Digital Privacy & Protecting Your Data

Captain

Race the rudders. Race the sails. Race the sails.

First Mate

Captain, an unidentified ship is approaching.

Dr. Samantha Amin

Over.

Captain

Roger. Wait. Is that an enterprise sales solution?

First Mate

Reach sales professionals, not professional sailors. With LinkedIn ads, you can target the right people by industry, job title, and more. We'll even give you a $100 credit on your next campaign. Get started today at LinkedIn.com results, terms and conditions apply.

Eva Galperin

Foreign.

Dr. Samantha Amin

Welcome back. Or if it's your first time here, glad you made it. I'm Dr. Samantha Amin, and this is Curiosity Weekly. This episode is packed with cool science. So let's get into it. We're going to talk about a man who's been bitten by snakes a lot. Like, over 200 times. But here's the wild part. His blood might actually be the key to a powerful new antivenom. Oh, we're going full science thriller on that one. Then we're diving into something that affects pretty much all of us. Digital privacy.

Eva Galperin

It is possible to have both privacy and convenience, because privacy is not black and white. Privacy is having control over your data and making decisions about who gets to see it and under what circumstances. Privacy is about control.

Dr. Samantha Amin

That's cybersecurity expert Eva Galperin. I'll talk with her about how much access others want to really have to your digital world and what's being done behind the scenes, from surveillance tech to data profiling, whether you know it or not. And also, I want to tell you about tiny new nuclear batteries. You heard that, right? What does that mean for energy, safety and the future of, well, everything that runs on power. But before we get into that, hey, we need to hear from you. Go over to the reviews on Apple podcasts and drop a question there. Seriously, tell us what you want to learn about, whether it's tech, science, weird inventions, digital rights, whatever's on your mind. We read every single one of them, and we'll pick a few to answer right here on the show. So hit that review button and ask away. Okay, so now nuclear batteries. Researchers are working on batteries that could power your small devices for 50 years without ever needing a charge. Imagine that, 50 years. No plugs, no power banks. Although it will definitely depend on how much the device draws. This type of battery wouldn't be like the lithium ion batteries that we're all used to, the ones that are currently in a lot of our favorite devices. It's a special type of battery called a nuclear battery. Now, don't worry, I know it has the word nuclear in it, but it uses a relatively safe radioactive material called Nickel 63, packed into a tiny module and then it has a diamond semiconductor fancy. Now, these types of radioactive materials, they decay slowly, so you're just getting a trickle of radiation. And it's easy to encase them in these protective layers. In some cases, that's what the diamond is actually doing and it won't penetrate the skin. It's not high energy enough radioactive material for that, as long as you don't eat it. Pretty good advice when it comes to batteries in general. Some of the current prototypes are really low power, on the order of 100 microwatts. So it will be good enough to light up like a small led, a digital watch, pacemakers. It's the equivalent. If you've ever done the potato battery experiment, it's the same as the amount of energy produced by one potato, at least according to my back of the envelope math. The benefit against the potato is it lasts way longer without rotting. So plus one for the nuclear battery. Now, instead of using chemical reactions like the batteries in your phone or car, Nuclear batteries generate their electricity from the energy released as radioactive isotopes decay. That process can last for decades, which is why these batteries can keep going for so long. So they can go a long time without a charge. Plus they work in extreme temperatures from minus 60 to 120 degrees Celsius. Some of the most likely use cases for this are probably in aerospace, in AI equipment, medical equipment, advanced sensors, small drones and micro robots. Things where you don't want to be changing out a battery very often. And it could be more extreme conditions. From an environmental standpoint, it's great that these batteries can last for so long, but we do have to wonder what happens when they reach the end of their life. Now, the Nickel 63 we talked about earlier eventually turns into a stable non radioactive copper, which is good, easy to dispose of. And if the battery gets crushed or damaged, that wouldn't be so great. But one company, Betavolt, they claim that they make it so that it's puncture resistant, but we want to be really sure of that. A lot of countries are racing to create the first scalable nuclear battery. There's Betavolt out of China. They made a battery called the BV100. US and Europe are also trying to make their own versions. And recently a Korean research group presented their research in this field as well. NASA has also used similar nuclear batteries called RTGs, radioisotope thermoelectric generators. These are used to power Mars rovers and deep space probes. They use the heat from radioactive decay, which is a little different from what happens in these nuclear batteries that are being tested now. The newer nuclear batteries use betavoltaic conversion. Okay, that is a lot of words, and I'm no physicist, so let's break it down together. A radioisotope decays that releases these fast moving electrons called beta particles, whatever. So you get these fast moving electrons. These will hit a semiconductor, and in this case, it's diamond. That excites the diamond's electrons, getting them moving. An electric field guides this motion, producing a steady current. So you get the decay fast moving electrons moving things around in the diamond electric field, putting that movement into a steady direction to give us a current boom energy. Now, all of this radioactively driven energy is packed into a tiny battery that's about the size of a small coin, but a bit thicker. If you picture stacking up like 4 pennies, it's smaller than that. Now, as with any new tech, there are still big questions to answer about safety and the environment. So let me know what you think. Would you use a nuclear battery in your phone? Go to the review section on Apple podcasts and let us know.

