Google's Smart Glasses Are A Privacy Disaster
Google's creepy smart glasses are coming
this fall.
The FBI wants to buy nationwide access to
license plate readers and researchers
wanted preschool teachers to wear cameras
to train AI.
More of this coming up soon on This
Week in Privacy, fifty four.
Welcome back to This Week in Privacy.
This is our weekly series where we discuss
the latest updates with what we're working
on,
what's going on within the Privacy Guides
community,
and this week's top stories that we've
seen in data privacy and cybersecurity.
I'm Jonah,
and with me this week is Jordan.
How are you doing, Jordan?
I'm doing great.
Looking forward to jumping into some
topics with you here this week.
Sweet.
Well, why don't we move on?
With that said,
we can start out with some of the
news here.
Why don't you kick us off with our
first story?
Yeah, definitely.
So this is kind of a...
An update to an existing story, I guess,
because if you don't remember,
probably like I'm going to feel like ten
years ago,
Google already tried making smart glasses
with Google Glass and it kind of flopped
pretty,
pretty terribly for obvious reasons,
I guess.
But
Here's kind of what's happening.
So this is the Google blog post here.
Intelligent eyewear is coming this fall.
We're revealing new frames from Gentle
Monster and Warby Parker,
plus features that let you get directions,
send text, snap photos, and more.
I'm not going to read too much into
this press release because a lot of things
when it comes to AI products and...
creepy technology like this that i'm not
sure who asked for this um this is
kind of a lot of marketing stuff here
um i think the most important part to
talk about with this is this is kind
of uh
a terrible trend because we already saw
this with Meta.
They released their Meta Ray Bans and Meta
Glasses.
And that was kind of, unfortunately,
it was kind of a success.
And, you know, maybe you're thinking, oh,
this doesn't really sound that bad.
Like, is this really an issue, right?
And I think the most important part about
this to think about is these products have
cameras on them.
They are also owned by two of the
largest advertising companies in the
world, Meta and Google.
They collect probably the most amount of
data in the entire world,
probably the largest two data collectors
ever.
And you're strapping a camera to your
face.
Now,
I know most people in our audience are
probably like, yeah,
I'm never doing that in my entire life.
I'm never strapping a camera from Meta or
Google to my face.
But that's not the problem.
The problem is that this is going to
be other people strapping a camera to
their face.
And especially in public,
this is going to be a pretty big
issue.
And I also think this is another kind
of awful move where these Ray-Ban meta
glasses weren't originally planning to be
part of like this whole, you know,
AI ecosystem, but now we're seeing with,
you know, these new changes,
these new glasses that meta and Google are
releasing.
they're integrating these AI features into
these glasses.
And they're basically like wholesale,
like sending and collecting information
and sending it to these AI models.
And I do want to talk about this
a little bit afterwards,
but I kind of want to throw it
over to Jonah a little bit.
Like,
how are you feeling about this
announcement?
Do you have any thoughts?
Yeah,
my initial thought was definitely kind of
along the lines of what you just said.
I think it's very unfortunate that Google
didn't learn their lesson from Google
Glass.
I think it was pretty clear at that
time that this sort of thing was
unacceptable.
But now, yeah,
it's just become so normalized by I think
the first mainstream one was those
Snapchat glasses,
but especially the meta glasses.
I think people are wearing those out in
the wild.
run into like Instagram stories and things
like that from regular people like they've
kind of gotten mass adoption and they've
really figured out that they need to
market it as like this fashion item this
partnership with these existing glasses
companies and that is really how this is
taken over which is just very unfortunate
um
Yeah,
it's a shame that we went in this
direction because I think I've said this
on the show before,
but definitely in some various threads,
I'm not totally opposed to the idea of
smart glasses in general.
I wear a smart watch myself and something
like a heads up display in your glasses
would be super convenient,
especially at the time where I used to
wear glasses all the time,
which
i don't anymore so maybe it'd be less
convenient now but i did want them before
and that they're not even doing an option
uh to do that without like having these
cameras strapped to your face i think is
is a shame and
I think that's kind of how these big
tech companies like Google operate.
They kind of just take away any choice
that you have so you have to go
with the version of the product that they
want you to have because competition is
kind of eliminated.
We've seen this in the smartphone space
where there's only a few major players
now.
There used to be a ton of smartphone
manufacturers like ten years ago and now
those are gone and I think
Yeah,
everything is just kind of standardizing
on this one design, which is annoying.
Yeah,
it is kind of frustrating as well as
like,
I think the eyewear industry has also kind
of been profiting from this, right?
Because...
I think a lot of places that sell
glasses,
they sell the glasses at like a regular
store.
Like this isn't something that you can
just like only get on like an electronic
store or something like that.
It's literally like next to the standard
glasses.
So I think it becomes kind of normalized
through that as well, definitely.
I definitely saw them at the Sunglass Hut
stand at Macy's.
They're just meta glasses next to the
Ray-Ban glasses.
It's all the same stuff.
They just...
sell them all together um yeah I mean
I feel like the price is also kind
of ridiculously low but I think also
that's also kind of done by the fact
that these are like powered by collecting
a crap ton of information so it's probably
subsidizing the cost a little bit yeah I
actually don't even know how much these
cost I've never I've never looked into it
personally that is interesting though
They are not expensive.
They're definitely less than a thousand
dollars.
So I feel like that's, I mean,
I feel like Ray-Bans is definitely a
cheaper brand.
I've never heard of these,
like I've never heard of Gentle Monster or
that other one, Warby Parker, but I mean,
maybe they're.
Warby Parker is pretty big in the like
online glasses area.
I think you would see it recommended a
lot.
on like Reddit and stuff as a cheaper
option to buy your glasses in the store
because I don't know how it works around
the world but like at a glasses store
here you can pay three hundred dollars for
some frames or something and then not to
mention the lenses but if you order it
online from that they're like thirty
dollars or something I don't know so I
think that's why they're popular I don't
know if they're super known for being like
a trendsetter in style or anything maybe
they are though maybe people are super
into them
Yeah, I mean, I don't know.
I also want to kind of talk about
this.
I don't know if we...
There's another story that kind of follows
this up because I feel like some people
might be like, oh, this is... Yeah,
this is concerning, but, like,
is there any proof that these glasses are
collecting ridiculous amounts of
information on people?
Are they actually as creepy as, like,
are we just...
making this up like no we're not making
this up um so here's a story from
the bbc uh and basically a regulator has
contacted meta over workers watching
intimate ai glasses videos so basically
there's a uk data watchdog has written to
meta following a concerning report
claiming outsourced workers were able to
view sensitive content filmed by the
company's ai smart glasses and
it's a little bit concerning.
So they,
they were saying that they were even
seeing, you know,
living from living rooms to naked bodies,
you know,
people on the toilet and stuff like that.
This is,
this is experiences and things that,
you know,
a lot of people assume is private and
that is like kind of sacred,
which is being sent to these
companies.
And I guess we don't know whether this
is going to actually be the case with
the Google ones,
but I think given Google's track record of
basically wherever possible sending
information to Google's like a Gemini
service, I mean,
that's how they make money.
That's like,
that's the whole AI industry at the
it's kind of unfortunate that, you know,
there's this normalization of this
technology when we already know that this
technology is like completely, uh,
it doesn't have privacy built in.
And I think the normalization of this is
we're basically going to see every
country, like no matter,
like a lot of people say things like,
Oh, you know,
China has like a million cameras and like,
you know,
these cities in the U S they've got
cameras on every single corner.
Um,
Now there's going to be cameras literally
everywhere.
Every single person is going to be having
these cameras always on at all times.
There's going to be cameras everywhere.
And I think these are a little bit
more concerning compared to a smartphone
because the camera in your pocket or in
your bag is...
You know, it's not pointing at someone.
It's not, like, primed,
ready to capture content at all times.
So I think this is definitely more creepy.
I think it's definitely also kind of
breaking the consent model here as well.
Like,
if you're talking to someone who's wearing
these, like,
do you know whether they're recording you?
Do you know if they're sending your face
to some, like, AI company?
Like, no, you don't.
It's kind of creepy.
So...
yeah that was kind of the point i
wanted to bring up as well like not
only do we not know what these are
collecting um or like what extent these
are always recording but you also can't
know not you not only can you not
know like what these tech companies are
doing but um you can't really tell like
if other people just around you are
recording them right now and if you look
at the images from uh this google blog
they are um really
hidden i think the fact that they have
cameras i literally had to when i read
this for the first time i had to
zoom in really on this gentle monster
thing to see on on those frames to
see if they had cameras at all you
can barely tell uh there's an outline of
a camera when you zoom way in but
i was wondering if they were making some
models without cameras that only um i
don't know if these i think they said
they have heads-up displays but i know
they also like
talk to you in your ear.
Yeah, those ones.
I don't know if you can zoom in
on that easily or not.
But it's,
you really have to look closely to to
see those cameras.
And I think that that's the thing that
is most concerning to me because yeah,
it could just I mean,
it just really normalizes all of this in
in modern society that you don't really
have any privacy when you
go outside in public spaces anymore.
A lot of people would argue you probably
didn't have privacy in these public spaces
before.
But I think that the dynamics are a
bit different because cameras used to be
just less ubiquitous in general.
They used to be bigger,
so it was more obvious that you were
taking pictures.
Or even now,
if you hold up your phone,
you can tell if someone is trying to
take a picture of you.
And it's just very,
very different now because now you can't
tell any of that.
It's very unobvious.
yeah,
I am not a fan of this development
one bit.
Obviously, besides the camera issue,
these are really built around Google
Assistant,
like all of these smart glasses will be
with their respective voice vendors.
All of these big tech companies really
want to push AI and having AI in
your ear at all times as the as
the future right.
And
I mean,
we've talked about AI stuff on here in
the past,
but it's just concerning to me how much
data that people are giving up to these
voice assistants and other AI chat tools.
We've talked about AI chats misleading
people.
We've talked about how AI doesn't protect
your data because it doesn't have things
like end-to-end encryption,
and they're making it...
Not only is it was already hard to
run AI locally,
now it's practically impossible because
who can afford the hardware these days
because of these AI companies buying all
the computers on the market so us mere
mortals can't get one anymore.
It's all just not great,
I guess is the best way to put
it.
Yeah, it's a shame.
A lot of people in the chat hear
about this.
I like this comment.
We need proton face masks.
You know, that'd be funny.
I wonder if there will be some sort
of product that comes out.
I know we've seen it with facial
recognition stuff in the past,
kind of adversarial stuff.
things you can wear to mess with facial
recognition or cameras or whatever.
I don't know if there will be a
good way to kind of avoid being recorded
by these things.
But yeah,
that would certainly be an interesting
product.
I wouldn't say I'd recommend Proton get
into it,
but they make a lot of random things
sometimes, so you never know.
Yeah,
I think the last thing we need is
another Proton product.
Yeah, I know.
Uh, no, but I agree.
I agree with everything you said.
Um, but I do think like, you know,
I think a lot of people are purposely
saying like, Oh no, you know,
I'm not like using it.
Like it's a cool product.
And like,
I just want to be able to take
pictures everywhere.
Um, but I think a
Just because you want Meta to see
everything that you see constantly,
not everyone else wants that.
I understand the comment when you talk
about privacy in public,
but I feel like it's taking a little
bit...
in a strange direction.
Like just because you don't have privacy
in public doesn't mean you should have
cameras literally everywhere and everyone
with one strap to their face.
Like, yeah, I think also that's kind of,
it's kind of changed.
I feel like the aspect of that has
changed now that we have cameras
everywhere.
Maybe that would have been true like,
you know,
back when people had
it was hard to take pictures of people
and hard to do that sort of stuff.
But now everyone's got a camera,
everyone's got, uh,
easy ways to take pictures of people.
Um, I also think that these,
I'm not sure,
like they didn't actually show it in the
demo.
Like I watched the demo to see exactly
how these work.
And you did mention a little bit,
like there's,
there is ones with a display and there's
ones without a display.
So there's,
there's different things going on there.
It's the same as, um, meta's ones.
Um, but,
They're also trying to like if you watched
last week's Android IO thing,
they're kind of pivoting towards like,
you know,
using these connected devices instead of
your phone.
Like one of the demos they showed was
like ordering something on DoorDash and it
was basically Gemini was doing the entire
process for you.
Um,
and I think that's just another thing
where it's like, wow,
think about all the information that
Gemini is processing.
Like it's processing your location,
it's processing your order,
it's processing like so many things at the
same time.
