Are You Caught in Facebook's Web of Scam Advertisements?
Ho Ho Holiday Scams. This week on the show, Rosie tells you how to keep scammers and thieves from ripping you off this holiday season. Meanwhile, Broadway Actor Roger Wayne returns to read excerpts from BJ's first book on Privacy, called "Privacy: And How We Get It Back."
Well Hello There ...
Hey! Twice in one week.
I must like talking to you all.
This Tuesday's episode was a beast. It took me two days to transcribe and put everything together for you. This one was way simpler.
If you want to stay safe from hackers, weirdos, fascists and thieves this holiday season, we got you covered today.
If you missed our Thanksgiving episode, make sure you check it out here.
I'm going to keep today's note short if you don't mind. I'm about half-way through the manuscript for How to Protect Yourself From Fascists and Weirdos. My goal is to get it done by the end of the month.
I'm currently a month behind schedule, so don't hold it against me if these intro notes are a little short in December.
There was way more writing involved in re-tooling some of these earlier episodes than I expected. So now I'm playing catch-up.
Ok. I'll shut up now. Enjoy the two episodes this week.
-BJ Mendelson
Show Notes
Stupid Sexy Privacy Show Notes For Season 1, Episode 14
Episode Title: Are You Caught in Facebook's Web of Scam Advertisements?
Guest: No guests this week, but make sure you read this article from Reuters about Facebook making billions from scam advertisements every year.
Episode Summary: Ho Ho Holiday Scams. This week on the show, Rosie tells you how to keep scammers and thieves from ripping you off this holiday season. Meanwhile, Broadway Actor Roger Wayne returns to read excerpts from BJ's first book on Privacy, called "Privacy: And How We Get It Back."
Key Points From This Week's Privacy Tip
-If you see a discount advertised on Facebook owned platforms, you should go and check out the actual product or manufacturer’s website, to confirm that the discount is real. The Golden Rule of the Internet is "Don't be a dick." The Silver Rule of the Internet is, "If it's too good to be true, it is, and you shouldn't click or tap on it."
-Like we keep saying elsewhere, use cash whenever possible. If you MUST make a purchase online, use a condom for your credit or debit card like Privacy.com
-And finally, if a member of your family is calling you over the holidays, or any time of year, and they’re asking you for money, ask them for the family password. This is a word you and your family should memorize, or at the very least, keep offline in your privacy notebook. We did tell you to buy that privacy notebook for a reason, you know?
Relevant Highlights From Our Old Book On Privacy
-When it comes to big data breaches, it's easy to blame hackers, but more often than not, when you look closely, you'll find the story eventually updates to blame an upset ex-employee. Yet another reason why everyone should support unions and making sure people are compensated fairly and equitably for the work that they do at large corporations. We're willing to bet what it would cost to pay and treat employees well far out weighs the reputational damage that comes from a big ass data breach.
Resources (No Affiliate Links. We use this stuff too.)
Our Sponsor: DuckDuckGo <--Our Recommended Browser and VPN
Get Your Privacy Notebook: Get your Leuchtturm1917 notebook here.
-BitWarden.com (Password Manager: easier to use, costs money)
- KeepPassXC (Password Manager: free, harder to use, but more secure)
-Slnt Privacy Stickers for Phones and Laptops
-BitDefender (best anti-virus for most people across most devices)
-Stop using SMS and WhatsApp, start using Signal.
-Use Element instead of Slack for group coordination
-Use cash whenever possible. If you have to buy something online, try to use Privacy.com to shield your actual credit or debit card when making purchases online.
Get In Touch: You can contact us here
Want the full transcript for this week's episode?
Easy. All you gotta do is sign-up for our free newsletter. If you do, you'll also get a .mp3 and .pdf of our new book, "How to Protect Yourself From Fascists & Weirdos" as soon as it's ready.
Stupid Sexy Privacy Season 1, Episode 15 Full Transcript
DuckDuckGo Commercial
Announcer: Welcome back to the DuckDuckGo Privacy Challenge, where contestants get a chance to learn why millions use DuckDuckGo's free browser to search and browse online. Now for our first contestant, Julie. True or false? Google's Chrome protects your personal information from being tracked.
Julie: Hmm, I'm going to say … true.
Announcer: Incorrect, Julie. If you use Google Search or their Chrome browser, your personal information has probably been exposed. Not just your searches, but things like your email, location, and even financial or medical information.
Julie: Wow, I had no idea.
Announcer: Second question. What browser can you switch to for better privacy protection?
