Black Friday is just around the corner, which marks the unofficial launch of the holiday shopping season. As you’re considering what gifts to give to your loved ones this year, I want to make sure you’re thinking about the privacy and security aspects. To that end, I have updated my annual Best and Worst Gift Guide and I will go over the highlights in this episode for my Tip of the Week. But I also have a special new gift idea this year: security and privacy coupons that you can download and give to your loved ones!

In the news: USPS tells customers to avoid using the big blue mailboxes for gifts and important letters during the holiday season; Google pays nearly $400M fine to 40 states who sued over location tracking; Medibank refuses to pay ransom for data and criminals are starting to leak sensitive medical records online; TransUnion reports a data breach; FBI director warns that TikTok is a national security risk; Lenovo laptops are exposed to UEFI malware risks (update now); a mysterious company with government ties and a history of spying has become a root certificate authority; the British government is scanning its citizens devices looking for vulnerabilities in hopes of fixing them; almost 50% of all Mac malware can be traced to a single, security application; Apple apps are sending tons of analytics data to Apple even when analytics are disabled; I answer a listener question (Dear Carey) about the best Mastodon clients, in the wake of the Twitter collapse.

1. [Lifehacker] Avoid Using Blue Mailboxes During the Holidays, USPS Warns https://lifehacker.com/avoid-using-blue-mailboxes-during-the-holidays-usps-wa-1849773201
   
2. [The Hacker News] Google to Pay $391 Million Privacy Fine for Secretly Tracking Users’ Location https://thehackernews.com/2022/11/google-to-pays-391-million-privacy-fine.html
   
3. [CPO Magazine] Medibank Refuses Ransom Payments, Hackers Leak Stolen Health Data to Dark Web https://www.cpomagazine.com/cyber-security/medibank-refuses-ransom-payments-hackers-leak-stolen-health-data-to-dark-web/
   
4. [BGR] TransUnion data breach compromises financial information of consumers https://bgr.com/tech/transunion-data-breach-compromises-financial-information-of-consumers/
   
5. [USA TODAY] FBI director says TikTok poses national security threat, and he’s ‘extremely concerned’ https://www.usatoday.com/story/tech/2022/11/16/tiktok-poses-national-security-threat-fbi/10709987002/
   
6. [Ars Technica] Lenovo driver goof poses security risk for users of 25 notebook models https://arstechnica.com/information-technology/2022/11/lenovo-patches-secure-boot-vulnerabilities-that-imperil-25-notebook-models/
   
7. [The Washington Post] Mysterious company with government ties plays key internet role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
   
8. [Bleeping Computer] British govt is scanning all Internet devices hosted in UK https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/british-govt-is-scanning-all-internet-devices-hosted-in-uk/amp/
   
9. [Tom’s Guide] Almost 50% of macOS malware reportedly comes from single app — delete it now https://www.tomsguide.com/news/new-report-says-nearly-half-of-macos-malware-comes-from-single-app-delete-it-now
   
10. [Gizmodo] Apple Is Tracking You Even When Its Own Privacy Settings Say It’s Not, New Research Says https://gizmodo.com/apple-iphone-analytics-tracking-even-when-off-app-store-1849757558
    
11. Dear Carey: Mastodon clients.
    
    1. https://joinmastodon.org/apps 
       
    2. https://bilge.world/mastodon-ios-apps 
       
    
    

• Best & Worst Gifts for 2022: https://firewallsdontstopdragons.com/best–worst-gifts-2022/
  
• Privacy & Security Coupons: https://fdsd.me/coupons 
  
• Give thanks and donate! https://firewallsdontstopdragons.com/give-thanks-donate/ 
  
• Send me your questions! https://fdsd.me/qna 
  
• Support me! https://fdsd.me/support 
  
• Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/
  
• Check out my book, Firewalls Don’t Stop Dragons: https://firewallsdontstopdragons.com/buy-the-book/ 
  
• Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest 
  
• Generate secure passphrases! https://d20key.com/#/ 
  

Use these timestamps to jump to a particular section of the show.

• 0:00:33: 5th edition update
  
• 0:03:38: QR code scam update
  
• 0:05:03: Twitter and FTX
  
• 0:06:07: News rundown
  
• 0:08:11: USPS says you should avoid blue mailboxes for holiday gifts
  
• 0:10:48: Google to pay $391M privacy fine to settle suit
  
• 0:13:05: Medibank refuses to pay ransom, data starts being posted
  
• 0:17:38: TransUnion data breach
  
• 0:20:46: FBI directory says TikTok is a national security threat
  
• 0:23:40: Lenovo UEFI bug found, patch immediately
  
• 0:27:29: Mysterious company with gov’t ties wants to mint certificates
  
• 0:39:40: British government to scan internet for vulnerable devices
  
• 0:44:29: 50% of Mac malware comes from a single app
  
• 0:47:45: Apple apps track you even with analytics turned off
  
• 0:54:46: Tip of the Week: Best & Worst Gifts
  
• 1:06:20: Security & Privacy Coupons
  
• 1:10:27: Dear Carey: Mastodon client?