And it's all just like getting heaped into
this product.
Um,
I don't think like it doesn't protect
anything.
Like there's
It's basically just sitting clear text on
Google servers, which, you know,
maybe Google has good security now, but,
you know,
there's always a possibility of it being
breached.
And like we saw with the regulator talking
about meta, like, you know,
who gets access to this data?
Like,
is it going to be outsourced to these
workers overseas?
And even then,
I feel like just storing that data is
also kind of concerning, too.
Yeah.
you know,
all these intimate things that you're
doing.
Like,
does that really need to exist on Google
servers?
Probably not.
I would argue not.
Yeah.
It's strange.
I saw we got a comment from Anonymous
in English.
in the chat saying that they saw a
good comment about privacy in public
spaces.
I tried to open this link.
I'm using brave browser for the screen
sharing right now and apparently lobsters
has blocked the brave browser so I can't
access it but I'll assume it's good and
if it's related to this other comment you
sent how it's not about the lack of
privacy it's
about it being societally inappropriate to
eavesdrop like that.
I totally agree,
and I think a lot of our society
could take a lesson from the Japanese in
this regard.
In Japan,
they notoriously have a camera feature on
their phone, a law, really,
that
requires all their phones to make a very
obvious sound when you're taking a
picture.
And I think that that's the sort of
thing that would not be unwelcome,
in my opinion,
because it's exactly about making it
societally inappropriate to do these
privacy violations in public.
I think if you're taking a picture of...
anyone who wants you to take a picture
of them,
they're not going to mind the sound at
all.
And for everyone else,
you want to have that notification,
I would imagine.
So that's the sort of thing where Japan
clearly saw a problem in society and
solved it.
And I think we could probably do something
to that effect as well.
Will we?
I doubt it, but you can always,
you can always hope.
I also think, no,
I think that's an interesting point to
bring up because, you know,
I think they have tried to like dissuade
people a little bit by saying like, no,
no, no, it has a notification light.
Like it has a little light on it
that shows that it's recording.
And people have already,
people are modding their glasses to get
rid of that.
People are offering that as a service.
They're like,
I don't want people to know I'm recording
them.
Like it's something that people are
actively looking to,
disable, right?
Maybe there's also a camera sound,
you know, oh, we just removed the speaker.
Sorry.
So, yeah, I mean, of course,
these mods exist,
because it's an asshole move to do that
with random people who don't consent to
that.
I mean, we,
this is exactly what we learned with
Google Glass,
which is that nobody likes it.
It's still the case that nobody really
likes to have cameras all up in their
face.
But what these tech companies are doing is
not only normalizing it,
but making it very easy and pretty hidden
to do so.
I.
I don't know what these I don't I
don't know what these glasses look like
specifically when they're recording,
because I don't think they have any
pictures of an indicator or anything that
I've seen.
Someone can correct me if I'm wrong,
but I would not be surprised if these
tech companies are
probably making it intentionally easy to
mod I would imagine a speaker would be
more difficult I mean you can always
remove it but a camera you don't even
have to you don't have to affect the
camera hardware I mean the glasses
hardware at all because you can just paint
over it or put a piece of tape
on it right it's not that hard to
block light sound is a little bit more
tricky but yeah it's
It's strange that we're kind of accepting
this,
but I think Meta has done a pretty
good job at advancing their agenda in this
regard, unfortunately.
Yeah, definitely.
I don't really think I have any more
to add,
but there was a comment here from
Anonymous, and they said,
is there a single Google product that
doesn't violate your privacy by default?
I'm just going to stop there with your
question.
I think no, no, there's not.
I think the fact that you need a
Google account to use a lot of these
services is kind of the issue, right?
I feel like a lot of this stuff
would be probably –
okay right if it was like not connected
to a google account but i think that's
kind of how they make money right like
they have this central account that's
connected to all these services that are
all collecting information about you to
make better choices for advertising all
that sort of stuff um i mean i
can't really think of anything off the top
of my head but maybe there is and
i'm not thinking right well no i totally
agree personally because
I mean,
people will point out pretty often if we
talk about any Google stuff,
how they do have some products which are
private or secure or only run locally.
And Google does put in some effort to
make some of these features local.
So you could look at like on the
Pixel phones, for example,
they have a song recognition feature on
the lock screen and that runs completely
locally on your device.
So it's not like it's streaming locally.
all of the music that you're listening to
to Google or everything going on around
you or whatever.
And there's little features like that.
You can enable end to end encryption of
your sync in Google Chrome to protect your
browsing data and passwords and history
and whatever.
So little stuff like that,
people will say,
that does exist so they can make private
and secure software.
But the reality is all of that stuff
that they're making,
they're kind of side projects and they
really exist for the purpose of getting
you to use all of these other Google
services and getting you to trust Google.
Google software development a bit more.
I think like all of these things being
pixel exclusive,
like that song recognition thing,
for example,
a lot of them are like that.
A lot of them are to get you
invested into the Chrome ecosystem and
stuff like that is,
that's kind of their motivation at the end
of the day.
I mean,
people will even argue that some Google
services can be private.
Like they'll point at Google Workspace for
Education, for example,
which has these terms of service,
especially because of laws and regulations
relating to how student and children's
data can be used in the first place.
But even that is not like a selfless
act on Google's part to release a good
product that is private.
private for students,
it's a way to normalize the entire Google
software ecosystem so that when they
become adults,
they'll use Gmail and Google Drive,
or when they enter the workplace,
they'll demand to use Google Docs because
that's what they're familiar with,
and Microsoft Word will seem old and
crusty in comparison.
And
That's ultimately the only thing that
Google cares about.
It's building this market share and
getting as much advertising data as
possible.
So no,
I would not use any of these Google
services.
I think
it's I think they just don't lead to
anything good happening.
And historically,
maybe the handful of things that Google
has done that are good for the world,
like creating the Android open source
project, for example,
I think they're actively trying to
distance themselves from it and lock it
down as much as they can,
through changes to their to how they run
the source code and making even more
features
pixel exclusive, I think, a long time ago,
they they took out the dialer in the
messaging app from Android itself.
So it's not even usable as a phone
anymore.
And like on its own,
they depend on themselves and OEMs making
these apps.
So now Android is like,
unless somebody is going to maintain those
things,
it locks people into these ecosystems that
keep growing, growing smaller and smaller.
So
Yeah,
Google has just become kind of an evil
company, unfortunately.
And I don't think there's much to do
about it at this point.
Definitely.
All right,
I guess we can move on to the
next story here.
Jonah, what's our next story here?
Yeah, let's take a look.
So this was reported by four or four
media.
Their headline is the FBI wants to buy
nationwide access to license plate
readers.
Only a couple of vendors could likely
fulfill what the FBI is after,
namely Flock and Motorola.
So their article says the FBI wants to
buy access to ALPRs nationwide,
which would likely allow the agency to
track the movements of vehicles and by
extension people across the country
without a warrant,
according to FBI procurement records that
for foreign media reviewed.
The documents that they reviewed show that
ALPRs continue to be a sought-after tool
for law enforcement,
not just for local police and individual
communities, but federal agents too.
This news is coming, as they note,
as protests and pushback against these
license plate readers have spread around
the country, which, of course,
we've covered many times here on the show.
Luckily,
there are a lot of stories about
individual agents
uh cities and towns rejecting these things
or going into contracts with flock and
then canceling them because of outrage i
think these are things that most people
generally do not want or see the value
of uh but they are still being adopted
in a number of other places so this
four for media article notes that
In the case of Flock specifically,
all of the Flock systems that get
installed are under the control of the
cities or other entities that order them,
not Flock themselves.
I don't know if that's technical or just
a matter of policy,
but at the end of the day,
The city that installed it can choose
whether to share data with federal law
enforcement.
And I believe the default is that they
don't share that information,
although it would be easy to check.
And I'm sure a lot of law enforcement
agencies, local police stations,
et cetera,
would be more than happy to share all
of their data with federal law
enforcement.
So I don't think that's a huge protection.
But yeah,
it's very concerning because all of this
data being kind of combined by flock into
this massive database in a very easily
searchable database will reveal very fine
grained detailed information about
people's travel habits,
And I wouldn't be surprised knowing what
applications of AI we've seen in other
fields, like the military, for example.
I think we talked about that in a
previous episode,
but there was a story about... Yeah,
I believe it was Anthropic who were kind
of taking a stand against the military by
saying you can't use...
their AI for like targeting people and
that sort of thing.
But other AI companies have not been as
strong against this.
And I would imagine that we're very close
if this goes through from a system where
not only can the FBI look up people's
license plates to track them and see what
they're doing,
but
they will be able to implement AI systems
who can analyze all of this data and
probably preemptively track people,
find people of interest depending on where
they're going.
Maybe there's hotspots that they are
concerned about and they want to see all
the people who go in and out and
that sort of thing.
We've seen that sort of geolocation
feature in other stories in the past.
uh specifically with google this most
often happens with people or law
enforcement agencies will make requests to
google asking for all of the phones
basically that were in a given area and
these areas can be quite large and cover
tens or hundreds or thousands of Google
accounts that will then have their privacy
breached just because they were somewhat
in the vicinity of a crime that occurred.
So I would be very concerned about that.
We've definitely seen a lot of flock in
the news.
That's the big name that people are
pushing back against right now.
I know that Motorola has a pretty
extensive system as well,
which for media called out in this
article.
I don't actually know how extensive that
is or how many cities have installed it
or what that system entails.
I'd have to look.
more into that.
But in this article,
the FBI says that they are open to
awarding a contract to multiple vendors if
that helps them achieve their goal of
pretty much nationwide access to this
data.
So it's very possible that they could
enter a contract with Flock, Motorola,
maybe even some other companies and
combine all of that data into one system.
So
Yeah,
I think this is a very concerning
development in the area of government mass
surveillance.
This is exactly the sort of problem that
Nate just talked about with Naomi
Brockwell in that interview we did
recently.
As far as warrantless searches of our data
goes,
that was more to address data brokers.
But this is the same category of stuff
where they can get all this data from
private companies and compile it all and
use it without getting a warrant,
which it's just scary stuff, I think.
Yeah,
I definitely was going to touch on that.
Like it does seem like this is sort
of exactly like what we were talking about
with that interview.
Like, you know,
this data shouldn't be just easily
accessible by like police departments and
like the government.
Like they shouldn't be able to know every
single person's movements within a city
and whatnot.
I think that is pretty bad information.
Is the solution to this basically at this
point, you know,
just getting these camera systems removed
or perhaps like a legal precedent for
perhaps, you know,
this being against the Fourth Amendment
or?
Yeah, I mean,
it's my opinion that it's clearly against
the Fourth Amendment,
but obviously that's not much of a concern
to the government these days, it seems.
I think that you definitely have to take
both approaches.
The best way to do this is to
make sure that this isn't happening in
your town,
and that means getting involved with these
city councils.
I know that politics is very...
annoying to deal with and i think a
lot of people lose hope uh when it
comes to like nationwide federal
government or even their state government
um in some cases but
Your local government,
you can't have a lot of power and
it's a very small group of people,
I think,
that they can get away with a lot
of stuff just because there's no pushback
at all.
So even a little pushback on this sort
of thing can definitely help out your
community.
And I would try to do that and
I would try to get more community members
involved and just be persistent about it
if your city or town is...
considering implementing flock or has
already implemented it um but the other
approach is definitely something like the
the surveillance accountability act that
naomi brockwell drafted and recently
introduced with uh thomas massey i you can
if you want to learn more about that
you could go watch that interview after
this i would say
telling other all the listeners here,
I would say that I think it's very
unlikely that that will come to pass,
especially because Thomas Massey lost out
in the Republican primary because Trump
really wanted him out and spent a lot
of money to make that happen.
So
I don't think either way,
I don't think it was really going to
go anywhere.
But I do think that that kind of
bill was important for like privacy
education.
I'm glad that Thomas Massey signed on to
it,
even if he's going to be out of
office soon,
because it's kind of like a nice parting
gift to the American people to at least
educate people about privacy and be like,
this is what should be happening.
And we should at least be discussing it
more and seeing what we can we can
do about it.
Because
We need some more protections against this
kind of...
The government would probably consider
gray area stuff with the Fourth Amendment.
And we need an easier way to hold
the government accountable and sue the
government for...
violations of the fourth amendment because
for some reason we're in the situation
right now where the u.s constitution
guarantees a lot of rights but if the
government violates those rights you have
very little recourse it's very challenging
to sue the federal government because the
entire system is stacked against the
ability for you to do that which kind
of
I mean,
weakens the entire idea of having this
judicial system in the first place.
