GrapheneOS is Taking Accessibility Seriously!
Graphene OS has released an in-house
text-to-speech software,
California is exempting Linux from age
verification laws,
and some major new research in both
privacy and cybersecurity.
All this and more coming up on This
Week in Privacy, so stay tuned.
Welcome back to This Week in Privacy,
our weekly series where we discuss the
latest updates with what we're working on
within the Privacy Guides community and
this week's top stories in data privacy
and cybersecurity.
I am Nate.
Glad to be back.
And with me this week is Jordan.
How have you been, Jordan?
Oh, you're muted.
Good.
Yes.
Thank you.
Let's comment to dive into some of the
stories this week.
All right, yeah, there's, oh man,
there were so many stories this week,
so many big stories,
but we picked a handful of the ones
we feel are the most important,
and we're gonna go ahead and dive into
those,
starting with the initial release of
Graphene OS speech services for
text-to-speech.
So this is kind of what it says
on the tin.
You know, to be totally honest,
it's very straightforward,
but it's still really exciting and pretty
big.
I don't personally I'm subscribed to an
RSS feed where I'm subscribed to a lot
of the major projects in the privacy
community.
So like
I think I'm subscribed to the blog for
Signal, Debian, Fedora,
a bunch of projects.
And Graphene is one of them.
But I kind of only get their releases,
I think, on GitHub or something.
So I don't know if this is something
they announced they've been working on for
a while or not.
But to me,
it kind of came out of nowhere.
And, um, it's pretty cool.
So it, uh, again,
it is what it sounds like.
It's if, if you have, well, I mean,
any phone really, um, you know,
when it talks to you,
like if you're using a navigation app or
you're using a Duolingo or, um,
trying to think what else, uh,
maybe like a screen reader.
Um, a lot of these apps do not,
as far as I know, don't come, uh,
like built in with their own voice
library.
Um,
they rely on the phone's text to speech
ability and, uh,
For those of you who have ever used
a custom OS,
you may have realized that
A lot of the custom OSs do not
come with a built-in text-to-speech
library.
And up until now,
I believe I saw in the comments on
this thread that Sherpa is a really
popular one.
I've never heard of that.
I hate to admit,
I historically have relied on just the
Google text-to-speech.
I've went and downloaded that from the
Play Store,
which is probably not great for privacy.
I honestly,
it didn't even occur to me that there
was a...
I think I did a search in F-Droid
and I didn't find anything,
and that's why I did that.
But...
Might check out Sherpa now.
I don't know.
But this is really cool because Graphene
now has their own that they're offering.
It is currently only available for US
English.
And if you're in another language,
you basically have to go and manually
change that.
It says here in this announcement that
once it's bundled with the OS,
it will be enabled by default.
So activating it won't be necessary.
According to the changelog,
that just happened, I think,
on the twenty fourth.
So like earlier this week.
So if you are a Graphian user and
you are on the latest version or you're
about to install it,
this should be enabled by default.
If for some reason you are not on
the latest version,
the Android UI for this is super,
super confusing because...
Let's say you go ahead and download this.
Let's say you're on an old version.
You download it and you go to settings
and you go to system and you go
to language and region.
It says all this right here, speech,
text to speech output, preferred engine.
It'll show it there.
And it looks like it's enabled.
So it's really confusing because you're
like, yeah, it's there.
It's on.
Why isn't it working?
But again, it's bad UI.
You have to actually click on it and
select it as if it wasn't there.
It's a horrible UI.
And that's not graphene for the record.
That's just Android.
That's Google.
That's all on them.
It's terrible,
but thankfully it's bundled by default.
So now you won't even have to think
about it and it'll work.
They say that this was built from a
fully open source model for text to
speech,
which they created themselves using
existing open source code and data.
And they actually,
I guess they just recently got like a
better, I think that's a GPU and RTX,
so now they can continue to improve it
and they can build these models faster and
stuff like that.
They said that they will most likely be
doing German and French next.
because they believe those are their next
biggest user bases.
And they said UK English would likely be
much easier to add because of the shared
code and data.
So pretty interesting stuff.
And what I thought was exciting was they
said they also plan to make their own
speech-to-text implementation so you can
talk to the phone, again,
for things like Duolingo or not so much
voice notes, but I think dictation.
You can say what your text messages are
and stuff like that.
They said that if they do more languages,
they might add the language as an optional
download in the App Store,
the Graphene App Store,
just because that would be a lot of
stuff to download.
And I get it.
Let's say they get a lot of community
support and they're able to pump out
German and French and Finnish and Chinese
and all these other languages.
I personally would have no need for those.
So I really appreciate them trying to keep
the model pretty light.
But yeah, I think that's kind of the...
The core of this announcement,
the only thing I did not see anywhere,
I don't believe it's...
Because sometimes Graphene will make some
of their apps available publicly,
like their camera and their PDF reader.
You can go download those from the Play
Store right now.
But I did not see any indication that
they're going to be doing that for this.
I don't know if that's something they're
planning to do or not, but...
I didn't see anything about that.
So those are kind of the facts of
the story.
I'll turn it over to Jordan first.
I don't know if I have a whole
lot of analysis or opinions,
but so Jordan,
did you have any thoughts on this one?
I mean,
I just think this is a good step
in the right direction, right?
Like we should be having
this feature built in by default.
I think accessibility gets put on the back
burner a bit.
I think most people when they think of
text-to-speech, this is mainly used...
The thing that came to mind for me
personally was navigation apps.
You probably want
Because I don't know,
it depends on where you live, I guess.
But generally looking at a phone while
you're driving is legal.
So you probably don't want to do that.
So like having someone read out
instructions is kind of important, right?
Like that's a basic function that I think
a lot of people would
would want right and that's something that
has originally it was done through
Google's speech synthesis um model which
you know that's another problem you have
to download that from Google you probably
don't want to have to do that if
you can avoid it right so um I
think this is just another addition though
that Graphene OS has been doing where
they've been building out stuff
specifically for like
like as a replacement for Google's tools,
right?
Like we saw how they've got, you know,
they proxy a lot of requests that are
made on the operating system,
stuff like that.
It's just another additional thing where
we're not relying on Google for their
software because, you know,
like we saw
we've been seeing, I guess,
is that Google is kind of being a
bit restrictive with their whole
ecosystem.
The future of Graphene OS on Google Pixels
is a little bit up in the air.
There's a possibility that it may not
continue in the future or it might have
issues because
Google wants to lock things down and limit
access right so I think this is good
from that perspective and also for people
that are you know low vision or no
vision you know like some people use their
phone like specifically in uh in Android
there's this option for talkback
which basically allows you to navigate
your phone without having to look at the
screen, right?
So I think this is also going to
be kind of big because I think,
you know, here at Privacy Guides,
we really kind of push this a lot,
but like privacy should be accessible to
anyone, especially, you know,
people that shouldn't be excluding people
based on,
silly things like that, right?
I think this is just a step in
the right direction on that aspect from an
accessibility point of view as well.
Like for people that...
I think having this added by default is
going to make it a lot easier, right?
Because before you would have to go
through, log into the Google Play Store,
download this thing.
It's like you can't expect someone to be
able to do that.
So I think this is pretty cool.
It's a good addition.
I personally found that...
This wasn't enabled for me by default.
I had to go and download it on
the GrapheneOS app store and then follow
the instructions in the GrapheneOS forum
to actually enable this.
So I would probably look at that if
you're interested in using this.
Another thing is it's...
I think they definitely are going to be
working on the sound of this a little
bit.
I'll just play some example audio clips
right now so you can hear kind of
what it sounds like,
because I'm sure some of you probably are
wondering that.
Here's just a test from Organic Maps.
If you know a software developer,
you can ask him or her to implement
a feature that you need.
Our main goal is to build fast,
privacy focused,
easy to use maps that you will love.
So, I mean, I think it sounds fine.
You can understand what it's saying,
right?
But I think it's definitely a very
early...
I think it definitely doesn't sound as
good as what Google offers, right?
Which kind of makes sense.
They're a massive trillion-dollar
corporation.
But I think it does what it says
on the tin.
So, I mean,
I think that's just good in that respect.
But yeah,
it wasn't enabled by default if you
already have the operating system
installed.
But I think like Nate said,
it'll be enabled by default and selected
on new installations possibly.
So I would follow the instructions if
you're interested in getting that
installed.
So just to clarify,
you're saying that when you updated to the
latest release,
like you already had graphene,
you updated to the new release and it
still wasn't enabled by default for you as
a pre-existing user?
So I had to go into the GrapheneOS
app store and download this package.
So the GrapheneOS speech synthesis
package,
and then I was able to enable it
in the settings.
Okay, okay.
So yeah, so okay,
I guess if you're an existing user,
you have to go grab it via the
instructions here on this post,
which are in the show notes.
We link directly to this post,
but if you are moving to Graphene for
the first time,
it should all be bundled with,
which is pretty cool.
Yeah,
there were a couple things you said that
I wanted to add to.
Number one,
you did mention the Google one, and...
One thing I forgot to mention is the
Google one, in my experience,
doesn't always work offline because I know
that's kind of like that was my first
thought when I was like, OK, well,
I'll download the Google speech synthesis
and then I'll just use the firewall to
just cut off access.
And for some reason,
some people said they've done that
successfully.
For me, that didn't work.
It like needed an Internet connection.
But yeah,
so it is really that is one reason
it's really cool to have this like private
alternative platform.
It is if you're one of those people
that it's not working for you to just
firewall Google.
And yeah,
I also just want to back up what
you're saying about accessibility is I
feel like and, you know,
I I have good vision as long as
I have my glasses on.
So so I could be wrong here,
but I feel like open source has done
a.
mostly OK job,
at least some of the bigger services like
Mastodon.
People are really sticklers,
in a good way,
for making sure that you alt text your
pictures and stuff like that.
And I know even Loops,
when I upload Loops,
there's an option to add a description of
the video.
And so I feel like some privacy or
some open source has done a really good
job of being accessible for visually
impaired people.
But overall,
I do agree that there's a lot of
work to go still in terms of having
a good, smooth voice sound.
Which again, yeah,
considering we're competing against a
company that probably built their voice
synthesizer by just stealing everybody's
voice all the time.
I think the graphene one sounds pretty
good for what it is.
But definitely, I think...
I've been trying to think...
I would like to write some blog posts
about this topic,
but I'm trying to think of how to
put it into words.
I know like...
You know, my wife, I'm very open,
has like severe ADHD and that's something
she struggles with is the UI.
Like for someone like me,
it's just kind of like, yeah, you know,
it's not that pretty, but it works.
But for someone like her, like that,
it fails to grab her.
And it's like,
it's grating to use.
It's like nails on a chalkboard for her
because of her ADHD,
or they're missing things.
Like she hasn't switched a proton calendar
yet because it doesn't have tasks like,
like Google does.
And like, she needs those,
like she lives by a to-do list.
And so, yeah, I think in general,
open source has a lot of room for
improvement on accessibility.
And it's really cool to see people taking
a step forward,
not trying to get on anybody's case,
just pointing that out.
So.
Yeah.
If that's all we have,
you have any more to add to that
one?
Ah, no, not really.
I guess we can jump onto the next
one here.
So this next topic is about researchers
issuing a warning about tech that could
turn every router into a potential means
for surveillance.
So here's this article here from Gizmodo.
Um,
so basically researchers warned that a new
method of detecting people through wifi
signals poses a serious privacy risk.
So basically they did a study, um,
And they focused a little bit on beam
forming feedback information.
So I guess for people that don't know
what beam forming is,
basically it allows routers to direct
signals towards devices more efficiently.
And there's like,
that's like an unencrypted connection that
is made basically.
And that feedback that is received by the
router can be accessed.
So that is kind of what this research
paper is talking about here.
So according to the study's press release,
once a machine learning model has been
trained,
identifying someone takes only a few
seconds.
So they can identify people based on their
feedback that their device basically makes
to a router, which is, I guess,
kind of makes sense, right?
Because, you know,
That would be, I mean,
I think this is interesting,
but I'm not sure how likely this would
be in practice.
But it says, during the study,
researchers collected Wi-Fi signal
recordings from nearly two hundred
participants as they walked through a
Wi-Fi field using different walking
styles.
The data was recorded from four different
perspectives using both the BFI method and
another
older wi-fi sensing approach relying on
channel state information basically
channel state information is basically how
a radio signal changes as it travels
through a room that's what the article
says here so the old csi method was
able to identify individuals based on
their normal walking style at eighty two
point four percent accuracy
Basically,
they're saying that this technology where
they can analyze the feedback from
people's devices using the beamforming
basically enables them to identify that
device as being there.
So that could be used to track your
location or track where you've been,
basically.
I'm not really sure what the...
what the fix for this would be.
I guess like there would have to be
an update to Wi-Fi standards to basically
overhaul and replace beamforming
technology completely.
But I think also the other technique that
they mentioned in this article is also
kind of
still applicable in that method as well so
I don't know it's kind of it's kind
of concerning but I think this is
basically you know if your device is
making or connecting to like any sort of
radio signal it's kind of able to be
tracked I think this is kind of a
a normal thing that we should be
acknowledging as possible like we talked
about this a little bit last week or
the
cellular technology, for example, like,
you know, that's the same thing, right?
You're connecting to towers, radio towers,
like cellular towers.
So, you know,
whenever you're making connections like
that,
the information can be intercepted or like
tracked, right?
So, I mean, I think this is
I guess this is kind of obvious to
me so I'm not sure if this is
like it feels like it's a little bit
scaremongering this article um like your
device makes wi-fi signals that can be
tracked like I don't know that seems kind
of obvious to me but um yeah do
you have any thoughts on this one Nate
that you wanted to add I feel like
I'm not seeing this this is that much
of a concern but
No, yeah.
So I think one of the reasons we
picked this article this week is because
it did make the rounds.
A lot of people were sharing it.
I did see some people had very similar
takes to you where it's like, yeah,
this is – like is this genuine research
or is this just kind of fear-mongering?
And I think it's a little bit of
both because like I didn't really pay much
attention to this article when I first saw
the headline because I'm the same as you.
We covered a story exactly like this I
think two or three times back at
Surveillance Report when I was on there.
But I think –
From what I understand,
this is kind of like the next evolution.
You know,
we talked again back on surveillance where
we talked about how like at least the
first time I remember seeing this,
which I think somebody said in like
because I found this article through Bruce
Schneier and somebody in his comments were
like, yeah,
they've been able to do this for decades.
Like there's proof of concepts going all
the way back to I think he said
the nineties.
And
I think when, again,
when I first heard of a story similar
to this a few years ago,
it was kind of like, Whoa, that's crazy.
And then we heard about it again,
like a couple of years later and it's
like, Oh, this again.
And I think what it is is it's,
it's just getting better every single
time.