Julie: Is it DuckDuckGo?
Announcer: That's correct. The DuckDuckGo browser keeps your personal information protected. Say goodbye to hackers, scammers, and the data-hungry companies. Download from DuckDuckGo.com or wherever you get your apps.
Stupid Sexy Privacy Introduction
Rosie: Welcome to another edition of Stupid Sexy Privacy.
Andrew: A podcast miniseries sponsored by our friends at DuckDuckGo.
Rosie: I’m your host, Rosie Tran.
You may have seen me on Rosie Tran Presents, which is now available on Amazon Prime.
Andrew: And I’m your co-producer, Andrew VanVoorhis. With us, as always, is Bonzo the Snow Monkey.
Bonzo: Monkey sound!
Rosie: I’m pretty sure that’s not what a Japanese Macaque sounds like.
Andrew: Oh it’s not. Not even close.
Rosie: Let’s hope there aren’t any zooologists listening.
Bonzo: Christmas themed mystery sound!
Rosie: Ok. I’m ALSO pretty sure that’s not what a Snow Monkey sounds like.
*Clear hers throat*
Rosie: Over the course of this miniseries, we’re going to offer you short, actionable tips to protect your data, your privacy, and yourself from fascists and weirdos.
These tips were sourced by our fearless leader — he really hates when we call him that — BJ Mendelson.
Episodes 1 through 31 were written a couple of years ago.
But since a lot of that advice is still relevant, we thought it would be worth sharing again for those who missed it.
Andrew: And if you have heard these episodes before, you should know we’ve gone back and updated a bunch of them.
Even adding some brand new interviews and privacy tips along the way.
Rosie: That’s right. So before we get into today’s episode, make sure you visit StupidSexyPrivacy.com and subscribe to our newsletter.
Andrew: This way you can get updates on the show, and be the first to know when new episodes are released in 2026.
Rosie: And if you sign-up for the newsletter, you’ll also get a free pdf and mp3 copy of BJ and Amanda King’s new book, “How to Protect Yourself From Fascists & Weirdos.” All you have to do is visit StupidSexyPrivacy.com
Andrew: StupidSexyPrivacy.com
Rosie: That’s what I just said. StupidSexyPrivacy.com.
Andrew: I know, but repetition is the key to success. You know what else is?
Rosie: What?
Bonzo: Christmas themed mystery sound!
Rosie: I’m really glad this show isn’t on YouTube, because they’d pull it down like, immediately.
Andrew: I know. Google sucks.
Rosie: And on that note, let’s get to today’s privacy tip!
This Week’s Privacy Tip
Rosie: Well, the holidays are fast approaching. So, this week, we want to flag some stuff you should be lookout for.
First, we’re going to link to a report from Reuters that came out in November 2025.
The article goes on to assert that people who use Instagram, WhatsApp, or Facebook are exposed to 15 billion scam ads a day.
We totally believe that.
So, your friends at Stupid Sexy Privacy want to give you some advice that’s good all year long:
If you see a discount advertised on Facebook owned platforms, you should go and check out the actual product or manufacturer’s website, to confirm that the discount is real.
The same is absolutely true for the top search results you see in Google, which are usually sponsored advertisements.
Long gone are the days where Google put the best search results first, which is why we recommend people use DuckDuckGo.
And while we’re talking about spending your money, remember to absolutely avoid buy now, pay later companies like Affirm, AfterPay, Klarna, and PayPal.
These companies, and others, encourage you to overspend, could damage your credit, and can hit you with late fees. Not to mention, if you have overdraft protection on your bank account, you could also get hit with those fees too … When one of these “buy now pay later” companies pull their next payment.
We know it’s hard, but this is one of the reasons why we recommend using cash whenever possible. Not only does cash protect your anonymity, but once your cash is gone, you can’t spend any more of it.
When your money isn’t separate from your online activities, it can be very easy to spend more than what you have.
So remember what Jean Shepherd said: In God We Trust, all others pay cash.
SFX: *monkey sound*
Next, if you’re going to buy someone a gift card, always see if you can purchase that gift card offline.
Most people and places peddling gift cards online come with restrictions, or could be outright scams.
If you’re lucky enough to still have a local pharmacy, the odds are good they have most of the gift cards you’re looking for.
(But remember: Do not spend any money on Spotify gift cards. There is an ongoing Spotify boycott happening at the time of this recording. One that will end when Spotify stops running recruitment ads for ICE. Apple Music and Tidal make great alternatives to Spotify if you’d like to check them out.)
