Android 17 for GrapheneOS is here! (sort of...)
Android-seventeen has arrived, sort of.
Section-seven-oh-two has expired, sort of.
And privacy is at a greater risk than
ever in Canada.
All of this and more is coming up
on This Week in Privacy,
episode fifty-eight, so stay tuned.
Welcome back to This Week in Privacy,
our weekly series where we discuss the
latest updates with what we're working on
within the PrivacyGuides community and
this week's top stories in data privacy
and cybersecurity.
I am Nate,
and this week with me is Jonah.
How are you doing this week, Jonah?
I'm doing great, Nate.
It's been a busy week,
but I'm glad to be on the show
again and doing this with you.
Yeah, it's good to be back.
Thank you guys for holding down the fort
last week.
Alrighty.
Well,
let's go ahead and jump into our stories
right away.
Our first story is pretty exciting here,
and it is the Android.
Seventeen is finally coming out.
So it's it.
Well,
we'll talk about the graphene stuff in a
minute.
But first,
let's talk about what's new in Android.
Seventeen.
So I think it officially came out.
Like Wednesday,
maybe Tuesday could have been yesterday.
I'm really bad with time ever since COVID.
I think a lot of people can relate
to that.
So a lot of the news that I
saw personally regarding Android,
really didn't talk about any of the
privacy stuff.
But thankfully, we have Fria,
our staff writer who was on top of
this and went through the announcement and
made a list here of
the updates that they found and they did
say this may not be everything because
again there's like the news usually the
news does focus at least somewhat on the
privacy and security stuff um but again it
was kind of scarce this time but freya
went through and found as much as they
could and uh there's some exciting stuff
so first up i don't know if this
is in any particular order um but first
up the uh the contact picker which is
um very similar to
I would argue, if my timeline is correct,
I think Graphene had this first,
and then iOS adopted it in iOS,
but it's basically,
I believe Graphene calls it the contact
scopes.
It allows you to tell an app that
it can only have permission for certain
certain contacts this is actually really
useful for i'll give you a real example
of this one um since we do have
uh we being privacy guides and also over
the new oil we do have an online
presence on platforms we don't necessarily
like like tick tock for example and every
time i check tick tock it bugs me
to give it access to my contacts and
so finally i i
Can go in and tell it,
or like on an iPhone,
I can tell it like, sure,
have access and then just not give it
access to anything.
And it'll shut up and leave me alone,
which is amazing.
Um,
but it allows for that awesome
compartmentalization.
Uh, there's a local network permission,
which was previously opt in for
developers,
but now it is required in order to
access devices on the local network.
Um,
loopback traffic is now blocked between
profiles.
According to Android authority,
there is an advanced protection mode,
similar to iOS lockdown mode.
And, um.
That's actually been out for a while,
I think,
but now it's getting some new features,
including blocking accessibility services
for apps that aren't accessibility apps,
which is great because I've read in the
past that that is a common vector for
malicious apps to abuse things is when
they...
When an app uses accessibility features,
it kind of gets extra additional
permissions that it wouldn't normally
have.
So that is really good.
Um,
you can disable device device device to
device unlocking.
So I'm assuming they mean kind of like,
um, like Android auto.
I've noticed my wife when she plugs in
her phone in the car,
even if she doesn't unlock it,
it just automatically starts playing music
and stuff, which is handy,
but it's probably not great for security,
uh, disables web GPU and Chrome, uh,
spam detection for chat notifications,
which I'm going to assume is AI powered.
and support for Android enterprise for
managed devices.
It says if apps are granted the SMS
permission,
they will not have access to one-time
codes,
which protects you from a malicious app
stealing your two FA login details.
Android also has encrypted client hello by
default, which is, um,
kind of a Jonah can correct me if
I'm wrong here.
I think it's kind of similar to encrypted
DNS.
It's not quite the same,
but basically when there's that initial
handshake,
it just kind of adds a little bit
of extra protection.
Passwords are fully hidden by default when
typing using a physical input device,
such as a keyboard, uh,
theft protection will be enabled by
default on Android,
which is pretty awesome.
They've reduced the number of allowed
failed pin attempts and increase the time
between attempts.
And you can now grant apps temporary
precise location access,
which gets revoked when they're closed,
and is now adding a hybrid post-quantum
cryptography for app signing to protect
against future threat of quantum
computers.
And let's see,
I think last but not least here,
there's a background audio framework to
ensure apps playing audio in the
background don't make changes to audio
that aren't intended by the user.
So yeah,
pretty hefty list of changes here.
And just to kind of address the graphene
stuff that we talked about in the headline
here.
So
um according to my rss feed this just
came out today actually um graphene is
notoriously fast at adapting android and
getting it ready for graphene they already
have an initial release ready of android
unfortunately they say there is an
upstream android bug and updating via side
loading uh
Updating to this release via ADB
sideloading to recovery from a previous
release is unavailable.
I did not know people did that.
I've always been an over-the-air kind of
guy,
which they say that over-the-air works.
But I guess that this is,
and they say they're going to address this
in a future release.
But from what I understand,
Jonah was saying he checked this morning
and did not see this in the alpha
channel on his test device.
So it looks like maybe they're kind of
holding off to work out some of the
final bugs.
But technically, it is here.
It does exist.
It's got boatloads of fixes,
as you can see here.
The main thing being an update to Android.
But yeah, so that is on its way.
I don't know that I have too much
more to add to that.
I'm very excited about this update.
There's just something exciting about new
major releases like this, in my opinion,
but it looks like it's bringing a lot
of really cool features.
Were there any in particular that stood
out to you or you wanted to discuss?
Yeah,
there's kind of a lot to be unpacked
here.
We can go over the Graphene OS stuff
first.
I think they said in their announcement
that over-the-air updates will work,
but they haven't released them yet.
And in my experience,
I have Graphene OS on one of these
phones I have on my desk.
Yeah.
And it's set to the alpha channel,
but if I check for updates on XVI,
it still says device is up to date.
So they haven't released that yet.
You can't sideload this over an existing
install either, as you mentioned.
So got to wait a bit longer for
Android XVII on Graphene OS.
They say it was supposed to be out...
like yesterday or two days ago i believe
they say that it's delayed because of an
upstream android ii book i don't think
that they've shared what it is or what
the problem is so
Don't know too much beyond that,
but I guess we'll be waiting a little
bit longer for Graphene OS.
But if you want a fresh install for
some reason,
I assume you can do that with the
images that they've posted there.
Other stuff that's cool,
you mentioned encrypted client hello.
For people who don't know what that is,
that's basically the connection when
you're making an HTTPS connection to a web
server.
That kind of handshake process where you
get the certificate in the first place
from that server includes the domain name
in plain text.
So men in the middle, like your ISP,
for example,
can see what domain you're connecting to
still, which is kind of a...
That's one way that they can see what
domains you're connecting to,
even if they can't monitor your DNS
traffic because you're using encrypted
DNS.
So it's a cool feature.
It requires...
support on the web server site as well
so not every site is gonna work with
this um unfortunately it mainly affects
sites that are behind super large cdns
like cloudflare for example cloudflare is
going to support this and basically any
cloudflare site that you connect to will
appear to come from a single cloudflare
domain if we wanted to set up encrypted
client hello
For privacy guides, for example,
we could make all privacy guides requests,
like the one on our website or connections
to our form all show up with the
same domain name,
but it would be limited to a domain
name that we own.
So it's a pretty small bucket,
and people would still be able to see
you're connecting to privacy guides.
Not to mention that your IP address is
still going to be
the IP address that you're connecting to
of the web server will still be visible.
It's good protection.
It's good that it's coming,
and it does patch that whole encrypted
DNS.
It doesn't fully patch,
but it's not a perfect solution.
If you want to hide all of this
traffic from your ISP,
it's still recommended to use a VPN,
basically.
That's my point.
Other stuff.
The biggest thing I'm excited about,
but this is just because I'm a
cryptography nerd.
I like the whole...
post-quantum cryptography that they're
adding.
I have felt recently,
especially in like the last year or so,
that post-quantum cryptography is becoming
much more important and we need to switch
over as much stuff as soon as possible,
because even though we're probably
years out from it being practical i think
that that period is shorter than a lot
of people think it's probably not going to
be like decades away it might be might
be under a decade at this point and
some recommendations say that we need to
switch entirely over by some recent
advancements that we talked about in the
quantum encryption space i think a couple
um weeks ago here on the show but
also we talked about it in some news
articles on our website
they seem to indicate that the quantum
computing field is progressing at a at a
pretty fast rate at this point so always
cool to see more things adopt that they
are going to use it for the android's
bootloader i believe they're already doing
it for the verified boot chain they say
that they're going to bring post quantum
cryptography to app signing so you can
sign your apps with that
Since we just released an app,
a privacy guides,
the verified apps app with our data set
that we're building.
I looked into that,
but there are no tools and nothing in
the Android seventeen public source code
that I could find that mention post
quantum cryptography at all.
So it's not something we can do yet,
but hopefully hopefully soon they open
that up to developers.
Beyond that,
I think you kind of covered all the
other stuff.
I don't know if I have too much
to say about any of the other protections,
except I think that they're pretty cool.
A lot of these were a long time
coming,
like the contact picker stuff that you
mentioned, Nate.
So I'm glad that Android,
stock Android is finally catching up in
some respects to Graphene OS and iOS.
That's always a good thing to see.
Um, yeah,
I think that's kind of it though,
unless anyone in the chat has anything
else they want to know about Android.
Yeah, it's definitely, um,
on the contact picker thing.
I love the, um, I love the competition.
This is one of those areas where like
competition is actually really good and
helps everyone because now like, um,
It's kind of sad.
It takes like a small team,
like graphene doing it to motivate these
big companies, but you know,
graphene will add something.
And then somebody at iPhone or Apple,
I guess it's like, oh, that's pretty cool.
We should add that now.
Google's like crap.
Now we have to add that.
And you know,
that's how we ended up with like the,
the, and I know they're not perfect,
but that's how we ended up like with
like the price
labels and the app stores and how we
ended up with
uh crap what was it um like the
privacy dashboards and like screen time
and and just all these neat little
features that uh are making you know just
making everyone more private because you
know it's it's um i know he didn't
come up with it but carrie parker on
always says on firewalls don't stop
dragons like privacy is a team sport you
know it's a rising tide lifts all ships
when everybody gets more private that's a
net win regardless like yeah obviously we
want people to switch to something like
graphene and be better but that still
doesn't mean that people don't deserve
a better level of privacy when they're on
iPhone or stock Android or whatever.
So really, really cool stuff.
Looking through some of the comments here,
Harry Potter says the only thing I care
about is dark mode feature.
I feel you.
I have my phone set to based on
whatever the system and I think I have
the system set to
I think I do have set times, actually,
that roughly correspond to when I'm
winding down for bed and when I wake
up.
But yeah,
it's really frustrating when it's
nighttime and I open something and it's
not dark mode.
Or even vice versa.
If it's daytime and I open something and
it's in dark mode, I'm like,
why is it doing this?
That's really weird.
Chubby Wubby here says,
y'all saw that pixels have gone up in
price after the UK announcement.
I didn't see that.
Did you?
I did not see that either.
I just found out about it from this
comment.
I'd have to look into that.
But that is funny.
And hopefully that's because people are
switching to graphene OS,
because I think more more people are
finding out about that sort of thing,
as these huge restrictions are implemented
in all these countries.
So that'd be positive, at least.
Yeah.
Harry Potter said that here,
at least people are getting to know about
graphene.
The more normal it becomes,
the better it is for everyone.
I agree.
Cause I remember, um,
I think this was before I joined privacy
guides,
but I remember we covered a story about
how in Spain,
just having a pixel phone is maybe not
enough to get you arrested,
but at least like the cops will stop
and talk to you because they know about
graphene and like only criminals use it
over there, which is completely insane.
It's like, dude, come on.
So yeah.
Um,
And yeah, I just,
I want to address real quick.
I know we, we keep saying sideloading,
it's a force of habit and we really
shouldn't.
Cause yeah, it is, it is,
it's one of those very subtle language
things.
Um,
shout out to for anyone who's read that,
but it's kind of like a,
like changing the language to make it
sound like it's something super techie or,
you know, not authorized, like, oh,
you're kind of like tinkering with your
device, but it's like, yeah,
you don't sideload something onto windows.
You just install it.
So.
