Did Signal's Founder Create the Most Private AI?
Hello, everybody.
Welcome back to This Week in Privacy.
This is our weekly series where we discuss
the latest updates with what we're working
on in the Privacy Guides community and
this week's top stories in the data
privacy and cybersecurity space.
The stories this week include Moxie
Marlinspike's new AI chatbot,
a new privacy services alliance,
a new advanced Linux malware, and more.
I'm Jonah,
and with me this week is Nate.
How are you doing, Nate?
I'm good.
How are you?
I'm doing great.
Thank you.
For those of you who are just tuning
in for the first time or might not
know,
Privacy Guides is a nonprofit which
researches and shares privacy-related
information,
and we facilitate a community on our forum
and matrix where people can ask questions
and discuss
get advice about staying private online
and preserving your digital rights.
So we always kick off the show with
what we've been working on at Privacy
Guides this week,
and I'll hand it over to Nate to
share a bit about what he's been doing
on the video side of things.
Awesome.
Yeah,
so there's been some exciting
developments.
For those of you who didn't know,
we have a new video now out to
the public.
It's loosely based on Em's written article
that privacy is like broccoli.
So if you haven't checked that out yet,
please go check it out.
Very proud of everyone at the team.
It's obviously, it's not just me,
Jordan edited and everybody helped double
check the writing and everything.
So yeah,
we're continuing to work on our video
courses, the smartphone security guide,
and I believe there's still some work
going on.
Well,
there's definitely some work going on on
the threat modeling course.
And I also,
Just came in.
I yesterday recorded a new video about,
I should know what this was.
I just recorded it when I'm drawing the
blanks.
Private browsing.
That was it.
Yeah.
Yesterday I just recorded a new video
about private browsing and that will be
coming out very soon as well.
we have uh yeah we've got a lot
going on behind the scenes it's hard to
keep track of all of this um i
can share some other updates on our end
um most notably if you missed it last
week um we had some personnel changes um
our wonderful intern kevin is no longer
working with us his internship ended um so
he's moving on to other projects but um
it was a great experience working with him
i'm super glad uh that we got the
chance to do that and i hope to
see kevin um
hopefully stick around on the forum and do
some volunteer,
maybe some one-off projects with us in the
future.
But of course, that's up to him.
We'll see how that goes.
But I just wanted to, again,
thank Kevin for all of his work and
explain a bit about what the show is
going to look like going forward.
Of course,
it's going to be mainly Nate and I
or...
hosting this show.
Jordan may be hosting some episodes as
well, like they used to.
But that'll be kind of the roundup for
this week in privacy going forward.
Besides that,
we published several news articles this
week at privacyguides.org slash news.
There were Instagram password resets in
the news, RCS potentially in the iOS,
which I believe we're going to talk about
later in the show.
Threema,
which is a pretty popular end-to-end
encrypted messaging app,
was recently acquired by another private
capital firm.
There's some vulnerabilities in AI agentic
browsers.
There's news about Windscribe and their
partnership with some other privacy
services,
which is another topic that we're going to
cover in more detail here in the show.
And an article on the WhisperPair
Bluetooth vulnerability.
So definitely a lot of cool stuff coming
out there.
Freya has been working really hard getting
timely news briefs and news updates out on
our site for people who are interested in
that sort of thing.
So if you want to keep up to
date with that,
definitely give the privacyguides.org
slash news site a follow or follow it
on various social media platforms or the
news category on our forum,
which is where all of these articles are
posted.
I also want to highlight an article that
I wrote a year ago.
I know with a lot of political news
going on in the world,
I think it's just always a good time
to maybe give a reminder of this.
We do have an article on smartphone
security and keeping your smartphone safe
if you are attending any events.
In person like protests or activities like
that if you're an activist or you're a
journalist who needs to be sure that your
baseline security for your smartphone is
up to speed definitely give this article
or read, we will.
I'll have a link to this in the
show notes when we send this out later.
But yeah,
just since the article is a bit old,
I wanted to resurface it here.
I think off the top of my head,
that's all of the major updates we've been
working on at Privacy Guides.
It's been a pretty busy few weeks for
me.
We've been working on a lot of things
behind the scenes.
And if you're a regular member on our
forum,
you may have seen some of the notes
from meetings that we've had,
and we have some future stuff that we
have to work out.
still in the works.
But I think that's kind of everything for
now.
Nate,
if you don't have anything else to add
in terms of Privacy Guides updates,
I think I'll hand this over to you
to share some of our news stories,
maybe our first one.
yeah all right so we uh our our
headline story this week is about moxie
marlin spike's new ai chat bot this has
been kind of making waves for those of
you who don't know who moxie marlin spike
is you probably at least know uh his
work which is the signal messenger uh
moxie created signal he passed off the
reins to the current president uh
Well,
I don't know if he picked her necessarily,
but he passed off the reins.
And now who has taken over is Meredith
Whitaker, who, yeah.
Anyways,
she's doing a great job with Signal.
But he moved on, what was that,
about a year?
No, more than a year ago.
My sense of time is all messed up.
But he's been kind of laying low,
actually.
At least I feel like.
I certainly haven't heard his name in
quite a while.
And now it's popped up with this new
chatbot called Conferr.
And I believe the link for that is
confer.to if any of you want to check
it out.
But it's very minimal right now.
And what really sets this one apart is
this might be, to my knowledge,
the first really private AI chatbot on the
user side.
And we're going to dig into that in
a little bit.
But...
You know, things like,
which this article here does unfortunately
incorrectly say at the end,
things like Lumo, things,
as far as I know,
things even like Braves Leo,
I could be wrong about that one,
but they don't really protect the user.
They're basically like a no log VPN for
LLMs.
They promise they won't keep your logs,
but technically they can access them.
Um, if there was a situation like, uh,
you know, famously years ago,
proton was forced by law to monitor a
certain account and record the IP
addresses.
Cause they were trying to figure out who
was behind that account.
Not they proton, the,
the authorities were trying to figure it
out.
And, um, you know,
eventually they were able to do that.
So this, uh,
this is kind of in the,
this is the first time that they're trying
to create something more like signal
where, uh,
That's not even possible.
It's all encrypted from start to finish
for real.
And yeah, it's, I mean, it's, okay.
So if you go to the confer.to website
and you click on the blog,
you can dig in there and there is
some like really
There's some really technical details.
I don't think there's any code or
anything.
I mean, the thing's open source,
so you can go look at the code
if you're that technical.
This Ars Technica article, I think,
does a pretty good job of dumbing it
down.
And basically,
it really relies on what are called
trusted execution environments.
This goes way over my head,
and I'm sure Jonah can probably break it
down a little bit simpler.
But basically, the way they describe it,
they say it prevents even server
administrators from peeking at or
tampering with conversations.
And they talk about how it's designed
where you can access it from different
devices,
and it can synchronize just like Signal.
And I don't know.
It's really cool stuff.
Before I jump into the next part of
this thought, Jonah,
is there anything you want to add?
Yeah, so I don't know.
I'm probably less excited about this
Confer stuff than other people I've seen
in the community.
All of this private AI stuff has been
trending quite a bit lately,
and they especially rely on these trusted
execution environments.
TEE's Confer is now different,
but we've seen
For example,
if anyone wants to look into this later,
we've talked a lot about Maple AI on
the forum,
which uses a similar technology to kind of
validate the security of how these AI
models are being run in theory.
And basically what these trusted execution
environments are,
are
features that are built into the CPUs of
servers that these models are running on,
where they can run a certain set of
code and it can be validated by the
hardware that the code hasn't been changed
or modified in theory.
So if an AI service, for example,
like Confer is releasing an open source
model and they're saying this code is
what's running on here,
the hardware should, in theory,
ensure that they're not swapping out that
code behind the scenes and it might
protect you.
The problem with TEE is that there are
quite a few limitations,
and it wasn't really designed to protect
against the operator of the server from
potentially being a physical attacker
here.
And so we've seen security experts like
Matthew Green, for example,
on
on Twitter caution against the use,
or not against the use,
but against relying too much on TEEs for
the security of AI models because they
can't provide the same type of guarantees
that full end-to-end encryption can
provide.
That's simple math, whereas this is
a bit more policy based.
It's certainly a step better than,
you know,
them just saying they're not going to look
at it,
but not really doing anything about it.
But it's nowhere near the guarantees that
you're going to get from end to end
encryption.
And so it's tricky to say that any
of these are truly private because
While some AI models like Lumo,
for example, or this one or other ones,
they will use end-to-end encryption for
the storage of your chat logs.
They don't necessarily, well,
they don't at all use end-to-end
encryption on the chat as you're chatting
with it.
And they can theoretically read that chat
or log it.
at that time.
And there isn't really any way around this
because these AI servers,
they need access to your data in order
to run the AI query on it.
And so that's why
I think all of these cloud AI models,
they don't probably reach the level of
privacy that a lot of people are going
to want from AI,
especially for some of the things that
people are using this for.
I think we're going to maybe talk about
this in a bit,
but I know there's a ton of stories
about how AI is starting to be used
for health stuff and personal,
very sensitive information.
And these protections, in my opinion,
don't really go anywhere.
too far or far enough to protect that
data, unfortunately.
That's kind of how I would describe the
technical side of things.
I know there's a lot that we want
to talk about that isn't necessarily
technical,
but more just privacy concerns with AI in
general,
beyond the pure security of the system.
But yeah,
I definitely want to create the
distinction between TEEs,
like better being used,
In this case versus end-to-end encryption,
because end-to-end encryption,
it's a whole different ballgame,
and it's much better security,
and AI is not providing that in any
of these cases.
Cool, yeah,
and thank you for clarifying what I meant
when I said that most other, like Lumo,
is more like a no-logs VPN in the
sense that they can read your chats,
they just promise not to store them.
And they do store them in a way
where they can't read them,
but while you're having that chat,
they totally could.
And that's what this is supposed to do
differently.
But yeah, let's,
because I'm excited to get into this,
let's go ahead and talk about,
towards the end there,
you mentioned that this is all fine and
nice from a technical perspective,
potentially,
Um,
but this doesn't solve a lot of the
privacy concerns with AI and, um,
Man, this is really good.
So just to kind of give listeners a
tiny peek behind the curtain,
we have a weekly meeting,
a staff meeting at Privacy Guides.
And part of that discussion is always what
story do we think would make the best
headline story?
And when we talked about this,
our staff member, Em, had an amazing,
a lot to say, really.
She didn't just make a point and she
gave a really good talk.
