The Vancord Blog

Episode Twenty-one: How Does Santa REALLY Know What to Bring You?

You’ll have to excuse the guys on this episode. They’re announcing that Santa Claus is now a client of Vancord. And since “the big man” is buying all those electronic devices, he is naturally concerned about your online identity. Spend the next few minutes listening to what Santa wants to bring you for the holidays—and you should want him to bring you those things. Happy Holidays!

Listen on Spotify Listen on Buzzsprout Listen on Apple Podcasts

Episode Transcript

[00:00:01.210] - Announcer

This is CyberSound, your simplified- and fundamentals-focused source for all things cybersecurity with your hosts, Jason Pufahl and Steven Maresca.

 

[00:00:11.510] - Jason

Welcome to CyberSound. I'm Jason Pufahl and as always, joined by Steve Maresca, Matt Fusaro. Hey, guys.

 

[00:00:17.420] - Steve

Happy holidays.

Expand Transcript  

[00:00:18.590] - Matt

Hi there.

 

[00:00:19.390] - Jason

So, we have big news today because we can finally announce that we have Santa Claus as a client. I mean, who can say that? The big man. And he's concerned about data privacy and data protection, as you would think, because he's got this huge list that he's collected, right? And he wants to make sure it's available because he has to check it twice every year.

 

[00:00:42.750] - Matt

And he's got to keep it under wraps, I imagine.

 

[00:00:44.390] - Jason

And let's face it, right. There's huge amounts of PII. He knows where everybody lives. He's got data on your behavior, all kinds of stuff. So, he's really concerned about it.

 

[00:00:54.790] - Steve

Private correspondence, too, right. I mean, there are lots of letters that are very revealing, I think.

 

[00:00:59.280] - Jason

Right. So our job…



[00:01:01.210] - Steve

The North Pole is turned into the data lake.

 

[00:01:04.250] - Jason

…Indeed, right? So, is it unfrozen now?

 

[00:01:06.210] - Steve

It might be.

 

[00:01:06.970] - Jason

I think it is. So, Santa though, he's jumped into the 21st century, we all know that. He clearly knows when you're sleeping and when you're awake. I mean, it's something he's been sharing about for a long time. He's put a lot of effort into collecting that data. I'm curious to know how we actually get to that. Do you guys have any insight in that at all?

 

[00:01:30.510] - Matt

Well, the elves have a health and wellness division now. They make the sleep number beds, so they know exactly when you're sleeping, whether you're uncomfortable, whether you're hot, whether you're cold. It makes sense. They know when you're sleeping.

 

[00:01:43.930] - Jason

So, are they tracking that somewhere, though, or where's that data go?

 

[00:01:48.990] - Matt

Well, that's a good question, isn't it? We'd like to think we know where that stuff goes and that stays on your phone, or at least within that company. But we know that's probably not 100 percent true. And I'm not a lawyer, so I haven't read all the terms and conditions that all the elves have been writing.

 

[00:02:07.560] - Steve

I have to assume the North Pole is really good for cooling data centers, so probably Facebook is collocated with them most likely.





[00:02:14.710] - Jason

That could be. So, the Sleep Number is one. And we clearly know they manufacture that. Wearables, I think are another issue, right? So even if you're not tracked by one of their beds, you probably got your Fitbit on. You might have your Google watch, whatever it is.

 

[00:02:31.860] - Steve

Right. Fitbit had a breach a couple of months back, a year ago? I don't recall what it was. And some of the elves aren't exactly scrupulous. They get their data where they can, so I'm sure they take it from breaches if they have it.

 

[00:02:42.840] - Jason

Are there bad elves?

 

[00:02:44.730] - Matt

Who knows? They're data experts.

 

[00:02:47.790] - Jason

Can't trust the elves at all, it sounds like to me. But they must have a sharing agreement with Santa? I mean, that's obviously got to be built in, right? Part of the privacy policy that you didn't actually read but agreed to.

 

[00:03:00.330] - Steve

The onus of good behavior is on the gift recipients, not necessarily the gift manufacturers.

 

[00:03:05.580] - Jason

That's totally reasonable.

 

[00:03:06.700] - Matt

So, do we get more presents if we've had more steps? Is that what happens now?

 

[00:03:12.490] - Jason

It could be.



[00:03:14.010] - Steve

I got to work on that.