Captain

Race the rudders. Race the sails. Race the sails.

First Mate

Captain, an unidentified ship is approaching.

Eva Galperin

Over.

Captain

Roger, wait. Is that an enterprise sales solution?

First Mate

Reach sales professionals, not professional sailors. With LinkedIn ads, you can target the right people by industry, job title, and more. We'll even give you a $100 credit on your next campaign. Get started today at LinkedIn.com results, terms and conditions apply.

Dr. Samantha Amin

Think about this. Our phones, laptops, and cloud accounts are like digital diaries. Not just diaries, digital. They're more like vaults that hold nearly every detail of our lives. Now imagine this. You're going through airport security. You've packed light. Everything's on your phone, your boarding pass, your messages, your travel plans and reservations. Even that late night selfie you weren't sure about. A border agent asks to see your device. Maybe they want to scroll through your photos. Maybe they want your passcode. Suddenly, it hits you. They're not just holding your phone. They're holding a window into your private world. Your location, history, personal conversations, health, data, work, emails, saved passwords. It's all there. And the truth is, in that moment, you might not have as much control as you think. It's easy to assume our data is secure behind passwords and encryption. But the rules around digital privacy are changing fast and often without us realizing. The question is not whether our data is being collected, it's definitely is, but how. Your data is structured, interpreted, and then used. It's where science and engineering meet in your life every day. And that's surveillance. It works behind the scenes, quietly monitoring you. The data extraction and device fingerprinting to machine learning models that infer your identity. Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation. Her work focuses on how these surveillance systems operate and how digital vulnerabilities are exploited, exploited across platforms and devices. She's got a lot you want to pay attention to. Welcome to Curiosity Weekly, Eva.

Eva Galperin

Thank you for having me.

Dr. Samantha Amin

Let's start with the basics here. What do we actually mean when we talk about digital privacy?

Eva Galperin

Well, to begin with, what we're mostly talking about is just all of the data that is created about you and that is stored on your devices or in at other companies or on other platforms that we sort of create every day. And this can be our. Our passwords to our accounts, the messages that we send to one another, the photos that we take and we send back and forth, information about our location and the location of our devices. The things that we are buying are financial and information about your web browsing, where you are going every day, and what you're looking at and what you're searching for and what you're buying. And all of this adds up to a very nuanced picture of who you are for the people who have access to this kind of data. Just because all of this information is available to your phone doesn't mean that all of this information is available to everybody all the time. One of the things that kind of makes people into privacy and security nihilists is they hear this long list of things that your phone can possibly pick up and they say, well, why should I bother trying to protect anything? Because the government could see everything all the time anyway. And that is simply not true.

Dr. Samantha Amin

Okay, good to know, because I feel that way sometimes.

Eva Galperin

Yeah, trying to protect everything from everybody all the time is a good way to drive yourself crazy and to exhaust yourself. But if you understand where your data is located and who can get what under what circumstances, you can take certain steps to mitigate the access for the things that you are particularly concerned about, and you can mitigate that access against the people that you are concerned about. So trying to secure your phone for crossing a border is very different from trying to secure your phone from just like random hackers that are trying to get their hands on your financial data by sending you text messages saying that, that you need to make a remote tax payment, or there's something up with your fast track for crossing the bridge, or you have gotten some sort of ticket. These are extremely different threats, and the things that you do in order to protect them are very different from one another. But you don't have to protect everything from everybody all the time.