I guess you could call it that.
But anyways,
she pointed out that something that we
never really talk about,
and I'm sure some of you guys have
thought about this,
but I personally have never thought about
this before.
And AI really,
at least in its current form,
can't be made private.
Like maybe it can from the end user,
but that doesn't count the data and how
the data is scraped.
And it's...
I think a lot of us know that
anything you put online you should treat
as,
you know, being public.
At least that's something I've always been
able to say,
or that's something I've always said in
the past is anything you post online,
be prepared for it to be breached or
anything like that.
But even so,
that doesn't make it right for these
companies to go around scraping all this
data without consent.
And I do want to acknowledge there are,
I know there's at least one AI that
they're trying to, or not, well,
I guess you could call it an AI,
a training set they're trying to create
that is drawn from
consenting users but at this time there's
really no mechanism like that i think uh
i think creative commons is currently in
talks to create a flag where basically you
can say oh yes i consent to let
ai train on this data but certainly chat
gpt anthropic uh whatever some of the
other ones are out there i don't think
any of them have ever respected that
because they existed before that was a
thing and we already know that there's so
many stories about like uh
Copyrighted material,
the Harry Potter books,
the New York Times is currently in a
lawsuit where there's so many stories
where we know that this is what's
happening.
They're training on data that is not
licensed for free use,
that is not consented to.
And yeah,
that's a trickier thing that I don't think
can be solved in a technical way.
Any thoughts on that one, Jonah?
Yeah,
there's so many concerns with the privacy,
and I totally agree with what Em had
brought up in our meeting and on Mastodon.
A lot of these things that are being
built right now,
they're being just used in very un-private
ways, and it requires harming privacy,
exactly like you said,
in order to build these things in the
first place.
And so it's very concerning what's going
on with AI here.
Yeah,
I think she summed it up pretty well.
So I'm not sure if I have anything
else to add beyond that off the top
of my head.
Sorry,
I was just looking at the chat here,
seeing if something was coming up.
So I was a bit distracted.
But yeah,
I think that's kind of where I'm at
with that.
Yeah,
we're trying something new on the back end
here, and there's a lot of moving parts.
Yeah, let us know.
Definitely, if you're watching,
leave a comment how the stream is going
in terms of quality.
Or if you're chatting on a different
platform,
let us know and we can see if
that shows up.
Because, yeah,
we have a bit of a different setup
than usual.
But, yeah, going back to AI, I mean,
it's...
I don't know.
I feel like there's not much to add
to that statement,
but it's to what Em said.
But it's such a â to me, again,
I thought it was really enlightening
because I've never thought of that before.
And it feels so â because I've seen
some people say,
particularly in the Mastodon post that Em
sent us where she kind of put all
these thoughts into words.
And someone argued,
like I said at the top, it's like,
well,
you post anything online and you know it's
going to be public.
And I think this kind of falls under
â
A long time ago,
I wrote a blog post where I made
the argument that there's a difference
between an expectation of privacy and an
expectation to be stalked.
And, you know,
I've been in situations where because I
have, you know,
very visible arm tattoos for those who've
never seen my arms before.
And I usually wear short sleeve shirts,
especially in the warmer months.
And I've had many times where, you know,
I've had like there was one time I
went to the store and as I was
leaving the store,
a friend texted me and was like, hey,
I just saw you at the store.
And I'm just like,
How did they know it was me?
And this was like during COVID.
So like everybody had a mask on.
I'm like,
how did they know it was me?
And then I'm like, oh, right.
Duh.
But and, you know,
I'm not mad about that.
Right.
But the difference is that friend didn't
then immediately like get in the car and
follow me around town as I ran errands
or went back home or whatever I did.
And it feels different when, you know,
you post something publicly and sure,
somebody might see it.
Somebody might get upset.
versus that might get scraped up.
That might get added to a data training
set.
I personally have, and many people do,
I have disappearing messages enabled on
Mastodon because I want them to go away.
And if they get caught up in a
data training set,
having a hard time talking tonight,
then they never go away.
They're there forever.
And it's just such an interesting
perspective that I never considered.
Because when we look at these new
technologies,
I think there's two kinds of problems.
There's technical problems and then
there's,
I don't know what I would call them,
but there's all the other problems.
And technical problems to me are things
like the energy usage.
And for the record,
I am not trying to downplay this,
but the energy usage of AI is really
bad for the environment, right?
That's a technical problem.
As we go, I think,
not to sound overly optimistic,
but I think we'll learn how to make
more energy-efficient data centers.
We'll learn how to maybe switch to
renewable energies, maybe someday,
eventually.
And all these things that can reduce the
environmental impact of AI.
But then there's the other things like...
what we were just talking about,
the fact that all this privacy data was
taken,
the fact that this is potentially putting
people out of work, you know,
these are much harder things to solve.
And maybe there is a solution if you
want to be an optimist,
but I think starting this discussion is
certainly part of that, you know,
finding that solution if nobody's talking
about that side of things, for sure,
because
I don't know if I said this,
but we usually think of privacy as the
end user, my prompts and that stuff,
the responses.
But I feel like we don't talk enough
about the training data in the sense of
the privacy invasion from it.
So yeah, it's really interesting stuff.
Absolutely.
And beyond just the training aspect of it,
I think...
like AI has definitely shown that privacy
has never really been more important in
protecting your data online because we
could talk about this other story that we
have.
This was reported by four or four media
talking about Grok's AI sexual abuse
material that it's generating on Twitter
right now or X.
And I think it also shows that like,
You have to be careful with the data
and images that you're posting online,
especially personal stuff,
because now people can basically use these
models.
They're getting better and better at
creating very photorealistic things,
and they can take innocuous images or just
selfies or any images of people and turn
it into stuff that you probably don't want
to see or don't want on the internet.
And certain people are going to be more
affected by this than others.
But I think that...
You know,
AI is creating a very dangerous
environment right now where any data that
you put out can potentially be misused or
blown far out of proportion,
far beyond what you originally intended
when you were maybe making a post.
And I think it's just, I don't know.
AI, I think,
has created a lot of terrible situations
all around in terms of privacy, for sure,
and in terms of safety on the internet.
And I don't really see a way that
it's ever going to be rectified.
There aren't a lot of great solutions
here.
And so it makes me very hesitant to
recommend or use AI in any
capacity because it's just creating it's
really creating a monster that we don't
really know how to how to control and
it's not a good idea I think for
people to become reliant on tools like
this and use it like in their everyday
lives for for all sorts of things because
you know, eventually, you know,
it's either going to create these
dangerous situations or it's going to have
to be reined in by these tech companies.
And then you're in a situation where,
you know,
tech companies are kind of censoring the
stuff that you can create online.
There's always a censorship problem,
I think,
with a lot of these centralized services
and big tech services where outsourcing
all of your control to these centralized
cloud providers instead of trying to do
everything yourself puts you in a very bad
situation.
We see it all the time in other
industries,
and it's something that I think we can
catch right away and try to avoid going
forward.
I don't know what the general vibe for
AI is among the general population right
now.
I don't think AI is a huge thing
for most people outside of the tech
sphere.
And I think most people are rejecting AI
right now, which is probably...
probably a good thing because it it just
seems to be creating a lot more harm
than good right now in so many different
ways yeah that's fair and to be clear
when i when i kind of um
when I kind of take a potentially
optimistic approach,
I'm not necessarily trying to be pro AI.
I'm just, I'm trying to be fair.
I'm trying to point out, cause you know,
one,
and this is definitely not a one-to-one,
this may even be a disingenuous
comparison, but,
One comparison I keep hearing people make
is newspapers.
When newspapers first went to mass print,
we had a huge problem with misinformation
and disinformation and what's now called
yellow journalism,
which is â we still see to an
extent the super sensational just making
things up out of thin air because it's
scandalous and it sells.
I think now we call it clickbait.
But we â
That was eventually something that we were
able to mostly figure out by creating
legislations and having these very strict
slander laws and things like that.
And to be fair, laws are retroactive,
right?
Like laws work after the fact,
after somebody has already been harmed.
So I'm not saying that's a perfect
solution,
but I think we can agree that in
the end,
newspapers ended up being better than they
were.
So that's kind of the lens I'm trying
to look at this through is like,
what are we looking at in terms of
some of these problems are technical
problems that can be solved,
but then others like you're right.
It's, it's,
I think going back to the whole training
data thing.
Okay.
We create,
let's say we created a system where people
have to opt in to have their training
data scraped up by AI and whatever that
looks like, whether it comes with a, like,
what's the word I'm looking for?
Compensation or whatever.
Would that be enough?
Because that's what makes AI so quote
unquote good or effective is that it just
has obnoxious amounts of training data.
And I would be surprised if enough people
opted in to really make AI as effective
as it is now.
And again, to be clear,
I'm not saying like, oh,
people should opt in.
Like, no,
it's your content that you're creating.
Do whatever you want with it.
But it's just,
it's kind of backing up what you were
saying, Jonah,
about if
we may be facing something that there may
be no way to use it privately.
And I think that is,
I agree with you.
I think that's really good that people are
opting not to use this,
but I do worry for people.
We had at least one person in the
forum who said that they're in a field
where it's becoming increasingly difficult
to navigate that field without having AI
on your resume because it's,
I don't even know what businesses are
using it for,
but apparently everybody wants you to be
able to learn AI,
whatever that even means.
I don't know.
And so I guess know how the prompts
work.
I really don't know.
But if you're in a field where you're
like, I don't like to use AI,
even if you just don't like it,
I don't see a use for it.
I don't see a value.
I've tinkered with AI in the early days
and-
There's a few things it does really well,
but overall,
I don't see how it became this trillion
dollar industry that's propping up the
entire US economy.
It's just not that, for me at least,
it doesn't do that much.
So if I were in one of those
fields where they're like, well,
how often do you use AI?
Hardly ever because it just doesn't â I
don't have a use for it.
It doesn't do anything for me.
And anyways, yeah,
my point being what I'm trying to get
to is it's unfortunate that some people
are in a position where they're now stuck
where they have to show that they know
how to use AI.
And I don't know.
It's like â
It's like phones,
like phones are not really private, right?
And it's hard to make them private.
And some people can afford to not have
a phone.
They can work in a field or they
can be self-employed where they don't have
a phone,
but not everybody has that luxury.
And it's really unfortunate people are
being put in that situation.
Yeah,
I think you bring up a really good
point,
especially with the whole like having to
maybe opt in or like consensually sharing
your data with AI.
