It's Dangerous to Go Alone! Take These Apps With You
What's the least you need to do to protect yourself from fascists and weirdos? These are the must have apps, as explained by our host, Rosie Tran.
We get asked a lot about "minimum viable privacy." Basically, what’s the least you need to do in order to get the most protection? This week on the show, Rosie provides the must-have apps.
However, we want to give you a quick heads-up on a couple of things involving this episode:
- As we cycle through the original episodes of Stupid Sexy Privacy, I think this week’s episode is easily the weakest from the original series. We left it in the rotation because October will feature three—maybe four—brand new episodes. I needed the time to write those up and to get them to Rosie for recording.
- We're also going to revisit this week's episode and last week's episode, beefing them up. What does that mean? When you get your next email from us, I’ll include links to these two episodes, so you can check out the new content.
Don’t worry; Greedo isn’t going to shoot first. But. I am constantly tinkering with things. The six episodes that have aired thus far, we're still tinkering with. The goal being to get ready for the series's return in 2026.
You might even catch an example of that tinkering in this week’s episode if you’re listening closely.
Episode 6 Show Notes
Stupid Sexy Privacy, Episode #6
Episode Title: It's Dangerous to Go Alone! Take these Apps With You
Guest: Coming next week!
Episode Summary:
Key Points:
- This week's episode is super basic. If, for whatever reason, you're concerned about privacy, data security, and anonymity but don't have a lot of time and resources to tackle those problems, what's the least you need to do? This was a question BJ was asked while speaking at George Mason University's Osher Lifelong Learning Institute a while back.
Back in 2017, when BJ gave his answer, and in 2022 when this episode originally ran, we recommended ClamAV, DuckDuckGo, ProtonVPN, and Signal. But in 2025, our answer is definitely different. We now recommend using DuckDuckGo as your browser and VPN, Bitdefender instead of ClamAV, and Signal.
Why the Change?
Our goal is to get 5% of Americans 1% better at protecting themselves from fascists and weirdos. Some of you reading this may know your way around the Terminal app on your Mac and how to use Homebrew. If you do, it doesn't hurt to install ClamAV. The directions are here:
But consistently, I found that most people didn't even know about the Terminal app on their computers. I also discovered that Task Explorer, LuLu, and KnockKnock are easier for most people to use when finding malicious software (Task Explorer, KnockKnock) and preventing other programs from inappropriately connecting to the Internet (LuLu). All three of those programs are free, by the way.
And let's say you haven't switched to a MacBook Pro yet, which is what we recommend. That's okay. We found Bitdefender to be a perfectly fine antivirus program. It'll cost you some money, but for most people in most cases, Bitdefender has you covered, regardless of your device.
So, I stopped recommending ClamAV*. I also found that, given that DuckDuckGo offers a basic VPN within its browser, as part of its subscription plan, this is a simpler solution for most people than telling them to get one more app.
(We're going to talk more about Cognitive Load later, but yes, it's a thing.)
Is ProtonVPN a more robust VPN? Yup! But is it totally overkill for most people? Absolutely.
That brings us to Signal. In 2025, it shocks me that people are still using WhatsApp for encrypted conversations, especially groups coordinating to help protect their friends and neighbors from I.C.E. But it's happening. I've seen it. I've been working to get some local groups out of WhatsApp.
And yes, while there are certainly more sophisticated options out there than Signal, you have to remember what our goal is here at Stupid Sexy Privacy. We're not often providing advice for MAXIMUM PRIVACY!!!!!
We're providing advice for most people, in most cases, to better protect them from fascists and weirdos. Getting them out of Chrome and into DuckDuckGo is a win.
Getting them away from scammy VPNs like those often advertised on YouTube? That's a win.
Getting them to have antivirus versus no antivirus at all? That's a win.
Getting them out of Meta's clutches and into the not-for-profit Signal? That's a win.
So, in 2025, we recommend DuckDuckGo's browser and VPN, Bitdefender, and Signal for most people in most cases.
*Exception: ClamAV is a must have when it comes to OSINT, which we will talk about much, much later.