Although I will say in our defense in
this case,
I believe the command is ADB sideload to
install a system image on top of your
current Android install.
So yeah, that is part of it.
Yeah.
Real quick,
Sid the Shuckle said Android desktop
update.
We didn't see anything.
There was nothing in here, unfortunately.
yeah yeah i don't use android desktop too
much i hear it's like limited in
resolution and frame rate so it'd be kind
of annoying to use on like a four
k monitor i don't know if that's true
though um because i have not used it
but that's just something i heard recently
that's that's interesting that would make
it a little a little annoying to use
i think
I have a Pixel-A,
so I don't think mine is compatible with
desktop mode.
Yeah, I don't know when that was added.
I want to say it was added for
the eights and higher.
So I think the six a is running
out of support next year,
which means we'll probably be buying new
phones next year.
And, um, we'll probably,
I'll probably tinker with it at that
point.
But I also,
since I do a lot of video editing,
it kind of has like limited, um,
use for me.
I'm sure even if I bought like the
pixel pro or whatever their highest model
is,
I don't know if that would be up
to the task.
So, um,
last thing i'll say before we move on
is uh anonymous said cover the shiny
hunters breach uh we do put out a
weekly data breach roundup um so i didn't
cover all of the services but i definitely
did talk about that i think this week
and possibly last week um when it first
started coming out the
Was it Salesforce they breached?
It was something Oracle that they breached
that has given them access to a whole
bunch of other services.
And the lovely thing about data breaches
like that is they stay in the news
for months because every few weeks there's
another company coming forward like, yeah,
we got hit by that too.
So yeah,
go ahead and subscribe to that or check
privacyguides.org slash news.
I'll be keeping you updated every time a
new company comes along.
But I think that's all we've got for
this story,
unless there was anything else you wanted
to add.
No, I think, yeah,
we can move on to our next one
here.
This one comes from...
Global news in Canada.
The headline is liberals dismiss tinfoil
hat privacy fears as lawful access bill
passes.
Liberals, the party,
are dismissing the privacy concerns
surrounding the government's lawful access
bill as tinfoil hat and paranoid
conspiracy theories,
even after amending the controversial
legislation to address some of those
issues.
The House of Commons passed Bill C-
twenty-two on Thursday before breaking for
the summer
a day after approving a motion to
fast-track the bill and end debate at the
Public Safety Committee,
which was then forced to approve it just
before midnight without debating dozens of
outstanding amendments.
The amended bill will now head to the
Senate.
The legislation would give law enforcement
the ability to get access to digital
information more quickly and easily for
investigations under a judicial order.
warrant yet provisions in the bill that
would allow the public safety minister to
secretly order electronic service
providers to retain user metadata and
create access capabilities for their
systems have sparked alarm from privacy
advocates academics tech companies and the
opposition parties uh so this whole story
i we we talked a bit about the
c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c-c
this is kind of a common response i
think we've seen from politicians lately
where when they get a lot of backlash
they will make changes and obviously they
think that the the backlash is warranted
enough to to make those changes to try
and get this through um which is
unfortunate hopefully it doesn't pass at
all but it shows that they recognize there
are some problems but at the same time
they really want you
They really want to get this impression
out that the people who are asking for
these changes are crazy and paranoid and
really just want to create this,
I don't know,
public messaging out there that they are
being forced to do these totally
ridiculous things that they don't agree
with when they're making these amendments
rather than
being kind of,
they have to make these amendments because
otherwise it wouldn't pass because it's
completely unacceptable,
the stuff that they're trying to pass.
yeah i think i don't know if i
have much to add i don't know if
you saw anything further on in this
article that you wanted to talk about nate
but i think it's it still remains very
important like we talked about last week
that if you're in canada you got to
speak out against bill c-二 make sure it
doesn't pass because it's a very um broad
overreaching policy that is going to have
really bad implications for everyone
in canada and we're seeing um around the
world right now especially in the uk but
also in other countries how these
anti-privacy laws and regulations really
negatively in fact affect real people so
yeah hopefully uh hopefully it doesn't
pass
Yeah,
I don't have too much to add myself.
I just wanted to share that because it
is really big.
In the past, Signal, DuckDuckGo,
and I think I said NordVPN and a
whole bunch of other companies basically
said they're going to stop serving the
Canadian market, which is awful, right?
Because you end up in a situation where
either A,
these people lose access to these tools,
or B, they have to like...
jump through hoops to circumvent or,
you know,
it herds people onto these weaker tools
like I still can't believe we were just
talking about that this week.
What is it, salt typhoon or volt typhoon?
Like to this day,
I still can't believe that that happened,
which for anyone who doesn't know,
that was an incident where we discovered
we being the U.S.,
we discovered that China was in our
infrastructure, like our telecom network,
our phone network.
They had been there for at least two
years, I think.
And we weren't even really sure when we
were going to be able to get them
out.
We weren't even sure that we were going
to be able to get them out.
As far as I know,
we said we've got them out,
but who knows?
And they got in through a law enforcement
back door.
And so, like,
we always say there's no such thing as
a back door that only the good guys
can use.
And we have literal proof of it.
It actually happened.
It's not a hypothetical.
It happened.
And these politicians still get up there
and they're like, well,
only the good guys will use this.
This one will be different somehow.
You know, step one, different backdoor.
Step two, question mark.
Step three, profit.
So it's just and it's it's so many
things, right?
Like, to be fair, I think I mean,
there's definitely politicians out there
who are just corrupt and dirty and they
don't give a crap and they just want
the power and the money.
I think there's also a lot of them
that are just technically inept and don't
know this stuff.
I mean, like.
I know I'm rambling a little bit here,
but I will never forget the U.S.
Congress made me feel bad for Mark
Zuckerberg, which is impressive to say,
because when when they grilled him after
Cambridge Analytica,
I remember you can find this online.
It's insane.
One of the politicians was asking him,
he's like,
so and he used the movie Black Panther
because I think that was in theaters at
the time.
And he was just, you know,
it's the big thing everybody was talking
about.
So he's like, Mark,
if I if I message my friends about
the Black Panther movie on WhatsApp,
can Facebook see that?
And Zuckerberg is like, no,
it's end-to-end encrypted,
which means that Facebook does not have
access to your messages.
And to me, that's how he said it.
It was very plain English.
Like, yes, he said end-to-end encrypted,
but he explained what that means.
And then the senator goes, right.
But if I message my friend and basically
ask the same question again,
and you can see the look on Zuckerberg's
face where he's like,
is it me did i did i not
explain that right and i'm like wow i
actually feel sorry for this guy because
they just they don't get it they don't
understand this technology and it's almost
like they're trying to go out of their
way not to understand it sometimes but
yeah this anyways it's um yeah that's just
like what uh what anonymous just said in
the chat too the one time you want
the big tech lobbyist to win it's like
yeah we're rooting for zuckerberg in that
case we're rooting for the big tech
lobbyist that kind of shows how
How much these government legislators just
do not understand any of these problems at
all.
Yeah,
I've definitely seen a few news articles
about lawsuits or something.
And it's like, oh,
Apple is going up against the DOJ.
And I'm just like, oh,
why are you making me side with Apple
on this one?
I hate you.
So yeah, it's really bad.
But I...
I hate to sound like the tinfoil hat
privacy person that they're painting us
as, but you're absolutely right.
It's a proven fact that when John F.
Kennedy was shot,
the CIA or whoever,
whoever investigated it straight up said
that they wanted to they coined the term
conspiracy theory back then.
That's where the term came from.
And their whole thing was they wanted to
discredit anyone who questioned the
findings like that.
That's true.
That's real.
That happened.
And so it's like this is the same
thing all over again.
It's this whole like tinfoil hat privacy
fears.
It's the same reason they do the whole
like this is to protect the children.
It's so that way they don't have to
listen to you because you're automatically
a monster like we have.
and you know it's it's i'm sure like
yes there's something to be said for
stopping crime there's something to be
said for catching the bad guys and
protecting the children but there are
again legitimate concerns like the one i
just raised about salt typhoon but it's
it's it's um thought terminating cliche
that's what it's called it's a thought
terminating cliche if you label somebody
tinfoil hat or a conspiracy theorist you
don't have to listen to them anymore it
doesn't matter what evidence they have
because they're crazy just ignore them
just don't even bother don't even waste
your time listening to them and it's so
disrespectful and insidious
and whoever called us that um please vote
that guy out of office y'all so yeah
that's that's really crappy um i don't
know and it's important to remember like
the context of this is it really has
widespread opposition from uh from tech
companies especially privacy tech
companies like signal and dot go as jordan
just mentioned it has opposition from uh
the the university of toronto's citizen
lab uh which researches all of this uh
privacy stuff it's i mean these companies
are saying they'll pull out of canada like
they've said about other countries who try
to pass similar laws analyses by different
civil liberties associations or
universities like in that case are saying
like no this is not a good idea
it's really like any any expert who has
voiced uh an opinion on on this bill
is saying like no this is a terrible
idea it's going to cause a lot of
of problems it's just there there's just
is some motivation to get these bills
passed anyways um also the other thing i
wanted to add i think for context if
you're not super familiar with canadian
politics and i'm also not super familiar
with canadian politics so canadians in the
chat can correct me but i believe the
liberal party is similar to the
democratic party in the united states if
that gives you any context which is just
that it's kind of a a big tent
party with a ton of different viewpoints
basically they don't have well at least
the democrats in the us don't have
a cohesive message, in my opinion,
on most topics.
I don't know if it's different in Canada,
but similarly in the US here,
I know that we've seen bipartisan support
for a lot of similar policies like we've
we've talked about COSA or repealing
Section two thirty, for example,
in a lot of those proposals are put
forward by members of both parties we have
here in the US.
I just wanted to point that out because
I think
The Liberal Party, I believe,
is the biggest party in Canada.
And also,
I think a lot of people assume that
this stuff is coming from the political
party that they personally don't like,
no matter what side they're on.
And I think it's just important to
remember that a lot of people in
government are trying to do this stuff
regardless of political party.
It's just...
anti-citizen laws that will affect
everyone on any side of the political
aisle.
So yeah,
I just wanted to share that as well.
I think that's kind of all I had
to add on this.
Yeah,
I think the only thing I want to
add is just to really drive home the
it says there the amended bill will now
head to the Senate.
So this hasn't fully passed yet.
So for any Canadians watching this or
please pass this around like this is your
chance to to speak up and try to
get this hopefully.
stopped or something,
this is definitely your chance to contact
your politicians, please.
So, yeah.
Yeah, I think on that note,
we will move into our next story,
which is this happened like the same day
that the podcast went live last week.
So unfortunately,
a little bit too late to cover it
last week, but we'll cover it now,
which is that Section seven or two has
expired, sort of.
So where to begin?
So for those joining us,
you've probably heard of the NSA,
the the National Security Agency.
For some reason,
my brain just said National Surveillance
Agency,
and that is definitely more accurate.
The NSA.
uh or the no such agencies they used
to call it uh the nsa has i
mean they have so much so many things
so specifically there's something called
the foreign intelligence surveillance act
which is as the name suggests where the
nsa derives i'm going to say a significant
chunk of its power i don't really i
mean i don't know the full scope of
what the nsa's authorities and and
regulations and stuff are but this is um
this is
FISA, as it's known,
Foreign Intelligence Surveillance Act,
it specifically includes Section seven or
two,
which has been very controversial because
it's it's old now.
It's from like twenty thirteen.
But John Oliver has an amazing episode
where he talks all about it and he
goes and interviews Edward Snowden.
Huge fan.
I love showing it to people because it's
so funny.
But in it,
he explains that Section seven or two says
basically that the NSA can collect, quote,
any tangible thing pertaining to national
security,
which is basically like
Like, come on, you could...
I can interpret that in a million ways.
Even I could,
and I'm not even a lawyer.
It's just...
So it's basically become this, like,
blank check for the NSA to collect
anything they want under the name of
national security.
Shocker.
And, um...
Numerous studies have found that this is
wide open to abuse.
There have been many unsuccessful attempts
to reform this, to rein it in.
A lot of them basically just say what
it already says,
which is that they're supposed to get
approval.
But the the FISA system is basically a
rubber stamp.
So, yeah,
we did interview quick shout out to we
did interview Naomi Brockwell.
She worked with Lauren Boebert and Thomas
Massey, who are congresspeople.
to try and put forward a law that
would close this loophole that is still up
in the air.
