Tosh Show - My Cybersecurity Expert - Alex Stamos
Episode Date: September 16, 2025Daniel sits down with former Facebook Chief Security Officer Alex Stamos to discuss hacking, keeping your kids safe online, and west coast teams in the ACC....
Transcript
Discussion (0)
Hey, guys, it's me, Daniel.
Do me a solid.
I don't ask for a lot, but like and subscribe to this podcast.
Also, you could rate it.
Highly, I would appreciate.
Maybe even write a review.
Maybe we'll become best friends.
Does the NSA read everything I send to everyone?
I don't know.
That's a hard, yes.
Insharecy.
So.
Pasha.
Hey guys, it's me, your friendly neighborhood podcast host, Daniel Tosh.
Welcome to Tosh show.
Never seen it come on like that before.
You never seen a switch on?
Ooh, that's cool.
Watch this.
Watch this.
What is happening?
Watch this.
Watch this.
Watch this.
Yeah.
Yeah.
You know what that is?
Magic.
That's Lipson.
That's a little bit of Lipson.
Lipson.
Yeah, they're doing us right.
Hey, Eddie,
this will affect you.
Oh, man.
I need to borrow your driveway in Tahoe.
Okay.
Thank you.
That's why Eddie's a good friend.
He doesn't ask why.
It says, okay.
You need to use my driveway, fine.
I haven't even told them what I do.
I'm going to stick a storage unit and two cars in there for a year.
Hey. No, I'm not joking. I'm selling, I'm selling my property in Tahoe, but don't fear, okay? Because I have land in Tao that we are building a home on. You and me? No. Me and the Mrs. We're going to build another home, but to do that, I'm being forced against my will by my wife.
to sell our current property, which is sad because we've lived there for many years
and it's where our children, when they think Christmas, they think that house.
When they think summer in Tahoe, they think that house.
And that's all coming to an end.
Thanks to my wife's constant need to downsize.
Breaks my heart.
Now you say, well, isn't the property that you're building much bigger than that?
Yes.
Not really downsizing, is it?
Well, I just.
thing is great that one of our listeners can buy my home. And I'm leaving cool stuff there.
I told them, I'm going to leave the 100 foot slip and slide. Okay, that tarps there.
I'll help you set it up the first time you use it. I'll show you how you have to block at the
bottom to make sure kids don't go flying into the lake. You say, oh, flying in the lake, that's
okay. Now, there's some rocks down there you want to avoid. So you stand down there with a large
inflatable and you just got to lean into it because they come in hot.
But yeah, a lot of good memories,
but I'm excited to pass those memories on to somebody else
and then just come by and be like, hey, I used to live here.
You ever go back to you an old house?
In Omaha, I've gone back by where we grew up.
Never knocked on the door.
St. Louis, I did it.
Yeah?
I drove up to a childhood house that we had when I was in the 5th and 6th grade,
and I knocked on the door and went inside.
Oh, amazing.
And I remember going, wow, it seems so small.
But as a child, I thought it was the biggest house we'd ever own because it was two stories.
I was like, oh, we have a two-story house.
Doesn't matter.
Hey, this time of the year, they do the Malibu chili cook-off.
That's the name of it.
They have a chili contest.
That part of it doesn't mean anything to me.
But they have a huge fare.
It's nice because I don't take my kids to Disney or any of those things that are way too crowded
and would give me diarrhea.
but this is my own backyard and it's just cool fair for you know three days but this year is the
first year they're not doing it because of the wildfires they've decided the people that put
it on they were just all their resources were to donate money to victims of the wildfire okay
that's good but you kind of you kind of ruin my kids tradition well out of nowhere i see
this janky carnival setup on the other side of the canyon here and I'm like oh in
agora and I'm like I don't like going over there it's too hot if it's 70 in Malibu it's 94 there
whatever they've got a carnival set up in a parking lot and I'm like kids we're doing it
I surprise them we drive over the hill they see the carnival they lose their mind oh it's so
fun but clientele's a little different
Not all. Sluts. And when I say sluts, I'm talking 12-year-old girls to 15-year-old girls.
Because if you're 16 and older, I think you move on to other things. But for some reason,
carnivals attract this group of kids that are old enough to go out without their parents,
like their parents drop them off. It's just, it's bizarre the whole time. I'm just like,
oh, no, this is what my future is with my daughter.
She's going to be a future carnival slut.
I don't know.
I shouldn't call them sluts.
Right now I'm, what's it called when you're...
Slut shaming.
I'm slut shaming just because they looked like sluts.
Oh, and then my son pulled my bitch card.
He wanted me to win them a prize on one of the rigged games.
Right.
And I'm like, it's one of those with the backstop where you have to throw the wiffle ball.
It has to hit the backstop and fall into the bucket.
Yeah.
But as soon as it hits, that thing, it bounces like fucking, it springs off of it.
like standing right next to it, showing you how it does.
But from the angle that I'm at, and he's like, you can lean way over, man.
I don't care.
And I'm like, bro, I still can't do it.
I shalt out 20 bucks.
And my son won some sad consolation prize.
It's just embarrassing.
I have panda with me.
I'm my wife's cousin.
I just make her go on with the kids.
I'm like, oh, they'll love this.
Get on.
And she's, like, getting nauseous.
Do you eat any food there?
No.
Okay.
So here's the upside.
That great question, Eddie, did I eat food there?
I went there preparing to fill my stomach full of carnival food, but it's in a shopping
plaza where there's already amazing restaurants in the plaza.
So guess what?
I got to eat at a great restaurant.
There you go.
I'll give my plug.
I ate at two dos, two-dose pizza place in Agora.
I had myself a nice pizza and a salad.
I was like, it's perfect.
Then I walked over the gelato store that's right there.
I'm not giving you a plug.
Why?
You're a great gelato place.
The line was long.
I fucking turned around.
I'm not going to stand in a line.
I just finished leaving a carnival.
I'm not going to stay in the line for gelato.
Eh, whatever.
And then, how about this?
I'm leaving.
You get a bracelet to ride the rides.
Okay?