Book Excerpt Takeaways:
- The Cloud's True Nature
"The cloud" is just a clever marketing term to describe storing your stuff on someone else's thing or server, to put it in terms George Carlin would have appreciated. The cloud is a perfectly legitimate and mostly safe place for your stuff. But ... we recommend, if you can, to use an external hard drive and keep your stuff offline. - Trust and Security Breaches
Long story short: Do not ever take the word of a tech company when it comes to your privacy and security. They’re incentivized to lie. That doesn’t mean the people who work there are bad people; they’re not. But the incentive structure is built around pleasing shareholders, not customers.
Credits:
SFX for this week’s episode were provided by:
- Struggle between two people.aif by jsburgh -- https://freesound.org/s/235681/ License: Attribution 4.0
- SFX for the Ring Bell Provided by ZapSpalt
Resources (No Affiliate Links. We use this stuff too.)
Get Your Privacy Notebook: Get your Leuchtturm1917 notebook here.
Recommended Products
-BitWarden.com (Password Manager: easier to use, costs money)
- KeepPassXC (Password Manager: free, harder to use, but more secure)
-Slnt Privacy Stickers for Phones and Laptops
Our Sponsor: DuckDuckGo <--Recommended Browser and VPN
Get In Touch: Contact The Show Here
Stupid Sexy Privacy Episode 6 Transcript
DuckDuckGo Commercial:
Announcer: Welcome Back to the DuckDuckGo Privacy Challenge, where contestants get a chance to learn why millions use DuckDuckGo's free browser to search and browse online.
Now for our first contestant, Julie. True or false? Google's Chrome protects your personal information from being tracked.
Julie: Hmm, I'm going to say … true.
Announcer: Incorrect, Julie. If you use Google search or their Chrome browser, your personal information has probably been exposed. Not just your searches, but things like your email, location, and even financial or medical information.
Julie: Wow, I had no idea.
Announcer: Second question, what browser can you switch to for better privacy protection?
Julie: Is it DuckDuckGo?
Announcer: That's correct. The DuckDuckGo browser keeps your personal information protected. Say goodbye to hackers, scammers, and the data hungry companies. Download from DuckDuckGo.com or wherever you get your apps.
Show Introduction
Rosie Tran, Host of Stupid Sexy Privacy: Welcome to another edition of Stupid Sexy Privacy, a podcast miniseries sponsored by our friends at DuckDuckGo. I'm your host, Rosie Tran. You may have seen me on Chime TV's A Brand New Yay or on season two of Peacock's comedy InVASIAN.
Aside from organizing with your friends and neighbors, laughter is one of the best weapons we have to fight fascists and weirdos.
So if you need a good laugh, check out my episode of Comedy InVASIAN, which is called The Hanoi Honey. After you're done listening to today's episode.
[Reader’s Note: Peacock has the name of the episode as The Saigon Honey for some reason.]
Clyde The Duck: Quack!
Andrew VanVoorhis, Show Producer: He doesn't like self-promotion.
Rosie: I mean, Clyde is a duck. He doesn't like a lot of things. Hawks, the scent of lemon oil and people who try to give him bread.
Clyde The Duck: Quack! Quack! Quack!
Rosie: I'm not trying to give you bread!
Clyde The Duck: Quack!
Rosie: Andrew, can you inform this duck that if I don't tell our listeners who I am, then I'm just some random person on the internet. That means there's no human connection and they're not going to care about what we have to say. I might as well be an AI. And if that's the case … is he seriously looking at a stopwatch right now?
Andrew: Clyde's gotten super into time management.
Rosie: This is what happens when BJ gets depressed for like two years and puts a literal duck in charge of the show.
Speaking of BJ, over the course of this series, we're going to offer you short, actionable tips to protect your data, your privacy and yourself from fascist and weirdos. These tips were sourced by our fearless leader — He really hates when we call him that, BJ Mendelson — Episodes 1 through 24 were written a couple of years ago. We're re-airing them now because most of that advice still holds. Everything you hear after episode 24 is going to be brand new, including this introduction.
Andrew: And anything we need to update from the original episodes can be found at StupidSexyPrivacy.com
Rosie: That's right. So make sure you visit StupidSexyPrivacy.com, and subscribe to the newsletter.
