Stanley Cups, Targeted Ads & Online Privacy

If you've heard of me, that's me. I am the IT director um at Bridgeland Technical College. And so I teach IT to students who then hopefully end up in your positions and get jobs that are similar to you. And uh today I'm going to be talking a little bit clickbaity, but I'm going to be talking about Stanley Cups. I'm going to be calling people murderers. And then we're going to talk a little bit about online privacy. My goal is to kind of get us to start thinking about online privacy in some some capacity more than just I guess we don't have privacy. So that's what we're going to be discussing today. And I know it's lunch and I know there

aren't a lot of people here. So I appreciate you all being here for this one. So I'm going to start talking about Stanley Cups. I'm going to keep this a little bit open. So I'm I ask for some feedback from you all as I go through my presentation. Don't be afraid to say something or just yell it out. That's okay. Um, I think we all know who or what Stanley is, right? Um, it's a company that was founded in 1913 and they became famous for inventing the Yes, you're right. The first all steel vacuum uh flask. I don't think anybody guessed that. I think everybody knows something else. Regardless, here's what it looks like. This is why they became so famous, I

guess, right? Um, just kidding. They became famous for these wonderful contraptions. This is an AI generated image. So the 40 oz J or Ji or whatever. I don't know. Sorry about that. But um this was the uh new cup that was released in 2016. This is what we all know, right? Um and it was discontinued in 2019. I don't know if anybody knew that here. Maybe you did, maybe you didn't. Uh they it actually didn't sell. It was junk. Um, in 2019, Stanley, the drink company, had $70 million in revenue off of that awesome green cup that I showed you, the first one, not because of this one. But then in 2023, they had $750 million of

revenue. So, the big question is like, why was Stanley so successful? What happened? I'm going to talk about that in a minute. Hit pause on that one. So, now I'm going to tell a different story. Um, I'm going to talk about a woman that I'm going to call Sarah for semi-privacy reasons. Um, in 2024, Sarah began receiving text messages on her phone from unknown numbers. Um, and text some of the context of these text messages included things like, "You're going to regret this day. Don't do it." And then they came from different numbers, but they all began at the same time. And over time, they became much more targeted and serious messages like you're a murderer and

killer. Talk about this in a minute. But the question that I have is who is targeting Sarah and why? Why? And who? And how do they get her number? I'm also going to share a story. Pause on that one on a guy named Kendall. Look at Kendall. I I don't know if this is actually Kendall. I know that this is his LinkedIn profile because of the things that I'm going to share on and a little bit of OSN. This is the only guy who meets meets the criteria on LinkedIn. He never shared his image, but we can find it on LinkedIn. In 2022, Ken's car insurance rate went up by 21% from the previous year. So, imagine

paying, I don't know, 500 bucks. you get the next uh bill, 500 bucks every six months, and now it's $61 or $65, whatever. Um, what happened? Why did that happen? Why am I paying way more all of a sudden for nothing, right? Um, he was fed up with what was going on. His insurance rates kept increasing and so he tried to figure out why. Uh, Ken owns a software company, so he's he's he's pretty snazzy when it comes to tech stuff. Um, but he called and reached out to anyone that he could at all to ask what's going on. He called his insurance company, called everybody he could he could think of. Um, he owned a new Chevy

Bolt and uh, he drove it very carefully. He never got any tickets, warnings, citations, stops, anything of that sort. So there's no reason, no accidents. Why would his car insurance quote go up so drastically? But in one phone call, somebody that he was talking to, one of the agents of his insurance company, mentioned two words that kind of stuck out to him. And the first one was Lexus, and the second one was Nexus. He didn't know what those things were. But if you know, this will be a little less surprising. But the question is, what did Ken do wrong? Like look at this guy. He's he like like he's he's a nice guy. He's a software dev, kind of like many

of us. And if Ken ever ends up watching this, I don't know if that's a real picture, but I would guess Ken's a pretty decent guy. Um, so what did he do wrong? And why were his car insurance rates jacked up but nobody else's, not his neighbors, not anybody else. What did he do wrong? So then the question is, what is the thread that ties all of this together? Why am I talking today? And there are two underlying currents to this whole deal. The first one is privacy and online data. And the second one is money. So, we're going to be discussing specifically how personally identifiable information, data that's being tracked by by or about you by many other

companies relates to these three stories. So, let me give you the resolutions here in order of appearance that I presented them. So, we'll start with Stanley Cups. Remember how I said Stanley Cups were not doing so well? There were 70 million in 2019 and then in four years they more than 10 times as far as revenue goes. Well, in 2020 after discontinuing the cups, right, they s they hired a guy named Terrence Riley to be one of their chief marketing people. If you don't know who Terrence Riley is, that's okay. Nobody does. But um if you've ever seen a pair of Crocs, Terren Riley is the reason why. So I think we all kind of know who Terence Riley is.