I think it's very unfortunate.
But just like we have Section two one,
which reinforces the First Amendment,
I do think we need something similar when
it comes to data brokers,
when it comes to these huge tech companies
like Flock that are collecting all of this
camera data around the country,
preventing that sort of surveillance from
happening,
especially preventing the government from
abusing that data and compiling it all
into an even larger mass surveillance
system I think absolutely needs to happen
and I think we need to be talking
about that more and demanding it.
Definitely and it's yeah it is kind of
unfortunate that like we kind of had a
I feel like in the US there's very
few politicians who actually care about
privacy.
I think the other one was Ron Wyden,
I believe,
and I guess that kind of sucks now
that we've got only basically him left.
It is kind of frustrating,
but I think what Jonah said,
the local level is also really important.
I feel like these companies like Flock and
Motorola, they probably are doing...
Isn't there probably a lot of lobbying and
a lot of money behind this whole
initiative?
Is that why a lot of cities are
choosing to implement this?
I mean, absolutely.
There's got to be.
I remember we saw...
I don't know if it made it into
the show notes,
but we just read in one of our
chats about...
a city in Texas that is losing flock
because of pushback from the community.
And one city council member had a total
crash out basically and wrote a huge
manifesto about how crazy it is to get
rid of flock and how they might as
well go back to the eighteen hundreds if
they can't use these surveillance cameras
to track people around their city.
If you read that entire letter that he
wrote,
it came from a very emotional place,
which I think that
isn't typical of even politicians who
don't get their way unless they were like
personally invested in this in some way.
So I would not be surprised at all
if there are kickbacks from flock and
these other surveillance providers to to
these cities that implement them,
because it seemed like, you know,
he was really personally losing out.
And that does seem like the sort of
thing that that they would do.
Yeah.
I think just to like finish out this
topic here,
I guess like for some people in the
audience who, you know,
might be feeling a little bit skeptical of
this technology,
maybe they're not a hundred percent
against it yet.
They're not really sure.
Is there,
is there like evidence that this
technology is even good for catching
criminals or is actually an effective tool
or is this just, you know,
a thinly veiled excuse to actually install
these cameras everywhere?
Yeah.
You know,
I haven't seen much evidence to that
effect.
Even if there were evidence,
I would have to look into that more.
But it certainly isn't having the, like,
enough of a profound effect to make it
worth it by any means.
At the end of the day,
you have to balance this against the
rights that people have to privacy and the
rights that people have against privacy.
warrantless and illegal government
searches at least in theory and any
potential benefits that this has for law
enforcement aren't outweighed by people's
rights and by the u.s constitution i don't
think um it's probably not super
controversial to to most people to want to
make catching crime easier and to help
help out law enforcement with their jobs a
little bit.
But that help has to come through legal
routes like requiring a warrant and having
some oversight from another branch of
government from the from the judicial side
of things rather than their executive
branch.
And without those checks and balances,
it's just an authoritarian system,
which is completely unacceptable.
Definitely.
I a hundred percent agree.
Um,
I guess here we can dive into this
next topic here.
Uh,
this is a story about researchers wanting
preschool teachers to wear cameras to
train AI.
So this is kind of a ridiculous story.
I can't believe we're actually,
this is actually a thing.
Um,
And this is a quote from this article
by four or four media with your
permission,
your child's lead teacher may wear a small
teacher worn camera that captures the
teacher's approximate first person
perspective.
And,
or we may place a fixed video camera
in the classroom,
a document given to parents and later
shared with four or four media reads
university of Washington researchers plan
to have preschool teachers wear cameras
that would record everything they saw from
a first person perspective.
including the children they were teaching.
Then they would use this footage to
develop AI models.
One parent who spoke to for media
understood the program as opt out rather
than opt in.
The university said that classroom
participation was contingent upon
receiving parental permission from all the
children.
Uh,
I just want to say like already from
the top here, uh,
when it comes to children,
like we already have a lot of laws
around, you know,
collecting children's information because
let's be honest,
like children can't consent.
They don't, they don't, they're not fully,
uh, capable of consenting.
Um, so, you know,
when we have preschool children here,
like these are like, you know,
these are toddlers, like these are,
these are very, very young children.
Um,
It's kind of concerning, right?
So I think that
That should already be our thing from the
top here.
These are children that can't consent.
Their information,
their faces could have been recorded.
I assume that none of the parents approved
this,
but maybe I'm thinking too positively of
them.
But, I mean,
I certainly wouldn't allow this to happen
if my child was going to a school.
So, yeah, this is, I guess,
another aspect of how AI is becoming very
entrenched into the education system.
I think, you know,
we're probably going to see like children
accessing AI models and these children
safe AI models and like, you know,
all this kind of creepy stuff.
But yeah, Jonah,
do you have any thoughts on this one?
You're muted.
Oops.
My immediate thought when I saw this
story,
I sent this picture in the chat right
away because I feel like we were warned
about this sort of thing.
How many years ago?
Eight years ago.
And there's a lot of lessons in the
media that I think
people should be taking away from and
don't.
But that is the classic problem.
It's a classic quote about sci-fi writers
and other writers in the arts and
literature space will write a story about
the torment nexus and how it's super bad.
Don't build it and then tech pros are
like, let's build the torment nexus.
It sounds so cool.
That's the sort of thing we're getting
into here.
I don't know what it is that like
these schools are hoping to learn from the
from this.
I feel like I know that this article
does say the goal is to better understand
children's everyday learning experiences
and develop AI tools that can help assess
classroom interaction quality.
That to me feels like the sort of
thing that you could just ask teachers
about how things are going in your
classroom.
what what issues are you having i don't
know if you need ai to analyze all
of this and put it into a nice
chart for school administrators to look at
i i don't know what these charts are
really doing for for the education sector
in general i think that this is like
a lot of things in the schools these
days um
overly bureaucratic administrations really
taking away from the educational system
and really hurting teachers,
hurting students,
and
I don't really see how this could be
beneficial.
What I did not see in this article
is what the teachers in question think
about this system.
We've heard what parents think and what
the people doing the study and what the
administrators at the school think.
would be kind of surprised if the teachers
were like super on board with this and
really wanted to know how to integrate ai
into their classroom more i feel like
that's not something that people are
clamoring for and i think that a lot
of people in the educational space know
that all of this integration of ai and
all of this reliance on ai is making
the quality of education
worse uh it's making like like an overuse
of technology in the classroom especially
without proper technology education in the
first place no uh no no guidelines for
students to follow no i mean in a
lot of cases no advice is really given
you just put in front of a an
ipad or a chromebook and
told to do things.
And a lot of students are expected to
know the basics.
But if you're not learning the dangers of
this stuff,
if you're not learning how to browse the
internet responsibly,
it's just a gateway into all sorts of
bad behaviors.
I don't think that technology needs to be
completely removed from the classrooms or
anything like that.
cameras probably do.
I can't imagine.
I still can't imagine why anyone would
want what's described in this article.
But in general, you know,
technology is important.
And certainly you should be skilled in it.
But I think students are basically being
trained to be consumers of technology and
whatever is put in front of them,
AI is only going to worsen that problem.
And something needs to be done about that
we need to bring back proper tech
education,
we need to bring back
I think more
Just more reliance on the people who are
actually doing these jobs and interacting
with these students and giving them the
tools that they ask for.
Because while this is happening,
while they're trying to shove cameras and
AI into every corner of these classrooms,
teachers are not getting the resources
they need.
They have to spend their own money to
get pencils to hand out to their students
and stuff like that.
Our priorities are so...
mixed up here in the educational space.
At least that's my perspective here in the
US.
I don't know how education works around
the world.
I feel like
I hear China has a lot of education
stuff done,
but then they have their own separate
problems.
I don't know what the best solution is,
but I think that something needs to be
done.
This is clearly not the right direction.
Even if there are multiple directions we
could be going in, this is not it.
Yeah,
I definitely agree with your analysis
there.
I think also the
the thing that I feel like kind of
happens with schools is I feel like
sometimes people don't think that children
need human rights.
Like just because they're children doesn't
mean that they can't,
like they can be guinea pigs for this
technology.
Like I feel like if you said we're
going to be installing machines
AI cameras in McDonald's that's going to
automatically analyze your facial patterns
and like
send all of this data to train AI,
I feel like people would be kind of
like, what the heck?
Like what?
I'm not going to McDonald's anymore.
Like what?
But then as soon as you say it's
for a learning environment, you know,
we're trying to help kids.
Like it's like, no,
like I don't think that's really,
I think that's kind of a bad excuse.
It did say in this,
they got a response back from the
University of,
was it University of Washington?
Yes, University of Washington,
they got a response back and they said,
our initial outreach was intended to help
us better understand how families would
feel about a project that uses artificial
intelligence to support teachers.
Now,
I actually kind of feel like this is
a little bit of a
cop-out maybe like I kind of am interested
to see what this actual thing that they
were trying to do contained um I think
there is a yeah there is actually a
picture of it on there I don't know
if we can open that up on on
this on the stream but uh yeah it
is kind of strange like I don't think
it's it says specifically that that's a
reason
And I don't know,
it just kind of comes across a little
bit strange that they would say that's the
reason why they were doing this,
not because, you know, well,
these are the nefarious reasons, but...
Maybe, oh yeah,
I can share the document that they got
here.
It basically said what you said at the
beginning,
your child's teacher may wear a small
camera,
And they will be used for supporting
teachers through coaching and Ai tools
research and children's learning
experiences research publications and
conference presentations project
demonstration videos restricted access
research data set and it may be processed
using cloud based Ai services.
They say that participation is completely
voluntary.
If you change your mind,
you can let the teacher or research team
know,
and we will remove any recordings that
include your child.
If recordings have already been used in AI
model training a group with other data
prior to your
through a withdrawal request,
it may not be possible to remove your
child's data,
which is a problem you see in a
lot of research studies.
Once it gets anonymized,
it's very challenging to change whether
you can send to them.
But I think this is in particular,
especially because they are using
cloud-based AI,
is problematic uh so and and also the
fact that they are still going to take
these recordings they're just going to go
through and remove your child from them if
you if you opt out um which is
obviously not like an ideal solution
mistakes can always be made to that effect
and how would you how do you even
know the university of washington
is not doing this research anymore uh they
say given the early responses from parents
we have terminated the study they're no
longer seeking participation at any site
so that's that's good once again just like
with the flock stuff it's good to push
back against these very invasive things
that are happening in our communities in
our society taking some responsibility um
and
making sure that i mean making sure that
your children are protected their data
making sure that this kind of stuff
doesn't impact their futures in any way
that's all super important for parents to
do so
So, yeah, I, you know, in this case,
it's a good outcome,
but I would not be surprised if this
exact sort of thing gets tried by research
teams and by other companies around the
country and around the world in the
future.
I mean,
already there's so many products for
education that
kind of surveil what children are doing in
the classroom on their computers.
You could look at like GoGuardian,
which constantly records your screen so
that that can be checked later.
And this is just one step beyond that.
But I wouldn't be surprised if this is
the sort of thing that AI companies or
other tech companies are itching to turn
into a full product at some point.
Yeah.
And I do think also the,
I think it would definitely be a benefit
if there was like, you know,
in the U S there was a nationwide
privacy law or something, you know,
that was,
I think it also is like the,
the protection of like,
I think some of these privacy laws are
like, you know,
we don't allow a collection of children.
Like I think it's the CCPA or something.
It doesn't allow collection of data on,
on minors, but it's like,
what about everyone else too?
Like, I think it's,
Most people would probably be against this
sort of thing,
being recorded and then that information
being sent to be trained.
I think that's also another problem with
these AI models is the training data.
How do they delete it?
Once this information gets put into an AI
model,
what if it contains personal information
of somebody?
Yeah.
I mean, they said they don't delete it,
so that answers that.
Yeah.
As far as we know,
that's the case for every other AI model
as well.
if there's information that gets scraped
by these things or that gets fed into
it like uh you know that's just a
black box exactly exactly yeah i think
that's kind of uh
everything we wanted to share about that
article.
We're going to get into a story about
discord,
rolling out some end to end encryption,
which is cool.
But before we dive into that,
let's share some updates with what's going
on within the community and our team.
Jordan,
why don't you start us off with some
updates on the videos that's been
happening?
Yes.