Dr. Samantha Amin

In addition to the digital nihilism, another reason why people may kind of feel defeated or not care as much about digital privacy is because they'll say, well, I have nothing to hide, so who cares? What's your response to that?

Eva Galperin

Everybody has something to hide. We, we lock our doors, we close our curtains, we wear clothes there. Everybody absolutely has something to hide. And even if you don't have anything to hide, and mind you, the people who say this never want to hand over their password to me.

Dr. Samantha Amin

For some reason that's fair. I mean, at the very least, perhaps your bank information is something we might all want to hide.

Eva Galperin

Yes, yeah, absolutely. Everybody has something to hide. And furthermore, even if you are God's chosen creature that will hide nothing, does that mean that your friends have nothing to hide? Does that mean that your family has nothing to hide? All of your associates have nothing to hide? I do have the right to make that choice for other people. And the answer is no.

Dr. Samantha Amin

Thinking a little bit more about all of the data that's being collected and how some of it is behind a password or encrypted. Are there scientific or engineering limits of those tools beyond it? Just end to end encryption, beginning and ending on someone's phone?

Eva Galperin

Well, this isn't really a limit. This is the tool behaving the way that it's supposed to behave. The entire purpose of end to end encryption is to prevent your conversation from being spied on by third part parties in the middle, by the people who run the platform, or the people at the ISP or the people at the government. The conversation is happening only on your device and the devices of the people that you are talking to. This is not a failure or a limitation of science. This is a tool doing exactly what it's supposed to do. The reason why you want to have more than one factor of authentication is because passwords are frequently stolen and leaked. This is why reusing passwords is such a bad idea. You want your passwords to always be strong and unique. But more importantly, even if your password is garbage, you want to make sure that even if somebody does have your password, they still can't get into your account because they don't have that second factor of authentication. Now, frequently the second factor of authentication comes in the form of an SMS or a text message. And the problem with that is that SMS and text messages are not end to end encrypted at all. This is not a secure method of communication. Again, in the interest of talking about, whenever you talk about whether or not something is private or something is secure, you should ask from whom? Against whom. In this particular case, the vulnerability that these messages have is that you are not safe against anybody at the isp. You are not safe against anybody at the government or somebody who can show up with like a warrant or a subpoena asking for the contents of that text message. Very recently there was a very famous hack that took place, or rather it happened some time ago, but the US Government didn't realize it until several years in. It turned out that hacking group in, in the Chinese government, which is referred to as Salt Typhoon, had been buried deep inside our communications infrastructure for years with full access to all of our SMS and text messages. And so that would allow them to get the second factor of authentication for people that the Chinese government is watching and to get into their accounts.

Dr. Samantha Amin

Wow, that's massive. Why didn't I hear more about that story?

Eva Galperin

It was a very big deal. It is in fact still a very big deal. And one of the reasons why we're not hear about it is because the part of the government that was in charge of investigating this and securing our infrastructure against it is an organization called cisa. And CISA was, is still one of the parts of the government that has been very thoroughly gutted by doge. So Trump fired almost everybody.

Dr. Samantha Amin

One of the things you mentioned is trying to keep in context who is something private from. So what about when you use private browsing or turn off tracking, you can still be identified. How does that work in the grand scheme of things?

Eva Galperin

There's a lot of misunderstanding about what incognito mode does in browsing and who it protects you from. So really all that private browsing does is it prevents your particular, your browsing window from being associated with any of the other browsing that you have done. If you log in to your account, which is jane doegmail.com and you are Jane Doe, it will still be possible to come to the conclusion that you are Jane Doe.

Dr. Samantha Amin

Fair. And then cookies that you use, you know, a lot of us, guilty, please don't be mad at me, we just click accept all cookies. Those are building a profile on me and kind of understanding my behaviors as well.

Eva Galperin

Good news, good news about cookies to begin with. So one of the reasons why you get this little pop up saying, do you accept all cookies? And it's usually a Pop up designed to make it as difficult for you to not accept cookies as possible is a law in the EU called the gdpr and it basically operates on sort of a opt in model. But if everybody is essentially forced to opt in, then your opt in is kind of meaningless. Fortunately, there is a browser extension called Privacy Badger which EFF makes and it eats cookies. So even if you have accepted all the cookies, then the browser extension simply sits there and blithely deletes them, preventing the website from using them in order to track you and figure out where else it is you're going and draw conclusions about who you are based on that information.