Maybe some of us are wearing the results of Terren Riley's work right now, but that's okay. Um, so they hired him to be their their marketing guy and he immediately began running social media campaigns and advertising campaigns. But I you can ask yourself how many times you've seen Stanley Cup advertisements and how many times you may have not, but yet how many of us in the room know somebody who owns a Stanley Cup? This is good. How many of us own a Stanley Cup? That's not me, but that's okay. That's not bad. I have the result of a Stanley Cup right here. This is the Bides bottle, by the way. If you want one, maybe you can go talk to

somebody. Um, so we all kind of live in this world now where we're Stanley Cup impacted or adjacent. Um, but one of the things that um, Terrence did, and I'm not picking specifically on Terrence, uh, this is the general marketing group or campaigns, right? They targeted specific people with specific characteristics. And now we don't have the profile of people that he targeted and this isn't wasn't the only reason why Stanley Cups were so successful but this is a big one. I will talk about some of the things the characteristics that they're able to discover about people though just through their very surface level research on people and target markets and these are in order of

cringiness. So get ready. Right. First thing is he targeted specific genders. Gender. Then he focused in on age range. We're all like, "Okay, well, yeah, you can see that by looking at me or a picture." Okay. um targeting specific income levels, um home ownership status, maybe people who fall into a specific weight range, people who have a specific family size, people who have specific number or range of social media connections. Um and this is where things get even crazier, I think. uh people who when they do something on social media have other people who follow them on social media because we can trend how one person doing something impacts their neighbors on social media or their

friends on social media and um people who have political leanings that align with whatever message Stanley Cup is saying. People who have a certain number and or lack of number of cosmetic procedures and how often they p they do those. People who have connections who are a certain level or rating of influencess. I made that word up a little bit. Influencable is a how influencable influencible their connections are. And I think these last few were like how impactful, how do they impact their connections, but also how able to be impacted are their connections are a little bit creepy because no longer is the data they're gathering about, let's say, Steve important. Um, instead what they care

about is Steve's friends and how Steve's actions interact with their friends actions, if that kind of makes sense. So, just think about like how much information you need to have about a person and their connections in order to be able to say, "If I target you, I know that your friends have a 15% chance of doing exactly what you're doing. But if I target you, I know that your friends have exactly a 58% chance of doing what you're doing. And if I know this person and that person buys this product and posts it on social media, I have a 39% chance that they're like, that seems a little bit weird that my actions are being predicted by somebody else's

actions, right? Um, and so successful marketing in this case was possible because of data. So, let's jump to the you're murderer story. I know that my title of my presentation is a little bit clickbaity, so I apologize for that. That's okay. Um, let's let's go back to and talk about Sarah. What I have on the screen here is a screenshot of someone who lives near Atlantic City, New Jersey. And I have here on the screen every place that this person has been in the six months leading up to January 2024. So, I'm tracking where this person has been. You can see where they've traveled. You can see where this person has stopped, spent time. You may be able

to deduce where this person lives just by zooming in on this map. It's purposefully zoomed out. You can probably see where they like to spend time. You see that something in Pittsburgh is calling their attention at least once or twice in the last six months. Um, and so what is this? So this is using a program called locate X. And locate X gathers information from a variety of sources, not just one source. Um, and then it collates all these data into a nice little easy time readable graph and I can select any time period and see right I it's it's really easy to track this person's loc Oh wait sorry I can't say person because that's illegal

we can't track people you know that right like you can't put a tracking device on a person's car that's illegal so sorry it it tracks a mobile devices location thus it's okay this is why it's legal because we're not tracking a person we're tracking a mobile device. My bad. Okay. So, uh, we're allowed to do this and we can then have a map of everywhere this person has been, I mean, mobile device, right, in the last 6 months. If you feel like this is probably not cool for me to be able to have this data, you're probably right. So, um, this product is intended for law enforcement. How could I get access to it? How is this

possible? So, let's jump back to Sarah. Um, in 2024, a group of advocates, for whatever reason, um, were able to get access to locate X's service. This is a group of advocates who had leanings one way or other on the issue of abortion and access to those services. And so they promised that they would help law enforcement because they resided in a state where there were certain limits on things relating to abortion that could happen. And so they promised that they would then help law enforcement to track people who were going to other states to have procedures performed. Um but this advocate group was not law enforcement. I am not law enforcement. So, how did

they get access to it? They just said, "Oh, no. We're going to do it." And then they paid a fee and then locate X gave them access to everybody's data. So, what they did is they set up a little geoence or little geoloccation around in their case Planned Parenthood home or locations. So they said if you've been within a certain number of yards, feet, tens of yards, I don't know, of this Planned Parenthood location, uh we can track your device, not you, your device. And then if you take that information and you connect a device ID to a phone number, not that that's ever happened in a leak, uh then you can easily get that person's phone number.