Now, for those of you who don't know, BJ is the author of the book “Privacy and How We Get It Back.”
Alongside Amanda King, who you'll also hear from in this series, BJ is writing a sequel called “How to Protect Yourself from Fascists and Weirdos.”
So, everything we're going to present comes from two actual humans who research and study the stuff for a living.
Clyde The Duck: Quack!
Rosie: Okay, okay, two actual humans and one super intelligent duck. Although I don't know how intelligent that duck really is. Especially when he keeps forwarding Andrew and I emails with a subject line that says “1986's How Are the Duck is good actually.”
Clyde The Duck: Quack! Quack! Quack!
Rosie: It's a bad movie and you know it.
Andrew: Okay, I gotta separate these two. Remember to visit stupidsexyprivacy.com and let's get to today's privacy tip.
This Week’s Privacy Tip: Minimum Viable Privacy or The Least You Need to Do To Get The Most Protection
[Reader Note: We definitely recommend you check out the show notes, above, for the updates to this Privacy Tip. Out of all the ones we share in the original series, this is the most dated.]
Rosie: This week we're going to follow up on the software you should be using on your new Apple laptop. But just a note that all these programs work on any device and we recommend you use them.
So if you're listening to the show and you haven't switched to an Apple laptop, that's okay.
Although we really suggest you save up and get off Windows as soon as you can.
On a scale of most secure to least secure computers, Apples are above average in terms of protection, but not the most secure, and Windows computers are at the absolute bottom.
You're better off just posting all of your personal information on your favorite social media apps because that will somehow still be more secure than using a Windows computer.
So we recommend Apple devices because they offer the most security for the most people while remaining easy to use. That said, these are the programs everyone should be using to provide the most security and privacy for their device.
They are: ProtonVPN, the DuckDuckGo browser, Clam AV, which is a free cross-platform open source antivirus program, and Signal. We've linked to all four in the show notes below.
But here's a brief explanation as to why we recommend them.
1. Proton VPN. VPNs are great, but we want to stress they don't make you invincible or immortal. Someone can still kill you and become the Highlander if they really want to … That's how the Highlander thing works, right? I've never seen any of those movies. My point is that if someone wants to mess with you bad enough, they can probably find a way around your VPN.
For example, by sending you shady emails or texts that look like they're from trusted senders. That said, you absolutely want to have a VPN and use it at every opportunity when you're out and about.
Just like with your smartphone, you never want to connect to any public Wi-Fi on a laptop without your VPN. In fact, whenever you're on the move, it doesn't hurt to keep the Wi-Fi and Bluetooth features on your laptop turned off until you absolutely need to use them.
Okay, next on our list, Clam AV. Clam AV is an antivirus program everyone should use.
The fact is, you just can't trust commercial antivirus providers. It's not in their self-interest to actually solve the problem to the solutions they're selling you*. And like we mentioned, while VPNs are great, people are still susceptible to trickery. So, in the event you do ever click on anything you probably shouldn't have, you want to run Clam AV immediately. In fact, you should run it at least once a week, just to be safe.
There's not much more to say about this one. It's a free antivirus software. It works. And yes, Macs get viruses. They're not common, but they do happen. Remember BJ's old laptop that we told you about? The one with all the superheroine-in-peril porn? It probably kicked the bucket after getting a virus. And that was a Mac. Shit happens is what we're saying, so get yourself an antivirus program.
[Reader's Note: Yup. We still feel that way about anti-virus companies in 2025. But. We also found people REALLY do not like using the Terminal App, so if you insist on an anti-virus program instead of using Task Explorer, LuLu, and KnockKnock, use BitDefender.]
Next on our list, DuckDuckGo's web browser.
Yes, DuckDuckGo sponsors this show, but the reason they do this is that BJ regularly uses this browser and asks them if they'd be interested in doing so. So, we were going to recommend their browser to you regardless of their involvement. There are some great choices out there for browsers, like Brave, which is what BJ recommends in his first book on privacy. But since BJ's first privacy book came out, DuckDuckGo launched its own browser. One that's less focused on behavioral advertising, which is how Brave makes its money.
