GrapheneOS has a Hardware Partner!
A major Android OEM agreeing to create a
future Graphene OS compatible phone,
ProtonMail sharing data with the FBI,
the OpenAI Pentagon deal, and more.
These are the stories that we'll be
discussing in this episode of This Week in
Privacy,
our weekly live stream where we discuss
the latest updates within the Privacy
Guides community,
and this week's top stories in the data
privacy and cybersecurity space.
I'm Jonah,
and with me this week is Nate.
How's your week been going, Nate?
Been keeping really, really busy,
but could be worse, so I can't complain.
Oh, good.
Let's hop right into it.
We'll start off with the biggest news
story I think that we've seen in privacy
and security from the past week.
Of course,
it's Motorola confirming Graphene OS
support for a future phone.
and bringing over features to their
lineup.
This article we have is from Nine to
Five Google.
They published it on March first,
and they said,
following rumors swirling for quite some
time,
Motorola has announced a partnership with
Graphene OS that will see the
privacy-focused,
de-Googled version of Android
pre-installed on upcoming Motorola
devices.
A new long-term partnership between
Motorola and Grafino S was announced at
Mobile World Conference,
earlier this week on Monday,
with plans for both a future smartphone to
have Grafino S pre-installed and certain
features from Grafino S coming over to
other Motorola devices,
the company said in a media briefing in
Barcelona.
In a press release, Motorola said,
Motorola is introducing a new era of
smartphone security through a long-term
partnership with the GrapheneOS
Foundation,
the leading nonprofit in advanced mobile
security and creators of a hardened
operating system based on the Android open
source project.
Together,
Motorola and the GrapheneOS Foundation
will work to strengthen smartphone
security and collaborate on future devices
engineered with GrapheneOS compatibility.
In the coming months,
Motorola and the Graphene OS Foundation
will continue to collaborate on joint
research, software enhancements,
and new security capabilities with more
details and solutions to roll out as the
partnership evolves.
All of this comes after some leaks at
the end of February that we saw on
Reddit and also discussed on our own
Privacy Guides forum where some Motorola
or Lenovo media slides were
leaked ahead of this showing Graphene OS
being referenced in their roadmap for
future devices.
And so those rumors did prove to be
true this week.
It's not...
It's unclear how this partnership is going
to work,
especially with Motorola saying that
they're going to be bringing over features
from GrapheneOS into their devices.
We do know right now that all of
Motorola's current devices will not be
compatible with GrapheneOS.
That will be coming as a future device.
We've seen social media updates from the
GrapheneOS team confirming that none of
Motorola's
devices currently meet their security
standards.
And they're saying that a future Motorola
device that can run GrapheneOS will have
similar specs to the flagship end of
Motorola's devices,
like the Motorola Signature,
but the current Motorola Signature will
not be supported.
GrapheneOS
social media team members have also said
that we can expect a device to come
out in twenty twenty seven.
So this is not an immediate launch by
any means,
but it is now confirmed that they will
be working with Motorola,
putting to rest all of the rumors
of all the other OEMs they could possibly
be working with.
I know there's a lot of speculation for
the past few months since Graphene OS
originally announced they would be working
with an unnamed hardware device partner.
And now that's confirmed.
But yeah,
this will definitely be a big shift for
Graphene OS and how they've always done
things in the past.
So Nate,
you've taken a look at this story.
It's been big news throughout the week.
Was there any key takeaways that you
wanted to discuss here?
Um, no,
I think you kind of covered it.
I mean, at this point,
it's still so early on that there's,
I mean,
I don't want to say there's a lot
of speculation.
I mean, it is,
there is a lot of speculation.
Like, um,
you kind of covered everything we know for
sure.
Um, I, I'm interested.
I, you know, uh,
Jordan said here in the comments that
Mortarola was an interesting choice,
which I totally agree with, but also like,
I, I'm not sure.
I'm not much of a hardware guy,
especially when it comes to phones.
I know that pixels, of course,
have like the best security,
which is why we recommend pixels.
And also iPhones have good security,
but obviously that's never going to
happen.
That would be interesting.
But I think I'm notoriously critical of
Samsung security.
So I've seen some people saying like, oh,
I wish they'd work with Samsung.
I cynically do not see a world where
Samsung security will ever be good enough.
to run a graphene device, in my opinion.
They would have to really do a lot
of work there.
But yeah, it's really just...
I can't think of anybody off the top
of my head that I'm like, oh,
it's weird they didn't go with these
people.
I definitely was not expecting Motorola,
but again,
I don't know who I was expecting.
I think I will be really impatient to
see what comes next.
I'm really interested...
Because Motorola's official announcement
for this had a very heavy emphasis on
enterprise features.
And I know that's historically something
that's been missing from a lot of FOSS
projects.
With all the stuff about age verification
going on,
a lot of people have pointed out that
a lot of FOSS projects like Linux are
missing...
parental controls.
And so it kind of makes it harder
to, uh,
pull yourself out of those systems,
but still maybe monitor what your kids do.
And so where I'm going with this is
I will be interested to see if maybe
graphene is able to pull, uh,
some of those optionally, of course,
some of those like enterprise features to
create like some kind of parental control
thing in a secure way.
Um, or anything I will be,
I've seen some rumors that
there's not necessarily a guarantee that
these phones will come pre-shipped with
graphing,
but they will be graphing compatible.
I've also seen other rumors that graphing
will be an optional,
like when you buy it,
you can select graphing.
I hope that will be commercially available
and not just for enterprise users.
Um, so yeah, it's, uh, I dunno, every,
again,
I feel like a lot of things we
could say at this point would be
speculation, but I'm really hopeful.
I'm really excited to see where this goes.
I'm happy that graphene has access.
I'm assuming they now have access to
Android.
Um, in a,
in a more stable kind of way.
Cause I know that was a big thing
is Google's been locking down Android
slowly and making it less available and
less open source in practice,
if not officially.
Um,
and a lot of ROMs have struggled with
trying to get ahold of Android so that
they can modify it and get it ready
for releases.
And that's been slowing down cycles.
So I'm assuming now they have better
access to that kind of stuff.
And they'll, you know,
of course they'll have,
I'm assuming access to the hardware to be
able to like modify that and they don't
have to reverse engineer things.
I'll be interested to see if they continue
to support the pixel or not.
So just a lot of questions, but I'm,
I'm really hopeful to see where this goes.
Yeah, for sure.
I've definitely seen a lot of conflicting
reports on this.
I know the nine to five Google said
that Graphene OS would come pre-installed.
I'm not sure if Motorola said that because
they didn't mention it in their press
release,
but maybe they did at the in-person event.
I wasn't at Mobile World Conference,
so I wouldn't know.
I do think, yeah,
I'm definitely interested to see what this
phone looks like because Graphene OS has
for a very long time touted the idea
of
like the the the titan security chip in
pixels being like the gold standard for
for smartphone security and a lot of their
features do rely on that whereas um all
of these other existing devices don't
really have a comfortable security chip in
place that has all the same features so
if we look at like all of motorola's
devices right now which use qualcomm chips
You know,
Qualcomm has some sort of secure element,
which the name of is escaping me off
the top of my head,
but it's not as comprehensive as the Titan
M chips in the Pixels.
in terms of what they can do.
And so I'm really interested to see if
Motorola is going to be able to provide
an alternative in these future phones and
what that will look like.
I don't know what sort of secure element
requirements
would be needed in this case.
I don't know what commercially available
options there are for Motorola to choose
from.
That's kind of... Oh,
that would be above my pay grade,
but I'm sure Grafino S and their team
is figuring all that stuff out and
probably...
has been working with Motorola on this for
quite some time.
I mean, obviously,
this news was released today,
but GrapheneOS has been talking about this
for a while.
And they've obviously been planning this
behind the scenes for quite some time.
It's also,
it's an interesting relationship that they
seem to have with Motorola.
And I think it explains why they haven't
gone with other OEMs because I've seen
Graphene OS representatives on social
media say that Motorola essentially came
to them asking for the partnership and
committing these resources as opposed to
them reaching out and trying to find one
that's most suitable for them.
Which makes sense because you would really
need
a pretty high level of buy-in from
whatever OEM you partner with to take on
a lot of the responsibility.
GrapheneOS is of course a very small team
still and can't exactly make all of these
hardware decisions and software changes to
support a new device just like
on a whim, resources are limited.
So being able to work with Motorola and
kind of maybe direct their team in a
security-minded focus is really
interesting.
And it's a really cool opportunity for
them.
Yeah,
I think we'll just have to wait and
see what this looks like.
I know I've seen some people disappointed.
The OEM wasn't some of the other top
picks.
I know people were hoping for OnePlus or
nothing or perhaps Sony.
But I don't think Motorola is the worst
choice out there.
And I think it's a very positive sign
that Motorola...
seemingly initiated this partnership or at
the very least is very invested in making
this happen so um it's a good level
of commitment on on their end as far
as we can tell yeah i agree while
while you were talking i was thinking
about some of the more um
The more, I guess,
open source aligned phone makers out
there,
like nothing isn't really open source,
but I think they have the whole modular
thing going on.
I might be thinking of somebody else,
but like Fairphone, Purism,
what's the other one?
The Pine phone,
which I know those were probably never
even on the table for security reasons.
But yeah, I mean,
it's one thing worth noting is I did
see a video this week that dove into
this topic a little more and showed also
the,
the hacker news y combinator uh forum
where daniel was pretty active responding
to some people and he made a point
of saying like this is not an exclusive
partnership so he said at this time
there's no plans for graphene to work with
any other oems but it's not off the
table and i actually didn't know that
about motorola coming to them but um i
think i mean i'm sure you said this
and i'm sure this is a given but
like i think this is great for graphene
i think this is great for
open source.
I think this is great for, uh,
the general consumer to have this easily
accessible, um,
potentially ships with graphene device,
uh, especially if that is again,
a consumer accessible option at checkout.
So I think if this phone does really
well, um,
I think that will show other OEMs that
there is an interest in this and being
that again, graphene,
this is not an exclusive relationship,
then that would be, uh,
that would potentially be on the table
that they could go to graphing and be
like, oh,
we want to work with you to make
our phones graphing compatible as well,
which would just give us even more option
for other manufacturers.
So, I mean, I know I'm getting really,
really ahead of myself.
This is probably years down the road if
that ever happens, but, you know,
we can dream, right?
So...
Yeah, absolutely.
I know I see some chats here about
PinePhone.
It would have been nice certainly to see
a partnership with a more niche or
especially like repairable phone.
Fairphone, I think,
would have been a top choice for a
lot of people for sure,
especially in this community,
because a lot of these values, I think,
go hand in hand a lot of the
time between open source privacy security
repairability like a lot of people are
very passionate in this community in this
community about all of those things um but
yeah no matter no matter which way you
look at this um any sort of partnership
i think with uh with an oem and
especially one that's big name as motorola
is is huge for any custom rom but
especially graphene os it's definitely
The Android realm of choice that we would
want to see partnering with OEM versus a
lot of the other options out there.
So yeah, it's very cool news.
Yeah, I don't have much else to add.
Like I said,
everything at this point is kind of a
speculation.
We'll just have to wait and see where
things go.
Yeah.