Sarah happened to be in a parking lot of a Planned Parenthood place. We do not know what she was doing there. That's not the point. The point is after she left, she began receiving texts calling her a murderer, telling her that she's a terrible human being. Regardless of what happened there, she could have been there to bring a friend. We don't know. That's not the point of the story. And I'm not that's not that's not the point. Just because she was in that location. I don't know if any of you have ever driven by a Planned Parenthood place, but you may be also on this institution's tracking list. Not you. Sorry, your your device. My bad. Okay.

Yeah. Right. Um, yeah. I don't know how I feel about that. So then let's talk about Kendall. Kendall, what happened to him? So he discovered that Lexus Nexus is actually a company. It's a data broking company. Um, and they collect and synthesize as much information as possible on everybody. Their goal is to literally the only reason they exist is to collect as much information about you as possible. That's what they do. Um, and then they form a profile of you and who you are and what you do, etc. Well, General Motors had a contract, I said, I guess this is had in the past tense, a contract to share all of its car information with Lexus Nexus. Um, so

what would happen is if you bought a new car and you signed for your car that now Lexus Nexus will assume that you're driving your car everywhere and it will track when you drive, how fast you drive, how fast you break, how fast you or like what times of the day, what locations, etc. And the insurance company will collect that information. And in his case, Ken, he went to the insurance company and said, "I never gave you this permission. Nobody ever informed me about this." and you're collecting all my data. And so he he sued this insurance company and sued General Motors and um said this is not cool. The insurance company decided that he pushed the brake too hard. I don't

know if any of you have lived in Utah, right? Like this is okay. I I felt Anyway, you I I feel like I can't drive anywhere without pushing the brake hard. Um and that he was driving in locations that were maybe dangerous and during times of day where there were more cars on the road. Therefore, he merited a 21% increase in his insurance costs. Like, what? He ended up suing GM and won that case. And so, the US barred GM from selling its information to Lexus Nexus for three years. So, I I think we all know what's really happening with GM. Also, GM makes a lot of money off of selling all your car information. If you have a car

that's 2014 or newer, likely you can't escape this. Um, not good. So, okay, that's all relating to data and tracking and privacy. I'm going to put on my tinfoil hat for a minute, but I want to promise that this is not a tinfoil hat speech. I'm not here to try and get everybody to go hide in the mountains and destroy other devices, although that's probably the only way you can stay off the grid, but regardless, I'm that's not my that's not my point, right? This is more about like where do people get our data and why do they want it and how can we maybe take these digital breadcrumbs that we leave and spread them a little wider so that

there's not a clear trail back to us and so that I don't need to worry about maybe tomorrow getting a letter in the mail saying sorry you drove by this place we are now going to charge you $300 for being in a place where there was a car accident what okay right um and these are all like more of the not serious infractions that could happen against you and your rights and or wallet, right? Um so how do others learn about you? Obviously your phone. We'll talk about this in a in a minute. Um your emails, your internet activity, uh any account information you share. When you sign up for an account and it says,

"What age are you?" It's like, "Why the freak do you care?" Um if you sign up for someone, they're like, "Can you give us your address?" Why do I need to give my address to a this movie theater? like I'm going to the movie theater to watch the movie. I should you should be giving me your address, right? Like I it's not the other way around. Why do you need it? Um anytime that you interact with anything um so let's say I'm right now interacting with my computer. My computer is taking information about that storing it somewhere. If you have co-pilot fully on with the screen reader capability, maybe it's taking a picture of your screenshot or a screenshot of

your screen every five seconds. If you have an iPhone, it takes a screenshot of everything that's on your screen every time you either change an app or push the power button or log out or log in. That's a different story. If you want to know more about that, talk to your favorite police officer. Um, so anything you interact with collects information about you. And then anything that can detect you as well. I'm currently using a flipper on Bluetooth. If there's anybody here with a Bluetooth reader, you will know that this device, not me, this device is in this room. And if I were to go to a conference in Timbuktu and someone has also access to a

Bluetooth reader, they would know that my device is there. So they'd know that I've been in both places. It's not hard to sus out who I am when that happens, right? So anything that can detect you also gathers information about you. So again, this isn't a tinfo hat, but I want us to be aware of these common things. And I'm going to talk a little bit about how to mitigate most of these things, right? Um, I'll just share a couple of examples of interesting data that I interesting places that gather data about us that I've found um, and I think are common use among everybody. The mother of all data hoarders is Google Chrome, right? And I love this. I don't

know if you can see this if you're not sitting close to a screen so I can read this, but uh, it's it's telling us that limited, i.e. not everything. So, I guess if yeah, they can't take a picture of me that's limited. everything else they can track. Limited types of data are shared between sites by Google Chrome, not because you allow them, just by Google Chrome. It does that on its own. Um, I love that it says add measurement data is deleted regularly from your device. You know what it doesn't say? From their devices. Yeah, that's a problem. So, there we go. Okay, go. Good. Well, that's makes me feel bad. Your browsing history is kept private on