And the DuckDuckGo browser has a really nice feature Brave doesn't have yet. If you're tired of being asked whether or not you accept cookies, and I think that's almost all of us at this point, the DuckDuckGo browser can manage all of that for you.
There is a drawback though to using this browser instead of Brave. Brave will block all the ads on almost every website you visit. DuckDuckGo will only block the ads that are creepy. And those creepy ads are the ones you want to worry about. There's nothing wrong with contextual advertising. Our favorite apps and websites need to make money in order to provide us with the services we enjoy.
But there is something wrong with ads that collect data on you without your knowledge and share it all over the internet like it was a reporter for TMZ. So you can go either way and use Brave or the DuckDuckGo browser. But for now, we're recommending the Duck.
[Reader's Note: I fell out of love with Brave. I don't think it's right to block everyone's ads, just the creepy ones. We're also very down on crypto. Avoid crypto whenever possible. It's a scam.]
Last on our list is Signal. We've mentioned Signal before, and we hope by now most of you have made this your default messaging and calling app on your phone. Here's another reason why you should do that right now. Signal has a great desktop app for Mac OS. That means if you're only using Signal to receive texts and calls, you can also receive those texts and calls on your computer. This is great because it means you don't need your phone anywhere near you. The more you use your phone, the more data it collects.
So it's entirely possible that you can start cutting the phone out of your life by switching over to Signal. You can do that by putting your phone away and securely calling and texting with friends and family using your laptop when you're at home with Signal.
Commercial:
Hello everyone, this is BJ Mendelson and I am the writer and co-producer of Stupid Sexy Privacy. When I'm not working on the show, I'm usually yelling at my television because of the New York Mets.
I want to take a moment to tell you about a book I co-authored with Amanda King. It's called How to Protect Yourself from Fascists and Weirdos, and the title tells you everything you need to know about what's inside.
Thanks to our friends at DuckDuckGo, Amanda and I are releasing this book for free in early 2026. If you want a DRM-free PDF copy, you can have one. If you want a DRM-free MP3 of the audiobook, you can have that too. All you need to do is visit stupidsexyprivacy.com and subscribe to our newsletter. That website again is stupidsexyprivacy.com and we'll send you both the PDF and the MP3 as soon as they're ready.
Now, I gotta get out of here before Bonzo shows up.
He's been trying to sell me tickets to see the White Sox play the Rockies and I don't have time to explain to him how interleague baseball is a sin against God. I've got a book to finish.
[Reader's Note: There's your hint about an upcoming tweak to the show.]
Excerpt From Privacy: And How We Get It Back
The comedian George Carlin, in the prime of his career, had a wonderful routine called, A Place for My Stuff. The place starts out very small, but slowly gets bigger and bigger as Carlin details the need for everything he owns to have its own place where he can get to it. And what does Carlin explain as the inevitable consequence of continued accumulation? The need for an even bigger place to hold more stuff. Carlin died in 2008.
So it's not known what he would have said about the Cloud. But digitally speaking, the cloud gives us all the place for our stuff. As you might have guessed by this point in the book, there are some issues with trusting the companies like Dropbox, Apple, and Amazon who provide cloud storage for your stuff. The cloud describes the space allotted to users where they can upload and store their files remotely. In other words, to store those files on a computer that is not their own. That's all that is.
The cloud is just a clever marketing term to describe storing your stuff on someone else's thing or server, to put it in terms George Carlin would have appreciated. Now, to be fair to the providers of cloud-based storage who may come and go as you read this, the cloud is a perfectly legitimate and mostly safe place for your stuff. There is nothing to fear from relying on the cloud. In fact, this is a point I've made throughout this book. I'm not saying any of these products are inherently bad or creepy.
The companies can and often do act in a creepy way. But if you want to use Facebook or Apple's iCloud, go for it. Just be educated about what's going on with your data and how it's being used. That's all I'm saying.
But in keeping with the theme of this book, there are some issues that should still be addressed. Specifically, although these cloud storage companies provide a great service, you shouldn't trust them to have your best interests at heart when it comes to your stuff. In fact, You shouldn't assume you have any privacy at all concerning what you've uploaded to someone else's servers. Remember, if it involves the internet, assume nothing you do on it is private.