I think in the meantime,
we can talk about a different phone if
we're ready to move on,
which is the iPhone.
And this is pretty exciting news,
but apparently the iPhone and the iPad are
now approved to handle classified NATO
information.
Um, I'm not gonna lie.
This is kind of a headline says it
all.
This is a, for audio listeners, uh,
this is a new press press release directly
from Apple.
So, um, it kind of,
there's a little bit of information in
there, nothing super technical,
but you know,
Apple kind of touts all of the security
features they built into their phones
recently.
Like, um,
Biometric authentication with face ID,
memory integrity enforcement.
They say best-in-class encryption.
I mean, I guess.
Government has struggled to crack lockdown
mode, and even in the past,
just the regular encryption.
So that's probably not terribly
misleading.
Um, yeah, they say that, uh,
they have gone through,
did they say there was an audit here?
I mean,
I'm assuming there was some kind of audit
certification process, but, um, yeah,
iPhones and iPads running iOS and iPad OS,
OS are certified for NATO use in all
nations.
Um,
I don't think I have too much to
add to that.
Again,
it's a pretty self-explanatory headline,
but I think it just really,
really attests to Apple's security,
which this is going to come up again
later in the show.
But I want to remind everyone watching
that privacy and security and anonymity
are all very different things.
They're very distinct things.
And they do complement each other.
They do work together.
And some of them,
like security is how we enforce our
privacy wishes, right?
You know, with things like...
just as a really low hanging fruit
example,
a password at its most basic form is
designed to control who has access to an
account.
So that is kind of a form of
privacy controlling who has that password
in theory, at least.
So yeah, Apple,
we would definitely like to see them do
more on the privacy front.
There is of course room for improvement,
but again, they are,
they do make incredibly secure devices.
And I think this is just kind of
a further testament to that.
One thing that's interesting is they say
that this is the first consumer,
first and only consumer devices in
compliance with the information assurance
requirements of NATO nations.
So yeah, like I said,
I don't have too much to add to
that.
Jonah,
did you have any thoughts on this story?
yeah so um it's very cool i think
like you said according to this press
release and as far as i know these
are the only consumer devices that can
handle any sort of nato classified
information um which is a big
accomplishment for for apple the auditing
process um for any of this is uh
fairly extensive and i think it's probably
no
surprised that one of the best phones we
already know for in terms of security can
pass this.
But it is just more evidence that a
lot of the safeguards in place on these
devices are functional and work as
expected and can be trusted.
audits like this aren't the end all be
all of security by any means.
And they mostly make sure there's no like
super obvious mistakes,
but they don't test for everything.
And so it's not like a complete assurance
that these phones are unhackable.
And indeed,
like if we look at the level of
classified
data that these phones are now able to
handle,
which is the NATO restricted level.
That's out of the four classification
levels that NATO has.
That's the lowest one.
You don't even necessarily need a
specialized security clearance in order to
access NATO restricted information.
So
you know,
the most top secret governments are the
most top secret documents that NATO has
are not going to be stored on iPhones
anytime soon.
But it is interesting that like a full
operating system and especially a consumer
one is now able to handle this data
because typically you would see like a
NATO restricted classification limited to
something like a
A lot of those USB drives that have
hardware encryption and a pin that you
enter,
some of those will be NATO-restricted in
terms of security, which is good,
but those are obviously much simpler
devices.
They just have to handle encryption,
and that's pretty much it.
Whereas an iPhone is a...
complicated device and obviously more
challenging to guarantee the security of
those documents on it.
And so yeah,
it is a big step for Apple to
have this done.
I don't know what the process is for
like a company like apple or a os
developer to get nato certified i don't
know if that is something that um like
the company itself would have to reach out
for and pay to get certified i would
imagine um it typically is and so thinking
about like this being the first consumer
device to be to be certified to handle
nato restricted information
That might not be that surprising because
I would imagine a lot of consumer devices
probably are not willing to undergo the
effort to get this certification and audit
in the first place.
Thinking about like Graphene OS we just
talked about,
I can't imagine they would have the
resources to do like a comprehensive audit
to be certified to handle NATO restricted
information,
even if the operating system is
theoretically secure enough to do that.
So there is that takeaway that I would
think about.
I don't think
And for that reason,
I wouldn't consider iPhones to be the most
secure devices in the world now or
anything like that.
But it is certainly a good sign for
them at the very least.
For sure.
I don't have anything to add to that,
but we did have a few questions in
the chat I thought might be fun to
talk about.
Yeah.
Dyson Fan said,
do you think this will be affected by
the war in the Middle East?
I don't think so.
I think overall,
I know there's a big push in Europe
right now for digital sovereignty.
I think one of the reasons that NATO
would view Apple as a maybe less risky
company compared to someone like Microsoft
is...
Putting aside the fact that Microsoft has
been hacked by China more times than I
can count.
I think Apple does have a history of
pushing back.
Not all the time.
Definitely not all the time.
I'm not defending Apple here.
There's times they should have pushed back
that they didn't.
But they do have a history,
especially in the U.S.,
of pushing back against government data
requests.
And I don't know.
I would just imagine that kind of...
makes the the geopolitical landscape a
little bit more uh nuanced i guess um
in terms of why they might be willing
to trust someone like apple but um and
then yeah jordan just real quick said i
wonder what they use for computers because
mac wasn't included i don't know that's a
good question i know uh germany
specifically i know there's a few states
in germany that are like switching over to
linux and and uh libra office and stuff
like that but i don't know about nato
as a whole that is a really good
question so
yeah i'm not sure i mean as far
as like the war in the middle east
i nato is i know the us is
a part of nato but the us typically
when it comes to like classified
information or military stuff they
kind of do their own thing and they
have their own requirements for all of
this.
A lot of the NATO specific stuff like
this certification, for example,
is going to apply more to European
countries than the U.S.
in its own interest.
So...
There is that to think about too.
I believe iOS and other Apple devices have
been certified for a variety of US
government security standards for quite
some time,
but I don't remember exactly what level
they would be certified at or if it's
comparable to this.
I'd have to do more research into that.
Cool.
Yeah.
I mean, that was a pretty quick story,
but
That was all I had on that one.
Yeah, before we go on... Oh, yeah.
Let's talk about this.
So this story was reported by TechCrunch
here.
Meta sued over AI smart glasses privacy
concerns after workers reviewed nudity,
sex, and other footage.
According to TechCrunch,
Meta is facing a new class action lawsuit
over its AI smart glasses and their lack
of privacy after an investigation by
Swedish newspapers found that workers at a
Kenya-based subcontractor are reviewing
footage from customers' glasses,
which included sensitive content like
nudity, people having sex,
and using the toilet.
Meta claimed it was blurring faces and
images,
but sources disputed that this blurring
consistently worked.
The news prompted the UK regulator,
the Information Commissioner's Office,
to investigate the matter.
Now the tech giant is facing a lawsuit
in the United States as well.
In the newly filed complaint,
plaintiffs Gina Barton of New Jersey and
Mateo Canu of California,
represented by the public interest-focused
orcs and law firm alleged that meta
violated privacy laws and engaged in false
advertising um
So, I mean, looking at this story,
my immediate reaction is like, well, yeah,
of course this would happen if you strap
cameras to your face that are constantly
streaming to a big tech company.
And this is really a problem that we've
seen over and over before.
The one that most immediately comes to
mind is
was pretty much a very similar situation
with Siri recordings.
And those weren't video at the very least,
unlike this,
but they were being sent to a bunch
of contractors for review when that was
not clearly stated in Apple's privacy
policy.
I believe there have been similar cases
with other voice recording systems like
Alexa.
And so
it's it's just a sign that these these
big tech companies they're not going to be
treating your data properly and they're
not going to be giving it the production
that it needs because they are more
interested in consuming all of this data
as much as possible and like having a
bunch of random people contractors whoever
review all of it to supposedly probably
improve their ai services and other things
that they
that they're working on just with complete
disregard to your own privacy or personal
data.
And so, yeah,
hopefully there's a big punishment for
meta here,
but I can't imagine a lot is going
to change.
Unfortunately,
I think that we need to be aware
of these dangers and we really need to
just eliminate devices like this from
everyday use.
it's a bit crazy to me um how
much things have changed in the past ten
years because i remember back when um
google glass originally came out um and
there was this glass holes term for people
who wore it and were constantly recording
in public spaces and now all of this
stuff is kind of being normalized
unfortunately and there isn't as much
pushback anymore and i think that we
need to revisit that because I don't think
we were we were wrong back in those
days.
I think that we we were on to
something and maybe we should remember how
much we dislike products like this again.
Yeah, totally agree that.
Honestly,
that was something that really confused me
too.
With the whole like you mentioned Google
Glasses.
I remember when when those came out,
and they were such a flop.
And so when Meta announced their AI
glasses, I was like, okay,
we've already been down this road.
And I know, I think even before Meta,
I think Snap had announced their glasses,
and then I never heard of them again,
which I think those exist.
But I don't know.
I never hear about them anymore.
So my point being, I was like, oh,
this isn't going to go anywhere.
And now I think this article said that
last year they shipped like seven million
of these things.
Hold on, where was it in this thing?
But...
Yeah, while I look for that,
it just blew my mind that it's like,
wait, yeah, in twenty twenty five,
over seven million people bought meta
smart glasses.
And it's like,
how did it like what's different this time
that it worked when it did not last
time?
I'm very confused.
I think it's got to be like.
Are they making it fashionable?
I know the Ray-Ban partnership must have a
lot to do with that.
Are people willing to give in and use
it?
Yeah, if they're partnered with like,
more recognizable brands.
Kind of an unfortunate way to shop,
but I think that might be it for
a lot of people.
I mean, that does, yeah,
that could be it.
I mean, maybe it's the AI part.
Like, I have said before that, like,
I get on paper, I get the idea,
because I'm convinced I have, like,
a mild form of face blindness,
and I run into people all the time.
I mean, not obviously, like,
with someone like you that I work with
all the time and I see every week,
I know you, but, like,
I run into people all the time that
they're like, oh, hey, Nate, it's me,
so-and-so, and I'm just like,
who are you?
And then when they're like, oh,
we like did this thing together.
And I'm like, oh yes, yes.
Like I'm a contextual person.
When you tell me like how I know
you, then I remember,
but I'm so bad with names and faces.
So I would love the idea of like
AI glasses that tell me like,
do the facial recognition, like, oh,
you know, this person from this,
like save me that whole step.
But I don't want it pinging back to
the cloud,
which of course it would have to do
to do that.
But my point being is like,
I get it on paper,
but I still can't believe that like they
managed to
to actually like make it stick this time
it's so weird to me well and i
mean it it doesn't have to do that
necessarily ping to the cloud i know not
that i would advocate for this product to
exist necessarily but certainly facial
recognition that's something that has been
around for for quite some time and
well,
you would need to have a local database
in your contacts or whatever.
I do think a lot of people will
already use this feature in the Apple
Photos app or the Photos app on their
Android phone that automatically
classifies faces and you can put a name
for it.
I think that's a fairly popular feature
that runs entirely locally.
