Privacy Please

S7, E269 - You're the Teacher Now: How Companies Are Using Your Data to Build AI That Replaces You

Send us Fan Mail [https://www.buzzsprout.com/622234/fan_mail/new] You already knew you were the product. But did you know you're also the teacher? Companies are quietly feeding your emails, your work decisions, your customer interactions, and your daily patterns into AI systems — systems designed to automate exactly what you do. And most people have no idea it's happening. In this episode of Privacy Please, we break down how it works, who's doing it, why your right to delete your own data is functionally broken in the AI era, and what you can actually do about it. What we cover: * How "function creep" turns your data into AI training fuel without new consent * The GitHub policy change that's happening right now — and how to opt out * Why employees at Amazon, Google, and JPMorgan described training AI as "building your own coffin." * The deletion problem — why you can't remove yourself from a trained model * Practical steps to audit your tools and protect yourself today Links: * GitHub opt-out: github.com/settings/copilot/features * Khan v. Figma lawsuit: rainintelligence.com * FTC on AI data practices: ftc.gov * Check your state privacy rights: iapp.org/resources/article/us-state-privacy-legislation-tracker * Delete old posts: redact.dev Privacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen Support the show [https://www.buzzsprout.com/622234/support]

S7, E268 - AI Can Unmask Your Anonymous Account for $4 | Here's How

Send us Fan Mail [https://www.buzzsprout.com/622234/fan_mail/new] Your anonymous account isn't anonymous anymore. Researchers just proved it costs $4 to find out who you are. In February 2026, a team from ETH Zurich and Anthropic published a paper that quietly ended the era of practical online anonymity. Their AI pipeline, using nothing but your posts, comments, and forum activity, correctly identified 67% of pseudonymous users from a pool of 89,000 candidates. No name. No photo. No metadata. Just your words. This episode breaks down exactly how it works, why it's different from every deanonymization scare before it, who's most at risk, and what you can actually do about it. In this episode: * How the ESRC pipeline (Extract, Search, Reason, Calibrate) works * Why previous anonymity attacks required structured data, and this one doesn't * Why commercial AI safety guardrails didn't stop it * What "practical obscurity" meant, and why it's gone * Concrete steps to reduce your exposure today Links: * Research paper: arxiv.org/abs/2602.16800 * Delete your Reddit history: redact.dev * Tor Project: torproject.org * Signal: signal.org Privacy Please is part of The Problem Lounge network. 🌐 theproblemlounge.com 🎙️ Subscribe on Apple Podcasts, Spotify, or wherever you listen Support the show [https://www.buzzsprout.com/622234/support]

S7, E267 - Your SOC 2 Won't Save You: Here's What Will with Girish Redekar, co-founder & CEO Sprinto

Send us Fan Mail [https://www.buzzsprout.com/622234/fan_mail/new] Cameron and Gabe sit down with Girish Redekar, co-founder and CEO of Sprinto, to pull back the curtain on one of the most misunderstood areas of security: compliance. Girish built his first startup, RecruiterBox, to 3,500 customers before selling it, and it was the painful, expensive, duct-taped compliance process he experienced firsthand that sparked the idea for Sprinto. Today, Sprinto helps companies move beyond point-in-time audits into something far more valuable: continuous, autonomous trust. In this episode, we dig into: * Why passing a SOC 2 or ISO 27001 audit doesn't mean you're actually secure * The three stages of compliance maturity — and how to climb them * What "compliance debt" is and why it's quietly eating your business * How smart CISOs use their security posture as a revenue driver, not a back-office cost center * The "$100/month" challenge: what actually moves the needle for startups * How AI is reshaping compliance programs — for better or worse * Why Girish spent over a year talking to customers before writing a single line of code Plus: the "sell more jeans" framework every CISO should know, Rich Hickey, The Mom Test, and the toilet paper question. 🔗 Find Sprinto at sprinto.com [https://sprinto.com]  Support the show [https://www.buzzsprout.com/622234/support]

S7, E266 - Good Boy, Bad Data

Send us Fan Mail [https://www.buzzsprout.com/622234/fan_mail/new] How a Super Bowl dog commercial accidentally revealed America's surveillance infrastructure A family loses their dog. Ring runs a Super Bowl ad. America collectively goes "wait… what?" This week, we're digging into Ring's "Search Party" feature, the AI-powered doorbell camera tool that lit up millions of living rooms during the big game and immediately made privacy experts lose their minds. Because what looked like a heartwarming story about finding your lost lab was actually a live demonstration of a nationwide networked surveillance system most people didn't know they were part of. We follow the trail from the commercial to the backlash, from a secret police surveillance partnership that quietly got canceled mid-chaos, to an 84-year-old woman's "deleted" doorbell footage that the FBI recovered anyway. There's a lost dog. There's Amazon. There's a company called Flock Safety that you need to know about. And there's a question worth asking before you go home and look at your front door. They sold you a puppy. They built a network. Support the show [https://www.buzzsprout.com/622234/support]

S7, E265 - Don’t Trust, Verify: Even Your Update Button Might Be Lying

Send us Fan Mail [https://www.buzzsprout.com/622234/fan_mail/new] Autonomy sounds like progress until the system turns your choices against you. We dive into how AI agents change the risk equation, why “don’t trust, verify” now beats “trust but verify,” and what to do when the update button itself becomes the attack vector. We start with the Ivy League leak tied to Harvard and UPenn, where attackers exposed admissions hold notes that map influence rather than credit cards. That context turns routine records into leverage for extortion, social pressure, and geopolitical targeting. From there, we trace the surge of agentic AI in the workplace as employees paste code, legal docs, and sensitive files into chat interfaces. The real accelerant is MCP, the model context protocol that standardizes connections across Google Drive, Slack, databases, and more. Like USB for AI, MCP makes integration simple and powerful, but a single prompt injection can pivot across everything the agent can reach. Security gets messier with supply chain compromise. A China‑nexus campaign allegedly hijacked the Notepad++ update mechanism, handing a bespoke backdoor to developers who did the right thing. We unpack how to keep patching while reducing risk: signed updates, independent checksum checks, tight egress policies for updaters, and strong monitoring around update flows. On the policy front, Rhode Island’s vendor transparency rule forces companies to name who buys data. It is a nutrition label for privacy, and it lets users and watchdogs finally connect the dots between friendly interfaces and aggressive brokers. We close with concrete defenses that raise the floor. Move high‑value accounts to FIDO2 hardware keys or platform passkeys to block phishing at the protocol level. Scope agent permissions narrowly, isolate MCP connectors by function, and require explicit approvals for sensitive actions. Log everything an agent touches and review those trails. Autonomy should be earned, minimal, and observable. If AI is going to act on your behalf, it must prove itself at every step. If this conversation helps you think differently about agents, influence mapping, and how to lock down your stack, subscribe, share with a teammate, and leave a quick review telling us the one control you plan to implement this week. Support the show [https://www.buzzsprout.com/622234/support]