This is something that really bothers me
about the current AI landscape, actually,
because I think these tech companies have
kind of created this situation where now
that they've created the problem and all
of these problems that AI causes.
now they're trying to sell you on various
solutions to try and take control of it
after the fact and it's like these these
problems wouldn't exist without all of the
ai that's being pushed on consumers from
these tech companies fairly irresponsibly
um i was just looking i mean we
were just taking a look at youtube studio
the other day and looking at um some
of their like likeness detection features
and how that's going to require me to
you know scan my face and send them
my id if i want to
you know,
monitor YouTube for people who are
potentially creating AI generated videos
of me, for example.
And this is not a position that I
think people should be putting in the
first place because it's just yet another
thing in a long string of events where
tech companies create these problems as an
excuse to try and get more and more
of your data.
And now I have to share even more
data with Google that they didn't
necessarily have before because of the AI
problems that they've created.
And I'm sure that this is going to
be commonplace
On other platforms, if it isn't already,
it'll be coming soon.
And I'm sure there's not going to be
a single way to opt out of it
everywhere across the internet because
there's just no coordination like that.
And there isn't really a great way to
do it privately.
And so by just accepting AI and kind
of normalizing all of this,
that's just kind of the society that we're
creating here.
We're just losing the ability to control
who has access to our data and who
benefits from it.
And unfortunately, at this point,
it seems pretty clear that the only people
who are really benefiting from having all
of our data is
these big tech companies.
So I don't know.
It's ridiculous, I think.
Yeah, for sure.
The normalization,
that's a huge problem with privacy, right?
As privacy advocates,
it's so normal to use these tools that
it sometimes can, I don't know, it's...
I'm sure a lot of us have been
in that situation where it's like, oh,
I don't have Facebook.
What do you mean you don't have Facebook?
And they like, I don't know.
Usually when I say that,
people are just like, whoa,
that sounds awesome.
And I'm like, yeah, just delete it.
It's not that hard.
But I also know some people have just
been met with like, you know,
they're isolated now because it's like,
oh, well, you're not on Facebook.
So I didn't send you an event invite
because apparently you don't exist
anymore.
So yeah,
when you use that word normalization,
that really jumped out at me.
That's such a problem with a lot of
these privacy invasive texts is they
become normalized.
I don't have any more thoughts to add
to that one.
Do you have anything to add before we
move on to our next story?
I think that kind of covers all the
stuff I was thinking about with AI.
So we can take a look at our
next post here.
This comes from the Windscribe blog,
actually.
The headline is,
Windscribe partners with Kaji, Notesnook,
Addy.io and ENTI to create a privacy
focused alliance.
And so basically,
what Windscribe has done is they've
partnered with all the services I've just
named to give people kind of exclusive
discounts or deals on all those services
if you're a Windscribe user.
And I know this is I don't remember
if we've talked about this in a previous
episode,
you can remind me but I know ENTI
has done a similar thing with other
services in the past.
And it looks like Windscribe is kind of
joining in
on that initiative.
So I think it's pretty cool what they're
doing.
I guess the question that we would
probably want to talk about is how do
we feel about these privacy alliances?
Do you have any opinions?
I have a couple of things to say
for sure,
but I can let you go first.
I got to be honest,
I think this is the first one I've
seen,
or at least the first one on this
scale, for sure.
I don't really have too much of an
issue with it personally.
I think the thing that disappoints me is
that a lot of these are like Addy.io,
Addy.io,
twenty five percent off the first year.
Same thing with NT,
twenty five percent off for the first
twelve months.
I think.
I don't know.
Maybe it's just me being cheap,
but I'm one of those people that if
I'm going to sign up for a discount,
I would like to continue to have that
discount.
But I mean,
at least they're being upfront about it.
But I don't know.
I think...
I don't have too many issues with it
because I think wind scribes, uh,
their logic makes sense.
You know, if,
if you read the blog posts that they
put out, they said, uh,
like why a privacy focused partnership
instead of just like building a suite in
house.
And their answer is basically
compartmentalization.
You know, if, if you compartmentalize,
then.
If any one of these services goes away
or becomes compromised or what have you,
then it's just that one service.
It's not across the board.
It's not your entire account.
And I think they make a really good
point there.
And also one thing they didn't say,
but one thing I've historically said that
I really believe that is that when you
try to do everything,
usually you end up doing everything kind
of poorly.
So I would definitely prefer like
Windscribe.
We're going to focus on our VPN and
we're going to make a really good VPN
and we're going to let NT handle the,
or NT handle the photo storage.
We're going to let Kagi or Kaji handle
the search and, you know,
which I've heard really good things about
Kaji.
I still haven't used it myself,
but I've used NT.
I'm very happy with it.
So yeah, it's,
it's kind of nice to see that, um,
that specialization there the only thing i
can think that might kind of not be
great is a lot of uh quote-unquote normie
users are really big fans of they want
the ecosystem right they want like that's
one of the amazing things about google
right is you get an email and it
says hey let's have lunch on the and
it automatically asks do you want to add
this to your calendar or it used to
ask i think now it just does it
but i don't use google anymore so i
have no idea um
And it adds it to your calendar.
And then when you send an email and
you add an attachment that's too big,
it's like, oh,
do you want to just one click,
add this to Google Drive and send it
that way?
And they make it so seamless and
everything works together.
And so that is kind of the argument
for things like Proton, for example.
If you don't use them, that's fine.
You don't have to.
But it's a really compelling alternative
for people who want that ecosystem.
And that's kind of the only thing I
could see getting in the way from my
perspective is some people may say like,
well,
why would I sign up for six different
services when I could
just go somewhere else and get it all
at once but yeah i think those are
kind of all my thoughts absolutely i i
totally agree well i'll go through a
couple of your points i think the the
first thing that you mentioned how some of
these discounts aren't lifetime plans i
think is really unfortunate because i do
think that the the the big draw for
for this um for a lot of people
would be to escape an ecosystem like like
proton um i i understand all your points
about the ecosystem and definitely a lot
of people are
into that sort of thing.
And I definitely use a lot of Proton
services myself personally,
but I also know a lot of people
who don't want to put all of their
eggs in one basket and they don't want
to use ProtonMail and ProtonDrive and
ProtonVPN, right?
And they would rather like trust
individually vetted individual services.
And I think there's also something to be
said about companies that really just
specialize on doing one thing and one
thing
really well,
like Haji with Search or NT with Photos,
for example.
I think all of these privacy services and
companies still exist in a pretty niche
market,
and I'm glad that more people are
becoming concerned about the security and
privacy of their data,
and they're switching to these services.
But there's, you know,
there's still a lot of growth to be
had in this sector.
And I think that prevents a lot of
companies from growing super big at the
moment.
Proton, I think,
is a is a good exception.
But I know Proton
people have a lot of complaints about how
Proton is slow to add new features or
they're not integrating all of their
products properly or that sort of thing.
And it's true.
And I think it's just really hard to
build like a full ecosystem right off the
bat.
And if you could have all of these
separate teams that are much more
streamlined,
they don't have to worry about integration
as much.
They can just focus on their own features.
Like Windscribe can just focus on trying
to be the best VPN they can be,
for example,
and they can leave
like cloud storage and search and photo
storage to these other companies.
You know,
I think that's really beneficial and would
help a lot of companies.
But if you're only giving away like trials
or limited time discounts,
it's
It's not going to be very compelling just
from a cost perspective, unfortunately.
I'm not sure if there's a super great
way for a coalition of these companies to
work together on something like that,
or if there's an opportunity for someone
to sell bundles.
Because at the end of the day,
especially with most modern payment
systems right now, you have to...
have like one central company that's in
charge of billing and that's obviously
going to give that company whoever it is
a lot of power over the other companies
in this in this coalition right and so
i'm sure there's probably some
cryptocurrency solution to this where
everything could be decentralized and
split up but not everyone is going to
pay in cryptocurrency um
But I would maybe want to see a
solution that's more integrated than this,
where it's not just like exclusive
discount codes,
but maybe it's a bundle where you could
sign up with any of these services and
get billed through the service of your
choice.
And that might decentralize it a bit,
but then you get access to all of
these other services for the lifetime of
the bundle.
And I think that that would be a
lot more compelling for a lot of people
who are switching from something like
Proton,
that kind of
includes many of the things that are being
sold here.
How that would work exactly, again,
I don't know.
But I think that that would be the
biggest draw for a bundle of privacy
products like this.
And it's kind of a shame that
They're not doing that right now,
but maybe they'll go in that direction.
For now at least,
I guess if you're a Windscribe user,
this is a pretty good opportunity to use
some of the services that we recommend.
We haven't recommended or evaluated all of
the services,
including Windscribe itself on privacy
guides.
I know there's a lot of discussions on
our form if people are interested in
learning about pretty much all of these.
But yeah, I think...
that would be the direction that I would
want to see something like this go in.
And we'll see if that happens.
Yeah.
And just to back up what you were
saying, I totally get the appeal of not,
like the compartmentalization is the
appeal for some people, right?
Like you were saying, like, sure,
there are a lot of people who want
the ecosystem,
but there's also a lot of people who
want whatever the best thing is.
You know,
if you think Mulvad is better than Proton
and you would rather use Mulvad and you
kind of,
mix and match.
I think that's great.
And I do agree with Windscribe that that
is certainly more secure from a
compartmentalization perspective.
But yeah, I'm with you.
I think really,
even if you want these disparate services,
it would be really cool if there was
some kind of... If it was...
I don't know.
This feels to me like...
this feels to me a lot like the
concept of a sister cities,
which I've never really understood.
It's like, Oh, we're gonna like,
I swear to God,
I've lived in places that like the sister
city is in like Russia.
And I'm like, how?
Like I'm in Texas.
How, what, what, what's going on?
And you know, it's,
it's really means nothing.
It's just some kind of like cooperation.
They're like, Oh,
maybe you should check this place out.
We've, you know, shook hands or whatever.
And
And, you know,
I don't mean to downplay this to that
extent,
but it feels very similar that it's kind
of like, well,
we just got together and agreed we all
like each other and we're really cool.
And they are really cool services.
Again, I want to stress that, but.
It would be nice to see something that's
a little bit more cohesive, I guess,
or benefits the user a little more other
than just some kind of like temporary,
which again,
I think some of them are like permanent,
right?
I think at least one of them was,
I'm trying to pull the page back up
here.
Notes Nook was a permanent discount.
As far as I'm seeing.
And I think there was one other one.
