The Privacy, Security, & OSINT Show – Episode 241

EPISODE 241-Listener Questions

This week Jason and I tackle your listener questions.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.



Mythic Quest




More and more places are requiring proof of vaccination to dine in, work out, etc. Assuming the person is already fully vaccinated, what do you recommend showing to the establishment without revealing true name, DOB, and other sensitive info?

How do I set a series of "traps" online so I can tell if anyone is trying to research me?

When using a normal (non-VPN) connection, and querying, my ISP obviously logs that I visited -- but do they have a log of what my query was?

Going through my online presence and trying to remove my stuff from google. How can you get rid of a Facebook page from google? I’ve delisted the page and can verify the link is no longer available. However, google after months still has not delisted it. Tried googles removal tool but it says the site page still exists which is true, and then rejects my request. What can I do?

For removing content from the list you provide should I ever create an account?

How can I remove myself from this site? (many questions like this with other services)

Is it possible to remove your information from FCC websites? I deal with radio. I have tried in the past and always get told that it is public data and that they will not remove the information.

Should I ever use the names of previous tenants of my home for package deliveries? It seems like that would work since the post office has a history of them there.

Are their any privacy concerns using my previous residential address that I no longer live at as the home address on file with a bank while using a PMB as the mailing address in order to comply with the bank's KYC restrictions on PMBs?

Do you know how people that have their PMB address on their driver's license handle the situation when inquired by the police where they live when they get pulled over for a traffic violation? Have you heard of situations when having a PMB address became complicated concerning law enforcement?

In an earlier episode, he stated that nomad residency (for example, obtaining residency in South Dakota using a PMB from America’s Mailbox) as a government employee won’t work. Can he clarify and explain some of the reasons why not?

You advise against buying second hand devices. What’s your advice on selling devices?

I have always had mixed results when trying to activate Mint Mobile 3-month pre-paid sim cards & successfully obtain a working number. Hours of attempts later, what worked several months ago doesn't work the next time. Can you please share specific steps that have proven to work reliably for you?

Is the Librem 5 telephone by Purism worth it? I have a choice of declining the telephone and receiving a refund, or getting the telephone.

I’m having issues getting the camera to trigger on Haven – what sensitivity setting do you use?

Is there a work around to getting privacy cards on graphene if the web link keeps taking you to the google play store?

You mentioned on the show that you see battery drain on the latest GrapehenOS. Mine is terrible. Did you figure anything out?

Recently I uprgaded to Graphene OS 12 on a Pixel 4a, and in the app permission controls a new item appeared: Nearby devices. I can’t disable this for all of the apps. Is there any way to disable this feature? Is there a chance that the device is scanning for other devices beyond the user’s control?

If you dont use iOS any more, what device do you use in your home? -AND- To what extent would a GrapheneOS phone with anonymous service be compromised by connecting to home wifi (with pfsense firewall and VPN) AND using it outside the home? Also what is your opinion on preloaded GrapheneOS phones that try to appeal to privacy customers?

Google Voice is not available for me in the UK, could you suggest any alternatives?

I am using the VOIP Suite application which works fine. For some reason I cannot receive calls on my other VOIP apps any more. What can I do?

VoIP service looks pretty promising, but how does this service compare to the Twilio and Telnyx in terms of user privacy? -AND- Why did you decide to create your own open source SMS/calling solution instead of using the open source SMS/calling which has been under active development for 4 years?

You promote the use of VOIP numbers for privacy, but aren't you now just trusting them instead of your phone provider? I don't get the difference.

How do you talk your friends/family into using secure comms, especially when they are not tech savvy

How does one safely date in today's world, while being privacy conscious and safe? How do you bring up your personal privacy and security to a potential partner?

When it comes to data surveillance, what are your thoughts on (a neighbors) security camera usage capturing & collecting data from private citizens without their permission? Is there anything that we can do to prevent this from happening on private property?

My underage child is on a soccer team and oftentimes parents film their child playing with their phones. I wasn't really that concerned as I assumed the footage probably didn't leave their phones until I found out one of the parents from our team was filming the entire games and uploading each game publicly on YouTube without speaking to the other parents. I'm going to speak to this parent but, before I do, I'm wondering how you would handle that conversation. What's the best way to handle this situation?

I am looking at getting a Protectli Vault and installing PfSense. I use ProtonVPN consistently but notice from time to time certain servers go down for maintenance. If this occurs when using a server that goes down it would seem to be a pain to make changes for the firewall. That said, I have two questions. Is it possible for you to make a change in the settings you've provided to allow for a second or third server option if the primary goes down? -AND- I’m running Pfsense on a Protectli vault with protonVPN and killswitch. How often you see your connection drop?