Next, if you’re going on vacation, don’t post about your vacation while you’re still on it.
Post about it after you’ve returned home. This way, the fascists, weirdos, and thieves aren’t aware that your home is now an easy target. (This is also good advice in general. Post about the cool thing after you’ve arrived home from that cool thing.)
And finally, if a member of your family is calling you over the holidays, or any time of year, and they’re asking you for money, ask them for the family password. This is a word you and your family should memorize, or at the very least, keep offline in your privacy notebook.
This password will help verify that the people calling you are who they say they are.
Plus you can have fun with this password too.
“Sheetrock, for example, is not only an excellent safeword for BDSM role play, it can also be a word you and your family can laugh at and bond over.
Maybe just don’t tell the folks why you picked that specific word. You know what I mean?
These passwords are so important
Especially with AI, it’s very easy to clone someone’s voice now.
Having a family password is a great way to keep you safe from someone trying to rip you off.
Of course, this isn’t a comprehensive list of all the scams out there.
But when in doubt, do your shopping offline, use cash, and if it sounds too good to be true, remember that it is.
If you get a weird call, email, or text, don’t hesitate to call your bank, airline, family member, or anyone else that the weird stuff was supposedly sent on behalf of.
With all that out of the way …
This week, we’re going to share a couple of excerpts from BJ’s first book on Privacy, which was released in 2017 and called Privacy: And How We Get It Back. The audiobook was narrated by broadway actor, Roger Wayne.
There are still parts of the book that we think are worth sharing today. So our co-producer Andrew was kind enough to highlight some of those sections. We’ll let Roger take it from here.
Privacy: And How We Get It Back Excerpts, Part 1
(As read by Roger Wayne.)
Chapter 10: Stealing Your $hi!
Since we looked 100 years into the past to see how this whole privacy issue got started, it's worth taking a peek into the future as well. Not 100 years into the future, mind you, but definitely over the next decade or so. Long after books go extinct and people put on those weird helmets from Demolition Man to ****.
The good news? By looking at the past, we already know how the future is going to play out. But before we get there, we need to take a quick stop to talk about hackers and a couple of other things I had on my checklist for this book to touch on. When the contents of this particular chapter were discussed, I had intended to talk to you about Lulsec and Anonymous, but they're not really things anymore going into 2018. So, I'm just going to acknowledge that whole deal here quickly before moving on. Some could argue that Anonymous was never really a thing at all, but I'm not going to go anywhere near that argument.
That's because what gives groups like that power is the lax attitude many companies exhibit toward data security. Okay, that and the fact that people are still really awful at creating and safeguarding their passwords. And that's one of our biggest issues moving into the future. The incompetence and laziness on the part of companies to secure our data from criminals. Not that we're immune to this incompetence. I'm looking at you, person who used “password” as the password for their Netflix account.
Remember that big Sony Pictures hack that was committed, potentially by a state-backed group of hackers from North Korea? Regardless of who was responsible for the hack, it doesn't matter for our purposes. Sony employees had a file called Passwords and … you can guess what was in it. Spoiler alert: it was passwords. So, whoever was behind the initial data breach was able to do way more damage than anticipated upon discovering that file. Which is kind of amazing when you think about it.
This is the digital equivalent of going to rob a bank and finding that the people in charge of security left the vault open for you. As dangerous as the media wants you to think hackers are, don't forget about those lazy security measures, or that no one wants to spend money updating security software. As sophisticated and inexpensive as hacking tools are getting today, this is the reason hackers can do so much damage in the first place. That's why we need to push for heavy fines. Maybe even jail time in some cases, for companies that don't take protecting your data seriously. I don't want to see anyone go to jail. But if there are zero consequences for a massive data breach like we saw with Yahoo and Equifax, then we're going to continue to see more events like this happening in the future. Funny thing about the Sony hack, Sony had just spent a lot of time and money upgrading their security infrastructure, or so they claimed after the hack anyway. But you figure if the company was that concerned about securing their files, they wouldn't have had an easily accessible folder called “Passwords” just sitting there for someone to find. As another example, it wasn't too long ago that the director of the CIA's personal emails were being published by WikiLeaks. We're going to skip over the whole, what about Hillary's emails thing? How did WikiLeaks get this information from the CIA director?
The person responsible for providing that information to WikiLeaks used good old-fashioned social engineering, calling and pretending to be someone else, in this case, a Verizon employee and the director himself, to get the email password. Again, the hacker didn't do anything sophisticated here. Clever, sure, but this Mr. Robot slash magic evil hacker image we have in the media is bogus. Most hackers I know aren't looking to f*** with you.
