Status Update

Season 1: Bonus

We check in on some of Season One’s stories and see how they’ve evolved. Activist Amanda Werner talks about their turn as the Monopoly Man at the Equifax hearings. Investigative journalist Marcy Wheeler follows the case of hacker Marcus Hutchins, and tries to make sense of why he was arrested. And, drumroll, we finally hear back from a troll we sent cake to last season.
Published: November 15, 2017

Show Notes

Life on the Internet moves fast. Director of Firefox Runtime Selena Deckelmann explains why every millisecond matters. Learn more.

And, keep it clean out there. Check out our data detox kit for more ways to keep your personal info safe.


Veronica Belmont: Hello, internet. It’s me, Veronica Belmont, host of IRL. Remember all the fun we had in season one?

Narrator: Previously on IRL.

Terrance: How are you today?

Veronica Belmont: Hello, Terrance. Aren’t you just the cutest little spy I ever did see?

Participants: Free cookies. Free cookies. You’re welcome. Thank you so much. I say we follow them. Let’s do it. These cyber-weapons are often in the hands of dumb dumbs, who are looking for targets of opportunity. In fact, I’ve put stickers on my desktop screen. You never know if someone’s watching. That sounds really paranoid. It takes energy to type out a thoughtful opinion, and I think that’s why a lot of people are so nasty. It’s easier just to type a two-word insult.

Veronica Belmont: We had a great time, putting that season together, and boy, did you give it a listen. Collectively, you downloaded the show more than one million times. That is absolutely incredible. Thank you for listening. So…yay, we’re working on the second season. While it isn’t quite ready for launch, I wanted to check in with you, and let you know about a few things. For starters, there’s something else launching over at Mozilla HQ right now. It’s Firefox, a brand new, totally retooled browser has just launched. If you’re up for it, it’s ready for you to take it out for a spin. You’ll hear more about it a little later. But before we get to that, we thought since Firefox is getting an update, why can’t IRL get an update, as well? After all, some of the stories in our first season have really evolved since they were first published. All right. Let’s get to it, then. This is IRL. Online life is real life. An original podcast from Mozilla.

Participant: Looks like a baby. Awful.

Veronica Belmont: You’d like it to say, “Looks like a baby. Awful.”

Participant: Yes. Thank you.

Veronica Belmont: That is going to look really beautiful on a cake. We featured the Troll Cakes Bakery and Detective Agency in our 4th episode. How it works is pretty simple. If someone’s trolled you, and you want to get back at them, you send them a cake with the troll’s own words printed on it in edible letters. Kat Theck is the baker and detective. This is her, talking about the effort she puts into baking them.

Kat Thek: I want it to be the best cake you’ve ever gotten in the mail because if you get a lousy cake in the mail, you get something that has salt, instead of sugar, it feels like we’re playing dirty there. If you get a really nice cake, there’s something obnoxiously high-road about it.

Veronica Belmont: The cake we featured in the episode went to a lady troll. It said, “Looks like a baby. Awful.” We tried to reach the troll for a reaction, and we never heard from her, but we actually sent two troll cakes that day. A second back-up troll cake went to Tianzong Jiang. He’s in San Jose.

Tianzong Jiang: I was abroad, and I arrived back home one week after the package arrived. I open it, and discover it was a troll cake.

Veronica Belmont: Tell me about that unboxing.

Tianzong Jiang: It was kind of bizarre, so I was like, “Okay. This package is kind of weird. Where does it come from? Who sent it to me?” I look at the words on the cake, and I was like, “Yeah, I remember this.”

Veronica Belmont: Do you remember what the cake said?

Tianzong Jiang: The cake says, “You’re too obsessed with the way you look.” I’m curious why was that post selected because it’s just really, really random.

Veronica Belmont: You don’t think that saying, “You are too obsessed with the way you look,” would be hurtful to the person receiving it?

Tianzong Jiang: I was just being funny and joking. That’s all. I didn’t mean to hurt anybody with a quote, but I’m … You have to understand, it’s the internet. It basically you’re standing in front of a huge crowd of millions, where everyone can tell you what they think.

Veronica Belmont: Obviously, she didn’t think it was a joke because she found it hurtful.

Tianzong Jiang: Yes.

Veronica Belmont: Enough that she sent you a troll cake.

Tianzong Jiang: Yes. You think that the person, the Instagrammer, sent me the troll cake?

Veronica Belmont: Mm-hmm (affirmative).

Tianzong Jiang: Wait a second. I was … So I was a troll, I guess?

Veronica Belmont: How does that make you feel?

Tianzong Jiang: I don’t feel anything. I don’t feel like I was a troll. I like that quote. She is. I guess the whole thing, it felt funny more than anything now. She blocked me. I got my punishment, but I’m still very curious how she’s feeling. I wrote her, I think, but she didn’t respond. Yeah.

Veronica Belmont: Have you ever been trolled?

Tianzong Jiang: In this way, no. I came from a different culture, so it took me some time to understand exactly what “troll” is, really.

Veronica Belmont: Why do you think people troll?

Tianzong Jiang: It’s a release. It’s funny. People are bored. You know? Just express all your dissatisfaction that you encounter in life, and … yeah.

Veronica Belmont: Since you were blocked by the Instagrammer, is there anything that you would want to say to her now, after the fact?

Tianzong Jiang: I would tell her that I really like her content and videos. That’s all. That’s it. I’m not a creeper online, who talk mean things to her. I want to apologize, I guess, but I still wish that I could see her stuff because they can serve as inspirations to me. I was surprised when I received the cake.

Veronica Belmont: In the end, did you actually eat the cake, or had it been sitting around too long, waiting for you to open it?

Tianzong Jiang: I wanted to preserve it. I took some pictures and put it in the fridge, but I think the family tossed it out, eventually.

Veronica Belmont: Way to ruin a perfectly good cake, Tianzong. I’m hoping that you kind of, sort of, maybe learned something about online civility.

Steven Rambam: Your tastes in booze are the same as mine: red wine and bourbon.

Veronica Belmont: That’s exactly right.

Steven Rambam: Well, of course it’s right. I’m a detective. It took me about four seconds to get your social security number.

Veronica Belmont: Oh, geez.

Steven Rambam: Which starts (BEEP). You can bleep that. I have your brother’s identity; I have your husband’s identity. I have everywhere you’ve ever lived. I have where you’re living right now.

Veronica Belmont: That’s Detective Steven Rambam from our Data Broker episode, showing me just how easy it is for a guy like him to dig up data about a host like me. What we couldn’t know then is that, at the same time, a huge data theft was taking place at one of America’s major credit-reporting companies. It wasn’t until September, though, that Equifax told us it had been breached over the summer. That online thieves stole the personal data of at least 143 million Americans. That’s more than half of the country’s total adult population.

Senator Warren: A company like Equifax that has sensitive, personal information on most Americans should have the best data security in the industry. Instead, it has the worst.

Veronica Belmont: That’s US Senator, Elizabeth Warren. She is laying into former Equifax CEO, Richard Smith, at a public hearing in October. Even as these politicians took turns giving the CEO a piece of America’s mind, the real hero that day was actually sitting quietly behind him, in the public gallery.

Amanda Werner: Hi. My name is Amanda Werner. You might know me better as the monopoly man who trolled the Equifax CEO at his hearing in October.

Veronica Belmont: That’s right, Mr. Monopoly, or good old rich Uncle Pennybags, the cartoon figure from one of our most beloved and reviled childhood board games, showed up that day to protest the company who had taken our data for granted.

Amanda Werner: Basically, I was in a black tuxedo, white dress shirt, had a bright red bow tie, and was wearing a white, handlebar mustache with a top hat and a monocle.

Veronica Belmont: I heard something about you wiping your forehead with a hundred dollar bill. That’s really baller.

Amanda Werner: Yeah, I had some oversized, novelty hundred dollar bills with me, and used them both as a pocket square and as a handkerchief, as needed.

Veronica Belmont: Some people are calling it cosplay, not cosplay, dressing like knights and the stuff that I do at Dragon Con, but cause-play. What caused you to get into character for this Equifax hearing?

Amanda Werner: I dressed up as the Monopoly man to call attention to Equifax and Wells Fargo’s use of forced arbitration as a get out of jail free card. Basically, what that means, is they bury these fine-print, ripoff clauses deep in their contract, so that if consumers have a dispute with them, we can’t join together in court, like we normally would. We have to instead, go through this secret arbitration system where they decide, the firm who chooses the outcome of the case, what rules apply. It’s really a system that’s stacked against us.

Veronica Belmont: On top of having all of our identities exposed, there is this added insult to injury?

Amanda Werner: Exactly, where we just can’t do anything to actually get the money back, or to get compensated for the data breach.

Veronica Belmont: Equifax has since removed that clause from their terms and conditions though, right? How common is this practice?

Amanda Werner: That what was really interesting to us about the reaction to Equifax. Obviously, after the data breach, Equifax started pushing people toward this website, where they had an identity protection product that they were trying to sell us. That’s when people noticed that they were using … that folks had been working on this for a long time. What was interesting to us is that these clauses are everywhere. It is not just Equifax.

Veronica Belmont: What was the CEO saying, while you were standing there, holding on to your monocle in the peanut gallery?

Amanda Werner: He ended up blaming the data breach essentially on one employee, which I think is just really appalling. Not only that he’s not taking leadership, as being the CEO of Equifax, but also just trying to say that they’re entire security apparatus relies on one person. I mean, clearly there are bigger problems there.

Veronica Belmont: We did an entire episode on data brokers, and how vulnerable and also profitable our online data is to companies like Equifax. How much do you think this breach has made people more aware of these practices?

Amanda Werner: I think it’s really raised public awareness in an important way. I mean, obviously, our system of data in this country is very outdated. I’m glad that people are more aware of this, and hopefully, watching their data more closely. Unfortunately, because this isn’t a system that we actually get to choose ourselves, I think we do need some serious congressional action here to change the way that we are protecting our identities, moving forward, especially now that the majority of the country has had their data exposed in a way that’s going to leave them vulnerable for the rest of their lives.

Veronica Belmont: Amanda Werner is a consumer rights advocate, activist, and sometimes board game character. In November, Equifax told shareholders the company is facing over 240 class-action lawsuits because of the data breach. It’s also being investigated by more than 60 state, US federal agencies, and governments from both Canada and the UK. The company says costs related to the breach add up to just under 90-million dollars. It doesn’t know how much the class-actions will cost them. If you’re worried about how the Equifax data breach could affect you, check out the Show Notes to this episode for tips on what you can do to protect your info and freeze your credit rating.…So from the hero with the get out of jail free card we turn to a story of a hero trying to stay out of jail. He said he accidentally found a way to stop a devastating malware attack from spreading and after British hacker Marcus Hutchins blocked the WannaCry virus he became an international legend. I spoke to Marcus in our episode about security and hacking.

Marcus Hutchins: I’d feel pretty terrible if I saw something that big going on, and then didn’t stop it. I’m not going to be some sort of a security batman, who’s going around fighting botnets, but if there is an opportunity to stop it, I will do it.

Veronica Belmont: A few weeks after that interview, Marcus was in Las Vegas, attending Def Con, the annual hacking conference. As the conference ended, FBI agents arrested him and whisked him away. They allege he played a role in creating a malware virus called Kronos. He’s out on bail, but he can’t leave the US while he awaits his trial. Many in the security community wonder how Marcus could be accused of committing this crime. Marcy Wheeler has a theory. She is an independent investigative journalist, and she’s been watching Marcus’s trial closely.

Marcy Wheeler: Yeah, they indicted him in July, on July 11, and arrested him almost a month later. They were ready, and the most remarkable part of it is that they waited until after he spent a week in Las Vegas, enjoying the hacking conference, and nabbed him on the way out. I think, because they had done it at the beginning, the entire conference would have shut down and focused on why they had arrested him.

Veronica Belmont: That’s a really good point that I hadn’t thought about at the time. That makes a lot of scary sense, actually, that if you get the entire hacker community riled up about something too, might not be the best idea.

Marcy Wheeler: Exactly. I mean, look, the laws surrounding these issues are so nebulous, and so easy for many people who work in information security to fall in the wrong side of the law. It’s really an important case for all of them because if experimenting with code becomes criminalized in the way that the FBI may be trying to do with Marcus, then a lot more information security people who don’t work for big firms, are going to be in trouble.

Veronica Belmont: What exactly did they pick him up on? Can you tell us more about Kronos?