 

[00:03:15.290] - Jason

You do. So, Santa also knows if you've been bad or good, right? I mean, that's one of the things that everybody's always concerned about, right? Throughout the entire year, he's monitoring your behavior, trying to validate. Does he give you something? Does he not? Do you get coal? Although, I mean, coal is probably out of fashion nowadays. How does he know that? Because he can't be monitoring you all the time, can he?

 

[00:03:40.890] - Matt

Well, I suppose it depends. Alexa's on all the time, listening to you. If you're having an argument with your sister or your brother…clearly, if you tell your mom a lie later on, Alexa knew.

 

[00:03:52.180] - Jason

Alexa does know. So, all that data again sent up to Santa?

 

[00:03:56.990] - Matt

Yeah, I mean, it's the all-year-round Elf on the Shelf.

 

[00:04:02.610] - Jason

So, the reality is now everybody wants to be a partner with Santa, right, because there's a lot to be had from a logo standpoint if you can put Santa Claus or North Pole on your right, so… 

 

[00:04:10.680] - Steve

Absolutely. Reuters just had an article the other day about a Virginia lawmaker who requested all their data. They're absolutely listening to this conversation.

 

[00:04:21.970] - Jason

So, how much do we worry about web search history, for example? The reality is he's trying to figure out if you're good or bad. I'm not sure everybody always searches for the best things?





[00:04:34.850] - Matt

Well, Google is free as a product. We all use it, but it's only free because you're the product. They're a marketing company. They're an advertising company. They're not a search company.

 

[00:04:46.370] - Steve

Yeah. That's important to remember. Right. Even if you are paying a fee for some of these services, they're still going to monetize the data that they're getting out of you because that's part of their streams of data…of revenue that they want to keep.

 

[00:05:01.380] - Matt

It's about shareholder value.

 

[00:05:02.550] - Jason

Yeah, right.

 

[00:05:03.170] - Steve

For sure.

 

[00:05:06.120] - Jason

So, he's probably monitoring where you're going, virtually. I know, for me at least, I use Google Maps. I think a lot of people use Apple Maps. I imagine he probably gets a sense of where you're going physically, right? So, if you're going somewhere you shouldn't, memorize those directions and leave your phone at home. it sounds like to me.

 

[00:05:25.210] - Steve

Yeah, if we're looking for recommendations and you don't want Santa to know where you've been: turn the GPS off if you don't need it; Wi-Fi off, if you don't need it, right?

 

[00:05:35.040] - Steve

We're getting into a Santa avoidance discussion here. I don't know if that's quite right.






[00:05:39.740] - Jason

I think that comes at the tail-end of this because I'm getting more and more nervous if Santa seems to know an awful lot about me through all these relationships he has with some of these tech companies. It's clear there's a lot of data out there.

 

[00:05:49.880] - Matt

Well, I mean, what Santa doesn't know doesn't hurt him, right?

 

[00:05:54.430] - Jason

Well, so you can't shout, and you can't pout. Santa hates that. I think we've learned about that for a long time. I know I'm always careful to be smiling on any picture I get, so if it's posted to Facebook or to Instagram, the only thing you see are a sort of positive sentiment from me on social media. Any other things you need to think about with regards to that? Like, you don't want him to know you're pouting or that you're unhappy in any way, right?

 

[00:06:26.480] - Matt

Yeah. Even what you're typing, right? Maybe just not the pictures, but what you're typing -

 

[00:06:33.410] - Steve

Autocomplete is a thing.

 

[00:06:35.750] - Matt

Corrections and your text messages and so forth. I mean, it makes sense, really. Sentiment analysis is a real thing. It's useful. It gets you what you're interested in seeing, most likely. Algorithms that benefit you from a consumer standpoint end up helping Santa too.

 

[00:06:51.840] - Jason

So his job has gotten a lot easier, with our willingness to opt into a lot of these services, which provide a lot of day-to-day value, but I think gives Santa an incredible amount of data to put into his data lake. 

 

[00:07:05.650] - Steve

It's much more efficient now. 




[00:07:06.970] - Matt

Much more efficient.

 

[00:07:10.010] - Jason

So, let's think about this a little bit from a positive side, though. It is great that he has real clarity on what he should bring each and every person. The days of questioning what the gift should be are largely gone because you're typing in all the time what you might be interested in. And you're getting served ads, and Santa knows about all that.

