New Loose Leaf Security episode: digital photos and privacy

Making sure your digital photos aren't leaking your location or other information is one of the most important technology-related privacy issues influencing your physical safety, so make sure to catch the latest episode of Loose Leaf Security:

A hand holding a digital camera over a table set for a tea party: two teacups, jam, clotted cream, scones, deviled eggs, and a tart; the screen on the camera also shows the tea party spread

Digital photos and privacy

Digital photos contain more than meets the eye: they have metadata and other hidden information that can compromise your privacy. Liz and Geoffrey take a look at Exif metadata and other non-obvious ways that photos from your phone or camera might be sharing more than they want. Also, the new iOS 12 has some neat security features, and Yahoo! Mail has some not-so-neat privacy concerns.

Also, iOS 12 is out now, so if you have an iPhone or iPad, make sure to update! And if you prefer to get your podcasts on Spotify, you can now find Loose Leaf Security on Spotify, too!

New Loose Leaf Security episode: security stories! Plus, a 2FA zine!

The previous Loose Leaf Security series on safely surfing the web was pretty dense, so Geoffrey and I filled the latest episode of Loose Leaf Security with a bunch of our own personal security mishaps:

A striped kitten walking on a laptop keyboard, the laptop has tape over the webcam and Loose Leaf Security's homepage on the screen

Security stories: lost phones, a compromised computer, and an unexpected keyboard cat

As a change of pace, Liz and Geoffrey take a look back at security incidents in their own lives and talk about lessons they've learned - why phone backups are important, an unintentional security hole, and a security key gone rogue. In security news, the GDPR results in mildly positive changes for web tracking, and Fortnite's installer has exactly the vulnerability we were afraid of.

We're also heading to XOXO tomorrow and made a zine on two-factor authentication to hand out:

Loose Leaf Security presents two-factor authentication, a zine making good computer security for everyone by Liz Denys & Geoffrey Thomas License and page 1 pages 2 and 3 pages 4 and 5 pages 6 and 7 pages 8 and 9

It's licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, so you can copy and redistribute this zine in any medium or format. Feel free to download our zine for printing (8.5"x11", double-sided on the short edge and folded down the middle) or get the copy that's easy to view online or on your computer!

New Loose Leaf Security series: safely surfing the web

Three more episodes of Loose Leaf Security are out, a series about safely browsing the web:

Loose Leaf Security teapot on the horizon similar to the Netscape logo

The history of the Web and an introduction to browser security

The web can be a scary place - but once you get to know it a little better, it doesn't feel as scary. Liz and Geoffrey go back to 1990 to figure out how the web came to be what it is today and discuss how browsers keep us safe. Also, two very good improvements to HTTPS in today's version of Chrome, and the future of Android security just got a whole lot more complicated.

Tea kettle plugged into a wall outlet and a plate of frosted leaf cookies

Web security continued: cookies, plugins, and extensions

Continuing our exploration of web browser security from last episode, Liz and Geoffrey look into cookies, JavaScript, extensions, and plugins and discuss how best to mitigate their privacy and security risks while browsing the web. Plus, a serious Reddit breach provides a timely reminder to toughen your two-factor.

A red teacup with a man-in-the-middle design on it intercepts tea pouring from a teapot into a teacup placed on the table

Keeping your web browsing private

In the third and last episode in the series on web security, Liz and Geoffrey look at HTTPS and how it keeps your web browsing both private and secure, and they also investigate private browsing or incognito mode and what exactly that mode does for your privacy. Plus, a new version of the protocol behind HTTPS and the latest Android release are cause for celebration, while Facebook and Google's approaches to data privacy are cause for concern.

Head over to Loose Leaf Security or click the links above for the full audio and our detailed show notes. As always, you can subscribe to Loose Leaf Security in your favorite podcatcher or follow the project on Twitter, Instagram, and Facebook.