And, um,
I think that's what makes it concerning.
Cause yeah, basically the idea is, uh,
for those who don't know radio waves of
any kind, um,
when they pass through something that
changes, it's like sound waves or light.
If you've ever seen,
like as a school experiment or you've seen
the, I wanna say animation,
but that's not the right word,
the examples,
the graphics of like light hits water and
then it bends, right?
Like anytime something passes through a
medium, it's going to change.
ask me how I know this is a
sound guy who works with wireless
equipment.
Um,
one of the most annoying things people can
do that they still do.
And I get it is in a big
room,
they'll take their little wireless
microphone pack that like clips on here
and they'll stick it behind them.
And it's just like, cool.
So now the antenna has to pass through
your body,
which is a giant bag of salt from
an RF perspective.
And you've just dampened my signal signal
significantly because of that.
And, um,
so it's the same thing with wifi.
It's the same, it's a radio wave.
It's the same thing.
And as it passes through a person or
drywall or, uh,
a couch or a cat or whatever it
changes how the signal moves and so
basically they're just getting better and
better at detecting those changes to the
point where now not only can they say
like oh there's a couch and a cat
sleeping on it and someone in the room
they can be like i know who's in
that room and which cat is in that
room and i i think that's
A little bit scary.
But that said, you're right.
Like the researchers did say that they
have not seen any evidence of this being
used in the wild.
The article really didn't give a lot of
detail.
They just said that researchers are urging
the I, I think they call that IEEE,
the organization that sets industry
standards to include stronger privacy
safeguards in the upcoming eight or two
dot eleven BF standard,
which is meant to standardize Wi-Fi
sensing applications.
So they didn't really go into detail,
but it sounds like there are
some changes that could be made to,
to at very least mitigate this.
And hopefully those will get made,
but yeah, I think it's,
it's I don't know.
I find research like this really
interesting because it's, it's kind of a,
it's like a balance, right?
Because I think this is the kind of
stuff that if we're not careful,
this can turn into paranoia.
Like your wifi signals can track you and
this could track you.
And hypothetically,
we're gonna talk a little bit later about
a story where like your hard drive could
be used to track you.
Like there's so many ways to track you,
But it's also a question of, like,
is this actually happening?
We have no evidence that this is
happening.
The article didn't really specify, like,
do you have to be local?
Like,
they mentioned that beamforming is
unencrypted.
So, okay,
does that mean you have to be my
next-door neighbor who's hacked into my
Wi-Fi and you're doing this?
Or does that mean that, like,
my ISP on the other end of the
connection could be doing this?
It's not really clear, but...
Yeah,
I think it's just I think I like
covering stories like this just to kind of
make sure people are aware, I guess.
I don't know if it's a huge threat,
but it's definitely interesting to know
that these kinds of things are possible
and hopefully fix them before they do
become widespread,
commonly abused tactics.
I think one interesting thing that you
brought up there was like, you know.
the radio wave stuff.
Like I feel like we almost might have
seen this before, right?
Like we saw lots of stores implementing
Bluetooth beacons to sense like Bluetooth
is the same thing.
It's a radio, right?
Like it's radio waves.
So like, you know,
I can imagine that this would be used
by stores to track customers or to track
activity within a store, right?
This could be used for something like that
too, right?
I don't think so because the Bluetooth
thing is based on someone correct me if
I'm wrong, but as I understand it,
the Bluetooth thing is based on the idea
that like your phone.
So most people.
myself included, I hate to admit,
when I go into a store,
I have my, this is a pine time,
but I have my watch and I have
Bluetooth turned on,
connected to my phone,
mostly because sometimes I won't hear it
ring.
Like sometimes I have my headphones in and
I'll listen to podcasts while I go,
sometimes I won't.
And if I don't have my headphones in
and my wife texts me like, oh, hey,
I just remembered to grab milk or
whatever, I won't hear my phone.
But then if my watch buzzes and I
look down and it says new signal message,
Um, but anyways,
the reason I bring that up is,
you know, I've got my phone connected.
And so my phone is,
and my watch both are broadcasting
Bluetooth signals and, um,
stores will like,
every time you go into the store,
I think they,
they basically record your device and
they,
they track it as you walk around because
it's broadcasting.
It's not really so much like the RF,
like physically tracking you.
It's that they recognize your device.
It's like a type of fingerprint,
which I think is why, um,
a lot of like apple and android both
i think or maybe it's just like graphene
does it but i know like apple will
randomize i think they randomize the mac
bluetooth address i know they do it with
wi-fi but um they're they're basically
trying to fight that a little bit so
that way you don't have the same bluetooth
address every time you walk into the store
and they can't track you as easily but
i think that's the i think that's how
the bluetooth thing works um uh so okay
terracotta has an interesting point here i
feel like at this point scientists should
hold back from any research that's
potentially harmful to privacy i don't
know i appreciate this research in the
sense that they're like trying to get it
fixed you know like i said at the
end they're they're trying to get the ieee
to fix it and it goes both ways
right because there's um like i don't
I do and I don't agree with you
because, yeah, on the one hand,
it could be,
it's almost like a disclosure, right?
Like when you publish a vulnerability,
now all the cyber criminals are going to
use it.
But also like if we publish it,
then maybe people will know it's out there
and we could like try to get it
fixed.
So I don't know.
I feel like that's a,
that one has pros and cons that go
both ways in my opinion.
I think also it kind of sucks.
I feel like the Wi-Fi ecosystem is...
They said that they might introduce a fix
in Wi-Fi BF or whatever that...
I think Wi-Fi eight or...
Yeah.
So I feel like that's another issue with
Wi-Fi is like some people I know,
they're still using like eight or two to
eleven B or like some like ancient like
Wi-Fi access points and stuff like that.
So it's like, you know,
I think it's probably not going to be
something that's going to be fixed very
quickly because I feel like most people
that are using Wi-Fi six,
even Wi-Fi six or Wi-Fi seven or Wi-Fi
six E they're like on the cutting edge.
I feel like most people still haven't
upgraded because there's not really that
much of a need.
I guess maybe if you live in a
country where there's actually fast
internet, maybe, but I don't know.
That's another problem.
No,
I totally agree because I'm in the same
boat.
I've had my same router for, God, like,
ten years now, I think,
or close to it.
And, yeah, like, why would I upgrade?
Like, the speeds are fine.
You know, maybe – I mean,
maybe I need to upgrade to a better
plan for my ISP, but the router works.
It covers the whole home.
If I got a bigger home,
then I could just, like – you know,
most people would resort to, like,
repeaters or, like,
a mesh network at that point instead of
just, like, buying a bigger router.
So –
Yeah,
I feel like routers are one of those
things that you kind of only replace when
they like break break.
So I don't know if that's necessarily good
or bad, but I agree with you.
I think it's something that a lot of
people just don't replace very often.
And so if you have an old router
that is not compatible with this new BF
standard,
then you might be vulnerable to this for
a while.
But again,
I hate when the articles don't mention
like how possible is this?
Again, is this something that like,
I need the KGB agent surveilling me next
door in secret,
or is this something that can be done
remotely?
I don't know.
I'm going to read the paper.
I'm going to see if I can find
out.
I mean, I don't know.
I was convinced that you don't actually
have to connect to a Wi-Fi network to
actually cause it to...
to be able to sense someone, right?
I think it's just walking within a Wi-Fi
connection, I believe.
But definitely double check that because I
didn't read the paper.
Right.
But I think the thing is that somebody
has to be listening.
It's a tree falls in the forest kind
of situation, right?
Any beamforming network is capable of
this,
but somebody has to be listening for it
in order for it to work, I think.
At least that's how I read it.
I don't know.
Yeah, exactly.
Yeah.
I might keep that tab open and read
it later.
Cool.
Sounds good.
I guess, I mean,
that's everything I had to add on that.
Do you have anything more that you thought
we should cover on that one?
I don't think so.
So on that note,
I think it is time to move on
to site updates.
We will be talking in a little bit
about some new developments from FDroid
and Tor about funding and digital freedom,
some really exciting stuff there.
But first, yeah,
let's talk about what we've been working
on this week.
So it's another one of those weeks where
we've been doing stuff behind the scenes.
I know it hasn't been a super big...
publicly forward-facing,
but we have a new video coming up
that I think should be ready pretty soon,
diving into NIST's updated password
advice.
So historically, you know,
the password advice has always been...
you know, long password, uppercase,
lowercase, letters, random,
all that fun stuff.
But now a lot of people know that
NIST's new guideline is that your
password,
you should focus more on length and
complexity doesn't matter so much.
So we put out a video explaining,
first of all,
like where did this complexity advice come
from?
How does it even work?
And then on top of it,
we talked about the new advice.
And like,
how does it relate to the old device?
How is it better?
Is it better?
So yeah, I'm excited for that one.
I have not seen the edit yet.
I know Jordan's been working hard on that.
But
I'm proud of the script.
I think we did a good one there.
And then after that,
I am in the middle of working on
a new tutorial tackling the recent Plex
price change.
And I think you guys will like that
one.
yeah um there's so many different
directions you can go one thing i like
about this job is that i have a
lot of creative freedom um but sometimes
that makes it hard for me to know
the best path to take so uh but
that one's coming along i think it should
be ready to send to jordan here in
the next few days so that's kind of
everything that's been going on in the
video side
Cool.
I'm excited to see how the Plex video
turns out.
I'm kind of interested to hear thoughts,
actually,
because maybe we can dive into that a
bit later,
because I think that would be an
interesting topic to talk about.
But yeah,
just to keep things on track here,
I guess I can dive into some of
the site updates this week.
I've kind of been following a lot of
this stuff, but just for...
Clarity,
this has all been Jonah's work here.
Basically,
there's been a new project that we're
working on at the moment,
and that is a Android app verifier
database.
If you've been following along and you're
quite into the custom Android space,
you'll know that
A lot of times it can feel like
downloading apps off GitHub and other
places like that.
It's hard to know if
app is safe or if it actually does
come from the developer itself or if
you're downloading the right thing and
originally the way to kind of check that
was if the developer offered a app
certificate hash which you could compare
to the one that you download so to
basically verify that the app you
downloaded is the one that the developer
actually created so that was
kind of only limited to very specific
developers who actually made that
information public,
which was kind of frustrating, right?
Because there'd be a bunch of apps that
you're not sure if their authenticity is
actually verified or not.
So we're kind of working on,
and when I say we,
I mean mostly Jonah,
but there's this GitHub repository that
we've basically opened up to the
community,
which
allows people to submit their app
certificate hashes.
And it basically, through GitHub Actions,
it'll verify whether someone's submission
is associated with currently known
applications, like on FDroid,
on Google Play, or a direct GitHub link.
And that basically gets processed by
someone on the team and
added to this database.
Basically,
the goal is to have a database of
apps that have app certificate hashes to
basically make sure that you are actually
running the apps that the developers have
actually created.
It's to avoid inauthentic apps.
I think this is actually a lot more
important when we talk about custom
Android.
I think this is less important if you're
just downloading everything from the
Google Play Store because it's a trusted
place to download apps.
Trusted,
I say in very large quotation marks
because it's often filled with malware and
all that stuff.
But you at least know that if you
click on something and download it,
it's definitely going to be from the
actual developer.
Although, you know, asterisks, as usual,
there's apps that are trying to bypass
that and all that.
But it's a lot safer to do things
through Google Play.
But obviously,
there's the issue with Google Play is it's
not very privacy respecting because you
have to have a Google account,
download apps from there.
And a lot of apps...
don't meet the requirements for the Google
Play Store.
So basically,
I hope I've kind of summarized things well
enough here,
but
There is also,
this is all like pre-production stuff.
So I wouldn't go out and use this
right now.
I think it's good to get people from
the community to contribute to this
project because I think it's good to have
this resource.
Jonah also just recently,
he put together a, basically a website,
which you can like search and check to
see if, you know,
if the apps that you've downloaded,
you can compare the hashes.
So if you want to check that out,
I've just put it in the chat here.
But it's definitely an interesting new
project that we're working on.
So definitely keep an eye on that.
I think it's also
project that we want to keep working on
at this at this point though uh you
know we're still kind of early in the
process of developing it and there was
someone that was working on an app
verifier app which would basically allow
you to check your installed apps and uh
check to see whether the hashes match our
database um so you know it's
It's...
that was an unofficial project by someone
else and at this point we don't have
any plans on maintaining any Android app.
like that so we can't really promise
anything on that aspect it would be nice
I personally would like that but I think
it also is a lot more effort on
our end and we're already like quite a
small team and we're just trying to
provide the best resources for people and
I think even if this is uh done
through a website at this point I think
it's still very useful and very uh uh
very
good you know community project that we
can all contribute to I personally already
contributed a couple apps it's really easy
to do that if you just download the
app verifier app you can get that on
a crescent or you can download that on
github you can basically get the hashes of
your apps and submit a an issue which
will you know
line it up to be added to the
database.
I would definitely recommend checking that
out if you're interested in contributing.
We've already had so many submissions from
people in our community.
So thank you so much to anyone who's
been contributing on that.
It's been really awesome to see just how
enthusiastic people are about this new
project.
And like, I mean, enthusiastic.
Like we've had like probably over three
hundred.
Let's over four hundred.
Yeah.
Between open and closed.
We've closed three hundred and nine,
but there's one hundred and two still
open.
They need review.
yeah so that is really awesome uh and
that's only you know that's only popular
apps so if you've got apps that are
less popular i think that could be a
good addition to the database as well um
but yeah i'm just really excited for that
project i think that was a really uh
really awesome idea so uh what else have
we got here so
there is a lot of information there kind
of i just info dumped super hard so
definitely just check out on the forum on
discuss.privacyguides.net definitely check
that out um there was also some uh
news as usual we have news stories that
freya and uh nate usually work on so
if you check out privacy this week
Ah, all free this week.
But yeah, sometimes Nate, if he has time,
it just, you know, we're busy.
We're busy.
We've got a lot of stuff we're working
on.
But I did notice Nate did put together
a data breach roundup as usual.
So if you want to look at that,
that's definitely another thing to check
out.
Some posts by Freya.
One here about...
Google Family Link,
allowing people to get locked out of their
accounts.
Signal macOS desktop app,
not actually deleting messages when it
should.
And yeah, as I said before,
the Data Breach Roundup,
some big stories in there,
actually quite a lot this week.
So definitely check that out if you're
interested.
And okay,
I think that's everything this week in
terms of site updates.
But yeah, I guess I can...
kind of plug stuff a little bit here.
Basically all of this is made possible by
our supporters.
You can sign up for a membership or
donate at privacyguides.org,
or you can even pick up some really
cool swag at shop.privacyguides.org.
I recently got some from the store and
I will say I've got one of the,
I'm wearing one of the hoodies right now
and it's really high quality.