But like any profession, there are great people and a**holes to be found among them. It's the a**holes, often the minority of that group, that give everyone else a bad name. It's sort of like how most priests are decent people you can leave your kids around.
This is just another great example of companies being lax and people being careless about protecting their data. With two-factor authentication enabled, the hacker shouldn't have been able to access the CIA director's email account at all. I was also supposed to talk to you about WikiLeaks, but the fact is Julian Assange is very good at getting publicity for himself, and that's about it. He hasn't really done much of anything beyond releasing what other people have given to him. And if not for major media outlets going through the files that were put out by Wikileaks, no one would know what they were putting out into the world. So, forget that guy, is what I'm saying.
I mentioned elsewhere that Tor is an excellent tool you should use to help cover your tracks when you browse the internet. But let it be known that if you're doing something bad, or something you probably shouldn't have done, you will be found. Tor is commonly used to share information with Wikileaks, which has brought it to the attention of many security organizations.
This goes into the whole, “the internet is magic” line of thinking I like to talk about, where we think the stuff we use online is flawless and the companies who provide it to us can do no wrong. Yes, people still believe that. And some of those people might think, if I use Tor, I'm anonymous. Well, yes, but what about all the stuff you do on your computer when you're not using Tor? All it takes is one little slip and your anonymity, what of it actually existed, and any benefit you had from using Tor goes right out the window.
Book Ad From Amanda King
Amanda King: Hello Everyone, this is Amanda King, and I am one of the co-hosts of Stupid Sexy Privacy.
These days, I spend most of my time speaking to businesses and audiences about search engine optimization.
But I do want to take a moment to tell you about a book I co-authored with B.J. Mendelson.
It’s called “How to Protect Yourself From Fascists & Weirdos,” and the title tells you everything you need to know about what’s inside.
Thanks to our friends at DuckDuckGo, BJ and I are releasing this book, for free, in 2026
If you want a DRM free .pdf copy? You can have one.
If you want a DRM free .mp3 of the new audiobook? You can have that too.
All you need to do is visit StupidSexyPrivacy.com and subscribe to our newsletter.
That website again is StupidSexyPrivacy.com, and we’ll send you both the PDF and the MP3, as soon they’re ready.
Now, I gotta get out of here before Bonzo shows up.
He doesn’t think SEO is still a thing. And I don’t have the time to argue with him.
I got a book to finish.
Privacy: And How We Get It Back Excerpts, Part 2
Roger Wayne: That brings me to the last item I was supposed to cover before we get to the thing I'm going to talk to you about. That's the deep web, not to be confused with the dark web, which is not the same thing. You use the deep web all the time. In its most basic sense, it's a term that refers to things not easily found via a search engine. That's all the deep web is. So for example, I'm writing this chapter in a Google doc, which can't be accessed unless I give the link to someone or share the document publicly. This doc lives on the deep web. The dark web, or dark web, is a tiny pocket of the deep web. And you'll be pleased to know that, according to the Tor project, fewer than 3% of people who use Tor, which is required to access the dark web, actually do access the dark web. And only a fraction of those people participate in criminal activities.
Take that, lazy TV show writers!
What happens when my data's stolen? This is the question we're all going to have to face in the future. We've established in this book that your data has immense value. Tech companies and their business partners will stop at nothing, even if it means being creepy, to get as much of it as they can. But like nearly anything that has value, your data is being lusted after by far more than just them. Case in point, a week after I was approached to write this book, I had a letter on my desk from Experian informing me that an unauthorized party had gotten into their servers. As a result, my information, along with numerous other T-Mobile customers, who Experian had run credit checks on behalf of, had been stolen. This includes my date of birth, social security number, name, address, and driver's license information. This isn't the first time I've received a letter like this.
In fact, over the past few years in the United States, if you're a Target or Home Depot customer, or happen to have your insurance provided by one of the many brands of Anthem Incorporated, then you've gotten one of these letters too. And if you're in the United Kingdom, do I have to say anything more than, Talk Talk?
If you're wondering what you can do about any of this, the answer can be found again in the EU's GDPR regulations. These issues involving your data are often the result of lax security practices on the part of the company hosting it. Under GDPR, these companies can be fined for lax data security. We need consequences here in the US too. Otherwise, you get what you see over on Wall Street, where they're back to doing the same stuff now that they were doing to cause the Great Recession.
No consequences, no change.