You're supposed to put the bracelet on.
I don't put the bracelet on because I don't want to ride the rides.
I want to hand this off to Amanda.
So I hold the bracelet loose.
And I'll end the guys that work the car.
the carnies they're good about it they don't care that it's not on you but i get two bracelets
unlimited unlimited rides you can just ride it as much as you want so i'm walking out of the place
i'm leaving i leave it a respectable hour 730 715 i don't remember what it was and i find two young
people coming in not young young not like those sluts but like like some 20 year olds coming in i go
here you go here's two uh unlimited
passes
for all the rides
and they go
all right
that's what they did
they go all right
like come on man
I go do you want these two
they're unlimited
they go all right
not thank you
not oh thanks
nothing
I'm like that was
at least a $50
value
maybe more
I don't know how much
they're going to ride
all right
we'll take them
oh good
it really helped me out
give them back
I should have taken
them back
you tackle them
the moral
that story
uh is hey parents you're dropping off your 12 to 15 year olds at these carnivals and they're
dressing like hobags today's guest he's got me a little paranoid about the future and our
children's safety it's a lot enjoy my guest today is answered directly to CEOs investors university
presidents and congressman, I'm excited to hear how my questions stack up in comparison.
Please welcome the former CSO of both Yahoo and Facebook, as well as a professor at Stanford,
cybersecurity expert Alex.
Fake professor.
What's that?
I'm a fake professor.
What does fake professor mean?
Well, right, I'm a lecture.
They get really pissed if I call myself a professor.
I will get a letter.
I'm going to fix it.
As well as a fake professor at Stanford.
Thank you.
Cybersecurity expert Alex.
I got it.
So you just lecture there.
So, okay, that's fine.
I don't want to upset the actual professors.
Please.
How often are you doing lectures?
I teach two classes at Stanford right now, one in the fall, one in the spring.
But you're not called a professor.
That's right.
I don't care.
Lecturers actually teach undergraduates.
It's a different person's job.
What if your students call you professor?
My students call me professor.
You don't correct your students, though?
Say, hey, guys, first lesson we're going to learn is I'm not the professor.
No, yeah. I'm fine with them calling me professor, but I just, I will never call myself professor
on the outside. Fine. Man, Stanford runs a tight ship. They do. Do you enjoy Stanford? I do. I love the
teaching. I love the students. It keeps me young, and they teach me new words. What about living there?
Do you like that? Living in Silicon Valley, living up in Northern California, where we have seasons
like down here. Yeah, I do. It's beautiful. It is. I love it, too. Oh, man. Do you believe in ghosts?
I do not believe in ghosts.
Alex, I want you to know that I didn't write any of these questions.
So if something truly offends you during this interview, please disrupt Eddie over there.
That's Eddie Gosling, two S's and that.
Do you need a social security number to mess with him or no?
I'll find it, don't worry.
How easy is it to get everybody's info?
Extremely easy, unfortunately, yeah.
I'm not worried about it.
Should I be?
It matters what your threat profile is.
It just matters to your enemies are, right?
Yeah, I mean, I just don't care.
My emails, none of my emails are you going to steal all my credit cards.
All that stuff's insured.
I mean, am I okay then?
Yeah, what else am I missing?
Yeah, I mean, I guess they could people frame me to say that I did something that I didn't.
Yeah, that's a problem.
Matters who your enemies are, right?
Okay, now I'm worried again.
I didn't think about that.
I don't want to go down for something I didn't do.
I'm just not ashamed of what I have is why I guess where I was coming with.
Where'd you grow up?
I grew up in beautiful Sacramento, California, the Midwest of California.
It really is.
Yeah.
It's the Midwest of California.
You ever spend time in Sacramento?
I spent a little at Sacktown, yeah.
I used to go up there all the time.
Not so much anymore.
As a teenager, I thought it was boring.
And then as I got older, I realized why my parents raised kids there.
Do they choose to live there?
They did.
Yeah.
My mom grew up in the Central Valley.
For some reason, lots of Greeks ended up in the Central Valley.
Chain migration, right?
You end up with one Greek, and then all of a sudden, you've got thousands.
The old sane.
Well, right, it's where you grow grapes, right?
Like, it's, you know, measuring climate and grapes grow well.
And, you know, my family ended up growing grapes in Lodi and, you know, learning English and GI Bill help my family go from, my grandfather, go from being a goat herder to an electrical engineer for the phone company in Sacramento.
That's a pretty good ride there.
Yeah, it's a pretty good ride.
It's a pretty good change to go from goat herding to engineering.
Were you always into computers as a child?
Yeah.
When I was eight, I think my parents got me a Commodore 64 with a 300 bod modem, and it was all downhill from there.
Did you ever play a sport, or did you only sail?
No.
Wow.
Wow.
That's violence.
Well, come on.
Were you a nerd or were you like not?
I mean, because you don't seem like a complete, like, oh my goodness.
I mean, I played a bit of soccer, like in high school until, like, my knee exploded.
And you cared about sports, too.
You love sports.
Right, I mean, you're saying I'm a nerd, Daniel?
I was...
You're not the traditional nerd that we're thinking hackers were.
Right, right, because I was, you know, my major was electrical engineering and computer science,
and I was in the marching band in college.
So I was...
You were there.
The girls loved me.
I was fighting them off.
When did you, like, actually get into, like, I'm going to hack into anything?
Back in those days, hacking was just...
It was a much more innocent thing, right?
You couldn't get into a lot of trouble in the 80s and early 90s.
You know, there's a bunch of kids.
logging into BBSs, you know, these bulletin board systems that you could meet friends.
And then, you know, the way I got into hacking was I didn't have money so I couldn't afford
video games.
So, you know, me and a bunch of other teenagers would learn how to remove the copy protection
off of games and then trade them with each other.
Pretty impressive, huh?
These days, like, if you're a teenager and you had those kinds of skills, you could end up
working for the mob, stealing Bitcoin and, you know, creating ransomware, right?
Things have changed an incredible amount, right?
Because now you have these teenagers.
and young people knocking over MGM grand, right?