your device and reports are sent with a delay to protect your identity. So, in other words, you're still sending all the reports back to Google and then you delete the evidence from my device and then you keep it. I don't know if you read this privacy privacy closely, but that's literally what it's saying. Um, I like some of these other ones. This is this is kind of interesting. I I I visit a certain website and um it collects information about the device you're using to connect to the website. So, anytime you connect to any site, you can query what graphics card are you using? Uh what's your screen resolution? How many cores are on your device? Um

how many pores and ecores do you have? Um how many like uh gigabytes of RAM are on your video card? Uh and it can just query information about your device. Now, I don't know how many of you uh live in a certain neighborhood with a certain range of IP addresses and how many of your neighbors have the exact same computer and or cell phone that you do down to the same number of or the same limit of storage and the same number of gigabytes of RAM or whatever. But again, it's if you know a couple of these pieces of information, it's really easy to track who you are. And Google willingly shares this information with

anybody who asks or queries, right? Chrome. So that's I don't know if you noticed I'm not a huge Chrome fan. Okay. Um I love obviously they're like logs like logs in any business those exist. So we can see that in this case I think his name is Kevin right? Kevin is trying to find through a proxy at work. He's trying to research how to uh get I guess download a PowerPoint to a movie or something along those lines and maybe rip a YouTube video. And so you can kind of figure out that, okay, this is Kevin and here are some of his likes or dislikes just by the websites he's surfing. Uh, one of the worst offenders

is your cell phone provider, right? They keep logs of everything. Who called you? How long did you talk? Where were you when that when you answered or did not answer that call? Did you decline that call? Did it go to voicemail? How long was the voicemail? Um, what you know, like how many times did they call you? Like all this is stored by Verizon. This is all for law enforcement purposes. Yeah. Right. Um, and so that that's something else, right? All that's readily available for you. This one was fun. In 2019, Pirelli, um, Pirelli is a brand of tire maker, upscale, top-notch tires. You Anyway, Pirelli announced its new Cyber Tire. Cyber tires. I didn't

think I would ever have to say that in my life. Uh, it's a tire that has a 5G chip enable or embedded in it so that all of your tires can talk through cell phone services to all the other tires on the road that have this chip and or cars that have the interface on it. Um, I guess it's like a way for you to communicate, oh, it's icy up here on this patch of road, so maybe slow down. And then you have a little popup on your car, but what I need four cell phones in each one of my like a cell phone each one of my tech like anyway, okay, that seems weird. Uh, Google Maps, Apple

Maps, they're the worst. Don't use them. They track all your data and then they don't accidentally lose it like they did two months ago, right? Like, so this this is something that we are all aware of. I think nobody's living in the dark on that one. Um, I love Facebook's privacy policy. I don't know if you knew this. If you open up the Facebook app and try to take a picture of yourself, Facebook not only owns the picture, they own all of the images that ever showed up on your phone before you push this take a picture button. That's kind of neat. Um, Facebook owns a lot of a lot of I mean everything. I I I don't need to I think

I'm kind of preaching to the choir here, but like let's say you're trying to take a picture of yourself and you accidentally like move your phone past somebody else who's inappropriately dressed. Like that's that's Facebook's property, so you can't get rid of that. Um that's fun. I love in B2B credit card processing, you don't just share if you're like a you don't just share the transaction and the card number. Uh you can also share anything about what did you purchase, what were the I uh the the SKUs of the products you purchased, how much did each one of those cost, how much tax did you pay. Uh so we get a pretty good idea of what kind of a

shopper and or shopping a shopper you are and shopper shopping habits you might have. Um so it's like all all this and more. I just downloaded one thing of Google data before I swiped on my Google data a while ago. And um it tracks the millisecond in which I initiate a step and the millisecond in which I terminate my step. So that's step counters don't just count how many times your your steps go up and down. Like it's like it tracks the millisecond I initiate a step and the millisecond in which I stop that step. So I think it'd be really easy for anybody to figure out, oh Ivonne just got injured because he's hobbling a

little bit, right? like what's going on? Why is he why is he stepping like this instead of normally? Or oh, he's getting bad hips. Uh he must have arthritis in his left hip because he's been walking a little bit, you know, 2.68 milliseconds slower than whatever. It's like what? Like why why do you need this information? But insurance companies love it. So we gather personal information about you. We gather behavioral data about you and we gather technical data specifically like how do you even interact with things? Where are you looking on the screen? Did you swipe up? Did you swipe down? How far did you swipe up? How fast did you swipe up? Each one of those things tells me a

little bit more about how much you liked and or disliked the ad I just showed you. Right? And it's crazy how fast we start gathering information about this. If you want to do an interesting experiment, try going on a computer that's completely fresh. Open up Google Chrome, go to YouTube, and see what the first five to 10 videos are that YouTube will show you. Immediately, they start profiling you. There will be usually pictures of scantily clad women and scantily clad men. And that will be your first divider. They'll start to sort you out like that. Where do your eyes go? Where does your mouse go? how fast you scroll past any one of or andor all of

