Lessons from Blindly Agreeing to Terms

Unsecurity Podcast

Recently, Amazon made changes to their terms of service. This sparked a conversation between Evan and Brad about terms and conditions, privacy, and what we tend to blindly agree to. Together Evan and Brad discuss Amazon’s Conditions of Use and what happens when you are blindly agreeing to terms.

Protect Your Organization from Cybersecurity Threats

SecurityStudio help information security leaders at organizations ensure they’re protected against cybersecurity threats, stay insurable, and legally defensible with our risk assessment and risk management software. Schedule a demo to learn how we can help.

Podcast Transcription:

[00:00:22] Evan Francen: All right. Welcome listeners. It’s good to have you join us on this funny Tuesday something. Hey, Thanks for Tuning in to this episode of the Unsecurity Podcast. This is episode 140. The date is July 20, 2021. Running is my good friend Brad Nigh. Hey, Brad

[00:00:40] Brad Nigh:  Good to see you have a picture of what’s actually happening outdoors right now.

[00:00:45] Evan Francen: Oh, all right. Yeah. Well I’m wearing a tank top. They, you know, working from home like you are and in downstairs my wife is like, why are you wearing tank tops and everywhere? Tank tops? It’s hot outside. Oh my gosh.

[00:01:02] Brad Nigh: Yeah, ridiculous. That’s me. Even hotter next week. You see next Tuesday, the forecast is like 105.

[00:01:08] Evan Francen: Yeah. That’s nuts, man. I don’t know. I don’t even know what to do outside. We are. Yeah, we came back from Mexico yesterday. That was kind of fun. Um, I’m kind of excited to get you down there and your family. It will be fr secure south headquarters. Here we are. Yeah, yeah, you’re fine. I’ll show you. I’ll hear some pictures with you. Awesome christian and we saw get lunch together dinner because I’d like to see it.

[00:01:42] Brad Nigh: Yeah, absolutely. They were like that in a while. That was asking about his ah we need to see his girlfriend again and we’re like uh like, you know, we we went and had ice cream with her and I sat with, so you remember your daughter? It was funny.

[00:02:01] Evan Francen: That’s awesome. That’s great, Libya. By the way, my daughter, she uh got her job today. So I’m excited because that should be last dollars out of my pocket. Pay for weird things that 15 year old girls by. Yeah, tell me about it. She comes home with like uh I’m gonna go down around the whole

[00:02:23] Brad Nigh: uh

[00:02:25] Evan Francen: All right, well things are good. A couple of things, so we have a packed show today. You can easily talk all day about, you know, some of the things I’ve got, we’ve got in store, the first one is um I’ll just go through the topics. The first one I just called it, you agreed to what layman’s you about all these uh the terms of service privacy notices on and on and on. I don’t think anybody ever reads these things

[00:02:54] Brad Nigh: very, very rarely well,

[00:02:56] Evan Francen: and I did, I decided to because there’s a couple of companies that I’m just kind of shut up with in terms of what I feel like is overstepping trying to do everything for everybody. Um We’re doing a whole bunch of things. Well, but not great.

[00:03:15] Brad Nigh: Yeah, well, and and if you read through them, they’re not written in a way that’s easy to understand their, it’s pretty intentional to, you know, make this confusing. You just, you know, very complex language. Uh Oh

[00:03:32] Evan Francen: yeah, totally. So we’ll go into that and you, you identified a really cool cool website that will bring to bear here in a little bit. And then um, kind of big news I guess not surprising, but big news is Pegasus. Yeah, that cyber surveillance weapon,

[00:03:55] Brad Nigh: we knew it was out there. And yeah, we’ll talk about that when I got some good thoughts on that.

[00:04:01] Evan Francen: Yeah, not cool, not cool. And then the other uh, three topics, the layman’s view into, you know, terms of use and all that, legally legal stuff. I’m not a lawyer. You’re not a lawyer. Thank God because yeah, well yes, I’m not a lawyer. Uh, and then we’ll go into the Pegasus thing and then we’ll talk, you know, last is we’ll bring up this chinese backed hacking group, a pt 40 you’ve been in that response for a while you’ve seen that come up here and there chinese and the US indicted some of their members for whatever that’s worth.

[00:04:42] Brad Nigh: You know, at least something’s happened.

[00:04:46] Evan Francen: That’s cool. They called him up my name. I think it sends a message, the chinese like we know exactly who this is,

[00:04:53] Brad Nigh: right. Yeah, it’s, you know, are realistically if you look at it, that’s a pretty big deal to do to another country, but we’re going to that one later.

[00:05:03] Evan Francen: Yeah. You don’t see the chinese announcing our guys by name, right?

[00:05:10] Brad Nigh: Yeah, it’s fine to talk about you.

[00:05:12] Evan Francen: Yeah. So first we’ll talk with this uh sort of this legal stuff. So what kind of spread this for me was, you know, someday maybe I got an email from amazon saying, hey, our terms have changed. Mhm. Yeah. For some reason they just caught me at just the right time. I’m like, well what? Yeah. So then I clicked on there link which led me to amazon’s conditions of use. I was like, oh my God, this is a lot of stuff.

[00:05:43] Brad Nigh: So I sent you another link that will back up what I’m about to say. So here’s the thing the is it the literacy project? The average reading level of the US Is a 7th or 8th grader. And then Take that. And when you look at uh studies are showing that people skin web pages and read about 18%. So you’re writing documentation at a, you know, graduate level. How the hell you read it? Are they going to understand it?