It is an election year,
so nobody's actually doing any work right
now.
They're all busy trying to campaign.
But anyways, so long story short,
this this had to be extended by last
Friday, I think,
and the government failed to extend it.
I could make political jokes there,
but I'm not going to.
Suffice to say,
it did not go through and
As of right now,
section seven or two will not be renewed.
However, comma.
I want to encourage us to celebrate the
wins.
Again, another interview I did,
Cindy Cohen, former director of the EFF,
she actually just stepped down this week.
She she said that specifically,
we have to celebrate the wins.
That said, this is not a full win,
sadly.
And that's kind of why we're talking about
it, is to kind of,
because I've seen all the headlines going
around about like, yay, it's repealed,
it's expired, we won, blah, blah, blah.
Even from the EFF,
which kind of surprised me.
They didn't have any of what I'm about
to say in there.
It was just like, yay,
it went away and we won.
And it's like, but wait.
So the most glaring thing is that
basically the way that section seven oh
two works is
It's kind of like a rolling
reauthorization,
and I don't understand how this is the
case,
but it's basically already been
reauthorized until March,
so at bare minimum,
if this never gets renewed,
if this never comes back,
it will stay in place until March,
so it's not really dead yet.
That said, um,
Again, I don't want to be a downer,
but I do have to point out I'm
assuming it could come back between now
and then.
I'm assuming that once the elections blow
over, depending on who's in power,
somebody could easily be like, hey,
this is running out in a few months.
We should really reauthorize this,
and Congress will get together on both
sides of the aisle and go, yeah,
national security, danger, terrorism,
bad things.
Ooh, we need to revive this.
So again, not trying to be –
a downer, but that's entirely possible.
And then, you know,
this author points out that FISA is only
one set of authorization for the NSA to
spy on us.
So it's entirely possible,
and I would argue very likely,
that
Even if Section seven or two definitely
does not get renewed and completely dies,
there's still so many other ways that the
government can justify this program or
similar programs or anything like that.
So.
It's very, again,
I don't want to bring the party down
because we do have to celebrate the wins
and it's great that this didn't go through
and hopefully it will not go through
between now and March of twenty twenty
seven.
But I guess it's just a reminder that,
you know, the fight is not over.
There's still a lot ahead of us.
But yeah,
I think we wanted to cover this because
it is a big deal.
Section seven or two has been in the
headlines.
god as long as i've been into privacy
and just even even in mainstream headlines
like it's been a really really big deal
so this is great this is fantastic this
is a step forward but uh unfortunately it
is definitely not um the end of the
the story there so
uh i don't know did i did i
miss anything that stuck out to you or
anything no i think uh that's a pretty
good overview that that article that you
were that we were looking at uh does
does cover a lot of stuff that i
um had written about when i posted some
facts about this to our members chat on
signal um
I think you covered it pretty well.
It does extend until March, like you said,
that's because section seven Oh two
doesn't really say that, you know,
the government has all these powers.
It says that the foreign intelligence
surveillance court can authorize all of
these powers for a year at a time.
So since it's already been authorized,
you got to wait.
The other thing I wanted to say is
that
There are a lot of provisions of FISA,
the Foreign Intelligence Surveillance Act,
that are going to be unaffected because
only title seven of that law expired,
which contains section seven or two.
So there are other provisions,
other titles in that, like title one,
which basically give the U.S.,
pretty broad spying authorities still,
so all of that hasn't gone away.
The one good thing about Title I of
FISA is that it requires an individualized
court process to monitor someone,
which is at least aligned with the Fourth
Amendment,
the requirement to get a warrant,
whereas
title seven in section seven or two
obviously were not at all aligned with the
fourth amendment and in my opinion are
were totally illegal but the government
just kind of does this thing anyways um
they the i saw at the end of
the article they wrote about an executive
order uh that order has been in effect
much longer than than fisa has
There is precedent for the government
using that to basically do the exact same
things that Section of two or Section
seven or two allowed.
We know that the CIA was performing
foreign intelligence surveillance far
before FISA allowed it under this
executive order.
So it seems likely to me that even
if Section seven or two never comes back,
the government is just going to continue
operating the exact same way they always
have been under executive order uh one two
three three three so i think my overall
point with that is is just like you
said we have to celebrate the wins and
letting these laws expire is obviously a
good thing to get them off the books
but even if we let all of these
surveillance laws and other illegal things
that the government is doing if we let
them all expire even that is not enough
to
guarantee total protection for people.
We not only have to get rid of
these laws,
but we have to introduce new laws that
explicitly protect these rights and
prevent the government from infringing on
them.
So something like the law that Naomi
Brockwell was doing or was drafting,
which we've said before on the show is
pretty unlikely to get passed,
but at least she's calling attention to
this issue alongside Thomas Massey and
Lauren Bovert.
So
It's a good educational piece at the very
least,
but laws like that do need to be
passed because we need explicit
protections.
It's very clear that without any laws in
place or with surveillance laws in place,
the government is just going to do
pretty much unlimited spying,
which is not not great at all.
So yeah,
that's kind of most of the section seven
or two stuff that I said.
When I was looking at this last week,
and I think that that article kind of
covers the rest of it pretty well.
I wasn't sure how section seven or two
was going or the expiration of it was
going to affect private companies.
I saw that um,
Anonymous.
Twenty seven said,
isn't there something where the tech
companies can challenge in court the
searches now during this one year
expiration?
That is true.
Technically,
I think they always could have challenged
it,
but they had no real incentive to because
what Section seven or two did for tech
companies was basically say you have
immunity.
if you comply with the government's
request.
So like you can't be sued later for
the breach of privacy by your users,
if you give us all of their data,
which is good.
And that actually has expired.
So even though the government is
authorized to take all of this information
from big tech companies still,
the tech companies are no longer getting
protection from section seven or two,
which is kind of crazy.
So I think that
At least my hope is that some giant
tech companies will fight back on this
because they have less of an incentive to
comply.
And I think a lot of these orders
are, like I said earlier,
completely illegal under the bill of
rights in the U S so it's,
I would hope that it wouldn't stand up
to court scrutiny if it was actually ever
really challenged by any of these
companies.
which I think the government would want to
avoid.
So there's two things there.
I think to avoid being sued by somebody
by like a big tech company, for example,
the government might in the meantime be a
little less.
I mean,
they might use this power a little less
against these companies because they fear
it being challenged and then being taken
completely off the books.
I also hope that the lack of production
encourages Apple to or not Apple
specifically, but a company like Apple,
for example,
I think has precedent of challenging this
sort of thing like they did in twenty
fifteen with that FBI case.
Apple in that case was really opposed to
the government forcing their developers
and their teams to do anything.
And I think that this is a similar
situation where they just don't want to be
forced to do something by the government.
At the same time,
a challenge against the government.
It's already very hard for companies.
They are still allowed to be fined like
two hundred fifty thousand dollars a day
by the government if they don't comply
with these,
which is obviously a very substantial sum.
Maybe somebody like Apple with billions of
dollars to just.
burn on random things could absorb that
hit but a lot of like smaller companies
for example wouldn't be able to do that
at all so a lot of companies won't
be able to challenge this basically is
what i'm saying so there's a couple routes
that that could go down i wouldn't um
really rely on the expiration of this to
prevent any of this spying done until
March, in the meantime,
but it's possible that we'll see some
change there.
Fair enough.
We did have a couple of quick questions
I wanted to address.
One is from anonymous.
Twenty seven here.
FISA versus seven or two.
Seven or two is part of FISA.
Just to clarify that.
So they're not different things there.
one is part of the other and again
only that one part expired so Faiza is
still on the books in general it's just
this one crazy warrantless part basically
yeah for sure and then um
Anonymous also asked to clarify,
did you did you mean that the reason
this one is significant is because it
allows warrantless searches of Americans?
So technically, no, you are right.
You said because there's no protection for
foreigners.
And that's how that's how the NSA
justifies surveillance on Americans is
because.
So, for example, one of our team members,
Jordan, is Australian.
They're very open about that.
And every time we Jonah and I text
Jordan,
That signal crosses international borders,
and therefore the NSA is allowed to
intercept that signal.
They're supposed to discard the American
side of the conversation, quote unquote.
But generally,
I think we can all agree that they
probably do not or definitely do not.
So.
Yeah,
that's that's kind of their loophole.
Or Snowden pointed out in that John Oliver
episode,
I mentioned that sometimes he was like
Google as an example,
Google entirely invisibly to you will take
all your emails and move them to another
physical server.
Like,
let's say they need to do maintenance on
that particular server where your emails
are.
So they'll move your emails to another
server while they do maintenance.
And you never see this,
you never know this is happening.
But maybe that server is in Mexico or
Canada or something.
And again, once it crosses those borders,
the NSA has permission to do that.
I don't know if they're still allowed to
do or I don't know if it still
works that way.
Because to be fair,
that interview was like,
years ago at this point.
That may no longer be the case,
but that was how he explained it at
the time.
We got a couple of quick questions I
wanted to note here.
I'm having a hard time finding our page
on Android because some people asked about
Graphene OS and how Graphene's coming to
Motorola's now.
Would we argue that Pixels or Motorola's
are safer?
I'm trying to find the page where we
recommend Pixels,
but
um i know it's there but basically yeah
um at this time as far as i
know uh pixels are from a hardware
perspective much safer than or much more
secure than motorola so it's not even like
us versus china thing it's just that at
this time pixel hardware is much more
secure well i will i mean and that's
important you say at this time i don't
know what just happened to my cameras let
me figure this out um but uh i'll
just explain quick
I think we have no way of knowing
for sure what the Motorola thing is going
to end up looking like,
because I guess Graphene OS is involved in
the design of this somehow.
So hopefully they can bring Motorola's
hardware security up to speed.
But we will have no idea until that
phone actually comes out.
Yeah,
which is what I was going to say
is at this time, it's, you know,
Yeah, that's where I was going is once,
once graphing gets involved,
this new Motorola might be more secure.
And at that point we'll have to sit
back and like reevaluate.
I still can't find it.
I know there's a page where we explicitly
say that at this time,
pixels are the only Androids we recommend,
but I can't find it right now,
but I know it's on there.
It's on the website somewhere.
So yeah,
that advice may change in the future,
may not.
We don't really know at this time.
And yeah, I mean,
somebody asked about firmware backdoors.
I mean, look, personal opinion,
that's speculation.
We can't prove it.
We can't disprove it.
If we can prove there's a backdoor,
then yes,
obviously that would change the math.
But I mean, this whole like...
My threat model is not high enough.
If I have that kind of threat model
where I can't trust the hardware,
then I'm just not going to use it.
For day-to-day stuff,
like texting my wife to remind me to
get eggs or whatever, I don't know.
I can only care about so many things,
and I can't spend my time on speculation
personally.
I know some people have that threat model,
but I don't.
while Jonah's figuring out his camera.
No, we generally use Signal back here.
Anonymous Twenty Seven is asking if I text
Jordan with SimpleX.
We typically use Signal because it's very
feature rich.
We are all already on it.
I do have SimpleX, but yeah,
I definitely don't get a lot of messages
there.
Somebody asked about Zen Browser.
I know Jonah has used that in the
past.
He's a big fan.
I think he still uses it.
I haven't really used it.
I'm a bit of a Brave person,
to be honest, but I don't know.
I kind of bounce around between browsers,
but I primarily use Brave because I like
that it just has a lot of built-in
privacy stuff that I just don't have to
think about.
Yeah, as far as... I'm back.
We'll see if it happens again.
I don't know what's going on with my
camera where it just stops and goes to
showing...
pictures I've taken instead, but whatever.
Zen browser,
I've talked about that in a few episodes
now.
So I would encourage going back if you
want to hear full thoughts.
But the main thing is,
it seems to be a good browser.
It seems like, you know,
they're removing things that Mozilla is
doing that I don't agree with,
which is good.
And they're not
being privacy invasive by default,
which you can't say about big alternatives
to Zen browser like arc browser,
for example.
So from that perspective,
it seems pretty good.
It's still a Firefox fork.
And there's problems with Firefox in
general compared to chromium.
it doesn't do a lot of like,
super active protections to improve your
privacy.
So something like brave is going to be
better than that, for sure.
But there are some features.
I think it was the last episode where
I mentioned I do know brave is working
to implement some of the features that I
use in Zen browser the most.
So maybe they will convince me to switch
over.
But I think I use both brave origin
and Zen browser like,
fifty fifty at the moment.
And I like both of them.
So
But there's a Zen browser thread on the
forum that I would check out for more
information, as always,
because it's gotten mixed reviews from
some people,
and I would not just take my word
for it.
I would look into it further before you
decide to use it, for sure.
We had another quick, before we move on,
somebody said,
do we have any case or how we
guys did the change to Signal?
I'm not sure what you mean by that.
I think you're talking about how to get
other people using Signal.
I know we've said this a lot in
the past,
but my wife is the expert on getting
people onto Signal.
And usually her thing is that she focuses
on features.
Like if you're talking about
um, quote unquote normies,
like normal people who don't really
prioritize privacy and security.
They're not going to care if you talk
about all the privacy and security
features, but if you talk about how, um,
it's got like these larger attachment
sizes, it's cross-platform, uh,
you can do message reactions,
you can do gifts, you can do stickers.
Like I know when signal rolled out Giphy
support,
a lot of people were pissed about it.
And in stories too, same thing.
Like a lot of people were like,
this is dumb.
I don't want this.
I don't care.
You don't care,
but a lot of people do a lot
of people use them,
especially around the world.
So, um,
I would try to focus on what...
Everything is about solving a problem,
right?
I almost hate to say this because it
feels sleazy,
but you almost have to approach it from
a sales perspective.
And the whole point of sales is that
you're trying to solve someone's problem.
Somebody has a pain point and you're
promising to relieve that pain.
So that's how I've had good results
getting people on password managers
because I'm there when they're logging
into something and they're like,
oh my God,
what was my stupid password for this
website again?
And I'm like, hey,
want to know a program that'll help you
like never forget your password again and
you know i i get them to use
like bitwarden or something like that so
it's uh trying to find out what is
that that pain point that you're trying to
solve for someone because again most
people don't care about privacy and
security but if you can tell them like
oh you can send bigger attachment sizes or
again like it's cross-platform i know rcs
is becoming interoperable now so that's
probably not as good of an argument as
it used to be but
Yeah,
just kind of figure out what is important
to them and how to signal meet that
need is what I would recommend.
I'm going to let Jonah continue to try
to figure that out with the camera.
But I think we're at the point where
we're going to move on to site updates.
And in a little bit,
we're gonna talk about some stuff going on
in the UK real quick.
But first, here's what's been going on.
Again, as usual,
it's been a very busy week at Privacy
Guides.
We have a new video,
if you guys did not know.
Let me pull that up real quick.
We have a video about passwords.
So this video is aimed more at the
average user that we were just talking
about a minute ago,
who's maybe not necessarily super
concerned with privacy and security,
but it also kind of addresses,
there's been,
In the past few years,
I've seen a lot of people,
when you talk about passwords and password
security,
a lot of people focus on the idea
that,
that like complexity doesn't matter at all
anymore.
And it's all about length.
And so we kind of dive into that
we kind of made this, again,
we did make this video for everybody.
So this might be a good video to
share with like friends and family.
But it also focuses on the whole like,
well,
why do people say that length matters
more?
And where did that advice come from?
And how true is it?
And so you know,
we talk about a we talk about like
a
entropy and how to calculate that.
I mean, roughly,
it's really complicated stuff.
And we try to keep it simple.
But, you know,
we try to break it all down.
And of course, we talk about pass keys,
because those are coming out now.
And are those better than passwords per
se?
So yeah, I'm really proud of that video.
I think it's got about almost three
thousand views already.
So definitely check that out if you
haven't yet and share that with your
friends and family to maybe help them
understand passwords a little better.
I tried not to get too technical with
it, but it kind of explained like,
Why passwords suck and why we need better
solutions.
And I hope we did that.
And then just to let you all know,
we have a new video in the works
that is a response to the Plex price
hike.
So probably in a what is it?
What time is it?
It's the nineteenth.
So probably in about ten days here,
that's going to be a very popular topic.
And
We offer some people some,
it's really not hard to guess,
but I'm not going to say what our
advice was,
but there is some information there about
how to respond to that.
So there's that.
I don't know if Jonah's got his camera
working now.
Here we go.
We cannot hear you, sir.
You are muted.
I might be back.
Well, I'm trying a different camera,
so I don't know if it's going to
be,
I don't know if it's going to work
any better, but we'll see.
Well, so far you're back.
So do you want to take over the,
uh, the next portion of the site updates?
Yes.
Where are we?
Let's see.
um site updates i've been working mostly
on the verified apps data set we've been
getting a lot of submissions i had to
solve some issues with getting them all
working but i think those are all solved
so we can add more apps again and
push more updates to that other site
updates have been continuing in in general
free has been posting a lot of news
articles as usual that you can see at
privacyguides.org
news so that's a great place to check
out any privacy security whatever related
uh news stories that you uh that you
might not have seen that we don't cover
on the show because we only have a
limited number of time a limited amount of
time can't talk today to cover all of
these stories so that's a great place to
stay up to date on all of this
stuff as well in addition to our
form.
Other than those articles, though,
and the stuff that I've kind of been
working on this week,
I don't know of any other major site
updates that we have done so far.
But, you know,
things are always happening.
I'm excited about all the video stuff that
you're doing.
All of the stuff that we do at
Privacy Guides,
that's made possible by
Our supporters are members and one-time
donors.
You can sign up for a membership or
donate at privacyguides.org slash donate.
If you do,
it would really help us out.
You can also pick up some swag at
shop.privacyguides.org like what Nate was
just showing off.
Privacy Guides is a nonprofit that
researches and shares privacy-related
information.
We facilitate a community on our forum in
Matrix where people can ask questions and
get advice about staying private online
and preserving their digital rights.
So yeah,
please support us if you are able to.
It does really help.
I think now we can move on to
how burner phones are at risk in the
U.S.
Yeah,
do you want to take that one or
do you want me to?
Yeah,
I just had to pull it up again
here.
Okay.
Perfect.
This is from CNET.
The article goes,
the Federal Communications Commission is
poised to begin forcing the country's
telecom companies to collect names,
addresses,
and government identification numbers for
every cell phone customer.
If adopted, a likely outcome,
given the FCC's current Republican
majority who support it,
the rules would effectively outlaw burner
phones,
devices that aren't specifically tied to
identifying data,
allowing the privacy-minded to maintain
their information.
anonymity.
The proposal is called Know Your Customer
Requirements,
as a lot of people in the financial
and cryptocurrency space are likely
already very familiar with.
And the FCC is framing it as a
way to stop robocalls and scammers.
Anyone with a phone can tell you the
problem is very real.
U.S.
consumers receive an average of ten
unwanted calls every week,
a number that's grown at a compounded
sixteen percent rate every year since
twenty twenty three.
I personally can tell you that is
definitely true.
I wish I only received ten a week.
So, you know, that is a problem,
but this certainly is not going to solve
it.
It doesn't address the core
problems with the telecom system in
general.
But as the article rightfully notes,
it punishes those who use burner phones,
including journalists, travelers,
whistleblowers,
and domestic abuse survivors.
The senior legislative associate at the
Electronic Frontier Foundation said that
collecting all of this data is horrible
for everyone's privacy.
You have to ask,
do you trust the government to have that
information at this current moment in
time?
A government that has proven that they are
trying to centralize and weaponize your
information.
So yeah, this is a big problem.
We've been talking a bit more about cell
towers in privacy and cell companies and
privacy and all of that stuff.
I think at least in the United States
recently,
we talked about CAPE a few weeks ago,
and they have been very opposed to this
bill.
And they've been talking, you know,
trying to lobby against this a bit,
because they
don't collect any of this information at
signup.
I think this is going to be a
big problem for other companies who have a
similar model like Nate I know has talked
about mint mobile and how you can just
pick up those SIM cards in cash.
Now they're going to have to collect a
lot more information.
Generally with this data collection stuff.
Companies don't want to do it,
at least some of them,
especially if they can't monetize that
data in the same way that big tech
companies with advertising programs can
monetize it.
It's a risk.
It's a business liability for them to have
all of this data,
especially as data breaches become more
common.
And now the government is basically
mandating every single company involved in
your telecommunications to collect all of
this sensitive information about you.
So it's problematic for sure.
It's a similar problem to we've talked
about like voter IDs laws in the US.
And that is also the sort of thing
where this mandatory ID system doesn't
make a lot of sense,
but it will harm a ton of people.
A lot of people in the US do
not have like a driver's license or a
government issued ID in general because
it's not legal.
required, which if these laws passed,
could mean that a lot of people,
millions of people in the U.S.
would not be able to access phone service
at all.
I think this is mentioned in the article.
Let me scroll down and find it.
Yeah, it says as of twenty twenty four,
nearly twenty one million voting age U.S.
citizens don't have a current driver's
license with black and Hispanic Americans
disproportionately less likely to have
one.
So
think that's a very problematic thing it
goes against you know there's been a
long-standing thing historically the the
republican party would always kind of
fight for or fight against government ids
and government mandated ids they fought
against like the real id mandate uh that
required these stronger ids and government
issued ids for travel
Now, of course,
they seem to be going completely in the
other direction.
It seems like everyone in the government
at the moment is going in the other
direction.
But this sort of thing is not a
popular change by any means,
and it is going to affect a lot
of people.
So...
Yeah, ultimately, at the end of the day,
there are a lot of technical solutions to
this that cell companies should be
implementing that can stop the spam
problem.
This is pretty unlikely to stop any of
the spam issues.
In my opinion,
it's kind of kind of as simple as
that.
So yeah, Nate,
anything else you wanted to mention?
um yeah i just want to drive home
that that point i mean jordan said it
hasn't cut down on spams and scams in
countries that have implemented so we have
evidence it doesn't work um not like the
government ever cares about evidence any
government for the record but yeah that's
kind of my thought too because aren't most
of these scams like most of these scams
okay first of all um i'm gonna go
ahead and get on my little soapbox here
for a minute and be like a what
are they what's the joke like a bleeding
bleeding bleeding heart liberal or
whatever um a lot of these scammers and
spammers
not all obviously,
but a significant number are actually
human trafficking victims in places like
Southeast Asia.
So personal opinion,
I'm not really a fan of like messing
with these people because like
it's just like i hear the argument that
the more time you spend trolling them the
less time they're actually scamming
somebody who's going to fall for it and
i'm not necessarily giving them a free
pass but like these people are going to
be taken back to their rooms and beaten
if they don't meet their quotas which
again i'm not saying like you should help
them meet their quotas but my point is
like why make a terrible situation worse
um i i used to have a co-worker
at my last job that would like yell
at spam callers and it's like please don't
do that around me but anyways um
So like point being where I'm going with
that and what inspired this thought
originally is a lot of them aren't even
located in the US.
So like,
how is this going to stop them?
Like they don't need to get an ID
there.
A lot of them are spoofing phone calls.
And I know that because I,
it comes and goes in, in popularity,
but I have in the past gotten a
lot of phone calls at various,
my pseudo numbers.
And when I pick it up, you know,
and especially like I had a phone number
specifically for work.
So I had to pick it up because
you know,
there were always people that I didn't
have saved in my phone calling me a
lot of the time they would call and
like,
I'd pick it up and they'd be like,
yeah, I got a call from this number.
And I'm like,
It wasn't me because I haven't called
anyone all day or even some of my
lesser used numbers that I stopped
answering after a while.
You know, they'd like,
I got a call from this number.
I'm like,
I haven't called anybody in like three
months, dude.
I don't know.
Like it's somebody spoofing my phone
number.
So like,
how is this going to fix that?
How is this going to solve that?
Like, it's it's so dumb.
It's like and yes, it's annoying.
I get that.
But this isn't going to solve anything.
This is just the classic politicians
trying to look like they're doing
something.
And it doesn't matter if it actually
works.
It's just the illusion of motion.
So yeah, it's really frustrating.
I actually hardly get any spam calls,
and I'm really starting to wonder why that
is.
I don't know if that's because I pay
for a data removal service like Easy
Opt-Outs,
or I don't know if that's because I...
because I use a lot of fake phone
numbers.
I don't remember it off the top of
my head.
Is my password manager open?
It might be.
Oh, it is.
Oh, God, what is it?
There is,
and I'm sharing this one with you guys
because it's hilarious.
Two, four, eight, four, three, four, five,
five, zero, eight.
That phone number plays never gonna give
you up on an infinite loop.