It's actually probably one of the best
hoodies that I own.
So I'm not trying to shill too hard,
but it definitely is.
High quality.
So definitely if you're considering that,
definitely check it out.
Privacy Guides is a nonprofit which
researches and shares privacy related
information and facilitates a community
online on our forum and matrix where
people can ask questions and get advice
about staying private online and
preserving their digital rights.
Now let's talk about the latest
developments in California around age
verification laws and Linux.
Yeah, let's see here.
All right, so California,
for those who don't know,
where do we begin?
So California has been doing all kinds of
there's been a number of states here in
the US actually,
that have been implementing a wide variety
of age verification.
Okay,
so age verification laws in any form in
the US are unfortunately, I think,
officially, more common than not,
I think more states have passed age
verification laws of some kind than have
not.
But that said,
some states have gone a little bit, well,
I don't know if I'd say it's overboard
or not.
I mean,
it's definitely age verification laws of
any kind are overboard.
I'm just... You'll see what I mean.
Anyways,
some states have gone above and beyond and
decided that they need to add this to
the operating system level.
And this has been wildly unpopular for a
lot of reasons.
And usually,
a big reason with a lot of these
laws of any kind,
usually one major reason that people have
issues with them is they're overly broad,
which...
I could get into a whole thing about
whether or not laws are made to be
brought on purpose and whether that's good
or bad.
Uh, I digress.
But, uh,
California specifically was one of the
ones who said that like, you know, we're,
we're gonna,
every operating system has to age verify.
And because California is one of the
biggest States in the U S uh,
the open source community was kind of
like, all right, hold on.
Because again,
this is like the way it was originally
written is I think it would even require
like things like firmware to,
to update and, or not update, but to,
to age verify.
And,
Yeah, it was pretty crazy,
but I guess the long story short is
thankfully there was enough pushback from
the community that lawmakers are now
adding an amendment.
What's it called?
Assembly Bill one eight five six A.B.
eighteen fifty six.
currently moving through the California
legislature ahead of committee reviews in
June,
would amend the state's earlier age
assurance law by excluding software
distributing under licenses that allow
users to copy, redistribute,
and modify the software.
And the article says here that in
practice,
this would probably exempt most mainstream
Linux operating systems like Debian,
Fedora, Ubuntu, Arch, and Mint.
But they do point out that things like
SteamOS, for example,
would probably still fall under the law
because Steam is based on Arch,
but I think it is.
I know the Steam Deck is based on
Arch, and I think that is SteamOS,
but I could be wrong.
But because it is a variation put out
by Steam,
there are some changes to the licensing.
So yeah, yeah.
I don't know.
I mean, I'm going to be honest.
My opinion on this one,
I don't think this is a win because
I don't think these laws should be there
in the first place.
It's really weird because I know...
I will be fully honest.
I used to think if age verification is
going to happen,
this is probably the least invasive way to
do it.
And I still think that may be true,
but I still think that overall,
these laws in general are trying to solve
the problem the wrong way.
And I'm sure a lot of you guys
would agree with me in the sense that
I think the focus should be...
Not on blaming the parents,
but empowering the parents.
Like, I've told this story before.
My sister, she had her first child.
And granted, he's still a toddler.
Like, when he has a device,
it's because they, like, you know, okay,
you can...
You can watch YouTube for...
What do they used to watch it?
Hay Bears?
It's... I mean,
that was back when he was, like,
an infant.
But it's literally just, like,
dancing shapes on screen.
Anyways, like, it's stuff that it's,
like... It'll keep him busy, but it's,
like, for, you know, like,
they don't babysit him with the screen.
And the reason I mention that is,
you know, when I asked her, I'm like,
hey,
did you know that your iPhone has parental
controls?
And she's like, no, I didn't.
And granted, you know,
he's not old enough to need those parental
controls yet because he doesn't even have
his own device.
But...
I think it would be better to focus
on
making sure that parents are aware of
these.
And we've had some conversations on this
podcast before,
because I know Jordan has mentioned that
every time you set up an iPhone,
it asks you for your age.
And I don't know if that's standard
everywhere now.
Maybe that's something Apple just does
now,
or maybe that's because you live in a
country that has age verification laws.
But I don't know.
Getting back on topic,
I don't think this is a win.
I think we should be focusing more on
those kind of solutions because I think
it's twofold.
I think first of all,
it's kind of selfish.
It kind of says like, well,
we don't care about the Windows people.
We don't care about the Mac people.
They don't deserve privacy,
which I think is a very messed up
attitude to have because privacy is a
human right.
And that's like saying like, oh, well,
this person's not a farmer,
so they don't deserve food.
And I really disagree with that take.
And I also worry about what if,
you know,
I could see the argument of like, okay,
well,
what if this pushes people toward Linux?
first of all, not everyone can use Linux.
There are people in perfectly valid
situations that can't do that,
or at least can't daily drive it.
And second, like, okay,
what happens if we push enough people
towards Linux?
Then now the government decides actually
Linux has enough users that this now needs
to be regulated too,
which personally I could totally see
happening.
So, um,
I think this is a short-term win,
but I don't think it's a long-term win.
And I think it leaves a lot of
people up a Creek.
Um, but that is my, my personal take.
I don't know.
Am I, am I missing something here, Jordan?
um i mean yeah i think we're we've
kind of like i don't know what's the
what's the way of saying it like beating
a dead horse something like that uh we've
we've talked about this like a lot like
the the you know we're going to be
against any form of age verification and
like oh wow they made it so linux
doesn't have it it's like
It can be changed at any point.
I don't think this is particularly great
from that aspect as well.
I think also the issue with this is
they haven't really backed down on age
verification.
They're just basically excluding very
specific stuff that was the most
controversial.
I think we should be pushing these
politicians
to think like, oh, so why?
Why?
Why are you exempting certain operating
systems?
Aren't all the children just going to
switch to Linux and then start using that
instead and then bypass it?
It doesn't really make that much sense to
me.
I think you either...
put age verification on everything and
it's like dystopian and like absolutely
awful to use and it locks down the
entire internet or you don't like there's
not really a middle ground like this i
think it doesn't really make that much
sense to make a specific exemption for
linux uh
I also don't think these politicians
actually think that far ahead.
They just think, oh,
this will sound really good to my voters.
This will sound really good to my
constituents.
That's great,
but how are you actually going to apply
this?
How is it actually going to be
implemented?
And
I feel like that's also an issue that
I've seen.
Like,
I guess I'm going to open about this,
but I'm not from the US.
I'm from Australia and we've had some
really bad age verification stuff.
I think we're one of the first countries
to have that.
I think it might have been the UK
first.
And then we did social media bans as
well.
So it's like, you know, it's... It's...
It's really...
it's really just the way that I'm seeing
platforms actually move to implement these
changes is it's not really working.
Like I don't think they thought that far
ahead.
They never thought like, Oh,
like how are we actually going to
implement these changes to actually do
this?
And you know,
didn't think about it from like a privacy
perspective like there's definitely some
people in our team that i've talked to
that you know they hold the opinion that
maybe there could be a way to do
this in a privacy respecting way maybe
there is a way to verify someone's age
privately um which you know i respect that
like if if that's the opinion that you
hold but i think also the
The fact is that a lot of times
when we see this stuff, they always,
they never do that.
They never make it the most private and
secure possible.
They always go the easy route,
which is people uploading their IDs and
people, you know,
being linked to their accounts through
their ID, like, you know,
I'd love to live in a society where
that is the priority,
but that is just not the priority for
these companies and it's not the priority
for these politicians either.
So anyway,
trying to at least conclude my thoughts
here a little bit.
I think asking people their age on setup,
like Nate said,
like that was something I noticed on not
just, not just iPhones and Apple devices,
but also I noticed it when I was
setting up a Google pixel as well.
It asks you during the setup, like what,
what age group are you?
But it doesn't really seem to really push
you on that.
It's like, oh yeah, I'm,
I'm above and you just press continue.
Like it's,
it doesn't really see like this,
this thing that they're asking is,
it doesn't seem like a very robust system
in the first place.
It just seems like another thing that is
going to leak people's privacy and it's
going to be kind of hard to implement.
So yeah,
I guess Nate kind of said like, oh,
is this a positive thing?
I mean, maybe a little bit,
but like maybe it's good for the people
that are using Linux in California.
But like we kind of already thought that
that would be the case, right?
I don't think...
I don't think you're going to get a
whole bunch of these Linux developers who
can barely even agree on what the best
desktop environment is to how to implement
age verification.
I just don't see that ever happening.
And I think people in the Linux community
are even more stubborn about this sort of
stuff,
like implementing specific stuff like
that.
Some people completely avoid systemd
because of all of that debacle.
People will avoid using
Wayland because they don't like that
debacle it's like people are already very
opinionated I don't think people are going
to be rushing to implement age
verification on their Linux distro like
it's just maybe on the more corporate
focused distros that might be the case but
I think a lot of these community ones
are just not going to comply anyway so
I was like less of a concern I
think SteamOS definitely could be one of
those that it does comply but especially
because they are accessing you know
allowing access to games that are
restricted.
So yeah, that's kind of my thoughts.
Do you have anything else you wanted to
add as well, Nate?
yeah i uh i definitely agree what you
said about like the the community is
already so fragmented like i remember
system d added an optional field for age
and everyone lost their minds and i'm not
saying i'm not i don't have an opinion
either way for the record but like just
even the comment section in our videos
like the people got so angry and one
dude like forced system d and removed that
field and
Yeah, very opinionated.
But yeah, no,
I agree with a lot of the things
you said.
You mentioned that, yeah,
I do believe there is, in theory,
and I don't even mean like if you
squint in theory,
there are so many ways that we could
do age verification in a
privacy-respecting way,
like everything done on device, encrypted,
this, that, the other,
all this sends is a yes or no
flag.
But we don't.
You're absolutely right.
We never do it that way because...
it's cheaper it's easier you can double
dip in the data i guarantee you some
companies will do that if this stuff comes
around um like that's not even a matter
of if it's a matter of when so
it could be done in a privacy respecting
way but it it won't it never will
um one thing i did want to mention
is uh at the beginning you said that
like this could change later one thing i
will give california
I don't know if credit's the right word,
but apparently from what I understand,
it's really hard to change laws in
California because I remember when they
came out with the, what is it,
the CCPA, their privacy law,
EFF was actually against it.
And I remember them saying on one of
their podcasts that the reason they were
against it
is because laws are so hard to change
in California.
Like normally they would be like, well,
okay, cool.
This is a good baseline and we'll work
to improve it.
But again,
because laws are so hard to change in
California, for some reason,
it's a California specific thing.
It's so hard to change existing laws that
they were just kind of like, no,
we need to push for better from the
start because we might never be able to
change this or not be able to change
this for a very long time.
Um, so yeah, it's, I don't know, but,
um,
only other thing that came to mind while
you were talking is i i do think
this shows that pushback can help like um
we we really got to get louis rossman
on the channel one of these days to
tell the story but uh there is a
video um full disclosure i'm on the board
but louis rossman last year spoke at eff
austin and he told his origin story and
uh part of it was basically like
It's a great video,
you should go watch it.
But to kind of summarize,
my point is the first time he went
and spoke with his local representative,
he very politely was like, oh,
I think this bill you're endorsing is
wrong.
And he explained why the bill was wrong.
and the senator or not senator i can't
remember what it was he might have been
a senator but basically he like he um
he did take rossman's advice and he he
sided with rossman but he pointed out he's
like yeah of course i didn't know that
he's like i'm like i don't know how
any of this technology works and the only
person who showed up to say anything was
the lobbyist from the other side who told
me all this crap i didn't know he
was full of crap i don't know how
any of this works and um
So that was when Lewis realized,
he's like, oh,
especially at the local level,
at the state level, in the city level,
a lot of the time, nobody shows up.
Nobody says anything.
So yeah,
the whole Linux community came out pissed
off about this, as they rightfully should,
and the politicians rolled it back.
But nobody did that for Microsoft.
Nobody did that for Apple.
I'm surprised they didn't push back on
this because there seems like none of
these companies ever want to be the ones
on the hook for the IDs.
But anyways, my point being is like,
I guarantee you if more people in general
were pushing back on age verification,
the politicians would back down.
It doesn't always happen,
but ninety percent of the time it happens.
And yeah, so I don't know.
I just wanted to point that out.
It's like
Not to shill our own stuff too much,
but you know,
privacyguides.org slash activism.
We have a whole activism section on how
to push back on this stuff because if
nobody does,
like clearly the open source community
pushed back and they were forced to change
course.
Yeah, who knows?
And I do want to highlight real quick,
Puring Pudding pointed out,
does Android technically count as Linux?
Great point.
I don't think so because it's been
modified and now it's released under like
a different license.
So like Android in the sense of like
stock Android that you get on your Google
Pixel or your Samsung if you buy a
Samsung for some reason.
But, you know,
I don't think that technically counts as
Linux under the definition of this law.
But yeah, it's...
It just goes to show that this stuff
is a lot more complicated than politicians
realize.
So, yeah, I think that's all I got.
No, that's good points.
I think it's, yeah,
it's important to get involved in your
local community,
like stuff like if you live in California,
you need to make more noise.
Cause I think if most people would be
against this, I think, you know,
maybe not, maybe not everybody,
but I think a lot of people would
probably be against this.
It's already had so much backlash already,
especially from people like Lewis Rossman
and, you know,
all these, all these types.
So I guess that is one question.
Is there, is there someone that,
that people can contact about this?
Like, how does this,
do you have to contact your
representatives in California?
Is there like a way to find where
to talk to someone like that?
I'm not really sure.
Obviously, you know, maybe.
There is, I did,
let me go find it.
I did a blog post a while back
about, oh, it's hold on.
It's actually pinned at the top.
Yes,
basically there are websites where you can
look up who your representatives are.
Congress.gov, House.gov,
and Senate.gov are all for state level –
or state or federal level.
I mean CommonCause.org and USA.gov.
I think CommonCause especially.
I was on one the other day that
went all the way down to like –
like city judges and like these people
didn't even have pictures the the role is
so like quote unquote small um i think
that was common cause um there's proposed
laws there's like bill track there's gov
track there's fast democracy there's
legiscan um so in the u.s those are
some resources um i think we might have
a bill tracker on the activism section now
i'm not entirely sure um because i know
we did just add a new section recently
but
Oh, no, that's the DPA directory.
OK, my bad.
I think that is something we do want
to add in the future, though, hopefully.
But yeah.
I mean, yeah.
I would start there at least to learn
who you represented.
Read the local news, honestly.
Like I have a couple of different local
news stations saved and like in the
morning when I'm still kind of waking up,
which is probably not the best time to
be checking the news,
but like when I'm still kind of waking
up,
I'll sit on the couch and I'll skim
the headlines and I will see things about
like, oh,
there's a data center in this town next
door.
