In 8 minutes I cover some basics of web3, it's relationship with technologies like blockchain and cryptocurrency, and recent complaints from famous tech personalities like Elon Musk that it is a "marketing buzzword" or from Jack Dorsey that it is too beholden to venture capital to deliver the decentralization it claims to promise.

You should take 6 minutes to learn about the recently announced Apache Log4j 2 vulnerability (especially if these things are unfamiliar to you) including immediate action items like checking in on your public cloud assets, the role of the MITRE corporation in maintaining the official list of CVEs, the very prosaic urgency of patching for announced vulnerabilities, and the 2017 Equifax data breach as an example of why this patching can be imminently important. Correction: I snuck an extra "s" onto the end of Log4j erroneously on a couple occasions in the video.

I have a great spy v. spy insider threat -type story for you today. Take 7 minutes to learn about the long-unfolding drama at Ubiquiti including their January data breach, demands for a huge ransom of Bitcoin, the now discredited whistleblower revelations in March that fooled cyber security influencer Brian Krebs, and finally the just-unsealed FBI indictment stating the attacker and whistleblower are one and the same. The data privacy conscious will be interested to learn the tiny flaw in this alleged criminal's use of a VPN that led to the unraveling of their plot.

Check out this update on what went wrong enabling the data breach at Robinhood, including details on the social engineering attack targeting their customer support, the background role played by rapid growth mindsets, and how you might say the attack was only barely detected.

Let me convince you that market power (or not) in the social media world is one of the most interesting and intersectional topics out there. I discuss SingYourDialect as harbinger of Twitter crushing Clubhouse, Facebook under siege for its young and old users by Snapchat and Nextdoor respectively, Trump's struggles to get his megaphone back embodied in conservative networks like Parler, GETTR, and TruthSocial, and while the quiet tidal wave of Pikachu pornography makes this business harder to enter than you might think.

In this ~7 minute video, I take last nights steep drop in the price of cryptocurrency, like Bitcoin and Ethereum, as a view to arguing that the journey to mainstream acceptance plays a key role in price movements both up and down. I specifically discuss the role of the new tax laws in the infrastructure bill, what the new provisions are, and why people are a little irked by them.

You should find ~4 minutes to learn about the notable data breach at Robinhood, the company previously famous for its role in the retail trader meme stock dynamics around companies like AMC and GameStop. I cover the role of social engineering, why this breach signals imminent further danger for similar companies and Robinhood users, and highlight a few odd pieces of incomplete information in Robinhood's disclosures.

Check out this brief primer on some social and ethical challenges around facial recognition technology including the problematic frequency of web scraping as a source training data, the role of law enforcement as a major customer, and particular vivid concerns about algorithmic bias in this area of artificial intelligence. I discuss these threads and more in the context of Clearview AI and the recent decision in Australia to demand that company delete the data of Australian citizens it might hold... if they labeled it well and can find it now...

Check out a whirlwind tour of how Ghost PII can help with data loss prevention including access control dashboards, Jupyter notebooks that can do useful work but not decrypt raw data, and how easy it all is to standup in Google's cloud platform.

Take ~4 minutes to learn about Kenya's Huduma Namba biometric and national ID card program, the data privacy concerns that have led the high court to declare it illegal (for the moment), the need for data privacy impact assessments past and future, as well as what you might call a diversity, equity, and inclusion narrative around opposition to the program.

Take a moment to absorb some notable details around the Twitch data breach including the perennial importance of infrastructure configuration, validation of data protection practices like encryption of passwords, unusual political intersectionality a.k.a. why Twitter was mad at random people for being rich this past week, market in e-sports. Also, turn on your two-factor authentication where you can.

I cover some important context on recent crypto currency regulation in China and argue that the news can both be true and also less important than it appears. I touch on topics like the ICO bans of a few years ago, China's current electricity crisis, perennial Chinese anxiety about capital flight, and where crypto mining is heading when it leaves China.

Some notable details around the 225 million GDPR fine levied on WhatsApp including the role played by the Data Protection Commission in Ireland in particular vs. that of other national regulators, the significance of the privacy policy, the nature of own volition investigations, and why this might be the beginning and not the end of heavy-duty data privacy enforcement.

Take < 4 minutes to hear Jack Phillips and I explain how easy it is to stand up Ghost PII on your favorite cloud platform and get started doing analytics via encrypted-data-in-use.

They say there is no such thing as bad press, and if it was not true before it will be soon. Much ink has been spilled on recent loss of trust of institutions, particularly among millennials, and the role this situation has played in the rise of cryptocurrency. The interesting marketing layer on all this is that the communications of these same institutions invariably function as viral advertisement for cryptocurrency - some view institutions like the IMF or the Federal Reserve, which have explicit mandates to comment on monetary matters, as nefarious (and many more are willing to flirt with such judgments) so their statements on possible dangers are received as positive. If the villains fear it, of course the heroes should embrace it. Right?