Cocoa brownies

Cocoa brownies are pretty magical, i.e. particularly good at staying soft and gooey, and Alice Medrich's ingredient list is nearly flawless. (Okay, okay, I can never truly stick to a recipe as written. Here, I prefer a little more vanilla extract and like to put a pinch of flaky sea salt on top just before baking for bursts of salty goodness.) But I find the listed prep a little too intensive to do as regularly as I like to make brownies - who really wants to deal with a double boiler to melt the butter along with the cocoa, sugar, and salt? Isn't a large part of the appeal of using cocoa that you don't have to fuss as much with heating ingredients because you're not worried about burning chocolate?

A double batch of cocoa brownies in a 13x9-inch pan sitting on a stovetop

I simplified the prep and didn't notice a difference in the final product. (Okay, I admit I didn't do a double blind brownie tasting study, but I'd like to think I have a fairly discriminating palate when it comes to brownies.) Sometimes I use weight measurements, but since brownies are forgiving, I usually default to using volume measurements. Sometimes I use unsalted butter like Medrich's original recipe calls for, but more often, I don't have it on hand and use the salted butter I have and skip the salt in the batter. You could add 2/3 cup of chopped nuts after stirring in the flour if you want, but since one of my closest friends is allergic and he's often over to help consume my baked goods, I haven't done this yet.

Alice Medrich's cocoa brownies, simplified


  • 10 tablespoons (140 grams) unsalted or salted butter
  • 1 1/4 cups (250 grams) white granulated sugar
  • 3/4 cups + 2 tablespoons (80 grams) unsweetened cocoa powder (natural cocoa powder makes fudgier brownies than Dutch-process - honestly, I usually use Nestle Toll House Baking Cocoa)
  • 1/4 teaspoon Kosher salt if using unsalted butter
  • 1 teaspoon vanilla extract
  • 2 large eggs
  • 1/2 cup (65 grams) bread or all-purpose flour (you don't really need to sift it or use weight measurements with something as forgiving as brownies, but don't pack it tightly)
  • A pinch or two of flaky sea salt (I use Maldon) to top


  1. Preheat the oven to 325 degrees F and place a rack in the middle of the oven.
  2. Butter an 8-inch square baking pan (or just spray it with cooking oil). If you're doubling the recipe, use a 13x9-inch pan.
  3. Melt the butter. (I usually do this in a microwave on medium power.) Pour it into a large mixing bowl. (You may be tempted to melt the butter in your mixing bowl if it's microwave safe. Resist this temptation because you don't want the eggs to cook because the bowl is hot when you add them a couple steps later.)
  4. Stir in the sugar with a spatula.
  5. Stir in the cocoa powder and salt.
  6. Stir in the vanilla extract.
  7. Crack the eggs into the bowl, break their yolks with the spatula, and stir them into the batter.
  8. Stir in the flour until combined. The mixture might be a bit gritty, but this is normal.
  9. Spread mixture into the pan - you will probably need to smush it down with the spatula.
  10. Sprinkle the top with flaky sea salt.
  11. Bake until a toothpick comes out only slightly moist, about 20 to 25 minutes. (If you are using convection, it will likely be more like 18 to 20 minutes.)
  12. Let cool, cut, and enjoy!

Yields about 16 very rich and delightful brownies. Total preparation time is about 35 minutes.

New Loose Leaf Security series: all about phone security

Two more episodes of Loose Leaf Security are out, a series about phone security:

A locked phone by a teacup

Securing your phone

We take our phones everywhere and trust them with a lot of sensitive information, but have we put enough thought into how to secure them? Liz and Geoffrey discuss different aspects of securing the smartphone you have, including passcodes, location services, notifications, and digital voice assistants. Plus, a question from a caller and a major Supreme Court decision!

A two-tiered cake stand: the top tier has Android and Apple logo frosted cookies, the bottom tier has various tea sandwiches

Comparing Android and iOS security

Considering buying a new phone? Liz and Geoffrey compare the different security models of Android and iOS, the two most popular smartphone options on the market. We also talk about California's new privacy law, a number of recent attacks on cell phones, and how Tinder swiped left on bad crypto.

Head over to Loose Leaf Security or click the links above for the full audio and our detailed show notes. As a reminder, you can subscribe to Loose Leaf Security in your favorite podcatcher or follow the project on Twitter, Instagram, and Facebook.