 

[00:07:32.050] - Matt

And parents also benefit from that relationship, too. Because what their kids are looking up on the computer probably show up in the Facebook feed or Instagram feed for Mom or Dad, so it goes both ways.

 

[00:07:44.030] - Jason

It does. It's interesting, do kids even need to write a letter to Santa anymore, or does he just know all the information already?

 

[00:07:49.440] - Matt

Well, it is a courtesy and a formality. And I think that it's part of the way you get on the nice list and stay off the naughty list. Yeah, there's a waiting factor used somewhere by Santa.

 

[00:08:02.170] - Jason

That's fair. That's reasonable. You touched a little bit earlier already on, listen, let's say you do want to misbehave a little bit over there. We all do. And you don't want a lump of coal necessarily. I certainly don't want a lump of coal. How do you avoid a little bit? I agree 100 percent, right, turn off, maybe you'll find my iPhone. Don't use the GPS all the time. Don't make yourself quite as trackable. I think if you can limit some of the data that Santa gets, it's probably in your best interest.

 

[00:08:35.010] - Matt

Well, it's like anything else. If you have home security cameras, don't connect them to the Internet. The elves can see you, so can the bad guys. You know what I mean? It's just about being cautious about the data that you produce and what you reveal to others.




[00:08:47.700] - Steve

Yeah, a lot of it is whether you actually need to be sacrificing the convenience factor, right? Most of the time, these things need to be connected, because you want to be able to check your camera from wherever you might be if you're not home. Do you need to do that? Right. So, kind of keeping that in mind.

 

[00:09:06.610] - Steve

I really like to start my coffee pot while I'm still in bed.

 

[00:09:10.950] - Matt

You mean your cocoa maker, right?

 

[00:09:12.420] - Steve

Of course.

 

[00:09:14.320] - Jason

Santa knows the second you push that button, though, that you're awake, right? I personally don't really wear any kind of wearable to bed. I don't think it's that valuable to know whether I slept for four hours or six hours. I know I'm nowhere ever near eight hours, but I don't know that Santa really needs to know exactly when I'm going to bed. Let him infer. Let him just assume that I'm doing the right thing. And then one other useful tip, I think, is hit the mute button on your Alexa or hit the mute button on your Google Home Assistant, whatever that is.

 

[00:09:46.390] - Jason

Again, he doesn't need to hear you shouting with your siblings, or maybe arguing with your wife. I personally don't ever do that, but maybe somebody else does.

 

[00:09:55.770] - Matt

And we're going to talk in a second about turning the tables on Santa and figure out where he is. But if you really want to make sure that the perception of you is positive, you might use those devices to cultivate a positive perception of your activity.






[00:10:10.300] - Jason

Turn them on when you're happy and everything's going...when you're making your gingerbread cookies to layout for Christmas Eve, turn on your Alexa. That's good information. So how do we turn the tables on him? Because I agree, right, I feel like he's got a leg up on us right now. He's got real clarity on how we're behaving, how we're sleeping—probably more data on how we're sleeping than I want.

 

[00:10:32.720] - Steve

Well, the trouble is that contrary to some propaganda we've seen in some films, Santa has never actually developed stealth technology. So, we know where he is traveling at any point in time.

 

[00:10:44.670] - Jason

That's fair. But what does that give us? Because, literally now, you behaved for 364 days a year and all of a sudden, it's the 11th hour, you have a perspective on where he is in the world. Is there a Hail Mary you can throw right at the end of Christmas Eve and actually behave properly? I guess that's what we're counting on, right?

 

[00:11:04.000] - Steve

Well, you use NORAD Santa at least know when he's arriving to deliver the cookie by hand?

 

[00:11:10.190] - Jason

And you better be in bed at that time. That only makes sense. So, I think we've learned a lot about how Santa uses data in the 21st century. Keep an eye under your tree. That'll be your gauge for whether you've been naughty or nice this year. I'd just like to say Happy Holidays and Happy New Year to all our listeners. And thank you to Steve and Matt for joining me on this podcast adventure over the last year. If anybody wants to know more about Santa and the way he tracks you, feel free to reach out to us at Vancord on LinkedIn or VancordSecurity on Twitter. And with that, happy holidays everybody, and thanks for listening.

 

[00:11:45.750] - Announcer

Stay vigilant. Stay resilient. This has been CyberSound.