So I guess for anyone that's kind of
missed it,
we put out a video last week with
Naomi Brockwell,
and that was an interview that Nate did.
So basically we asked her some questions
about, like we talked about earlier,
the Surveillance Accountability Act that
finally got public release.
And if you haven't seen that already,
definitely check it out.
We also
released this week.
We released a bonus section of that
of that video where we asked her some
less privacy related questions so if
that's something you're interested in you
can get access to that by becoming a
member at privacyguides.org donate and
yeah you can definitely check that out if
you're interested in extra stuff we're
trying to basically offer more stuff for
our members and you know
give you extra perks for supporting us
because we do really appreciate it.
So definitely check that out.
That is available on, oh,
hold on a second.
That is available on privacyguides.org
slash videos.
You can check that out there.
You can see the bonus episode there and
the standard episode that we released.
So that's now live, the bonus section.
It's only like ten minutes,
but it's definitely some interesting
stuff.
If you're curious about Naomi's background
or if you just want to hear some
more of her personal thoughts,
definitely check.
that out as you know some cool bonus
stuff to check out um and if you
haven't already seen the interview with
her i would definitely recommend seeing
that too um
And I guess on my end this week,
I've been working on a video that Nate
put together.
He recorded and edited the basics of that
written up by him as well.
And I've just been editing that this week.
And I'm kind of hoping it's kind of
a more complex video.
It's about passwords,
kind of debunking some of the issues that
we've had with information on the internet
being a little bit outdated when it comes
to these password-related topics.
So definitely look out for that one.
That'll be coming soon.
It's more of a complicated edit.
So I suspect it might take a little
bit longer to edit because there's all
sorts of stuff we need to explain visually
in that video.
But I think it'll also be pretty
interesting.
Yeah,
I don't really have anything more in terms
of video content we're working on.
What about you, John?
Is there any extra site updates you can
talk about this week?
Yeah, there's a couple things going on.
This week and last week,
I've been working on kind of a redesign
for the entire website.
So that's currently accessible in a GitHub
PR right now,
if anyone is interested in taking a look.
But a couple changes that we're making to
all of that that I hope we'll be
able to publish soon.
because I think it's time for a change.
We've had the same website for quite a
while,
and I think there's improvements and
things that we've learned that we can make
it a bit easier to read and a
bit easier to navigate for sure.
So hopefully this helps out a bit.
There's also a discussion going on on the
forum right now that I opened a few
hours ago,
which is about a project that I want
to work on,
which is maintaining our own directory of
Android app fingerprints for the app
verifier app.
I don't know if anyone is familiar with
that here or uses that on Graphene OS.
You can get it from a Crescent.
So I know that a lot of people
who are concerned about the security of
what they're installing or who are on
Graphene OS use this.
And the way that the app works is
you have to
enter the fingerprint of the api of the
apk signature that you get from an
external trusted source so you can confirm
whether it is um the correct thing that
you're installing i think that we could
pretty easily crowdsource a trusted list
of this and i think that it would
be a good benefit for the community and
i think that we'd have enough people to
maintain it well so that's a potential
project that we're starting on it seems to
have support in the on the forum so
far but if you have any thoughts on
it i definitely want to get people's
feedback on that thread so i would
highlight that
Otherwise, a lot of the usual stuff,
as usual, privacyguides.org slash news.
You can catch up on other news stories
in privacy security that we've seen in the
space that we don't talk about on the
show because we are a bit limited here.
We discuss these news stories a bit more
than just read through them.
So we can't get through them all or
we'd be here for like six hours every
live stream.
But...
There's a lot of good stuff there as
well,
and it's a good place to stay up
to date in addition to our forum.
So that's kind of the main things that
I'm aware of for this week.
All of the stuff that we work on
at Privacy Guides, of course,
it's made possible by our supporters.
Like you said,
if you go to privacyguides.org slash
donate,
you can send us a one-time donation,
or you can sign up for...
a monthly membership,
which would include access to early access
videos and the bonus questions and
interviews and other exclusive videos like
the ones Jordan just talked about.
This is the only bonus questions video
that we've done for interviews so far,
but it's something that we hope to
continue doing
for for future interviews that we do we
have and we have a couple lined up
and i think getting people's personal
perspectives on different things in the in
this space is is cool and useful uh
another way to support us is by picking
up some swag at shop.privacyguides.org i
have a water bottle says privacy guys on
it i like this water bottle a lot
uh there's some more
Maybe boring merch like this one that just
says privacy, guys.
But we have some good designs there as
well if people are more interested in the
activism side of things.
I think we have some good stuff that
you might be interested in.
So you can consider checking it out.
As always,
I'll remind you that Privacy Guides is a
nonprofit project.
We research,
we share privacy-related information,
and we facilitate communities on our forum
and matrix where people can talk about
this stuff, ask questions,
get advice about staying private online
and preserving your digital rights.
So that's my spiel with all of that
out of the way.
Jordan,
why don't you take us away with our
next story here?
Or is it my turn?
Wait, who just did that one?
I think it's your turn if you want
to take this next story about Discord.
I will do this.
If my computer works,
why can't I like this?
Sorry.
This is from Bleeping Computer.
Discord rolls out end-to-end encryption on
voice and video calls, which is very cool.
Discord has announced that all voice and
video calls through the communication
platform are now protected by default,
which is important,
with end-to-end encryption.
The implementation was completed in March.
Extensive at-scale testing has given
Discord the confidence to formally
implement
announce the end-to-end encrypted
deployment now and to start removing
client code that supports unencrypted
fallback.
There's some technical details here.
The migration to end-to-end encryption was
achieved by extending the open source
encryption protocol, Dave,
to support all of the platforms where
Discord clients run, desktop, mobile,
web browsers, PlayStation, Xbox,
and Discord APKs.
I think that is very cool of them
to work on
stuff that's open source and stuff that
could potentially be adopted by other
video chat providers because Discord
clearly has the resources to build
something that works and works well and
works at scale that smaller projects and
smaller companies probably wouldn't be
able to do or wouldn't be able to
do very well.
So...
Yeah,
contributing to open source is always
good.
This Bleeping Computer article says that
this protocol called Dave was first
introduced in September of twenty twenty
four,
and it was developed in with assistance in
auditing from Trail of Bits,
which is a pretty reputable security
auditing firm when it when it comes to
encryption and all of that stuff.
So
Hopefully, it is all done well.
And I think that this is a big
upgrade for Discord.
I believe Discord has already added
end-to-end encryption for, no,
I don't think they have it for text
messages yet, unless their DMs do.
I'd have to look this up quick,
unless anyone knows in the chat.
But at least for voice, it's something...
I know that Discord is mainly a chat
app,
but I know that video calls and voice
calls are very extensively used by Discord
users as well.
So this is not like a super insignificant
change.
There's some platforms that rarely,
if ever, get video calls used on them.
But this is not one of them.
It's very common.
So having this available by default,
at least on videos, is...
It's great for everyone, I think.
And as usual, end-to-end encryption,
I think, not only benefits users,
but it also benefits these companies.
They don't need all of this data.
And kind of distancing themselves from
potentially that liability is also good
for businesses.
So it kind of works out for everyone
on both ends to support encryption as much
as possible,
which is why more companies should work on
implementing it.
Did you see any interesting stuff in this
article, Jordan?
No, I think you covered the main stuff.
I do want to add, though,
you did hint that possibly Discord might
have encrypted DMs or anything like that.
At this stage,
that's not something that they've said
that they're going to do.
I think they've said in a couple of
times on Twitter
know when they've been pressured on this
and people have asked them in questions
like why why aren't dms encrypted like you
know it kind of makes sense this should
be something that you do um confusingly
worded because it said that the encryption
layer covers dms but then i realized they
probably just spent video calls in dms i
don't know if i would call those
DMs them because it's not a message.
But whatever, whatever, bleepy computer.
We got there eventually.
I did want to highlight one thing in
this article that I didn't mention,
which is that they had issues with this
encryption layer in Firefox,
with their web client in Firefox.
And instead of just doing what I think
a lot of companies,
especially
Google, of course, because they're biased.
But what a lot of companies would probably
do and just block Firefox and say,
you got to use got to use chromium
to do this.
Discord actually worked with Mozilla to
solve those problems and get it working.
So that's another cool thing that they're
doing.
Would I recommend Discord overall?
Probably not,
especially without encrypted messages.
But a lot of people use it anyways.
A lot of even open source projects use
it anyways.
So if you're in certain open source spaces
even, it is sort of unavoidable,
unfortunately.
So yeah, I think it's good overall.
It's always good even with these less
privacy-respecting products to...
move in the direction of them being more
privacy respecting because not only does
it benefit the users but it kind of
normalizes this stuff it makes more people
expect end-to-end encryption because
they'll be like well discord has this and
this other app doesn't so that's a selling
point for discord and people will need to
add end-to-end encryption if they want to
compete and i think that that is a
good thing you should always all of these
products should always be competing on
security features because that's how we
all that's how we all benefit
Yeah, and I also think, you know,
we're seeing companies now that are, like,
pulling out of encryption.
Like, we saw Instagram DMs are, like,
they're discontinuing encryption on that
for some reason.
Like, what?
What is going on there?
Like, we need to, when companies start,
you know, saying that this is too hard,
this is, like,
causing too much friction or, like,
you know, it wasn't making sense.
Yeah.
There's plenty of platforms that do it.
Signal is everything.
Every single thing through Signal is
encrypted and it works perfectly fine.
So, you know,
I think this excuse or like, you know,
thing is like kind of a little bit
ridiculous, I think.
I feel like discord was almost filling a
role like similar to zoom for some people.
Like they were doing like company meetings
on discord.
Like people,
people use it for a lot of stuff.
Um,
so it kind of makes sense why they
finally pushed to have this enabled on
every chat.
Um,
But I think it's a good start.
But I think stuff like if we had,
it's obviously not a good service from a
privacy perspective.
It all runs on Google Cloud
infrastructure.
Its business model is questionable,
I would say.
Having Nitro and having a shop and all
these things,
I think it's a better business model than
WhatsApp, let's say.
it's still a little bit sus and I
think they're they're kind of uh vying to
be purchased and I think when that does
happen they're gonna become a lot less
privacy uh and a lot less
freedom oriented.
Like, you know,
they're not going to care about supporting
Firefox.
They're not going to spend the development
time to do that once they get purchased,
which I think is going to happen.
I think they're going to get bought by
someone.
It's just,
they're so big at this point that I
think, you know,
it's their value is probably ridiculously
large at this point,
because if you think of any online
communities, they've got a discord server.
So it's kind of become very ubiquitous,
especially when it comes to gaming stuff.
Yeah,
that's the problem with this VC-funded
stuff.
You either have to make way more money
than Discord is probably making,
or you've got to be acquired by a
company that is doing that.
So yeah,
Discord has stuck around this long,
but who knows in the future.
It is very easy to see why...
people have switched to discord, the UI,
the user,
the interface and the experience is for
some reason remains
very unique i don't know why more people
are not just doing what discord is discord
pretty much just did what slack does
except slack is absurdly expensive and
annoying to use and discord is not um
and there's been really no development in
other spaces since which is
is unfortunate i've always thought that
matrix and element clearly need to just
copy discord set up uh these like having
roles and having colored usernames and
having all of your communities in one
sidebar and having easily sorted rooms and
having all of this stuff like that is
extremely useful for communities and
Matrix and Element,
as well as pretty much all other chat
platforms,
just refuse to do the same thing.
Like, if you see something that's good,
you could just copy it.
I would be fine with that.
But they don't.
Somebody in the chat said,
check out Fluxer.
It's an AGPL complete Discord clone.
I did look at Fluxer a while ago,
and it seems very cool.
It actually does seem like the most
promising potential replacement.
I got to look at it again because
I haven't looked recently.
It...
I'm really hoping we can find an
alternative that supports Federation.
There's that other Discord alternative
that I think it's called Revolt.
I can't remember the name.
They like rebranded or something.
So it's confusing in my mind.
But they are like an open source thing,
but they have a worse experience in my
opinion.
And also it's just one centralized
service.
And I think we're in a bad place
if we're
swapping out one centralized service for
another, even if it is open source.
especially if it's not encrypted because
it is just putting all of your eggs
in one basket, basically.
But Fluxer does have Federation on their
roadmap,
so I'm very hopeful that they can do
it and get it done.
We have seen other projects and other even
chat projects say that they're going to do
Federation and then they never get around
to it because unfortunately it is a it
is a challenging problem to solve.
