Tosh Show – “My Cybersecurity Expert – Alex Stamos”

Host: Daniel Tosh
Guest: Alex Stamos (Former CSO of Yahoo and Facebook, Stanford lecturer, cybersecurity expert)
Date: September 16, 2025

Overview

In this episode, Daniel Tosh sits down with renowned cybersecurity expert Alex Stamos, delving into the modern realities of digital security, hacking, the power struggles in global cyber warfare, digital privacy, AI’s disruptive force, and parenting in the tech age. The conversation weaves Tosh’s irreverent comedic style with Stamos’s insights, producing a fast-paced, educational, and entertaining discussion that unpacks the very real—and sometimes alarming—issues at the intersection of technology and everyday life.

Key Discussion Points & Insights

1. Introducing Alex Stamos & His Background

• Stanford Position:

  • Alex clarifies he’s a “fake professor,” i.e., a lecturer (“They get really pissed if I call myself a professor,” [12:31]).
  • He teaches two classes, one in the fall and one in the spring ([12:52]).

• Upbringing & Family:

  • Grew up in Sacramento, the “Midwest of California”; family roots are Greek, stemming from farming in the Central Valley to moving up the socioeconomic ladder thanks to the GI Bill ([14:35–15:30]).
  • Got into computers early with a Commodore 64 and a 300 baud modem at age eight ([15:38]).

2. Early Hacker Culture vs. Today’s Cybercrime

• The Innocence Is Gone:

  • “Back in those days, hacking was…much more innocent… you couldn’t get into a lot of trouble in the 80s and early 90s.” ([16:25])
  • Early hacking was about removing copy protection to play video games, compared to today’s ransomware and organized cybercrime ([16:25–16:50]).

• Shift to Organized Crime:

  • Modern teenage hackers can end up working for crime syndicates, “knocking over MGM Grand…stealing tens of millions of dollars” ([16:52]).
  • Most cybercrime actors targeting the US operate from Russia, China, or countries that prevent extradition ([17:18]).

3. U.S.-China/Russia Cyberwar & Geopolitics

• Fragile Infrastructure:

  • Stamos: “It’s quite possible. The Chinese have a huge advantage over us than we do over them… There’s a lot of evidence of the Chinese planting backdoors in our infrastructure” ([17:32]).

• How Nation-States Hack:

  • “The people who hack on behalf of the United States are socialists, and the people who hack on behalf of China and Russia are capitalists.” ([18:10])
  • In Russia and China, hackers can profit directly and practice constantly; US hackers are direct government employees ([18:11–19:31]).

• On Cyber Ransom:

  • Ransomware attacks are nearly constant; hackers often ransom companies for exactly what their insurance will pay ([20:02–20:41]).

Quote:
“Often what they’re asking for is how much you’re insured for... ‘Pay us. You have 5 million of insurance. Just pay us the insured amount.’”
—Alex Stamos ([20:15])

4. Consumer Digital Security & Privacy

• Cookies, Tracking & Ad Targeting:

  • Stamos suggests if you care about privacy, use ad blockers; Tosh, typically, “enjoys seeing what they think I might like” but never clicks ads ([20:52–21:34]).
  • “Mark Zuckerberg does not own, like an eighth of Kauai, because nobody clicks on Instagram ads.” ([21:46])

• On Zuckerberg’s Transformation:

  • “Strongly prefer the old Mark. The one I used to know... thoughtful and smart and a really good dad... This new one, I do not know what’s going on.” ([21:56])

5. 2016 Election – Russian Interference & Facebook’s Role

• Acknowledges Missed Cues:

  • Stamos expresses some responsibility for not catching Russian manipulation on Facebook in real time, but pushes back on the idea that “some ads on Facebook is why Trump won” ([22:32–22:57]).
  • “It is a massive simplification to say the Russians are the reason Donald Trump was elected.” ([22:32])

• Hacking vs. Social Manipulation:

  • Russians hacked and leaked Democratic emails, contributing to the “but her emails” scandal ([23:13–25:37]).
  • Interference was more about “stirring up controversy…to get people to fight each other” than just supporting Trump ([23:14]).

