes data from users about their driving profile and sells this to the insurance companies without your knowledge? I.e. telematics through the back door?

So how exactly are my passwords more secure in a Lastpass vault than in a Google doc

For anonymous purchases ( or Sudopay), what happens if there is either a need to dispute a charge or if somebody boosts your generated card number and starts racking up charges?

If one were to purchase a used iPhone and secure pre-paid service through Verizon w/o ever revealing one’s actual name is it safe to use apps on the phone with associated with your actual name or should one keep all personal references off the phone? I believe Verizon places a cookie on your phone for their use as soon as one opens a web browser for the first time. Although they offer an opt-out option this would require providing a name. Is it possible for Verizon to see what apps one might be using on your phone and pull info from those apps?

In your example of using Sudo phone number for travel, in what circumstances would you wipe it out and get a new one? If you start getting too many spam calls? If so, then will that mess up all the accounts you’ve given it to? Do either of you have experience with the consequences of wiping a number out after you’ve used it substantially?

I’ve installed PIA and Little Snitch and I have found Firefox calling home quite a bit to sites such as,,, etc. Should I be concerned here, and how do I stop this?

Other than the T-Mobile plan, have you ever tried other prepaid options like Straight Talk, Cricket, MetroPCS, Boost or Walmart Mobile, etc…?  The reason I ask is in terms of being able to sign up without needing to give your real name and address. Not all of my students have good T-Mobile Reception and we’re curious about how they may be able to do the same with another provider.

Once I am secure enough with strong passwords, 2FA, encryption, backups, and multiple email accounts, how do I document all of this for my spouse or child should an accident happen and I (or we) are killed or incapacitated? I currently have a “living document” with listing our accounts, assets, and will and trust documents in both print and pdf form stored in our safe deposit box. These documents also include a living will and healthcare power of attorney for my spouse and I. ….

Although I use Threema and Wire, I often must refer to Whatsapp because most of my friends and acquaintances are using this tool. How dangerous is this and what’s your take on the newly introduced encryption in Whatsapp?

Speaking of Threema ….I never heard you talk about Threema, another highly secure Swiss product like Protonmail and Wire, why now?

Do you recommend using PIAs’s client app on Mac or should we use some other alternative? Little Snitch shows way too many outbound connections and it blocks incoming connections for PIA pretty regularly.

I was checking my firewall app in my android device and I noticed that Wire keeps sending traffic to Amazon servers. I felt a little uncomfortable after seeing this. Does that mean all Wire’s metadata pass though Amazon servers?

How safe or private are tracfones?

When transitioning from a telephone number (your only telephone number) you have used for 10 years or more which is on a postpaid plan, do you suggest just getting rid of it since so many things are tied to it or is it better to port it to Google Voice in order to still get things from it as you transition away from it?

Michael mentioned having 3 networks at his home and described one of their uses. Would you mine explaining the other two networks and their uses?

Do you think it’s a futile or worthwhile effort to change passwords on various important accounts every 90 days or so? These accounts don’t allow 2fa, password is limited to 12-16 characters. Moving to another provider is not an option.

Is TSA precheck worth the information needed or is this all something the government probably has anyway?

In my job I was issued a company mobile phone. It is an iPhone 6s which for nearly a year is still sealed in the UPS box it arrived in. No one has asked me to use it ever but I wonder if this just me being paranoid or is there a good reason to shun employer issued equipment?

Are your Apple ID’s / Google Android accounts registered in your names or are they also anonymous?

Is there a reason to use a mail provider app instead of the native mail app on a mobile device (other than Protonmail since it is not possible without the mobile app)?

Also would you mine disclosing what gyms would be good to go to for IDs? I’ve tried a couple local ones to me, and none provide a photo ID.

Do you know any apps on Windows and iOS like snitch so you can know when your microphone and camera are being used ?

Do you guys sometimes use Wireshark to see what program tries to go which IP address ?

Listener Suggestions:
-eBay is removing token second factor in favour of sms second factor.
-syncing keepass between the two devices: AirDrop works without issue.
-Linux, there is a really simple “app” with a GUI, present in most Linux distros that is called “DejaDup”. It does incremental backups, encrypts them, uses rsync to sync the files to other medias
Program which removes any saved open wifi networks:


The Complete Privacy and Security Desk Reference

Michael’s Website

Justin’s Website

Please submit your listener questions to us at

Filed under Podcast, Privacy, Security |


Recent Posts