Dr. Samantha Amin

That is good news. And it comes like it's so cute the way that they branded that to eat the cookies. I will remember that and definitely need to download it. Are there any other tips you have for the average person? Simple actions they can take to take their cybersecurity a little more seriously?

Eva Galperin

Well, there's really some basic hygiene, the digital privacy and security equivalent of eating your vegetables and washing your hands. What you should be doing is you should have a password manager. All of your passwords should be in your password manager.

Dr. Samantha Amin

I have that.

Eva Galperin

Cool. Cool. Your passwords should be strong. And what makes a strong password is a long password, not a password with lots of different letters and special characters in it and all that kind of stuff. That doesn't affect the entropy. Now we're getting into science. But what does affect the level of entropy is how long it is. Usually what I recommend to people is that your password should actually be a passphrase. And that passphrase should be like five or six words long. And those words should be chosen at random. That's one of those things that a password manager can do for you. Because there are like five or six words chosen at random. It becomes a lot easier to remember that password when you have to enter it. So you want long, strong, unique passwords for every account. And then you want to turn on the highest level of two factor authentication that you are comfortable using. So text message better than nothing, unless you're up against the Chinese government. Then next from Text Message, you want to use an authenticator app. So something like Authy or Google Authenticator. There are also authentication apps built into certain password managers. I think Both Bitwarden and 1Password have authenticator apps built into them, so I recommend those. And then the next strongest thing is a physical key. Physical keys are really great for accounts that you really want to protect, but. But specifically they're really good for protecting you against, against hackers, against some stranger that's never going to get their hands on your device? If you are worried about somebody who has physical access to your stuff, then a key actually makes things easier because, you know, you put the key on your keychain and they just get their hands on your phone and your keychain, they have managed to get in, or they simply run off with your keychain and they add another, another device to your account. You, you don't want that. So in like domestic abuse situations, I do not recommend these, these kinds of keys. But if you want to protect yourself against hackers, against governments, then a security key is, is a very good idea and is the appropriate mitigation.

Dr. Samantha Amin

Last thing I want to ask you, Are there any trends you're seeing, things that are changing, things that we should really focus on going forward, or new things on the horizon to make sure digital privacy even easier?

Eva Galperin

Well, one of the things that I think people really need to talk about is harassment and harassment online and also sharing other people's information online. Again, I think it's really important for people in relationships to talk about when it is appropriate to share information about themselves, but also to understand that you're not necessarily going to be in your relationships forever and you should talk about like what is appropriate, what is and is not appropriate when you no longer trust that person. So you might want to be sending your messages over, disappearing messages so that that person can't necessarily save your selfie. And that's, that's definitely something to discuss. Or if you are sharing an account, you want to make it very easy to lock that person out of any kind of sensitive accounts after you have a breakup. This is especially important if, if you are sharing a home that has a bunch of IoT devices in it, or if you are trying to parent a child together in the middle of a divorce, things can get really contentious. So that's a big thing that I think that people should talk about. And also increasingly people are really concerned about crossing borders where the border crossing situation is fraught with peril. And the rules about what you should and should not be doing and what your rights are appear to be changing every day. And the extent to which what the law thinks your rights are even matters also appear to be changing every day, which is pretty disturbing. So one of the things that I am doing this month is writing a border crossing guide. And it's really difficult because essentially what I have to do is I have to, I have to plan for the best. Sorry, I have to plan for the worst case scenario.

Dr. Samantha Amin

I will be keeping an eye out for that because I think it's something that we should certainly all be paying attention to and thinking about. Unfortunately, more these days border crossing is.

Eva Galperin

One of those situations in which thinking about who you are and what you want to protect and who you want to protect it from is particularly important because there are different groups with different levels of risk. For example, if you are coming from outside of the United States into the United States for something work related and they may question your visa at the border. That's a situation in which you really want to think about what your what is on your devices and what kind of information is easily available about you on your on your social media accounts or if you live in the United States and you are you are here illegally, or even if you are here on a student visa now and you took part in the Gaza protests over the course of the last year, those are all things to be really concerned about right now.

Dr. Samantha Amin

Those are helpful tips. Thank you. How do you feel about the trade offs between convenience and privacy? Is it possible to have both?

