
What if an attacker does not need a zero-day because they are already close enough to know your passcode?
Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation and co-founder of the Coalition Against Stalkerware, joins Joe and Adam to explain why some of the most damaging cyber threats are not exotic. Stalkerware, shared device access, coercion, and weak privacy defaults can turn an ordinary phone into a tool for surveillance and control.
The conversation also gets practical: what privacy really means, why encrypted apps can still fail people when the endpoint is compromised, how to think about password managers and passphrases, where VPNs help and where they do not, and why backups and key control matter more than most people think.
Resources mentioned:
- EFF Surveillance Self-Defense: https://ssd.eff.org/
- Coalition Against Stalkerware: https://stopstalkerware.org/
Topics Discussed
- What stalkerware is and why hiding from the user is the point
- Why intimate-partner abuse changes the cybersecurity threat model
- How ordinary phone access can expose passwords, photos, messages, calls, and location
- Why privacy is consent and control, not disappearing from the world
- Why end-to-end encryption is not magic if the endpoint is compromised
- Password managers, strong passphrases, patching, VPN myths, and backups
- How surveillance infrastructure can be turned against the people who built it
- What AI, schools, and chatbot harm reveal about rushing technology into vulnerable environments