Like there's a meeting coming up on
Thursday to talk about the data center.
And I wanna start showing up to those
things and be like, yeah, no,
these are a bad idea and here's why.
I know at least in my area,
they've managed to get one data center
temporarily paused because there was so
much pushback,
and I'm very proud for that.
But it can make a difference.
I saw this person in the chat here
said,
P P P P P P said in
the chat, uh,
get Lewis Rossman on the show.
I think it's definitely possible.
Uh, it's definitely possible.
So it's, it's very possible.
Um,
we do want to do an interview with
him.
I just,
I don't know what to ask him because
I feel like he's such an open book.
It's hard for me to come up with
questions.
Um, but yeah, no, we,
we definitely want to, it's,
it's something we've been thinking about
and talking about a lot.
It's totally doable, but yeah.
I don't know.
Maybe we should just have him on the
podcast one of these days.
We should talk to him about it.
That would be fun.
I was about to say that.
That'd be fun.
Yeah, there's also this other person here.
So Terracotta Pie also said,
every time I hear about age verification
laws, it brings me pain.
Yeah,
we're kind of a little bit sick of
it here.
It's like every week there's like
something new relating to this.
Yeah,
I don't know why governments right now are
just like super obsessed with this
suddenly.
It's like AI, except, I don't know,
they're obsessed with like
verifying people's identities it's kind of
unfortunate but I do think you know kind
of coming back a little bit to that
lobbying thing I do think these these
lobbying groups are you know
probably kind of pushing for this a lot
of this technology because when they
implement all these age verification like
systems it's all like kind of getting
funneled back into these companies uh
because you know that's a lot of customers
you're about to get a lot of customers
if every single person on your platform
needs their age verified so i can see
why that might be a thing uh someone
here said
That'd be a good convo, yeah,
to have Lewis Rossman on.
Yeah, I definitely agree.
That would be really cool.
Yeah,
and something else you said that I forgot
to make a note about was when we
talked about you set up a device and
it asks you what's your age,
what I would love to see is...
Because I think something that I've been
trying to focus on a lot more is
like in arguing with this – or when
talking about this age verification stuff,
especially with parents,
is to point out that it takes away
their –
agency as parents it takes away their
right to decide what sites they think are
okay for their kids to visit and when
they think their kids are old enough and
i think i completely sympathize with
parents who feel like maybe the internet
is a little overwhelming and technology is
overwhelming these days i think that's um
a perfectly legitimate way to feel but
I think, again,
going back to the example of my sister,
how many of these devices will prompt you?
Like, is this a child's phone?
And how many of them?
And I genuinely don't know.
I haven't set up a new phone in
ages.
And, you know,
since I mostly use custom operating
systems, like maybe they're all, you know,
they don't do this stuff, obviously.
But yeah.
It would be nice to see a phone
that like asks you, you know, OK,
this person is like thirteen to fifteen
and it shows you here are the parental
controls available instead of.
You know,
I don't know if it does that,
and I think that's what I would like
to see is, you know,
to raise awareness that there's already
tools that, from what I understand,
are pretty decent.
And yeah.
And also we need more of those tools
on the privacy focused stuff.
Like I saw an article from proton earlier
this week about how Chrome has built in
parental controls and you can block
specific websites and stuff.
And I'm like, that's amazing.
I bet you brave doesn't have that.
Cause you have to sign into a Google
account to do it.
But yeah,
that's what I would like to see is
just more stuff that's focused on
empowering the parents to know what
options are out there and how to exercise
them rather than just trying to parent for
the parents,
which I don't think any parents really
want to be honest.
So.
I don't know.
Just a thought.
Definitely.
I guess here we could jump into this
next topic.
This one here comes...
They're just two kind of quick topics that
I thought we should cover this week,
which was something about F-Droid and
another thing about the Tor project.
So just quickly jumping into these two
topics here.
This one here from F-Droid is...
new financial support for fdroid thanks to
floss fund so fdroid was recently uh was
awarded fifty thousand dollars in funding
from the floss fund and basically it's a
fund that basically uh funds valuable open
source projects um
I think this is also super important for
these projects because a lot of times
hiring developers,
developers are really expensive,
especially if you need a good developer,
that's easily over a hundred and fifty
thousand dollars a year.
in employment costs to get someone
employed for that.
I think that's really cool.
Basically reading more into this article
here,
some information about the Floss Fund.
The Floss Fund aims to donate up to
one million dollars annually to Floss
projects worldwide with no strings
attached with the purpose of empowering
developers and maintainers through
financial resources to sustain and grow
critical open-source ecosystems.
Notable FOSS projects like Blender,
FFmpeg,
OpenStreetMap have gotten support in the
past and now FDroid has too.
The introduction of the funding,
funding.json standard built on JSON allows
projects to add funding details in the
code base,
making it easier for backers to navigate
aid efforts.
This streamlines donor support and quietly
builds a stronger financial foundation
across community-driven tech work.
So basically,
they kind of go through how they're going
to use these funds.
Basically,
what F-Rite is saying is they're going to
move some key tasks forward,
like supporting core operations,
updating infrastructure,
securing new features for better access to
ad-free community-built software.
Working on supporting a new format called
funding.json,
this is a standard way for app creators
to share information about how people can
donate money to support their projects.
And once that work's done,
FDroid's server,
the tooling we use to manage our app
store,
will be able to automatically collect
donation information from app projects
that have set up funding.json on their
website.
So basically,
this is kind of like a move to
allow developers to get funding that they
need for their apps.
It's kind of interesting.
Basically, if your app is on F-Droid,
you may qualify for the Floss Fund.
It's basically there to support existing
and widely used open source projects on
there.
So I think, you know,
this is going to be really good for
developers that are
you know, making apps that, like,
a lot of people are downloading but, like,
no one is supporting because, you know,
I think a lot of people kind of
take things for granted a little bit.
Like, behind every app that you're using,
there's, like,
a person developing that and, you know,
it takes a lot of time to maintain
things, keep things updating,
keep things working properly.
Yeah.
So I think people should try and donate
whenever they can.
I think that's super important.
I guess to dive into the second story
here from the tour project,
there's this new coalition of
privacy projects and this is led by the
Tor Project and the Funding the Commons
and basically it's a participatory funding
campaign so if you go to
internetfreedom.torproject.org
Or you can go to that website through
their onion link.
It's basically a Web three native
crowdfunding initiative.
Basically,
this is a way to accept contributions in
Bitcoin, Ethereum, Zcash, Monero,
Gollum and others.
Yeah,
it basically can benefit ten non-profit
projects working across privacy,
censorship, circumvention,
secure communications and public interest
digital infrastructure.
And basically there's an initial one
hundred and fifteen thousand USD matching
pool, which was supported by Cake Wallet,
Zcash Community Grants, Logos and Octant.
So I think this is also one of
these things where I think the Tor
project,
as well as a lot of other projects
that are listed on this page,
a lot of them were benefiting from, like,
US government funding through, like,
the Open Technology Fund as well.
So, you know,
that is currently being stripped down a
lot by the current US government.
So, you know,
they've definitely seen a dip in funding.
And I think this is...
kind of important to develop a parallel
system to allow these projects to keep
getting funding.
And I guess to talk about some of
these projects.
So this includes SecureDrop, Open Archive,
Onionshare, Ricochet Refresh,
Onion Browser,
Open Observatory of Network Interference,
Passcouchet, I don't know that one,
Unredacted, Digital Security Helpdesk,
and
I don't know that one that one must
be uh one that's a bit more international
um I haven't seen that one before but
yeah that is that is really interesting so
basically it's designed to ampli this this
whole like funding model is basically
meant to
amplify the impact of small contributions
like they're basically those those
organizations that were there they're
basically uh boosting the impact of of
that funding um so that is really
interesting uh but yeah i don't know
there's i don't really have too much to
add here not really super familiar with a
lot of these cryptocurrency things um so i
don't know do you have any thoughts on
either of these quick stories here nate
Um, just a couple of quick thoughts.
Uh, one of them you,
you kind of already touched on,
but I really want to drive home is
the F droid one is, um, you know,
some,
some developers I know like absolutely
refuse to take funding.
Like you block origin famously does not
take any, any donations at all.
Um, and I, I think that's fine,
but I think also, um,
I know in the, again,
to reference it in the past as
surveillance report,
we had like less than one percent of
our viewers were
donating in any way.
And I mean,
I think all we had was like a
Patreon or something like that,
but it was like literally less than one
percent of viewers.
And it's it's I know it's tricky,
especially right now.
Trust me,
finances are keeping me up at night with
the cost of everything.
Thanks.
But it's it's I know right now it's
really tricky.
But if anybody is in a position to
support projects,
any projects like it doesn't
I don't know if they'll like me saying
this, but it doesn't have to be us.
It could be Signal.
It could be Tor.
It could be whatever you get value out
of.
Or one thing that I recommend to a
lot of people is cycle it.
This month, give five bucks to Tor.
Next month,
give five bucks to Signal or whatever.
I don't know why I keep fixating on
those two, but you know what I mean?
Sit down and think about what are the
apps you use that you would be really
devastated if they went away.
There was actually an update this morning
on Session.
It looks like Session...
secured enough funding to basically keep
going past their original shutdown date,
but they're going to have to do it
in a severely weakened state.
Like they're basically only going to have
enough money to pay for like one developer
and basic infrastructure,
if I remember correctly.
I read that at like eight this morning
and I hadn't had my coffee yet.
it's, it's things like that are, you know,
that's the risk of not funding these
things.
And again, I understand I, I,
not everyone has money and I,
I completely sympathize with that.
But if you do have money,
even like five bucks, a couple of dollars,
like if, um, you know, these,
these are projects that have like
thousands of users.
And if everyone gave a dollar a month,
like that would probably fund these
developers full time.
So yeah.
Um,
I think that's a really important thing.
This is kind of my time.
I'm going to kind of plug privacy guides
here.
We also need funding as well.
This whole project, to have Nate,
to have me,
to have Jonah working on this a lot,
full-time working on this, it costs money,
right?
People need money to live, unfortunately,
and...
If it was a way to do this
without having to do that and we could
like, you know, dedicate all the funds to,
you know, whatever, something bigger,
it would be great.
But, you know,
people need money to survive and get a
live.
So, you know,
every donation that you make here is
supporting people working full time on
this project and trying to bring people
the most joy.
important information on this topic and
build out resources like the app verifier
database,
like videos that we're putting out,
all the articles that we have,
like with Freya and Nate putting out
articles.
activism section merchandise that we
create like this is all stuff that you
know we need to pay people for um
unfortunately like that's just the reality
right so uh you know if you do
really like what we're doing and you want
to see this continue that is one thing
that i think you know
even if it's like a very small amount
of money, like I think any amount helps,
especially any project.
And again, like Nate said,
like you don't have to,
please don't like donate if you're in a
position that is not financially stable.
Like this is, you know,
I feel like we're like at a really,
really,
really tough point in history at the
moment where things are just like,
really expensive and it's really tough so
definitely don't feel obligated but if you
are in a position where you can support
things you know consider donating to us
consider donating to these projects like
you don't even have to donate to us
just donate to something uh these projects
uh they need
support so uh and oh sod this all
just gifted a privacy guides membership so
thank you so much um so this all
does that a lot we appreciate your
generosity
Yeah, that is really kind.
So congrats to someone who got that
membership.
Speaking of memberships, I guess,
you'll be able to access a bonus section
of the Naomi Brockwell interview if you
did sign up for that.
We did see there was two people
who signed up for that again.
Uh,
they rejoined our membership program on
YouTube.
Uh, it was someone with a Korean name.
I'm not gonna,
I don't know how to say that.
So I can't really say that.
And there was also someone as well named
Thomas.
So thank you to those people that rejoined
to access some of that early access
content.
Um, it's definitely, uh,
It's a cool perk that we're happy to
give people.
And we hope that you get some value
from that.
We're just trying to give back to people
who do support us because we do really
appreciate it.
Yeah, W, sod this all.
Yeah.
Yeah.
You've been very generous.
So thank you so much for gifting regularly
as well.
It's really, really appreciated.
That is so kind.
um yeah i think uh if that's all
we had on that there was one last
story i wanted to sneak in real quick
um just because i thought this was super
super awesome and exciting and this will
be real quick because we don't have too
much to say about it but uh um
researchers at eth zurich believe they
have created perfect randomness for the
first time so uh for those who don't
know um i would argue nothing in life
is perfectly random um
Certainly almost nothing in the digital
world.
Even like your password manager,
when you tell it to generate a random
password, it's not really that random.
And the thing is with computers
specifically, if you generate randomness,
they have to have something that they're
deriving that randomness from.
So usually what they'll do is,
for example, they'll do...
let's say they'll take the time and
they'll go all the way down to like
the millisecond or like however far the
clock can go.
They'll take the actual timestamp with the
date and the time and everything.
And that will be the,
I don't know what the technical word is
for it,
but I'm gonna call it like the seed
or the key.
That'll be the seed
that they feed into an algorithm and that
algorithm generates a random thing based
on the time.
But it's technically not random because if
you feed that exact same time into the
algorithm,
you're always gonna get the same response
out.
It just seems random because
theoretically,
we're never gonna see that time again,
right?
So it's really good.
And this article points out that in most
applications, this is fine.
But in cryptography, especially very,
very sensitive high-level stuff,
this can be,
a bit of an issue and for the
record we're talking like really advanced
advanced advanced like like state level
zero day kind of stuff this is like
really advanced but technically there is
not perfect randomness and for the record
this is also true of coin flips if
you flip a coin a thousand times
technically you will statistically have
more of heads than tails or vice versa
So anyways,
researchers at ETH Zurich basically say
they figured it out with quantum physics.
And there's a pretty good breakdown here
in the article that I'm not going to
go through.
But basically, they made this like,
thirty meter long tunnel and they had
superconducting chips on either side.
And they something about quantum
entanglement.
And they were basically it kind of goes
over my head about how it works.
But they are very positive that they have
made actual true randomness.
And if you were to
Jonah and I were talking about this
earlier, and Jonah's like,
how would you even test that?
And I was like, well,
you just flip a coin, basically.
You tell it to pick between zero and
one, and if it is perfectly random,
if they do that,
we'll say like a million times,
which a computer can do very quickly and
very easily.
If you do that a million times,
then you analyze it.
You should have an almost perfect,
if not totally perfect,
like within a certain,
I think it's like .
five percent is the accepted
I took a statistics class once in college
and I barely remember it anymore.
But in theory,
you should have that almost fifty-fifty
split.
It might not be exact because, again,
it's random,
there's chance in the universe,
but it would be statistically
insignificant,
the difference between the two.
Um, yeah.
And the reason I wanted to share this
is because if that's true, that's really,
really exciting.