And extending that to a basic device like
this,
even if it has to ping your phone
to run this computation,
Certainly it's not necessary to ping
servers if you don't want it to,
but big tech companies are very
disincentivized to do anything locally
because there is so much data that they
can slurp up with their servers and use
for all sorts of AI and other purposes.
And of course,
we'll talk about a future story here in
the show about these AI companies
partnering with people who you probably
don't want them to be.
So that's the kind of direction that all
of this puts us in.
And yeah, it's not great.
And it certainly doesn't have to be this
way.
Just because this is the way that Meta
has decided to make this product doesn't
mean it's the only way that this product
has to exist.
And I think that that's really important
to remember.
For sure.
Yeah,
two things I wanted to add real quick
in response to redacted,
said someone needs to make glasses that
beams lasers at cameras as you walk
around.
That's probably destruction of property.
There is an app,
this is not an official recommendation
because we haven't really vetted it,
but I know there is an app that's
supposed to warn you if there are people
nearby wearing smart glasses,
not just the meta ones,
but also the snap ones and
Apparently,
there's more than just those two,
but I do have it on my phone.
It has not pinged me yet,
although I don't know if I live in
an area where people are not using them.
I don't know if it's maybe just false
negatives.
Your mileage may vary,
but it is fully open source.
You can go take a look at it.
I will say,
I've never seen any of these in person
myself.
I don't know what area these are super
popular in, but not around me yet.
Yeah,
and I've had situations where somebody's
got the big glasses and there's a screw
in the front, and I've asked them,
and I try not to sound like I'm
upset about it,
because if they think I'm angry,
they're definitely going to say no.
But I've asked people, I'm like, hey,
this is totally out of left field,
but are those the meta smart glasses?
And they're always like, no, no,
they're just whatevers.
So I haven't run into anybody yet,
but yeah.
And then the other thing I was going
to say just real quick to add some
context to this article,
it says that the reason there's a lawsuit
is because Meta's advertising specifically
says, and I quote,
you're in control of your data and
content.
And then there was like another quote
there too.
Yeah.
I don't know.
I lost it.
Oh, built for privacy,
designed for privacy, controlled by you.
So, yeah,
it's it's I think they've got it.
I hope I'm not a lawyer,
but I feel like they've got a really
solid case here that if Meta is going
to.
And I mean,
all of the veterans listening know that
this is like, oh, no, Meta lied.
Like the what's the Captain Kirk William
Shatner like?
Shocked face.
But when you explicitly say in your
advertising that like you control your
data and then find out that there was
no toggle not to submit the footage and
people are reviewing it.
I think I put this in the newsletter
that went out actually for this episode
that.
As much as we've talked about these
things,
we kind of blew over that part where
it's like part of training AI is that
people have to review it,
even if only every now and then.
People have to review it and make sure
it's working and correct it,
which is a whole other thing.
worm bag of worms that we're not going
to get into right now but i i
think it's funny that like for you and
you and me like that never even came
up once because we just thought that was
kind of a given i guess or for
whatever reason like we never even thought
to mention that that like hey by the
way there is no world in which people
will not see so at least some of
the images and footage taken by these
videos so yeah
um one of our team members uh jordan
asked sorry i'll let you do it what
protection do people have against being
recorded in public um which is a great
question unfortunately i think the answer
in most countries including here in the
united states is not much but i think
that this is a good example of
um i think why data privacy concerns are
certainly not only a technical issue
because people very often get caught up in
this um trying to think of technical
solutions and i do like unredacted
suggestion of lasers being beamed at
cameras as you walk around but at the
end of the day um the the best
way to prevent something like this is to
get strong data privacy laws
out there that would prevent people from
doing this and using your data without
your consent.
Because I don't think that just being out
in public or walking around is necessarily
consent to be recorded and filmed and that
footage stored permanently for the rest of
time, right?
It's
We really have to rethink our relationship
with technology and privacy.
And we can't just apply past norms to
the current state of what we're in.
But of course,
there are so many incentives to not do
this that I think people need to be
more vocal about.
You know,
we've talked about this in the past few
episodes,
but even governments are getting in on
this like constant mass surveillance via
companies like Flock, for example,
just constantly trying to collect as much
data as possible and seeing
what they can do with it.
And in a lot of cases,
I think they don't really know what they
can do with it yet.
I think meta with these glasses probably
doesn't know what they can do with the
data yet.
But they're collecting it all in the hopes
that they can do something with it.
And that that's, that's not good.
And I don't think we should allow that.
So hopefully, so hopefully,
that can change.
Yeah, the only technical solution,
quote unquote solution that came to mind
was I really want to buy some and
review them one of these days.
But I know you've probably heard of
there's a company that makes glasses that
they've got a few different models and one
of them is supposed to reflect IR.
So they look like relatively normal
glasses,
depending on how you feel about the style
of them.
But the frames are designed to very
invisibly reflect light back to a camera.
And it's mostly for facial recognition if
I've read... Granted,
this all came from their website,
so it may not be a hundred percent
accurate.
But according to their marketing
materials, it's like some cameras,
like surveillance cameras,
They'll use IR to like better map your
face for facial recognition purposes.
And it's designed to throw those off.
But the nice thing is, again,
if I pose for like a family photo,
my glasses look normal as opposed to they
have another model that like will
explicitly like if you take a flash photo,
it'll reflect and block you.
And so anyways,
my point is like something like that comes
to mind.
But I mean,
that comes with so many like let's just
assume it works for the record.
But you shouldn't have to like if you
don't wear glasses,
why are you going to buy them just
to throw off facial recognition?
You shouldn't have to buy them because I
think they're pretty expensive.
The frames are like two or three hundred
dollars,
which I guess is how much frames normally
cost without insurance.
But either way,
it's it's I guess my point is like
it's one of those like I agree with
you.
Like I don't like.
When ordinary people just trying to live
their lives,
have this unnecessary burden put upon
them, and I understand that like.
Like it.
I understand that there's a limit to that,
right?
Like we're not all entitled to like free
DoorDash or anything like that, right?
Like there's gonna be times you have to
put in some work and you have to
put in some effort and learn some things.
But I mean, in this situation,
like I feel like
these companies are just so out of control
and there is no data privacy law in
the U S at least not universally.
There's a patchwork of limited laws.
Like somebody here said,
there's some states in the U S which
don't allow facial recognition without
explicit consent.
Yeah.
There's like two or three that I'm aware
of.
I think there's like Texas, Illinois, um,
probably California with the,
their privacy law and maybe like a couple
others, but you know,
overall there is no like
us version of GDPR that says like, Hey,
here's the bare minimum.
And I,
the more we go through this stuff,
the more I feel like we really need
something like that,
that just kind of sets a standard,
which for the record,
it will not be good enough.
I guarantee you that,
but at least something,
some kind of bare minimum thing so that
people,
ordinary people don't have to jump through
a hundred and hoops just to try to
have like a basic level of privacy.
It's so insane.
And it's really important that like,
you can't just claim to be working around
these privacy restrictions by like
anonymizing that data or whatever,
because in cases like this, for example,
we know that that technology doesn't
really exist or it will, like,
if you want to blur faces, um,
in all of these videos,
it probably relies on AI, which again,
I'd point out Meta said that they were
doing in this case and it didn't work
consistently.
That's just going to be inherent to all
of this technology.
You're never going to be able to.
One hundred percent, uh,
ensure that all of this data is being
handled privately no matter what Meta is
claiming about this.
And really the only solution here is to
not collect that data in the first place
and to not give Meta that data in
the first place.
So yeah,
this whole thing's a bummer because it
really puts a bad spin on AI glasses
in general,
which is probably a good thing because it
seems like every single one that's come
out lately has been...
just in the form of cameras strapped to
your face, right?
Which is always like,
that's never been what I wanted from smart
glasses, even before I got into privacy.
I've always just been a huge fan of
future technology, and I was like,
smart glasses, that could be cool,
because I would want a heads-up display to
see navigation or live translation or a
ton of stuff that does not at all
require cameras.
Recording people constantly,
that's probably...
Most of the very bottom of the list
of things I would ever want to do
with my glasses.
Um,
but that is the direction that all of
these tech companies are going in rather
than, um, something more,
more useful and less privacy invasive,
unfortunately.
So it's a shame.
Yeah.
I, I really just real quick,
I want to drill home what you were
saying about like how the face blur isn't
enough.
Like.
It takes a shockingly small amount of data
to de-anonymize somebody.
And it always cracks me up when it's
something like location, right?
Like, oh, but we anonymize the location.
And how many other people in the world
spend eight hours a night at this location
and then eight hours a day at that
location?
Like that alone tells you who I am.
And then this one with like the whole,
oh, but we blur faces.
Hi, hello.
I don't think that matters for some
people.
for audio listeners,
I'm showing off my arm tattoos.
Like even if you blurred my face, it's,
I don't, it's pretty obvious, you know?
And so, yeah.
Um, I, I could see,
I'm thinking back in my own history.
I could see a few small scenarios where
like having a camera strapped to my face
would be super useful,
but that was like three times a year
at my old job just for me.
Like,
I don't think most people really need it
that much.
So yeah.
And certainly, you know,
that could be a separate product that
like,
what if I just have a little camera
that clips onto my glasses if I want
to record something, right?
I don't need it constantly.
Yeah.
Constantly on and recording.
This is a very niche use case,
I think, for a lot of people.
Yeah, super crazy.
But on that note,
we do have some site updates before we
launch into our next story.
We are going to talk a little bit
later about ProtonMail.
I know that story just came out the
other day.
But first,
here's what's going on at Privacy Guides.
And for those of you who may not
know,
Privacy Guides is a nonprofit which shares
data privacy related information.
And we facilitate a community over on our
forum and on Matrix where people can ask
questions and get advice about staying
private online and preserving their
digital rights.
So first up, big news,
our smartphone privacy and security course
that we have been talking about for months
now.
We've been releasing videos little by
little.
It is finally one hundred percent
available in full.
No membership required.
You can go over to YouTube.
I believe it's on pure tube now.
If it's not, it will be very,
very soon.
We have,
for those of you who may not be
aware of this,
we basically built a three-part smartphone
course about how to make your smartphone
more private and more secure.
And there's a beginner, intermediate,
and advanced level.
And there is also an iPhone and an
Android version.
So yeah, whichever one you use.
And you can watch them all and you
can decide maybe some of the stuff in
the advanced level doesn't apply to me.
Maybe some of it does.
If nothing else,
it lets you know what your options are
out there and our official recommendations
at this point in time about how to
make your smartphone as private and secure
as possible.
And again, that is out now.
So go ahead and check that out.
And then some big exciting news.
Myself and Jonah next week will be in
Austin, Texas.
We are at an unofficial South by Southwest
party being hosted by EFF Austin.
We will be doing a little workshop about
how to improve the privacy and security of
your phone.
So, and, um, if,
if anyone's in the area and you have
never tried graphene and you're like kind
of worried about it,
we will actually have a little demo device
that has graphene on it so that people
can play around with it and kind of
see like, oh,
this is just like a normal Android.
Like there's nothing to be scared of.
I can use it just like an Android.
Um, so we'll have that little demo device,
but also we'll just be answering questions
and, you know,
offering our advice about how to harden
your phone.
And full disclosure,
I am on the board of EFF Austin.
So yeah,
we will be there for anyone who's in
the area.
Yeah,
come stop by if you're not and it'll
be super fun, I think.
And we'll share a link to the to
the event information meetup stuff in the
in the sources of the show.
So yeah, if you're in the area,
definitely check it out.
It should be fun.
And also, I will say,
since it will be taking place next Friday,
we will be hosting this show in person
there.
So that'll be fun for people who watch
this as well.
In other news,
we have a bunch of big stuff that
we announced on our website this week.
The biggest thing that we launched was a
new section related to privacy activism.
So if you go to privacyguides.org slash
activism right now,
you can find all of these
resources um our staff writer m has been
working super hard on getting all these up
and it has a ton of useful advice
um not for like just activists in
particular but activists for privacy
people who want to advocate for data
privacy in their local communities or in
terms of legislation or in terms of
anywhere else that you might want to be
an activist for privacy rights.
And so all of these tools are meant
to empower the kind of digital rights
community that we are in.
And the first tool that we released in
this section is the privacy activist
toolbox,
which it looks like Nate is
scrolling through now here on the screen.
Essentially,
this toolbox is a list of resources and
articles that give you advice on how to
be the most effective privacy activist you
can be and how to effectively and clearly
and sustainably advocate for privacy and
digital rights.
And so if that is interesting to you,
if you've been in the privacy community
for a while and you're wondering how to
best make a difference yourself,
definitely check out these articles.
They're extremely extensive and just a
wonderful resource.
We've gotten a ton of positive feedback
from people in this space and elsewhere
who have been reading these and learning
new things or sharing these with other
privacy activists and privacy related
organizations.
in this space.
The activism section in general is
something that we hope to continue
expanding.
We have a few things on the roadmap
and hopefully we can share a bit more
information about that soon.
But for now,
I think that all of these tips will
prove to be super helpful for some of
you out there.
And if any of that sounds interesting to
you,
definitely go to privacyguides.org slash
activism and check out that resource.
Other site changes,
we've done a few very minor things.
The most notable one was that we removed
mention of zero knowledge encryption or
zero access encryption from our site
because those terms are not very...
clear and we found them to be confusing.
So we're kind of transitioning to being
more descriptive.
Zero access encryption is kind of a
marketing term that gets thrown around a
lot.
And zero knowledge encryption is not
really technically accurate.
It doesn't make a lot of sense outside
of like zero knowledge proofs,
which are totally different things.
So
Hopefully some of our resources around
encrypted tools that we recommend,
et cetera,
are more clear and we hope to use
better terminology to describe that stuff
going forward.
That's not just marketing jargon.
That's a big thing that we want to
try to eliminate from all of our resources
as much as possible.
So that was a big change.
um related to our news section our
volunteer journalist freya has been
publishing a ton of articles lately so you
can go to privacyguides.org news and check
those out there are a lot of stories
that we don't get a chance to discuss
here on the show
but are still important nonetheless,
and that is the best way to stay
up to date with those in addition to
our community forum.
Some of the articles include a full-length
article on how to game privately,
which might be interesting to the gamers
out there,
as well as more news briefs like Samsung
TV's halting data collection in Texas,
a spyware maker going to jail,
TikTok refusing to add end-to-end
encrypted direct messages, and a lot more.
So again,
that's at privacyguides.org slash news if
you want to stay up to date on
all of those topics.
All of the stuff that we do at
Privacy Guides is made possible by our
supporters.
So you can sign up for a membership
or donate at privacyguides.org.
Or if you want to promote privacy in
your own life and you want to support
us as well,
you can buy some swag from
shop.privacyguides.org.
I think that does it for all the
updates from us this week.
So let's talk about chat GPT and the
Pentagon.
Nate, what do you got for us here?
Yes.
OK, so for those who missed the memo,
which I wouldn't blame you because there
is so much freaking news going on right
now,
it's hard to stay on top of it
all.
Like I actually forgot part one of this
story until I was reading the article and
refresh my memory.
So the Pentagon used to have a contract
with Anthropic, who makes the AI Claude,
which I've heard good things about as far
as AI goes.
I guess it's pretty good at what it
does.
But Anthropic had some stipulations in
their contract,
specifically that you could not use Claude
for mass surveillance on Americans,
and you cannot use it in autonomous
weapons.
And the government tried to pressure
Claude into dropping those stipulations
and doing whatever they wanted.
I will admit I'm not fully versed in
the nuance of this story.
So I apologize if any of my opinions
are a little wrong here,
but to their credit,
Anthropic stuck with their guns and said,
no pun intended,
stuck with their guns and said, no,
we're not going to do that.
And the government dropped them and said,
we're not doing business with you anymore.
Went on to declare them a supply chain
risk.
That's a whole nother thing that we're not
going to get into, but open AI is,
as they do, swooped right in and said,
hey, we'll do business with you.
I mean,
I don't know how else to put it.
So Sam Altman, the CEO of OpenAI,
basically he's clarifying the terms of
this deal now because he recognizes that
that was not a good look to just
come in.
Here's what he says.
We were genuinely trying to deescalate
things and avoid a much worse outcome,
but I think it just looked opportunistic
and sloppy.
You can take that at face value if
you want or not.
You can probably tell how I feel from
my tone,
but that's neither here nor there.
But either way,
he's clarifying that they are still
holding to the terms that OpenAI cannot be
used for mass surveillance.
Noticeably,
I don't think this article said anything
about the autonomous weapons.
But yeah,
and I think that's kind of the...
Again,
that's kind of the bare bones of the
story.
We don't know a lot more.
We know that AI,
and I'm sure a lot of our veteran
viewers know this,
but AI is so much more than LLMs,
right?
And there's a lot of people who don't
even like the term AI because it's been
around for a long time.
AI research goes all the way back to
like the sixties, I think,
which is pretty crazy when you think about
it.
But I mean,
even before it was called AI,
we've had targeted ads,
we've had machine learning,
we've had algorithms determining all kinds
of, I mean, for years,
algorithms have been determining whether
or not you get approved for a loan,
your insurance rates.
And it's just, this is like,
the next step, um,
I've had to explain that to a few
people is that like, it,
it seems on the, from the outside,
it seems like chat GPT just came out
of nowhere, right.
In twenty, twenty two, I think it was,
but I mean, it's,
it's kind of been building towards that
behind the scenes.
It's just,
that was like the next leap forward,
at least publicly and visibly.
So, um,
Yeah, AI is being used by the military,
which is, again,
probably not a shocker to our veteran
listeners, but it's being used for, again,
it's more than just LLMs and chatbots.
It's being used to identify targets.
It's being used to calculate how sure are
we that this is a target?
Where do we think this person is going
to be next?
All that kind of stuff.
And so I think
I'm not going to lie.
This has actually been on my mind for
a long time.
Back on Surveillance Report,
Henry used to tell a famous story from
Edward Snowden where it was the – I
believe it was the Boston Marathon
bombings.
It's like him and one of his coworkers
were in a bar,
and they saw the news about the Boston
Marathon bombings.
And I think it was his coworker was
like,
how much you want to bet that guy's
in our system?
Like we flagged him.
We knew he was a threat and we
did nothing.
And when they went back to work the
next day, sure enough,
they looked him up and it's like, oh,
he was in the system.
Yes, absolutely.
And I think that has long been a
criticism that I personally have heard
from intelligence people.
Not that I know any,
but I've just like,
I've seen it around in articles and stuff
is they're so inundated with data that
they cannot sort through it to make sense
of it.
which to me tells me you should stop
collecting so much data.
But I think that's one of the most
obvious uses of AI is to sort through
that data,
which raises a lot of concerns that the
article did actually address here that AI
is known for getting it wrong or
hallucinating.
Like it says right here,
AI large language models can make mistakes
or even make things up known as
hallucinating, which...
Fun fact,
that was actually my first experience with
AI.
Back in the day, I was like, well,
let me try this out and see if
it's any good.
And so what I used it for was,
this was back when I used to recommend
Threema over on the new oil,
and I was writing a review.
And so I was like, okay,
give me the pros and cons of Threema.
And one of the pros, it was like,
it has a password manager built in.
And I'm like,
can you cite your source for that?
And of course it couldn't.
And it just went, oh, you're right.
I'm sorry.
It doesn't have a password manager.
And I'm just like,
Where did that even come from?
So yeah, AI,
that's one of the big concerns with AI
in this context.
I mean,
aside from just the privacy in general
is...
I mean,
I think there's so many issues with
privacy in general, right?
Concerns about privacy in general.
Aside from the fact that it's just a
given human right,
I think it was also Edward Snowden or
somebody said that you never have to
justify why you deserve a right.
Someone else has to justify why they need
to infringe on it.
But in addition to that,
I think something that should be said is
that, and again,
we know this thanks to Snowden in
A lot of the time,
the loophole for spying on American
citizens is that once data leaves the
country's borders,
it becomes subject to surveillance.
So last year I went to Europe, right?
Suddenly you can spy on me because if
I, you know,
had to call my wife back home,
that data's crossing borders.
Or even on a much more innocuous note,
he would talk about how data centers like
Gmail, for example,
completely unbeknownst to you,
they might move a server,
like copy the data somewhere else
temporarily to like do maintenance on that
physical server, right?
And that data might go to Canada, Mexico,
whatever, or even just sending an email.
You know, the internet...
as far as I understand,
like it tries to optimize and take the
fastest route to something,
which let's say hypothetically,
for some reason, the fastest route from,
I don't know,
Texas to California is jammed up.
It might, again,
bounce over to a server in Mexico and
then bounce back over to California to use
the fastest route.
And now again,
your data is open for interception.
So it's, yeah, there's just so,
so many privacy concerns with AI.
And the fact that they...
The fact that this is even a discussion
or a question from the military of like,
well,
can we use it for mass surveillance on
Americans?
Why?
Just, yeah, I don't know.
That's...
I think that's kind of all my thoughts
on that one.
Yeah, I...
I would definitely and you said we
wouldn't talk too much about this,
but I would want to highlight the the
idea that the US government was going to
flag anthropic as a national security
threat or for making these demands.
I think it is very concerning that the
US government was so insistent originally
that like the ability to spy on US
citizens domestically was like a hard line
that they needed to have
not roped enough in this application,
especially because this is an agreement
between AI companies and the military.
Certainly not the people you would want
surveilling on your own citizens.
But
Yeah, I mean,
there's problems with AI everywhere.
I think Jordan brings up a good point
here that even if there are safeguards
against US citizens that eventually get
added on, all of this technology,
which we already know is extremely
unreliable,
is going to be used in military operations
around the world.
And all of this AI stuff,
like you mentioned,
It's come out very recently.
I mean,
none of this stuff is like super well
tested by any means.
It's all just a lot of tech companies
really trying to jam this product into as
many possible segments as they can.
And of course,
that would include the government and the
military.
And it's all about getting a return on
this massive,
massive investment that they've all made
into AI development.
it just it's it's becoming an actively
dangerous situation i think we can see
from from this story here and i totally
agree with you that it really makes no
sense that um this ai use and all
the data collection that they're doing
will make a real difference in terms of
like stopping terrorist threats or plots
or like affecting people's everyday lives
um
And this is an argument that people have
known about and people have been making
for literal decades,
even before like the Internet and
computers were commonplace or used by
everyone.
It reminds me of like all of the
reports that came out following nine
eleven in the US about how certain
government agencies had intelligence that
indicated this might be happening,
whether or not that was passed along to
the FBI.
Like before this happened,
were people aware?
i think the general consensus there was
like you know nothing was as definitive it
wasn't completely reasonable for like
anyone to expect that that event was going
to happen ahead of time but certainly like
these people were in the systems and that
data didn't lead to anything actionable
happening and it's similar to the to the
case you talked about um where where the
perpetrator was in their systems and was
already flagged
And that didn't lead to anything being
stopped because all of this data
collection,
it isn't leading to any positive outcomes
here.
They're using national security, I think,
as a front for what they really want
to do with all of this data.
But much like a lot of
security protections that we have,
like the TSA, for example.
This is just a matter of security theater
in a lot of cases that isn't actually
doing the things that it sets out to
do.
You know,
they have plenty of other reasons to want
this data.
And I think national security or stopping
threats or stopping terrorists or
protecting children or whatever excuse you
want to you want to come up with
these days.
All of that is just an easy way
to put a bow on things and describe
it without having to really get into the
details.
But if you did get into these details,
you would see that all of the stuff,
the AI stuff that we're introducing into
the military,
all of the data collection that we're
doing on US citizens and people all around
the world, really,
all of this stuff is just completely
unnecessary.
And it's
bad it's bad for citizens of the us
it's bad for for everyone else in the
world and it's becoming actively dangerous
um and i think more people need to
be concerned about all of that yeah i
mean we could make a whole podcast like
not even just an episode we can make
a whole series out of all the problems
with ai but um
One of the things also that Jordan said
that I thought was pretty good is AI
is pretty biased based on its training
data.
That's historically been a big problem,
especially in a policing context,
is a lot of people have accused it
of...
One thing I've learned is if you go
looking for a problem, you will find one.
Generally speaking,
whatever you go looking for, you find.
And so if police, for example, feed it
uh feed ai like all these uh these
arrest records right and let's say they
all happen in the east side of town
then these this ai is going to be
like oh all the crime is in the
east side of town more cops are going
to go to the east side of town
they're going to find more crime because
there's more cops meanwhile the west side
of town is where all the white collar
crime is happening um but you know it's
it's just it's such a it's such an
imperfect thing and
There have been, so far,
there have not been any studies that have
shown that all this mass surveillance
actually stops crime or has any meaningful
impact on lowering crime rates.
And one of the big things that concerns
me with relying so much on AI for
everything is,
if you guys have never seen the movie
Brazil, I highly recommend it.
The ending's a little bleak,
I'm just gonna warn you.
But it's basically this very absurdist
sci-fi movie where this guy gets
wrongfully arrested
And his neighbor witnesses the arrest and
he's like,
I don't think they got the right guy.
Like I've lived next to this guy for
twenty years or whatever.
He's never been an issue.
And so he basically goes off on a
quest to try and deal with the bureaucracy
of like you arrested the wrong guy.
And he keeps running into people who are
basically just like, well,
that's what the computer said.
Like, that's what my paperwork says.
That's that's just like, no,
but that's what it says.
And like,
that's one of the big concerns that I
have with all this stuff and all this.
letting the machines do the thinking for
us shout out to the dune fans in
the room is that like we're entering this
world where it's like when the ai gets
it wrong what happens they're just going
to be like well that's what the computer
said yes but the computer's wrong yeah but
that's what the computer said it's like oh
my god dude so yeah it's it's a
very scary time we're entering into yes
We are going to get into some questions
from live streamers in a bit.
But before we do that,
we have an article here from four oh
four media.
The headline is proton mail helped FBI
unmask anonymous stop cop city protester.
A court record reviewed by four of our
media shows privacy focused email provider
ProtonMail handed over payment data
related to a stop Cups email account to
the Swiss government,
which handed it to the FBI.
So I'll read the beginning of this article
quick.
Privacy-focused email provider ProtonMail
provided Swiss authorities with the
payment data that the FBI then used to
determine who was allegedly behind an
anonymous account affiliated with the Stop
Cop City movement in Atlanta,
according to a court record reviewed by
Foro Fori.
The records that they reviewed provide
insight into the sort of data that
ProtonMail,
which prides itself on both its end-to-end
encryption and that is only governed by
Swiss privacy law,
can and does provide to third parties.
Um, so pretty much this,
this entire story, um, I,
I kinda disagree with,
with the headline a bit,
although obviously FBI involvement was
here.
It is important, I think,
to draw this distinction, um,
between like, uh,
a foreign government asking proton for
this information versus, um, the,
the Swiss courts.
asking Proton for this information because
in this case,
the FBI did go through those channels and
the Swiss courts demanded that Proton hand
this data over.
And I think that this is a big
difference from a lot of like big tech
companies, for example,
which will comply with court orders from
from other countries where they're
Like they might not necessarily fall under
their jurisdiction,
but they will comply with them anyways,
rather than like demanding everything go
through the U.S.
in a lot of big tech cases.
And so.
There is I do think you have to
draw this distinction because.
You know,
the Swiss courts do limit a bit.
as far as like what what information can
be requested.
But obviously we've seen a number of times
that they have been willing to demand the
data of activists in this case who aren't
necessarily
doing anything illegal.
I don't know exactly what these people are
being accused of,
but I do know that charges against a
lot of the people in this case,
according to for media in this article,
actually,
they said that they've been dropped.
So it's not clear like who's involved or
like what level of certainty the FBI even
had in the first place as to like
what crimes the person behind this email
supposedly committed.
At the end of the day,
kind of similar to the big story with
Proton revealing the IP address of a
French activist a little while ago,
the issue isn't necessarily the fact that
they're handing over information,
although it's certainly not great that
they have this information to hand over in
the first place because we can look at
court cases
from signal for example where the amount
of information that they have and do
handover is extremely extremely limited
whereas it seems like a lot of uh
data that proton has is is not protected
as you would expect um but i think
it really just highlights the importance
of
understanding what data you have is
protected and isn't protected when you use
any service, including Proton.
Because the encryption that is used in a
lot of cases,
and certainly in the case of Proton,
which is an email provider,
which is already not a great technology
for protecting this sort of metadata.
The encryption that's used even in
end-to-end encrypted products varies
widely.
So we could think about Signal again,
just for a simpler example,
compared to WhatsApp.
They actually use very similar encryption
technologies.
WhatsApp has famously used the Signal
protocol to encrypt those messages for a
while,
but
unlike signal,
which has put in a lot of effort
to minimizing the amount of metadata that
that's collected and logged by the
company,
WhatsApp and their parent company meta are
collecting and storing all sorts of
information about like,
who's registered on their service,
when they're using the app,
who they're communicating with,
they have all of that information.
And in that place places you at risk,
even though WhatsApp is end to end
encrypted.
And similarly here,
At the end of the day,
I don't think it's reasonable to expect
Proton to not comply with court orders,
of course.
I don't know.
Maybe you saw this in Consignment,
but I don't know if I saw in
this article whether Proton fought back
against this court order or to what
extent.
And so I'd be interested to know about
that.
But I will say,
at the end of the day,
looking at the...
I think especially after the French
activist thing,
Proton has made a bit of this more
clear and it is pretty clear in their
privacy policy,
like what information they have.
And I think that people just need to
go into situations like this,
assuming that any data that they give to
a third party service provider could
potentially be either leaked in a data
breach or handed over in a case like
this.
and need to plan accordingly because the
only protection that you can really rely
on is strong encryption of all of the
data you want to protect.
You can't rely on privacy policies.
You can't rely on companies avoiding court
orders.
if they have the data,
it will eventually be leaked,
whether it's the company giving it away or
whether it's a hack,
which seems inevitable.
I mean, Nate,
you publish like a data breach roundup
every single week, right?
With all sorts of companies that are
hacked all the time.
I think it's more than most people would
expect.
And yeah,
you can find that on our website if
you want to
go back in time and see all of
these happening but um yeah you have to
rely on encryption and you have to really
take a look at what these companies are
encrypting because proton is taking a lot
of data that they do not encrypt at
the end of the day and you need
to plan around that yeah it's um
Yeah, real quick,
fun story on the data breach note.
I started doing that back many,
many moons ago.
I started my own just solo podcast.
And when I ended up teaming up with
Henry at Surveillance Reporter,
that was my one stipulation is I want
to bring the data breach section
And that's kind of why I started doing
it here as well is because,
like you said,
I think people don't realize how
frighteningly common data breaches are.
And that was kind of like my thing
is like I wanted people to realize, like,
if for no other reason,
take your privacy seriously than the fact
that this happens literally every day.
But yeah, it's...
I think the reason I always like to
share these stories about Proton sharing
data is not to beat up on Proton
necessarily, but I mean, for one,
I already know there's going to be a
lot of people out there spreading
conspiracy theories about how Proton's a
honeypot and this just proves it.
But it's like you're saying, like email...
So many.
I think this is actually in one of
our upcoming videos here that should be
coming out soon.
So many of the technologies that run the
internet were invented literally in like
the nineteen sixties when there were ten
people online and they were all like
college kids and there was no need for
security because nobody was doing banking
transactions.
Nobody was doing sensitive military plans.
Nobody was sharing like
intimate communication.
It was all just literally like research
that was all going to be made public
at some point anyways.
Right.
And like maybe a few notes here and
there about like, you know, Hey,
did you get the document or whatever?
But it,
so security was really kind of an
afterthought.
And unfortunately as the internet grew and
scaled,
we kind of just kept bolting afterthoughts
onto this, this stuff.
And that's how we end up with things
like encrypted email, which, you know,
proton is great to does great.
But both of them and mailbox and like
all of these,
they're really just applying band aids to
technologies that were never really
designed to be secure.
And that's why we like things that things
like signal that were kind of like,
what if we went into the ground floor
and tried to be as secure as possible?
But even then, those have use cases.
Like, I always push back on that.
A personal pet peeve of mine,
I hate when people are like, oh, well,
you shouldn't use encrypted email because
email was never designed to be secure.
Use Signal instead.
And it's like, great.
The day my bank agrees to send me
a Signal message,
I will be in agreement with you.
But we're just not there.
Like, unfortunately, again,
we still have all these legacy
technologies that are floating around
because they just are.
And I think...
I think these stories are unfortunate
because Proton,
like every company is going to try to
market why you should use them, right?
And I think for,
especially for the target audience of
people like Proton,
it's very difficult to explain to people
in a nutshell why they need something like
Proton or PGP or anything.
It's very difficult to explain to them why
Gmail and Yahoo are not secure.
And also to explain nuance, right?
It's a very fine line to thread,
especially when you're talking to the
masses.
And I think there's definitely places
where Proton could do better.
Like I think with that French activist
one,
Proton did actually change some of the
wording on their website because it wasn't
technically wrong,
but I could see how somebody could get
the wrong impression.
And I don't know, this stuff,
I'm trying to put my thoughts in order
here.
It's frustrating because I don't think
Proton necessarily did anything wrong
here,
but I could see how people could be
lulled into a false sense of security.
