Is Ubuntu Becoming the New Windows?
Ubuntu is adding AI,
a major new security vulnerability in
Linux that's making headlines and writes
con chaos.
All this and more coming up on This
Week in Privacy number fifty one.
So stay tuned.
Welcome back to This Week in Privacy,
our weekly series where we discuss the
latest updates with what we've been
working on within the Privacy Guides
community,
and this week's top stories in data
privacy and cybersecurity.
I'm Jordan,
and this week I'm joined by Nate.
How are you doing, Nate?
I'm good.
I'm a little tired.
It's been a busy day for me,
but I'm excited to jump into these stories
and talk about some privacy stuff.
Yeah, me too.
All right.
Now let's dive into the biggest news in
privacy and security from the past week.
So the top story here is Ubuntu's AI
plans have Linux users looking for a kill
switch.
So if you haven't seen already,
Ubuntu is basically planning to integrate
AI features into the operating system.
People have been moving away from Windows
because of the AI features,
So this is definitely an interesting move,
but I do think this is definitely a
move from the corporate side of Linux.
For example, this is pushed by Canonical,
the company that owns Ubuntu.
So Canonical's plan to add AI features to
Ubuntu has some users asking for a version
of Ubuntu that does not include these
features,
while others say they'll stick with older
versions of the Linux distro or even
switch to a different one.
So basically the canonical VP of
engineering, John Seeger has basically,
uh,
already stated that they're not going to
be adding a global AI kill switch,
but users will be able to remove any
AI features they don't want.
So if you're kind of curious, like,
you know, what is this,
what is this going to look like?
So basically he followed up on that and
said, it would be, you know,
stuff like accessibility tools,
like AI speech to text and,
and text-to-speech,
along with like agentic AI features,
which I think we at Privacy Guides are
definitely much more skeptical about this
sort of feature.
We've definitely talked about that before
as a sort of privacy and security risk
in a lot of ways.
So that's also kind of a concern.
And he also followed up that by saying,
the plan is to introduce AI features as
a preview on a strictly
opt-in basis in Ubuntu version twenty six
point ten.
So I believe that is not an LTS
version.
That's actually just a standard release.
But yeah,
this is going to have a step in
the initial setup wizard that basically
asks you if you want to use the
AI features.
And he also clarified that these features
will be added as snaps to the operating
system.
So if you're not really familiar with
snaps,
they're basically a package format that
Canonical has moved forward with.
And that is...
sort of their proprietary package format.
So I guess to sort of move on
from this,
there was also another organization that
has a Linux distro.
So this was the CEO and lead developer
of Zorin OS.
And because, you know,
this is kind of becoming a sort of
controversial topic because a lot of
people are quitting Windows specifically
because they don't want all the AI garbage
like Copilot and
these agentic features, Artyom Zorin,
who's the CEO and lead developer of Zorin
OS,
said in a statement to The Verge that
his distribution, Zorin OS,
is AI agnostic,
and that any potential AI features must
adhere to our values of keeping Zorin OS
secure, privacy respecting,
and performant.
So he also said that Zorin OS might
adopt these features as they do appear to
meet the requirements of respecting
people's privacy and security.
So a lot of these features that he
talked about were like local AI models.
So that is a benefit.
And I also wanted to cover another thing
here.
that this article didn't actually show.
There was an interview done by Fosforge
FOSS Force,
and this was by Christine Hall.
And basically they interviewed John
Seeger, who's the, as we said before,
the VP of engineering at Canonical.
And he did state in this interview,
we're not, sorry,
we're not setting shallow metrics on token
usage or percentages of code written with
AI,
but rather incentivizing engineers to
experiment and understand where AI tools
add value.
rather than force a single early choice AI
stack.
We're incentivizing teams to each pick
something different and go deep,
so we learn more as an org in
the next six months.
He also said that Ubuntu workers will
never be replaced by AI.
So that is a good thing, right?
Whether that stays true or not is up
for debate.
You know, you can say, oh, we're just,
you know, we just didn't need you anymore.
Like you can make up kind of any
excuse you want to lay someone off.
So I don't know if that's entirely,
you can't really, you know,
follow that but anyway that's kind of my
personal opinion on the matter um and i
think this i'm going to hand it over
here to nate because i feel like i've
talked on this quite a while i do
have some privacy and security concerns
with some of this but i kind of
wanted to hear what your thoughts are nate
well um let's see i think uh
Well, first of all,
I want to clarify a couple of things
just in case you did mention this,
but just in case anybody missed it.
So these are allegedly these are going to
be opt in features.
They're not going to come pre shipped with
the operating system.
He did explicitly say that in future
releases,
like if you install Ubuntu from scratch,
that the install wizard will ask you if
you want to enable any of these features.
Um,
they also said they're going to be rolled
out as snaps, uh,
which for better or worse,
you can remove snaps.