those videos and they start prototyping you and they get the most they they'll throw out a really Republican and a really Democrat ad and or a video. They'll throw that on there. See what you gravitate to. They'll throw out the most divisive content they can see what you gravitate towards and within usually 15 to 20 seconds they have a profile of who you are. At least gener, you know, basically speaking. All right. So again, why or who who who are the people that are gathering this information? Right? We know that people gather information. I'm not doing a tinfo hat. Who are the people who gather this information? Let's talk real quick about the different actors. Obviously, there's

nation states, law enforcement. Um, this one is harder to fight. I I I I don't think that you can really hide from someone with unlimited resources who really wants to find you, but that's a different story. Um, there are hackers and adversaries. That's a thing. There are people who want to get access to your accounts or devices or whatever. That that's a thing. Especially in if you're in a high-profile situation or work at a major company, anything they can do to get information about you, that's that that's something that happens. Large companies, we all know Google's the worst. Apple's not better. Sorry if you're an Apple fan. Um Microsoft's way worse. So, there's that. Um and then, yeah, those are the big

ones. We There are many others. Amazon is right on that list. Websites track you through cookies and metadata. We already talked a little bit about that. Um, web servers track you, but there's also like other things like CIS admins have to track you and I think should track you, right? Like you shouldn't be going to newestviruses.com and downloading everything on your device at work. Like that's a problem. So like that's CIS admin should be able to at least prevent certain actions from happening, right? Um, hardware manufacturers, let's say I'm using this clicker and it really wants to know how hard I'm pressing the button so that they can see when it fails. Flipper doesn't do that. Uh, but

there are like bed companies that track when you sleep and how hard you get into bed and how you move and whatever. If that doesn't creep you out, it I don't know what does. Um, so like there's there's like that aspect of things too. So there are hardware manufacturers who also prefer to track and all of these data points can and often are sold to larger companies that are data brokers. I looked up what are the biggest or most uh biggest in terms of revenue and in terms of not uh like being known by the public uh data companies. Obviously, the number one is what's the biggest data broker company? Google. Okay, thank you. Thank

you. Right, Google was the one, right? That's what's the second most. Facebook's up there, but no, Apple. Apple's up there. That that's that's number two. So, those are the two largest data hoarders. Um, the third one is Experian credit checks. Anyone? I don't know how much data Experian has on us, but it's a lot. If it's up there with Google and Apple, that's a lot. The next one is Epsilon. Anybody heard of Epsilon before? Sweet. Me neither before this presentation. Um, I love I love what this is. This is from their website. They say, "We pride ourselves on what people might want to purchase at any time." Okay. There's another company called Axiom. A CXO M. I don't know if

you've heard about that one. Um it says brokers comprehensive consumer and audience data for insights, predictive analytics and data segmentation which allows marketing campaigns to be appropriately targeted to specific leads. Okay, so marketing core logic works with insurance companies. Lexus Nexus works with insurance, healthcare, financial governments and the surf and the or financial services and the government. Um Aristotle is another one. You know what Aristotle does? Nope. anybody only political campaigns. They make all of their money selling data to political campaigns. And that's number eight or seven on the list. Number eight on the list is Live Ramp, which allows you to take multiple data sources and it will put them together for you. So you can go get data

from all these other places and live ramp all of them and spit out a a profile specifically on you. Right? Okay. I'm done talking about um the Tinfo hat thing. What I want to talk a little bit about is prevention. So, I already put this list up on the board and I want to discuss real quick and in a few minutes um what are the sources of information from our phones. So, if we do the phones, um our phone number is the biggest thing that can link back to us. How many of you when you go sign up for uh a service that doesn't need access to your phone have been asked what your phone number is before? Think

about that for a second. Probably in the last week. Um, you sign up for a service and it says, "What's your phone number for recovery method?" And then you click recovery method. It's like, "Check your email." Like, well, why the freak did I just give you my phone number, right? Like, why do you need that? Because phone number is what ties you to me, right? That's what ties accounts together. That's why. So, maybe if you could get other phone numbers, that would be a good thing. It is possible. If you want to learn more, talk to me afterward. Um, they can look at your contacts. Have you ever downloaded an app and it says, "We need access to your

contacts." and you're like, I'm just trying to clash with other clans. Like, what's going on? Why do you need access to my contacts? Because if they have access to your contacts, they have access to who you are. Also, they have access to the phone numbers and names of everybody else on your list, which they can then use to tie the phone number that I had to register with to my name and then sell that back to Lexus Nexus or whoever. Lexus Nexus is get picked on just by default. I apologize. There are other worser companies. Um, right. So, there's that. So un unless you really need that app or unless you can opt out of contacts, just don't use those apps.