So if I ever have to provide a
phone number and I know for certain they
are never,
ever going to have to call me,
I like using that one personally.
But yeah, so I don't know,
maybe that's just me,
but I like hardly get anything.
But I had family visiting last week and
one of them like two or three times,
they were only here for like five days
and two or three times,
one of them kept picking up their phone
and then immediately hanging up and
they're like, scam call.
And it's like,
I get a few around election time,
but that's about it.
So anyways, yeah, I don't know.
There is a solution clearly.
I don't know what it is,
but I found it and it wasn't requiring
everybody to get an ID.
So yeah, this is terribly flawed.
The last thing I wanna say is I'm
gonna put it back up on screen here
for a second.
Please check out this article.
Because it does say that rules are open
for public comment until June,
which is six days away as we're streaming
this.
And there is a link on where to
go.
There is all the information you will need
to leave a comment.
They even have examples of comments that
they recommend that you emulate.
So yeah.
Will the FCC just totally ignore us?
Probably.
They've done it in the past,
but I mean,
it's better than just doing nothing,
right?
So yeah.
I think you're muted again, Jonah.
Sorry about that.
That section about leaving a comment to
the FCC was exactly the last thing I
wanted to point out,
so I'm glad you mentioned that.
If you're in the U.S.,
definitely check out this article because
they have a link and everything to do
that.
Yeah.
Chicken Little says you have to give a
name and address.
I mean, devil's advocate here.
Do they verify it?
Maybe you could just leave a zip code
or leave a PO box maybe.
Yeah.
I mean,
as long as you're not threatening anybody,
I don't think they're going to.
And that's, you know,
that's something I always have to remind
people here is like,
please don't be a jerk.
Don't threaten people.
Because if your comment is just like,
you know, like you guys suck.
You're all pedophiles.
This is evil, blah, blah, blah.
Like they're not going to listen to your
comment.
But if you like the one,
the one they said here is like, um,
A scammer might try to steal my
information,
but that does not justify a process
through which the federal government would
definitely steal it.
Even that one, in my opinion,
is a little bit harsh.
Just something like what I said.
Like,
many of these spam calls are coming from
overseas,
so I fail to see how this would
actually do anything.
Like,
just something that's actually thought out
and logical, like you're not, you know,
like you've seen sunlight in the last six
days or something.
So, I don't know.
Just try not to be mean to people.
That's what I'm getting at.
You catch more flies with honey than
vinegar.
Okay.
Something I haven't seen for sure
mentioned yet,
but I believe is true is I think
this only applies to getting a phone
number.
I'm curious about two things.
I'm curious whether or how this is going
to impact VoIP providers like MySudo,
for example.
I'm also curious whether cell companies
who do want to have like a privacy
first service would be able to
maybe sell data-only lines, for example,
and then you could get a VoIP number
or something else to handle the phone
stuff if that ends up being an easier
solution to get a phone number
anonymously.
I don't know if that's true or if
that would work or not.
Personally,
I wouldn't mind a data-only SIM myself.
They're just harder to come by,
but I don't really need a lot of
the functions at a full...
phone line provides.
But of course, that's just me.
Obviously,
a lot of people really need a phone
number to call and text,
so that's not going to work for everyone
at all.
I think this is a big problem,
but I am interested in seeing whether or
not any of that stuff happens.
Yeah,
that is another thing towards the bottom
they pointed out is like, you know,
if you switch to something like Signal,
They say Telegram, which is not encrypted.
Screw Telegram.
They say turn off location tracking.
They say use two separate phones,
but I don't know what's that supposed to
solve.
But I will say that that is something
that we recommend on Privacy Guides is
like on the website is whenever you're not
using your phone,
like if you're at home and you're on
Wi-Fi,
put your phone in airplane mode because at
least that like kills the connection to
the towers.
And like there's definitely ways to
eliminate the amount of data that is tied
to your name.
Even if something like this were to go
through and be required,
like you could still...
And, again,
I understand there are very high-threat
model people here.
The article even points that out.
There's whistleblowers.
There's journalists.
There's people trying to escape abuse
situations.
I'm not trying to downplay that.
But for the average person,
even in a situation like this,
there are still ways to reduce the amount
of data going back to these companies for
sure.
Um, but yeah,
it's good to hear Cape is fighting back
against this.
I hope other companies will too.
And that was my thought too.
Cause I know my pseudo had to, um,
they did start verifying ID for UK phone
numbers, um,
a long while back when that became a
thing.
So yeah, that is a,
that is a good question for sure.
And unfortunately I don't have any
answers, but that is crazy.
Just that thing that you pointed out at
the end about telegram.
It's crazy that they say it offers end
to end encrypted.
Encryption on all messages.
Telegram has the best marketing ever, man,
because they have totally convinced people
that they're a good app.
That is crazy.
I need to write another blog post about
why Telegram sucks.
I'm going to backtrack a little bit
because we had a few questions since we
left the site updates.
So Limitless asked if we had any videos
or topics about hardware keys.
We haven't made any videos yet.
I don't even know if we have that
written down as an idea,
but I'd totally be down to at some
point.
We do have a page on the website
though that kind of talks about them a
little bit and which ones we recommend.
So definitely check that out for now.
Let's see.
Chicken Little said to check the comments
on the passwords video because there's
some critiques.
We'll check those out.
I try not to check the comments too
often because...
I mean, look, people read the comments.
I'm not going to lie to you guys.
And like,
when some people get really worked up
about small details,
I don't mind being corrected again.
It's what I said a minute ago.
It's one thing to leave a comment and
be like, Hey, you were like,
you were wrong about this thing.
It's okay.
Actually, I'm going to,
I'm going to mention this.
Um, so over on the new oil,
I just put out a video about tutor
drive.
And in the video,
I mistakenly said that quantum computers
are replacing classical computers.
And one person left a comment,
and they were still kind of like a
little bit obnoxious about it,
but they left a comment and they were
like, that's not true.
Quantum computers have very specific use
cases,
but they're not going to replace classical
computers.
And as much as it did make me
a little defensive,
I replied and I was like, all right,
thank you for the correction.
I apologize.
Somebody else made the same correction,
but they literally said like,
you've lost all credibility and have no
idea what you're talking about.
And it's just like...
cool screw you too like it's it can
be difficult to take criticism when it's
so harshly presented so like i definitely
do appreciate criticism and and
suggestions to do better it's just it gets
a little bit exhausting when it's so just
thrown out there so dramatically and so
like like i'm a terrible person because i
misspoke it's so but yeah we'll we'll
check those because i mean again i do
i do want to make get better at
videos so
yeah the the tricky thing about comments
on that video specifically i haven't read
all of them so like i don't i
don't know if there's some good critiques
like you said we'll have to check it
out but i did when that video came
out i looked at a lot of the
comments and a lot of them were also
like things that were addressed in the
video oh which happens which happens a lot
in the comments it's like okay if you
watch the whole thing um that is answered
but that's a commonly
That's not very common for a lot of
YouTube viewers to do, unfortunately.
So we get a lot of comments like
that.
A lot of comprehension issues.
Yeah, I see that too.
It's like, what about this thing?
And it's like, well,
we kind of addressed that in this part.
Yeah.
And of course,
that's always something we can improve as
well.
But sometimes it's like, obviously,
there's not much you can do to help
some people.
Yeah.
Another good question here from Chicken
Little, though.
On Graphene OS,
would you recommend the Aurora store or
the Play Store?
I mean,
I don't know about in terms of privacy.
I'm going to say Aurora is probably
better,
but we've seen in the past that the
Play Store is usually more reliable
because I remember there was...
google did something or other that like
basically broke the aurora store for a lot
of users for i think a good couple
of weeks and people were like weren't able
to log in and weren't able to get
updates and um i've noticed because i've
tested graphing a couple times i've
noticed um it's definitely a lot more
seamless in the the the play store because
like i've been in situations where um
Like I'll open an app and it's like,
hey,
we're offering off a premium or whatever.
And I'm like, oh, cool.
And if I click the button in Graphene,
it takes you right to the Play Store
and you can pay for a subscription.
And on Aurora Store, it's just like,
It's like an error.
It doesn't work.
And that's fine if it's one of those
privacy-respecting apps where it's like,
oh, okay,
I'll just log into the website and pay
there.
But some of them, it's like, no,
this offer is only on the Play Store,
which, again, at that point,
there's privacy concerns.
But I guess I'm just saying it's
definitely a much smoother experience,
I think, to use the Play Store.
But Aurora would probably be more private
in my guess.
Yeah, sure.
I mean, yeah,
it depends on what you really want.
Personally, I...
I have a work profile for all the
Google-related stuff,
like stuff that needs Google for reliable
push notifications or relies on Google
Play services for some other reason.
I installed Google Play services from the
Graphene OS app store in there because all
of those functions work without a Google
account except for the Play store,
which requires one.
So I use Aurora store in that case
to obtain the apps because you can do
it without a Google account,
which
personally i think is very important but
you know if you're going to use a
google account anyways for all the stuff
on your device the play store is probably
better but if you don't want to if
like some people don't have google
accounts obviously and you probably don't
want to make one so then if you
need google play services and you don't
want to make an account you can do
exactly like that just install google play
services and aurora store it's a good
solution
Yeah, on that note, continuing this,
Chicken Little says,
does Aurora actually improve privacy?
So it improves privacy from what I
understand.
Correct me if I'm wrong.
It improves privacy in the Play Store.
So like the Play Store is not recording
every app that I search or even the
apps that I download because there's no
Google account associated with it.
But yeah, the app itself, I mean,
it'll still be tracking the same stuff
that it would as if it came from
the Play Store.
So yeah,
it's more like protecting yourself
directly from Google.
Then sorry, go ahead.
I mean,
we have a whole section on our site
about reducing the number of accounts you
have and stuff like that.
And it's always going to be like, yeah,
like you said in your next comment here,
you can make a Google account with a
VPN or whatever,
but it's always the more...
privacy-minded solution to just not have
an account at all and that you don't
have to worry about that sort of thing
or potentially leaking it in the future.
As Jordan just said,
it's very challenging to make a burner
Google account.
The other thing you have to keep in
mind is if you make a Google account
with a VPN,
you then have to use that VPN all
the time and not slip up with it.
It's a lot more work compared to just
not having an account at all, obviously.
And I think that Aurora Store is very
helpful in that regard.
Yeah, Jordan said what I was thinking.
Google's getting real strict about
especially requiring a real phone number,
like a SIM phone number.
So it's tricky.
This one I don't know.
Is there a security difference between the
two?
They're equally secure, right?
There's some risk.
Aurora could just give you any APK that
they want for you to download and install.
So they could send you an impersonation
app if you installed the legitimate app
first.
then Android is going to prevent you from
installing an impersonator update because
it checks the signature and stuff.
So once you have that baseline,
you're perfectly good with using Aurora.
I believe,
I don't know if this is true or
not,
but I'm pretty sure I've seen this on
the Google Play Store.
I think you can get updates for your
apps on Google Play without signing in.
I think on the sign-in page,
there's a way to see updates.
But I could be wrong about that,
so correct me if I'm wrong.
But that could be a good method to,
like, if you install an app from Aurora,
for example,
you could try and get updates from Google
Play.
And then if those updates don't install,
then you might have to be worried.
On the other hand, like,
Aurora is a pretty trusted app at this
point.
It has a long track record.
There's been no notable issues.
So...
Jordan says, yeah,
there is a way to get updates from
Google Play without signing in.
That's a good setup to have, I think,
if you use Aurora for initial installs
too,
and then you have Google Play to get
more reliable updates.
That could be a good thing,
because as you mentioned, Nate,
there have been reliability issues with
Aurora sometimes,
so having another source for those updates
is good.
The other issue that I've heard about
Aurora is that some settings on the Google
accounts that they use can impact what
gets served.
So if that Google account is opted into
a beta program, for example, of an app,
then you might automatically get that
version in Aurora.
I don't know how widespread of an issue
that is.
I don't know what things could be changed
in the Play Store on a per-account
So there is that risk with using anonymous
accounts,
but there shouldn't be too many settings
that would cause a real big impact in
that regard.
So overall,
I'm personally not too worried about
Aurora,
but there is certainly a lot of stuff
to keep in mind because you are trusting
Aurora.
another party in addition to Google at the
end of the day.
I think that using alternative app stores
entirely whenever possible is the is the
safest solution for sure.