So this is not going to be baked
into the, the, I mean,
not the kernel isn't the right word to
be technical, but you know,
they're not going to be baked deep into
the operating system where, um, you know,
it's, it's a pain to remove them,
but yeah,
So, um, overall, I mean,
I'm not a huge fan of canonical.
They've definitely done some not great
stuff in the past.
Like I think one of their releases came
with like the Amazon app pre-installed or
something, which was super weird.
Um,
but I think it would be fair to
say that they're not quite as bad as
Google in this sense, or not Google,
like Microsoft, um,
these other big tech companies, um,
I can't say I'd be terribly surprised to
see them change course for now and to
watch them become opt-out features,
but I also wouldn't say it's inevitable,
personally.
But I think, yeah, I think...
One thing I will applaud is that I
think there's kind of two sides of this,
right?
There's like the user facing side of it
where it's like, hey,
we're going to offer you AI features.
And I think at least the features they're
offering are things that I personally
think could be useful for people who want
them, like accessibility features,
speech to text, also troubleshooting.
Like Windows used to have a
troubleshooting tool and back around
Windows...
Seven, eight, maybe ten as well.
But in the early days, it was amazing.
It was actually really, really good.
You could go down and it was in
the taskbar.
You go down and you like right click
it or whatever.
And you're like, hey,
I'm having trouble with accessing the
Internet or whatever.
And it would go through the steps and
nine out of ten times it would fix
whatever the issue was.
And then for some reason,
Microsoft made it terrible to the point
where they eventually killed it off.
And I remember the last few times I
tried to use it, it's like, hey,
I'm having an issue.
And it's like, sorry, I can't help you.
Maybe try these pages that are completely
useless and don't answer your questions at
all.
So the reason I bring that up is
because if they're going to use one thing
that AI is really good at,
at least in my experience,
is troubleshooting things.
It's really good at feeding error codes
and you tell it like,
I'm using this version of a browser.
I'm using this operating system.
And it's really good at being like, oh,
this error code means this.
Try this.
And I have personally found that to be
very useful.
So I guess what I'm trying to get
at is at least I feel like these
are features that could potentially be
useful for people who want them.
I'm not saying that everybody has to go
get them.
But again,
compare this to something like...
windows recall, or, um,
I think they even rolled AI into like
Microsoft paint now.
And now you can do like generative image
stuff.
And it's like, I don't want that.
Nobody wants that.
This is stuff that's actually useful
somewhat.
But, um,
I think those are kind of my initial
thoughts.
I think, um, I think unfortunately,
you know, somebody, uh,
bam here asked like,
what are the alternatives then?
Um,
because a lot of beginner distros are
based on Ubuntu.
I think, um,
a lot of this really remains to be
seen in my personal opinion,
because I mean, things like men, um,
there is a Debbie inversion, uh,
like sees here pointed out,
there is a version of Debbie or mint
that's based on Debbie.
And because honestly,
men ended up making so many changes to
Ubuntu anyways, they were like,
it's easier to just,
just go back to Debbie in and start
from scratch.
Um,
You know, Zorin OS,
like you said here with the interview with
the CEO of Zorin, he didn't say no.
He didn't say we're never going to roll
out AI features.
He said we're going to be thoughtful about
it, which, again, like,
I fully respect there are some people that
are just hardcore, like, no,
no AI ever for anything, no matter what.
And if you feel that way,
then you have no guarantee that Zorin
won't do this.
I love Pop.
My wife uses Pop, but also...
Honestly,
they'd be the first one I would expect
to add AI,
except maybe like Red Hat because of their
corporate...
Like you mentioned at the beginning,
a lot of corporate pressure from the
companies that really put a lot of funding
into these operating systems or these
particular distros.
So I don't know at this time,
to be totally honest.
I don't know who would be safe from
the AI stuff.
I think, unfortunately,
and feel free to correct me if you
disagree because I could be wrong on this,
but I feel like what we're going to
see is kind of like...
There's a lot of,
like in the browser space,
we see a lot of forks
that remove stuff.
So like, um,
like water Fox or like Libra wall,
for example, you know,
like Mozilla will roll this thing out and
Libra wolf will take the AI out or,
um,
helium is not really a fork of brave
per se,
but I found out recently it does actually
incorporate some of brave stuff.
They didn't include Leo, for example.
So I feel like we're going to end
up in the same thing with, um,
I feel like we're going to end up
in the same vein with these Linux distros
where we've got, um,
the main players, the Fedora, the Ubuntu,
and unfortunately they're adding AI and
it's going to fall on the people
downstream of them to strip it out.
Except for, I will say Debian.
I would be very shocked if Debian adds
this,
but also historically Debian does not
always necessarily keep the repo super up
to date.
And I personally have had that come back
to bite me in the past.
So yeah, I don't know.
Did I,
did I miss anything on that one or
any further thoughts came to mind while I
was saying that?
Not really anything to add on the
integration stuff.
I think it's kind of like someone said
here in the chat, I'm not against AI.
Bam Owen said, point is,
I'm not against AI if there's a reason
for it.