Uh,
I am assuming that this research probably
still needs to be peer reviewed and tested
and everything,
but ETH Zurich is very well known.
They are very reputable.
Um,
I don't think they would just make
something.
They might be wrong for the record.
They might go under peer review and they
might find out like, Hey, you know,
you overlook this or you didn't do this
right.
But I don't think they're just like trying
to sell snake oil or make something up.
Um, I think they genuinely believe this.
And if true,
they pointed out here in this article,
for those who are maybe listening on
audio, it says, in the long term,
this work could play a similar role in
digital security as atomic clocks do for
timekeeping.
And atomic clocks, they're useful for,
I mean,
like GPS is the first application that
comes to mind.
I know there's a bunch of others that
I'm forgetting,
but like atomic clocks are,
extremely extremely extremely accurate
clocks and they are crucial for a wide
range of applications that power our
modern world and so this could be a
huge step forward in cryptography if that
is true so yeah like I said kind
of a short one I don't think we
have too much to add but that is
that is that story and if we hear
anything exciting about it we'll keep you
updated but I just thought that was super
cool and wanted to share
Cool.
Yeah,
I don't really have too much to add
on that one,
but I just want to highlight,
I think we might have missed it,
but Sod the Sword just donated two pounds.
So thank you very much again.
That is very kind.
But yeah,
I don't really have anything to add on
that one.
Should we maybe dive into some forum
updates?
Yeah, yeah.
If there's nothing to add to the
randomness story,
then we'll check the forum.
And after the forum,
we'll actually be taking questions.
The Q&A will start.
So if you have not asked any questions
yet in the chat,
go ahead and drop those in the chat,
and we'll get to those in just a
minute.
But for now,
the community forum always has a lot of
activity.
But here's a few of this week's most
interesting discussions.
And the first one we're going to talk
about is actually a discussion about an
article from Ars Technica that says
websites have a new way to spy on
visitors, analyzing their SSD activity.
I'm going to share this article real quick
for a second, just so viewers can see.
So this is a side channel attack that
in response to one of my frustrations
earlier today,
we actually know this can be done
remotely.
This does not require physical access,
but it's basically a way to fingerprint
your computer.
And the way it works is when you
go to a website,
there's something called the Origin
Private File System, OPFS,
which is an allocated storage space that's
reserved for a specific site to run code
needed to complete a given task.
websites can create one with no
interaction required by the visitor.
So it's basically like a temporary little
sandbox where a website can maybe download
a cache or whatever it needs to do
to function.
And basically,
if the attacker is able to continuously
measure the performance of the SSD,
and especially the article says if you
have multiple tabs open,
it's almost like a
it's almost like the way that
fingerprinting works across the web,
right?
Like if you go to Google, hypothetically,
let's pretend, if you go to just Google,
Google doesn't really know who you are.
But if you go to like five other
websites that all have Google Analytics,
Google can track you across all those
different websites.
And it's kind of basically the same thing,
but it's working via that OPFS on your
SSD.
And they do note that there are some
limitations.
So first of all,
the OPS file must be extremely large,
likely a gigabyte or more.
I don't know how big the OPFS is
on average.
To me, that doesn't sound that big,
but maybe it is.
That requirement means the attack at scale
would inevitably be detected by many
users.
They also say the file must be stored
on the same SSD the visitor is using,
which I think for most people is probably
true.
I think most of us don't have multiple
SSDs.
Usually if a computer has multiple slots,
you have like one SSD and a hard
drive,
but
they also say that the best way to
prevent this attack is simply to close
tabs as soon as you're done which I'll
comment on that in a second and
What else was it?
More savvy users can monitor the creation
and size of the OPS files allocated by
unknown websites.
And they did say that the researchers did
propose ways for browser makers to shut
down the side channels.
So we'll see if any of them roll
that out.
And here it is.
The last thing they said that they
performed the full attack on an M two
Mac on Linux.
They showed that the underlying primitive
works,
but didn't run the full attack and they
did not test windows.
So it's not as bad on Linux,
but it does still work.
I'm just going to go out on a
limb and say it probably works great on
Windows.
But yeah.
Did you get a chance to read this
article by any chance, Jordan?
Do you have any thoughts on this one?
I did see some interesting takes.
Like we are kind of focusing a little
bit here on the forum,
but I did see some interesting people.
People had some interesting thoughts on
our community forum,
which I guess I'm not going to highlight
directly because we want to respect
everyone's privacy there.
Don't want to
keep your information stored in this video
forever.
That would be kind of awful.
But I will just kind of highlight some
things that people were saying.
Someone was saying that someone said
laughs maniacally from inside a disposable
virtual machine.
I mean,
that's definitely one way to protect
against this, I guess.
Maybe not everyone is doing that,
but I think, you know,
if using cubes OS, that's,
definitely a plus for cubes OS I think
also another thing with this is I feel
like it's a little bit dependent on like
your internet connection speed as well
like one gigabyte file um is kind of
big I think you know your if your
internet connection is like you know four
G or five G it's probably not gonna
be uh
downloaded particularly fast,
especially if you have like slow internet
connection,
like a hundred megabits per second or
fifty megabits per second.
It's going to be quite a it's going
to take quite a while.
But I also think a lot of browsers
actually kind of have protections against
this,
especially the ones that we recommend.
For example, like one common issue,
I'm going to say issue in quotes,
but it's not really an issue.
It's just something that we notice is
With StreamYard,
the software we use to do these live
streams,
a lot of times we'll have a local
recording as well as
this recording of on YouTube and stuff.
And basically that is done through saving
data into your browser storage API.
And, you know,
if you're using stuff like Brave or
Firefox with all the settings cranked up,
a lot of times it complains about not
enough storage being allowed, right?
So I think, you know,
This could potentially protect a little
bit against this.
I think having something that just has
absolutely no limits on anything like
Google Chrome or like, you know,
these browsers that don't really care
about this sort of stuff,
they kind of just allow anything.
It's definitely going to cause more
issues, I would say,
and allow this to happen.
There's also some people saying you can
enable specific settings in Firefox.
I think this person was saying
dom.fs.enabled to false protects against
this.
And also I think one gigabyte straight
into your browser,
people are saying that that would crash a
lot of websites for people.
But yeah,
I think this is definitely a concern for
the average person who's just using
Chrome.
And I think that's definitely a valid
thing to talk about.
Also, someone was saying that, you know,
they recommend closing tabs as soon as
you're done with them.
I think that is a little bit naive.
I don't know how you use your browser,
but generally,
if you're like researching a topic,
you have tabs,
a lot of tabs open because you're browsing
and stuff and looking at things.
So I think anyone doing like serious
research
research in their browser is going to have
more than one tab open.
It's a little bit ridiculous to suggest
that.
I think people will just have tab,
like I'm looking at my screen right now,
I've probably got like
like, you know,
we've got to have things open.
I think that's not the best advice.
I think the better advice here would just
be to use these browsers that have
actually sane defaults when it comes to
these APIs.
And I think it also is good to
assume
Any API that a browser has can be
exploited to fingerprint you.
We kept seeing this with audio signatures
through the audio API.
We saw this with WebGL.
It's basically any API can be used to
track you.
I would just assume that any API is
going to be used to track you.
And I think disabling them is
generally the better way to go.
I do wonder how this would work in
Tor browser or Molvad browser,
but that's not something that I have time
to test personally.
Did you have any extra thoughts, Nate?
Yeah, no, um, I think the, uh,
I'm with you for the record.
Like, yeah,
especially when I'm researching for a
video, I've got like a dozen tabs open,
but I also know it's kind of a
meme that a lot of people, uh,
especially a lot of mainstream users just
do infinitely leave their tabs open.
And it's like, it's literally a meme.
I've seen jokes about it, about like,
it's okay to close your, your tabs.
Now you're never going to reopen them or
like, um,
I don't know that I've ever dated someone
who didn't have, like,
ten million Chrome tabs open or anything.
Even, not to throw under the bus,
even my wife,
every once in a blue moon, I'll, like,
borrow her phone for a second for whatever
reason, you know, with telling her.
And, like, I'll open Brave,
and I'm just like, oh, God,
do not close Brave.
You'll lose all her tabs,
and she'll be so pissed.
So, but, yeah, I think...
I don't know.
That's probably just something I think
people should do in general is just close
their browsers once in a while because I
think you need to do that for it
to update.
Um, no, the, the other,
something interesting I wanted to point
out is, um, somebody said, uh,
here it is.
They said,
I enjoy the validation of blocking
JavaScript by default.
Um, because the, the article,
I kind of brushed over it cause I
was trying to keep the article portion,
uh, short,
but they mentioned that this is basically
made possible by JavaScript and they use
JavaScript to measure the IO interactions
and stuff like that.
And so it's kind of a double-edged sword
because I,
this is my personal conspiracy theory.
I don't know how true this is.
I think the vast majority of
fingerprinting is enabled by JavaScript
because you go to a website and it
loads JavaScript and that's what measures
how big is the screen.
There's other ways to do it for the
record.
I know there is, but for some reason,
companies don't do it.
They measure how big is the screen and
they measure all the other things that
they use to fingerprint you.
And I strongly suspect that blocking
JavaScript probably blocks a lot of those,
but then there's also a really good
argument to be made for like standing out
because there's not a lot of people out
there blocking JavaScript,
going to these websites.
So it's almost like a double-edged sword.
Like,
I don't know what the trade-off is to
be totally honest.
Again,
I don't have any proof of any of
this.
This is just my, my theory is like,
would that be a case of like, yeah,
but you'll block of the tracking.
So it's worth it to do it anyways,
or I don't really know, but.
it is interesting for sure.
And it's,
it's something I think about a lot,
to be honest,
because there was a phase I went through
where I was using you block origin to
like block JavaScript by default and then
slowly enable it on websites I used
regularly.
And honestly, it was actually,
it was pretty awesome.
Um, it was great, but it's,
it's crazy how much JavaScript you can
block and the website still works
perfectly, but.
Yeah, it's not without risks, I think.
So it's just interesting.
Interesting discussion.
But yeah,
I wanted to share this one because I've
seen this article pop up a lot.
A lot of people have been talking about
it.
So good to see what other people think.
I think it's also like I feel like
we should kind of push back on like
a lot of this technology is like developed
by Google because they control the
Chromium project a lot.
So, you know, I mean,
it exists in Firefox too,
but like a lot of this stuff is
usually pushed by companies that don't
really have most interest in protecting
your privacy.
So, you know,
their concern is going to be functionality
first, privacy second,
and privacy
Who would have thought that it's this
technology that they added for
functionality purposes can also be used to
track people.
It's like, anyway, you know,
it is what it is, I guess.
But I think more people using these
privacy respecting browsers is going to
reduce the identification of that, right?
Like it's going to reduce the
individuality of people not using that
specific API.
Yeah fair enough.
Okay, so someone here is,
it's P P P P P said,
Brave has tab groups.
You can group together, open tabs,
close the browser,
reopen the browser and all,
and then open the tab group again to
get all your tabs back.
And on Firefox,
I'm sure you can do this.
Just bookmark all the current tabs
temporarily to reopen again after closing
the browser.
I got to go though.
Bye.
Yeah.
Thanks for sticking around and thanks for
leaving the comment here.
I guess I feel like Nate, you're,
You're definitely a brave enjoyer,
so maybe you can comment a little bit
Enjoyer.
Wow.
Such a strong word.
I have mixed feelings on all the browsers.
That's a discussion for another day,
but I don't know.
No, it's, I mean,
I don't really have that issue because
yeah, I do like,
if it is a site that I think
I'm going to need again,
I will note it down somewhere.
I'll like note to self and signal or
I'll put it.
Usually I'm like doing research on a
script.
So I'll like,
I'll literally just throw the link in the
script and just be like, cool.
Now it's there tomorrow when I go to
work on this.
But yeah,
I'm more thinking of, again,
the typical mainstream user.
It's just the way they use the browser.
I don't understand it.
I've never understood it.
I've never been this kind of person.
They just leave it running continuously.
A lot of people never shut down their
computers, too.
Or if they do, again, they have...
Cause that is a setting in a lot
of browsers too.
It's like, oh,
reopen my tabs when I open the browser.
But it's just,
it's something people do for some reason.
I don't personally understand it.
Like they won't use bookmarks.
They won't use any kind of bookmarking
system, which I know for the record,
instead of note to selfing on signal,
I could just bookmark the tab, right?
like you were saying,
but for some reason they don't.
They just constantly,
like they just open another tab and keep
going and open another tab.
And once they find a site, they're like,
I'm going to want that later.
Open another tab, open another.
And I literally,
I've run into people that literally have
like dozens of tabs that they've
accumulated over the years or the months.
And it's like, I don't know.
It blows my mind.
Cause I'm, I'm,
I've always been a little bit of a
minimalist and I like keeping things neat
and clean and it does come back to
bite me sometimes you know when I'm like,
Oh,
what was that website and I don't have
history enabled and I don't have any of
that stuff and I have to go looking
for it again but like,
I don't know some people just don't use
that kind of stuff like they don't rely
on the history they don't rely on
bookmarks they just
open another tab and move on as if
they've opened a fresh browser.
And the next thing you know,
they've literally got well over fifty tabs
and they're definitely not going to
bookmark those.
It's just it's it's weird.
I don't know.
See, there's Anon.
I use both and I have multiple tabs
open on mobile and desktop.
So see,
Anon is one of the people I'm talking
about.
Yeah, I didn't get that.
I always do like,
at least on my personal devices,
I always do like
always like close every tab like exiting
everything clearing all the data but I
don't know for work I definitely don't
though I just have everything just logged
in all the time because I've got like
a million websites I need to be logged
into like for all the stuff that we
do here it's like I've got so many
logins um so I mean I think you
have to obviously like weigh up the
the benefits, right?
Someone else said here,
Trojan X-Ninety-Nine,
Brave versus Firefox, which you suggest,
by the way.
I'm a Brave user.
I mean, we recommend both privacy guides.
I think it's really just down to, like,
personal preference in a lot of cases.
Like,
if you need something that has better
compatibility,
I'd say Brave is usually the better
choice.
But if you care about, you know,
the Chromium monopoly,
if you want to
if that's something you care about,
I know that there's a lot of controversy
around both Firefox and Brave.
Like Firefox has made some really silly
decisions in the past, same as Brave.
Um, you know,
their leadership has also made really
silly decisions as well.
People get, you know,
have specific irks with each product.
I think you kind of have to look
at the evidence, look at what,
what you think about each product and make
a decision for yourself.
Um,
Personally, I'm more of a Firefox fan.
I've just always used Firefox.
Like, since, like, for ten years,
more than ten years,
I've been using Firefox.
So it's, like, what I prefer.
But I think it's the same thing with,
like, Chrome, Chromium-based browsers.