Yeah,
I don't know if it's related to the
accounts in Aurora or maybe like my device
and my VPN and stuff.
But I know sometimes in the past when
I'm using Aurora,
I have difficulty getting apps like my
pseudo because they're only available in
certain countries.
So like sometimes I have to kind of
close it out and research like several
times before it shows up.
So, yeah, that's a thing.
uh chicken little said it seems like it
still does send stuff to google so sends
a list of your apps ip address all
apps you download and search so yeah one
thing that might be better is google play
might have more fingerprinting so yeah
again it's not a huge deal um i
guess it's really personal preference
they're not going to have like a list
of apps on on your device though because
you're using a shared google account so
that that all gets merged together with
other people who share it they might have
a list of apps
per IP address that downloads them,
if Google is tracking that.
But you can always...
It's very easy to use a VPN and
just split up your downloads.
It's also very easy to... I mean,
people switch IPs all the time,
whether that's their cell provider
switching towers or for some other reason.
So yeah, I think...
I think all of these things, you know,
Google has visibility, obviously,
because you're downloading it from the
Google Play Store.
But I think it's pretty obvious that there
is a significantly different type and
amount of data that could be collected by
Google from Aurora store versus like
signing in with a Google account and
installing everything from Google Play
directly.
This is a risk.
maybe of like all of the apps on
your specific device if you do that thing
i just said where you get things from
aurora store but then you get updates from
google play because then you're using the
google play app and they could
all of that information based on like your
device id that the google play app can
read which is i mean versus the aurora
store which spent sends like a spoofed
device to google play basically so that
could be a reason to disable google play
if you install it and uh only use
aurora but at the same time like if
you're using google play services in
general google probably can collect all
that information by a other means so
Yeah,
there's all sorts of privacy problems,
obviously, with using any Google stuff,
which is why I just wouldn't use any
of these solutions.
If you're super concerned about Google
fingerprinting you get your sources,
I mean, get your apps via other means.
Christopher McConkey- yeah Jordan had a
comment about a private space we're
actually going to talk about that in a
little bit so i'm going to save that
one for now.
Christopher McConkey- One more question we
got before we move on to the next
story limitless said,
having a private DNS inside your home
network or on a bps is a start
for more privacy right I saw a lot
of recommendations on starting with this
step.
Christopher McConkey- So.
I mean, in my personal opinion,
I think self-hosting your own DNS is not
what I would call a starting point.
I think that's a little bit advanced,
but I think, yeah,
I would definitely say Privacy Guides does
have a list of recommended DNS providers
that you could just start using right away
and just like plug it into your router
or whatever.
I would definitely say that's a good place
to start.
And especially, you know,
a lot of them do come with like
ad blockers built in.
So that's a really good way to help
cut down it.
In my experience,
it doesn't completely reduce them,
but it'll cut down on like the number
of ads and like a smart TV,
for example.
So yeah,
that's definitely something I recommend.
I really want to find the time to
start digging into the pie hole.
I think I'm finally ready to pull the
trigger on that.
Um,
that would probably be the easiest DNS to
self-host I would imagine,
or maybe something like next DNS.
But, um, yeah, I mean, again,
I think self-hosting it as a little bit
more advanced would not recommend that as
a first step,
but if you're comfortable doing that,
I think that's a,
a great thing to do,
but changing your DNS for sure is a
good thing to do.
Yeah.
And then you said,
do you guys plan on adding an education
tab for apps and educations?
I don't know if we could do that
because there's so many and there's so
many different needs.
And you say tools that students could use
when they first look on privacy guides.
A lot of the time,
students don't have a choice.
You have to sign into your school portal
and use a certain app.
Yeah.
I mean, or also,
I don't know if there are a lot
of student-specific recommendations to
think about either.
Yeah.
A lot of the apps that we recommend
on Privacy Guides,
we list them specifically because they're
kind of widely applicable to most people.
I wouldn't be super opposed to doing
something like that.
I'm not super familiar with a ton of
privacy...
related tool specifically for students.
I saw you just mentioned Zotero,
which I believe manages citations if
you're writing a paper,
if I remember correctly.
Yeah,
I'm looking at the website right now.
Collect, organize, annotate, cite,
and share research.
So I guess there is some research-related
academic sort of software that we could
recommend.
Personally,
I'm not super familiar with all of them,
especially like...
I've heard of some of these,
like I've seen Zotero, for example,
but I...
don't know off the top of my head
like super privacy focused alternatives
besides like maybe using a standard
bookmark manager for something but that's
not going to help with like formatting
resources if anyone does have like
suggestions for academic tools that we
could look into definitely leave
suggestions on the forum because obviously
we look at all of those and it
allows more people to get eyes on them
and discuss them so we're not relying on
people on the team trying to know
everything about everything right we gotta
we gotta get uh all of our recommendations
from the community so definitely
definitely mention that um but yeah
otherwise like we have recommendations for
notebook software for example we have
recommendations for um stuff like rss
readers for keeping up with news and and
all sorts of stuff that students can can
use so
Yeah, I was going to say,
I haven't been a student in over ten
years, and I was a liberal arts major,
so I didn't really do a lot of
citations.
I just had to,
I was actually a music major,
so I had to know how to play
piano, and that was it.
But yeah, I mean,
it looks like interesting, but yeah,
that's what I was going to say,
is definitely,
I would say open a thing on the
forum,
and if this turns out to be a
huge area of concern,
then it's something we could definitely
look into,
but
I certainly wouldn't even know where to
start.
You said someone mentioned obsidian.
I've used obsidian.
I like obsidian.
I keep hearing conflicting reports on
whether or not it's open source.
Some people don't like it.
It's not open source.
I can tell you that for sure.
Gotcha.
Okay.
But I mean, yeah, there's, I mean,
there's so many,
that's actually something I've been
meaning to do.
Um, I started doing,
and then I got super distracted is I,
for my last job,
I started building a personal knowledge
base, um, because we had so many, like,
Where's this manual?
Where's the support number?
Who who's the contact for this?
Like we had so much of that going
on.
I started building a personal and I use
Notion for it because this was for work,
so it was not super sensitive.
But I started building like a personal
database of like my own personal wiki.
So like, uh,
the reason I bring that up is at
one point I wanted to do like a
review of all these different like notion
type,
like there's one called any type I think.
And then there's obsidian and there's like
notes nook.
And yeah, I really wanted to do that,
but I just, uh,
it fell by the wayside and there's so
many, there's guys,
there's so many videos to do in so
little time.
I think the tricky thing with obsidian is
like, I don't really know.
I guess I just don't use notebook stuff
enough and I haven't really seen on the
forum like a great explanation for why it
would be much better than notesnook I
think notesnook is a pretty widely liked
uh note-taking application as well um so I
mean if people like Obsidian a lot more
definitely just share that on the forum
thread for it and we'd have to consider
it any type is another one where
That's been talked about for a while.
I'm not exactly sure why we don't have
it on the site.
It's maybe just because not a lot of
people are super interested in getting it
listed.
That's how it works a lot of the
times.
If there's something that's not listed on
the site,
it's usually just because not enough
people are really pushing for it to
happen.
So you gotta...
you got to let us know what to
look into or where these discussions are
going.
Because the entire site is obviously,
it's more of a community collaborative
effort than like one person's opinion,
right?
So I can't really just put whatever we
want on the site.
Does Notesnook not have a free tier?
That I don't know.
Cause I'm looking at the website right now
and I'm trying to remember, I'm like,
why didn't I use notes?
No.
Cause I remember looking at it.
I don't know.
I don't know.
I think they have a,
they have a free tier.
I don't know what the limitations are.
Um,
I haven't used it in a while cause
I just don't use a lot of notes
app and notes apps in general, but they,
they do have a,
they have some sort of free tier.
Uh,
you'd have to look at their pricing site
to see how it compares.
I don't know.
I want something that integrates with
NextCloud.
I want NextCloud's Notes app to be just
a little bit better.
It's not terrible,
but it's definitely not on par with
something like Obsidian.
Yeah.
I don't know.
I might drop that idea in our little
database of video ideas.
Circle back to that.
I can't remember why I didn't go with
NotesNook.
Anyways, let me see here.
I think that was, yeah,
Obsidian is not transparent.
And they don't have modes on iOS.
Oh, you might be talking about notes.
Anyways.
Yeah.
Okay.
So with that,
we're going to move on to our next
story.
And this one's actually just going to be
really,
really quick because we have talked to
death about age verification and social
media bans and all this crap.
And we're so, so,
so tired of talking about it.
But unfortunately,
this is happening and it's moving forward.
So that's really why we're bringing this
up again.
This is going to be real quick.
But the UK has now,
from what I understand,
officially decided they're going to ban
social media for children under sixteen.
and also may impose overnight curfews,
which is interesting.
So this will take effect in spring of
twenty,
twenty seven and will imply to platforms
such as Snapchat, TikTok, YouTube,
Instagram, Facebook and Twitter, a.k.a.
X.
And Keir Starmer is so proud of this.
We're going further than any country in
the world by banning social media for
under sixteens.
And I'm pretty sure other countries have
done that, too.
But yeah, this is a man.
I don't I mean, again,
we've we've talked about this to death,
so I'm really not going to say that
much other than just like this is not
going to work.
It has not worked in other countries.
I don't know what makes the UK think
they're special,
that it's going to work for them.
I believe this article pointed out that
this is just going to.
Oh, yeah, yeah.
It's probably where was it?
Yeah, right here, the subheader.
Critics say bans push kids to riskier
alternatives and can be beaten with VPNs,
which we've already seen.
We've already seen kids using VPNs to get
around this stuff in the United Kingdom.
We've already seen them, you know,
what is it,
like using their parents' IDs or using
screenshots from video games?
I mean, this is...
I don't know.
I don't understand what is with
governments this week deciding that like,
oh, we know this thing doesn't work.
There's evidence this thing doesn't work.
There's real world examples that this
thing doesn't work.
Hey, let's do that thing.
So whatever.
But we're mostly sharing to alert the UK
people in the audience and maybe you can
contact your MPs and hopefully get them to
reverse course.
I don't know what's going on over there.
Y'all scare me.
That's coming from an American.
Y'all scare me.
So
Yeah, I don't.
Like I said,
I'd keep that one quick because I don't
really have much to add.
Do you have anything to say on that
one, Jonah?
No, I don't think so.
I mean,
we've been talking about all this stuff in
the UK for quite a while and it
just keeps coming.
I don't really understand.
Jordan has a good point about like China's
doing stuff like that or did stuff like
this in the past and everyone in other
countries kind of lost their minds about
it and they're like, oh,
China's so terrible.
And then all of this stuff is...
just gonna happen everywhere else uh you
know they just kind of yeah it's and
all governments seem to have this this
same motivation for some reason i don't
really understand what it is about like
and i don't know what triggered this
whether it's like terrorist attacks in the
in the nineties or early two thousands or
whether it's like the rise of technology
but i feel like
People just don't really want to stand up
for any of these things or stand against
the government anymore.
I feel like there used to be at
least some more of a movement in society
and modern culture where people distrusted
the government more,
and now it seems like the government just
kind of does whatever they want,
and there's not a lot of pushback anymore.
from people whatsoever.
And I don't know what has really driven
that change or why it's happening,
but it seems like a problem to me.
Well,
I think with these tech laws specifically,
it's like people
I mean,
we see it in our own comments.
People will come into the comments and
they'll just be like, no,
this is a good thing.
Like, kids don't belong on the Internet.
Like, Facebook is so bad for kids.
And it's like, you know,
you I think it was you pointed out.
It's like, yeah,
but Facebook's like bad for everyone.
It's hurting everyone.
And like, I don't understand.
It's I do understand.
It's the Internet is where nuance goes to
die.
But like, for some reason, people,
they seem to think this is a good
thing.
And they're ignoring all the like the ways
that this can go wrong and all the
knock on effects that this is going to
have.
And
That's the part that baffles me.
How does nobody see where this is
inevitably going to lead?
I feel like people used to be able
to see this.
I don't know how true that is.
There's the Boston Tea Party would fight
back against the government.
We did that just because tea sucks.
Oh yeah, obviously.
Hot take.
That's what we're going to get a million
comments on right there.
but like other other things that the
government just tries to to do for for
no reason there's more pushback against it
like uh you know during the the vietnam
war for example obviously there were whole
movements against the sort of thing
protests um
There were protests in the streets lately
about immigration stuff earlier in the
year.