And I do want to point out,
somebody pointed out here in the chats,
they said like no end-to-end encrypted
data was given away.
The account owner simply had bad OPSEC.
It's this person, like I will admit,
I pay for my Proton account with a
card.
I use a privacy.com card.
which is linked to my name.
Like if,
if I was the person in this scenario,
for whatever reason, um,
the FBI could request data from proton
proton.
They, here's their card info.
They could trace that back to privacy.com
who could trace it back to me.
I know that's not fully anonymous,
but also I'm not an activist.
If I was doing like serious,
heavy activism work,
I would probably take some more steps.
I don't really want to victim blame here,
but I guess, um,
And Proton pointed that out too.
They said like, we do accept cash.
We do accept cryptocurrency.
They don't accept Monero.
I'm going to always call out on that,
but it's, yeah, it's, it's like, it's,
it's important to know the limitations of
a tool.
And again,
like I mentioned this earlier in the show,
there's a difference between privacy and
anonymity, right?
Proton is not promising you anonymity,
at least not by default.
You're
So I think it's just really important to
keep in mind the limitations of these
tools.
And I just remembered you said is from
what I understand,
Proton did not push back on this order
because they were informed that apparently
this person,
I don't know if charges were dropped.
The article said that charges hadn't been
filed.
What exactly did they say?
Uh,
four or four media is not publishing the
person's name because they don't appear to
have been charged with a crime according
to searches of court databases.
So maybe they haven't been charged with a
crime yet.
Um, but yeah,
Apparently,
Proton was informed that the person in
this situation was violent,
that they had already shot at one officer,
that they had explosives on them.
I don't know how true that is.
That's Proton's justification,
and you are welcome to have your own
opinions on whether or not that was
justification enough.
But it is...
Yeah,
it's – Proton does push back sometimes.
They kind of do it on a case-by-case
basis,
which I don't know how I feel about
that.
But they try to get as much of
the facts of the case as they can
before deciding whether or not they want
to push back on a core order.
But yeah, it's –
I don't know.
I think for me,
the big thing again is I hate seeing
people confuse privacy with anonymity and
get really upset and be like, oh,
Proton shouldn't have complied.
Proton even said this.
I don't know if it was in here,
but there was a Reddit thread where Proton
issued an official statement,
which was very professional.
I was impressed by it.
And they did mention basically that, look,
nobody can operate above the law.
There's not a country in the world where
we're not subject to somebody's laws.
And
They choose to be under Swiss laws.
They feel that Swiss laws are very
thorough and set a very high bar.
But yeah, I mean, ultimately,
at the end of the day,
I personally would be more worried by a
company who ignores the law because
they're going to get shut down eventually.
Like they just they can't keep operating
outside the law.
So, yeah.
Yeah, I, I agree.
It's a very fine line for them to
be treading here.
At the end of the day,
like the headline is accurate.
They did help the authorities.
And you might not expect that from a
company that markets itself so heavily
around privacy.
And a lot of people in the privacy
community, especially,
I even saw a comment here from our
team member, Jordan,
saying they could make it more obvious the
data isn't encrypted,
which I think is certainly true.
But at the same time,
I think you have a really good point
about
like Proton needing to market this product
towards an extremely broad audience who
does not care about these problems and who
isn't like going to be affected by court
orders because the demographic that Proton
is targeting is
primarily businesses and people who are
switching away from the Google Workspace
suite of things.
And it is just objectively true that
switching from Google to Proton is a huge
benefit for those people.
No matter what they do, really,
it's always going to be an improvement in
their privacy and security.
And a lot of these people are not
going to be
concerned about the nitty gritty details
of some of this stuff.
And also to Proton's credit,
between their privacy policy and their
blog and some pages on their website about
transparency,
for the people who are concerned about all
of this stuff,
you can find all of this information
pretty accessibly on their site and in
their resources.
You do have to look for it.
Which you can certainly argue is
unfortunate,
but also you can see that as a
legitimate decision for them to make
because it doesn't probably make a lot of
sense to overwhelm the type of person or
business that's switching from Google and
Microsoft to Proton with all of this stuff
that isn't going to impact them.
It's a very hard problem to solve.
And I think that for people who are
in this situation,
making it more clear that you need to
be using tools like Signal or SimpleX or
other messengers that are designed from
the beginning to be secure rather than
like you said,
sixties technologies that have had a ton
of stuff just bolted on over time.
like that is the actual solution here and
i think that like more tools that are
designed to be as private as possible by
default without having to worry about this
makes a lot more sense than than proton
like trying to describe every possible
case where your data could be could be
leaked or shared like this
So yeah, it's kind of unfortunate,
but I'd agree that I don't really know
what else Proton can do in a situation
like this.
It's very challenging,
and they've created this challenge for
themselves because they chose to make an
email service,
but that is what they're doing at the
end of the day,
and there isn't a great way to handle
this, unfortunately.
Yeah, I agree.
I mean,
it's I think we hit a certain point
where it becomes
It becomes kind of a personal opinion
thing in the sense that like, for example,
this person here on YouTube said that I
think that doesn't justify the move
they've made.
And I could see that argument where like,
again,
if you're saying like they shouldn't have
handed over any data period,
no matter what,
I completely disagree because they will.
If you go with a bulletproof provider who
does that,
eventually they will be shut down.
And now even if you didn't do anything
wrong,
your data is sitting in an evidence locker
alongside everybody else.
We've seen that happen time and time
again,
but I could see the argument of like,
well, they still,
they should push back on every core order
by default.
And I can see that argument.
I don't know if I necessarily agree with
that for the record, but like,
I definitely see where you're coming from.
So that's what I mean when I say
like,
we kind of get to a point where
it becomes personal preference.
Like, should they have pushed back harder?
Should they push back every time?
Because there's also a part of me that
says, well, if they cooperate,
let's say they cooperate on,
objectively awful cases,
like we know this person was genuinely a
terrorist in the wrong,
we know this person is trafficking CSAM,
we know this person is doing awful,
awful things,
then I feel like that kind of improves
Proton's position when if they get a BS
request that's like, oh,
we just don't like that this journalist
wrote mean things about us.
Okay.
Cry me a river, go home.
We're not turning over the data.
So I don't know.
It's just, it's, it's personal preference,
but yeah, it's that same person just said,
there's a reason I've always avoided
email.
I'm kind of backing up what you were
saying.
It's, it's less, uh, but, uh, you know,
we,
we need to focus on things whenever
possible.
Again,
I mentioned that my bank is never going
to send me a signal message,
at least not anytime soon.
And I wish they would, but, um, yeah,
trying to avoid email when you can trying
not to.
I don't know,
just trying to move to those more private
or more secure from the ground up
alternatives where possible is kind of the
only solution.
But it has its limitations for sure.
But I think that was all of our
stories this week.
I was poking around Proton's website.
Let me close these tabs.
Those were all the questions.
So it's time to start taking viewer
questions, actually.
If you've been holding on to any questions
about any of the stories we've talked
about,
go ahead and start leaving them in either
the forum thread or the comments section
of the livestream.
And we're actually going to go ahead and
start with the forum thread,
which
Last I checked only got one question.
Yes, that is correct.
So we have a question from anonymous five,
seven, one.
First of all,
big thanks for the work that we do.
Thank you.
You said in the past,
I used a single Gmail address,
which was not your main email address for
all sorts of random account signups for
things like discord, Amazon.
Netflix, news websites, one-off trials,
et cetera.
You said,
I've used this email address for many,
many years.
Needless to say,
it's a bit of a cluster.
Younger me thought that I was being smart,
not having these accounts fill up my main
email address with spam.
Cut forward to today and being more
privacy and security aware, you got,
ironically,
a Proton subscription with a custom
domain.
You've been updating all your old accounts
to either Proton or simple login aliases
and aliases on your custom domain.
Got me thinking, however,
is this merely updating my email with a
unique alias a waste of time?
Should I rather be creating completely new
accounts for all these websites?
The thinking is that they likely keep
version history of my email address so I
could still be linked or profiled based on
previous email addresses.
A data breach could also expose the email
history,
so it doesn't help in that respect either.
Updating my email with a unique alias on
all these websites is one thing,
but creating new accounts and closing the
old ones gives me goosebumps just thinking
about it.
I have some complicated thoughts on this
one.
Well,
complicated in the sense that I feel like
it's very nuanced.
You know, it's always nuanced, right?
So, I don't know.
Do you want to go first, Jonah?
I mean, yeah,
I could give a few thoughts on this.
We might be thinking about the same thing
here,
but I do think certainly it's a good
thing to switch to Proton,
start using simple login aliases for all
your accounts because it is super
important to use Proton
a different email for every site that you
use for the same reason,
pretty much that you'd use a different
password for every site that you use,
which is that, you know,
especially you don't you don't even
necessarily have to be concerned about the
website itself tracking you,
although that is definitely a concern with
some websites.
But as we talked about
previously in the show,
data breaches are super common.
And these sites will,
like when these data breaches are out,
if your email is shared between data
breaches,
that does create a pattern that can be
used to track you across these sites and
create a profile of like the kind of
sites that you're using.
And these data breaches are super common.
So you don't want to have any information
between data breaches that can potentially
be linked together.
That is a privacy concern.
Um,
As far as updating your email with
accounts you already use or deleting
accounts and starting over,
that is something that is going to really
depend on what you think is worth it.
I think the person who has this question
really laid out a lot of the reasons
why you might want to do that and
also the reasons that you wouldn't want to
do that,
especially like just the effort involved
in having to recreate all of these
accounts.
And it really depends on how you feel
about that site.
I don't think for a lot of websites
that you would sign up with,
it's probably fairly unlikely that they
are tracking like email history,
for example.
And if we're talking about like a big
tech company or a data company like Amazon
or Facebook,
I would think that that is more more
likely.
But if you're talking about like a general
e-commerce shop or a random form or
whatever,
um it's probably unlikely that they're
storing that historical data forever and
so changing that might be fine but of
course that is um a case where you
would have to trust that is happening and
and you'll never know for sure so i
i think the way i would sum this
up um is just like at the end
of the day you have to decide whether
the uh
Whether recreating all of these accounts
is worth it for you,
but that's going to be an individual and
maybe even a site-by-site basis,
which I couldn't really tell you.
I don't know if you have more actionable
advice than that, Nader,
if that's kind of what you're thinking,
but definitely share your thoughts.
Yeah, very similar.
I will say this isn't necessarily proof,
but...
In all the years that my brain has
become an encyclopedia for companies that
have had data breaches,
I've only ever seen one that had a
breach that exposed the email you signed
up with.
I can't remember who it was,
but I remember it does stick out in
my mind because I remember thinking like,
oh, that's weird.
We've never seen that before.
So, I mean, I...
I find it kind of hard to believe
that if this was a common practice of
companies keeping a history of your email
addresses,
that they would keep – I find it
hard to believe that if companies were
doing that,
that we wouldn't have seen more of those
breaches by now with how common these
breaches are.
Um, it's certainly possible, obviously,
but I, I don't know.
That's the,
I've only ever seen one that did.
I do agree.
I would just add onto that really quick
that like, in my experience,
hosting software,
like thinking about open source software,
we're talking about the major platforms
like WordPress or form software,
all the stuff that like all these tiny
sites would be using.