Like, if you've always used Chrome,
I feel like Brave would be a pretty
easy switch.
Like,
everything's just going to work the exact
same and you're just going to get more
privacy protection.
So I think that's...
It's definitely,
I feel like Brave is definitely a bit
more user-friendly and things are just set
up by default.
And that is one benefit that Brave has
because I feel like with Firefox,
you have to change quite a few settings
to get it to a similar level.
But again,
it's definitely a personal preference
thing.
I don't think there's really...
There's benefits and downsides of each,
so you kind of have to just make
up your opinion.
Someone here said vanadium.
I mean, I don't know.
I think vanadium is...
good from a security perspective,
but I think you can't really compare it
to Brave or Molvad browser or Firefox.
It's not really in the same league.
I think the Graphene OS developers know a
lot about security.
I'm a hundred percent certain that
Vanadium is probably one of the most
secure browsers, if not the most.
um because you know they they utilize all
this hardware security based features and
stuff like that um but i think when
it comes to privacy there's there's people
that have been doing things like that for
a lot longer like the tour project and
uh i think generally they're gonna be the
gold standard when it comes to that but
i think
Your Vanadium is just miles better than
Google Chrome,
and it's not making a bunch of
connections.
I think the main thing is,
like we were talking about earlier,
it's going to leak information about your
system.
It's going to make you more
fingerprintable because it doesn't have
those protections that Brave and Firefox
have,
which I'm sure that the GrapheneOS people
are probably working on that.
I'm sure that they're trying to improve
it.
I know they added some basic ad blocking
capabilities,
but I still think when you compare that
to what Brave has,
they're not really comparable in my
opinion.
Maybe that's a hot take, but... Well,
and also the thing that I never hear
anybody point out is Vanadium is graphene
only.
So it's like, cool,
what are you going to use on your
desktop?
What are iPhone people supposed to use?
other Android.
And I know the obvious answer there is
switch to graphene, but like, okay,
when we have sympathy for people who maybe
live in an area where they don't sell
pixels or, you know, they,
for whatever reason, like it just, it,
it excludes a lot of people,
but I mean,
if you want to use it,
go for it.
I don't,
I don't have anything against Vanadium,
but it's,
It's not always feasible for everyone,
I would argue.
Someone here said Firefox is more secure
than Brave.
I don't think so.
I think Chromium has better sandboxing
capabilities and...
like it's just a more mature product,
obviously, because, you know,
it's basically the entire world basically
runs on Chromium.
So, you know,
it kind of makes sense that it would
be ahead in that aspect.
But it does have better security
protections than Firefox,
especially on mobile as well.
So yeah,
just trying to offer some balance here.
I don't think it does have the same
level of security.
I don't think Firefox is insecure.
I just think that Chromium has more
protections than Firefox.
Yeah, I just want to back that up.
I agree with you because I think for
the average person,
the security difference between the two is
pretty negligible.
I think that gets bandied around a lot.
Like, oh, Chrome Sandbox is better.
Chrome Sandbox is better.
And it's like, okay,
but now we're arguing about the
performance difference between a Ferrari
and a Maserati.
I'm not a car guy,
so maybe that was a bad example.
But there's a certain point where it's
like,
does it really matter for the average
person?
Like, okay, sure.
Maybe if you're like,
a journalist or an activist, then yes,
you need like the most secure thing
possible.
But I think again,
for the average person with an average
threat model,
I don't think it makes a difference.
I think kind of going back to what
you were saying, it's like,
I almost view browsers as like,
which one fits your philosophy better?
Like, yeah,
brave is ready to go out of the
box.
It's very user-friendly.
It has more compatibility.
And for a lot of people,
that's what they want is they want
something that like is the same experience
across all their devices and
um which i don't think firefox can say
yet it's got a built-in ad blocker they
don't need to fuss with it they don't
need to mess with a lot of things
uh again i've said this in previous
episodes in my experience most
quote-unquote normies just ignore all the
crypto stuff like they don't even notice
it they don't even care
Um, they don't even disable it again.
They just don't even notice it.
It's, it's so weird.
It drives me crazy,
but they don't seem to see it.
But at the same time, like, you know,
if,
if you disagree with the Chrome monopoly,
if you disagree with Brandon Ike,
all of these kinds of things, then yeah,
Firefox is great.
You just have to be willing to roll
up your sleeves and do a little bit
of tinkering to,
to get it up to the same level.
So yeah, there's,
I don't think there's really any right or
wrong answers in the privacy or in the
browser space.
I think it's really about like what
matches your threat model and your values
personally.
So.
There's definitely some wrong answers,
like Chrome or N. Okay, okay, fair, fair.
But yeah.
I guess I meant more like in the
whole like Chrome or Brave versus Firefox
debate or like some of the forks of
Firefox,
which even then there are some wrong
answers there, I would argue.
But overall,
I think a lot of the privacy browsers,
like,
because especially people you ask them,
you know, some people are like,
I use Waterfox.
And it's like, personally, I wouldn't.
just because i don't see the point of
using a fork of a fork of a
fork of a fork i know i'm being
a little dramatic when i say that but
you know it's like but then when you
talk to them it's like why do you
use it they list like oh because it's
you know the search engine does have ai
and like this that and the other and
it's like those are pretty good reasons
like it's just it's so much personal
preference and again as long as it fits
your threat model and it's giving you the
protection you need i i feel like it's
it's kind of personal preference so yeah i
don't know
Didn't get too tribalistic.
You can use both of them at the
same time, by the way, everybody.
You don't need to use just one.
Not me,
who had both of them open today on
my computer.
Real quick,
before we move on to the other forum
post, somebody here said,
I use Trivalent on desktop.
I hadn't heard of this one before.
Apparently,
it's a Chromium fork inspired by Vanadium
that is designed to be used on
desktop, specifically with SecureBlue,
ideally.
But that's pretty cool.
I might look into that a little more.
I don't think I'm going to switch to
it,
but I had not heard of this before,
and I'm curious about it.
Yeah, if people are interested in that,
we did do a video on SecureBlue,
and we did talk a little bit about
Trivalent in that video.
Maybe check that out if that's something
that sounds interesting to you.
I think the issue with Trivalent is it
relies on a little bit of
like stuff that is built into the
operating system.
So it's not currently very available on
other Linux distros apart from secure
blue, but you know,
we recommend secure blue.
So I would try that.
Um,
obviously I feel like that's another
thing.
Linux distro is a very personal
preference.
Probably not everyone is going to like
secure blue.
So again, another issue there,
but I think,
I don't think it's wrong to use trivalent
or anything like that.
Um, another person here said, uh,
It's nyalexnj,
what about DuckDuckGo browser?
Bad slash good, brave user here.
I think the main issue with DuckDuckGo
browser is that it's
It doesn't really offer anything else that
existing options already have.
I think it's better than Chrome.
It's better than all of these ones that
are collecting a bunch of your data.
If you have to use it,
then I would say it's fine.
But again,
I think Brave is going to offer better
protections.
Firefox is going to offer better
protections.
uh it as far as i know it
doesn't do anything particularly unique
it's just a browser it's a chromium based
browser made by DuckDuckGo it has all the
tracking that chrome has stripped out uh
it's fine.
Like there's a lot of options in the
privacy space where it's like, it's fine.
Like Vivaldi, it's like, it's fine.
Like it's, you could do better.
Like it's not Chrome.
It's not collecting a lot of information
about you.
But you know,
when it comes down to a lot of
these very nerdy privacy protections that
we talk about,
like fingerprinting resistance and like
all these tracking technologies that are
on the web,
you're going to be better off with
something that is specifically designed
with a lot of those protections built in
by default.
Yeah,
I don't have much else to add to
that.
But we did have, actually,
this is related,
now that I think about it,
in a way.
We had one other forum post that I
kind of wanted to shed some light on,
which is, it says,
best alternative search engine option that
actually works.
So if you guys didn't hear,
which you might not have if you're not
a Google user,
which we don't encourage the use of Google
Search,
Google is basically going to be fully
integrating AI into their search engine.
And it's a little unclear exactly what
that means,
but the general consensus is basically
that like,
I don't know.
This almost sounds hard to believe.
And maybe I'm misunderstanding this,
but it's almost like Google is going to
stop searching you or serving you results.
And instead the whole page is just going
to be AI summary.
And there will be, you know,
of course I don't,
it's weird that Google has defenders these
days,
but the defenders like to point out that
like, Oh,
but you can still like click this tab
and navigate back to the results or
whatever.
But basically now when you go to Google
search and you're like, I don't know,
recipe for cheesecake,
it's not going to serve up the AI
summary and then two hundred and fifty ads
and then a bunch of like SEO optimized
like here's the best homemade recipe for
cheesecake and real quick rant.
You click on it and then it's like
two thousand words of backstory.
And it's like, dude,
I just want a recipe.
Shut up.
So anyways,
now when you go recipe for cheesecake,
it's just going to go.
Here's the best recipe for cheesecake and
start spitting out a bunch of stuff that
will probably include glue and rocks based
on past AI summaries.
So as a result, this person is asking,
because I have not noticed this
personally,
but a lot of people do complain that
when you move away from Google,
a lot of people complain about the search
results.
And I think...
Personal opinion,
I think a lot of that is driven
by the fact that Google search results are
so quote unquote good because they're
tracking you and they know what you're
looking for.
So like, for example,
just now we were talking about Trivalent
and I was like, oh,
I haven't heard of that.
And so I went and pulled up another
tab and looked it up.
And the first like three things that came
up were like something about healthcare or
something.
I don't even remember.
But I remember just thinking like, oh,
that's not what I was looking for.
Like maybe I need to...
Maybe I need to type in trivalent browser.
And then as I was scrolling,
I found it.
So I was like, oh, okay, cool.
There it is.
But Google, in theory,
if I were a regular Google user and
I typed in trivalent,
that would probably be the first thing
that pops up because Google is stalking me
and knows that, oh,
he's probably talking about a browser.
So I don't know.
But I think that's just something worth
noting for people who are maybe frustrated
with some of the other results when they
leave Google is you have to...
I've written about this in the past and
I should probably revisit this topic is
like,
there's almost like two things can be
real.
I know that's,
that's a hard thing that sometimes people
struggle with, but like,
I think there's a balance of like open
source developers should do their best to
build the best product possible.
But I also think that
companies aren't entirely wrong when they
say that surveillance does make a more
personalized product.
And therefore I think we have to like
temper expectations within reason.
But when we move to some of these
things, we have to accept that like, yeah,
the search results may not be as good
quote unquote,
because they're not stalking you and they
can't read your mind and they don't know
that you're looking for a browser and not
something else.
And, um,
But anyways, yeah,
so definitely check this out,
because we do have, real quick,
I'll share it,
and then I'll turn it over to you,
Jordan, because I know I'm talking a lot.
I'm sorry.
But we do, oh, where'd it go?
Oh, I forgot to add the tab.
That would help.
There we go.
We do have a page about search engines,
and our top recommendations are
DuckDuckGo, StartPage, and Brave,
as well as a shout out for,
I believe it's pronounced Searching.
which is a fork of search,
which I believe was abandoned or
discontinued or something.
So those are our official recommendations.
But definitely check out this forum post
if you're also looking to get off Google,
because
I mean, I see everything in here.
I see... What's this one?
Obligatory link to the page I just shared.
Someone else has been brave as good for
me except images,
which I totally agree on that one.
Someone else said Kagi.
Another person said Kagi.
Someone said the no AI version of
DuckDuckGo.
Shared a couple links to some other
projects that have been promoted on the
forum.
So, yeah, it's...
Yeah, I mean,
there's a lot of things being discussed
here.
Somebody said Yandex.
I'm going to push back on that one
personally.
But yeah, lots and lots of votes there.
If you're thinking, if you're like, oh,
I've tried Brave and it didn't work,
and I tried DuckDuckGo,
try some of these because maybe they are
pretty good.
So yeah,
that's all I got on that one.
Yeah, I think it is kind of,
I honestly feel like I need a,
I don't know,
maybe my experience is not like that
mirrored by other people's experiences,
but I feel like Google search is so
bad now.
Like if you try and search something,
it'll be like AI slop overview.
And then it'll be like,
an ad, another ad, another ad,
and then like maybe something related to
what you're searching and then a shopping
list.
And it's like,
you have to scroll like five times and
then like, there's not even,
sometimes it's not even something relevant
to what you're looking up.
Um, I think, I don't know.
I feel like, yeah,
I feel like Google is kind of crap
now.
Um,
maybe some of that's due to the AI,
AI slop stuff that every, every single,
um,
search engine is integrating.
I feel like also the AI overviews are,
I don't know, making it,
they're trying to keep people from
clicking on a link.
They're trying to keep people in the
search index.
instead of visiting a website.
And I think it's actually,
from what I've heard,
it actually is impacting website owners
because instead of actually some person
visiting the website,
an AI overview is just scraping it and
then giving the answer to someone and
they're not clicking onto websites.
So
Google is kind of taking away from
websites traffic in that aspect and every
other search engine that does this.
And unfortunately,
basically all the ones we recommend do
this by default.
So Brave Search has an AI overview.
DuckDuckGo has an AI overview.
It's really stop page.
Actually, I don't know if stop page does.
Let's see.
I will say, while you're looking that up,
again, in the thread,
a lot of people were pointing out,
I think it's noai.duckduckgo.com will give
you a DuckDuckGo without the AI summary.
So I think Kagi was another one that
people recommended.
For those who don't know,
Kagi is a paid option.
But I believe that the...
words for a minute there.
The AI summary is optional.
I think it does have an AI summary,
but since you have to log in to
do a search anyways,
because you need to use an account,
you can turn it off in your account
and it'll just stay off.
Yeah.
Kaji, Kaji, Kagi, Kaji.
I don't know how you say it.
I don't know if the name is confusing,
but you know what I'm trying to say.
Apparently it's a Japanese name.
Okay.
That might be why.
I'm just a...
I'm just an annoying Australian.
I don't know how to say anything outside
of my country.
But anyway,
what I'm trying to say is the AI
overview...
It looks like Startpage doesn't have that.
So maybe that's something to look at.
I personally...
I don't know.
I always find start pages kind of slow.
They don't have servers everywhere.
Also,
there's been some scandals with them in
the past as well.
Let's see what someone said here.
Oh, nice.
Thanks for that noai.duckduckgo website.
Yeah, yeah.
That is quite a nice one to do.
I think I might replace my current one
with that because, oh my goodness,
I'm getting so sick of this silly AI
overview thing.
Oh my goodness.
i think also yeah like i said it's
kind of taking away from website owners
when you don't visit their website uh i
mean we're all using ad blockers here so
it's probably not helping but like i feel
like them getting insight and like traffic
is also important it it it affects the
search index as well um with how websites
are accessed
And I would also push back against people
saying like, you know,
I use AI instead of a search engine.