[00:06:18] Evan Francen: Right. And even if I understand uh the sentences of the words or maybe even a paragraph, the way they write these things, it’s like one paragraph weaves into another paragraph which then we’ve back into another paragraph previously stated, we’ve got another paragraph and then click link to another document. I can understand. What I’m reading. What I can’t understand is all the lakes here, there everywhere. A

[00:06:46] Brad Nigh: Section three, Paragraph 4. I’m what that was like I’m on subsection 20 what the heck is going on?

[00:06:54] Evan Francen: Well, exactly. So you know I, so I started reading these conditions of use and it was last updated on but they isn’t, there are terms have changed and so I was thinking that was click the link brings me to the conditions of use which says it was last updated on May 3rd. And I got the email mm july 18th. Don’t know if that’s the thing that changed or not.

[00:07:21] Brad Nigh: I don’t know.

[00:07:23] Evan Francen: But it brings you to this help and customer service web page. And on the left side there’s a, you know, heading is legal policies and then you’ve got conditions of huge privacy notice, amazon group companies, non exhaustive list of applicable amazon patents, the applicable placements, patents. You’ve got non exhaustive list of which non exhausted means it’s not everything. Yeah, I know what those words mean. I was like, well where’s the list of everything? Right? You know, and that leads to all this legal mumbo jumbo. Two words may may not. Yeah, this but not limited to. Right the hell. Right. Uh, and then the last one is amazon dot com gift card, an electronic message, customization service terms. That’s what you get in this page. So I started to read it and I don’t, you know, once I started doing something stupid like that I just keep going. So um, for starts off welcome to amazon dot com. Amazon dot com services LLC and or its affiliates amazon provide amazon in quotes, provide website features and other products and services to you when you visit or shop at amazon dot com. Use amazon products or services. Use amazon applications for mobile or use software provided by amazon in conjunction or connection with any of the foregoing collectively amazon services in quotes by using the amazon services you agree on so called and all members of your household. So that means if I’m using amazon stuff, the way I read this is I’m agreeing to the same things for my wife. Mhm. My kids. Yeah, I was in my household grandma’s living with me grandma. Just bring these terms too. Right. And it doesn’t say head of household either. It just says you and all members of your household. Yeah. God,

[00:09:37] Brad Nigh: the best. Well, not the best, but the thing I like is at the end or hidden in there in addition to other limitation and exclusion conditions of use our total liability, whether in contract warranty, tort, including negligence or otherwise, will not exceed the last membership fee you paid. So there’s the same, you know what we’ll refund you your membership fee regardless of what we did to you. Right.

[00:10:05] Evan Francen: Well, and that’s that’s the opening paragraph of these conditions of use and then in a big hole. Mhm. Writing please read these conditions carefully. Mhm. Yeah,

[00:10:17] Brad Nigh: I’m looking at the other side that we’re going to talk about here in a second. It was

[00:10:21] Evan Francen: out at the bottom. Yeah, I’m excited about that one. What I think what I want to do first is just paint how using this stuff can be. And then what what’s a simple place where I can go as a consumer to break this down. And that’s the link that you’re we’re gonna talk about after we get through this. But so it says please read these conditions carefully. And then it’s a whole bunch of blah blah blah blah blah. And then you’ve got headings of privacy, electronic communications, copyright, trademarks, patents, licensing likes us, your account, reviews, comments, communications and other content, intellectual property complaints, risk of loss returns, refunds entitled product descriptions, pricing, app permissions, sanctions and export policy, other businesses. And then you have the disclaimer of warranties and limitation of liability disputes, applicable law, site policies, modification, severability. Their address, which is a P. O. Box, so not really. Right. An additional software amazon software terms because we didn’t put it in somewhere else. Mhm. How to serve a subpoena or other legal process. Okay. And then notice, notice a procedure for making claims of intellectual property regiment. That’s all in this one document. Yeah. And it doesn’t get any easier. Right if you read the doctor any of the stuff under any of these um headings, man. It’s atomic crap. Yeah. So quicken their non exhaustive list of amazon trademarks. Look at that page,

[00:12:13] Brad Nigh: is it? Let’s see, yeah. Where, Where is that 1?

[00:12:19] Evan Francen: Okay, so if you go

[00:12:21] Brad Nigh: on this is exactly it. Right,

[00:12:23] Evan Francen: right. On the conditions of use page, if you scroll down to trademarks, there’s click here to see the non exhaustive list of amazon trademarks.

[00:12:34] Brad Nigh: All right. I’m on the wrong flight. God, that

[00:12:39] Evan Francen: one way I can so I can shut down here. I feel it.

[00:12:43] Brad Nigh: Yeah, because I’m

[00:12:44] Evan Francen: much on people’s face, which is good. Nobody wants to see my face anyway, so let’s go into here.

[00:12:51] Brad Nigh: Yeah. Right. Uh Yeah, so I real quick I just through their terms of service into readable calm. And is it a D. With a great level of 12.5,

[00:13:07] Evan Francen: I think you got the big 12.5. I know Lots of high schoolers that, but not understand any of this. I don’t understand it. I’m 50

[00:13:18] Brad Nigh: that education just being able to read it. Not not understand it there. That would be the difference there.

[00:13:24] Evan Francen: Yeah, I suppose after you read it. Yeah, I get the word I c I can pronounce pronounce the words you see

[00:13:32] Brad Nigh: with them. Uh huh.

[00:13:37] Evan Francen: Mm measure

[00:13:39] Brad Nigh: correctly and I’ll see it.

[00:13:42] Evan Francen: That’s probably not using zooms terms of condition correctly. Uh huh. No, I gotta click start broadcast. That’s why. Alright, here we go. You know, sharing your screen. All right. She

[00:14:00] Brad Nigh: Okay, yep,

[00:14:02] Evan Francen: there’s our conditions of use and then. Right here trademarks. Right, so you see the non existent with a list of amazon trademarks like oh my gosh, on and on and on and on. That’s why I’m going to ace yet. There’s bees. She’s the trademark F. B. A boost Felix fox film finder’s find treated french deluxe. The trademark french locks I think coffee ab camp happy belly hawk traitor. And they don’t. No way are they trademarks? They’re used on their site somewhere. It says in addition, graphics logos, pete headers, button icon scripts and service names included in made available through any amazon service are trademarks or trade dress of amazon in the US. So these are their trademark. Well, the trademark leather architect list of bests will a Macy mad dogs nectar the trademark Neo. Yeah, they trademarked prime red wagon.

[00:15:27] Brad Nigh: The conditions. Yeah, I pulled up their conditions of use and threw it in there and in the flesh, concave grade level, it’s college level. Yeah, at least.

[00:15:40] Evan Francen: Alright, so that’s their list of three marks. Let’s go back to ah patents. Oh my god, website will look like, let’s check, check it out. Oh it’s on a page. That’s not bad. I don’t know. It looks like maybe probably at 12345, 10, maybe 90 patents they’re listed.

[00:16:08] Brad Nigh: Uh That feels seems about right.

[00:16:11] Evan Francen: Yeah, we’re not looking at amateur uh mike uh IBM List of of pens.

[00:16:17] Brad Nigh: Yeah,

[00:16:19] Evan Francen: the patent freaking everything uh that’s your account. Mhm. So that’s that if you understand any of that, right? That and that’s okay fine. It’s more like uh you know whatever you stuff, this stuff doesn’t really bother me that much. Just had a baffling how big they actually are. It’s not, I mean I know they’re a huge company but also like you must have a legal team the size of like when the population of South Dakota.

[00:16:55] Brad Nigh: Right by the way, your your ads are still

[00:16:58] Evan Francen: broadcasting. That’s all mike I don’t care about either. So you can see that I was on United Airlines. Yeah. I get it. I want to go to uh go back here or here go here. I want to go to this other one to privacy notices. This is the part that that was really interesting film. The privacy notice. And they say if I didn’t read any any of these, I guess, you know, reading the conditions of use is sort of cool I guess. Mhm. But the privacy stuff, you know like what types of information do they collect about me? Where do they use? Where do they get it? You know, they don’t go into any real detail. They just give you like general stuff. Yeah. I think they’re so big that who’s going to fight him? Right? You can the state of say the state of California says that you’re in violation of C. C. P. A. In these sections or whatever, they’ll never get through it. Right what I mean? Yeah. Oh my gosh. What personal information about customers does amazon collect? Well they’ve got information you give us automatically and this goes back, remember when we did that uh podcast about this privacy? Do you have a right to privacy? And people debate? Yeah I have a right to privacy. It’s like okay you may have it. You actually have it because saying you have it and legally you know right right. Are you you know did somebody just take it from you and you look at this stuff you know and just in amazon and I can’t imagine you know if you look at amazon Microsoft twitter facebook, you looked at linked in all these places where you’re sharing information. You realize you have no privacy. No.

[00:18:57] Brad Nigh: Yeah. Yeah. And same thing with their privacy notice college level reading You know averages seven areas grades I think 12 13 14 year olds.

[00:19:09] Evan Francen: So who who would ever do you think that’s like um let’s say the F. D. C. Do you think they could force amazon to write this in a way that the average. Right. So you mean that the average reading level of amazon customers which you know maybe it’s ninth grade for eighth grade? Yeah. How how did you possibly hold them accountable? There’s something that they don’t understand?

[00:19:40] Brad Nigh: Ah I agree but honestly we preach this with uh security policies as well. You read some of those and it’s the exact convenience college level document and that. How are people going to understand it? And I have to double check but we made our acceptable use template at late. I think it was 9th or 10th grade.

[00:20:04] Evan Francen: What? That’s the side you’re referring to if our listeners wanted to take their own policies, run them through, Is there a site that you’re

[00:20:14] Brad Nigh: uh Yeah, you can do you see, I’ll throw it in the chat and you can include it in the notes. Okay, readability formulas dot com. And then you can drop grab it in there and it shows all the different reading the score and then all the different versions of our region. And

[00:20:40] Evan Francen: next I think that’s really important like because if I am writing a policy, it’s not that and the way I’ve always used policies in my own work is I don’t expect anybody to ever read them. But what I do is people to reference them. The reference documents. Right. Mm. And so if amazon was going the same way about this policy stuff, it’s obvious that they’re not, maybe they’re writing it as a reference document because they do have headings, you know, and I can find stuff. But um yeah, I don’t I don’t understand what they’re actually seeing here.

[00:21:15] Brad Nigh: Well and there’s a huge difference in these terms of service and a security policy because with the security policy you still have a resource to go to to explain it, right? That there should be somebody who understands it. So if you look at it and don’t understand it, you you have a resource amazon, you’re just agreeing to it with no way of understanding it.

[00:21:38] Evan Francen: Right? And what about like, let’s say Microsoft or amazon? You know, they’re almost so big that you can’t avoid not using them, right? Yeah. There’s no there’s no way I cannot use a Microsoft product somewhere in my like. Mhm. Apple is playing. Yeah. You’re almost forcing me when you are forcing me. I have no option. I must have this which whatever you put in here. I don’t know. Um I guess I’m glad the lawyers fight it out. I mean, if you have an opposing counsel that wants to stand up to the team of amazon hell, I should go back and see if you know, because amazon does have their list of group of companies. I wonder if they have a group that’s called amazon? No, they don’t. I don’t have their subsidiaries listed. They did. I wonder if there’s like an amazon legal incorporated? They’ve got their own, you know, law firm.

[00:22:44] Brad Nigh: Yeah. I don’t know

[00:22:48] Evan Francen: charlie. What’s that?

[00:22:50] Brad Nigh: It’s a subsidiary that doesn’t actually have any. If you lose, that doesn’t hurt company profits,

[00:22:58] Evan Francen: man. Yeah. I mean they’re so insulated from anything that you and I could ever do. I mean your power, this is a consumer, I think unless you can somehow lobby, you know, a government entity to stand up to them. But amazon’s got lobbyists, right? Yeah. So it’s you against the lobbyists? Yeah. Forget about it. Uh And it’s not just amazon we’re picking on amazon right now because this is the email I got. But I think the same thing would apply to just about any large tech company today.

[00:23:33] Brad Nigh: I would say anything that you click the terms of service that you have to agree to. I would assume that this is the case. Yeah. And you’re probably gonna be safe one of the few times you can safely assume something.

[00:23:45] Evan Francen: Yeah. The information that amazon what what personal information about customers does? Amazon collects four types 3 types information you give us willingly or unwillingly or knowingly or unknowingly Automatic information which is stuff they get from their 3rd parties and interaction with their stuff and things. And then actually automatic information like their cookies stuff like when I track you and where you’re going and how are using product everywhere and information from other sources. So that’s where they get the information. Uh For what purposes. Well this is what they say purpose and delivery of products and services provides troubleshooting to improve amazon services, recommendations and personalization. Which is basically so you’re more crab provide voice always crap. You don’t need to by the way provide voice image and camera services comply with legal obligations, communicate with you advertising which seems a lot like recommendations and personalization and fraud prevention and credit risks. So that’s why for those purposes you know. Okay what about cookies and other identified a whole bunch of stuff there does amazon share your personal information. They do. Uh huh. Mhm. Yeah they should transactions involving third parties third party service providers, business transfers which seems kind of funky and protection the amazon and others. That’s when they release information or share information with others. So amazon. Yeah. And then we’ll collect your information. But if they need to share your information to protect amazon they really do that. Mhm yep. So anything to protect amazons behind how secure is information about me? This is a part that sort of talk to me because I’m more concerned about amazon the name about an attacker with my information. Truthful.

[00:25:57] Brad Nigh: I mean we’ve seen it with some of these recent attacks. Where is the most value? Where’s the data? Right. You want to attack 500,000 individuals or one place that has that information? Well right.

[00:26:13] Evan Francen: Yeah. So we protect it. So this is what they say. We work to protect the security of your personal information during transmission by using encryption protocols and software. We follow the payment card industry data security standard when handling credit card data to maintain physical electronic and procedural safeguards in connection with the collection storage and disclosure of customer personal information. Our security procedures mean. And we may ask you to verify your identity before we disclose personal information to. You may ask better. Damn well asked

[00:26:47] Brad Nigh: I don’t like encryption protocols. What are they using? Like triple days Like what protocol?

[00:26:54] Evan Francen: Well they probably have good stuff but yeah but they leave it open ended. Yeah

[00:26:58] Brad Nigh: at least but industry accepted at least then I have a good feeling of what what they’re using

[00:27:05] Evan Francen: you think well there’s no that stuff come on they copied in pieces with somebody else you know? Yeah. Oh

[00:27:13] Brad Nigh: it does happen. Yeah

[00:27:16] Evan Francen: our devices offer security features protect them against unauthorized access and loss of data. He can control these features and figure them based on your needs click here for more information on how to manage the security settings of your device I. E. Sidewalk when it’s enabled by default. Mhm.

[00:27:34] Brad Nigh: And you get like seven days to disable it. Right?

[00:27:39] Evan Francen: Yeah. Now last Ballpoint under house security information is important for you to protect against unauthorized access to your password and to your computers devices and applications. We recommend using a unique password for your amazon account that is not used for other online accounts. Be sure to sign off when finished using a shared computer, click here for more information of how to sign off. That’s all you get for how security information about me in this privacy. Uh huh. Notice that risk. Yeah.

[00:28:13] Brad Nigh: So I can’t wait for you to go to the other site

[00:28:16] Evan Francen: and you know

[00:28:17] Brad Nigh: it’s like whoa okay

[00:28:20] Evan Francen: well this is some of the other I’ll go through the rest of this pretty quickly and then we’ll jump over to that. So what about advertising? A whole bunch of stuff listed there about advertising, What information can I access, ideally you’d be able to access every bit of information and you sort of can. But here there’s only limited number of things that you can access, I think probably through their front end. Mhm. What choices do I have? And they give you a list of choices? But essentially if you want to use amazon services, you don’t have any of this. Just take all those words. I’m just say you don’t have any. Yeah. Are Children allowed to use amazon services such as amazon does not sell products or purchased by Children. We sell Children’s products were purchased by adults. You’re under 18, you may use Amazon services only with the involvement of a parent or Guardian. We do not knowingly collect Knowingly being the key word, collect personal personal information from Children under the age of 13 of the consent of the child’s parent or guardian. So this is the way you work that knowingly is a keyword. And the second piece there is without the consent. The child’s parent or guardian hidden in somewhere and all these agreements and various other things.

[00:29:38] Brad Nigh: Right, Well, you we mentioned it, I agreed to, this includes your family.

[00:29:44] Evan Francen: There you go. So higher household. Yeah. Alright, California. Consumer privacy actually haven’t section here, but all they have is a sentence and then click on the link to read about disclosures required there. EU and swiss us privacy shield remarks are listed here. No G D P R uh practices and information a whole bunch of stuff there. But this is where I thought was information. So I’m gonna read through this quick and then we’ll get to the thing because I think when you realize how much information they actually collect about you, it’s what what did they miss? Right? So here here’s what we got information you give to us. You give us when you use amazon services, uh you provide information to us when you search or shop for products or services in our stores. When you add or remove an item from your cart or place an order through uh or use amazon services when you download stream view or use content on the device or through a service or application on a device. When you provide information in your account, you might have more than one if you’ve used more than one email address from mobile number when shopping with us or your profile when you talk to or otherwise interact with our Alexa voice service when you upload your context. Uh Configure your settings on provide data access permissions or we’re interact with an amazon device for service. When you provide information in your seller account. Kindle direct publishing account, developer or any other account we make available that allows you develop or offer software goods or services damage on customers when you offer your products and services on or through amazon services when you communicate with us by phone, email or otherwise. When you complete a questionnaire, you support again contest entry form when you upload our screen images, videos or other files to prime photos, amazon drive or other amazon services when you use our services such as prime video. When you compile playlist, watch those wish lists or other gift registries when you participate in discussion boards. Other community features when you provide and rape reviews, when you specify a special occasion reminder or new employer employee product availability alerts such as available to order notifications. That’s how we get information from you.

[00:32:22] Brad Nigh: Right to be clear. This isn’t just amazon, this is going to be anywhere and you’ll see that you know like you said we’re not taking on amazon. It just happened to be the one that popped up. This is

[00:32:35] Evan Francen: she entered No. This is what goes back to my point when I say you have no privacy. Yeah. So then it says as a result of those actions, you might supply us with such information as name at identifying information such as your name, address and phone numbers. Amen information, your age, your location information, your I. P address, people addresses and phone numbers listed in your addresses, email addresses of your friends and other people, content or reviews and emails to us, personal description and photograph in your profile meaning, pictures of you and things such as that voice recordings when you speak to Alexis. Now you’ve got voice patterns about me, images and videos collected or stored in connection with amazon services information and documents regarding identity including social security and driver’s license numbers, corporate and financial information, credit history information and vice log files and configurations including credentials. You choose to you automatically synchronize them with your other amazon devices. That is the information amazon has. Yeah. Out of you essentially. What did you miss? D. N. A. Is that in there yet?

[00:33:58] Brad Nigh: Yeah. What did they collect? Yes, exactly. Yeah.

[00:34:03] Evan Francen: So they haven’t got my D. N. A. Happened. Trust me they’re working on it. Uh an automatic information. So this is examples. So that’s just information you gave them. Right are they you as you giving them information that they collect and analyze automatically meaning using their things where they get it in a protocol address used to connect your computer to the internet, log in email address and password. The location of your device or computer content interaction information such as content, download, streams, playback details including duration and number of simultaneous streams and downloads and network details for streaming and download quality. Including information about your internet service provider device metrics such as when it devices and use application usage, connectivity data in many years or event failures amazon services metrics. Examples the currencies of technical errors, your interactions and features and content. You’re selling settings, preferences and backup information, location of your device running an application information about uploaded images and files such as file named dates, times and location of your images version and time zone settings purchasing content use history which we sometimes aggregate a similar information from other customers to create features like top sellers. The full U. R. L. Extreme to through and from our websites including date and time products and content reviewed or search for page response times, download errors, length of visits to certain pages and page interaction information. So just going clicks and mouse overs. Phone numbers used to call our customer service number and images or videos when you shop in our stores or stores using amazon services.

[00:35:54] Brad Nigh: Yeah. Yes.

[00:35:56] Evan Francen: Right. And that’s only two ways. Right. We’ve also got the information from other sources. Um I mean it’s all there right now. People people probably yeah thought this anyway. But when you actually read through the list of all these things, it really starts to hit home like oh my God you have everything. Mhm. You own you. Basic amazon basically owns me owns you. No. So crazy. Crazy man. All right. So I just want to bring that out. I don’t know what we do about it. Be honest. I think we’re so deep in this whole right now. Yeah. I don’t really know how to get out of it, but here’s I’m going to bring up very for our listeners. Right. So basically I mean, I think we just kind of painted the picture that you’re screwed. I don’t know, did we?

[00:36:59] Brad Nigh: I think, yeah, I think so. Right. There’s a way you can make it a little easier,

[00:37:06] Evan Francen: a little easier to understand how you’re being scooped. Right? So, uh, yeah, here’s a page now. Uh, people that are that listen or see it on youtube, you can see what I’m showing on the screen. But um, there’s a cool website that brad brought to bear its https Poland slash slash p O S D R dot org. Yeah.

[00:37:32] Brad Nigh: For, for terms of service didn’t read. Yeah,

[00:37:36] Evan Francen: this is really, really cool. This person I saw it, you know, when you bring it up to me. Yes. You money with them in the search and breaks it down nicely for us

[00:37:48] Brad Nigh: and it shows the different services to and so great. A best terms of service treat you fairly. The terms of service are fair, but user could be our towards the user but could be improved. Red Sea is, they’re okay. But some issues you need to consider brady terms of service are very uneven or they’re important issues that need your attention and a great E is in terms of service raise very serious concerns

[00:38:12] Evan Francen: help. So amazon itself gets a grade e amazon AWS E and amazon prime video gets a D. So nothing in amazon is created force the consumer. It’s all like,

[00:38:26] Brad Nigh: which if you click on amazon uh there like the logo. It will take you to the page and then if you hover over it. I mean it brings it down into uh, you know, human understandable language, but if you click over it it’ll actually show you the, the exact language within the terms of service

[00:38:47] Evan Francen: which when I do it on an ipad,

[00:38:49] Brad Nigh: it took me.

[00:38:51] Evan Francen: But it uh yeah, I mean this is a great, I’m going to spend time here. I think it’s really interesting now. Uh it’s kind of, this is an unbiased sort of review of the documentation without me having to read the entire documentation, yep.

[00:39:10] Brad Nigh: Yeah. And you know, it’s funny if you put in, put in, you know the major browsers. So we’ve got chrome and idiot dogs are

[00:39:19] Evan Francen: amazing.

[00:39:20] Brad Nigh: They’re protecting me from that. Horribly mean ups draft. Um Right. Uh I’ve been in like Chrome and Firefox and Brave and yeah. Mm Yeah, I took that first secured to but uh oh internet work though. Yeah, the the big ones score poorly. Firefox and Brave. Both score A B. No, yeah, things to keep in mind within your browsing.

[00:39:56] Evan Francen: Yeah, zooms courses. Yeah. What about twitter? Yeah, he still read uh I’ll link in Lincoln’s on my maximum now. Right.

[00:40:12] Brad Nigh: Uh Exactly. I would stop their own terms.

[00:40:15] Evan Francen: Any of the big tech, Not great any what’s that does any of the big tech not grade and eat

[00:40:23] Brad Nigh: what? Oh I believe. Well

[00:40:27] Evan Francen: IBM doesn’t have agreed

[00:40:31] Brad Nigh: Mozilla dot org. It has A B.

[00:40:36] Evan Francen: Subscribe to D.

[00:40:39] Brad Nigh: So let me why don’t I share my screen second show what I was talking about with the click over. All right. Yes. All right.

[00:40:54] Evan Francen: Yeah. And find my zoom.

[00:41:02] Brad Nigh: So here we go. So when you look at it, you know your day that whether you have an account or not so are over it and it actually shows and explains exactly what they’re doing. Yeah, deleted content. Not really deleted it is here and I’m not proud. You can review off facebook activities, but facebook can view your browser history.

[00:41:33] Evan Francen: Yeah,

[00:41:34] Brad Nigh: but your identity is used in ads that are shown to other users.

[00:41:40] Evan Francen: Oh, this this place in terms of service didn’t read. Yeah. I love the, love their mission for their quote at the top. I have read the I’ve read and agree to the terms. End quote. It’s the biggest is the biggest eye on the web. Yeah, we fix that

[00:41:58] Brad Nigh: this here. So it lays out differently on my screen than your I’ve had did. But uh, if you look there are a couple here Wikipedia gets to be that’s pretty good Doctor to say. That’s fantastic. Um Start page is A B and that’s about it. Everything else is pretty much an e interest. Apol Blizzard Khan Academy which surprised

[00:42:25] Evan Francen: even have porn hub on here.

[00:42:27] Brad Nigh: Youtube talking credit. You know, if nothing else. Maybe it’s a good thing. Good idea to kind of understand what services you’re using and what then then what services are out there. What are the options? And when does it work? Like they said, I use either uh, these duck duck go or start page and then Firefox or Brave Now does that at the end of the day. Does it matter if they’re doing all this other stuff? Maybe? Maybe not. But you know it do what you can,

[00:43:04] Evan Francen: you know when there’s so much. Well, I think a lot of people don’t realize how much power there is an information.

[00:43:10] Brad Nigh: Oh, that’s where they make their money.

[00:43:13] Evan Francen: How much? Yeah. But it’s a, I mean as a consumer is just like an everyday person like they give you this drug, right? The blinky light game, the, the interaction, the video, whatever they give you that really resonates with you. And then they just, I mean my God, it feels like we’re being rape.

[00:43:42] Brad Nigh: Well, and that’s why you know, the other thing is install something like privacy badger, right? It’s gonna block whose tracking pixels that are all over the place and at least give you a little bit of control over your privacy again.

[00:43:58] Evan Francen: Yeah. Mom and a bookmark this page for sure. Use it often. I quickly about us. Really interesting people I think, you know, you can follow him maybe interact with its got time. Um, you know we’re doing, I was talking earlier today with a friend of mine Can be starting a nonprofit and I told you about the Great Matter society will start that one in earnest. Right? It’s, it’s moving, it’s moving slowly. Nobody’s got enough time because everybody’s busy as hell. But whenever They retire, which is now, uh, 700 move on there 707 days it will probably be devoting most of my time to that. Hopefully we can bring these things together. You know, these pieces like what, what these guys in terms of service didn’t read what they’re doing and some of the other really cool nonprofit like take cybercrime support network, you know, christian josh, he’s doing over there and it’s gonna bring these things together because I think if you get these things together, maybe we can affect some change. Yeah. The only way we’re ever gonna get your privacy back is to change it, meaning you have to change whatever characteristics about you that you can change right. You won’t be able to change your DNA will change your facial structure without, you know, serious money, your fingerprints, stuff like that. But we can change things like social security numbers, Travis license numbers, uh, you know, and the lake. So pain in the butt man. Yeah. Again, if you missed it, listeners pos D R dot org someplace to go. It’s really interesting stuff. We also have some additional links that were put in the show notes. People can hopefully find some useful stuff. They’re kind of an eye opener. Yes. Well, being that we spend so much time there was going to go through these other two, Like pretty quickly, you’ve got probably more to share on the Pegasus stuff. But you gotta, I’ll bring up one article in particular, won’t bring it up on the, on the screen here. But I first thought in the Guardian and it was because what’s his face, who’s uh Snowden? Snowden posted on week then are not linked in on twitter sunday. This is gonna be the biggest news story of the year. And it was a link to the Guardian. The title is revealed, colon leak, undercover leak uncovers global abuse of cyber surveillance weapon is called Pegasus. Not surprising, but I’m definitely troubling, man. Well, I mean, yeah, privacy, right? No privacy with all this stuff. And then you get your own government. Well,

[00:46:51] Brad Nigh: if you don’t know if you saw that, there was some updates that I was reading earlier today that uh let me see, there was like Prime ministers, ah was 14 Heads of State. So three presidents and prime ministers and a king. So you’ve got the President of France Iraq and South Africa. And then the Prime Minister’s that our current of Pakistan Egypt and Morocco. And then the king of Morocco and easier. I mean, if you are that Guardian article as a thing about the freelance mexican reporter 60 leo in yet. Uh so I apologize if I watch that. Right?

[00:47:39] Evan Francen: I mean it’s

[00:47:40] Brad Nigh: terrifying, right? Yeah, he’s dead. He apparently was of interest to a mexican client in the weeks leading up to his murder. And the killers were able to locate him at a car wash coincidence. Maybe not like me. You know the amount of was the other thing that I think that this close up is the whole encryption backdoor. They don’t they clearly don’t need it. All it’s doing is weakening again our privacy and our security. So they already clearly already have the ability they got android and IOS what what else do you need? Like you’ve got the software just you don’t get to weaken my protections already ruin. That’s over.

[00:48:32] Evan Francen: Right. And so this is hacking essentially hacking software sold by the company called the NSO group. Right? Which is an Israeli company. They claim that they only sell to legitimate mara vetted government bodies. But how the hell? Who is that?

[00:48:51] Brad Nigh: Well and none of it, but users agreed to not only use it for specific purposes. Uh Great wink wink.

[00:49:00] Evan Francen: It’s insane man. So who they sell it to 51% the intelligence agencies, 38% of law enforcement agencies and 11% of the military. Ah yeah, this is just the expanse of it. And you’re right man that the mexican mexican client. Well who runs Mexico? The cartels run Mexico. Mhm. You know, maybe you could say, well the president. Okay. Sure. Right. But it’s crazy man. The attack vectors. Sms. WhatsApp. I message any number of God knows how many unknown vulnerabilities those the attack vectors. Once it gets there, things that can read malls. What type WhatsApp chats. If you thought that was a secure app, photos and videos, activate the microphone remotely. So while you’re not you don’t even know it’s being turned on and they’re listening to everything you’re saying, activating the camera, recording phone calls. Gps, data, calendar, context book, you name it right? It’s rooted.

[00:50:08] Brad Nigh: You know what bananas is? A factory reset doesn’t appear to get rid of it on at least some android phones. But the recommendation is until we know more. If you find out you’ve been affected. Get a new phone.

[00:50:26] Evan Francen: Yeah. Yeah. one. And how long was that 1? You know like the true right. Just being targeted that get you right, there was just only do anyway. But when it’s like right in front of you like this.

[00:50:44] Brad Nigh: Yeah. There was a Oh I’m trying to find it now. That was really cool. Think you could actually install to see if it was affected.

[00:50:56] Evan Francen: Mm. Uh We’ll work around it.

[00:51:01] Brad Nigh: Yeah. Yeah. I’ll put this in there. Well it’s not the analysis. You can if you are concerned, you can actually at least find out.

[00:51:15] Evan Francen: Yeah. Find out if you’re going to die next week. Yeah. Give credit to, Does it? I think 16 is a 16 journalists. They’re working on exposing this more 16. Okay, Uh investigation. My Guardian and 16 other media organizations. Yeah. You gotta have some serious uh gumption. Yeah, be going here because you’re talking about some pretty shady, very powerful people,

[00:51:50] Brad Nigh: yep. Yeah. You know, it’s always I just uh a link on how to uh well if your phone is affected but it’s amnesty international that’s putting out these indicators of compromise and kind of running this, which is, makes me feel at least a little bit better about, you know, is calling and testing to a lot of stuff.

[00:52:11] Evan Francen: Well, it’s good there. Yeah, I mean, I’m not, I’m not like a I’m not like tighten any, I always healthy uh skepticism I think about everybody, you know. But this speaks very highly of amnesty ah

[00:52:30] Brad Nigh: which they got to be on usd are so there you

[00:52:36] Evan Francen: go. He’s not been true. So really interesting. It will be interesting to follow that as it continues and see what the reaction is going to be, what’s going to happen.

[00:52:48] Brad Nigh: Yeah. All out on this.

[00:52:52] Evan Francen: Why? Because you know that the United States is multiple, you know, agencies and or multiple agencies prefer and the military, our customers.

[00:53:04] Brad Nigh: Mhm. Oh, 100%.

[00:53:06] Evan Francen: So the crackdown on themselves.

[00:53:10] Brad Nigh: I know it’s nuts.

[00:53:15] Evan Francen: So that’s gonna be uh yeah, will be a movie for sure and some other things, but it’s sad to that. And then the only way to really protect yourself at all your text and even then you know, whatever. But you can’t really get away from tech anywhere. Get away from my home. I can’t get away from it on the streets. There’s camera surveillance everywhere. There’s God knows I’m an electronic signals doing what, you know when I set up just a simple um, hello wireless. Uh, the band isn’t working today. It is man, I set up a set up a simple kid on a, on a raspberry pi. I live in a small town main street. I caught like 30,000 signals but then like week just different communications going on, whether it be weakening or what have you crazy. Alright. So that’s that keep keep a look out for that. We could cover that for days. But that’s uh, interesting. The other one, the last one that we’re at this thing up us invites members of the chinese backed hacking group MPT 40. I quoted that one from bleeping computer dot com but it’s all over the news essentially. Uh, we’ve indicted some hackers from china for their chinese. Everything is chinese government. So you think that there’s a private company and private entity in china? Mm No, no. And a man you say their names but interesting pictures that I have a picture of king green men that have a picture of him but they are being usually italian and wolf the wrong and zoo in men.

[00:55:11] Brad Nigh: Yeah. What, what I think is

[00:55:13] Evan Francen: looking folks

[00:55:14] Brad Nigh: big about this is the fact that they named him right like there. This is definitely an escalation in cybersecurity.

[00:55:26] Evan Francen: Yeah, for sure. And yeah, because you don’t I don’t recall. I’m sure not nothing. I thought my head uh resonates when china has called out a U. S. Analysts by the name of it that they may do things now. They do do things quite a bit different. Ah Yeah, you should see what comes with that too. And I wonder if china you talk about the customers of you know the NSO group. I want to china is also a customer. No, I’m sure. Well, but Nso is an Israeli company. Mhm mm. Yeah, that I would think that enemies of Israel made, there’s anything that comes out of Israel to is pretty tightly controlled.

[00:56:20] Brad Nigh: Yeah. Really interesting because if you the Guardian is gonna send it, if you read it that they’re going to start uh linking and naming the people and they started naming some of them. So and and it shows who the country of interest was. So that’s going to get that’ll be fun.

[00:56:43] Evan Francen: We’ll be your son. All right. Well, good stuff uh will turn out yet, but I’ll get them hopefully I can’t do it tomorrow tonight because I got have to talks to give tomorrow and I haven’t even started yet. Uh Yeah, but we’ll post the show notes here, Evan francine dot com will be an episode 1 40 show notes when I get those things. Family posted. We’ll talk, we’ll outline. We’ll have all the links to the things that we talked about in today’s show. Uh And if you have things that you’d like to add, like if you found a good resources, do you think other people would benefit from related to any of the stuff we talked about? Ah you know, today in today’s show? You know, send it our way 5%. Are you ready? Um

[00:57:33] Brad Nigh: You know, I’m gonna give a shout out to the exact because he’s been going on and stuff and he’s still man. He makes me smile. Just such a great attitude. It’s very, it’s nice to yeah, it makes you feel better as a parent.

[00:57:48] Evan Francen: That’s cool. That’s cool. I’m gonna get, this is a person who is never going to listen to podcast. Probably. I’m gonna get a shout out to Rudy. Rudy was our house, our house manager down in Mexico this week and we had a really good conversation. I’m one of those guys where I don’t, I’d like to know everybody, you know, there’s not like this. Uh I’m better than you think so. Getting to know Rudy was a lot of fun this week. He’s a hell of a worker works two jobs. Mm I got to give it to every mexican that I met down there has a really incredible work ethic. You know, there’s no, there’s no welfare, anything down there.

[00:58:34] Brad Nigh: So it’s if you want to eat you work. That was cool.

[00:58:37] Evan Francen: So I like Rudy and I’m looking forward to getting to know him more remedios now. Mhm. All right, well thank you to our listeners. Thank you brad again man. Good conversation to see your face. It’s good to see your health yet. Didn’t catch any drama out of your yeah, this past week. So knock on wood. Let’s keep that going

[00:58:57] Brad Nigh: brother.

[00:58:59] Evan Francen: Uh, if you have something you’d like to tell us. This is for the listeners. Feel free to email the show at un security. Pro com mail dot com. Your social social people twitter. I’m @EvanFrancen. It’s just my name and that is @BradNigh, it’s just his name. The companies we work for. If you want to learn more@FRSecure. Got a brand new website, check it out @StudioSecurity is uh, the other place. So that’s it. Have a great week. Talk to you later.