Businesses are not your friend. The days of my grandfather's store are long gone. Small businesses aside, the large companies that thoroughly dominate our lives are always going to err on the side of saving money instead of spending it. And that should be a crime. And here's a further kick in the ****. Less often occurring, but no less important, is the increasing amount of sophistication on the part of the few **** hackers who access your data. They're going to wisely take advantage of dumb companies.
Truthfully though, I'm less concerned about them than I am about an ex-employee looking for revenge against the company they feel slighted by. Criminals you can, and in this case, should punish, greedy and incompetent corporations included. The only difference is, we have laws on the books to go after criminal hackers. Ryan Collins, who may or may not have been one of the hackers involved with the leaked nude celebrity photos I told you about previously, was sentenced to 18 months in prison for phishing, and attempting other methods to access the photos and other information. One of those methods involved using a program, one that the Apple [software] patch would have stopped, to download all the contents from the iCloud accounts he targeted. Collins went to jail and everyone forgot about Apple's little oopsie, and Reddit benefiting from hosting those photos.
Plus, and this might sound ridiculous because I do take hackers seriously, but you would be surprised by how often the answer to the question of, who hacked company X is, “it was a former employee” instead of the vague and malevolent sounding “hackers” answer. Just ask Morgan Stanley, that company saw thousands of clients data accessed illegally by an ex-employee. I encourage you, the next time you hear about some huge data breach, dig deep into the story over the course of the next month. Then, as you do so, you should take a drink every time you read the line, “Ex-employee suspected.”
If you look real close at most big security breaches, more often than not you'll find that an angry ex-employee or lack of security on the company's part is at fault, not an evil hacker type. Initial reports might say it was a hacker, But if you keep up with a story, you'll often see it change from hacker, to hacker plus bad security, to ex-employee as the true culprit.
DuckDuckGo Live Read #7
Rosie: In a world of notice and consent, the onus on protecting yourself from fascists and weirdos falls on you, and not the greedy tech oligarchs.
The problem is, we don’t all have $110 million dollars, to buy 11 homes, in one of America’s most expensive zip codes.
Just so you can have your privacy.
So, whether it’s buying a brand new Macbook Pro.
Or purchasing a used vehicle, all in cash, that was built before 2015.
This stuff can get real expensive. Real fast.
And when most Americans live paycheck to paycheck, this situation can be disheartening.
That’s why we partnered with DuckDuckGo.
Their browser is free.
Their search engine is free.
You can privately access select AI Chat Models for free.
And you can get an @ Duck email alias for free as well.
All without putting money into the pockets of companies like Google.
A company that stalks you, suppresses information around the world, and has been illegally using its dominant position in search to crush competitors and squash innovation.
You don’t have to be part of Google’s ecosystem.
You can use DuckDuckGo instead.
And if you do have a little extra money, you can support what they do by getting the DuckDuckGo Subscription.
This gets you access to a solid VPN, data removal services, private access to advanced AI chat models, and identity theft protection. All for about $10 a month, or $100 for the year.
That’s less than the cost of virtually every streaming service these days. Especially because those services now routinely raise their prices every six months.
Congratulations everyone, we re-invented cable.
You can sign up for the DuckDuckGo subscription via the Settings menu in the DuckDuckGo browser, available on iOS, Android, Mac, and Windows, or via the DuckDuckGo subscription website: duckduckgo.com slash subscriptions.
The DuckDuckGo subscription is currently available to residents of the U.S., U.K., E.U., and Canada. Feature availability will vary by region. But your piece of mind will not. Because supporting companies like DuckDuckGo is one of the key ways we can defeat the fascists and weirdos.
Don’t support companies that support the fascists and weirdos.
Support DuckDuckGo instead.
Stupid Sexy Privacy Outro
Rosie: This episode of Stupid Sexy Privacy was recorded in Hollywood, California.
It was written by BJ Mendelson, produced by Andrew VanVoorhis, and hosted by me, Rosie Tran.
And of course, our program is sponsored by our friends at DuckDuckGo.
If you enjoy the show, I hope you’ll take a moment to leave us a review on Spotify, Apple Podcasts, or wherever you may be listening.
This won’t take more than two minutes of your time, and leaving us a review will help other people find us.
We have a crazy goal of helping five percent of Americans get 1% better at protecting themselves from Fascists and Weirdos.
Your reviews can help us reach that goal, since leaving one makes our show easier to find.
So, please take a moment to leave us a review, and I’ll see you right back here next Thursday at midnight.
After you watch Rosie Tran Presents on Amazon Prime, right?