Like,
let's let's try not to do that because
I think, you know, that's bad.
The the issue with these AI
chat platforms is they're kind of a black
box in terms of where the data is
going.
A lot of these websites,
like I know OpenAI, Gemini,
all these websites, by default,
they're using your data to improve their
models.
And when you put this information in
there,
it's not very easy to get it out
so once the data's been trained into a
model it's kind of impossible to get it
removed which is like another issue that
we're facing right like let's say you were
a minor celebrity for a little while and
you wanted to kind of start a new
life as someone else right um basically
you get everything removed on the internet
about yourself and
But then this AI model that scraped it
at some point,
if you ask the AI model about it,
even though the information doesn't exist
in search engines anymore and on the
internet, it still knows about it.
So, you know,
I think that's a concern that is pretty
massive with these AI models.
And also, I think it's...
Not always very accurate,
but I think everyone already kind of knows
that.
That's kind of obvious at this point,
but yeah.
That's what I was going to point out
is like, yeah, it's still, to this day,
I still,
I do use AI quite a bit for
research just because it's easier to ask
it complex questions.
But I use Braves Leo,
which cites all of its sources and I
double check every,
and it'll cite in the thing.
It won't just be like,
here's a paragraph and here's the five
places I took it from.
It'll be like, here's a paragraph,
but this sentence came from this source
and this sentence came from this source.
And so I will double check every single
source and be like, okay,
did it actually say that?
Or did you make things up?
And it's definitely getting a lot better,
but I'd still say at least about ten
percent of the time I click on the
source and I'm like,
I don't see that anywhere.
Where did you get that from?
Actually,
I posted a screenshot the other day where
just for fun, I told Leo,
I was like,
tell me about the new oil,
the privacy project.
And it completely with full confidence
made up a name that I've never gone
by.
I think it based it off like my
GitHub username or something.
I don't even remember what it was,
but it was, it was just weird.
It was like,
where did you get that from?
And so, yeah, it's just.
I knew it.
Your name was John oil.
I knew it.
No, it said it was like,
it said it was like a,
like Travis no Nate or something.
And I'm like, okay, not,
not the worst name,
but how'd you get that out of it?
Cause my, my GitHub username is TNO Nate.
Cause at the time I made it,
apparently Nate B was already taken,
which is usually what I use, but.
Yeah, it was just like, okay,
not sure where you got that one from,
especially when there's a million posts
online of people calling me Nate and me
calling myself Nate, but whatever.
Okay.
But yeah,
real quick to go back to one more
thing you said about even if you take
the data down,
it can still be in the training data.
We covered a story about that.
There was an adult actress who pays for
the data removal services and everything,
and somehow AI got her real name and
address and told it to somebody on Twitter
completely unprompted.
So yeah, it's...
Not good stuff.
Not good stuff.
Yeah,
even data breaches could be scraped
because we all deal with this.
Anyone that runs a website has seen...
They'll look at their traffic logs and
they'll see a million requests every day
and it's like, what?
Why?
Why?
From China or some random country that's
probably not going to be viewing the
website legitimately, right?
Yeah.
If it's an English website,
then why would there be so many people
from China accessing it?
Or some other country?
I don't know.
Make up whatever you want.
But yeah,
it's causing websites a lot of issues.
And also login pages.
I don't know if I still do since
I switched hosting providers,
but I used to get a lot of
requests for the new oil.org slash cpanel.
like people trying to find the cPanel
login to my website.
And it's just like, oh, OK.
Thank god that page doesn't exist.
But yeah, it's crazy.
One thing real quick.
Somebody said,
put the video in Apple Podcasts, please.
I think we're planning to, actually.
The podcast app we use sent out an
email a couple of weeks ago that said
that video podcasts are in beta.
So I think we're waiting for access to
that.
And that is something we definitely want
to play around with.
We're very interested in that.
But we just don't have access to it
yet.
I think that was kind of all we
had for forum stuff.
So I know we've been answering questions
as people go,
but might be officially time for the Q&A
now.
And somebody actually just asked here,
you're talking about AI.
Have you tried to self-host your own
private AI?
Yes and no.
I don't know if this counts as
self-hosting.
I've used Jan AI and GPT for all,
and they are pretty good.
I do like them.
I just...
The vast majority of things that I use
AI for are based on having web access,
like current web access.
Like if I'm doing research,
I want it to ping
the latest news stories and have the
latest information.
You know, it's not,
I don't typically use it for things like
write a blog post or even like proofread
this blog post or like help me brainstorm
ideas.
Like I use it for that stuff sometimes,
especially if I'm having writer's block
and I just like, dude,
I just need to get out of this.
Like, please help.
But I don't typically use it for stuff
like that.
I mostly use it for researching stuff.
And in that case,
I can't have an AI model that's like,
you know, oh,
my latest information is from September of
twenty twenty five.
And it's like, OK, that's great.
But this thing had a data breach in
April and I kind of need you to
know that.
Or, you know, again,
I'm looking for this specific thing that
happened that I want to reference as an
example.
And that happened two months ago.
And so I kind of I really like
Leo and Lumo for having Leo's better than
Lumo with this, in my opinion.
But maybe it's because I don't pay for
Lumo.
I like them for having that that web
access to be able to pull the latest.
I mean, there are times that
just to test it,
I'll see like a headline of, you know,
like, um, kind of political, but sorry,
his first example that came up, you know,
oh,
the U S assassinated this like foreign
general.
And I'll like type it into the, the,
you know, Hey,
tell me the latest about this foreign
general.
And it'll give me right up to the
minute of like, you know,
this happened today.
And I'm just like, damn,
that's really good.
I just don't get that with the offline
ones personally,
but maybe it's because I'm not properly
self-hosting and I'm just using an app.
So that's been my experience.
yeah I think also I think I mean
I've tried out like the gen AI thing
a little bit and other other similar
things just because I was kind of curious
about this uh I'm not really very heavy
AI user I'd say I use it like
every once in a blue moon but like
for something that like I can't find
information on sometimes it's helpful for
troubleshooting that sort of thing
but I think the issue with a lot
of these local systems is they require
kind of a ridiculously powerful computer
to get the same level of quality because
while there is like
models that can run on most computers.
If you don't have a hundred and twenty
eight gigs of memory,
a massive graphics card like a fifty
ninety or something,
you're going to be running a pretty small
model which has issues, right?
Like it's it doesn't have the same amount
of information.
It doesn't have the same amount of
context.
It can't understand what you're trying to
ask it as well.
the answers aren't going to be as high
quality.
I think that's where the self-hosting
thing kind of becomes a little bit
unfeasible,
especially because if you've been looking
at PC prices at the moment,
like you will know that this is like,
it's inaccessible.
Like even for the average person to build
a computer right now,
it is completely inaccessible.
Like RAM prices are the highest they've
ever been.
Ever.
So same with graphics cards,
same with hard drives, SSDs,
all this stuff.
I think self-hosting things is kind of a
bit of a, well, no, self-hosting is fine,
but self-hosting AI model stuff is not
really that feasible.
I would also try and question people on
like,
do you really need to be using an
AI model?
Like,
I feel like we don't really need to
be doing that, like, that much.
I feel like it's,
we're at a stage at least where this
technology is optional.
And I would sort of push people towards
maybe try and work things out without it.
And use some of these, like Nate said,
there's like Lumo, there's Leo,
there's DuckDuckGo, I think has one.
I only think of too many other ones,
but there's all those ones that don't
retain data and don't train on your data.
So that could be a better idea if
you only need it every so often.
But I think generally...
uh, I would avoid it if you can,
cause there's a bunch of issues with it.
Um,
it's kind of making the world a terrible
place at the moment.
So yeah.
Yeah.
Just to back up what you were saying
about the computer,
I have a decent enough, um,
my windows computer has like a,
a Ryzen seven,
I don't remember what kind of graphics
card it's decent.
It's definitely not as good as I'd like
it to be, but yeah,
every time I fire up,
this is another reason I don't really use
GPT for all to be honest is like
every time I fire it up,
it sounds like it's taken off and it's
about to explode on me.
And it's also just super, super slow.
And it's like, okay, I could,
I could get Leo to do this a
lot faster.
So yeah,
But yeah, it's, um, I,
I do try to use it as a
bit of a last resort.
You know, I try to do searches first.
I try to figure it out first.
I've got,
when I talk about writer's block,
I've got a bunch of tricks, you know,
I've got,
I know how to outline things and get
up and go for a walk and stretch
my legs.
And, but you know,
there's some times where it's just like,
uh, I'm I'm lost.
What do I do?
So, but.
I see Sid did ask a while back
when we were talking about search engines
if we had any thoughts on Quant.
I don't have any thoughts on them.
I think they're kind of like the way
you described DuckDuckGo.
They don't really stand out,
in my opinion.
I think there's better options.
But I don't think there's anything wrong
with them, per se,
as far as I know.
Trying to look it up here.
But kind of a...
quiet night.
I think we've been answering questions as
we go.
Yeah, I think with Quant, I think it's...
just doesn't have the same level of
privacy that the other ones that we
recommend have like there's just small
things that other ones kind of edge it
out uh I think there were some privacy
concerns with it again though go check out
the privacy guides forum like I'm I am
almost certain that there is a topic about
this about someone willing to get it out
to the site yep here we go here's
uh here's one uh so it does collect
according to the discussion here they
They aren't open source.
There's some information.
They were initially actually listed on
privacy guides, but it was removed.
I had a feeling that was the case.
So definitely check out that thread.
See what people are saying about it.
It could have changed.
The situation could have changed.
I would definitely recommend if you think
that the situation might have improved,
we're always open to getting things added
on the site.
We're currently working on quite a lot of
changes at the moment.
We're removing apps,
getting things updated again.
So definitely check that out.
And maybe it is something that we can
reconsider.
But as far as I'm aware,
nothing has changed since it was removed.
So yeah,
maybe just stick with the current
recommendations and that would probably be
safest.
It does have its own search index,
if I understand my research correctly.
So that's cool.
But yeah,
I'll be reading that thread later for
sure.
I guess that's about it.
It doesn't look like any new questions
have come in.
I don't know.
Do you want to give it another minute,
or do you think we should call it
a show?
For some reason,
I'm not seeing some of the questions.
Some of the comments are not coming
through on StreamYard here,
but I did see some people making comments
that maybe we could touch on a little
bit here.
Easy browser for...
Easy browser for boomers.
I was thinking DuckDuckGo for mom.
I mean, yeah, I think it's pretty basic.
It does all the same stuff.
I don't think it's a bad option.
I think, you know,
We kind of always push people towards the
best possible options.
But I think if it works, I mean,
I don't know.
I personally haven't used it that much.
I've just tested it out a couple of
times to see what it did.
But it seems pretty basic and pretty
simple.
It does everything on the tin.
There's nothing too bad about it.
I mean, I wouldn't be against doing that.
I think Brave's also a good option.
Firefox is also a good option.
Again, though, I feel like with Brave,
it's a little bit annoying because they
always add features and then it gets
turned on by default.
And it's like,
I don't know.
Same with Firefox.
They do the same thing.
It is kind of frustrating that, like,
there's no way to be, like... Don't...
Disable all new features by default.
Like, if that was a feature, I'd be,
like, so on board with that.
But, yeah.
I think DuckDuckGo is not a bad option.
But, again, there's, like...
I think if you're getting someone off
Chrome or Opera or these other really bad
ones,
I think anything is better than that.
Even if it's not the best possible option.
Definitely think about it like that.
I think it's really tricky.
On the one hand,
what I would say is something I think
we all forget in the community a lot.
you can always change.
There is nothing stopping you from if you
use Brave and then like you were saying,
oh,
it keeps pushing these features or I just
found out I don't agree with the CEO
or whatever.
so switch, you didn't marry them.
And even then divorces exist.
Like, you know, you didn't, it's, it's,
it's free, like switch to,
to Firefox or whatever else.
Like you can, we can always change,
but specifically when it comes to, um,
you know,
you're talking about like for family
members,
I think that gets a little trickier
because I think there's, um,
there's two obstacles there.
One of them is like a mental block.
Like I've,
I've read so many stories usually on
Reddit of people that are like, you know,
Oh, I like,
I went to my mom's house for Thanksgiving
and I like switched her over to Chrome.
And then I just changed the logo to
look like internet Explorer because she's
still using internet Explorer.
Yes.
Internet Explorer, not edge.
And you know, it's like,
those are the kinds of things where it's
like, okay, I mean, whatever works,
like some people are just not tech savvy
and they're not even going to notice the
difference.
But then also like,
so like where I'm going with that is
like,
I think there's some people where if you
tell them like, you know, Hey,
I switched your browser because you know,
your old one hasn't been updated in ten
years.
They're going to freak out and they're
going to be like,
I don't know how this works,
but if you would never told them,
they'd never even notice.
You know, it's like all in their head.
I think that's a challenge,
but then I think there's also the fatigue
of like, okay,
say you switch them to Firefox and they're
just like,
I don't like this.
Like genuinely, like, I don't like this.
This isn't working.
I don't understand the UI.
And then, okay, well let's try brave.
And it's like, well,
I'm still a little confused and I'm not
really sure.
And it's like, it's,
you don't want to keep switching people
because they'll get exhausted.
Like a lot of people have,
have cited that in the privacy community
where like, you know,
I got all my family on like wire
and then wire went away or, you know,
I got all my family on wicker,
which I miss wicker.
I thought wicker was awesome,
but you know, they went away and,
you know,
and then I got everybody on session and
session almost went away.
And it's like,
you hit a point where people are just
like, I don't want to keep hopping,
like just pick something and let's use it.
And so it's, um, it's definitely really,
uh,
I guess what I'm getting at is like,
I have some sympathy because on the one
hand I would say like, yeah, just try,
try to put your family member on whatever
the best option is,
whether you believe that's brave or
Firefox.
And if they don't like it,
they can switch,
but they'll probably get tired of that if
that keeps happening.
And I do worry about the mental block
of them,
like just being afraid of an unfamiliar
thing.
It's really tricky when you're trying to
help other people like that.
So I don't know.
But yeah, I think at that point,
you kind of have to take the harm
reduction approach of,
like you were saying, well,
at least it's not Chrome.
Almost anything's better than Chrome.
So yeah.
Exactly, yeah.
I think it's...
You've got to put things in perspective,
I think, sometimes.
Okay,
so we've got some more questions here.
What is your opinion about Nosta Protocol,
a new VPN working on Nosta?
I think Nosta seems interesting, but,
I mean, there's...
We kind of push people more towards the
Fediverse over NOSTA.
I know that there is...
I feel like NOSTA has more of a
priority about censorship resistance and
free speech,
which is good if that's what you really
are looking for.
But I think we are kind of big...
proponents of the Fediverse over Nostr.