There's not any, well, Control D,
but that's also run by Windscribe, so.
oh okay okay that's the one i was
thinking of yeah fifty percent off control
d um so yeah it would be yeah
lifetime discount that's dope but yeah so
it would be cool to see something a
little bit more cohesive like that but i
don't know at the same time it's like
that could be a really cool i'm i'm
trying so hard to get a lot of
my family members to try ente because you
know most of them are just in google
photos apple photos whatever phone they're
using and
Yeah.
So maybe, I mean, if nothing else,
maybe this could be a nice like, hey,
here's twenty five percent off.
Give it a shot.
So totally.
I really like your sister cities analogy,
actually,
because that is kind of what what this
is.
I know.
I think all of those sister city things
are like with international cities and
there isn't much like true connection
between them.
And that is sort of what this feels
like at the moment.
Like it's a lot of disparate services
where you can get like, you know,
that there's cross promotional stuff going
on.
There's
limited time discounts,
but there isn't a true partnership or
working together on something extremely
cohesive.
It's just awareness.
Windscribe is probably for the most part
just making people aware of these services
more than providing an actual long-term
value for their users.
But I think awareness of other privacy
companies is certainly a good thing.
So I'm not going to knock it for
that,
but I don't think
in its current iteration,
this is going to create a great
alternative for someone coming from
something like Proton, for example.
But yeah,
if you were going to try out some
or all of these services anyways,
especially because you can pick and
choose,
it's not like some bundles where you have
to register for everything and then you
might not even want to use some of
these things.
You know, it's not that serious.
So yeah,
I think it's a cool opportunity for them.
I always like to see privacy companies
work together on this sort of thing rather
than you know constantly compete with each
other especially in at times when it
doesn't make any sense to be competing
with each other at all um so so
yeah i think it's i think it's cool
yeah for sure um man you said one
last thing i wanted to touch on but
got away from me so all right yeah
I think I would just ask you,
maybe we didn't cover this.
Do you have any thoughts about like any
of these companies in particular?
How many of these have you used?
Because I know not all of these are
even recommended on our site, for example.
But I know they've been talked about a
lot on the forum.
Well, actually, real quick,
my thought just came back to me.
I was going to say,
you said this is kind of Windscribe just
like kind of bringing awareness of these
companies.
To their defense,
that can be used because, you know,
back when I was on Surveillance Reporter,
we took a sponsor and our first sponsor
was JMP Chat, the voiceover IP.
And I thought for sure that I was
like, oh, everybody knows JMP Chat.
And I was floored how many people left
comments like, oh,
I've never heard of this before.
This is really cool.
And I'm like,
Really?
And I don't mean that in a bad
way.
Like, really?
But I was like, really?
That many people have never heard of this.
So I'm sure even Windscribe probably has
tons of people that are like, oh,
I've never heard of Kaji.
I've never heard of Addy.
So...
But in answer to your question,
I use Entei.
I'm kind of in this weird space where
I'm like halfway between Entei and
Nextcloud,
and I'm not sure which one I want
to commit to, to be totally honest.
I like Nextcloud, but I'm debated.
The encryption in Nextcloud is still not
great,
so it's like I could have all my
photos end-to-end encrypted,
but then they don't integrate,
but then how much do I use the
integration?
So anyways...
I've used Addy IO in the past.
I've tinkered with Kaji a little bit.
I haven't really like used it personally.
I've used it to test it out,
but I've never used it in like my
day-to-day use to see how it would
integrate my workflow.
And I've looked into Notesnook.
One of these days,
I actually want to do a video about
privacy respecting alternatives to things
like Notion,
which Notion is already not terrible,
but there's so many open source,
like Obsidian, Notesnook.
There's one called AnyType, I think it is.
So yeah, Notesnook,
I looked into it a little bit as
a potential note alternative,
but I haven't actually used it myself.
How about you?
Do you have any experience with any of
these?
Um, yeah, I, I'm,
I'm also on the boat of maybe switching
to Entei.
Um,
but I haven't really like fully committed
to any of these photo backup platforms
myself yet.
Um,
otherwise I don't really use a lot of
these.
I do need to get better at, um,
note taking and maybe notes look would be
a good solution, but maybe that'll be my,
my new year's resolution this year and
I'll have to report back on what I
ended up doing.
Makes sense.
Yeah.
I've, I've been pretty happy with, um,
Addy, like all the ones I've used.
It's not like I didn't stop using them
for some, like, Oh,
they had this big problem, but, uh,
I don't know how many of them would
qualify to be listed on,
on privacy guides.
I know we have some really strict
standards, but for me, it was just,
I found other things that integrated with
my needs better or, you know,
my workflow or they were a little bit
cheaper or something, but.
Yeah, like I said before,
for better or for worse,
I'm kind of in the Proton ecosystem right
now.
And I'm thinking about changing it,
but I haven't yet.
So that's kind of where I'm at.
Fair enough.
I will admit I'm one of those people
that's constantly like,
I'll have a workflow that works.
Like let's say Nextcloud, right?
Let's say I'm all in on Nextcloud.
And then I'll have that moment where I'm
like,
but it's not really end-to-end encrypted.
So what if I did replace the notes
and then I go back to this system
where everything's like,
I've got my notes here and I've got
my photos here and I've got this here
and this here.
And then I'm like, yeah,
but I really miss next class.
I'm constantly trying different things and
going back and forth and it's awful.
I don't know why I'm like this.
All right.
Okay.
If that's all we have on that topic,
first of all,
I've been asked to let you guys know,
as a reminder,
that you can get this bottle on
shop.privacyguides.org.
Our next story,
we are going to talk about messaging a
little bit.
We're going to talk a little bit about
RCS and iMessage later,
but first we're going to talk about
Threema, which is an encrypted messenger.
It is not recommended by privacy guides.
I think historically,
I think they've added forward secrecy now,
but in the past they were missing it.
And I think there's a few,
maybe a few other shortcomings,
but it's not the worst messenger in my
opinion.
And yeah,
Well, for now,
it's not the worst messenger because they
have just been acquired by a venture
capital firm.
And this is called what is it?
I'm probably going to mispronounce this
comatose capital or comatose.
Maybe I'm not sure,
but I believe they are a German company.
I somebody mentioned in the the group chat
that this is actually not the first time
three months been acquired by a company
like this.
So
I think it was about five years ago.
They were acquired by another private
equity company.
So this is just a second private equity
acquisition,
but it has been kind of the case
for a while that they were owned by
this.
They weren't their own company.
Which on the one hand,
I could see that as an argument for
maybe this won't really affect the quality
of the product at all because they've
already kind of...
Although I don't want to take shots at
Threema because I think anybody who's
trying to make privacy and security...
is doing a good thing,
but I do have to be honest that
they are severely lacking on a lot of
basic features that other messengers
already have.
Um,
So yeah,
it's not the most feature rich platform
and it costs money for those who didn't
know.
It's five dollars one time for the
individual.
Like a lot of companies,
they have like an individual arm and they
have like a business to business arm.
I think the B to B one is
like a subscription.
But if you're just an individual user,
it's five bucks one time.
And that's a hard sell when I could
go download Signal, SimpleX, Session,
pretty much any of them.
So yeah, that's awesome.
It's already a hard sell to get people
to using it.
And like I said,
it is missing a few of the more
advanced securities features that we've
come to expect out of things like Signal,
like perfect forward secrecy.
But yeah, I mean...
I don't know.
Do you want to talk about why?
The price was always the thing that was
holding back Threema, I think,
from gaining widespread recognition or
recommendations in our community and on
our site.
I think even one of our criteria right
now, which are, of course,
always subject to change of people if the
community feels otherwise,
but I think we settled on we only
recommend free messengers because I think
while a lot of people...
in our community are willing to pay for
more private and more secure services with
something like a messenger or social
network or something along those lines it
really there there is a network effect and
the reality is you are going to want
to communicate with people who don't care
about privacy and security and aren't
going to pay for for a messenger like
this and so it was a very niche
um use case where where three would make
sense compared to something like signal
Or especially Simplex,
which doesn't even require a phone number.
But even in Signal's case,
I think most people have phone numbers and
most people expect that's a way to text
people on your phone.
And so slotting in Signal to replace those
messages makes a lot of sense for people.
It was definitely argued to me in the
past that Threema makes sense for people
who don't have phone numbers.
To acquire a phone number to use Signal,
for example,
probably costs more than the five dollars
that Threema costs.
You could argue that Threema is actually
cheaper than Signal from that perspective.
But I think the reality is most people
do have phone numbers and most people are
looking for free messengers.
And especially with the introduction of
completely free ones like SimpleX,
it was just challenging to recommend.
With a messenger specifically,
if we want to improve privacy in the
space overall,
we need to be promoting services that...
Everyone can use,
and you can get your entire network on
because that improves the baseline
security and privacy for everyone.
Whereas with Threema,
if it's only people who are willing to
pay for it,
you're only going to get people who
already care about privacy.
It's a bit like preaching to the choir,
I think.
I've never used Threema for this reason.
I think there's easier ways to reach me.
I think you've mentioned that you use
Threema in the past.
I don't know if you want to share
a bit about your experience with that.
Yeah, I mean,
I don't have much to share because I
haven't used it a lot.
I think I've only run into like one
or two other people who use it.
And honestly, even those people,
like after a couple months of chatting on
and off,
and they're not people I chat with every
day.
It's, you know,
people who are in the privacy community
who are basically like, oh, I have three,
I'll help you test it out.
And, you know, those semi articles like,
couple of times a month or something.
And,
and then after like four to six months,
they're just like, yeah,
I'm just gonna like go all in on
signal because that's where most of the
people I talk to are.
So I'm going to stop using this.
And, um, and like I said,
it's already missing so many things that,
you know, signal.
it has just like emoji reactions.
Like you're very limited to the emoji
reactions you can use on Threema.
I think they do have polls now,
but I think they're very limited polls.
It's just, I don't know.
It's just,
it's not as good of an experience.
And again, I hate to say that.
Cause I think, you know,
anybody who's trying to further privacy
and security, I think that's great,
but it's just,
it hasn't really been the best experience.
And going back to the payment thing,
I agree with you.
Like people are just so, and again,
I see the argument from both sides,
because on the one hand,
we shouldn't be conditioned to expect
things for free, right?
If it's free, you are the product,
which isn't totally true,
but it's a great shorthand.
And when we have so many free services,
nine out of ten times,
they're selling our data or they're doing
something like that,
something shady to monetize.
But on the other hand,
And it's good also that Threema has like
a business model, right?