Should I connect IoT devices to the guest ISP network or guest network behind the firewall?

Whilst you reccomend Proton VPN, is it possible to follow your Protectli / PF Sense approach using PIA or Mullvad? Can you scripts be tweaked or are we on our own?

Do manufacturers design backdoors into their products? For instance, should anyone purchasing a phone that is "made in China" be concerned about unknown eavesdropping methods through hardware exploits?

Does using Twilio Authy 2FA for multiple accounts allow Twilio to join up these accounts into one user?

My bank offers the below 2FA methods, and you can only choose one:
Which do you believe is more secure?

I've been using KeepassXC on windows and linux for a quite a while now based on your recommendations. I've noticed that the update frequency has slowed quite a bit. The last version (2.6.6) was released Jun 12th, 2021. Should we be concerned? -AND- Is it safe enough to use KeePassXC to store 2FA backup codes? If so, why not use it for 2FA TOTP instead of Authy?

I use 100+ character passwords where I can. Will this future proof likely technology advances including quantum computing?

I have been trying to regain access to my Facebook and Twitter account which are linked to a Gmail account which I can no longer access. If I could regain access to the gmail account then I will be able to regain access to my Facebook and Twitter account. Any thoughts and or ideas on the steps I can take to regain access to these accounts?

I have multiple free protonmail email accounts. How could they detect this and are they likely to care?

If I use an email forwarding service, like Blur or SimpleLogin, can my true email address get exposed by clicking on "click tracking" links in these forwarded messages?

Is Fastmail masked email a good alternative for Simplelogin?

Whats your finance/banking privacy strategy?

Do you still use a Chase credit card in an alias name for in-person purchases, or should I just withdraw majority of my money from the bank and only use cash? - AND - Hi, What personal details do retailers see at the back end when we buy something online or in a store with a standard credit card?

Any steps one should take with the new robinhood breach potentially exposing bank account information?

What are some dangers in using someone else as trustee for an interest generating savings account? Additionally, what happens to the savings account when the trustee dies?

Do ios or linux devices send home information about neigboring apartment wifi points that they can ‘see’ (even if they don’t connect) and therefore compromise the location?
-bigger concern is collecting data locally from beacons

What kind of information can iOS apps collect about you and your device even after you deny app permissions such as location access, contacts, microphone, camera, etc.?

I'm considering buying a new iPhone sometime in the future. It's not ideal and since Apple will eventually drop the TouchID button altogether, the only secure method to unlock my phone in public areas (ex. airport) is with FaceID. Do you trust that Apple is storing biometric faces locally on the iPhone and NOT uploading them to their database? Or should I avoid FaceID altogether?

How risky is running an older version of the mac operating system when checking email and doing online banking? I have an older Apple computer that I have not upgraded because I have legacy software.

Does synchronising a Signal account across my iphone and ipod allow Apple to join up the two Apple accounts?

What's your opinion about Signal not being 100% open source anymore?

Do you think TAILS is secure and anonymous?

How do you both feel about the EFF’s decision to deprecate HTTPS Everywhere? -AND-
Is there a reason you no longer mention/recommend the Firefox browser extension HTTPS everywhere in your latest book?

Earlier this year you said you wanted to push out Extreme Privacy V3 early because it was mostly ready and that you had a big project planned for this fall? Did that fall through or is that still in the works?

Do you think privacy for the individual will be better or worse in 10 years time? - AND - What are the emerging technological and social changes that you think will affect your privacy threat model (or that of your clients) over the next couple of years?

How do you personally store your personal pictures, music, movies, home videos and such?

What is your favorite podcast?

You follow only one account on Twitter. Anonymous Content. What is your relationship to them?

Is the 4TB stealer logs still online? AND What specific search terms and/or search locations would yield the best results for locating Stealer Logs to enrich our breach collections?

Would you share some best practices regarding the storage and access to post-filtered breach data? Do you export and convert the output to a different format for use with a database like MariaDB or MySQL? To keep from getting any viruses that may have been in the downloaded files, do you only access the post-filtered data via computers running virtual machines?

I have a two questions for you, would you ever create a data breach search engine project, and would you ever show us your methodology for finding breached data, and open databases?

how many terabytes your server in your office is with all of these breach databases and your work files

What does ur 5-min OSINT workflow look like for quickly looking up someone ur about to meet or talking to. (Specific resources, etc)

How should an OSINT researcher prepare to testify about their findings at trial?

Do you ever find osint tricks that you keep in house? Do you really show all your cards? Can you share one?

Be honest. do you use your OSINT skills on people in your personal life?

Free Workbooks:

Affiliate Links:
SimpleLogin Masked Email:
Silent Pocket Bags & Wallets: