Who's Watching: A Practical Guide to Digital Privacy and Cybersecurity

privacycybersecuritydigital-privacy

Most people think about digital security in terms of passwords and scams — the threats that require them to do something wrong. The more uncomfortable reality is that the most systematic privacy violations are perfectly legal, commercially incentivized, and baked into devices and platforms that people choose to use. Corn and Herman have built up a serious collection of episodes on how digital tracking actually works, what the real threat models look like, and which security tools do and don’t deliver what they promise.

Encrypted Messaging: What It Actually Means

  • Secure Messaging: Beyond the Buzzwords started with the most misused phrase in consumer security. “End-to-end encryption” appears on the marketing materials of messaging apps with wildly different security properties. The episode unpacked what E2EE actually means technically, what metadata it doesn’t protect (who you talked to, when, how often, and from where), and why the choice of messaging platform matters even when all the contenders claim encryption. The hosts ranked the major platforms honestly and explained the tradeoffs.

The VPN Problem

  • VPNs: Privacy Myth vs. Reality took on one of the most effectively marketed privacy products in consumer tech. VPNs do one specific thing: they shift your traffic from your ISP’s view to your VPN provider’s view. Whether that’s a privacy gain depends entirely on whether your VPN provider is more trustworthy than your ISP — a question that most users haven’t asked. The episode examined the actual threat model VPNs address, the threats they don’t address at all, and the cases where using one actually increases your exposure.

The Data Broker Economy

  • Your Life for Sale: Navigating the Data Broker Economy exposed the $430 billion industry that exists specifically to compile and sell personal information. Data brokers aren’t primarily buying your data from companies you’ve heard of — they’re aggregating public records, purchase data, location history, court filings, voter registrations, and hundreds of other sources into profiles that contain information most people don’t realize exists about them. The episode covered what data brokers know, who buys it, and the practical steps that can reduce your exposure.

Metadata: The Data You Don’t See

  • The Digital Shadow: Uncovering the Power of Metadata made the case that metadata — the information about your files and communications rather than their content — is often more revealing than the content itself. A photo’s EXIF data encodes the precise GPS location, timestamp, and device model; an email header records the IP addresses it traversed; a document’s revision history tracks every edit with timestamps and user identifiers. The episode examined how metadata is used forensically, commercially, and by intelligence agencies, and why encryption alone is insufficient protection.

What Your Devices Do When You’re Not Looking

  • The Telemetry Trap: Why Your Devices Won’t Stop Talking examined the constant data transmission that modern software performs in the background. The episode distinguished between legitimate telemetry (crash reports that improve software quality) and aggressive data collection (behavior tracking, usage profiling, and the monetization of “anonymized” data that is routinely re-identified). Smart cameras, mobile apps, and connected devices all have telemetry behavior that most users have never examined. The hosts covered network-level monitoring as a practical way to see what’s actually leaving your home.

The Threats That Don’t Need You to Click Anything

  • The Invisible Hack: The Rise of Zero-Click Exploits described the category of attack that renders conventional security advice irrelevant. Zero-click exploits compromise a device without any user interaction — no link to click, no attachment to open, no password to steal. They work by finding vulnerabilities in the code that processes incoming data: the rendering engine that parses a malformed image, the SMS handler that processes a specially crafted message. The episode covered the documented cases (NSO Group’s Pegasus is the most prominent), the target population (journalists, activists, executives), and the practical implications.

Air-Gapped AI: Physical Isolation as Security

  • Digital Vaults: The Mainstream Rise of Air-Gapped AI looked at the increasing adoption of fully isolated computing environments for sensitive AI workloads. Air-gapping — physically disconnecting a system from all networks — was once reserved for classified government systems and critical infrastructure. The 2026 landscape has changed: local AI inference capable of running serious models has become accessible enough that organizations handling sensitive data are choosing hardware isolation over cloud convenience. The episode examined the use cases driving adoption and the genuine security guarantees air-gapping provides.

The Travel Router: A Privacy Tool’s History

  • From Hotel Hacks to Digital Resistance: The Travel Router traced the evolution of a surprisingly significant privacy device. Travel routers started as a way to share a single hotel ethernet connection across multiple devices and have become a tool for creating a trusted private network in untrusted environments — hotels, conference centers, coworking spaces. Running a travel router with a VPN or firewall rules means that every device connecting through it benefits from the protection, without requiring per-device configuration. The episode covered the history, the leading hardware, and how to configure one usefully.

Biometrics and Authentication

  • The Voice Biometric Dilemma: Security in the Age of AI examined the gap between facial recognition and voice recognition as security mechanisms. Face ID uses depth-sensing cameras that create a mathematical 3D model of your face; AI voice cloning can replicate vocal characteristics from minutes of audio. The episode explored why voice authentication has lagged despite seeming like an obvious interface, the spoofing resistance required for it to be trustworthy, and where it’s actually being deployed successfully despite the challenges.

  • The SMS Paradox: Why 2FA’s Weakest Link Still Persists addressed a frustrating reality in authentication security. Hardware security keys are technically more secure than any SMS-based two-factor authentication by a substantial margin. Yet SMS 2FA remains the backbone of account security for most online services. The episode explained why — SIM swapping attacks, SS7 protocol vulnerabilities, and the persistence of phone numbers as a universal identity proxy — and what the realistic upgrade path looks like for people who want better authentication without disrupting their entire digital life.

Digital privacy isn’t primarily about being targeted by a sophisticated adversary. It’s about understanding the commercial and technical systems that have been built around your data — and making deliberate choices about what you share, with whom, and under what conditions. These episodes replace the noise of security marketing with an accurate picture of the actual threat landscape.

Episodes in this playlist

February 2026
#704 The Unkillable SMS: Security vs. Access Why do we still rely on 1980s tech to secure our bank accounts? Explore the dangerous paradox of SMS-based two-factor authentication. Feb 19, 2026
#659 Why Voice Is the Fusion Power of Biometrics Explore why voice biometrics hasn't replaced Face ID and how generative AI is making "voice prints" a massive security risk. Feb 17, 2026
January 2026
#381 Is Your Phone Hacking Itself? Imagine getting hacked without ever clicking a link. Herman and Corn explore the terrifying world of zero-click exploits and Pegasus spyware. Jan 30, 2026
#331 From Hotel Hacks to Digital Resistance: The Travel Router Discover how a hotel billing hack became a tool for digital resistance and how a Linksys "accident" changed internet privacy forever. Jan 28, 2026
#266 The Telemetry Trap: Why Your Devices Won't Stop Talking Herman and Corn dive into the hidden world of telemetry, exploring why our devices phone home and whether "anonymous" data is actually a myth. Jan 21, 2026
#254 Why Your Metadata Is Louder Than Your Message Every file has a digital shadow. Discover how metadata tracks your life, from ancient libraries to modern AI surveillance. Jan 20, 2026
#222 Your Life for Sale: Navigating the Data Broker Economy Discover how a $430 billion industry tracks your every move and learn the steps you can take to reclaim your digital privacy in 2026. Jan 13, 2026
#168 The Sneakernet Renaissance: Living Without the Cloud Discover why air-gapping is going mainstream in 2026 and how organizations are securing local AI models using "digital vaults." Jan 4, 2026
December 2025
#73 VPNs: Privacy Myth vs. Reality VPNs: privacy savior or marketing hype? We expose the truth behind the grand claims and technical realities. Dec 22, 2025
#35 The Privacy Gap: What Your Messaging App Isn't Telling You Is your secure messaging truly private? We expose the hidden truths behind E2EE, cloud backups, and corporate ownership. Dec 8, 2025