6. NSA Mass Surveillance & Edward Snowden

• How It Worked:
  • NSA considered data “not collected” unless a human looked at it—legal backdoor to mass surveillance ([28:02–28:59]).
  • Snowden’s leak had lasting impact: “I have very mixed feelings about what he revealed because there are abuses he revealed the NSA should not have been doing, but he also dumped a bunch of stuff...that was just...the NSA spying on Russia and China because they spy on us.” ([27:27])

7. The State of U.S. Cybersecurity (2025)

• A Decline in Security:
  • Due to political purges and the loss of seasoned experts at CISA, NSA, and FBI, “there’s basically nobody minding the store...we’re on our own again” ([29:04–30:06]).

8. Conspiracy Theories, Competence, and Government

• Conspiracies Overrate Competence:

  • “What’s compelling about conspiracy theories is like, oh, there’s secretly people in charge...Every time I’ve gone actually into the room, I’m like, oh shit. These people have no idea what they’re doing.” ([30:14–30:45])
  • The real “scandal” is often out in the open.

• AI’s ‘Liar’s Dividend’:

  • “If the Access Hollywood tape happened right now, people would just say, ‘That’s not me. That’s AI.’” ([31:45])

9. AI and Code—Promise & Danger

• New Paradigm in Programming:

  • AI tools revolutionize code writing—now engineers act as managers, delegating to several AIs at once ([32:08–33:13]).
  • “Vibe coding” lets non-programmers build full sites with AI, but brings major security risks ([32:01–33:41]).

• On Bitcoin & Ransomware:

  • “If people are transferring bitcoin, the number one use is to pay ransoms. Bitcoin has caused a huge amount of human suffering.” ([34:13])
  • Owning Bitcoin openly makes you a target for criminal kidnapping ([34:29]).

10. Practical Security Advice for Regular People

• Best Devices:

  • Apple products are highly secure; Pixel phones are best among Android devices; for web-only users, a Chromebook is most secure ([35:01–35:33]).

• Home Security Cameras:

  • “Buy...from legit companies...Ring is good, Nest cameras are good...Don’t use super cheap Chinese/Taiwanese cameras with default passwords” ([35:38–36:14]).

• Password Managers > VPNs/LifeLock:

  • “LifeLock is bullshit...The number one thing that people can do for themselves is use a password manager” ([36:19–37:25]).
  • Key risk: reusing the same password, especially for your main email account.

Quote:
“If you use your Gmail…as a password somewhere else…they can take over your entire life and then you’re toast.”
—Alex Stamos ([36:54])

11. AI, Social Impacts & Parenting in a Digital World

• AI Relationships:

  • Not just science fiction—people now routinely forge relationships with AI chatbots, which isn’t always healthy ([38:10–39:24]).
  • Model cards exist for AI risk assessments now, but they struggle to predict these emergent effects ([38:23]).

• Kids and Tech Boundaries:

  • Stamos: “Trust but verify” is the ethos—kids can have phones, but spot checks are a must ([40:01–41:22]).
  • Emphasizes the importance of children knowing they can come to their parents about online problems—predators systematically isolate kids from adults ([41:38–42:37]).

• States of Social Media:

  • Teens are shifting from public social media to private messaging—an overall positive trend ([43:55–44:20]).

• Daniel’s Bribery Parenting Plan:

  • Tosh jokes about denying kids a phone and handing them money at 22 for compliance; Stamos: “You should write a paper and get a PhD in child psych. It’s the ultimate marshmallow test.” ([44:20–44:58])

12. Sports & Hacker Stereotypes

• Hacker Mythbusting:

  • Today’s hackers are highly motivated by money and status—more likely to flaunt on Instagram with a Maserati than hide in their basement ([50:56–51:22]).
  • Capture the Flag (CTF) and competitive hacking teams now exist at both high school and college levels ([52:13–52:46]).