Like you pay for the product the same
you would as anything else.
But at the same time,
that is such a hard sell to like
try and get, you know,
I always use my family as an example,
but to try and get my sister to
like, hey,
you should switch to Threema when,
you know, you have to pay for it.
It's missing a lot of features.
It's,
not the prettiest UI.
And this is coming from me.
I'm the kind of person that normally
doesn't even care what the UI looks like.
I have cubes right in front of me
right now, which is true.
So it's just a really hard sell,
unfortunately.
I agree with you though.
I think if I were to make the
shots,
I would tell Threema that they should make
their individual facing arm totally free
and they should just focus on monetizing
their business to business side
And that's how you should do their
business model.
You know,
there's like we see Telegram and now we
see Signal kind of venturing into
monetizing certain features of these
platforms where you can provide a very
good base service for free,
but then optional stuff,
especially for power users,
which are probably the core demographic of
what Threema is serving right now with
their five dollar pricing.
I think people will pay for those
features,
but they're not necessary for everyone.
And I think
for any messenger to take off your
experience,
I think really
validates the point I was making.
I think the background behind our criteria
that the messengers that we recommend on
our site have to be free basically comes
down to any of these paid messengers,
I don't really see them taking off as
more than a neat tool for a hobbyist
who's into security to mess around with.
But it's not going to get the kind
of mass appeal that you need from certain
products.
It's fine if
If, you know,
NT charges more than Google Photos,
for example,
because these aren't social platforms.
I can protect all of my data.
If other people aren't protecting their
data,
I think that's unfortunate and that should
be fixed.
So there's that,
but it's not going to affect me, right?
But with a messenger,
like the only thing I'm doing is
communicating with other people and they
might not care about security and privacy
as much as myself.
But I want to...
It benefits me when those types of people
can use these platforms and they simply
won't find pretty much any price worth it
for something that other companies can
provide for free.
So I would agree.
I would just hope for a different
monetization model.
I think there's there's room here.
I don't know if they'll do that.
Threema, like at this point,
they kind of seem a lot like Wire,
which used to be pretty widely recommended
in the privacy community, as you know.
But then they really pivoted after they
were acquired to be very business to
business focused.
And I can imagine Threema kind of
following that same direction where they
just focus on their business product and
kind of drop the consumer side of things.
Which would be a bit unfortunate,
but also I don't know how much three
month is currently adding to the landscape
at the moment,
so it is what it is,
I think there's a couple different
directions that they could go in and we'll
see if they do any of that or
if comment is capital.
is the type of private equity firm that
strips their acquisitions for parts and
completely shuts everything down.
You never know with these private equity
things.
That's usually what they do, yeah.
So yeah, if you're a Threema user,
I would be concerned by this acquisition.
But if you're not a Threema user,
which I would imagine a lot of people
are not,
I don't think there's going to be a
lot of impact in the privacy space from
this news.
Oh, gosh.
They own Petco.
Petco GmbH.
Okay.
Well,
that is not a good sign for Trio.
I would say, yeah.
GmbH, that's Germany, isn't it?
Or is that Switzerland?
I think GmbH is Germany.
I think there's a couple of different
countries in the EU that use that one.
Use that, yeah.
I couldn't tell you off the top of
my head.
Oh, nevermind.
They don't own them anymore.
They sold their majority stake in.
Okay.
Sorry.
I'm just poking around their website now.
Yeah.
Yeah.
Um,
I think I kind of came into the
privacy scene on the tail end of wire,
but I remember that too.
Wire used to be.
it used to be pretty solid.
It was,
it was much more polished than three
months and it was free and it didn't
require any, any private information,
but yeah,
they went all in on business to business.
I think maybe you can still download wire,
but they certainly don't make it easy.
And, um,
Yeah, it's unfortunate.
That was kind of the other big thing
I wanted to mention was, like you said,
venture capital firms â or private equity
firms, sorry.
Their whole â there's a podcast called
Stuff You Should Know that I love,
and late last year they did an episode
about private equity,
and it â
covered all of that.
Like that's usually,
that's their whole job basically is they
buy a company,
they make it run super efficient and by
efficient, we mean we fire everybody,
we triple the workload.
We, you know, it's, it's honestly,
it's like a corporate pump and dump scam.
I don't even know how they get away
with it,
but that's what a lot of them do.
So hopefully Threema can survive this.
Um, but I, I, I will say they've,
they've done a few really interesting
marketing stunts in the past that I think
have, uh,
done good things to raise awareness to
privacy.
Like
I still see sometimes they have a,
you can still access it actually.
They have a website where you can upload
a picture and it'll blur it and then
it'll put a banner on it that says
hashtag normalize privacy or regain
privacy.
That's what it is.
And that was part of an awareness campaign
they did a couple years ago.
And I think they also did something in
Europe where they rented an ice cream
truck.
I could be remembering the details of this
wrong,
but they rented an ice cream truck and
they were giving people free ice cream.
But in return,
you had to hand over personal data.
They would ask people for their phone
number or whatever and their date of
birth.
And it was funny watching people with the
ice cream cone and they're like, why?
No, no, here, have it back.
I don't know.
And they're like, yeah, exactly.
It's insane.
So why are we doing this with other
services?
So yeah, I do agree.
Overall,
they haven't really made a huge dent,
but I really appreciate the innovative
marketing stunts like that they used to
do.
I think those were super fun.
That is funny.
I didn't hear that story,
but I think we don't have to get
too much into this,
but it's really interesting how people
definitely treat the online space
differently than real life.
If people were asked for that on a
website,
no problem entering that information.
Your browser would probably autofill it
for you.
But when you ask this in real life,
people suddenly realize what's happening
here.
I don't know.
why people make that distinction in their
mind.
But that's a really funny way to kind
of realize that.
Yeah, really, really true.
Really quick before we move on to the
next story,
I'll address one comment that we got in
the YouTube chat here.
That was about this story before we move
on.
They asked about Jammy and if we've used
it.
That's not something that we've really
looked into too much on our website.
And I think...
like whenever i've looked into jammy in
the past that's more of like a video
conferencing service i know it has instant
messaging built in but i don't know how
usable it is in my mind it's sort
of like a a free software skype
alternative i think a lot of people um
will probably use something like signal
and either signal video calls or or jitsi
video calls instead of jammy that's
usually what i see recommended but if
Uh, if you have any additional questions,
do you want to share more about like
what you would use jammy for?
And if it makes sense for you,
I would encourage, um,
the user who asked this to, uh,
post on the forum about it and maybe
get some more, more opinions.
Yeah, I agree.
Not to spend too long on it,
but Jemmy is a name that I've seen
pop up from time to time repeatedly.
And I feel like it's hard because it's
not super popular.
I feel like for me as a not
very technical,
like I don't know any code,
I feel like it's really hard for me
to kind of get a good...
What's the word I'm looking for?
Get really good insight into how it
measures up to things like Signal or some
of these other alternatives.
So I would definitely like to know more
about it.
I'd like to know what is going on
under the hood that makes it better or
worse or what use case it's for.
I haven't found a lot of people using
it,
so I've never had a chance to really
test it myself.
But yeah, like I said,
it pops up from time to time.
So I would love to learn more about
it.
I just feel like I have a hard
time finding that information myself.
All right.
I believe...
Is it my turn to take the next
story or is it yours?
I can look at this.
Our next story is encrypted RCS.
Signs of that were spotted in the iOS
twenty six point three beta.
So the article that we have was actually
posted by Freya on our site as a
news brief reporting on a few different
sources.
Basically,
people have discovered in the iOS twenty
six point three beta some settings that
indicate carriers will be able to enable
end to end encryption for RCS messaging
and indicate that in iMessage.
So that's pretty exciting news for people
who have been following RCS support on iOS
for decades.
a while um because of course right now
it is all not encrypted and apple said
that they weren't committing to using the
same sort of encryption standard that
google is using right now in google
messages on android because it was
something that google developed on their
own instead of working with gsma to create
like a standardized encryption protocol
for all these platforms and services to
use but now um there is a new
standard it's called messaging layer
security or mls and that's
what RCS is going to be using in
the future.
And I guess that's what's being added to
iOS.
So the appearance of this stuff in the
iOS beta doesn't indicate that it's coming
in the iOS twenty six point three release
necessarily that could come with this code
still disabled, for example.
So we might not see encrypted RCS right
away,
but it is a sign that it is
actually coming at some point.
They're actively working on support for
it.
And I think that people who
are on iOS right now or who are
on Android and use Google Messages and
chat with people on iOS,
are going to be excited about this because
there's definitely a lot of benefit to
encrypting all of your messages.
RCS definitely is not the ideal messaging
platform for a lot of reasons.
There isn't a lot of production of your
metadata,
like who you're chatting with and that
sort of thing compared to something like
Signal, for example.
So we're still going to recommend a lot
of different,
more secure and more private messengers on
our site that we would recommend
you use.
But especially in the United States,
I don't know how much of how much
this is the case in other places.
I know a lot of other countries just
standardized on various messengers like
WhatsApp or whatever.
But texting is extremely common here.
And it's definitely used around the world.
And
It's easy for a lot of people,
and people just default to it.
And so improving, again,
kind of what I was talking about with
Threema earlier,
I think anything that improves the
baseline security of all of these people
who don't care about privacy and security
and who aren't seeking out private and
secure alternatives like Signal,
it's still a good thing.
It's a step in the right direction,
even though it's not the best you could
be doing.
A lot of people rely on this,
and it's going to benefit a lot of
people.
So hopefully...
This is a sign that this will come
in the final release sooner rather than
later.
But I guess time will tell when this
will actually come out.
So I don't have too much to add
to this, but just to clarify,
and you may or may not know this,
you said, and the article says here too,
that it's a carrier setting.
So does that mean the carriers would have
to choose to opt into this,
like Verizon and T-Mobile?
Most likely.
This is definitely the biggest bummer with
RCS.
RCS...
Right now,
it can be implemented in two ways,
you can kind of do everything yourself as
a carrier and add support for it and
interoperate with other carriers that are
using the universal profile,
but it is much like texting it's a
carrier based platform or.
The other thing you can do with our
CS which a lot of carriers do I
don't remember which ones in the US do
this,
but I think there's a list on Wikipedia
or somewhere that I could find,
but a lot of carriers.
don't run RCS and they purchase a service
from Google that does it for them.
And so the reality behind RCS right now
is that Google is actually running all of
the service behind it for I think the
majority of people,
but if not the majority,
definitely a lot of them.