But yeah,
not a lot of the ways that the
government just overreaches in every other
aspect of our lives.
I don't know.
I feel like the UK in particular,
and someone correct me if I'm wrong.
I'm not being facetious here.
Maybe I'm...
maybe i've gotten the wrong impression
from headlines but i feel like the uk
has made it a lot harder to to
protest over there so yeah the uk is
is a whole different piece i have no
idea what's going on in the uk to
be honest um
many more people from the UK to chime
in.
But from my perspective,
it makes no sense.
And I totally agree.
Chicken Little just at the UK makes the
US look like a privacy haven.
And I really do believe that that's true,
absolutely,
which is a very concerning thing because
the privacy in the US is absolutely
terrible.
And not only that, but the US
contributes to so many privacy violations
all around the world,
whether that's through big tech companies
or whether that's through like FISA with
foreign intelligence and all that stuff.
And yet the UK is making,
it's just so much worse right now.
I don't even understand what is going on,
like I said, at all.
There's a reason.
Nineteen eighty four was set in the UK,
right?
Now, I know I've said this before,
but yeah,
like my my wife and I have discussed
the idea of possibly moving to Europe
someday.
And we've thrown around like,
what about here?
What about here?
What about here?
And she's got friends in the UK.
So like that's one of the few places
that she's like,
would you ever consider moving to the UK?
And I'm like, absolutely not.
Like, this is not even a discussion.
No way.
They're the only country that like we do
something and they're like.
hold hold my guinness like now we can
we can do better than that or whatever
whatever beer they have over there so yeah
it's yikes um okay i'm not i i'm
also not super familiar with the uk but
one thing real quick limitless said uh one
thing i don't understand the royal family
is looking at all this mess that the
so-called prime minister just betraying
the laws and doing nothing about it from
what i understand the the royal family
doesn't actually have any real political
power like they have soft power in the
sense that like um they can um
like a celebrity basically here in the us
like they can voice their opinions and
people will probably listen to their
opinions even when they're not qualified
because they're not experienced in that
issue but um you know like they they
can influence public opinion but they
don't actually have any legal power to get
up there and be like no that's not
allowed so i think they actually do
although do they i think they do like
a veto power for sure in technically in
law i think um interesting i think there's
like an understanding
for sure that they don't use it and
it's like it like a lot of their
stuff is ceremonial like it remains in law
but i think a lot of people in
the government would would have a problem
if they actually if they actually did
something so i don't think it ever gets
used but technically it exists i can see
that yeah i think it's more of a
celebrity thing at this point
Yeah,
it's definitely it's it's I actually
remember I took a political science class
in college and it made a lot of
sense to me because it and this is
a little bit off topic,
but like it kind of allows people to
like separate the politics of the country
from the culture of the country,
which I think is.
honestly something America could really
use right now is like,
it gives people the ability to look at
like Keir Starmer, for example,
and be like, that guy sucks.
I hate this guy.
He's ruining the country.
Uh, I don't think that's a hot take,
but for the record,
I'm just using it as an example,
but then also to like, you know,
I know she's dead now,
but like God saved the queen.
Like I love the country.
I love the union Jack, whatever,
whatever the UK version is.
And so like, I,
it's actually kind of a really smart idea
to have like a, a,
a culture isn't the right word,
but like there's the political side and
then there's like this other side that's I
don't know,
the way it was explained to me,
it seemed really smart.
And it's like that is kind of cool
because it allows you to separate,
like I said,
like the politics of the country from the
national identity.
So, yeah,
I think there's kind of that understanding
of like the royal family is really good
for tourism.
It's really good for business.
It does benefit the country in a lot
of intangible ways,
but they kind of stay out of politics
in that sense.
So
And I'm just reading a little bit quick
about what powers the royal family.
does have in the UK.
It's kind of interesting.
They do have that veto power.
It's called royal.
They can withhold royal assent, I guess.
And indeed,
they have not exercised that since
seventeen oh eight.
And pretty much all experts say, like,
you know, if they did,
there would be there would be a pretty
big crisis.
The government might just decide to get
rid of the monarchy entirely,
which they obviously wouldn't want.
But I didn't know this.
They also have a different mechanism
called
uh queen's consent or king's consent and
they can vet bills before they're debated
at all um and apparently that happens
fairly often uh like queen elizabeth ii it
says reviewed over a thousand laws using
that power and has withheld consent in
some cases so i guess technically maybe
they could do something about it but now
that we've reached this point where it's
already like in law uh it's a little
late for them to do anything about it
unfortunately but
Yeah, it seems like a strange...
All of the monarchy stuff seems like a
very strange system to me,
so I don't fully understand it at all.
Yeah.
Listen,
some random lady in puddles handing out
weapons is no basis for a system of
government.
Sorry, I had to.
Before we move on, Dr. Warface said,
have you guys seen Ready Player One?
It feels almost like that.
Yeah, I read it.
I didn't watch it,
but there's definitely...
It's frustrating because good sci-fi
there's a, there's a, um,
a good quote from, uh, stuff.
They don't want you to know the,
one of the hosts there always says that
good sci-fi is only science fiction for a
sort or certain period of time.
So, I mean,
there's definitely any good ways to like,
you look at star Trek and there's a
lot of stuff there that they predicted,
like cell phones basically,
and touch screens and all that kind of
stuff.
And so, I mean, yeah,
unfortunately it'd be nice if more of the
good stuff came true and,
and less of the bad stuff.
Yeah, wouldn't it?
You know,
like the social isolation and all that
kind of stuff.
But yeah,
I think we'll move on to the forum
updates.
So in a minute,
we'll start taking viewer questions.
So the chat's been really chatty so far,
which I really appreciate.
And that's awesome.
But if you guys have been holding onto
any questions,
now's the time to go ahead and drop
them in the chat.
And we'll circle back to those in a
minute,
but for now we're going to check on
the community forum.
And there were a lot of good threads
this week, um,
had a hard time narrowing it down to
just a couple to discuss.
But the first one we're going to talk
about is that there has been a change
to Apple's hide my email.
Um, so this,
this headline I think is just a little
bit sensational.
It says that they're making it useless.
Um, but basically,
so hide my email for those who don't
know,
it's a premium feature if you pay for
iCloud.
and it it's kind of like simple login
or addy it allows you to create multiple
email addresses that forward to your inbox
but um the thing that they're changing is
it used to be that uh it used
to be that all icloud emails both regular
and hide my went to icloud.com but now
the hide my emails are going to go
to private.icloud.com
Um, which is going to make them really,
really easy to block, uh,
which I already kind of have this issue
a little bit with, um, with websites.
It's it's, uh,
like I use simple login and I use
a custom domain and sometimes it's
something that I'm not super attached to.
So I'm like, yeah,
I'll use the simple login, uh,
simple login.com or whatever.
And they're like, no, you can't use that.
But then I'll be like, okay,
so I'll switch to my custom domain and
it works just fine.
Which is weird because they're still the
same MX records, right?
Like they're still both going to simple
login,
but they're clearly block listing it based
on the actual address.
So, um, personally,
I can definitely see that happening for
sure that they're just going to start
block listing.
Because, you know, I mentioned MX records,
like in theory, that's one way.
And I've only seen one website so far
that did this,
but there's probably others.
Like in theory,
a website could block all simple login,
right?
Or all Addy.io because they know that
those are forwarding and they're not like
real email addresses.
They can't do that with the MX records
of iCloud,
but now they can with private.iCloud.
So yeah, I don't know.
This really sucked.
There's really no...
Apple hasn't said why they're doing this.
Some people speculated that like,
maybe they're running out of email
addresses.
Uh, I don't know how true that is,
but yeah, it's, uh, this really sucks.
I don't know.
Have you ever used the,
the hide my email thing from Apple?
You know, I haven't used, uh,
apples myself.
Some,
some apps that I've used in my iPhone
do the sign in with Apple thing.
I've used that on a couple of occasions
when.
Signing up via other means would be like
a super annoying process depending on the
app.
Some are just really annoying to sign up
for compared to sign up with Apple.
But otherwise,
I try to use my normal email aliases
and my password manager whenever I can and
not do Apple's and not do sign in
with Apple.
It's a bummer, though,
because I do see a lot of people
use their current solution as a way to
get around exactly those blocks you were
saying because you couldn't block at
iCloud.com.
So the fact that it was all on
the same domain really gave legitimacy to
all of those private aliases.
I remember when the hide my email feature
first came out for Apple,
we talked about it on one of the
earlier shows and on our forum that it
was a good change,
that they were kind of consolidating
everything on one domain name and that
know hopefully apple doing that would kind
of cause a shift in the industry where
sites would stop like rejecting these
don't email aliases like simple login or
whatever like entirely because you know
apple was officially endorsing it now on
the same domain so if you're not going
to be able to stop that service why
would you even bother
continuing to maintain those blocks in
general um obviously nothing like that is
going to happen because these at
private.iclub.com email addresses are
going to be super easy to block just
as easy as any of these other aliasing
services so
yeah it's a it's a shame that they're
doing that doesn't really affect me
personally, but I know a lot of people.
That i've seen on the forum,
this will impact a lot,
and it was a very commonly used feature
so it's a it's a shame that they're
that they're changing it for sure.
Part of me wonders,
now that you mention it,
do you think it was being abused?
Because I just checked here, and it says,
hide my email is available on every iCloud
Plus plan,
and the cheapest one starts at a dollar
a month.
Yeah.
So I wonder if maybe that was part
of the reasoning?
I mean,
it's certainly possible that that's what
they're trying to avoid.
I don't know exactly what their motivation
is.
In my experience, I will say...
even a dollar a month.
That is usually like enough to dissuade
most people who are going to use things
maliciously because usually people who are
going to abuse a service are also very
cheap and will never pay even a dollar
a month for the service.
So I don't know.
I mean, that's fair,
but I'm also thinking about like
professional scammers where it's like a
dollar a month.
Yeah,
I'm going to make that back in the
first hour as soon as somebody falls for
my scam.
Yeah, maybe.
I just don't know.
But
Yeah.
Yeah.
Like I said,
they didn't state an official reason.
So it's, um, I mean,
the thing is though,
like if you're gonna spend money,
you could just get a custom domain in
most cases.
They're,
they're almost never blocked in the same
way that aliasing solutions are because,
uh,
most services don't want to block like
people's work emails basically.
And that could be any domain.
So, um,
using a custom domain is the easiest way
to get unlimited emails.
So.
I don't see what impact this would have
on super large operations.
Yeah, that's a good point.
Yeah,
I think just to kind of round off
that thought,
I think our official recommendations for
Masked Email are still SimpleLogin, Addy.
There may be another one I'm forgetting,
but I don't think HideMy was ever one
of them.
I've had good luck with custom domains.
I like them because they're portable.
I know there's some concerns about like,
couldn't you be more trackable,
which I think maybe with the rise of
AI,
I could see that being a good argument.
But I think having the data sovereignty
and the portability is probably worth it.
And I think there's probably this is just
me speculating.
I think there's probably not a lot of
automated tracking going on in that sense.
So.
I just don't think it's scalable to make
it worthwhile.
So but yeah,
and then our other I'm going to turn
this other post over to you because there
was a discussion about shelter.
And I know we kind of talked about
that quite a bit in the privacy guides
chat.
And I believe you said you're working on
something as well.
So I'm going to let you take this
discussion.
Yeah,
a lot of stuff going on with work
profiles,
at least in my life at the moment.
We've talked a bit about Shelter for a
few weeks now because there are some calls
to remove it that we've seen on the
forum.
I personally think that work profiles
serve an important purpose on Android.
It's very convenient to have more than,
I mean, even more than two private spaces.
I mean,
because you have the new private space
feature in Android now,
so that creates one basically separate
profile you can access.
from your main profile,
work profiles give you a third.
But also,
there are a lot of Android devices out
there where you can't have a private space
at all.
And so being able to get that second
profile within your main profile is a huge
convenience over either creating multiple
user accounts or, again,
some Android phones don't even support
that super well.
So having that work profile function
or ability is still useful to a lot
of people, especially, I mean,
even like we've seen threads from Graphene
OS, for example,
on social media talking about like some of
the benefits of work profiles.
It seems like Graphene OS's opinion is
that they won't be as useful once they
build a feature that will allow you to
have
many more private spaces, basically.
I think that they've said they want to
enable a feature that lets you have
sixteen private spaces,
which would be great and probably negate
the need for a work profile for a
lot of people.
