MWP

Who's Watching: A Practical Guide to Digital Privacy and Cybersecurity

privacycybersecuritydigital-privacy

Most people think about digital security in terms of passwords and scams — the threats that require them to do something wrong. The more uncomfortable reality is that the most systematic privacy violations are perfectly legal, commercially incentivized, and baked into devices and platforms that people choose to use. Corn and Herman have built up a serious collection of episodes on how digital tracking actually works, what the real threat models look like, and which security tools do and don’t deliver what they promise.

Encrypted Messaging: What It Actually Means

  • Secure Messaging: Beyond the Buzzwords started with the most misused phrase in consumer security. “End-to-end encryption” appears on the marketing materials of messaging apps with wildly different security properties. The episode unpacked what E2EE actually means technically, what metadata it doesn’t protect (who you talked to, when, how often, and from where), and why the choice of messaging platform matters even when all the contenders claim encryption. The hosts ranked the major platforms honestly and explained the tradeoffs.

The VPN Problem

  • VPNs: Privacy Myth vs. Reality took on one of the most effectively marketed privacy products in consumer tech. VPNs do one specific thing: they shift your traffic from your ISP’s view to your VPN provider’s view. Whether that’s a privacy gain depends entirely on whether your VPN provider is more trustworthy than your ISP — a question that most users haven’t asked. The episode examined the actual threat model VPNs address, the threats they don’t address at all, and the cases where using one actually increases your exposure.

The Data Broker Economy

  • Your Life for Sale: Navigating the Data Broker Economy exposed the $430 billion industry that exists specifically to compile and sell personal information. Data brokers aren’t primarily buying your data from companies you’ve heard of — they’re aggregating public records, purchase data, location history, court filings, voter registrations, and hundreds of other sources into profiles that contain information most people don’t realize exists about them. The episode covered what data brokers know, who buys it, and the practical steps that can reduce your exposure.

Metadata: The Data You Don’t See

  • The Digital Shadow: Uncovering the Power of Metadata made the case that metadata — the information about your files and communications rather than their content — is often more revealing than the content itself. A photo’s EXIF data encodes the precise GPS location, timestamp, and device model; an email header records the IP addresses it traversed; a document’s revision history tracks every edit with timestamps and user identifiers. The episode examined how metadata is used forensically, commercially, and by intelligence agencies, and why encryption alone is insufficient protection.

What Your Devices Do When You’re Not Looking

  • The Telemetry Trap: Why Your Devices Won’t Stop Talking examined the constant data transmission that modern software performs in the background. The episode distinguished between legitimate telemetry (crash reports that improve software quality) and aggressive data collection (behavior tracking, usage profiling, and the monetization of “anonymized” data that is routinely re-identified). Smart cameras, mobile apps, and connected devices all have telemetry behavior that most users have never examined. The hosts covered network-level monitoring as a practical way to see what’s actually leaving your home.

The Threats That Don’t Need You to Click Anything

  • The Invisible Hack: The Rise of Zero-Click Exploits described the category of attack that renders conventional security advice irrelevant. Zero-click exploits compromise a device without any user interaction — no link to click, no attachment to open, no password to steal. They work by finding vulnerabilities in the code that processes incoming data: the rendering engine that parses a malformed image, the SMS handler that processes a specially crafted message. The episode covered the documented cases (NSO Group’s Pegasus is the most prominent), the target population (journalists, activists, executives), and the practical implications.

Air-Gapped AI: Physical Isolation as Security

  • Digital Vaults: The Mainstream Rise of Air-Gapped AI looked at the increasing adoption of fully isolated computing environments for sensitive AI workloads. Air-gapping — physically disconnecting a system from all networks — was once reserved for classified government systems and critical infrastructure. The 2026 landscape has changed: local AI inference capable of running serious models has become accessible enough that organizations handling sensitive data are choosing hardware isolation over cloud convenience. The episode examined the use cases driving adoption and the genuine security guarantees air-gapping provides.

The Travel Router: A Privacy Tool’s History

  • From Hotel Hacks to Digital Resistance: The Travel Router traced the evolution of a surprisingly significant privacy device. Travel routers started as a way to share a single hotel ethernet connection across multiple devices and have become a tool for creating a trusted private network in untrusted environments — hotels, conference centers, coworking spaces. Running a travel router with a VPN or firewall rules means that every device connecting through it benefits from the protection, without requiring per-device configuration. The episode covered the history, the leading hardware, and how to configure one usefully.

Biometrics and Authentication

  • The Voice Biometric Dilemma: Security in the Age of AI examined the gap between facial recognition and voice recognition as security mechanisms. Face ID uses depth-sensing cameras that create a mathematical 3D model of your face; AI voice cloning can replicate vocal characteristics from minutes of audio. The episode explored why voice authentication has lagged despite seeming like an obvious interface, the spoofing resistance required for it to be trustworthy, and where it’s actually being deployed successfully despite the challenges.

  • The SMS Paradox: Why 2FA’s Weakest Link Still Persists addressed a frustrating reality in authentication security. Hardware security keys are technically more secure than any SMS-based two-factor authentication by a substantial margin. Yet SMS 2FA remains the backbone of account security for most online services. The episode explained why — SIM swapping attacks, SS7 protocol vulnerabilities, and the persistence of phone numbers as a universal identity proxy — and what the realistic upgrade path looks like for people who want better authentication without disrupting their entire digital life.

Digital privacy isn’t primarily about being targeted by a sophisticated adversary. It’s about understanding the commercial and technical systems that have been built around your data — and making deliberate choices about what you share, with whom, and under what conditions. These episodes replace the noise of security marketing with an accurate picture of the actual threat landscape.

Episodes Referenced

#35 Secure Messaging: Beyond the Buzzwords Dec 8, 2025
#73 VPNs: Privacy Myth vs. Reality Dec 22, 2025
#222 Your Life for Sale: Navigating the Data Broker Economy Jan 13, 2026
#254 The Digital Shadow: Uncovering the Power of Metadata Jan 20, 2026
#266 The Telemetry Trap: Why Your Devices Won't Stop Talking Jan 21, 2026
#381 The Invisible Hack: The Rise of Zero-Click Exploits Jan 30, 2026
#168 Digital Vaults: The Mainstream Rise of Air-Gapped AI Jan 4, 2026
#331 From Hotel Hacks to Digital Resistance: The Travel Router Jan 28, 2026
#659 The Voice Biometric Dilemma: Security in the Age of AI Feb 17, 2026
#704 The SMS Paradox: Why 2FA’s Weakest Link Still Persists Feb 19, 2026