But
I don't think you have to do federation
in the way that Matrix does it,
which is extremely inefficient and weird
because all of the servers in a federation
basically have to sync data with each
other and they all have to store all
of that information.
I think a system...
more like Mastodon where there are like
centralized servers,
but you can access all of them in
the same UI would be very beneficial for
people.
So like, for example,
we could host a privacy guides Fluxer
server.
But then if you go to the main
Fluxer app,
you could still access it and also other
Fluxer servers that you see.
So that is something I hope happens.
Or if it doesn't happen with Fluxer,
I hope some other app does it.
I'm just really hoping I just really
hoping someone does it.
It's probably one of the top things that
I would
hope to see because right now I've kind
of got all of these chats going in
signal which is okay but it's clearly not
the same level of organization as
something like discord and not everyone is
willing to join public signal groups
because signal shares a lot of information
you can direct message anyone in there you
can't really block that uh so
Yeah,
at least you don't have to share your
phone number anymore.
So Signal has improved in that regard,
but it's not at all even close to
replacing Discord for a lot of people,
unfortunately.
So there's got to be another app.
And hopefully it happens sooner rather
than later, but I guess we'll see.
Yeah, I think also Discord is kind of,
it's become like sort of a centralized
place where a lot of communities are now.
And I feel like getting people to move
is going to be a challenge unless
something else comes along that is like
superior to Discord in every possible way.
You know,
I think if they are like this Fluxer
project,
I haven't heard of this before today, but,
you know, if they are able to,
create something that does allow like
federation and stuff like that.
Like, I think that's going to be,
that's going to solve one of the,
the biggest issues that the discord has,
which is everything is just centralized on
discord, which is,
I would argue is a little bit of
a problem because, you know,
it gives them kind of a lot of
control over the communities that are
there.
Um, whereas, you know,
like what we've done is, you know,
Jonah's set up like a forum for everybody
to discuss stuff on and that's all like
public.
You don't need to provide like personal
information and stuff.
I think we should go back to,
should go back to forums and stop putting
everything on like discord service.
Cause yeah,
I'm kind of over that method of putting
information out there.
It's not very easy to search.
I don't know.
But maybe I'm becoming too old,
and that is too cool.
That's just the cool new thing.
No, searchable information is always good.
And I think the messaging space is ripe
for a Discord replacement.
Because, I mean,
I agree it's going to be very challenging
to get a lot of people to switch,
especially right away.
But I think the moment Fluxer implements
Federation, for example, or maybe...
another federated app comes out for
messaging that lets you run a centralized
service so you can control the user
experience.
I think a lot of open source projects
especially will switch to that.
There are still a good amount of
communities on Matrix and we saw a lot
of them switch when Matrix first came out
and got good because it was better than
IRC for a lot of people.
But
I think the user experience of Matrix at
the end of the day, even now,
it's not up to par.
It's not as fast.
It's not as nice as something like
Discord.
And I think...
open source projects had this problem
where they want to have chat rooms on
matrix but some people would be joining
with matrix.org which is a terrible server
to be using or would be joining with
some other bad servers or would be you
know they can't control the experience of
the end users so a lot of these
uh a lot of these open source projects
end up
opening the their own servers to
registration so they can at least
guarantee something but then that's a huge
undertaking to to like run a mozilla.org
server for to just to the public to
a ton of people like that requires a
lot of space and processing power so
matrix a very a very hard solution i
think for projects to stick with but
something more lightweight and
not focused on like full decentralization
but more focused on just letting people
self-host their own communities i think uh
i think that that will convince a lot
of open source projects to switch i i'm
pretty certain of it and i think that
if that happens that's that's typically
how we see change especially online
because that
that once all the technical people switch
i think that pulls in other people it'll
pull in the gaming space next because
they're that's pretty tech adjacent a lot
of those people are also very techy and
then that'll pull in even more mainstreams
i think that's the sort of way that
these projects become mainstream but they
have to be usable they have to be
usable by a lot of people and have
a good experience as well as adoption uh
so haven't seen a messenger that does all
of that yet but
Maybe this will be it.
Or maybe another one will be it.
I don't know.
But hopefully, again,
hopefully something soon.
Yeah, and I think the most,
like the most important part, though,
is like,
I feel like it needs to be,
we keep making this mistake, like Skype,
I remember everyone used to be on Skype,
and then everyone moved to Discord,
or like everyone was on TeamSpeak,
and they moved to Discord.
And it's like,
can we move to, like, an open platform?
Can we move to something that's not, like,
controlled by the whims of, like,
a couple of people that own this company?
Like,
I think that's kind of the thing I'm
seeing here.
Like, Discord, I remember back in, like,
I joined it when it, like,
first came out in, like, and, you know,
it was a really cool alternative.
It was, like,
way better than everything else.
But, like,
I feel like we've gotten to the point
now where it's, like,
we have the ability to,
to make something better.
Like I feel like it wouldn't be that
hard for someone to make something that is
better because there's so many teething
issues now with it.
Like people are complaining like about
decisions that have been made by the
development team.
Like, Oh, why is it moving to like,
why are you moving every platform to like
a non-native experience?
Like why are you,
why are you making the app like really
laggy on my phone?
Like it's,
it's it's decisions that like this this
top-down system is kind of making right
like I feel like if it was a
decentralized open source uh sort of thing
it would be maybe that is an option
that you can switch your clients to but
there's also another option you know like
there could be something a bit you know
avoid these issues that we keep having but
again like you know matrix
also has showed us that that doesn't
always work that well.
Um, because I think a lot of the,
a lot of the development around matrix is
done by a single company.
It's not really done by a community of
people as much as we would like.
Um, like, you know,
matrix.org foundation is like quite strong
behind the development of,
of it as a project, um,
which kind of makes sense, but,
it does mean they can make decisions that
affect everything else.
Like I remember it's like all the spaces
stuff.
And then we had before spaces,
it was like everything was in,
I don't know.
I'm not honestly that much of a matrix
user.
I'm just on there because there's channels
that I have to be in.
But there's definitely issues with that
aspect as well.
But I feel like the issues are a
little bit more forgivable at least.
Yeah, totally agree.
A couple messages in the chat here.
Ion Sailor said, Stout, thank you.
Not Revolt.
Revolt was the original name.
I didn't much like it at the time,
but I think Stout is much worse.
No offense to the Stout people.
Harder to remember.
Yeah, I'm not a fan of Stout,
unfortunately.
I would have loved for it to be
cool,
but I know they've rejected Federation and
they're just kind of building their own
thing.
do i want to see something more able
to be self-hosted but also um i just
don't like it as much as discord in
the first place so kind of loses on
on both fronts um hello asked why is
matrix.org terrible or do you just mean
the ui um no i was talking about
the matrix.org home server is just
very,
very slow to federate and causes a lot
of problems.
And it's a very,
it's a centralizing force.
Mastodon sort of has this issue with
Mastodon.social too.
Most people just join that by default,
but Mastodon puts in more of an effort
to guide people to other servers,
whereas Matrix doesn't really,
which is very annoying because their main
server is,
can very often be slow to sync with
other servers.
So it makes, you know,
there's a bad experience
when you're interacting with anyone else
on matrix, who's not on matrix.org, um,
it, you just receive message slower.
You can miss messages and other people
can,
can receive message messages slower from
you.
Uh,
the size of their server causes problems
in rooms because it's the majority of the
room.
And so if it decides to break something,
things can randomly break.
And it's so centralized that when
matrix.org goes down, which it,
done in the past and will in the
future it basically turns most of matrix
into a ghost town because there's only
like ten people in each room who are
on a separate server in a lot of
cases or or even less in smaller rooms
so yeah it's definitely a putting all your
eggs in one basket case and it's not
even a very performant basket
unfortunately so
Whenever anyone complains about Matrix,
the first thing I tell them is to
switch from Matrix.org to literally
anything else.
And they always come back and say, wow,
this is much better to use Matrix after
I switched.
Wow.
Yeah.
I mean, I don't know.
I'm not on Matrix.org and my experience
has been fine.
I mean,
I think it's definitely helped with the
Element X sliding sync stuff.
Like it is a little bit nicer that
it doesn't like kind of lock up the
entire experience when it's sinking.
Um,
I think that's kind of like the worst
part of it, um,
with like the original element clients.
Um, but.
Yeah.
I think it's also the issue that I
see with matrix is I've looked into this.
I've been like, Oh, I wonder how,
how hard it would be to run like
a matrix.org home server.
Like surely that's not like, um,
matrix home server.
Like surely that's not that hard.
And then I look into it and it's
like, Oh, you know,
you need quite a bit of Ram.
You need quite a lot of disk space.
You know, it,
it makes it a lot more inaccessible.
I think when you start requiring all
these, uh,
extra things and, like,
quite high hardware requirements.
It's going to end up costing a lot
of money if you're doing that on a
VPS.
Or, you know,
it's going to require a lot of decent
hardware to at least have, like...
I feel like you need to have decent
hardware for the performance to just be
okay.
And SSDs and all that.
So, I don't know.
Yeah.
This is the problem I have with Matrix.
That I alluded to earlier with everything
needing to sync with each other.
It's just, like...
Not only is it challenging for a project
like Mozilla or a project like Privacy
Guides to self-host everything so we can
control our rooms and our own accounts and
stuff, but also just to use Matrix.
You can't spin up your own instance super
easily.
And when you do,
you have to get all of that data.
matrix like it makes sense for very
specific use cases where you would want to
actually have all of that data it's
certainly good for decentralization but
it's not it's not what most open source
projects or what most projects in general
need and it doesn't really make a lot
of sense for the huge groups uh who
are trying to use it um so like
At Privacy Guides, for example,
we host our own forum, as you mentioned,
at discuss.privacyguides.net,
and that runs on Discourse,
which is a great forum software,
and that's something that we can just host
ourselves.
You don't have to host anything to use
it.
No,
you can't access other Discourse forums to
it or anything.
It's just a normal website,
but it's an experience that we can
control, and it's easy for people to use,
and if you get, like,
the discourse mobile app,
you can add multiple discourse forms to it
to get notifications and stuff from from
all of them that you're a part of.
I know the discourse is
commonly confused with Discord,
but it's separate.
And Discourse is very commonly used in the
open source space as well.
So many Linux distros, Fedora, Ubuntu,
so many open source projects all use
Discourse.
So you'll probably,
you'd recognize it if you saw it because
a lot of these sites look the same.
But it's nice to have a system like
that.
And that's why I think if there is
a federated version that's more like
The open source project can kind of
control it, but it's all separate.
I think that that would see a lot
of adoption because a lot of open source
projects are already doing that when it is
an option here.
But there's just not really a product
that's good for instant messaging right
now.
Yeah, definitely.
I guess we can kind of move on
to the next story here,
and that is about Poland urging officials
to ditch Signal for state-run messaging
apps.
This is a story from Cyber Insider.
Basically,
Poland's government is urging public
sector organizations to reduce their
reliance on Signal for official
communications and instead adopt
domestically controlled encrypted
messaging systems for
following a surge in phishing attacks
targeting politicians, government,
personnel, and military staff.
And basically, instead of, you know,
whatever Signal or any of these other
encrypted apps that we suggest,
they are pushing people to use
I'm not going to even try pronouncing
that,
but this app that they're suggesting,
I don't know how to say that.
I guess it's in Polish,
which definitely makes sense.
But yeah, there's two apps there, MSZYFR,
I don't know how that's meant to be
said, and SKR-Z.
Okay.
I did see someone also mention that this
first one here is actually a Matrix
client.
So that definitely tracks considering
Matrix's involvement with governments and
militaries and police forces.
I think that definitely makes sense.
So if we just dive into this here,
yep.
So according to the advisory,
both systems operate entirely under Polish
jurisdiction with their infrastructure
hosted in Poland and administered in
accordance with national cybersecurity
standards.
The move mirrors a broader European trend
towards digital sovereignty in government
communications.
Earlier this month,
Germany's Bundestag similarly encouraged
lawmakers to transition to
away from signal and use wire messaging
platform after phishing attacks targeted
politicians.
So I think this is a little bit,
I can understand why these countries are
saying that they would rather use
something that exists in their own
country, like for, you know,
sovereignty reasons and, you know,
not trusting software from other
countries,
but
But I think the issue that comes with
this whole practice is you start
recommending people use less secure
options.
You actually reduce security when you do
this because you're telling people not to
use the most secure apps.