That's another story, right? Um emails. Email addresses tie everything back to you. I need an email address. Um there are ways for you to spin up an email address for only whatever service you want, like a fake email that'll just forward to your email inbox. Even even Google has gone on this hype train. So, you can just spin up an alias and then have it forward to your Gmail without ever having to give out your email account. I have probably four or five different email accounts that nobody's ever heard of. I've never given them out. And all of the other emails that I do give out point to those email addresses and it was the best change

I've ever made in my life. Also cool is uh I signed up for a service once with a throwaway email address. It forwarded to my inbox and an hour later I got a email from someone named I don't even know ABC and they said, "Hey, we found out that you set up for the service. We want to build an app for you." And I'm like, "I know exactly where this came from because it came through this alias email so I know who's selling my information." That's kind of fun. Um, that's a different story. So, we already talked about internet activity and how people can track your internet activity. Um, and your I can track your IPs and your

hardware, etc. There are browsers that will prevent the internet from querying for that information. So if it says, "Hey, what's your graphics card?" It'll say, "Boom." And that's great. That's awesome. And say, "Well, where do you live?" It can say, and then nothing comes back. That's awesome. So, I love that. Um, I'll give you an example in a second. Don't worry. Yeah, we're there. That's where that's where I'm finishing up. And that's why this is not a tinfoil hat speech, right? Um, account information. Do you have to give people your real name? Okay. Don't ever. My name is Jimbo Shimbo. That's great. Like totally fine. You're You're every one of us could be Jimbo Shimbo. When you go sign up and it

says for your Smith's card or whatever and it's like what's your phone number? 8075309. That is your phone number. Why do you need to give them your phone number? And is anybody going to going to forget 807539? Like we all know that song. Well, maybe some of us younger don't. I don't know. Think of a different one. One, whatever. give that number and then when they when they when you go and you say what's your phone number you see 8075309 and they're still going to give you the rewards they're still going to give you the discounts you don't need to give them your phone number right like why do we anyway that's that's that's a different

story um but also user how many of us reuse passwords in here please don't raise your hand okay how many of us reuse usernames why we don't need to you could just make up our I mean we all have password managers by this point in time, I hope. Right? Can't you just generate a random string with a password manager? Use that as your username. I'm K18643821 whatever Q on as my one of my usernames. Like why do I need to be Yvonbanov? I don't need to be that. I could be anything. Don't reuse your usernames because if I see Vonabono here and I see Vonabonov and I see Vonabono here, I know obviously this is the only

Von Bonov who's on this side of the world. Um, and so great. Okay, I know who you are now, right? Um, location. So, we could track locations, contacts. I already talked about contacts. I um I'm gonna just breeze through this because I'm getting a little closer to the end than I want to be. Um, but there are other things. be aware of Wi-Fi uh Wi-Fi connectivity, right? Anytime you ping a a a uh a Wi-Fi router, your MAC address gets stored there and that can be read. That can be sold back to Ubiquiti. That can be sold back to Cisco. Not that Cisco ever would do anything like that. That could be sold back to any of your your your

infrastructure providers. And then when you show up at another building that uses the same brand of infrastructure, the same MAC address pops up and they know where you are, right? Um, be aware of these things, but don't necessarily freak out. Okay? Just be aware of these things and see what you can do to mitig mitigate them because there are ways that are pretty easy to mitigate all of these things. You can have every time you connect to Wi-Fi, your PC spin up a new MAC address that's randomly generated. In fact, it's done by default on a lot of devices. But if it's not, you should make sure that's a feature you could enable, right? That would be

something to to again spread these breadcrumbs a little further from other people who want to know where you are all the time. So, why are we being monitored? I'm gonna answer this question, then I promise I'll get to what are some solutions to this. Why are we being monitored? The number one answer is money, right? Like that's that's a fact. Ultimately, people want to sell you things and if they know that they can do X, Y or Z to sell you something better than the competition, then they are in the lead, right? If they know what kind of people you like to look at in pictures, they will find a person who looks like that, even AI

generated in the moment to sell you whatever product they're trying to sell you. Right? Number one reason is money. The second reason is control. Um, and this can be good or bad. Uh, we do know of governments in the world where they restrict certain types of activity. They restrict certain types of actions. They can track you and they do track you regularly all the time. Whether or not we live in one of those is up to you. But that's one thing. There's also a good side to control like like I already talked about with CIS admins for example like somebody in the like a CIS admin or a network manager would want to make sure that you don't perform certain

actions. They want to control certain action make sure that they prevent malicious actions from taking place. That's okay. So those are kind of the two main main reasons is money and control. Um so when I'm talking about privacy I don't mean being anonymous right? My condition or my definition that I'm using is the state or condition of being free from being observed or disturbed by other people. I use this as an example but and it's whatever. We all want to be able to go to the bathroom on our own, right? I don't need to be observed in the bathroom. I don't want I want to be free from disturbance and or observation. And why is it that we feel

