2022 In Review

Each year, I like to take a look back at what I've accomplished in hopes of building momentum, finding new collaborators, and hitting the ground running as the new year begins.

VPNs

I presented my VPN research at ShmooCon, and my work was cited in NBC, Washington Post, Mashable, Tom’s Guide, ReadMe_, —and in a letter by Rep. Eshoo and Senator Wyden urging the FTC to address deceptive practices by VPN providers.

Harassment & stalking response/prevention

I expanded my reporting on stalkerware to include information on searching and scanning for physical trackers, and we included images of all of them for people doing physical searches of devices traveling with them without their knowledge or consent. I was quoted in a study titled Expanding the Analytical Boundaries of Mob Censorship: How Technology and Infrastructure Enable Novel Threats to Journalists and Strategies for Mitigation, written by Jennifer Henrichsen and Martin Shelton and published in Digital Journalism.

Data brokers

The Big Ass Data Broker Opt-Out List was cited in the New York Times, Ars Technica, a PEN America video, and the Deceptive Design episode of the Get off My Backlog podcast. I was also quoted in How Stuff Works, and cited by two news stations.

Human rights

My work was cited in the Office of the United Nations High Commissioner for Human Rights' much-delayed report of human rights concerns in the Xinjiang Uyghur Autonomous Region. The report stated that China may have committed crimes against humanity in the region. My work was also cited in the Xinjiang Police Files: Re-Education Camp Security and Political Paranoia in the Xinjiang Uyghur Autonomous Region, published in ​​The Journal of the European Association for Chinese Studies.

Surveillance

I was thrilled to join forces with EFF’s Matthew Guariglia to test and then speak on the surveillance capabilities of video doorbells, in which we found that once a Ring doorbell’s motion sensor has been triggered, it can record conversation-level audio from up to 25 feet away. (We also presented this at DEF CON’s Crypto + Privacy Village.) Massachusetts Senator Ed Markey released a letter of concern and inquiry concerning Ring’s audio capabilities, which was partially in response to our story.

Cybersecurity

I cowrote a story on the security of transcription tools with lead author Martin Shelton at Freedom of the Press Foundation, and discussed it with him on FPF’s Twitch stream. The piece was cited in Politico and a UK journo site, and ultimately led to Otter offering MFA for all its plans. I also spoke to the Wall Street Journal on buying refurbished tech and Vox about avoiding online scams. I am always super excited to tell people I served on the board of the CyberMed Summit, the world’s only clinically-oriented healthcare cybersecurity conference. Last but certainly not least, I made it into Zack Whitaker’s illustrious Security News This Week newsletter one (1) time, with a post on risky permissions in printers.

And in 2023...

On Wednesday, January 25th, I'll be participating in a fireside chat on memory safety at Enigma in Santa Clara, California, alongside Amira Dhalla, Alex Gaynor, and Joshua Aas. Then I'll be heading back home to Arizona, where I'll be speaking at CactusCon twice on Saturday the 28th. First, I'll give a talk on the audio capabilities of video doorbells. Then, I'll join forces with David Huerta for our fourth annual roast of poor cybersecurity reporting. At the very end of March, I'll be speaking about Security Planner at CypherCon in Milwaukee, Wisconsin. I hope to see some of you there!