If they're saying not to use Signal or
they're saying not to use SimpleX or
they're saying not to use any of these
other recommended messages that we
suggest,
you're pushing people to these
apps,
which I would argue probably don't offer
the same guarantees of privacy.
Although they're in a foreign
jurisdiction,
but I don't think that really matters when
it comes down to the encryption guarantees
because Signal,
they can't access the message content.
So I think it's
it's a little bit silly.
In my opinion,
I don't think there's any evidence that
these apps are compromised.
And I think the phishing attacks are also
something that needs better education.
Like we just need to
basically make sure that these public
sector organizations are telling people,
you know,
like Signal is never going to text you
and ask you to scan a QR code.
Like these, these,
these organizations need to,
to give better advice and better
cybersecurity hygiene.
Like they should be telling people,
you know,
don't do this sort of stuff because,
I don't think switching to these national
messengers is going to increase security.
I feel like it's going to decrease
security.
But that's kind of my initial thoughts.
Do you have anything you wanted to add
on that?
I feel like I would imagine all of
these systems,
even though they're built on
Matrix in this case,
Germany switching to wire, of course.
I'll talk about that in a sec too.
I would imagine even though it's Matrix,
they probably don't federate at all or
they...
I've seen some governments set up like a
Matrix server per agency and stuff like
that,
but then they only federate with each
other and not the wider area.
So that's probably a way that they want
to have phishing protection since there's
no way to kind of
block phishing attacks on signal um but at
the same time yeah that education is still
important and you're still going to have
phishing attacks occur through other means
even if your matrix system is totally
walled off so like just ignoring that as
a problem and not
You know, it can go both ways.
I don't think it's ever a great solution
when the answer is like,
you just got to educate your users because
if there's one thing that has proven to
not be very effective is just telling
people to do something.
But at the same time, you know,
tech literacy is important.
And again,
all of these social engineering attacks,
they can take so many
so many routes to get to people.
I don't know how much of a benefit
switching just this one service over is
going to have
As far as wire,
I didn't actually know that the holding
company for wire moved to Germany because
I remember in twenty nineteen,
it was a whole thing where they moved
to the US and then it was like,
well,
is this under US jurisdiction anyways?
I just looked this up now because I
wanted to look up like,
is that still the case?
Why would Germany be there still sticking
with a US company?
But I guess they're not American anymore.
so it makes a bit more sense um
unfortunately wire has kind of gone
downhill for consumers here so it's not
like something we focus on just because
they are really focused on the business
side of things now so whatever but yeah
it's it's interesting that they're all
switching i don't
I'm of two minds about it,
because I feel like it's important.
It's not only is it important to like
own all of your data and self host
your own stuff.
And that goes not only for people
personally,
but also for organizations and
governments.
And also,
I think not being reliant on the US
is important for the for the rest of
the world.
But
I don't know how much better these
solutions are going to be for them,
especially in light of...
known to be secure solutions like Signal.
It's one thing to switch from Microsoft
Windows and from Google Drive to European
solutions or Linux distros or something
like LibreOffice or OnlyOffice or
NextCloud or whatever.
That sort of stuff makes sense.
But when you abandon tools that are...
provably secure like signal or like the
tour network or etc that that's where it
makes a bit less sense to me to
just like blindly shy away from american
companies so it can go either way i
don't think this is like a a terrible
idea for for poland to be doing but
matrix security
not up to Signal's quality by any means.
There's a reason that Signal is kind of
the standard in that space.
So yeah,
maybe it's going a bit too far,
or maybe it's good for the EU to
be more self-reliant.
I don't know.
You all can let me know what you
think about it, but yeah,
I kind of mixed up the whole thing.
I do think, you know, I don't know.
I feel like I sort of take like
a somewhat pragmatic approach.
Like if something is in the US,
but it offers a much more secure
experience and a much more usable
experience, I'm okay with using that,
right?
Like I think if, you know, if ProtonMail,
for instance, was in the US,
I think it would still be
like, verifiably, like,
it would still have good security, right?
Like, I don't think that would.
That'd be a little email specifically
could be a little tricky.
I was just gonna bring this up.
I think people are a bit like,
overly paranoid about data entering and
leaving the US.
In reality,
especially for an app like Signal.
or like the Tor network, for example,
there aren't really a lot of laws on
the books that could compel them to like
turn over a lot of information right now.
And that can always change, but like,
We've talked about European countries with
very invasive policies in the past and
when we've seen a lot of pushes to
get rid of end-to-end encryption in
messaging apps and in other apps,
a lot of those pushes are more from
Europe than in the US because I think
Europe is a bit overly focused on
businesses exploiting your data,
which is a good thing to be concerned
about.
But I really don't think in the EU
and in other European countries,
enough focus is being turned on to
stopping the government from abusing your
data.
We see a lot of
privacy laws in the EU that are very
good and very robust,
and they reign in tech companies,
both in the EU,
but also American tech companies,
which is always a good thing.
But those privacy laws very often do not
apply to the government getting your data
or the government collecting it,
or they have specific carve outs for
government agencies.
And so
When you're talking about regular people,
I mean, obviously,
this is an app for the government,
so it doesn't really matter in this case.
But when you're talking about people
switching to European services,
it is concerning.
Going back to Proton, though,
while I think the way that they secure
messages is good,
and I don't think that there's really...
necessarily a mechanism in the US that
they could be compelled to decrypt
someone's messages, for example,
or build a backdoor into their web
encryption.
Wiretapping,
the whole wiretapping situation in the US
is not great,
and I can certainly imagine an issue where
they are forced to collect unencrypted
emails coming in,
and since that's most emails,
that would be a concern for me.
So
There's probably some more protections
against that in Proton's current
jurisdiction,
but it's not a cut-and-dry thing is the
main thing I would say.
I think I just see a lot of
Europeans very overly...
putting their faith into things like the
GDPR,
which does have very good protections,
but it's not completely comprehensive
against anybody who might want your data.
In my opinion,
that bill is primarily made to rein in
American companies more than anything
else,
which has been a European goal for a
while, which again,
probably makes sense for them,
but it's not going to save you from
all potential privacy threats.
yeah as someone who's not in either europe
or america uh i guess i'm definitely less
have no skin in the game, I guess.
So I think, yeah, I don't know.
I,
I don't really care that much about like
the jurisdiction, I would say.
I would prefer if it wasn't in Australia
though,
because we have like really awful
surveillance laws.
So anything that isn't in Australia is
like a better, in my opinion,
just because, yeah, we don't really,
it's kind of a problem with our country.
I don't know.
Our politicians are,
not great at,
they just rush through surveillance stuff.
And there's a comment here from Cannabida.
They're switching to a communicator built
in-house.
Also, it's not available to the public,
only government officials.
I guess that is interesting.
I kind of assumed that they were doing
that,
but I think it is one of the
ones that they mentioned is based on
Matrix, I think.
But, yeah,
it is still like an in-house communicator.
system i think um which i guess can
prevent a little bit of the phishing
aspect but like i still think you know
phishing is kind of a large attack surface
especially if you're a public sector even
a public figure like i feel like the
risk of phishing is a lot more likely
if you're a public figure um and phishing
attacks can can include lots of different
things like you know installing malware on
your device like it doesn't matter where
the app is is is installed from or
where the app is um
is developed.
I think that's not really protecting
against the phishing attacks.
Um, you know,
installing malware on devices,
getting people to click on links.
Uh,
I don't really see how that is relevant
to the location of the app being in
your current jurisdiction.
Whereas not, um,
I'm not sure that's the greatest reason to
want to do that.
I can certainly see from like a
sovereignty aspect.
Like I think I would probably,
I don't know.
I think when it comes to public citizens
data,
I don't think it should be shared with
some American tech corporation.
That's obviously not where that data
should be going.
But if it's communications with public
sector stuff,
I guess there could be national security
concerns with sending that data.
But again, if it's encrypted,
I don't see how that's really that
relevant.
Speaking of national security,
I just wanted to fact check this message
quick.
This is why they're recommending two.
The first one is indeed built on Matrix,
and the second one is totally isolated,
and that's for...
handling restricted information and that
is the the home the homemade one i
don't know if they're saying because this
the the second messenger that we mentioned
is an isolated classified communications
network i don't know if that implies the
first one is going to be more open
to federation or not but um yeah it
does seem a little confusing that they
need to have two different messengers
instead of having one good one but i
guess maybe it's
nice for governments to segment classified
information into its own thing easier to
keep track of so probably makes sense I
don't know I'm not a government data
manager so however they decide to handle
all their classified information is
probably good but it does seem a little
inefficient yeah and I'm not really sure
if you know I know Poland I feel
like Poland is like one of the smaller
countries in Europe but I might be wrong
on that I feel like trusting data to
like you know
a tiny group of developers from Poland who
may or may not have the world-class
expertise of
cryptography that signal has is probably
not the greatest idea but you know maybe
they are maybe they do maybe there are
just so many cryptographers in Poland that
I I'm not sure but um I don't
know how Poland compares uh like in terms
of population I know it's it's it's quite
a big country like on a on a
map geographically but I don't know how
many I don't know if it's
If I'm looking at a map quick,
it is top ten.
I will say,
just in the defense of some smaller
countries,
there are a lot of surprisingly good open
source projects and internet-related
projects if you get into the networking
DNS space coming out of the Czech
Republic.
There are some experts in these countries,
but also...
It does seem strange to me.
I mean, I guess it makes sense.
But does every single EU government need
to have their own homemade system?
I don't know if that's the case.
Maybe they could pool some resources.
And I guess they sort of are with
Matrix.
But yeah,
it's still a whole situation of standing
up throughout stuff that probably...
not the most necessary.
Someone in the chat said the EU could
really do with the First Amendment.
I think a lot of like,
I think it, I mean,
I don't really hand things too much to
the US,
but I feel like that is pretty much
the gold standard when it comes to like,
freedom of speech, I guess.
I feel like not many other countries have
such a robust protections.
Because
Yeah, I mean, a lot of countries really,
really don't.
I think it's taken for granted in the
in the US.
And I think a lot of people just
assume because it's I mean,
it is a human right.
You should just have it.
And I think a lot of people in
Western countries like assume they just
have this right.
And they assume it up until the point
where they find out they don't.
And I know there's a lot of complaints
coming out of like the UK, for example,
about
them like really cracking down and
policing social media stuff uh super super
strictly um and that's the sort of scary
thing that's happening in society lately
um you know the us is not obviously
not perfect by any means and certainly
hasn't been great lately but it's good to
have these legal protections on the books
even if they
can get abused um by the government we
were just talking about fourth amendment
rights issues earlier so it's not a
perfect system by any means but it at
least gives you potentially some some
recourse and it does usually eventually
end up happening where um
like your rights eventually get defended
in court and precedence is set and like
this stops being an issue whereas like
there's there's no reason for that to
happen in countries without like a
codified bill of rights in their
constitution because all of these
violations unlike in the u.s they they're
just legal um
At least if they're illegal in the US
and the US abuses it,
there's potentially something that will be
done.
I don't really see a way out for
people in the UK, for example,
unless they get the law changed and get
that right established.
So it's just an extra uphill battle that
needs to happen in countries that don't
have this codified into law.
Yeah,
I can't believe the founding fathers
didn't think of data brokers like
collecting all your information.
I know.
That's, like, unfortunate.
They really did not predict any of the
problems today.
I don't know what they were doing.
They should have got that crystal ball
out.
Yeah, I mean, I don't know.
I definitely agree, like,
there's people that maybe would deny that,
but, like, it is pretty much, like,
it is definitely a pinnacle of...
yeah,
there's definitely like stuff that goes on
in Australia and in Europe where,
you know, people think that they've,
they can say anything and not face
repercussions or not say anything,
you know, within reason, obviously,
but it's definitely,
it's definitely a benefit of that
jurisdiction.
But yeah, I think we've kind of,
do you have anything more to add to
this story or should we move into some
forum updates?
I don't think so.
I think we could move on.
All right.
So I guess moving into forum updates here
in a minute,
we'll start taking viewer questions.
So if you've been holding on to any
questions about any of the stories we've
talked about so far,
go ahead and start leaving them on our
forum thread or in the comments section on
the live stream.
For now,
let's check in on our community forum.
And as always,
there's a lot of activity going on there.
But this week, the forum,
we wanted to talk about this thread that
was kind of popular this week.
And it's about Bitwarden scrubbing always
free and inclusion values from its website
as its longtime executives stepped down.
Yeah,
I just posted this article from Fast
Company to the forum almost a week ago
because someone sent it to me on Mastodon.