like we need to have some physical space to do our business, but sometimes we don't even care about our digital space? It's like, man, whatever. I can't. They're tracking me. It's fine. Out of, you know, whatever. Like, why is that okay, right? Every one of us, I'm going to put these up here again just because I'm getting a little bit closer. Every single one of us needs online privacy. If you com if you if you've purchased something on the internet, you need the ability to do it without being observed or bothered or disturbed, right? Every single one of us needs it. I mean, there are other people who who might be a little bit in in like more grave danger

if immediately exposed, but every single one of us needs online privacy. And yet, when I say everybody needs online privacy, what do you think is the most common response in the United States? I've got nothing to hide, right? Why should I hide? I don't have anything to hide. A, you just told me you did have something to hide because we all like to poop in peace and because we all like to shop and we have a credit card number, right? So, like, sorry for being a little bit crass. Um, like that's we we do have things to hide. That doesn't mean I'm a criminal. It means I want some space where I can not be observed

for at least a minute. And we need that. like as social as as like beings, biological beings, we need some time, but on top of that, there are times in our lives where we want to hide stuff. We've worked with IP before. We've worked in situations that are sensitive to those that were in like our co-workers and our whatever and our clients and our customers. I have nothing to hide is an ignorant thing. And if anybody tells you that, please, please don't let that slide. Yes.

I love what Trey said. So Trey Trey's in the back. Thanks, Trey. Trey says, "You may not have something. You may feel not feel like you have something to hide, but you do have something to protect." My favorite answer to this is you don't know what's worth hiding. Ken Dah did not know that how hard he pushed on the break during or at 4:30 in the afternoon on a Thursday was going to cost him $105 or whatever, right? You don't know what's important. Things that are okay now and acceptable might not be tomorrow. Not speaking about recent political events. Things that are okay here might not be okay there. I might be able to put something on my phone here

and send it go somewhere else and there I could be they they could ask to or forcefully take my phone, take all the data off it and then I could end up in prison, right? Like this isn't this isn't a hypothetical situation. These are This is a protest in June of 2019 in Taiwan where people went to sort of say, "Hey, we disagree with what's happening right now in Taiwan." When they tried to go back home, they realized that everybody's it's called an octopus card. It's a card that you have to scan to go through the um the the the metro. Everybody had their name and address tied to this. And if you were in this

location at this time, even if you worked there, you ended up on a national blacklist of people who are dissident just because Hong Kong, sorry, Hong Kong, my bad. Um, right. Like because you're a political dissident. Maybe you work in this building. Maybe that's where you work and you're just going home. It doesn't matter. You're now a problem. Maybe I just drive by a location that's geoenced by somebody. I'm now one person on their list of dislike, right? Um I'm not I'm gonna skip the Shannolyar story, but the gist of it is she was on an online dating site and found some guy that she liked. He ended up dating somebody else and so she killed all that person's animals,

burned down the house, and then killed that person and is now in prison. Um, this other person that was being dated who ended up dead had nothing to hide, but Shana was able to find her and where she lived and all the information about her and then target her specifically. All right, I promised I would finish with what can we do? I have six and a half minutes left. And my answer is be a privacy advocate. And yes, I know that that's misspelled. I apologize. I used AI for all of my images and this was better than be a privacy avocado. Um, but regardless, so that's be a privacy advocate. For me, the thing that I would ask is that a you

think about privacy and b help defend it in one way or another. I don't care if you knowingly opt into all the data gathering ga g g g g g g g g g g g g g g g g g g g g gathering things. That's okay. But that doesn't mean that privacy is not important. My hope is that at the end of this talk, you will realize or or maybe feel a renewed passion for defending privacy in one way or the other, thinking more seriously about it, and maybe making a change or two that will make you a little bit less susceptible to being identified and those around you a little bit less susceptible to being

identified. It's not okay if I am in a witness protection program to have your phone send my MAC address to Joe Schmo just because you have nothing to hide, right? Like why does Joe need to know where I am and then publish that information online where I can then be tracked via Loc X, right? So, first thing that you can do is get a better browser. I told you Chrome sucks. It does. It has I also I'm not unaware of the fact that it has like a 90% adoption rate right now. I think 87 88 something like that. Um use a better browser. I'm not a spokesperson for any of these companies, right? Brave will

not send out any information about your computer. You can set privacy way or like different privacy by default. It's very private, but you can even add more um privacy settings. Librawolf is great. Mulvad browser is also another good one. These are companies that have a commitment toward privacy. They don't make a lot of money the way Google does. They don't steal all your information and try to get money off of it, but these are decent. Yes. What's the last one? The last one is called Mulvad. M U L L V A D. Mulvad is also a really good VPN. That's a different story a little bit later. Um the second is stop using Google search, right? Duct

tuck go is okay. I don't think it's bad. Um I they have a they have a commitment to privacy. Start page is another one. Start page is kind of a cool service. They do all Google searches, but then work them through like a a central service. So they all go to the same IP address and then they forward you the Google searches. So you can get the exact same information you would from a Google search, but you just go to startpage.com and search there. Is it equally as fast? No. But can it track information about who you are? No. Win. Put that in my win column. That's my when I open up a new tab, it goes to

startpage.com. Um, change your email provider. Don't use Gmail. Again, Gmail is about 85% adoption. There are other ones that are better and have a commitment to privacy. Um, the first one is Tudaota or TUDA and TUDA's great. That's that's a good that's a good uh suggestion. Proton Mail is another one. Proton is one that I I I personally use, but that's that's okay. You you can use whatever. And I can forward emails to my inbox from all different places and nobody else has to see them. and then they stay there and they're committed also to privacy, right? I'm not saying any one of these solutions is perfect, but they're better. Um, also change your messaging service, right? Don't use