• Alex’s Unlikely Career Transition:

  • Now works at Corridor (founded by his former star students), a company focused on making AI-generated code safe ([52:46–53:52]).

Notable Quotes & Moments

On How Easy It Is To Get Personal Info:

• Alex Stamos: “Extremely easy, unfortunately.” ([13:58])

On Whether the NSA Reads Everything:

• Daniel Tosh: “That’s a hard yes.” ([28:00])

On Facebook’s Role in 2016 Election:

• Daniel Tosh: “Do you take any responsibility for allowing the Russians to manipulate that election?”
• Alex Stamos: “I do take some responsibility…But I also think there’s this…super reductionist idea…that some ads on Facebook is why Trump won.” ([22:26–25:59])

On AI’s Impact on Truth:

• Alex Stamos: “People call it the liar’s dividend. Real videos... people just say, ‘That’s not me, that’s AI.’” ([31:45])

On Parental Controls:

• Alex Stamos: “Trust but verify. The rule: you have to have the code to your kids’ phones…you have to do spot checks.” ([40:01–41:22])

On the State of U.S. Cyber Defense:

• Alex Stamos: “We’re on our own again. Like, the US Government will not be there to help us. That’s the expectation among people in private industry.” ([30:06])

On Hackers’ Motivation:

• Alex Stamos: “A ton of people who do malicious hacking these days…just financially motivated…They are buying Maseratis, they have designer drug problems…It is not like it used to be.” ([50:56])

Timestamps for Important Segments

• NSA’s Collection (27:54–29:04)
• US-China/Russia Cyber War (17:27–19:31)
• Hacking, Ransomware & Insurance (20:02–20:41)
• 2016 Election Interference (22:21–25:59)
• AI’s Liar’s Dividend (31:41–32:01)
• Password Manager Advice (36:19–37:48)
• Parenting and Tech Boundaries (40:01–43:55)
• Hacker Stereotypes and Today’s Reality (50:56–51:22)
• Competitive Hacking as a Sport (52:13–52:46)
• Alex’s Work at Corridor (52:46–53:52)

Tone & Style

• Tosh: Unfiltered, irreverent, self-deprecating, never missing a chance for a joke at his own or others’ expense.
• Stamos: Good-humored, clear, direct, with a reassuring honesty about what’s actually true and worrisome.

Memorable Moments

• Daniel on Parenting:
  • “Maybe we become best friends. Does the NSA read everything I send to everyone?” ([01:15])
• Alex on Competency & Conspiracies:
  • “Whenever I get into a corporate boardroom or… government folks…You’re always like, oh man. These are just like normal people who don’t know what they’re doing.” ([30:14])
• Daniel on Risk:
  • “If I own none...Don’t kidnap me. And no one’s going to pay either.” ([35:01])
• Alex, on Gifted RFID Wallet:
  • “Yeah, it’s a wallet that protects your credit cards from being scanned.” ([45:23])
• Stamos on Hacker Image:
  • “You can letter in hacking. Colleges have teams...It’s so much better than it used to be.” ([52:13–52:46])
• Daniel, on Parenting with Bribery:
  • “How about this: You get no phone, you do everything that I say...then...I’ll give you a bunch of money when you’re 22.” ([44:20])

Summary in a Nutshell

This episode blends Daniel Tosh’s comedic irreverence with Alex Stamos’s expert perspective to shed light on the true state of cybersecurity, privacy, and digital parenting in the 2020s. From the real threats of digital espionage and ransomware, to the best (and worst) ways to protect yourself online, the duo traverse both the humorous and the harrowing, offering accessible advice and clear-eyed context. Stamos’s key advice: use a password manager, don’t trust conspiracy theories, assume nothing online is private, and keep a constant, honest dialogue with your kids about digital risks.

For anyone who worries about getting hacked, wonders what really happened in 2016, or just wants to survive digital life today—this episode is a must-listen.