It's proven to be a little controversial
on the forum.
They've rolled back some of these changes,
so it is a bit more clear on
their website that the free version,
they have the always free text back.
But I mainly shared it because I think
it's another example of
David Price- bit warden doing some sketchy
things post receiving a huge amount of vc
funding.
David Price- There was there was another
issue related to the source code and their
open source licensing that they eventually
rolled back and they were like oh oh
it's a mistake and they.
David Price- pretty much said the same
thing about this issue,
they said it was a it's an oversight
and they and they made it better,
but I don't think we need to be.
policing companies this much and pointing
out these mistakes,
I think it just shows that the culture
at Bitwarden has changed a bit because I
can't imagine this happening in its
previous state where it was just a fully
open source kind of community project and
not trying to turn into this huge
corporate juggernaut in the password
manager space.
So I think it's just an unfortunate
direction for Bitwarden.
And that was mainly the main thing that
I wanted to point out.
It's just another step in that bad
direction that we predicted quite a while
ago.
When we talked about this first happening
and them taking VC money,
we predicted that
this sort of thing would happen and that
changes would be made to bitwarden
eventually and there would be more of a
business focus um i think we we just
talked about wire messenger i think that's
a good example i don't know if that
was caused by vc or private equity but
that sort of shift from like the personal
consumer side of things to a b to
b product never really helps consumers and
Yeah,
I think that regular consumers of
Bitwarden are going to be kind of left
in the dust.
The nice thing about Bitwarden being open
source, of course,
is that if that ever happens and if
it becomes really serious with Bitwarden,
I'm very confident that some community of
open source developers will fork it and
kind of pick up the torch wherever
Bitwarden decides to leave off because so
many people use Bitwarden,
especially in the open source and tech
space.
And there already are open source
implementations of some
some functionality of Bitwarden.
So like there's Vault Warden, for example,
which lets you self-host the entire server
backend,
which is actually probably a large chunk
of the work that would be required to
create a fully open source fork.
All you would need to do is fork
the Bitwarden client, basically,
and maintain it going forward in the
future.
But everything
Everything should be fine as far as
Bitwarden and its longevity.
You might just have to stop using
Bitwarden itself at some point and switch
to maybe a client Vault Gordon makes or
some other open source project,
which will be annoying for people,
but that might just be how it is
because that's the direction that I really
see Bitwarden going in, unfortunately.
Jordan, you're muted.
I feel like password managers are kind of
extremely irritating if they go down or if
like there's an issue where you have to
switch because I think they contain like
so much information and especially,
I don't know,
this may not be the case for everyone,
but, you know, I've got family members,
I've got like friends who are using this
and, you know, if they were to say,
you know, remove the free plan,
I think a lot of people would be
like,
I don't know.
I don't really want to pay for this.
And because that's just the society we
live in at this point,
like people don't want to pay however much
per month for software that they use,
which is kind of being normalized by,
you know,
everything being driven by advertising.
And when there's a company like Bitwarden
who has this really good product,
I think it's going to
be more likely that it's going to move
in a direction where they want to make
more money with it.
And if they have a bunch of freeloaders,
I guess in quotes,
they're not saying that not paying is not
good, but some people can't afford it.
But I think there is definitely probably a
lot of people using Bitwarden for free and
not paying,
and they could convert those users into
paying users.
I kind of remember...
I don't know if I'm remembering correctly,
but I think this was a similar issue
with One Password.
I think they originally were doing a
one-time purchase model,
and you could use a local vault.
And they kind of switched their entire
business model to be a subscription
company.
away from, you know, buy it once.
I think people are much more likely to
be fine with buying it once and then
having it forever than paying for another
subscription because everything is a
subscription.
How, like,
people are kind of sick of it.
Well, just look at Plex.
Did we talk about that last week or
did I just talk about it online?
Because Plex is raising their lifetime
price to seven hundred fifty dollars,
which is insane because they obviously
want people to sign up for their I
think it's sixty or seventy dollar a year.
So like yearly subscription, right?
They just really want to.
build that recurring revenue.
And I think that all of these problems
that people have with Plex developed
because of VC funding in that case as
well.
And it's the same case for OnePassword.
They really focused on the business side
of things.
And of course,
open source alternatives do arise.
A lot of people switch to Jellyfin.
A lot of people...
don't because jellyfin isn't as good yet,
unfortunately.
But yeah, to play devil's advocate a bit.
There are some companies that
kind of use the business to business model
to kind of subsidize a different consumer
plan which is good i says i'm pretty
sure that's what bitwarden is doing
currently i think i've read somewhere that
they just don't make money on the consumer
side of things but they keep it around
but they get all their funding from
businesses which which makes sense um one
password is in the same boat you could
definitely say that about something like
matrix an element because they certainly
are getting most of their money from big
businesses that are signing up for chat or
all of these government agencies that are
now adopting it i can't imagine they make
like barely any money from matrix.org
itself we just we just benefit from it
we talked about
Cape, the cell phone carrier last week,
they recently launched a consumer plan
that there's no way they're making money
on,
but they probably make enough from
business contracts and government
contracts.
The list goes on.
The problem we see with that is a
lot of the times that only holds true
under the current leadership.
And
it's inevitable that leadership of a
company will change.
And it almost never changes to people who
maintain that.
Maybe Bitwarden is dedicated to keeping
this up,
but that dedication is only going to last
as long as the people in charge want
it to.
And when they get replaced,
which also could happen more easily
because of their VC funding,
those VC funds might kick them out if
they don't like them enough.
Who knows how much shareholder voting
power they have.
It's probably a significant amount.
Things can take a turn at any time
once you switch to this model instead of
going all in on the consumer side.
So yeah, I remain concerned.
It's possible, though,
that with all of those companies I
mentioned,
it might not be a concern for us
for a good long while.
But you just never know.
That's the big problem.
yeah i think also i don't know i've
kind of almost become very hesitant of
companies that take vc funding now because
of this cycle it just keeps happening over
and over again like i just should i
move my data to this company that's may
not exist or be sold on to someone
someone else or may
completely change its values based on,
you know,
investors in the company wanting changes.
I think, yeah, it is definitely a concern,
but I think at least in the password
manager space,
we have so many good options.
Like if you don't like Bitwarden proton
pass, if you don't like proton pass,
there's key pass.
If you don't like,
I know we recommend CYONO as well.
That's like a German one, I think.
So, you know, there's lots of,
there's lots of,
options, I think.
And I think, you know,
if you don't like this direction,
if you're starting to feel like this is
going in a direction that you don't want
to be part of,
I think it might be,
this might be a sign
a sign of the times that the,
that this might need to basically,
you might need to start switching things
up or at least be ready to switch
if something worse does happen.
But I mean,
I feel like the main business model of
password managers is to protect your
information.
So I feel like if they're not protecting
your information well enough,
or if they're making security
compromises,
then that's kind of compromising the
product.
And I think that's at least the security
aspect is safe.
I think that you could say the same
about one password.
I think it's,
it is got a lot of VC funding,
but at least the security aspect seems
like something that they would never
compromise on.
So I don't know.
It's just an unfortunate situation that a
lot of these
Some of these projects at least are VC
funded and there are risks with that.
But at least right now there is no
active concern, I think,
with this direction.
I think it's definitely a caution.
I'm proceeding with caution.
But I think if we see more changes
happening,
that affect the product we might have to
um you know re-look into the into the
product but right now it seems like
they're they're
Their direction is to continue being a
secure password manager.
That's their main focus, at least.
Yeah,
just got to keep an eye on it.
There's another password manager that I've
seen around called Passbolt, too.
I need to look into them again because
I know...
I don't remember the reason we didn't want
to list them at the time,
but they seem to be doing something
unique.
Anyways, I say that just to say,
if anyone has used Passport and wants to
let me know more about it,
can share in the chat or definitely post
it on on the forum because i would
love to take another look at it that
is more team focused but it seems like
you could easily just use it as a
personal or like a family password manager
so and it's in its open source and
stuff again i haven't i haven't looked
into it but they've been around a while
and i definitely want to so
Yeah, I like companies.
I'm mainly interested in them because they
make it very easy to self-host and they
make it their prominent thing.
I think they have a cloud service,
but it's always a good sign, I think,
when they make the option pretty easy.
Self-hosting Bitwarden,
somewhat challenging.
Exactly why Vaultwarden exists,
because the official stuff is hard.
So, yeah.
Fair enough.
I guess here we've kind of,
this discussion has kind of covered
everything we need here.
I guess we could kind of move into
taking some questions.
I'm not seeing any in the chat or...
Yeah, if you have any questions,
this is a good time to share.
I'm sure I'm in the chat.
I did see a comment if I scroll
up here somewhere.
It wasn't...
It wasn't a question.
Oh, yeah, there it is from Hello.
I just wanted to thank you for the
feedback on the form,
especially because I was literally last
week thinking about changing it to maybe
that category view because the latest
section can get a bit overwhelming,
but also I do like it as well.
So this is good feedback to know because
I've definitely seen that on other forms
and feel kind of mixed about it.
I always do that view when I'm on
the forum,
so that is definitely a good change.
The categories here or the latest?
I always go to latest first, so yeah.
That should be the default, but yeah.
We'll probably keep it as the default.
Yeah, I agree.
I definitely think it's the better view.
We did get a comment here again on
our forum post from XMR chat, please.
This is a request to add XMR chat
to the live stream.
Yeah, I mean,
we can look into it and we can
try.
But I mean, as Jonah said,
there's like a whole website redesign
going on.
It's like all these projects going on at
the same time.
We do accept Monero though.
I was going to say,
and it's probably one of the things that
makes XMR chat a bit tricky because we
accept Monero through BTC pay server right
now, which kind of like...
I believe it generates a new Monero
address per person, basically,
so you can get your receipt and stuff.
We don't just have a single Monero address
to send Monero to.
Maybe we can get one, though.
I don't know.
I haven't asked if we can do that,
so I would have to just look into
that more and see how it works.
yeah definitely uh definitely more of a
magic grants question i think um
Another thing,
if we don't have any questions yet,
I wanted to point out another form post
that's currently in the latest view right
now because it was updated recently.
There was a post in the Project Showcase
that got a bit of traction because they
are working on an open source home camera
security system.
They just posted an update to the form
with a lot of changes that they've worked
on over the past...
few months, which look pretty cool.
So I got to look into this project
again a bit more.
It's called Secluso.
But they're very active on the forum if
you ask questions.
So I just wanted to point that out
because if anyone is looking into home
security cameras or wants to check out an
open source solution,
I think that they would at least be
good to chat with on the forum because
they're there and can answer your
questions as opposed to
opposed to some other things but i gotta
check it out myself to see how good
it is yeah it definitely looks interesting
i think also we've kind of had discussions
internally about like would we would we
ever cover like you know home automation
security stuff um so maybe
i know this there hasn't really been like
that many good options to like yeah that's
what i was gonna say the home automation
stuff is kind of tricky because like i've
been messing with all that stuff
personally around my house over the past
year and some stuff is working but a
lot of stuff is not working super well
unfortunately um and it's something that i
mean we definitely want to base all of
the stuff that we're writing on
community feedback and what people
generally agree is the best solution and
there's not a lot of like consensus on
the forum about what's actually good um
or like experiences being shared.
So again, I keep talking about the forum,
but I think if you have any insight
into the home automation space,
it would be very helpful for you to
share it there.
And so we can get a bit more
ideas of things to look into.
Yeah,
I also think like I feel like the
smart home ecosystem is like incredibly
hard to navigate,
like there's so many standards,
there's so many
downsides, upsides, all these, every,
all these protocols it's, and then,
you know,
there's also the thing of where are these
products even available?
Like,
are these products available globally?
Like if we were to recommend something
that let's say is very popular in Europe,
but then it's not popular in the U
S and it's like, well,
that's not really very useful.
Is it?
Um, so I dunno, it is,
I'm kind of curious to hear what other
people think.
Um,
But yeah,
I've been messing around with it a bit,
but not really with, at least here,
a lot of the stuff is basically all
matter.
And that has another set of problems
compared to other standards.
Yeah, I'm not a huge fan of matter.
I know some people in our chats are,
but
I don't know.
I'll have to write up all my grievances
sometime.
I got to get my thoughts together on
all this smart home stuff.
Yeah.
Oh, we got a comment here from Cannabida.
Would be cool to see some privacy guidance
when it comes to cars.
They collect huge amounts of data.