If you are looking for some examples, you might examine the social media response to IMF comment on the adoption of Bitcoin as legal tender in Honduras or the comments of Federal Reserve leaders on the stablecoin market. (As someone who is not entirely hostile to crypto, please take me seriously when I endorse the Fed's stablecoin concerns as substantive and in the consumer interest.) On social media platforms like Twitter, especially among users who do not participate in similar organizations, these comments are approximately the Illuminati defending its shadowy mechanisms for exercising power and thus a quite direct advertisement for adopting the cryptocurrencies in question.

I ran into a meme that got me thinking about this which I have enclosed below. Is it really telling you not to buy Monero? The banking system and state apparatus, especially stated this way, are not terribly popular institutions right at this moment...

To a significant degree, the core of many internet products like social media is not access to information, but rather curation of information. All the information is out there somewhere if you want it, but no one has the time to dig it all up or even a good way to know its there to be uncovered.

Along these lines, I perceive some travails of Gettr to be the fruit of deep contradictions in its mission. I understand concerns about the power produced by content moderation + market power, yet it is inevitably that a truly open and unmoderated app will be full of Sonic the Hedgehog porn because that is the full unvarnished reality of what lurks behind the curation that services like Twitter and Facebook provide.

Unless you read the news really carefully you might not know how often data breaches involve a vendor. The headline is "Famous Big Company Breached" but the reality is that one of their smaller, less-famous vendors actually lost data the larger company took from consumers and gave to them. There are a number of interesting and important things to point out about this phenomenon, including...

• The vendor typically lacks the cybersecurity resources and standards of the larger company, and even...

• The vendor often did something especially dumb like leave the data on the internet with no password, yet...

• The larger company often still bears explicit legal responsibility for the data loss, and...

• The larger company might take the brunt of the PR hit solely for being more visible.

My previous go-to example was Quest Diagnostic in the summer of 2019. They shared data with a collections agency called AMCA which then lost it. Even though the role of AMCA was disclosed, the headlines focused solely on Quest as the more recognizable company and the originator of the data. Quest was of course also still liable under HIPAA.

The examples have kept coming and will keep coming. Just in the past week, Volkswagen announced the loss 3.3 million consumer records. As in the case of Quest, the actual loss occurred at a vendor, in this case a company that had been providing sales and marketing services. As in the case of Quest, it is still Volkswagen that is in the headlines.

Private computation techniques like homomorphic encryption, or federated learning where machine learning and AI applications are important, can help solve these problems. Often data is shared with vendors for circumscribed purposes, and private computation is a way to ensure that data remains encrypted except where a human needs a plaintext insight to directly extract business value.

If you get around in the world of artificial intelligence professionals you have run into anxiety about where it might all take us. Are we presently creating our future A.I. overlords? If so, how do the choices of the moment determine the details of that future? LinkedIn is a great place to observe some ways we are already there. In particular, many LinkedIn users are on the site with a view on a new job and much of that process has become robots talking to each other.

When you edit your profile there is now an option to let LinkedIn auto-generate the "About" section. I have read a great many LinkedIn profiles myself, and while I think it is great that we are all similarly so "passionate" it is pretty obvious that lots of people are leveraging this feature. It seems a little silly, but the text of this part of your profile probably makes a difference on the margin when a recruiter is looking for a person with a particular skill or background. Long story short, a natural language processing (NLP) robot is reading your resume, deciding how to represent you to the search algorithm (another, perhaps more primitive robot), and these robots are having an implicit conversation about what recruiters you may end up talking to.

In the next leg of the pipeline, if you resume ends up in a pipeline at one of the large corporations that tend to dominate LinkedIn, then it is probably in the hands of robots again. It has been very common to algorithmically filter resumes to minimize what humans need to read (hopefully in the service of efficiency), and the name of the game for more sophisticated job seekers in some fields is, essentially, about writing in a way that is congenial for robots.

Thus, if LinkedIn is part of your journey to finding a job, you are really interacting quite a bit with a sort of decentralized Skynet Human Resources. An algorithm reads your history and puts forth some text on who you are, another algorithm reads it and vets which human beings need to learn about you. If you end up applying, you will go through another layer of robot vetting at the potential employer. Of course you still need to do the interview, but a lot of your journey there is actually about pleasing robots.

Why are people interested in cryptocurrency? In general, what IS money really? In hopes of starting a conversation, I examine some intersecting possible answers to these questions.

My end punchline, on which I would appreciate other perspectives, is that central bank digital currency (CDBC) is an invention nobody wants because it doesn't outperform fiat in any of the areas that seem to drive interest.

Wouldn't it be great if you could track and control data about you that is held by other people? You can! There are some edgy cryptography tricks that we have competitors for and this one I think we are best in the world