Marcy Wheeler: Kronos is a … it steals credentials. People who are trying to break into your online banking account will use it to steal your credentials, and steal your money. It is a number of years old. It follows on an earlier version, which was far more widely used in the criminal community. They are accusing Marcus of committing a crime for writing code that somebody else criminalized.

Veronica Belmont: Why now are they going after him?

Marcy Wheeler: It could be that they think he has information about wanna cry, or shadow brokers, the underlying release of the files, that they believe he won’t turn over unless they threaten him with this criminal prosecution.

Veronica Belmont: Isn’t this the FBI’s job to do this kind of work, to leverage these opportunities?

Marcy Wheeler: Well, that’s a really good question. I mean, we’ll see what happens when it becomes public, whether he really did write this malware. Certainly, his defense argues that he didn’t, and didn’t have any tie to the criminal side of it, but if in fact, it proves out that this was a stupid minor case, and that they tried to coerce him and never got any information, then I think it really will focus attention on this issue in a way that it often doesn’t when the person who’s being coerced is a Latino guy, who lives in the hood. Or a Muslim kid who walked into a terrorist chat room once. But it is a practice that goes on over and over again, and I think there needs to be a discussion about when it is appropriate for the FBI to coerce people to get information, and when it’s not. If in this case, they use a criminal charge that they would never have otherwise charged … because there are no American victims. Then, I think it becomes more problematic.

Veronica Belmont: Marcie Wheeler is an independent investigative journalist. Our last episode of the season tackled a tough subject. What limits, if any, should be placed on free expression on the web? The conversation was sparked by the deadly protests in Charlottesville, Virginia and the fallout that came next online. On the show, Brandi Collins, Jillian York, and Anil Dash explored how far an internet company should go in policing speech online, and hate speech in particular. Many of you had many things to say about that conversation. Graeme Bunton wrote in. He’s a Director of Policy at Tucows. Tucows provides services like domain names, for example. I chatted with him while he was at work, so it’s a little noisy in the background.

Graeme Bunton: I wasn’t going to share this, but I suppose I can because I don’t think it’s a secret. Charlottesville, Virginia is home to a Tucows office. We’ve got probably around 30 employees there, and so the violence in Charlottesville this summer was not abstract for many of our employees. It was in their hometown. It was deep. It was personal. We certainly had pretty intense conversations about our responsibilities around what people are doing with the domain names on our platform. Ultimately, the place that we got to was that we can’t look at domains in isolation. We need to look at what we do across all of our domains on our platform. We have a considerable percentage of the internet now, some … probably something around double digits percentage of the internet runs on our platform, or the domains are on our platform. That responsibility is quite serious.

Veronica Belmont: Do you ever worry that if you start banning sites like Daily Stormer that there are consequences beyond those choices?

Graeme Bunton: Yes, and I think we saw that pretty quickly around the Daily Stormer conflict earlier this summer, which was that as [00:18:00] soon as … Am I allowed to swear?

Veronica Belmont: Yes. Yes.

Graeme Bunton: These fuck wits … these alt-right fuck wits figured out that registrars were turning off domain names for the reasons that, say Google or Go Daddy stated. We began to get all sorts of complaints about other domain names on the other side of the political spectrum, using the exact same language. Saying, “Go Daddy is taking down domains for this. Shouldn’t you then take down these sites for Black Lives Matter or …” There were gay rights sites, things like that. For us, it was a very clear example of why we should not be wading into that discussion, or exercising the power that we could have. It feels like all the garbage, alt-right hate speech is this weird, awful byproduct of the industry of internet platforms. The speech that they’re coming out with is this weird externality for these platforms, that they’re not, at the moment, responsible for because the regulatory environment hasn’t caught up. Hate speech is pollution.

Veronica Belmont: Graeme Bunton is the Director of Policy at Tucows and an IRL listener. Now for a quick update to our surveillance-themed episode. Australian security researcher, Troy Hunt, talked about how he discovered that a toy called a Cloud Pet could easily be turned into a spying device. This is the kind of stuff that really bugs him so in October, Troy cooked up a tongue in cheek idea to fix these kinds of problems. On his blog, he argues that internet of things device manufacturers should be forced to label their products the way Australian cigarette companies have to. That is, add labels to their packaging, warning consumers about the risks when they use the product. He gives a bunch of examples, but my favorite is his label recommendation for a smart feeder called Pet Net.