I've also never seen, um,
really any situations where like that is
commonplace in software.
So I would imagine you'd only really see
that from like a big custom made website,
maybe from a big tech company,
but it seems pretty unlikely.
I would agree just from the software side
of things as well.
I've never really seen features like that
personally.
And also that story that I referenced,
it was literally only the sign-up email.
So if you signed up with Gmail and
then you changed your email like,
it would only have that Gmail and then
your current email.
It was really weird.
I wish I could remember who that was.
But anyways, my only concern with this,
if you want to make all new accounts,
I certainly don't think that's a bad idea.
I know there's a lot of people in
the privacy community that actually like
just periodically nuke their accounts and
start over all the time.
I think we have a regular in our
forum who did that recently, actually.
But I think my concern would be,
especially with some of the more
mainstream platforms you mentioned,
like Discord and Amazon,
I notice it's becoming increasingly hard
to make new accounts,
especially privately.
Like a lot of them will ding you
for using VPNs.
A lot of them will ding you if
you're on like Linux or an uncommon
browser.
So you run, and a lot of,
some of them even like Reddit,
Oh my God.
I get more and more pissed at Reddit
with every passing day because Reddit now
has this little user and it's totally
invisible.
There's subreddits you can go find and
check it.
It's called like CQS or something.
It's basically like a user score.
And if you're not active enough,
if you're not messaging enough,
if you're not using the platform enough,
your score lowers and they think you're a
scammer or a spammer bot, whatever,
which I guess kind of makes sense because
that is the thing.
If you're like someone who spends too much
time on Reddit,
which I have in the past,
you're
that is a thing where like people will
literally make accounts and then sit on
them dormant for like six months.
And then they'll sell the account to
somebody who will start spamming.
Because, you know,
now they're not like a brand new account
and they don't look suspicious or,
you know,
they'll go out and they'll like get a
whole bunch of karma and then they'll sell
the account to someone else.
So I kind of get why they do
that.
Or, you know,
people lurking that just like only send
DMS or whatever, but it's, it's,
It makes it frustrating.
I shared this story a couple of weeks
ago.
I logged into,
I have an account where I've identified
myself as the new oil.
I used to be really active in like
r slash privacy.
And I logged in for something.
I don't even remember what,
but I logged in for something.
And on my homepage was r slash privacy.
And it was a question that I was
like, oh,
I can leave an answer to that real
quick.
Like I'm qualified to answer this.
This person seems like they're asking a
good question.
So I went in and I typed out
my answer.
And when I hit post, it was like,
oh, your score is too low.
You can't post in here.
And I'm just like, all right, whatever.
Don't care because I haven't posted in
like a year.
So yeah, it's just, it's that would,
I guess where I'm going with that is
that would be my main concern is if
it's something like,
you know,
dominoes and you're ordering pizza, right?
They don't care.
As long as the card goes through,
make a new account, whatever,
if you want to.
But if it's something like, again,
like Reddit, Discord,
they're probably going to put up some
blocks and like make it,
probably more of a pain in the ass
than it's worth in my opinion and
especially some of them like gmail discord
they might require a phone number and
they're kind of strict about not allowing
voice over ip so at the end of
the day it's probably going to be more
work than it's worth in my opinion but
it does depend on your threat model um
yeah i i guess that it really depends
on your threat model and how much work
you're willing to put in but i i
don't think you have to i think if
you want to it's not a bad idea
but in some cases you might get
diminishing returns
The other thing I would say is I
certainly don't think you have to do this
all right away unless you have a
particularly good reason to.
And kind of similarly to how we handle
opting out of data broker databases in the
US.
We typically recommend,
unless you have an immediate concern right
away of some threat against you,
Just taking your time with it.
I think you don't want to you definitely
don't want to burn out like spending many
hours straight just constantly recreating
all these accounts.
Right?
This is something you could do over the
course of I mean,
even even a few months if you if
you want,
just do
Just do a few accounts a day.
I find if you already use a password
manager,
that is a really helpful way to find
all of your accounts.
So you can go through basically a list
and update the email on them at whatever
pace you want.
If you aren't using a password manager
yet,
definitely start using one because that's
super helpful for just, I mean,
not only like all of the typical benefits
of a password manager in terms of
security,
but also just having a list of like
all the places you have an account in
the first place.
That comes in handy very often.
And it's a huge benefit of using a
password manager like that.
So yeah, just going through things,
taking your time is probably fine.
but yeah really really depends on your
situation you mean you don't have to be
me the psychopath who changed all my
passwords in one weekend in one sitting I
don't think you have to be I would
say if that gets you going then good
for you yeah I wouldn't recommend it but
I definitely did that it was not wise
All right, so going through the chat here,
just to address a few of the chats.
Back with the headline stories,
somebody asked,
will Graphene OS have two flavors now,
or will there remain one flavor?
As far as we know,
there's still just going to be one version
of Graphene.
There's not going to be multiple versions
per device.
Yeah,
and I believe it's been confirmed that
you'll be able to install Graphene OS from
their website like usual on these devices,
which I would expect because Graphene OS
places such an emphasis on...
You have to trust every single aspect of
the installation process to know that your
phone is secure.
And so doing it from a trustworthy source
that you can verify from the very
beginning is important for your security.
And I can't imagine Graphene OS would give
that up.
They've also said that...
I believe GrapheneOS has confirmed in one
of their social media posts.
It's so hard to find some of this
information about GrapheneOS because it's
in a lot of sporadic social media posts
rather than one place.
So I don't have the post pulled up,
but I believe I've seen that they're not
going to be including any Motorola
loadware in GrapheneOS or anything like
that.
I think it is still an open question
as to whether Motorola will pre-install it
as we discussed earlier.
And if that will be called Graphene OS
or if like Motorola will be pre-installing
maybe a fork of Graphene OS that does
have their security tools and maybe they
won't.
call it Graphene OS.
Maybe they'll do it for different branding
reasons.
So it's not considered to be a second
flavor of Graphene OS,
but maybe their stock operating system
will incorporate a lot of Graphene OS
features and you could maybe consider it
similar to Graphene OS in that regard.
I don't know if that will happen or
not.
It's very unclear what the final product
will look like.
But I think that
we're pretty certain that there will
always be just the standard Graphene OS
that we're all familiar with right now
available across the board with this
device and with Pixels as long as Google
decides to support this and that the
experience shouldn't change.
So you'll always have just the standard
Graphene OS option no matter what Motorola
decides to do with the stock stuff on
their end.
You know, that just occurred to me,
this is totally off the cuff.
So maybe I'm being stupid here.
I wonder if this will in a way
pressure Google to, to maybe,
maybe not full on reverse course,
but maybe be a little kinder.
to custom operating systems.
I can't imagine it's a huge, huge...
I doubt like,
fifty percent of people that buy Pixels do
it to put graphene on their phone or
something,
but I have to imagine there is a
not insignificant portion of people,
and I wonder if this opening of
competition...
Because graphene is really the only one
that's pixel-only, right?
Kallax people can go to the Fairphone,
there's a couple of Motorolas,
lineage people can choose every device
ever made practically like but so I feel
like now that graphene has competent or
like you know what I mean like now
that there's other options I wonder if
that'll kind of make Google like hesitate
a little bit like oh maybe we should
not be quite so aggressive because we
might actually drive some people away I
don't know maybe maybe it's just me
dreaming but
true and kind of relatedly i brought this
up in some of the graphene os discussions
on our forum this week but i almost
wonder if this partnership with motorola
can maybe convince google to change their
policies around like google play
certification especially when it comes to
banking apps um i know people replied to
me saying like you know under under the
current
policies,
they'll never accept something like
graphene OS for a variety of reasons.
And that's certainly true.
But Google's policies,
especially when it comes to like Google
Play certification,
they're not like an inherent law of the
universe that's written in stone, right?
It's it's Google's.
It's up to Google's whims to decide what
they allow for Google Play or not.
And maybe
Maybe Motorola can be like and whisper in
Google's ear through some back channels
and get some changes made to the Google
Play policies and somehow get an exception
or a rule change or something for Graphene
OS that would get that approved.
I don't know if that'll happen.
It's I would agree.
It's probably extremely unlikely,
but it's probably the closest we've come
to it.
And if that's possible,
that would be that would be huge for
graph, you know,
because I know a huge issue that people
have is especially banking apps,
but other apps that
unnecessarily use google plays like safety
net api and other services that don't work
on uncertified products like graphene os
um so that could be that could be
a game changer if google decides to allow
like sandbox google play into that program
seems unlikely but you know you never know
i can always hope yeah for sure
We had another question early on.
Question for question time.
How do I choose a laptop?
Any suggestions?
Definitely going to be a Linux distro.
We do have a page about how to
pick your laptop hardware, don't we?
I can't remember off the top of my
head.
I'm going to check familiar,
but I feel like we could have had
an article about it.
I would say, I don't know,
it really depends on what you're looking
for.
Because there's so much there's such a
wide variety of hardware out there.
And thankfully, you know,
Linux will run on like all of that.
So you have a lot of options.
For me, it'd be like very challenging.
I think to use any of the Intel
and AMD stuff lately,
just because like power efficiency has
turned out to be a really big,
big thing for me.
It's nice to have like a laptop that
lasts all day.
And something like Asahi Linux on a Mac
is probably one of my favorite Linux
experiences.
But there are definitely limitations to
that.
So it's not something I could recommend to
anyone.
Everyone, certainly.
When it comes to other stuff, I know,
and it looks like Nate just pulled that
up,
we do have a general guide on choosing
hardware,
and there is a picking computer section.
So you could take a look at that
for some...
Advice,
there's a variety of things to look for,
like researching how easy it is to patch
the firmware on your computer from Linux,
because that is important for security
reasons,
or what kind of secure element they have
for encryption.
Typically,
all of these will come with that built
into the CPU,
so it's not a huge concern.
but yeah definitely like whatever provider
or whatever manufacturer you decide you
probably want to go with i would research
uh their track record with non-os stuff
like like firmware updates for example
that you might want to have on linux
because some of a lot of that will
come down to the specific manufacturer but
as far as specific brands of like what
laptops you can choose i don't have um
Any specific advice?
Unfortunately,
that would be a good question.
Like,
if you have a lot of specific
requirements,
or want to share more information about
that,
I think if you ask on our forum
at discuss dot privacy guides.net,
and can share a bit more about what
exactly you're looking for,
what's important to you in a laptop,
I think that the community would probably
be able to come up with a lot
of answers for you that you could
consider.
Yeah,
that was kind of my thought while you
were talking is like what I,
I feel like which Linux distro is going
to determine a lot and your,
your threat model and everything.
Right.
And somebody else here.
Um,
somebody else has price limit and then
shared a link to Nova custom, which, uh,
Yeah.
Nova Customs sent Henry from TechLore.
He was telling me he's put the video
out by now,
but they sent him a laptop that had
like ninety two gigs of RAM or something
and say this was way before the RAM
shortage.
And I was just like, bro,
what are you going to do with it
when you're done?
You want to give it to me?
But yeah,
it really depends because like I'm like
I'm a cubes user, for example.
Right.