Who do you trust with your stuff?
One of the members of the ring decided to post the photos they had on 4chan, a web-based image board. Once the photos hit 4chan, they made their way to Reddit and from there to the rest of the world. This is because Reddit is often a source of news for bloggers and journalists. But how did the hackers get those photos in the first place? When we talk about privacy, we have to talk about trust. Who do you trust with your stuff?
In this case, we see that these celebrities placed their trust in Apple. They thought their stuff was secure when stored within Apple's iCloud server. Except it totally wasn't. And Apple is a company that tells people, right on their page about privacy, at www.apple.com/privacy, that they, as a company, believe privacy to be a fundamental human right. LOL.
In fact, not long after the leaked nude photos began to circulate, we learned that Apple knew of the exploit the hackers used to access the accounts of the celebrities and that they did nothing to fix it. Think about that for a second. Millions of people store their stuff using Apple's iCloud service. According to Comscore, there were over 85 million iPhones in the United States as of December 2016. Apple knew there was a flaw that would allow for hackers to break in and access people's stuff.
And their response was not only to do nothing, but as the nude photos circulated, Apple claimed their service was secure while they finally got around to fixing the exploit they had known about months earlier. Apple shouldn't be the only one with some blame here, however. Reddit kept the nude celebrity photos up for a week before shutting down the subreddits housing the photos, thereby benefiting from the sheer amount of traffic generated during this time.
Later that same year, Dropbox had a security breach of its own. What happened was either A, hackers stole usernames and passwords from Dropbox, or B, hackers stole usernames and passwords from other services and using those usernames and passwords, were able to access Dropbox accounts. This allowed the hackers to pull anything and everything they'd like from Dropbox accounts as long as the accounts were compromised. Was Dropbox lying when they told everyone they weren't hacked the way Apple did?
Or were the hackers lying, as Dropbox claimed? It's not clear, but either way, it doesn't matter. Throughout this book, you'll find numerous instances of hacks and security breaches occurring because nobody wanted to pay to update the security software. That's kind of messed up, don't you think? Like if you're a multi-billion dollar company, or at least valued as one, you figure little things like this would be taken care of. But they're not. Not often, anyway.
And we're all just sort of blindly trusting these companies to protect our stuff for us. Why? You really have to ask yourself why these tech companies all get a pass for stupid shitty things. But the second some other non-tech company messes up like Mattel, we're all over them saying, "No! Bad company! Bad, bad! We do that outside!"
This is some amateur hour level shit right here and there's no excuse for it. And if you want an extreme example of the other problem when it comes to companies getting hacked and being deceitful about it, Yahoo! grossly misinformed the public about the number of accounts that were compromised, finally admitting, of course, after their multi-billion dollar purchase by Verizon went through, that every single Yahoo! account had been compromised. Marissa Mayer, who was heralded as the savior of Yahoo! when she first took the reins of the company, received a $23 million golden parachute after the Verizon purchase was completed. The security breach of every single Yahoo account, as well as the company downplaying how bad the breach was, happened on her watch.
That leads us to another rule you should remember. Do not take what tech companies tell the public at face value, ever. The same is true for hackers, too.
Outro
Rosie: Today's episode of Stupid Sexy Privacy was recorded at the DuckDuckGo podcast studio in Los Angeles, California. It was written by BJ Mendelson, produced by Andrew VanVooris, and hosted by me, Rosie Tran.
Before we go, I want to give a shout out to our other co-host, Amanda King, and our sponsor, DuckDuckGo. If you enjoy the show, we hope you'll take a moment to leave a review on Spotify, Apple Podcasts, or wherever you may be listening.
This won't take more than two minutes of your time. You see, we have this crazy goal and we need your help to achieve it. We want 5 % of Americans to be 1 % better at protecting themselves from fascists and weirdos. Leaving us a review could help make that happen. Because your review will help other people find the show.
So please take a moment to leave us a review and we'll see you next Thursday at midnight. Right after you watch my episode of Comedy Invasion on Peacock, right?
Clyde The Duck: Quack!