And, you know, stealing tens of millions of dollars.
That's pretty cool, too, though.
It is pretty cool.
But, like, it's actual harm happening in people.
And, you know, especially, no, a lot of that's overseas, right?
It's much less likely for it to be being done from inside the United States.
Most of these groups are operating out of Russia and other countries where they know they're safe from extradition.
Could the U.S. and China obliterate each other's power grid at any moment?
It's quite possible.
Well, it's most likely the Chinese have a huge advantage over us than we do over them.
Partially because we have a very high-tech and fragile power grid,
there's also a lot of evidence of the Chinese planting a lot of backdoors in our infrastructure.
There's been really aggressive Chinese moves over the last couple of years.
And what's really scary is that the Chinese know that those back doors have a short shelf life.
And so it's unclear if the U.S. has been doing the same.
It is quite scary where we are right now versus the Chinese from a defensive perspective.
Do we have people on the offensive?
We do.
So like one of the fascinating things about this is the people who hack on behalf of the United States are socialists.
And the people who hack on behalf of China and Russia are capitalists.
This is like a hilarious outcome of the post-Cold War era.
So if you're hacking on behalf of the United States, you either work directly for NSA or U.S.
command, what China and Russia have done is they've created a commercial incentive. It is not legal
to hack America's enemies on a normal Tuesday, right? We don't let you do that in the United States,
but Chinese entrepreneurs do that all the time. There's rules they have to follow. In Russia,
there's a lot less rules. You can do basically anything you want in Russia as long as you don't
hack Russian companies. But in China, you can go start a company and you can go hack American pharmaceutical
companies and then give that data to Chinese pharmaceutical companies.
Can you personally profit off of it?
Yes, and you can personally profit off of it.
You know, there's rules you have to follow, but you effectively have kind of coverage
from the Chinese government.
That means that China and Russia have built these huge capabilities that they don't
have to pay for themselves, and they're very good because they get to practice every day.
Like, you don't get good at playing chess by reading books, right?
You have to play chess every day.
These guys get to hack every single day.
But forget information.
If they hack a company in Russia and they, you know, get a $5 million payout, do they have to give up a portion of that to the government or all of it to the government?
Well, so especially in Russia, I think also in China, you know, it's hard to know exactly how much, but they definitely have to pay people off, right?
It's a whole graph system.
Now, I've heard this.
And then it's in my head forever.
And you could tell me immediately that it's not true.
But I have a friend that worked at a company and they were hacked.
And by it's probably, let's just to say, it's Russians.
It's a good guess.
They're so used to doing this that they basically ask for basically the number that they know that companies will pay because it's cheaper to pay that than to go the other.
Is that that's happening constantly?
Every single day it happens dozens of times.
And often what they're asking for is how much you're insured for.
So what they'll do is it's called ransomware.
They'll hack in, they'll encrypt your systems, they'll steal your data, and then they'll ransom you for it.
And one of the things they look for when they break in and they steal your data is they look for your insurance policy and to figure out how much insurance you have.
And so they'll say, oh, my friend, you have insurance. You have $5 million of insurance.
Just pay us the insured amount of money.
Do you have to do the accent when you do this?
I'm sorry. Yeah, that was really bad.
Yeah. I guess when I'm like in Hollywood, I shouldn't do accents.
It plays better in Northern California.
Let's talk cookies. I love almost all cookies.
Should I be accepting or rejecting them on every website that I visit?
Oh, God.
I mean, those cookie banners, I mean, there are real privacy issues on you being tracked of what you do
and the fact that you have these advertising networks and these data brokers that know about everything you do.
If you care about those things, you can download add blocker plugins to your browser that will just block those things.
I don't even mind it.
I enjoy seeing stuff that they think I might ever.
I have never clicked on anything in my life.
There's no ad that's ever popped up that I've been like, well, that's interesting.
Really? Never?
Not even, like, Instagram?
I don't do Instagram.
Okay.
I've never done it.
I bet your wife does.
Well, I mean, that seems sexist.
But she probably has.
I don't know.
No, I don't do it.
I haven't done a lot of those things.
Look, Mark Zuckerberg does not own like an eighth of Kauai because nobody clicks on Instagram ads.
Do you prefer early days nerd Zuckerberg?
or current right wing alpha bro Zuckerberg.
Oh, God, strongly prefer the old Mark.
The one I used to know, I do not like the new one.
I don't know if the new one's real, right?
Like, the new Zuckerberg does not comport at all to the one I used to know.
He used to be, like, thoughtful and smart and a really good dad who talk about his kids a lot and ask good questions.
And this new one, I do not know what's going on.
Is Trump your fault?
My fault, personally?
Yes, because you were at.
Where were you at, where were you at, 2016?
You were at Facebook.
Do you take any responsibility for allowing the Russians to manipulate that election?
Wow, that's quite a question.
So I would say I do take some responsibility for not catching in real time Russian manipulation of Facebook.
I also think it is a massive simplification to say the Russians are the reason Donald Trump was elected.
I think everything we've seen since then has indicated that we've,
as Americans need to take some responsibility
for what's happened. Right, because if you're telling me
that all the Russians did
was manipulate
news and blah, blah, but
didn't actually affect the
counts, then I'm like,
all right. Okay, so they definitely didn't affect the counts.
Right. So this is a big issue, and I think we
should dive into it. Fine, let's do it.
Okay, so first, there are
a bunch of different kinds of Russian
manipulation of the 2016 election.
Several of them are offline, right? So you have all of the Russian
interaction with the Trump campaign that now is being played as that never happened, right?
But they directly interacted with the Trump campaign.
There's two major electronic components to the Russian interference.
One is the Facebook component, right?
And not just Facebook.
It is all the online component.
But that is their activity mostly by private Russian actors, a group of companies that would
support Putin through online propaganda.
The majority of their propaganda was actually in Russian.
Most of that activity was not about supporting Trump.
It was about stirring up controversy in the United States to try to get people to fight each other.
But I think it's very hard to have any kind of reasonable, empirical, quantitative social science evidence that that activity led to the election of Donald Trump.