And so if I'm going to buy a
laptop,
it has to meet very specific requirements
about the TPM and it has to have
an SSD and it has to have a
certain amount of RAM and
apparently also has to have a more modern
processor,
because older processors really slow it
down.
Versus if you're going to install
something like Ubuntu,
that'll run on anything,
which we don't recommend Ubuntu.
There are better distros out there.
But maybe you have a use case,
and for some reason,
that's the one you want to use.
Yeah,
I think I'm glad you mentioned the forum.
Like definitely if you post in the forum
and you're like, hey,
here's my threat model.
Here's my budget.
Here's kind of what my values are.
I'm sure people will give you all kinds
of every perspective you can imagine about
the pros and cons of everything out there.
So.
Moving on from that question, first name,
last name in our chat asked if there's
any statistics we can share about the
growth of the community or anything like
that.
I could pull up and take a look
at some of this really quick.
Unfortunately,
some of our platforms that we were using
for just tracking the amount of page views
and stuff that we get aren't fully working
right now.
But overall, for the past year,
Everything has been trending up by by
quite a bit.
If I look at our form, for example,
we typically averaged around like seven
hundred thousand page views a month to
pretty much over a million January one
point two million.
But every every month
That's on the form anyways,
and that excludes known crawlers and other
traffic.
So that's very good.
We've also seen the amount of people who
just log in every day and post often.
That has gone up quite a bit.
so yeah we don't have like a ton
of super detailed stats beyond that
because uh we don't track a lot of
that stuff but in terms of uh page
views um that's up and i could look
at like the number of members um that
we have uh who sign up for either
being a paid member and supporting our
work or just signing up for a newsletter
to get updates from our website about
either about the show or new articles or
videos that we publish.
And all of that is going up.
You can see like the total number of
people who signed up for those
notifications is up.
Seventeen percent from just last month.
So yeah,
everything is on an upswing and we hope
to consider putting out
even more content that people find super
useful in their privacy journeys.
And we hope that people will stick around
because I think we got a lot of
good stuff going on,
on our forum and in our communities that
make it just a great place to discuss
all of this stuff and hang out without
any kind of negativity across the board,
which I think is a really great thing.
The next comment actually came from that
same user.
They said,
a big story this week was the LLM
de-anonymization.
I did see that passed around a couple
times.
I was going to tell you to go
check out privacyguides.org slash news,
which I do still recommend.
But weirdly, I did not see that story.
We did not write about it.
Or maybe it's queued up and it hasn't
published yet.
Because I swear I thought I saw Freya
post that one in the news chat.
Yeah.
I'm actually looking here at the... Oh,
no, we haven't written about that one.
Crazy.
We need to write about that one.
But yeah, another...
I would say as far as,
I know we keep pushing the forum,
but even if you don't want to sign
up for it and you don't want to
participate, the forum works with the RSS.
So I actually,
long before I came to work for Privacy
Guides,
I have the news section of the forum
in my RSS feed just kind of as
a safety net in case there's any articles
that don't show up in my usual news
feed.
If somebody posts about it on the forum,
I will get it in my RSS feed
and I'll be able to
to go ahead and see that.
So I think that one probably got posted
because I've seen it in a few different
places.
But I mean, if nobody did,
then you can go and post it and
be that person.
So yeah, that was a big story.
Jonah said earlier in the show,
like there's so many stories,
it's hard to...
kind of pick, like, I'm not kidding.
Every week we end up with like seven
stories and we're like,
we have to trim this down or this
is going to be like a ten hour
podcast.
So it's really hard.
Yeah,
it's really hard to pick which stories to
prioritize.
And, you know, I'll be honest,
like even even me,
sometimes when I'm editing the clips over
the weekend, I'm like, man, you know,
I kind of wish we'd talked about this
other story.
Um, so like it,
it happens sometimes it's hard to
prioritize them.
There's a lot of stories out there.
So, um, definitely find reliable sources,
whether that's the forum,
whether that's privacyguides.org slash
news, um, or a trusted outlet.
Um, we don't cover it all.
We try to bring you,
we try to bring you the,
the big important ones.
Um, yeah.
And I'll also say on this show,
like the stories that we can, um,
that we can discuss and have, have,
Good things to add to and probably that
people have questions about that we can
answer on the live stream.
We're certainly aware that like we don't
cover a ton of stories.
I know there's other shows that people
might find similar to this one that really
are more news focused and kind of cover
every single headline throughout the week.
And we explicitly haven't been doing that.
But we know that people want to stay
up to date with that stuff.
So we are thinking about like more ways
that we can get
um just headlines in front of people and
get that content shared even if we don't
discuss it here on the show whether that's
through like privacyguys.org news or from
uh from other from other things that we
are thinking about working on that we can
maybe see if people are interested in soon
um so yeah
Yeah,
I was just going to add on to
that real quick.
Even back when I was at Surveillance
Report, where we regularly covered like,
thirty to forty stories a week,
there were still times that I was just
like, man, we missed this story.
We should have covered this story.
It is so hard to pick which stories
are the most important ones that people
are going to resonate with.
Going back to community statistics really
quick,
Jordan just shared that we just hit nine
thousand subscribers on YouTube.
So that's cool.
Over fourteen hundred of those subscribers
are just in the last month.
So that's definitely growing quite a bit.
So, yeah.
And of course,
we're constantly getting new followers,
whether it's on PeerTube or Mastodon or
other social media platforms, too.
So all of those
numbers are up as well and continue to
grow.
So I'm very happy that more people are
becoming interested in all of the topics
that we're talking about here because I
think it's important.
Yeah, for sure.
We got a quick question from Twitter.
Do you guys see MixNet and data type
traffic,
like the Molad data type traffic
obfuscation tools becoming popular now
that countries are coming for VPNs more
and more?
And then follow up,
do you think these tools should be in
more threat models?
I don't know much about MixNet.
I know data...
I think data was designed... I mean,
it's in the name.
Data was designed more to combat AI
traffic correlation as opposed to
censorship.
Personally,
I would like to see something like that
become more common just with the rise of
AI.
Earlier,
we talked about how historically defense
contractors had a struggle with...
having too much data and not knowing how
to parse through it.
And for better or worse,
I think that is coming to an end
with AI,
which is why I brought out the danger
of trusting AI implicitly,
that AI just says, well,
here's all this traffic correlation,
so he's guilty.
And if nobody's double-checking that,
things are going to get real bad real
quick.
I mean, yeah.
But I think...
I think if the last I heard the,
the UK was very heavily favoring, uh,
regulating VPNs.
And I think if that happens,
we're definitely going to see a spike in
censorship obfuscation and resistance
tools for sure.
Um, but that's just my two cents.
No, for sure.
The tricky thing with all of this,
with all the tools like that,
is that they typically are easy to detect,
like, just from your ISP standpoint.
So, well, similar to a VPN, like...
It's challenging to see what you're doing
with those connections and even more
challenging with something like Tor or
other mixnets because there isn't a single
VPN provider that legal authorities can go
after.
Hiding what you're doing,
hiding just the fact that you're trying to
maintain your privacy and trying to
protect your security and your data on the
internet,
hiding the fact that you want to do
all of that in general from your ISP
is a very challenging thing to do.
And again,
similar to like what I talked about in
earlier in the show,
I think it's just incredibly important to
remember that like,
This isn't only a technical issue that can
be solved with something like Mixnets.
It's really a case where people need to
demand from their governments and from
politicians that the right to maintain
your security online and the right to
maintain your privacy when you're browsing
the web and avoid trackers and all of
this stuff
That is something that needs to be
enshrined in law and upheld by these
institutions.
It's not something that technical people
are going to be able to just thwart
forever if the governments are really
going after this super hard.
And so it's very challenging, I think,
in a lot of places.
And if you're in a particularly oppressive
regime,
you don't have a lot of options and
you kind of just have to
go with what works,
but we're seeing all of these laws like
age verification and other privacy
invasive things, proposed VPN bans,
et cetera,
happening in countries that are supposedly
very democratic and should give you a lot
of control.
And these are wildly unpopular ideas,
especially when people fully understand
what these laws are asking for.
I think people need to recognize that you
actually do have a lot of power if
you don't want these laws to be passed
and you need to demand more heavily of
your own government that this sort of law
is completely unacceptable.
That is the solution that we have to
do in a democracy at the end of
the day.
And more people need to take up the
mantle on that.
Yeah,
I don't have much to add to that.
I did one quick follow-up.
I think this is probably our last question
here.
But first name, last name,
that asked the laptop question earlier.
They said they were thinking about Cubes.
Yeah,
somebody else mentioned the HSI score.
Cubes does have,
it should be fairly easy to find if
you,
I think if you just go to their
documentation,
it's like one of the first topics.
They have a really good documentation for
Cubes.
They have a list of all the different
laptops they've tested,
whether or not they're compatible,
which ones are.
They'll even tell you which components.
The graphics card drivers don't work,
but the CPU works.
It gets pretty granular,
and you can look up whatever specific
laptop you're thinking about getting or
desktop or whatever.
And they'll tell you if it's compatible.
They'll also tell you if it's been tested
or not.
Like, yes,
one of our team members bought this and
confirmed it.
It works.
Yes, it works.
But there's caveats or like, no,
it doesn't work or like it should work,
but we haven't tested it.
It's really good.
So I would definitely start there for
sure.
So.
Not a question,
but anonymous to at five so that ends
new activism project is going to be a
read for the weekend.
Absolutely.
I think this is an incredible resource,
especially if you are interested in some
of the stuff I was just talking about
being an activist or an advocate for
privacy rights in your area.
area,
or starting a local organization like EFF
Austin, for example,
where we're going to be next week.
But organizing groups like that,
I think a lot of the resources that
Em has published at privacyguides.org
slash activism are super useful.
And even if you're not sure if
you are a privacy activist or you're not
super into that.
I think a lot of it is very
good advice.
If you are interested in any of these
topics that it's definitely worth a read.
So yeah, totally check it out.
Yep.
Yeah, I saw that comment too.
Thank you.
We're super excited about it back here as
I'm sure you guys can tell.
So
But I think that's all we've got,
actually.
So I guess we'll go ahead and call
it here.
All right.
Well,
all of the updates from This Week in
Privacy,
we share them on our website on the
blog every week.
So you can sign up for the newsletter
or you can subscribe with your favorite
RSS reader if you want to stay tuned
and get links to all of the stuff
that we talked about.
in the show.
For people who prefer an audio version of
this,
we do put the audio version of this
recording on all podcast platforms and
RSS.
We also sync the video recording of this
to PureTube after the fact,
so you can find this video later without
having to go to YouTube if you don't
want to.
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
then you can make a donation on our
website at privacyguides.org slash donate.
You can contribute using standard fiat
currency via debit or credit card,
or you can opt to anonymously using
Monero,
or you can donate with your favorite
cryptocurrency, whatever that may be.
Becoming a paid member can unlock
exclusive perks like early access to video
content that we publish on our channel,
and priority during the live stream Q&A.
You'll also get a cool badge on your
profile in the Privacy Guides form and the
warm,
fuzzy feeling of supporting independent
media.
Thank you all for watching,
and we will see you next week live
from Austin, Texas.
Very exciting.
See you, everyone.