Yeah.
just don't drive one no um it's it's
it's hard um and it's especially hard
nowadays because not only do you have to
be worried about your car but you're just
being tracked by all these cameras that
people are putting in um tracking you by
your license plate so yeah surveillance
while traveling is uh
very very tough right now uh as far
as i understand it as uh when it
comes to cars really the only usable
solution is to buy like a car from
or earlier it can't be a fancy car
in i mean they have they'd already been
doing some crazy stuff then but like if
you get a a normal car probably isn't
like fully computerized yet so uh
But yeah,
that's not a great solution for everybody,
certainly.
Especially if you don't want to deal with
a lot of car things,
because an older car is probably going to
have more problems than a brand new one.
But I don't really know of any...
great solutions to this problem.
This is another thing that we don't get
a lot of information from.
So I either assume nobody in the community
that we have really knows a lot about
it,
or it's just not a topic that a
lot of people here are super interested
in.
So that makes it challenging to know what
to look into as well.
I mean,
this is kind of something that came up
in the news.
I'm personally not someone that drives or
has ever driven,
but I did see that there's this brand
called Rivian that said they're allowing
you to disable all data connectivity in
their cars.
Okay.
I did see that.
Hello literally just asked about that.
And I had not seen that news.
So that's good to bring it up.
Do you know any more about it other
than that?
In fact,
there was actually a thread on the forum
about this already because someone was
wondering, you know,
like how does this work?
Like is this like an airplane thing,
like airplane mode feature?
Like how does this work?
And, yeah, it's in their support page.
Like if you go to Rivian and you
go to their support website,
it does say that,
you can choose to do that and it
prevents all data leaving the vehicle,
but it disables some functionality.
I think this is quite interesting.
Like I feel like no other car
manufacturers had this as an option
before.
And I guess,
I think one thing with this though is
it needs a bit of third party testing.
I think,
I think I wouldn't trust this a hundred
percent.
Like, is this,
I would think you would have to do
a bit of testing to make sure this
is actually the case.
I'm very confused about this.
I'm looking at their support page.
They say it'll limit or disable certain
functionality in the vehicle,
and their list is navigation,
active lane centering,
over-the-air updates,
which provide new features,
better performance, safety enhancements,
and bug fixes.
Losing over-the-air updates obviously
makes sense because it's like you disable
connections.
I feel like
it this we should still this technology
should still exist because ten,
fifteen years ago you could get a car
with navigation and it would work without
the internet.
Like you can download an offline map.
So should and maybe that is the case
here.
I guess they do say it will limit
or disable it.
So I don't have a Rivian obviously can't
test this.
Maybe maybe it is just offline maps and
that's fine.
You know,
you lose out on some cool stuff like
Traffic or whatever,
but probably not the worst thing in the
world.
What I don't know is whether Rivian
supports...
Apple CarPlay or Android Auto,
I would be curious about that because this
would be a very cool feature if you
could use your phone for all of the
infotainment stuff and you could still get
things like whatever Maps app you want and
music streaming and all that other stuff
without having to do it through the car
sending and receiving data.
But I don't know if Ravine supports that.
Some car companies don't.
So I'm sorry to break it to you,
Jonah,
but they don't support Android Auto or
CarPlay.
That is crazy.
They should do that.
I think Tesla added it now.
They were a holdout for a very long
time,
and they finally got on board to some
degree.
So yeah, that is a shame.
That makes the whole prospect...
a bit worse, because I don't know,
it's good to have this sort of privacy,
but there often isn't like a need for
it to come at the expense of too
many features,
or there are like private ways to alter
to offer it alternatively,
that maybe aren't the full experience,
but they get like,
ninety percent of the way there.
And I think people will put up with
that.
Whereas here,
Like, is this going to,
can you not get Spotify in your car
anymore?
Is that how it works?
Do you have to do it, like, through,
do you have to do music through Bluetooth?
Yeah, I mean, you,
some of this functionality I think is
useful.
Some of it is not.
So it's good to have the choice,
but I wish it was a bit better.
I also think like the data connectivity
issue,
like disabling data sending is one issue
when it comes to cars.
I think someone, I can't remember which,
who said this,
but cars are becoming like walking
computers with hard drives, right?
Like there's a lot of data on the
car that it collects when you drive
around, like, you know,
every place you've ever been,
all the distances and,
all that extra metadata that possibly if
you sell the vehicle at any point or
if it gets impounded, for example,
that data is incriminating or could be
used in that way.
I think just because it's not sending the
data out doesn't mean that maybe we
shouldn't be collecting this data in the
first place.
Yeah,
I think it also could help with offering
this feature on more cars because I feel
like not everyone...
I've never heard of Rivian before.
I don't even know what that is.
Really?
I don't think they sell...
That is very surprising to me.
Yeah, they don't sell in Australia.
What are the most common cars you see
in Australia?
Yeah.
uh probably like toyotas and hyundais and
ford f like the big fords ford trucks
i don't know what they're called yeah
everyone loves a good pickup truck ranger
for some reason um i guess it makes
sense that it would mostly be
Japanese Korean Vehicles it's hard to it's
probably hard to get vehicles over to
Australia shipping wise
Yeah.
A bunch of like European car manufacturers
are kind of dropped out of Australia
because of that.
Um, cause it's not really like,
there's not that many people here to buy
cars as well.
Like you're not going to sell many cars.
There's only like,
twenty seven million people here.
That's like, that's like the,
that's like the size of a US state.
Like that's like nobody.
Uh, so it doesn't really make,
it doesn't make that much sense.
I think, uh, in a lot of cases,
but, um,
Yeah,
someone said it went viral on Hacker News
and Reddit.
Seems like definitely something technical
people want.
I agree.
Yeah, I mean, don't get me wrong.
It's a great feature.
More cars should have it.
But I think, okay,
I don't use an Android phone too often.
or Graphene OS.
So I'm curious,
does Graphene OS support Android Auto?
Because I know you can install all this
sandbox Google Play stuff.
I don't know if they have support for
it.
They do, yeah.
It does.
It basically works the same way as it
does on Google Android.
So, I mean...
I really don't like Android Auto.
I don't like a lot of things in
the Android world because you are reliant
on Play services.
But I think a lot of people would
prefer if their car functioned entirely
off of their phone through Android Auto
and CarPlay.
I think that would be better than doing
it through the car manufacturer system for
most people.
So I think it's a real shame that
the only car company that is kind of
doing something good in this space
apparently is also not letting you do that
because I feel like, I don't know,
they're missing out quite a bit.
Yeah, it definitely seems, though,
like I feel like electric car brands are
probably, you know,
they're a lot more like I feel like
if you remember back like ten years ago,
I feel like cars were like stuck in
this weird phase where they were like
still using like capacitive touchscreens
and like really crappy interfaces and
stuff.
And now we've gotten to a point where
these EV companies who are like they're
not just a car company.
They're like a software company as well.
Like they're building all this stuff.
this other stuff so there's really no
excuse i think to offer i mean in
tesla's case it seems to be the only
thing they know how to build well so
uh yeah this is why i did not
buy it um unfortunately i still have to
figure out how to make my current car
i got recently more privacy respecting but
i don't drive too often so it doesn't
come up a lot i keep i keep
putting it off um but yeah sometimes there
are ways to like
remove the SIM card or disable that sort
of LTE connectivity,
and that can help quite a bit.
I know Henry from Tech Lore a while
ago,
I don't know what car he drives now,
but he got some older,
I want to say Nissan Leaf or something,
but he talked,
there's probably a video on his channel
where he talked about removing the SIM
card and then it was fine.
And there are some cars you can't do
that with.
And
I still have to look up research whether
or how much is possible with my Polestar
two, but I'm worried.
There won't be a lot, unfortunately.
It might be a trade-off that I'm making
because I want an electric car,
and all of the other electric cars are
much worse.
Except maybe Rivian,
but I was never in a million years
going to buy a Rivian because they only
make a gigantic pickup truck and a
gigantic SUV.
So it was never...
That was never going to happen.
So unfortunately,
I can't benefit from this feature.
But yeah.
Yeah, I don't think the advice...
It's really irritating that the advice...
I feel like the advice now is buy
a ten-year-old car.
That is really bad advice.
Don't buy a ten-year-old car.
That's just going to have so many issues
and it's going to be a pain.
Well, you know what?
People...
do drive pretty old cars pretty commonly.
But yeah, they can have problems too.
I've got friends that have old cars and
yeah, it's just, I don't know.
I think it's, it's, it's always issues.
Like it's always issues.
Like, you know,
once you reach a certain amount of
mileage,
I can't say I've ever had to pay
too much to get my bicycle repaired.
Biking is like the private solution.
You got to start doing it.
Yeah,
I guess specifically if you buy an older
car, it's got to be like a Honda,
maybe a Toyota.
the in my experience the Japanese are
pretty good at making reliable cars um
don't buy a Ford don't buy an American
car wait what is that is that the
consensus that the American cars aren't
that reliable or well the main consensus
is uh that Hondas are particularly good
but
I don't know how common this phrase is.
Maybe this is only in my circles,
in my family,
but everyone says that Ford stands for fix
or repair daily.
So that's what I hear.
All the other American car companies are,
I don't even know how many cars they
make anymore that aren't pickup trucks.
So unless you want a pickup truck,
it might not even be an option.
Or you want like a Ford Mustang or
something and a sports car or something.
yeah that's probably not super practical
though as a daily card i'd imagine um
but yeah i feel like we've definitely been
let's uh someone said uh check consumer
reports yeah japanese cars are most
reliable interesting okay um yeah i wasn't
aware there was a trend oh no i
definitely don't doubt it i mean i drove
a honda civic for a very long time
basically until
recently last year and that had like over
two hundred thirty thousand miles on it
and now my sister drives it and she's
still she's still driving I think she had
to fix up like a handful of things
but overall since then since replacing as
far as I know only like one or
two things it's been reliable ever since
so
They kind of just last forever.
Unfortunately, with that Honda Civic,
the car itself and the engine and
everything are very reliable.
All of the stuff that surrounds the engine
tends to be pretty cheap and kind of
plasticky and falling apart.
So it's not like the highest quality car
to drive, unfortunately, even though...
Even though it will outlive everything.
Yeah.
But, you know, what can you do?
You just gotta research cars if you're
buying an old one.
They're hugely hit or miss, for sure.
Okay, yeah.
I mean,
at least you'll save a bit of money.
I feel like cars now, like,
the prices have definitely gone pretty
bad.
Well, even used cars.
The used car market is insane, but...
It's ridiculous, but it's, you know,
so is the new car market.
It's even more insane.
So there's, there's no winning.
You're winning a little bit by used.
Yeah.
Yeah.
I think my, my brother,
he bought a car like five years ago
and now he checked the price on,
on the car listings and it's worth even
more now than when he bought it.
Like, how does that even work?
When, when did he buy it?
probably like i guess ten years ago right
now okay yeah that that makes sense i
don't know if it's as i haven't looked
at used car pricing in a while i
know like during the pandemic it was
absolutely insane and i don't know if it's
come down a bit since then or if
in fact it's continued to go up i
have no idea um but yeah the used
car market it's crazy it's crazy
Yes, I guess, yeah,
we should probably close out the episode
here.
We're closing in on the two hour and
thirty mark.
Oh boy.
well yeah i haven't seen any more
questions from anyone anyways um so yeah i
think this seems like a good time to
end i'll remind everyone that all the
updates from this week in privacy we'll
share them on the blog we do every
week so you can sign up for the
newsletter or you can subscribe with your
favorite rss reader if you want to stay
tuned and read all the sources for the
stories we talked about in this episode
for people who prefer the audio version of
this we also offer a
podcast available on all podcast platforms
in RSS.
This video is also going to be synced
to our PeerTube and posted to our website
at privacyguides.org slash videos.
So you can check it out in a
self-hosted manner if you don't like
YouTube.
Again,
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our work,
you can make a donation on our website
at privacyguides.org slash donate.
To make a donation,
you can click the red heart icon that's
located in the top right corner of the
page.
You can contribute using standard currency
via debit or credit card,
or you can opt to donate anonymously using
Monero or pretty much any other
cryptocurrency.
Becoming a paid member on our site is
going to unlock exclusive perks like early
access to the videos that we put out,
priority during this Q&A if we get a
bunch of questions,
You will also get a cool badge on
your profile on the form.
You'll get access to some member-exclusive
bonus videos we do,
and you'll have the warm,
fuzzy feeling of supporting independent
media.
That's it for us.
Thank you all for watching,
and we will see you next week.