The other Russian interference is much, was much more aggressive, which is they hacked into the Democratic Party apparatus, so that's the D-Tri-C, into the Gmail account of John Podesta, into the accounts of Debbie Wasserman Schultz and such.
And then they created these fake online personas, and they leaked that to the press, and then the press ran with it, and then created the Hillary email server.
scandal, and then you have, you know, an FBI investigation and buttery emails and all that
stuff. Now, that, did that affect the outcome of the election is very hard to tell, but it helped
blunt the Axis Hollywood tape, right? So if you roll back the timeline, you have, you know,
Trump saying, I hope they hacker, and then all of a sudden that activity happens, you have the
Axis Hollywood tape, and then you have the leaks immediately afterwards. You have political running
like a live blog of John Podesta's leaks.
possibly had a much bigger impact, especially when you think that only 100,000 votes
in three swing states affected the election. Unfortunately, we were not looking for that kind of
organized propaganda. Our team was looking for traditional cyber. In fact, we saw a bunch of hacking
activity and we turned it over to the FBI in the spring of 2016. It turns out they never
told the DNC about it. They never did anything about it. We felt like we did our part.
All right. I get it. So you're off the hook. No, I'm not saying I'm off the hook.
We didn't, we screwed up in a bunch of ways, but I also think like there's this kind of super reductionist idea that took hold in democratic circles that like some ads on Facebook is why Trump won.
And I think with everything that's happened since then, that's an incredibly simplistic idea.
Well, speaking of simplistic, true or false?
Okay.
Have you seen the Trump pee-P tapes?
False.
I'm trying very hard not to end up in El Salvador.
Yahoo. What went wrong?
At Yahoo, overall?
Yes.
Oh, man.
I mean, Yahoo's just like a company that lived too long, right?
I mean, a bunch of tech companies become super successful.
A bunch of them, like, flame out and die, or they get bought.
And then Yahoo is kind of like the old man that just was on life support too long, right?
Like, it should have had a DNR.
And instead, it's like the company that didn't sign the DNR and it kept on getting revived over and over again.
Does that make sense?
It does.
Yeah, DNRs. If you have a DNR, but you call 911, avoid your DNR. Isn't that ridiculous?
I didn't know that.
Yeah, because 911, they don't have time to be like, no, this person, you asked for help, so therefore, that doesn't.
Wait, wait, when did you work for it? What years did you work at Yahoo?
I was at Yahoo in, like, 2014, 2015. And so I was there when Mercer Mayor went in, and then they didn't have a CISO for a while. And then the Snowden Disclosures came out. And there was an entire slide deck about how the NSA was downloading all of Yahoo's email.
In fact, there's a slide in there complaining, asking for more money because Yahoo had so much spam that the NSA had to, like, store all of Yahoo's spam.
That's great.
And so they hired me a C-So because they're like, wow, we've got to like lock the NSA out of our networks.
Does Snowden, does he matter still?
Well, I mean, personally, I don't think Snowden has, like, any impact anymore.
He's, like, chilling in Moscow and, like, tweets things that nobody cares about.
But, like, what he did is still having, like, massive impacts.
I have very mixed feelings about what he revealed
because there are abuses he revealed
that the NSA should not have been doing
but he also dumped a bunch of stuff out
which is like the things I pay for as a taxpayer
right? It's like that was
the NSA spying on Russia and China to
because they spy on us.
Does the NSA read everything I send to everyone?
I don't know.
That's a hard yes.
So what we found out
with the Snow and Disclosures
is that the NSA was gathering up way more data than any of us expected.
They basically have a different definition of collection than the rest of us do.
What they were doing was collecting huge amounts of data at the place at which American
tech companies were moving that data between their data centers.
And so the NSA did not consider the data of Americans they were gathering to have actually
been collected unless a human being looked at it. This was their kind of legal backdoor
to do this. The technical hole has been fixed, right? So all the major U.S. tech companies now
encrypt all that data, so the NSA shouldn't be able to get to it. They still have the power
to request it under a variety of different legal means. But in theory, you should have to be effectively
like an agent of a foreign government or you have to be in conversation with an agent of a foreign
government. How much more secure from hacks has the current administration made America?
I think we're a way worse shape than we were a couple years ago.
Unfortunately, the SISA, which is like the premier defensive cybersecurity agency, has lost a huge number of their best people.
They've had political purges, and the director of the NSA, who's the most qualified director in its history, was fired because he was not seen as reliable enough.
You mean he wasn't a friend of a friend?
Yeah.
No, a prominent Twitter personality attacked him.
This is like a lifetime Air Force officer.
So this is not like a political appointee from the previous administration.
This is a guy who came up in Cyber Command.
And a bunch of the good people at FBI have quit.
Most of the good people at the National Security Council have quit.
There's basically nobody minding the store.
And so when I talked to other chief security officers at companies,
we're basically like we're on our own again.
like that the U.S. government will not be there to help us.
And that's the expectation among people in private industry.
Conspiracy theories.
Like, what are some, you've heard crazy ones, I'm sure.
Are there any conspiracy theories out there that you're like,
eh, that one might be true?
I don't know.
I mean, the thing always with conspiracy theories is it like,
it always presumes that people are actually really competent, right?
Like, whenever I get into, like, a corporate board room
or I'm in, like, some room with government folks,
you're always like, oh, man, these are just, like, normal people
who don't know what they're doing.
Yes.
What's compelling about conspiracy theories is like, oh, there's secretly people in charge.
Like, there's actually people who know what they're doing.
They're just happened to be evil.
And every time I've gone actually into the room, I'm like, oh, shit, these people have no idea what they're doing.
They're just faking it like everybody else.
I feel like that's true when it comes to politicians a lot of times.
But then there are other people.
I think I might have things figured out.
Yeah, I mean, I think the conspiracy theories that are true are the,
obvious ones. I mean, you think this is, like, one of Trump's powers, is that, like, he just
does stuff openly. And then because it's not a conspiracy anymore, people just kind of
ignore it. He just decides to do things, like send National Guard troops to cities. And if he did
secretly, it'd be a scandal. But, like, abuse of power in the open becomes not a conspiracy.