Troy Hunt: This is an automatic pet feeder for dogs and cats, so you can remotely feed your pet. The warning I went with, with the Pet Net Smart Feeder was, “We may starve your dog or cat.” Then underneath that, it says, “You acknowledge and agree that the survival of Fido/Fluffy is directly dependent on the reliability of your home internet connection, and the availability of our online services.” If an organization wants to say that, “Look. We’re not responsible, and things could still go wrong,” then make that clear. Then, see how people feel about buying the product. It would inevitably change buying behavior.

Veronica Belmont: Funny thing about Troy’s funny idea, though, a few days after he wrote his post, the Australian government announced they were considering something surprisingly similar. The idea they’re toying with would be to include some kind of graphic on the packaging, like a cyber kangaroo. The logo would tell you how secure a device is or isn’t.

Troy Hunt: That’s going to be an awesome logo too, if anyone ever does that. I’m picturing a kangaroo in a hoodie.

Veronica Belmont: There’s a brand new Firefox, ready for downloading. The Mozilla team behind it is really proud about the work they’ve put into updating the browser, and they believe that what they’ve built makes it best in class.

Mark Mayo: It’s essentially a whole new Firefox.

Veronica Belmont: This is Mark Mayo. He’s the Senior Vice President of Firefox at Mozilla. I chatted with him about the new browser, and how much work went into retooling it.

Mark Mayo: This is biggest leap in speed, and performance, and safety we’ve made in the browser in a decade, but is actually just the beginning. For the super-nerds, it’s the … We had to build a programming language to build the next generation web-rendering engine, which ultimately, then became the component that landed in Firefox. That’s what makes it exciting. We kind of knew if we just ground through the hard work of 500 performance bugs, we could also get a big win. This was basically just hours, and hours, and hours, sitting at a performance profiler, looking for slow spots, finding them, opening a bug, having someone come in and pick that bug up, and burn it down until the problem was gone. Along with big technology bets that, some of them for us, were eight to ten years in the making. The new style system engine that really is the culmination of almost a decade of R&D for us.

Veronica Belmont: For Mozilla, this release is a big deal, but one thing I find really cool and quirky about Firefox is how it’s part of a non-profit company. That’s something Mark talks about, like, a lot.

Mark Mayo: I routinely will have a party conversation or a dinner conversation with somebody, and he’ll say, “Who do you work for? What do you work on?” I’ll say, “Yeah, I work on Firefox.” They’re like, “Oh yeah, Firefox. Firefox. How’s it going for you guys?” It becomes pretty obvious that the default assumption for any consumer is that Firefox must be made by just another big, Silicon Valley software company. I will often say, “Oh, we’re a nonprofit, actually.” It’s so foreign to people that they almost can’t get it at first interaction. It’s the core essence of who we are. It’s our being. We’re here to protect the internet. We are the guardians of the web.

Veronica Belmont: Mark Mayo is the senior VP of Firefox at Mozilla. Listening to these stories, I’m struck by how they’re all about heroes. Take Amanda for starts, she is on a crusade to reform terms of service that protect consumer, and not businesses. Marcus’s story is a cautionary tale of how even an internationally celebrated hero can take a fall. When it comes to deciding who gets to speak and who doesn’t on the web, Graeme over at Tucows made a principled choice to not choose winners and losers. Not an easy decision. Frankly, it takes a bit of courage to send a troll a cake. Being able to laugh it off sometimes, that’s just good therapy. Same for Troy Hunt. His satirical suggestion to add warning labels to IOT devices is so weirdly simple that we might actually see it come to pass. Finally, there’s the Firefox team who have rebuilt their browser, practically from scratch. Whatever browser you prefer to use, you have hand it to anyone who decides to roll up their sleeves, and start over. As for me and the rest of the IRL team, we’re not starting over. We’re going to keep on going. Season 2 launches Monday, January 8. Come back in the new year, and we’ll pick up right from where we left off. I’m Veronica Belmont, and I’ll see you online until January 8, when I’ll see you right back here, IRL. Are you a big Monopoly fan, in general? Are you very good at it? Do you win a lot?

Amanda Warner: You know, I honestly haven’t played since I was a kid, and I’m getting so many Monopoly questions. I wish I knew a lot more about it.

Veronica Belmont: I imagine.