And so it's basically just a centralized
Google Messenger right now that your
carrier is kind of promoting on your
phones.
So obviously, from a metadata perspective,
that gives Google a lot of data,
but also it is, yeah,
there's a lot of middlemen involved here.
It's not just like an over-the-top service
that these tech companies are working on
together.
It's integrating with the traditional
carrier platform.
And whether you're going to Google servers
or whether you're going to the carrier
servers,
that is something that the carrier has to
set up on their end, which is...
Yeah, I agree with your reaction.
A bummer.
Yeah.
Cause I,
I feel like it's going to be a
challenge to get carriers to go ahead and
roll this out.
Like,
I feel like if Apple did it or
even Google,
if they did it at the phone level,
it would just, they would do it,
but I feel like carriers have very little
incentive and.
Kind of going back to what you said
earlier at the beginning when you were
covering this,
I agree with you that we look at
something like iMessage and people who do
not care about privacy or security,
who use the I have nothing to hide
argument liberally,
these are the same people who are using
iMessage.
And they're getting end-to-end encryption
just talking to each other without even
knowing what it is or knowing that it's
enabled.
And so, yeah,
it would be really cool if RCS could
roll out
to the general public and be available for
everyone cross-platform.
But I guess the only thing I could
see maybe as incentive for the carriers is
I know that RCS also comes with a
lot of those quality of life features that
iMessage is known for,
like bigger attachments and reacting to
messages and stuff.
So maybe we'll get lucky and maybe
carriers will roll it out because of the
features and the privacy and the security
will just be an added bonus.
But
yeah um yeah at the moment i do
think there's a lot of pressure and i
think apple adding rcs better rcs support
is going to add even more pressure for
these carriers to support it because like
it i'm in one group chat with some
family members on rcs right now and it's
very nice to be able to see like
read receipts and and like
typing indicators and all the normal group
stuff that you don't get on SMS because
SMS is a terrible platform.
And so there have been some improvements
there.
And I think people will realize that,
especially if they're in chats with RCS
users,
and they will eventually demand carriers
do it,
especially in the US where like texting is
so common.
I don't know how it'll be
in places where people don't use SMS in
the first place.
Maybe there's less incentive to use RCS,
but I think at least for a good
amount of people,
there is pressure to support it,
which is all right.
Like I said, it's not my favorite,
but it increases the baseline,
especially if this gets included.
So I'm hopeful that we'll see wide
adoption.
Yeah, same here.
Um, I think actually I'm going to,
I'm going to keep on the Google and
Apple thing and I'm going to go to,
we have a story here about Google Gemini
is going to power Apple's AI features such
as Siri.
And yeah, so, oh man,
this is kind of a confusing story for
me because,
so Apple's been trying to roll out their
Apple Intelligence,
clever little bit of marketing there,
which is just on-device AI.
And-
Man,
I know we've talked about AI so much
already tonight, but again,
on the user end,
from what I've been understanding,
it seems relatively private.
A lot of it is going to be
done on device.
And I think Apple actually has a very
similar architecture to confer.
Jonah can definitely correct me if I'm
wrong,
but I think they have a very similar
architecture where they try to run
everything in these trusted modules and
they try really hard to make it as
private as possible.
And Apple has been running into a lot
of delays rolling out their Apple
intelligence thing.
And,
One of the few things I don't like
about TechCrunch is they're very sparse on
technical details here.
But basically,
they say that Apple and Google have signed
a deal where Google's Gemini is going to
power at least some of the AI features.
And the headline specifically says,
like Siri, for example.
This is not an exclusive deal,
according to this article.
So Apple may...
Um,
potentially this is me speculating Apple
might tap, uh, you know,
like Claude for something else or,
you know, whatever chat GP,
I think originally they did contract with
chat GPT.
So yeah, it's again,
it's very sparse on technical details as
far as privacy stuff goes.
It just says here in the article that,
uh,
Apple has focused on privacy with its AI
rollout with much of the process happening
on processing happening on device or
through tightly controlled infrastructure.
Apple says it will maintain these privacy
standards through its partnership with
Google.
That's kind of all they said.
So, yeah.
I don't know.
What do you think about this?
There's a lot going on here.
Okay.
So, yeah,
I know Apple says that they are going
to maintain their privacy standards.
which to their credit the things that
apple have has been working on lately to
my knowledge they were kind of the first
to go in this private compute direction
that um confer the ai company we just
talked about earlier in the show and that
maple ai and that other people are doing
i think google was i mean i think
apple was kind of the first to create
this and they kind of have a
big advantage compared to their
competitors in the sense that they can
build their own hardware and CPUs to make
the security more robust rather than just
relying on these off the shelf solutions
from Intel and AMD or Nvidia, for example.
Something I want more clarity about when
it comes to how this will work is
like what exactly Google's involvement is.
I saw a lot of rumors that this
would happen leading up to this
announcement where people were basically
saying that Apple and Google came to
an agreement where like Apple would get
access to Gemini's models basically and
they could create their own models based
on that or add additional training data or
whatever and they could run everything
themselves on these private compute
servers that they have.
So it isn't like the current
implementation that Apple has right now
with ChatGPT where Siri will sometimes
offload your request to ChatGPT and just
send it over.
In theory,
if Apple is running all of this and
keeping it on their cloud and they're just
using these models that Google has created
and that's what their partnership is,
Keeping everything in one ecosystem and
not giving more data to Google, I think,
is an improvement for sure.
But all of this private AI stuff,
no matter how it's implemented,
has all of the problems that we talked
about earlier on in the show and the
problems with AI in general.
And I don't think that Apple's private
compute is going to be at a level
of privacy...
and security that I would be comfortable
with using for anything serious if I was
going to use AI at all.
And that's unfortunate because I think
that Apple is kind of doing the best
you really technically can do from the
security perspective if you want to get
back into the technical specifics of how
AI works.
But the best that's possible right now
with our current technology isn't
good enough in my opinion for people who
are serious about their privacy and
security and, um, any of this cloud stuff,
like I think it sets a very dangerous,
um,
path that we are going on with technology.
Because it seems like all of these tech
companies like Apple and especially like
ChatGPT or Google,
what they're trying to do is offload as
much as possible to the cloud.
And in doing so,
they're making normal hardware for people
more expensive.
We talked about this a few episodes ago,
and I know there was a news brief
about the RAM pricing,
which is
crazy right now because all of these data
centers are buying it up.
And what's really happening is people are
being priced out of the market where you
can own your local compute.
And that's a trend.
I was sharing this, I think,
in one of the group chats we have,
but it's a trend that we really see
in society at large for many years.
People were
priced out of the housing market.
I know that's a hot topic,
especially all around the world right now.
People are being priced out of even the
car market.
So many more people are leasing before or
people are just relying on things like
Uber or Lyft.
I know Tesla really wants to do this
with their robo taxis where people won't
own cars generally.
They will just rely on other people who
own cars to taxi them around.
I think that that is the direction that
tech companies want
everything to go in because they can
control all of it and they can create
this subscription model that you have to
pay for and local compute is kind of
going away and I think that's very scary
and dangerous because we're really they're
really forcing everyone in this position
where everyone's going to be locked in as
rent seekers on all of these platforms and
won't have any agency over
Over anything anything that's doing
computers all of these computers are just
going to be thin clients for the cloud,
which is extremely unfortunate it's not a
direction that I think people should
should tolerate.
And I guess i'm having a camera issue,
but whatever hopefully you can see me but
yeah that's my.
Concern with with all of this.
Yeah, no, I, I agree with you.
Cause even it's, it's this whole,
like everything on the cloud is even from
a practical perspective,
like I swear I'd have to go find
it,
but I swear I read a story several
years ago about somebody who rented a car
and they were in like Arizona.
And they couldn't start the car because
the car couldn't get cell signal to call
home and do whatever stupid checks it had
to do to like verify that they could
start the car.
And just things like that are just so
it's, it's a practical perspective.
You know,
what happens when the power goes out?
You know,
that's a very common scenario we've all
been in what happens i mean i guess
when the power's out you're not really
using computers but you know what i mean
or even your phone yeah what happens when
the power goes out and now the grid
is overloaded with everybody texting and
everybody checking twitter to be like oh
what's happening does anybody know why the
power is out and you can't do anything
because you have like you can't make that
connection to the the server for whatever
license you're supposed to have and it's
just it seems like such a
like I get it on the one hand,
right?
Like I love the cloud in the sense
of like, I, you know,
if my computer crashes,
I have a copy of my data or,
you know,
to not have to destroy my own CPU
doing this.
God,
I wish I could render videos in the
cloud and not have to destroy my GPU
to do it.
But, you know,
it comes with practical drawbacks of just
that, that,
resilience, you know,
what happens when AWS knocks out a third
of the internet traffic or cloud flare,
whoever.
And it's just, yeah.
I mean,
I feel like I've seen that multiple times
just in the last several months of like
some major outage and all my friends in
discord are just like, well,
I guess I'm just gonna like, you know,
take an extended lunch today or something.
Cause I can't do anything.
Cause the cloud's out.
My whole job is on the cloud and
Yeah,
it seems so very short-sighted in the name
of profits,
which I know is so hard to believe
that tech companies would do that.
But yeah, I don't like it either.
It's horrible.
I don't have much else to add to
that one.
Yeah, I think...
That's kind of all I have to say.
We did have one more discussion question
for that topic about did Google win kind
of this AI thing despite being ruled
against making anti-competitive deals in
court?
It's a really interesting case, I think,
this one.
And again,
I want to see more about this because
you know,
if Google is actually like controlling all
of the stuff that Apple is doing behind
the scenes, that would be very concerning,
especially from an antitrust standpoint.
But if it is a deal where Apple
just kind of building on their work,
but they're doing it themselves,
that's pretty typical of Apple across
their software and their hardware.
I mean,
most of like Apple's advances in hardware
come from like Samsung making better
screens and that sort of thing.
And if it's a situation like that with
Google,
It's probably not a huge anti-competitive
concern,
but if Gemini branding is going to be
prominently featured and stuff,
and Gemini is kind of buying their way
into being the AI company that people
think about, yeah,
it is a weird situation for Google to
be in.
So definitely something I hope antitrust
people keep an eye on,
but I don't think they have much teeth
at the moment against these big tech
companies.
Sadly true.
Just to add on to that,
I don't know much about a Google AI
antitrust lawsuit,
but it says here in the TechCrunch article
that Google and Apple specifically have
faced lawsuits.