Google messages. You know that even if it's RCS or an encrypted message if it's open in a Google Messenger, Google reads it. Apple messages, Apple reads every single text you have and it's really easy to get it off your phone. Super easy. We have a talk at DC435 on that next month. super easy to get all the messages you've ever sent on your phone. Um, bonus, if you go to Signal, you might even get invited to something you didn't really want to be a part of. So, that's cool. And, and so, like, you can use Signal. The first one, the first one that's on there is XMPPP. The second one's Signal. The third one's session.

XMPPP signal or session. Those are all private encrypted, endtoend. Only you can see the input and output and the person you're messaging. Those are all good resources, right? None of the information then goes out to other people or other sources. And then this one's good, too. Use a VPN. I had AI generate me a graph of a VPN. I think this is probably the most funny thing that I'm going to talk about today. Like, what is even happening there? I don't even know. That's not a VPN. Um, at the same time, please be aware of what a VPN is, how it works, and don't just be like, "Oh, I'm going to go with ExpressVPN because Jimbo Bimbo on

YouTube." uh which is sponsored by Google which then sells it because they gave a an endorsement. Uh VPNs do not protect you from criminal activity. All a VPN really does is it moves your IP address from and your traffic from one place to another. So then you won't know what's going on in between, but all of the stuff that gets decrypted at the end point is still decrypted and usable. So, let's say you go to a free VPN provider that's owned by some other nation state actor. Like, let me let me back this up. If I wanted to gather all the information on everybody from a different country, the first thing I would do is market them a free VPN

service that goes to my basement. And yes, all their traffic would be encrypted until it reaches my basement. And then I could read everything that the entire country is doing on the internet. So, be aware of what VPNs are, right? How they work. Choose one responsibly. There are many resources and and guides online. Um, I think that there are some good ones. Um, the ones that I think are okay are NordVPN, they're decent, although they're super expensive. Surf Sharks all right. ProtonVPN is okay. And also Mulv uh VPN, which I talked about as well. um those are kind of ones that are committed to privacy and they do a good job of protecting your data. And when

you do these things and you start thinking about why am I giving out this information? Do I need to? Do you do you need to give your real information when you go sign in to a hotel? Do you need to have your name attached to your house? The answer is no. We can talk about that later. Um, do you need to have uh a credit card number that is used in the same place everywhere? Did you know that you can spin up a credit card number right now right here? Did you know that you don't need to share your username? You can you don't reuse reuse that, right? We've talked about that. Do you know that you

don't need to reuse your emails? Do you know that you don't need to reuse your same device MAC addresses and the same information? all these things that get filtered or fed into these large data companies. You don't need to use the exact same thing every time. What we're doing is we're spreading the breadcrumbs a little bit more. I think as privacy advocates, I'm out of time. I think or sorry, I think as as IT professionals, we are kind of the ones that love breaking things. There is no reason why need we need to be of that mindset of, well, I can't get out of tracking, so whatever. I'm not even going to try. Like when was that when was that a

thing? When was the last time somebody gave you a device and said here this is the only thing it can do? I literally am holding a flipper in my hand, right? Like the we break things. We're we're dissident sort of by culture. Don't give into the it doesn't really matter narrative for me. I just want to finish with this. I feel sad that I have a little daughter just turned two and Google already has a profile on her. Because in an app somewhere sometime, we put that we're going to have a kid and Google knows when roughly she'll be turning 13, which means that that should become prime advertising campaign material. It bothers me. It bothers me

that when I'm thinking about doing this or thinking about buying that, ads show up in front of my face about that thing. It bothers me that I might have an opinion about what to do and then I might see a whole bunch of content that's trying to persuade me to do something else. It bothers me that when I search for an answer to my coding question on Google and I click on a few links and then I run out of time so I have to go back the next day. All it does is show me the links that didn't help and more links like that. I just want I want a different answer, but no,

I clicked on these links, so it's going to show me more of that kind of content. That bothers me. I don't know if you've ever had that happen in your coding and or dev experience, right? Don't submit to it. All I ask is that you care a little bit about privacy and that you stand up for your rights. So, that's my presentation today. If you have any questions, feel free to come talk to me. Thank you for being here and I hope you have a good one.