And I think, you know, we need to get away from this idea that something has to be a secret to be
scandalous. That's fair. Because I'm with the conspiracy theories, I've always,
It's just been like, in my experience, nobody can keep secrets.
Like, everything comes out.
Right.
Any conspiracy has more than three people never last.
Yeah.
How is, is everyone going to just say AI created that and get out of stuff?
Oh, yeah.
I mean, that's, I think, one of the real impacts that we're already seen with AI.
People call it the Liar's Dividend.
Yes.
Which is real videos, you know, if the Access Hollywood tape, right?
Like, if that kind of thing happened right now, people just say, oh, that's not me.
That's AI.
That voice wasn't me.
AI, though, I can have AI.
Now I don't need to learn to write in code.
Is that, are you worried about it taking over?
Oh, yeah.
I mean, that is, like, the, by far, like, the most useful use.
And by useful, I mean, like, a positive in some aspects, right?
In a lot of ways, positive.
There are some interesting outcomes.
But, like, the most positive use of AI so far has been for coding.
But there's two sides of it.
Like, for professional software engineers, it means that you basically have a bunch of interns now, right?
So, like, if you watch a professional software engineer now, what they do is instead of writing code themselves,
They sit down with their coffee and they use a tool like cursor, windsurf, clod code,
and they go dispatch three or four interns to go write.
They'll say to one of them, go refactor this, go build this, go build this.
Now, if you're a professional software engineer, you know how the limitations of these things
and you can write the specs so that they stay within their lane.
And then we have what's called vibe coding, which is you have no idea what you're doing
and the AI is doing all the work for you.
Now, that's still really powerful.
And that's like you start from scratch.
You know nothing about coding.
You just ask it, like, let's say you guys wanted to rebuild your website.
And you could say, hey, build me a website for a podcast.
Great.
Now add a login page.
Now add a forum.
Now add the ability to take money to sell T-shirts.
And it will do everything for you.
Dylan, you're fired.
But the problem is, is like, if you don't know what you're doing, then you don't know when it messes up.
And that is creating all kinds of security and privacy issues.
And what's happened is there's been a bunch of.
of examples of people losing money. So like what you really don't want to do there is vibe
code a Bitcoin site, right? Because like, or do anything like you're taking money or taking
private data. People have lost private data. They've had a bunch of security vulnerabilities and
stuff. How early on did you invest in Bitcoin? I actually didn't buy, but I was paid in
Bitcoin very, very early when it was, I did some consulting for some big, some of the big Bitcoin
companies now. I did some of their security consulting. They paid me in Bitcoin. And I kind of
held on for a while. But like overall, I'm not a huge Bitcoin fan because the truth is
the number one use of Bitcoin is just to buy it and hold it. It's just as it's digital gold.
If people are transferring Bitcoin, the number one use is to pay ransoms. Bitcoin has caused
a huge amount of human suffering. How does that make you guys feel the only person here that's
never had a single dollar invested into Bitcoin? Me. Me too. What's that? I've never
invested. Not a single dollar? Not a single dollar. I didn't know that, John, because I know all
I know Eddie and all those guys just constantly were bragging.
I couldn't figure it out.
Yeah.
But it's also like the crazy end of Bitcoin is it's a really hard thing to safely hold by individuals.
And what keeps on happening is you'll have these people who will hold their own Bitcoin
and then advertise it, right?
They'll be like, I'm a Bitcoin millionaire.
And then they're on X or Instagram with like pictures of their Ferrari and stuff.
And then they'll get kidnapped.
I don't want to be kidnapped ever.
No.
No, it sucks.
What a nightmare.
So what I would say right now,
it sucks.
And what I would say right now is like,
you own no Bitcoin because like if...
I own none.
You're not going to...
Don't kidnap me.
And no one's going to pay either.
Are Apple products the safest from hacks?
They're quite good,
especially the mobile devices.
That being said,
Google has really caught up
with the Android devices.
If you're going to run an Android device,
I recommend the Android phones
that are made by Google themselves,
right, the pixel phones.
Definitely Mac OS is a lot better than Windows.
For the most secure, though,
if you're going to have like a laptop,
the most secure options of Chromebook, right?
They're just, like, super basics.
If all you're going to do is, like, use the web all day, which is what most people do all day,
then I would buy somebody at Chromebook.
Should anybody with a security camera in their home be worried about people remote accessing it?
Yeah, that's actually an interesting problem is, like, people will buy these security cameras
and then not secure them, and then folks will access them.
What you want to do is to buy the security cameras from legit companies where they force you
to put a password and you use the cloud service.
so like rain is a pretty good one
and you know Amazon forces you to have two-factor
on that ring is an Amazon product
the Google Nest cameras are good for that
what you don't want to do is like the super cheap
like Taiwanese cameras that you just
or Chinese cameras that you just throw on your network
those often have default passwords
and people can just scan the internet
find those and then look inside your house
is Norton antivirus bullshit
what about life lock
Is VPN? Should we all be running on
of VPN?
The number one thing that people can do for themselves is use a password manager.
Like the number one way people get hacked is they use the same password for everything.
Oh shit.
Like, yeah, that's the way people get hacked is like you have one password for your bank and for
YouTube and not for you.
You would never do this, but for a porn site, right?
And then the porn site gets hacked.
I'm not into porn.
Great.
So this is not for you.
But I can have the same password for all like the dumb stuff, right?
to like the Netflix and all of that.
Yeah, but then if you're willing for all the dumb stuff
to get hacked, right?
But what happens is you use like the same password
for everything and what's especially problematic
is if you use your Gmail, your main email
is a password that use somewhere else.
You know, a website will get hacked
and then that password will get passed around
and get sold and then the bad guys will take that password
they'll break into your Gmail account
and then with that they can reset all your passwords
and they take over your entire life.
and then you're toast.
Am I toast or can I get it fixed pretty quickly?
No, it sucks.
It sucks bad.
