Firefox officially rolled out its Total Cookie Protection feature last week, which is a clever and elegant solution for blocking tracking using third party cookies. Unfortunately… it doesn’t seem to be working for me when I tested it. There are at least a couple reasons for why this might be, and a workaround, both of which I will discuss in today’s Tip of the Week.

Also: A drunk employee lost a flash drive with half a million customer’s data in Japan; a TikTok leak appears to show that even with US user data being “moved” to US soil, engineers in China can still access it; a new voicemail scam tries to trick you into giving up your Microsoft account credentials; MEGA fixes several flaws which might allow a rogue employee to view your data; 56 security flaws in industrial systems could impact thousands of devices around the world; Google Password Manager now allows for client-side encryption; Microsoft’s Defender is now available for non-Windows devices (for a fee); T-Mobile is the latest to use its privileged position to hoover up and sell customer data; spyware companies are proliferating; Facebook is receiving sensitive medical info from it’s Meta Pixel; and vacation rentals are sadly great places for spycams, and I’ll help you try to spot them.

1. [The Guardian] Japanese city worker loses USB containing personal details of every resident https://www.theguardian.com/world/2022/jun/24/japanese-city-worker-loses-usb-containing-personal-details-of-every-resident
   
2. [Gizmodo] TikTok Leak Alleges User Data Isn’t Private: ‘Everything Is Seen in China’ https://gizmodo.com/tiktok-china-oracle-bytedance-1849078477
   
3. [Threatpost] Voicemail Scam Steals Microsoft Credentials https://threatpost.com/voicemail-phishing-scam-steals-microsoft-credentials/180005/
   
4. [BleepingComputer] MEGA fixes critical flaws that allowed the decryption of user data https://www.bleepingcomputer.com/news/security/mega-fixes-critical-flaws-that-allowed-the-decryption-of-user-data/
   
5. [BleepingComputer] Icefall: 56 flaws impact thousands of exposed industrial devices https://www.bleepingcomputer.com/news/security/icefall-56-flaws-impact-thousands-of-exposed-industrial-devices/
   
6. [9to5Google] Google Password Manager starts offering on-device encryption on Android, iOS, and Chrome https://9to5google.com/2022/06/21/google-password-on-device-encryption/
   
7. [PCM] WTF? Do I Have to Pay for Microsoft’s Defender Antivirus Now? https://www.pcmag.com/news/wtf-do-i-have-to-pay-for-microsofts-defender-antivirus-now
   
8. [The Verge] T-Mobile is selling your app usage data to advertisers — here’s how to opt out https://www.theverge.com/2022/6/24/23181851/t-mobile-browsing-data-app-insights-marketing-opt-out
   
9. [WIRED] Google Warns of New Spyware Targeting iOS and Android Users https://www.wired.com/story/hermit-spyware-rcs-labs/
   
10. [The Markup] Facebook Is Receiving Sensitive Medical Information from Hospital Websites – The Markup https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites
    
11. [USA TODAY] How to spot hidden surveillance cameras in your Airbnb, VRBO, or vacation rentals https://www.usatoday.com/story/tech/columnist/komando/2022/06/23/how-check-hidden-cameras-airbnb-vrbo-vacation-rentals/7652726001/
    

• Tip of the Week: Total Cookie Protection? https://firewallsdontstopdragons.com/total-cookie-protection/
  
• Cookie Forensics Test: https://www.grc.com/cookies/forensics.htm 
  
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
  
• Become a Patron! https://www.patreon.com/FirewallsDontStopDragons 
  
• Would you like me to speak to your group about security and/privacy? http://bit.ly/Firewalls-Speaker
  
• Generate secure passphrases! https://d20key.com/#/ 
  

Use these timestamps to jump to a particular section of the show.

• 0:02:17: News topic summary
  
• 0:04:47: Drunk worker loses customer data
  
• 0:08:00: TikTok phone call leak
  
• 0:12:04: Microsoft voicemail scam
  
• 0:16:23: MEGA fixes critical encryption flaws
  
• 0:21:28: Icefall vulnerabilities
  
• 0:27:15: Google Password Manager on-device encryption
  
• 0:29:58: MIcrosoft Defender for Individuals
  
• 0:34:25: T-Mobile tracks and sells app usage data
  
• 0:37:10: Spyware industry is rampant
  
• 0:41:14: Facebook getting sensitive medical information
  
• 0:46:21: How to spot hidden spy cameras in vacation rentals
  
• 0:55:16: Tip of the Week: Total Cookie Protection
  
• 1:01:33: 2022 Mid-year goals update
  
• 1:03:06: Preview of upcoming shows
  
• 1:04:00: Dragon coins will start shipping!