But that isn't the case in the meantime.
And there are use cases to having three
profiles accessible onto your phone at all
times that you can independently lock and
unlock, etc.
But it does annoy me that
shelter and island are just not the best
apps they they aren't like stellar in
terms of security they aren't stellar in
terms of cross-profile isolation and i've
been trying to use um my android phone
more and i have not really liked having
to use shelter because i just did not
trust it and i think it could have
a lot of problems because it opens
a lot of communication between the
profiles, which isn't necessary,
which I definitely found out the last two
weeks, and it's not super great.
Yeah, personally,
just driven by that frustration with
Shelter,
I have been working on my own alternative
to Shelter, which isn't, you know,
I'm not ready to put it out yet,
but I have been working on it a
lot.
I've posted some information to like my
GitHub, for example.
At the bottom of the Shelter alternative
post,
I actually linked to it because I did,
even though I haven't published any
releases of that app,
I published kind of a comparison between
the thing that I'm building,
and shelter mostly to demonstrate that a
lot of the things that shelter does are
not strictly necessary.
So I mean, the comparison,
if you look at that comparison.md file in
the repo, for example,
It's a long document because I've taken a
lot of notes so far,
and I've looked at a lot of different
things in Shelter's source code to try and
find out if I should even work on
this app as well.
And my conclusion was like, oh, yeah,
actually,
there are a lot of things that can
be done much better when it comes to
work profiles.
So hopefully...
somebody finds that helpful.
But at the very least,
I will be switching to that because I
will trust it a lot more than shelter.
Yeah,
that's kind of all I have to say
about work profiles.
I have also tried to use private spaces
a bit,
but I haven't used them too extensively.
Nate,
you said that you use private spaces a
bit more,
and maybe you can share some of your
experiences
of those compared to compared to shelter?
Yeah, um,
I just started using private spaces
recently,
I'm kind of doing the whole thing where
you,
you put all your proprietary apps in the
private space.
I've had issues with
um, voice to text,
like Duolingo would not recognize that I
was talking to it during the voice
exercises, uh,
which is really frustrating.
Cause I know it worked because I could
open the camera and I could like film
a video.
And when I played it back,
I heard myself talking in the camera.
So like in the private space.
So I know it worked.
Um, but I just,
I couldn't get voice to work for some
reason.
And, um,
But other than that, I mean, it's,
it's been pretty smooth.
They say not to use it if you
rely on, um, notifications,
but in my experience,
the notifications have been pretty timely.
Granted,
I don't have a lot of notifications turned
on and I also don't need them to
be super timely most of the time,
but I really haven't had any issues with
the private space yet.
Um, other than the, the Duolingo thing,
but I will say, uh,
I feel a little bit more not crazy
hearing you say that Shelter is maybe not
as secure as it should be,
because I used to use Shelter.
And it's one of those things where when
something goes wrong,
you can never figure out where it went
wrong,
because I used to have a Calix phone
with Shelter,
and I had a personal signal and a
privacy signal for different things.
And one time,
I want to say it was the privacy
signal, or maybe it was the personal one,
But I remember I opened it one time
and all of my contacts were there from
the other signal.
And not the conversation themselves for
the record,
but it freaked me out because I was
like, oh my God, can people see this?
Can people see, is there cross content?
And as far as I could tell,
nobody could.
Again, it didn't start any conversations,
but it's almost like when you move signal
to a new device and you see all
the conversations there,
but there's no content there,
or maybe that's just me,
because I'm a psycho who doesn't move
content.
But it was like that.
It was like all the conversations were
there and if I'd have sent a message,
it probably would have popped up.
But it just like that freaked me out
enough to where I was like,
I'm not messing with this anymore.
Like, that was not cool.
So ever since then,
I think I switched over to using like
Molly and Signal or something like that.
Just I started doing things differently.
But yeah, that was not a fun experience.
I gave me a heart attack.
So yeah, stuff like that.
If somebody can fix that.
And the reason I never reported it is
because I guess like who's who's at fault
there?
Was that a Calix issue?
Was that a was that a shelter issue?
Was that an Android issue?
Was that a signal issue?
Um, I don't know, but it was, uh,
it was not fun and there's definitely room
for improvement somewhere.
So, yeah.
Hard to say.
I'm hoping eventually Graphene OS has that
private space feature.
An advantage of private spaces is that you
can create them in secondary users on
Graphene OS, for example.
I guess I don't know how stock Android
works.
I haven't used it in a while.
But work profiles,
you can only make on your main profile.
So I've generally when I've used Android,
I have wanted to have a setup where
like I have Google Play services on the
main profile and then non Google stuff in
the private space rather than the other
way around.
But if you do that on your owner
profile,
the main profile on your phone has like
more privileges than all of the secondary
users.
So I always find that kind of problematic.
And I think that's why most people swap
it around and keep all their Google Play
stuff isolated.
But
With private spaces,
I can do that because I can just
have Google Play and the main profile of
the second user and then have a private
space separate from the owner's stuff.
I know that's how Cider Burritos does it.
He has a...
like kind of like we would recommend
setting up a computer, like, you know,
there's your admin account,
but then make a secondary user account and
do everything in there.
Um,
he's got a video where that's how he
uses graphene is he's got an admin account
that he basically never uses.
I think he only uses it to like
install things and push them to the user
account or something like that.
It's been a while since I've seen the
video,
but that's been a kind of common setup
that I've seen as well.
Cool.
Alrighty.
Um,
did you have anything else to add to
that one or.
I don't know if I have too much
else to say,
unless people have questions about any of
that stuff.
But I'm hoping that we can get away
from shelter and use something else.
But I guess we'll see if it all
works out or not.
for sure yeah that's definitely one of the
most powerful things that i like about
android is that ability to have multiple
profiles and yeah work apps and private
spaces and something you can't do on
iphone which is super awesome so yeah i
guess with that we'll move into uh q
a um
I don't think we have much right now.
Cause we've been, uh,
we've been taking questions as we go.
Yeah.
And so normally we start with questions on
the forum from paying members,
but it looks like there was a brief
discussion, um, where just people were,
cause you know, we posted this story.
Uh, we always post,
we try to post the stories as soon
or like the,
so we try to post a thread as
quickly as we can.
I just realized my alarm's going off.
Apologies.
Well,
we try to post these livestream threads
middle of the week based on the best
story that we've found so far.
We were hoping, I think,
that Graphene OS would end up being
available, at least in the alpha preview,
so I would have a chance to test
it out,
but I did not get a chance to
test it out because it's still not
available.
over the air, so that's a bit different.
I think the discussion in that forum
thread was basically wondering when the
stable builds will come out.
I don't know what Grafinois' track record
is when it comes to stable releases.
I don't think it takes that long,
but it might spend a good amount of
time in the alpha or beta stages before
we get to a full stable release.
I don't... Somebody else could...
remind me of their track record.
I just know that they are very quick
about getting something out right away.
But whether they consider it stable,
I am less.
I'm a bit more fuzzy on
Yeah, I'm not super positive myself.
Cause I,
I follow the releases on RSS just so
I can keep updated with the project.
And I know usually, um,
the way they work is like,
that's their announcement that like they
pushed it to alpha or beta or something.
And then after a couple of days,
if nobody has any issues,
they push it to the next stage.
And then after a couple of days it
goes out to public.
So I don't know the exact timeline,
but yeah, I usually see the, um,
I usually see the, the announcement.
I mean,
the announcement's already out and
Android,
just came out a couple of days ago,
so they're, they're very quick for sure.
We got a question here that I think
is a good thing to
cover really quick um what makes someone
think that using a private space to do
things privately when they have like a
personal email on a separate proprietary
profile that used for like google and
stuff um of course this isn't in anywhere
possible with iphones on android uh the
private spaces are completely separate
users basically they just show up in the
same profile so there's total isolation
between that the advantage of um
not doing it the way that I said
and putting Google stuff inside the
private space or the work profile instead
is that you can turn off a private
space or a work profile when you're not
using it.
So that's a good way.
That's a commonly used way to limit how
much Google can access at any given time.
So it really depends on your goals.
But
yeah having i mean it just depends on
what you're trying to do mobile phones are
not super private in general i can't uh
stress this enough because they uh just
are tracking machines there's so many ways
that they can be tracked and tied to
you uh no matter like what you do
on them so there's all sorts of problems
kind of inherent to the platform if you're
super concerned about
like being tracked by your account or by
other apps like google play services
there's really not much you can do about
that in the same profile but
The reason it's more private is because
since those profiles are completely
separated,
if you have Google Play installed in one
of them,
it literally cannot even see any of the
apps that are installed in the other
profile or connect to them in any way,
which is... I mean,
I think that's a huge privacy boost for
sure because it just lets you do things
more selectively.
With stock Android,
it's kind of an all-or-nothing approach to
like...
You have Google Play services installed,
and it has to see all of your
data, basically,
and there's nothing you can really do
about it.
Whereas these profiles give you some
separation if you can do that.
But it depends on how well you can
compartmentalize your stuff,
because if you need all of your apps
to be in the same profile for some
reason,
then obviously it's going to have less
benefits.
So it kind of comes down to how
you use your phone.
That's kind of all I have to say
about that.
Yeah, I don't have anything to add.
Those summed it up pretty well, I think.
I don't know if we have any more
questions this week.
Last call for questions, folks.
I like this...
this thread on the forum that I just
saw for your consideration privacy not
from the big short I like the big
short just as a movie a lot I
think it's a really good movie but I
thought that was very funny as well how
Ben record is like super privacy obsessed
he won't answer phone calls he has like
a million phones and he's worried about
the NSA logging all of them they just
sent a picture that I just thought it
was funny
I did not see that movie at all.
Oh, you're missing out.
That is a really good movie.
I don't know.
Oh, no, no, no.
I'm thinking of Dumb Money.
Oh, that movie was... I mean,
that was awesome.
That movie was just okay.
I haven't seen the big short either,
but I just remember seeing the previews
for it, and I'm like, yep,
this looks like one I can miss.
I have a very limited amount of free
time,
and I try to dedicate my stupid movies
to sci-fi, so...
Dumb money you could probably miss.
I mean, that was all GameStop stuff,
but yeah.
The big short was a good one.
And like, yeah, in that scene,
he was like,
somebody had to call him and he was
just like,
you're not supposed to use this number.
And he hung up right away.
They were saying like,
you should do that to all your family
members who try to message you on like
WhatsApp or something.
Just say,
you're not supposed to use this app.
That's that's honestly one of the reasons
I got it.
That's one of the reasons I got my
stepdad on signal because I have a my
pseudo number specifically dedicated for
signal and he would constantly
He actually had two different numbers
because I had one for signal and then
I had a separate one for like friends
and family that don't use signal for
whatever reason.
And when when my mom passed away,
he basically took over her phone for like
reasons.
And basically his phone broke.
Long story short.
And so he started using my mom's phone.
but he didn't know how to use signal.
And so he would like call me on
both of those numbers.
And so among many reasons,
that's one smaller reason I got him on
signal is because I got tired of getting
his phone call from like two different
number or like, you know,
he would call me on like either number
and it's just like, Oh my God,
just here,
you signal everybody's on signal,
do everything on sick,
which has worked out great now.
So now,
now he's in the family group chat with
the rest of us and you know,
it's a lot of fun, but yeah,
it was.
Yeah.
Without any more questions,
we can probably wrap things up,
I would say.
I think so.
Yeah.
It's been a good week.
Do you want to take the outro,
or should I?
Up to you.
I'll take it.
You did the intro, so...
All the updates from This Week in Privacy
will be shared on the blog every week,
so sign up for the newsletter or subscribe
with your favorite RSS reader if you wish
to stay tuned.
For people who prefer audio,
we offer a podcast available on all
podcast platforms, and again, also on RSS,
and this video will be synced to PeerTube.
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
you can make a donation on our website
at privacyguides.org.
To make a donation,
click the red heart icon located in the
top right corner of the page.
You can contribute using standard fiat
currency via debit or credit card,
or you can donate anonymously using Monero
or your favorite cryptocurrency.
Becoming a paid member unlocks exclusive
perks like early access to video content
and priority during the livestream Q&A.
You'll also get a cool badge on your
profile in the forum and the warm,
fuzzy feeling of supporting independent
media.
So thank you all so much for watching,
and we'll be back next week.
See you, everyone.