The number one thing if people are watching this
that they can do is get a password manager.
And if you're only like on one platform,
like if you're all Apple,
then you can use the built-in Apple manager,
a password manager, that's fine.
Most people have like a bit of Windows,
a bit of Mac, Android, whatever.
Then you have to use something else.
So like one password's fine.
Last pass is fine.
I don't care what happens to people with Android.
Is that bad?
Did I open up?
Will sex robots ever be quality?
I have no, I know nothing about sex robots.
Whoa, I'm just, it's got to be, I mean, with all the, the AI, that has to be incorporated into this world almost immediately.
Yeah.
What I will say is like, I think there's already a really scary and sad movement to people are using AI chat bots as,
replacements for human relationships, and that's actually a really sad direction.
But maybe it talks somebody off a ledge, or maybe it pushes.
No, I mean, yes, in some cases it talks people off ledges, but there are a bunch of really
sad stories of people ending up in kind of, you know, psychotic places where they think
that AI is real.
And this is not something that these systems were designed to foresee.
We have these things called model cards.
You know, whenever a new AI model, so GPT5 comes out, they'll publish a model card.
and that will list all the ways
that the company tested it
and it'll be like, oh, can you use this thing to create
chemical weapons? Can you use it to
design a nuclear weapon and stuff?
What's much harder to foresee is
can somebody fall in love with this thing?
It's just a much harder thing to test.
I feel like, yeah, but I feel like I
could have saw that coming.
Yeah, well, people have seen it coming,
but it's just like a hard thing to prevent or test, right?
Because it's like, how do you
test all of the different ways? Somebody can
have chats with a
model over days or weeks or months, that then you create a parisocial relationship with this
thing. Oh, I can't wait for all these things with my kids as they get older. Oh, it's, it's rough.
I mean, what's your, what was your hard line? Now, your, your youngest is, what, a teenager still? You're
all teenagers, right? Yeah, yeah. So I have 18, 16, 13. Do they all, obviously the 18 year old has a
phone? Do you, the 13 year old have a phone? She does. There's just no way to prevent.
Okay. So when did she get her phone? She got it at 13. That was her line. That was your line.
All right. And I mean, you can handle everything. So you just put tons of restrictions on everything, or is there, or you just trust her?
No. No. You still don't trust her. It's trust but verify, right?
I love it. So I think this is the advice I give to parents. First, like the rule for your kids while they're in the house is you have to have the code to your kids' phones, right?
Okay. That's an easy one.
And you have to do spot checks of at any moment you can tell your kids, give me your phone.
If they ever refuse to give it to you, that's it. It's gone.
Having the threat means that the kids know that they have to do that.
And what you have to explain to the kids is like, this isn't necessarily about your behavior.
This is about there are bad people out there.
And the example, I used to talk at my kid's school and give the child safety talk.
And so what I'd say to this, you know, this group of like, you know, sixth graders is,
has anybody here been like really badly hurt?
And a bunch of hands go up.
I'm like, okay, were your parents angry?
And they think about it.
No.
I'm like, that's right.
If you're really hurt, your parents aren't going to be angry.
They're going to be scared.
And that's what you have to explain to your kids.
It's like, if you make a little mistake, your parents are angry.
If you make a big mistake or you're really hurt, your parents are there to help you.
And that's like the key thing you have to tell your kids.
When I was CSO of Yahoo and especially at Facebook, you also end up with what's called trust and safety responsibility.
And at Facebook, I supervised a child safety team.
and you see the real, incredible, horrible underside of the internet.
And the really bad...
I did a show about that for 13 years.
Yeah.
About the horrible underbelly of the internet.
Yes, I watch it, but like, you don't, you didn't do the real underbelly.
Well, let me just, let me just, let me just say, our room went to the underbelly and then we scale back for the show.
But yes.
Yes.
And so the really horrible outcomes.
Yes.
The worst outcomes for kids happen when kids.
make a mistake
and then feel that they can't tell an adult
and so they double down, triple down
on the mistake, and they go deeper and deeper.
Those are the kids who end up
hurting themselves,
comedians, and the like.
What predators know is that
if they can trick a kid into making a mistake,
they can then create a situation where it's
it's you and me against your parents
and they're very good at that.
And I've seen these transcripts, right?
I've seen what happens.
And the predators know exactly how to play that.
And so you have to vaccinate,
your kids against that, you have to tell them. If somebody tells you that not to tell us something
because we'll be mad, they're lying to you. And so the key thing here is you have to tell your
children, if you make a mistake, you can always come to me and I will help you out of it. I will not
be angry. I will not punish you. I will help you out of the mistake. Unless they go over the line,
like, you know, they murder somebody, then I'm going to fucking be mad. Okay. I, I would,
wouldn't tell them that. I'm not, I'm just, I'm just saying there's, there is a line where you've
done something so fucked up that now it's like, oh, I'm not getting you out of this one.
Don't eat people. Don't eat people, yes. But in the, the online safety context, you got to tell
your, got it, in the online safety context. If you screw up, I will be there to help you. Like,
the basic safety rules are, you know, so, you know, you hold back on giving them phone until
they can handle it. You have their code. You do spot checks. There are really good safety features
available on modern phones,
on iPhones, which is what I have the most knowledge of,
the screen time limits.
A key thing is you can't let your kids have their phones at night.
Now, that's a basic sleep thing.
Teenagers aren't sleeping because their phones all night
and they text each other all night.
Make your kids dock their phone at night,
and that's a great time to do spot checks.
I got other things to do.
I don't want to check their phones.
And it's hard.
What do I have to do?
I got to learn how to go through it
and find all the stuff that they were smart enough to hide.
You have no idea what they're saying to each other,
right, because it's all like emojis and acronyms.
But like the fact that they know it will help pull back.
And then don't let them have social media until they're ready.
And then when they have social media, make sure it's private, like they have Instagram accounts,
it's private accounts and such.
Social media is, come on, it's got to be on its way out, some of it.
We're getting...
I think so.
It's interesting.
This is like a reaction for the kids is they're much more into private communications.