Eva Galperin

Yes, it is possible to have both privacy and convenience because privacy is not black and white. Privacy is not one of those situations where you either have privacy or you don't. The door is locked or it is unlocked. Privacy is having control over your data and making decisions about who gets to see it and under what circumstances. Privacy is about control and I think that is something that we can deliver to people and when people have controlled, they can decide what level of convenience is important to them and what level of risk they're willing to take in different circumstances.

Dr. Samantha Amin

Fantastic. Thank you so much Eva for joining us. I'm going to start this topic with one of the more interesting content warnings I've ever given out. Snake bites are bad. Please do not try to get bitten by a snake. Avoid venomous snake bites at all costs. Okay, now that we got that out of the way, onto the story. Venomous snake bites are a global problem that many of us are lucky enough to not have to think about on a daily basis, but we definitely should be thinking about it. For some venomous snakes, an antivenom drug can be life saving. But antivenoms aren't available for all venomous species and antivenom research hasn't kept up with the growing need. Antivenom these days is actually made basically the same way it was around 130 years ago. That's where Tim Fried comes in. Now you may have heard of him before. He's an Avid snake collector and a unique presence in the field of immunology. And when I say unique, what I mean is he collects deadly snakes and lets them bite him a lot to the tune of over 200 times in the last 25 years. And that doesn't even count the over 600 times that he's injected himself with snake venom to build his immunity. Can I say again, do not do this at home. Tim is, in his words, a non degree scientist. Tim's been in the media a lot, so over the years, a few researchers reached out to ask him to participate in antivenom studies. Nothing ever really worked out until Dr. Jacob Glanville and Dr. Peter Kwong read about Tim's story. Dr. Glanville is the chief executive of the biomedical firm Centivax. His goal is to create a universal antivenom, one that can be used for all of the roughly 600 venomous snake species. Right now, each antivenom only protects against a few species from one region at a time. Now, Dr. Glanville and his team took Tim's meticulous notes from over the years, along with some of his blood. And this goes without saying, but this was only after careful review from an ethics board and informed consent from Tim Fried. Dr. Glanville's team isolated the antibodies from Tim's blood and tested them against toxins from the Elapidae family of snakes. Elapids include mambas, death adders and various types of cobras. Their venom is used to paralyze prey. It contains both short chain and long chain alpha neurotoxins, which disrupt a receptor muscle cells use to contract, blocking communication between nerves and muscles. And that leads to muscle paralysis and as a result, respiratory failure. Then the team took the most promising of Tim Fried's antibodies and tested them on mice that were given a lethal dose of snake venom. What they found was there were two antibodies from Tim's blood that could bind to both short and long change neurotoxins. And when combined with a broad acting small molecule, the cocktail provides full protection against 13 Elapidae snake species and partial protection against the rest of the species in that snake family. This is a first step when it comes to producing a universal antivenom. But there's still a long way to go to see if it can be produced at an industrial scale and at an affordable price. So Dr. Glanville's team is heading to Australia to work with veterinary clinics who treat dogs who've been bitten by snakes. There, they can test their antivenom in a more real world scenario. And don't worry if the dogs don't respond to the treatment quickly, they'll be with a vet who can give them the traditional antivenom treatment. For now, Tim Fried says he's given up on snakebites in hopes that all his research can be used to save lives for Warner Bros. Discovery. Curiosity Weekly is produced by the team at Wheelhouse DNA. The senior producer and editorial correspondent is Teresa Carey, our producer is Chiara Noni, our audio engineer is Nick Karisimi, and head of Production for Wheelhouse DNA is Cassie Berman. And I'm Dr. Samantha Yamin. Thanks for listening.

Raj Panjabi

Hi, I'm Raj Panjabi from HuffPost.

Noah Michelson

And I'm Noah Michelson, also from HuffPost.

Raj Panjabi

And we're the hosts of Am I Doing It Wrong? A new podcast that explores the all too human anxieties we have about trying to get our lives right.

Noah Michelson

Each week on the podcast, Raj and I pick a new topic that we want to unlock, understand better, and bring a guest expert on to talk us through how to get it right.

Raj Panjabi

And we're talking like legit credible experts.

Noah Michelson

Doctors, PhDs all around, superheroes from HuffPost and Acast Studios. Check out Am I Doing It Wrong? Wherever you get your podcasts.