I'm not really sure of the technical
limitations behind Nostr or anything like
that.
Personally,
I am kind of biased as well because
I'm also on the Fediverse.
I'm not on Nostr.
I haven't really seen any benefits over
Nostr.
Like, I had no reason to switch.
So, I don't know.
I haven't seen that they're working on a
new VPN system.
But I think it's...
Nostra does seem a lot more popular with
a very specific niche community of people,
mainly in the cryptocurrency space.
So, I think...
If you're in the cryptocurrency space,
maybe it would make more sense to be
on Nosta because I'll just say I don't
think the people in the Fediverse are
going to like you posting about
cryptocurrency and Web three stuff.
It's just not really part of the community
there, which is fine.
I think it's just a different community.
So, yeah.
Do you have any thoughts on that or.
Not really.
I have never felt compelled to check out
Noster.
And I don't really know anything about the
technical workings of it.
And yeah, I don't have anything to say.
Alex asked about the Opera browser.
I think that kind of falls in the
same.
I mean,
please don't ask us about every single
browser, guys.
But Opera, to me,
is another one of those, like,
it doesn't really offer anything.
Especially from a privacy perspective,
it doesn't offer anything.
Especially compared to something like
Brave.
Okay, especially with Opera.
I know I said especially a lot.
I'm really sorry, guys.
Opera is based on Chrome.
So at that point,
you may as well just go use Brave
and get all the amazing privacy features
that Opera does not have.
And chances are that if you have an
issue with Brave,
it's probably the same issue you're going
to have with Opera in the sense of
like, well,
I don't like the Chromium Monopoly.
Opera is not going to fix that.
So it's kind of one of those things,
in my opinion, where it's like,
I don't see a point in opera personally.
And even I'll,
I'll go out on a limb and say
this.
I think I actually told someone about this
earlier today, real quick.
So opera GX is like this version of
opera that's aimed at gamers.
And it's like, Oh,
you can like restrict how much Ram it
uses and stuff like this and that personal
opinion.
And I'm not as tech savvy as I
used to be.
So maybe I'm wrong here.
I feel like it's all smoke and mirrors.
I real quick,
if I can tell a story.
So I used to I used to be
in the military and a lot of my
friends were not a lot of my friends,
but a couple of my friends were into
like street racing.
And so they would do things like remove
the backseat of their car because that's
just dead weight they don't need.
And I remember another one of my friends
who was a mechanic would laugh at them
when I told him that story because he's
like, that's like, sure,
technically you're getting rid of weight,
but that is so negligible because there's
other components in the engine that like
this one little component weighs as much
as the seats do.
But if you spend, you know, I mean,
granted,
it's going to cost you twice as much,
but if you spend twice as much,
you can get the carbon fiber version of
that little component and
That's going to shave off more weight.
And if you keep doing that,
you're ultimately going to shave off way
more weight,
way faster by getting these components
instead of doing stupid things like taking
out the backseat.
And if you're dedicated enough to take out
the backseat,
then you should probably just be forking
over the money for these components.
And it's like,
that's kind of how I feel about things
like Opera GX is like,
Are you really getting enough of a
performance boost by like limiting the RAM
by one gig or whatever you can do?
Wouldn't it be better to just invest in
like better – okay,
obviously now with AI and everything.
Maybe you can't do that.
But before the AI boom jacked up the
price of RAM,
like wouldn't it be better just to like
spend eighty bucks and buy more RAM or
something like that?
I don't know.
So –
I don't really see a point to it.
I think if you have an issue with
Brave,
it probably applies to Opera and just
isn't worth it.
But thank you for coming to my TED
Talk.
Yeah, I think also the thing with Opera,
I think, is it kind of changed hands,
I think, in twenty twelve.
It was originally like a Norwegian company
that was like focused very much on like
customization and like having that they
had their own browser engine at one point
as well,
which people were kind of obsessed with.
um and then they kind of got bought
by like i believe it was like a
chinese consortium or something uh and
they kind of pivoted directions they were
they were moving towards like chromium
based uh instead of maintaining their own
system um and kind of the developers that
were really passionate about opera i think
they moved to vivaldi so like
But again, though, like Nate was saying,
like... Like, Vivaldi is fine.
Like,
it's not collecting your information
like...
chrome or edge or any of these like
really big big tech browsers but again
there's better options um and there's more
comments about browsers here as well did
you try zen browser how good is that
i like the ui but i don't know
about privacy i think it's just firefox so
we recommend firefox make some changes
adjust the settings i think it's
It's just the same as Firefox in privacy
perspective.
I think it's actually a little bit better
because it has a lot of the Mozilla
stuff stripped out,
which does make connections without your
consent.
I'd say it's a little bit better by
default, but again,
you could be using like Moldad browser or
Brave or something which has better
protections, so...
I know Jonah uses Zen and he speaks
very highly of it for what it's worth.
Oh, it's sponsored by Tuta.
I'm on their website right now.
I did not know that.
So yeah, it's probably not a bad choice.
I don't think so.
I think like when we talk about privacy,
it's fine, but I think, yeah,
it's missing some of those extra
protections.
I don't think they have as much of
a focus on,
on like fingerprinting protection and all
this stuff like Brave and Morbad and
Firefox have.
Um,
there was another comment here from
Purring Pudding,
general thoughts on Thunder Mail Pro.
Um,
I think I've been testing it out a
little bit and I kind of put together
some thoughts on the forum about it,
which I found.
So I'm just going to read what I
wrote.
I got access to the closed beta.
I've just been kind of putting together my
thoughts about it for a while for some
issues that I had with the service.
So I'm just going to read what I
wrote here.
Servers are hosted on AWS,
so Amazon Web Services in Germany though.
So it is that they have
Kind of a new thing that Amazon's been
doing is they have European servers now,
which I think is good.
I think it's still better than being
hosted in the U.S., in my opinion.
No two-factor authentication.
They said they're working on it, though.
It'll be out this year.
No inbound PGP email encryption.
It's on the roadmap for this year,
but it will be released soon, TMR.
No DNSSEC or Dane,
which is basically a way to verify the
authenticity of an email.
DMARC reports were being sent to
Cloudflare, which is like, you know,
it doesn't contain the message data,
but it's like a lot of metadata,
like IP addresses and
sent and received addresses and all that
sort of stuff.
You don't want that going to a third-party
company if you can avoid it.
What else was there?
They had the mta-sts setup,
which basically it's a way of allowing
email servers to know whether a server
supports TLS encryption.
Same thing with DNSSEC and DEAN.
It's like sort of how that works.
It verifies the certificate
to see whether the TLS certificate that
you're connecting to
is valid and stuff like that.
So are they also using payments through
Paddle,
which Paddle isn't particularly privacy
respecting.
I would have expected them to do something
self-hosted or something a bit different
like Tudor and Proton are currently doing.
Again, though,
I think this product is not really aimed
at the same audience as Proton and Tudor.
I think it's more of just like a
product of a product of
Thunderbird it's like if you use
Thunderbird you like your email being
hosted like outside of big tech you can
sign up to them instead again it's better
than Google it's better than Outlook it's
better than Apple but I think this it's
still very much a very early project and
I'm kind of
wanting to get in touch with their team
a little bit to see more specifics about
if they're going to address any of these
concerns that I had.
Because I think it's only going to benefit
users of this service in the long run.
You can check out the thread.
There's a thread on the forum on
discuss.privacyguides.net.
Thunderbird Pro and Thunder Mail
announced.
So check that out.
There's more discussion there if you're
interested.
I also think it's very expensive.
It was...
six dollars a month paid yearly USD so
that was about a hundred a hundred
Australian which is quite a lot compared
to Proton who offers similar service for
like half of that so it's a little
bit of a tough sell
There's also some additional services that
it includes, such as Thunder Mail Send,
which you can send files and then encrypt
it to other people.
There's also a calendar scheduling service
included as well.
I think both of those are quite
interesting in
I think they definitely offer a unique
service,
but I don't think it's really something
that we can recommend switching from
Proton, at least at this stage.
It definitely has the possibility of being
really good, though,
because one of the really cool things
about this service is it's based on
stalwart email server,
which is one of these self-hosted email
server software that we recommend.
It's written in Rust.
They have a big focus on privacy and
security.
They have a lot of...
quick development they've really built
this product up quite quickly and they've
had a focus on privacy and security from
the start which and just making it easy
to self-host your own email server which
I'm really a big fan of because I
think the more people that are taking
control of that data the better and if
we can make it easier because originally
like I can remember setting up email
servers like
five or ten years ago it was like
not fun it was like kind of a
time-consuming process it was not very
clear if you were setting it up with
secure defaults and stalwart kind of
automates that whole process for you so i
don't know i think it has a potential
to be quite good but i don't think
it's going to compete with proton or tutor
at least currently right now
I think we had a quick one from
Swiss kill Euro office.
What are your thoughts?
Do you have any thoughts?
It's not even out yet.
And not really.
That's a fair point.
Yeah.
I don't really have any thoughts.
I don't do,
I guess I do some online collaboration
just because, you know,
like these notes and writing the script
and everything.
But I honestly, like for myself,
I just use LibreOffice and,
It's not the prettiest UI,
but it's definitely gotten a lot better,
and it works.
It has everything I need.
Everything is more or less where I expect
to find it.
For online collaboration, again,
we don't do too much of that.
It's mostly just updating the show notes
and writing scripts every week or every
other week or whatever.
So yeah, I don't know.
It's not too much of a concern to
me, to be totally honest.
Yeah, same.
I use LibreOffice.
LibreOffice Calc is kind of great,
actually.
I think it's,
I would say it's like in some ways
better than Microsoft's one.
But some of the other ones like Writer
and I don't know,
definitely leave some things to be
desired.
But I think, I don't know,
I think it's better to have more options
than not.
It's kind of annoying, though,
that that keeps,
everything keeps forking over and over
again.
I'm pretty sure OpenOffice
It's open office was like a fork of
something else.
And then now there's a fork of only
office.
Was it only office?
Yeah, only office is a fork.
Yeah,
I think it's I think LibreOffice was first
or maybe open office was first because I
used to use the Apache open office one.
And then yeah,
I think only office was a fork of
something.
And now Euro office is like a fork
of only office.
I don't know.
It's it gets hard to keep track.
Sorry, I didn't mean to cut you off.
I didn't really have anything else to add.
I was just, yeah,
it is kind of confusing to keep track
of things.
Yeah, I think you're right.
The only office is different to
LibreOffice, like a separate project.
But yeah, yeah, kind of weird,
kind of confusing.
I don't know.
I like LibreOffice.
It works fine.
It's fine.
It's not that pretty, but it's fine.
Yeah.
The, the, the PowerPoint one presentation,
that one leaves a little bit to be
desired.
I agree with you, but yeah,
writers fine for me,
but I also don't do a lot of
writing.
Like ninety,
ninety percent of the writing I do now
is like in the browser, you know,
like I'm writing a blog post and it's
going to stay in the ghost drafts or
again,
like I'm writing the scripts and the show
notes and those stay in next cloud,
which I know is,
is a fork of something.
I think that one is only office.
I can't remember, but it's a,
I don't feel like I open Writer very
often these days.
But I was going to say, for me,
it's a case of like, I think,
so there's this concept,
for those who don't know,
called Dunbar's number, which is,
it's basically like,
they say it's around a hundred and fifty
people.
There's only about a hundred and fifty
people that you can have a meaningful
connection with.
And everybody else is kind of like
background noise.
And I know that sounds really harsh,
but it's just the way humans are wired.
Like we're not wired to keep track of
thousands of people and care deeply about
their lives.
And it doesn't mean you hate them or
anything.
It doesn't mean you're rude.
It just means like if you run into
one of those people who's not in your
one fifty, you might forget to ask them,
be like, oh, hey,
how's how's your job going?
How's that thing going?
How's your friend that you were telling me
about?
Like you just it's just hard to keep
track of people.
And I feel like it's the same way
for causes.
Like everybody has a certain number of
like
philosophical causes like the environment
or privacy or, you know,
digital sovereignty or whatever.
And I think it's hard for people to
care passionately about those things.
Like, again, you know,
even if you're not an environmentalist,
you probably still turn the light off when
you leave the room.
Right.
Or something like that.
But, you know,
you may not necessarily go to a protest
or something.
And that's,
that's how I feel about open source and
licensing.
Like there's so many people that like, Oh,
like,
organic maps for example to be totally
honest like comaps is a fork of organic
maps because there was like some kind of
like licensing thing or something or other
I know there were other issues too but
like that was a big part of it
was like something about that and I'm
sitting here like I just don't care and
and like I'm glad that people do because
that is important stuff that does have
repercussions but like I just I have so
many other things already that I care
about that when it's like oh there's this
new like whatever office suite because the
other one was AGPL instead of MIT or
what you can tell I don't even know
what I'm talking about right now and I'm
like I just don't that's so above my
level I don't care if it's good
It's, you know, we,
we talk about this with like signal,
for example, like if it's good,
if it's got features I like,
if it looks good,
if you make a good argument,
I'll switch happily.
I don't mind, but it's just like,
I'm not going to switch on that grounds
because there's only so many things I can
care about.
And for me,
like that kind of stuff is not one
of them.
So yeah, that's,
that's kind of why I'm on LibreOffice
because it's free and it works and it's
intuitive and yeah, but I don't know.
definitely i think we are definitely
hitting almost the two hour and thirty
minute mark here i think we need to
start closing out the stream but thank you
to everybody who's been leaving questions
and stuff um it's been it's been great
um to chat with you all and thanks
so much for again the donations that we
had that was really nice um but yeah
i think we're definitely gonna have to
start closing out the stream here um just
to respect everyone's time
Agreed.
Yeah, I'm at a standing desk,
so I'm getting a little tired.
So all the updates from This Week in
Privacy will be shared on the blog every
week.
So sign up for the newsletter or subscribe
with your favorite RSS reader if you want
to stay tuned.
For people who prefer audio,
we also offer a podcast available on all
podcast platforms and RSS.
And this video will also be synced to
peer to privacy guides is an impartial
nonprofit organization that is focused on
building a strong privacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
then you can make a donation on our
website, privacyguides.org.
To make a donation,
click the red heart icon in the top
right corner of the page.
You can contribute using standard fiat
currency via debit or credit card,
or you can opt to donate anonymously using
Monero or with your favorite
cryptocurrency.
Becoming a paid member unlocks exclusive
perks like early access to video content
and priority during the This Week in
Privacy livestream Q&A.
We also released some subscriber-only
content recently that Jordan mentioned,
and hopefully we will continue to do so
in the future.
And you'll also get a cool badge on
your profile in the Privacy Guides forum
and the warm,
fuzzy feeling of supporting independent
media.
So thank you all so much for staying
with us, and we'll be back next week.