Like the chatting apps, like WhatsApp, I message is much more in.
there's a bunch of these new apps where you do things
like you post photos just to your friends
and not publicly like Instagram
and I think that's a really positive aspect
and that's driven from the kids.
What do you think about my plan
of just straight bribery
into being a good person?
Okay.
Like that's how I think I'm gonna parent.
Like how about this? You get no phone
and you do everything that I say for as long
and then I don't know,
I'll give you a bunch of money
when you're 22.
Right.
Okay, so it's like a really good
marshmallow test.
I mean, that's where I'm going.
I think if you do that, you should write a paper
and get like a PhD in child psychology at the end.
Like, just, it's like the ultimate running your kid
through a maze. That's perfect.
I'm just, I just like, it's the one thing.
Dr. Tosh.
That's the one thing I might be able to pull off.
Everybody gets gifts.
Here's some, this first gift.
They sent this to me.
I haven't even opened it yet.
They said it, people are starting to send stuff to the show.
Let's see what this is.
You go ahead and that's your first gift.
This is exciting.
The name of the company is Ridge.
It's a, is it a wallet that, is that what it is?
Yeah, it's a wallet that protects it from, like, your credit cards from being scanned.
It's a wallet that protects your credit cards from being scanned.
Oh, cool, yeah.
Look at this.
And a cool little keychain.
Oh, look at that.
And a key, why would they give you a keychain that just holds your keys?
Okay, but what if your keys are bigger than those?
Yeah.
and like a super slim wallet cool oh man well that that's going to protect your your stuff yeah
awesome here's another gift this um this is a drone with a camera uh i i is not opened
the guy that got me this is my my wife's cousin he buys stuff it's 14 and up and like i have a
kid that's like six i'm like i'm not letting my kid do this anyway i figure you uh have somebody in
your life that wants to spy on somebody that'll be fun for you that's awesome yes i'll fly that with
my kid i also don't know how to get rid of this it's not really digital waste but it's just a bunch of
my old specials i just don't know what to do with them i can't get myself to throw them away but i just
think you'll like these it's your younger brother is that how dare you my younger brother oh man that was
this is good this is perfect for my carry-on appreciate that well you know we'll get that shit for you
go ahead get that on the floor all of that on the we cannot keep this here this wall this wall
it's nice. You know what? I might keep that. R-F-I-D blocking. Is that a thing that I should have been
worried about? So actually, yeah, so there's some great videos you can find on YouTube, especially
like in, this happens like Columbia and some other Latin American countries where you'll get
distracted by one person and somebody else comes and swipes your card and does a payment
because, you know, for the tussless payments. Yeah. So they can't clone the card, right? But what
they can do is just do a payment and then they claim that you're at a bar or something and that, yeah.
But the, everybody, why has everybody stealing?
Can't we all just be nice?
I'm scammed, man.
Everybody's trying to scam people.
Throw that on the floor.
You're not going to love it.
You're a big Lakers fan.
Is that correct?
I hate the Lakers.
Hey, we share that in common.
I'm a Sacramento Kings firm.
Oh, man, that's got a sting.
I was actually at game six between the Lakers and the Kings when the refs threw the game and gave it to the Lakers.
Oh, so that's the conspiracy theory that you do believe in.
No, it's not a conspiracy theory.
Oh, it's fat.
It's fast.
It came out in, it came out in the investigations, right?
Like, Tim, you know, there was actually like indictments.
Did you guys hang the indictments from your rafters?
Yeah, I don't know.
It's got a sting because it's just so much greatness is so close to you that you could have cheered for your whole life.
Yes.
I got that big blue light, though.
Golden State wasn't that great.
What about the 49ers?
Did you cheer for them?
I did for the 49ers, yeah.
And for the Giants.
Right? So, like, you know, we don't have baseball. We have the River Cats. We don't have Major League Baseball in Sacramento.
So you're off the hook in most sports. So you had a great run of football.
But my two big teams are Sacramento Keynes and the University of California Golden Bears. So that's rough, those two.
And you've always loved the ACC. Is that what you said?
Oh, yeah.
What?
Yes, the California Golden Bears. And, you know, I teach at Stanford. So Stanford and Cal, traditional rivals, now members of the Atlantic Coast Conference.
So I get to go up, you know, when Calry did at Stadium was a year, I sold a company that year, so I was able to donate.
And so I got donor seating.
I have 45 years of tickets in the California Memorial Stadium.
And so I go up to the rim of California Memorial Stadium.
And I look out, and you can look past from the stadium at the Golden Gate Bridge at the edge of the Atlantic Coast Conference at the Atlantic Ocean on the other side of the Golden Gate Bridge.
We haven't talked about, like, if we're talking about L.A. teams, I can talk about USC and how much I hate those guys.
USC is kind of the domino
that started the whole
ACC then yes
yeah no I hate those guys
okay so like
let's talk about USC because
one they blew up the PAC 12
now but is the PAC 10 for most of my time
also I mean do you like USC at all
you're from Florida what's your college team
in Florida I went UCF is the team I care
but I care about Miami I care about the you
I care about everything South Florida
the Miami Heat the dolphins etc that's
that's my teams
for most of sports
Yeah. So, I mean, USC blew up the Pact 10, which now, I mean, I think fortunately they're kind of being punished, right, in the big 10. But my biggest problem with USC is the whole Trojan thing, right? Like, you can name yourself after anything. You're choosing your mascots. You're reaching back into antiquity to choose your mascots. And you choose the greatest losers in history. The Trojans lost the Trojan war, right? And so, like, as a Greek, I just want to point out that the Trojans,
lost the Trojan War so badly
we still talk about it
3,000 years later. Where do
you stand on the condom?
Durex, man. It's the same thing.
Right? Because also
like for the condom brand
does that mean like the sperm
or the Trojan horses? Do they make it past?
Yes it does. Whoa, they don't make it past but they're
in there. They're in there. It's not a good metaphor
for something that's supposed to be an impermeable barrier.
Don't you? Don't you shit on the
Trojan, the condom.
That's a staple.