In August,
a federal judge ruled that Google acted
illegally to maintain monopoly in online
search by paying companies like Apple to
present its search engine as the default.
So I don't know.
Yeah, this could...
Hmm.
I don't know.
Yeah.
I guess now that I think about it,
I could see a scenario like Europe saying,
Hey,
you have to offer other models or
something.
But like you said,
that may only be the case if Google
is maintaining everything.
If like you said, if Google's just like,
okay, here's a copy of our model,
go host it on your server and do
whatever, then I don't know.
I mean,
I would still argue that's Apple being
monopoly,
but governments seem to be a little bit
easier on that.
Yeah.
I mean, and it still has, um,
troubling implications, I think,
for the AI industry.
Because whoever trains these models,
they have a lot of control over what
the AI does.
And so they can definitely shift things to
show up in certain ways or prioritize
certain responses.
I don't know what these AI companies could
do,
but it does give Google a lot of
power either way.
Agreed.
All right.
Let's see.
I think this is our...
We have another news story before we move
on to forum updates here.
But this is from Ars Technica.
Never before seen Linux malware is far
more advanced than typical.
Void link includes an unusually broad and
advanced array of capabilities.
So basically this article from Ars
Tactica,
it kind of dives into this new Linux
malware that can infect Linux machines and
it has a lot of advanced capabilities that
attackers can use to perform various
things on your computer.
I feel like we've talked a bit about
malware on Linux in the past.
I think this is a trend that's only
going to continue,
especially as more people adopt Linux.
The reality is all of these malware
targets or malware developers are going to
target the platforms that most people use.
And so if we see more people adopt
something like the Steam Deck or more
people adopt Linux on desktop because
gaming is getting better or because they
want to escape...
all of the copilot nonsense in Microsoft
Windows or for whatever reason,
we will see Linux become more and more
of a target
just inherently, I think.
And so we're going to probably see more
articles like this.
But it does demonstrate what I think a
lot of people in the privacy and
especially the security community have
been saying about Linux and desktop Linux,
especially for a while,
which is that I think Linux does have
a good ways to go as far as
defending itself against
malware like this i think linux has for
a very long time greatly benefited from
not having a very big market share on
desktop people will always say you know
linux has very high usage on the server
and so therefore there should be more
malware for it based on that but that
isn't true because the desktop ecosystem
is just a very different um
threat landscape,
you're running so many different
applications,
you're running like web browsers,
especially that's downloading arbitrary
code from the internet,
anything that you're just doing, random,
whatever desktop things on is going to
have a much
larger attack service than something like
a Linux server.
If I set up a Linux server,
it's only going to do whatever I install.
And so the attack surface is very small,
and that's why you haven't seen a lot
of malware targeting these Linux servers.
But yeah, this is...
I think that's basically my only point.
I think this is a trend that we'll
continue to see.
So I hope that Linux distro developers and
the Linux kernel product take security a
bit more seriously because there are
security features that we see on
mainstream big tech platforms like Mac OS
and Windows that Linux still could benefit
from.
And it hasn't seen much of a focus
yet, unfortunately.
Did you have any takeaways from this
article when you read through it that I
didn't cover, Nate?
Well, kind of to add to that,
because I think your takeaway is spot on,
like Linux needs better security.
I don't think there's a lot of people
that would argue that,
that know what they're talking about.
But no, it's interestingly,
this kind of plays into what we were
talking about right before we transitioned
to this story, because it says that...
This particular malware is actually aimed
at servers.
It's specifically aimed at virtual
machines and stuff,
and it can detect popular hosting
providers like AWS, Azure, Tencent,
and they say that there's indications the
developers are gonna add detection for
Huawei, DigitalOcean,
And it's very modular.
So that's kind of been one of Linux's
saving graces, I guess you could say,
is because, you know,
when you buy a Mac,
you're buying the entire device, right?
And like when you're buying Windows,
you're generally buying,
it's a little bit mix and match,
but generally there's, you know,
a handful of people make the chips and
a handful of people make, you know,
the RAM and all that, even less now.
But it's, you know,
Linux machines are so varied in their
hardware and their capabilities and what
they're designed for,
like you were saying.
And
So this one is very modular,
and it can do all kinds of different
things depending on what type of machine
it's on and what,
if I'm reading this right,
and what the attacker needs it to do,
which is really interesting.
And kind of just to back up what
you were saying about we're going to see
more of this, the article says, like,
similar things have targeted Windows
servers for years,
but they're less common on Linux.
And, you know, like I said,
this goes back to everything.
This goes back to Linux needs better
security.
This goes back to...
Was I saying resilience?
Because if the VM that's hosting my app
goes down, can I use the app?
Oh, man.
This was a good story to end on,
I think,
because so many things come together.
And yeah,
is it going to take down AI data
centers now?
How are people going to live without their
AI chatbot telling them what kind of
coffee they want?
So yeah, I think they'll survive.
Oh, I don't know, man.
But, but I, I can't pick between the,
the, the hot coffee and the cold brew.
I don't know.
I got nothing, but yeah, it's,
it's really, and I agree.
I agree with you a hundred percent on
your takeaway that we do.
I,
I always hate telling developers what to
do because I'm not a code person and
I would love to know code.
I'm trying to learn code for the record.
That's one of my goals this year is
to learn at least Python.
I feel like that's a good foundation to
start with.
And I feel bad saying like, oh,
you should go do this thing when I
can't really contribute to that.
But it's, you know,
privacy and security are, you know,
Kerry Parker from Firewall's Don't Stop
Dragons,
he likes to say that privacy is a
team sport.
And like you were saying with the
messengers,
and when we do things that raise the
default level of privacy and security,
it, it raises everyone with it.
What's the phrase?
Like a rising tide lifts all boats.
And so it's,
it's not me trying to sound entitled and
be like, well,
these developers need to do what I want.
It's like, no,
like if we put more emphasis into
security, everyone benefits by default.
And,
Yeah,
clearly the article backs up what you were
saying about we're just going to see more
of this,
whether it's on the server side or the
desktop side.
Yeah,
my wife now has two Linux devices because
she now has a Steam Deck and a
Pop!
OS machine, which, quick side note,
when she got the Steam Deck,
I took great joy in telling her,
now you can tell people I use Arch,
by the way.
So I had to make the joke.
Yay!
I feel accomplished tonight.
Yeah, that's all I got.
Just kind of backing up what you were
saying.
Let's move on to some form threads that
have been popular this week.
I think one that has gotten a lot
of discussion over the past few days was
about Mailbox,
which is recommended on our site as an
email provider.
There's this thread on the Mailbox form,
basically,
that was also linked on our form for
further discussion,
talking about
um some issues that people are having with
guard and mailbox if if you're unfamiliar
or haven't checked their website in a
while mailbox recently um
went through a whole refresh.
It seems like they redesigned their whole
website.
They refreshed all of their apps.
And it seems like they might have changed
development.
And so unfortunately,
this isn't something I would say that
we've gotten a great chance to take a
longer look at.
but um i would ask anyone who like
uses mailbox right now if you have any
experiences with things changing or um
potential problems with this new version
definitely let us know in this forum
thread because um it's something that we
want to keep an eye on i know
we have a couple team members um who
do use mailbox i don't personally but um
we
we're gonna have them look into some of
these things and hopefully find out more
about what's going on but yeah it's
according to these the users on these
forums um there's potential security
issues it seems like with um with guard
which is their um tool that basically
encrypts all of your messages pgp so it's
important um and i guess it's uh
leaving behind traces,
even after you log out on a machine,
that seems to be the main gist of
the issue.
So again,
that's something that we'll want to
validate,
but it's something you might want to be
aware of if you are a mailbox user.
And hopefully we'll have more information
to share on that soon.
I think that kind of covers it.
Did you see any comments in this thread
that you wanted to cover?
No,
I just wanted to back up what you
said about if anybody is a Mailbox user
who can kind of shed some light.
Because it very quickly devolved.
I don't want to say devolved.
That's not the right word.
It very quickly turned into people
discussing Proton and Tudor and some of
the features they offer.
Because a lot of people were like, oh,
I use Mailbox because it has this feature.
And people were like, well,
Proton offers that.
And they say, oh,
but I don't like that it doesn't do
this.
And they say, well, Tudor does that.
You know, which is fine.
It's totally fine.
But it kind of...
As an outsider coming in who's never used
Mailbox,
I'm kind of looking at this and I'm
like, so what is the issue?
Like,
I actually asked Jonah that before we
started recording.
I was like, what is Guard?
What is going on?
But yeah, and it's also interesting.
It's not necessarily related,
but we did kind of note that Mailbox.org
appears to have really facelifted their
website.
So...
Which it looks great, for the record.
Looks super modern, super slick,
very awesome.
But it does seem that they've done a
lot of things,
both on the user end and behind the
scenes.
And yeah,
I think we're just trying to get a
better idea of exactly what's going on
here.
And if there is anything to be concerned
about,
we definitely want to make sure mailbox
users know.
We want to make sure that we know,
so we can see if there's any concerns
that affect our recommendations,
all that kind of stuff.
Yeah,
all of those mailbox changes are
relatively recent,
so it sounds like they're more extensive
than I had thought when they first
announced that.
For sure.
All right.
Did we have any other forum threads you
wanted to discuss,
or should we turn it over to questions?
I don't think so.
I think we can look through the chat
and see if anyone had any questions for
us this week and the forum thread as
well.
Let me get it pulled up.
But if you have any,
you want to highlight right off the bat,
definitely get started.
Let's see.
I'm looking through the forum thread right
now.
You,
I don't know if we do have any
answers to this.
One of our members bits on a,
Bits on Data Dev says,
referring to the headline story,
the confer AI, he says,
where do the trusted execution
environments run?
They'd be more trusted if I knew where
these were and how they're insulated from
the surrounding environment.
For now,
I can't seem to find much info on
it.
It's Marlin Spike,
so I feel pretty sure I can play
with this for fun,
but I'm not about to have a therapy
session with it anytime soon,
though that should never be the use case
for AI in an ideal world.
Thank you for getting one step ahead of
me there.
Yeah, I don't.
Unfortunately, correct me if I'm wrong,
but I think a lot of what we
know either comes from like that article.
I don't know if Moxie's done any direct
interviews yet,
but there's reputable sources like Ars
Technica, for example.
But there's also,
I think I mentioned it at the top,
but I may have accidentally stumbled over
myself and rushed through it.
If you go to confer.to,
which is their website,
and I think right at the beginning,
it prompts you to log in.