It's just, it's not a good.
Yeah.
It's not a good look.
I just don't.
When you boil it down to its most basic form, are hackers really just a bunch of introverted
in cells who might have chosen a different path had they just, you know, had a girlfriend
in high school?
No, I mean, a ton of people who do malicious hacking these days are just, they're just
financially motivated.
They're people who want to make money.
It's just money.
I mean, you look at the guys who get caught.
They are buying
Maserati's. They have designer
drug problems. Some of them
are like, they've got Instagram accounts
where they're taking pictures with
girls at clubs, right?
Like, it's, it is not like
it used to be. I mean, it's not like nerdy
guys like me with our...
If you wanted to, just started... You think you
could hack for money
and just make a killing at it?
I'm a little old for that.
Could I build a team to do it?
Absolutely.
That's nice.
You got a new company that you're starting.
I didn't start it.
No, no.
So two of my best students from Stanford started this company.
Do you have to say your best students?
Were they really your best students?
One of them is my boss now.
So he is my best student of all time.
Wow.
Isn't that neat?
Good for him.
No, he really, like the CEO, Jack Cable,
is legitimately like the most skilled offensive talent I've ever met.
I just thank God he's like a good guy.
So he won the Department of Defense's Hacking Competition when he was 18 years old
and then went to Stanford.
Is that televised?
No, no.
It's like an online thing.
I mean, it is fun.
I mean, it's got to be...
This is what's crazy.
So when I was coming up, if you wanted to do this stuff, there's nothing legal you could do.
Now, high school teams have competitive hacking.
It's called Capture the Flag.
They have competitive teams.
You can get like Letterman jackets.
You can letter and hacking.
You can letter and hacking.
Oh.
Colleges have competitive teams.
So a bunch of...
my students are on like a competitive team at Stanford that does quite well. Jack,
you know, our founder was on these teams. So our founders, Jack and Ashwin, they're the two
founders of this company, Corridor, is what I work for. And what is this company, work for the
government? No, we don't work for the government. What we're doing is you talk about AI code
development. We're trying to make AI code development safe, right? So if you have a AI code developer
that makes mistakes, we watch that developer and make it safe, right? So we're the AI security
engineer. So you can use your AI to write code and we'll be right behind fixing those problems
for you in real time. For a fee. Yeah, so that's how capital. You're not just checking on all
people that are using AI, using AI to make code. Yeah, I mean, this is for companies, right? So
enterprises, it's less for the vibe coders that we talked about for people who, it's for companies
where like. Legitimate companies. Got it. Okay. So you're a bank or whatever and you're,
you know, you have your engineers and now they're, you know, you have to live up to some kind of
standard. You're a European bank. You have to follow a bunch of rules.
You can't just, like, use AI code, you know, and all of a sudden you're violating all your privacy laws, right?
But anyway, these guys are incredibly smart, and they were on a hacking team at Stanford.
But it's totally different now, right?
Like, if you have these skills and you're 16 years old, you can join a team at high school.
You can join a team in college.
It's so much better than it used to be.
And you prefer the hackers in the ACC?
So, yeah, it's unfortunately, we don't do it on those leagues, but yeah.
I'd prefer, yes, it would be nice
as the Pac-10 Hacking League was still together, but yeah, damn USC.
Alex, thank you for everything you do.
Thank you, Daniel.
Appreciate it.
I want to thank Alex for being on the show
and forcing me to change my password.
One-one-one-one, one-one, Dan,
no longer going to get me into anything.
All right, let's do some plugs.
Eddie's tour, my tour.
Going to be performing in Vegas, NorCal, up in San Francisco, Monterey, Santa Cruz.
I think I'm heading over to Salt Lake City.
Hmm.
TBD.
Salt Lake City.
TBD.
You can buy my house in Tahoe.
I mean, it's more of an estate, a legacy property, a compound, three structures, over one, six acres.
It doesn't matter.
You know, if you're a fan, buy it.
trying to find love for Amanda still
we're starting to get more promising calls
feel free at any point to call in
and I'm not talking about Eddie's
random fans that are just calling the voicemail
just to talk but if you're interested
in potentially becoming a family member of mine
then leave your deets and how to get in touch with you
you gotta do a little background check
you gotta see some photos
I need a few lookers.
Yeah, you're nice.
All right.
Who do you got today, Ed?
I got a couple.
Here you go.
All right.
Hi, I'm a software engineer.
I'm 5.10 and a half.
I hate horses.
I wouldn't care if they went extinct.
Okay.
First of all, 5, 10 and a half.
He's really stretching himself.
That's where he starts.
Yeah.
And then he says he hates horses and wouldn't care if they went extinct.
I mean, that's not going to be a good match for her.
I don't think it seems like the worst match.
Yeah, I mean, she loves horses, and you're going to say you hate horses.
I think that guy's funny.
Maybe that is the opposite that attract that.
Maybe that works.
She loves horses.
You want them to go extinct.
Not just doesn't like them once I'm off the planet.
Would that affect our whole system?
I never understand how that works, but they're like, oh, if you get rid of, you know,
if you got rid of daisies, you know, every kid would get
cancer.
Yeah.
So. It's going to have some type of an effect.
Are you sure? I don't know if we need horses.
A lot more oats in the world.
How are we going to get our mail?
Exactly.
No, I'm, listen, I'm all for getting rid of horses if it helps a man to find love.
Yeah. I mean, that is true.
All right. Anybody else?
Yeah. Here's this. I guess this is a call.
Uh-oh, that's not a good start.
Oh, fucking idiot.
Okay.
You can't put a phone number up.
That's what I've learned.
That's what people should do.
They should call and just...
Was he singing?
I think he said Amanda at the end.
Play that last part of the very end again.
Yeah, I think he says Amanda right there.
Could be.
I like it.
I like it.
I don't know what he said about himself, but I think he's a great fit.
This sounds like love.
That guy sounds in his mid-30s.
yeah you told you
well good all right the calls are getting better
keep them coming guys
play that call again
that's good
all right we'll see you next week
Man-a-mout, ma'am.