There is no like free tier for this
thing.
But it says on that login page,
it's like, oh, click here to learn more.
And he has three blog posts.
I do remember now, I did say this,
where he digs in a little bit more
to the details.
I don't know if he gives you that
level of detail that you're looking for,
but if you have any more technical
questions, I would start there for sure,
because that blog post gets very
technical.
Yeah,
that's probably a good place to look.
I haven't seen where Confer is hosted
specifically,
if you're talking about the hosting
provider side of things.
Typically...
Like I know with Maple AI, for example,
they run on Amazon Web Services and Amazon
is selling a service right now to people
who run this sort of product where you
can rent access on these trusted execution
environments that are hardware validated.
And I know Intel and AMD have this
Intel...
Notably,
Signal has been using Trusted Execution
Environments for things like contact
discovery and other features if you've
seen any of their integrations with
Intel's platform on their blog.
So that's the sort of thing that this
is like.
The trusted executed environments, yeah,
they're running on various providers,
and it's mainly relying on the hardware to
isolate that environment from the rest of
the stack.
However,
and I know that we talked about this,
because I remember talking about this in a
previous episode.
Maybe we can find that and link it
after, but I...
problem with all of these things is that
like they aren't fully validated yet and
protecting against physical access like i
said earlier is not something that they
were designed to protect against in the
first place now they're kind of being used
for that purpose maybe we'll see
improvements
to that end i don't know but like
at the end of the day vulnerabilities um
in these platforms have been found before
one was found very recently because we
talked about it on this show and other
ones have been found in the past and
very often um but not always but very
often
They do rely on some sort of physical
access,
but it just kind of shows that like
these aren't the best protections against
people who have physical access to the
machines.
You can't fully rely on them for that.
And the only thing that they can really
do is kind of isolate the code that's
running and also
in theory,
validate the code that's being run.
But the code that's being run could be
anything.
It could be code that's spying on you,
for example.
And if that's running in the TEE and
you don't know it,
what protection is it really giving you?
None at all.
And so I think in this case,
like with Confer,
I believe everything should be open source
so people can audit this.
But are people auditing the code that's
being run in these trusted execution
environments across the board?
I don't really know if that's the case.
I don't know.
What Confer has done about that,
but I don't think that's happening with a
lot of these other companies who are doing
similar things to Confer.
Totally agree.
But a quick note,
I don't know if you remember in the
or if you saw in the original article
about Confer,
the Ars Technica one we spoke about at
the top.
Towards the bottom,
it talks about how he's actually offering
remote attestation.
or I don't know how to pronounce that
word,
but how you can remotely verify that the
code is running on the server,
that it has not been tampered with and
that there is no additional code.
Um, I,
I don't know to my non-technical brain,
that sounds like a big claim.
So I don't know anything about that,
but I'm just saying they did say that's
a thing at least with confer.
Yeah.
And, and we see this with other, um,
Similar platforms as well.
I just keep bringing up Maple because it's
the only one that we've...
talked about on the forum a bit,
but they have cryptographic proofs that
they publish on their website as well,
where you can ensure that you're talking
with their secure servers.
But what does that tell you about the
code that's actually being run on it
itself?
That is unclear.
And that's the main thing that I would
caution people against.
Just because you know that you're
interacting with a trusted piece of code
doesn't mean that the code is trustworthy.
It really depends.
like, they don't even have to be like,
confer doesn't have to be malicious to
have bugs in their code.
There's buggy code all the time.
And so it's not a guarantee by any
means that there's no way to get your
data out of this.
And yeah,
that's the kind of thing that I would
be very concerned about.
I don't really know how what you're
describing would, um,
work in like a web-based client like
Confer because then we get into another
issue where we talk about this on our
website with end-to-end encrypted web
applications like Proton where Proton
could in theory send you a totally
different version of the website that like
runs JavaScript that decrypts your data,
for example,
and they could do it surreptitiously where
it would be very difficult to detect that
they're doing it.
I mean,
unless you're like going through the
inspect element source code and you're
looking at all the JavaScript and you're
seeing if it's different and then you just
have to assume
they're targeting you and they didn't just
push out an update.
Like that's the kind of thing that's very
hard to detect.
And I don't think Confer can really do
anything about that without a native
client.
I think going back to Apple's AI
implementation,
if we want to talk about the security,
their private compute,
be a bit better against this because they
can run code on in your operating system
like on ios that validates the servers
that they can't i mean if they implement
this properly apple everything is
proprietary so who knows what they're
doing you can't you can't really trust
these platforms either but i'm just saying
in theory running a native client there
could be some validation involved but with
something like a web app like confer
If they change the server,
they want to redirect you to a malicious
server,
they can just give you a different version
of the website that connects to this
malicious server and says, yep,
the server's verified.
It's all good.
And how would you know otherwise?
I don't think that would be very easy
for most people to detect.
So yeah, all of this private AI stuff,
if it's running in the cloud...
and not locally,
I wouldn't really trust it.
And that is the main reason that on
our website,
we do have some AI recommendations.
But if you're going to use AI at
all,
we only recommend local AI models at this
time because it's really the only way to
ensure that your data that you're
inputting into it isn't going to be
monitored or logged by other parties.
That's just the reality of the situation
at the moment.
Fair enough.
Here's another question about Confer from
the forum.
Do you think Confer's way of doing AI
is something other AI products will follow
suit,
and how difficult would it be for existing
AI products to migrate that?
I would say...
I think that it's likely that other AI
products will do this.
It does seem like NVIDIA is putting more
resources into this trusted execution
environment from what I've seen in their
GPUs for AI data centers to use.
Again,
like I said a few times on this
show already,
what Conferred is doing isn't super new.
We've seen it from other companies like
Maple and like Apple.
I think confer could be doing a better
job.
They probably have more security minded
people behind it.
I don't know.
I haven't looked too much into it,
but like it's, it's,
it's something that has been done before.
It's something that I think we'll probably
continue to see happening.
Um, and as far as I know,
there isn't much stopping AI companies
from, from implementing this in hardware,
especially as the hardware supports this
and gets better.
Um,
So I don't know why most companies like
ChatGPT or OpenAI would be incentivized to
do this.
It seems like they're perfectly happy to
just have all of your data.
So I don't know if it will happen,
but it definitely could happen for sure.
Yeah, I agree.
It's the incentive thing for me.
I'm sure, as you noted,
there's already other companies trying to
do this and trying to create those private
alternatives,
but
As far as the ones that are around,
the OpenAI, Anthropic,
I don't see what their incentive would be
to do it.
We did have one more quick thing in
the forum.
It's actually a shout out from,
we have a pretty active member who goes
by Nombre Falso.
And he said,
there's an age verification bill making
its way through Florida.
SB four, eight,
two would require you to verify your
identity to use an AI chat bot.
But he makes a pretty good point that
with AI getting so integrated into things
like Gemini, for example,
where Google's rolling it out to every
part of their product system,
does that mean that eventually they can
make the argument that you have to verify
your identity to use Gmail?
So pretty concerning stuff.
And if you're,
In Florida,
definitely go check out that link in the
forum and learn more about it.
I only have access to the YouTube chat.
I'm not sure if we've missed anything in
some of the other chats,
because I know we're live streaming to a
few different platforms right now.
I don't believe we have.
So I guess we can do kind of
a last call for any questions if people
are still wondering about anything.
Otherwise...
It looks like we've gotten through
everything on the forum.
Yeah.
I'm not seeing anything in the YouTube
chat that we haven't already addressed.
There's the question about Jami.
We did have a new member sign up
tonight.
What is that?
Oh, man.
I don't know if I can pronounce this
because I think this is a Greek name.
Ionis Karopoulos.
But they became a member on YouTube
tonight,
I think at the beginning of the stream.
And I think we missed that.
So thank you so much for signing up
and supporting Privacy Guides and our
mission.
Really appreciate it.
We got another question in the chat from
unredacted.
Any update on the bad internet bills that
we had talked about?
As far as I know,
it's been pretty slow over the holidays.
I haven't seen any new news,
but they are continuing to advance.
I haven't seen any good news in that
direction either.
And I don't think...
No news is good news in this case.
I think no news means that they're working
on things behind the scenes to continue
pushing it through.
So yeah,
when we see more updates on that,
we'll definitely be sharing on our social
media and keeping people up to date.
But I don't know.
It's hard to keep track of all of
the many vacations that Congress feels
welcome to take away from their jobs.
And so I don't know if they're actually
doing anything right now over in
Washington or if they're just kind of
lounging around for the winter.
So that could have something to do with
it.
Yeah.
But yeah, if there's updates,
I'll let you know.
Yeah,
it looks like Congress reconvened on
January fifth, if I'm reading this right,
the subcommittee markup of six bills.
It says that's the Committee on Energy and
Commerce,
which I think is what a lot of
these bills fell under,
if I remember correctly.
Yeah, they met up yesterday, actually.
And next meeting was scheduled today at
three.
So three p.m.
So, I mean, theoretically,
if anything happened,
hopefully we should hear about it any day
now.
It could be ongoing right now.
Maybe that's the update.
You know, that's true.
For all the hate that politicians
rightfully get,
they usually do work pretty late when they
have these meetings.
So, yeah,
they might be talking about it as we
speak.
Everybody, uh, focus real,
real hard and we're going to send them
a message to tell them to stop being
stupid.
Please.
Yeah.
Jokes aside.
Um, yeah.
Underdacted said, thanks.
Hard to keep track these days.
Yeah.
Trust me.
You're telling me there's so much to keep
track of and, uh, but all righty.
Well,
I think that kind of wraps everything up
then Nate,
do you want to take the outro here?
Sure.
I can do that.
So all the updates from this week will
be shared on the blog.
So if you are not signed up yet
for the newsletter, go ahead and do that.
Or you can of course,
subscribe with your favorite RSS reader.
For people who prefer audio,
we also offer a podcast available on all
platforms and RSS,
and this video will also be synced to
PeerTube.
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you wanna support our mission,
then you can make a donation on our
website, privacyguides.org.
make a donation click the red heart icon
located in the top right corner of the
page you can contribute using standard
fiat currency via debit or credit card or
you can donate anonymously using monero or
your favorite cryptocurrency becoming a
paid member unlocks exclusive perks like
early access to video content priority
during the live stream q a you'll also
get a cool badge on your profile in
the privacy guides forum and the warm
fuzzy feeling of supporting independent
media so thank you guys so much for
watching and we'll see you next week
thanks everyone