The reason now is it's fashion.
which, you know, I don't see,
I just don't see a lot of the,
like I can see for accessibility,
like I could see maybe if it's like
a local system,
like I'd need to know more about how
it, what data it's trained on,
like how it's, what, how exactly it works.
But I think a lot of these agentic
systems are
it's very like fashionable.
Like we did have a story that we
were going to talk about this week,
but it ended up getting the chop,
but there was, you know,
we're seeing a lot of, uh,
people using this agentic system to shop
online, do all sorts of things,
use their computer.
Um, yeah,
it's like handing over control of your
computer to some massive AI company.
It's not really the greatest thing to do.
I would say on a privacy perspective,
at least.
Yeah, for sure.
And I'm actually glad you mentioned that
because that was the other side I kind
of forgot to mention very briefly.
I feel like it's very... I do...
Personal opinion, and I could be wrong.
Thankfully,
I'm a fully able-bodied person,
so I could be talking on my ass
here.
But I feel like accessibility is one area
where open source historically lags
behind.
And I'm making that claim looking at my
wife,
who I'm very open about is extreme ADHD,
like severe ADHD.
And, um,
a lot of the times she struggles to
use a lot of open source tools for
things that most of us don't really care
about, but for people like her are like,
it's her brain struggles to adapt to these
tools because of just the, the menus,
the user interface,
just the way they look.
And it's not even that she's trying to
be picky.
It's just the way that her brain responds
to this stuff is if it doesn't grab
her,
then she forgets to use it or she
has a hard time like using it properly
and stuff like that.
And so I feel like open source software,
I think,
has come a really long way in some
accessibility tools.
Like I know on Mastodon,
people are really pushy,
respectfully in my experience,
but they're really pushy about adding like
alt text to your images, for example.
But I feel like we've lagged behind in
a lot of other ways with like...
like I know, uh, when,
when brave was trying to fight off recall,
they had to take into account making sure
the screen readers still worked and stuff
like that.
So, um,
I think where I'm going with this,
I think the AI could be useful if
it improves some of those accessibility
tools.
Like maybe if it can automatically pick
out a better color scheme for colorblind
people,
or if it can do the whole like
speech to text thing really well, um,
not to get too far on that tangent,
but I've,
I've mentioned in the past somewhere in
the past recently that, um,
people used to recommend to me that you
could use your screen reader to listen to
news articles while you're working.
Because I used to work a very physical
job where I couldn't just sit and look
at the screen and read an article.
But they're like, yeah,
use the screen reader and listen to it
while you're working.
And I just cannot listen to that monotone.
It doesn't get the pauses right.
It runs right through periods.
And it's just like, oh,
this is impossible to listen to.
I can't do it.
But I would love an AI where it
can more or less get the cadence and
it can kind of
I think that could be a good use
for it,
but I am really confused where he talks
about developers.
We're trying to get developers back on
Ubuntu.
I don't know, just that whole thing.
It was one of those things.
You had me right up until that part,
and then I'm like,
what is he talking about?
I don't know if it's just them trying
to stay competitive or something,
or like Owen said,
it's the fashion right now.
It was really weird to me, personally.
Yeah.
Yeah,
I think the biggest concern is Canonical's
developers are now using AI tools.
This confirms that they're using AI tools,
which I think for developing software,
I think AI can be kind of dangerous,
right?
Because there's people submitting...
pull requests,
there's people's developers working on
certain parts.
We know like these systems are based on
a dataset and the dataset can be poisoned.
Like we've already seen it before,
like even just a couple of
even just making a bunch of spam websites
with malware on it.
And the AI just scans it and then
acknowledges that as the,
as being part of its dataset.
Like it kind of is a bit risky,
especially because this,
these AI systems don't really know what's
right and what's wrong.
They just kind of are spitting out an
answer that will please you basically,
which in a lot of times means it's
just lying to you.
So I think,
It's a little bit of a dangerous choice.
I think them so openly admitting that they
like this,
they're considering allowing their
developers to do this or acknowledging
that they are is definitely going to push
a lot of people away from Ubuntu because
in the past there's already, like,
people who are, like,
very against it because if you remember
originally it was a very long time ago,
but they had an Amazon shop integration
and people were like really sus of it
because, you know,
it's sending data to Amazon.
It was a whole big thing.
They removed it.
They haven't done something like that
since then,
but it kind of burnt the bridges that
a lot of people had with Amantu.
So I think, um, it's, it's kind of,
uh,
not a great look for them.
And I think a lot of people are
going to be deciding to actually go with
a different distro instead of sticking
with Ubuntu,
which I think a lot of people already
have because Ubuntu
people really don't like snaps.
Like, oh, snaps are disgusting.
Like, why?
The loopback devices in the disk thing,
like, I don't know.
I just don't like,
I think snaps are probably the worst
containerized package.
But, you know,
I think a lot of people find Canonical
to be pretty controversial.
So I don't think this is going to
impact that much, but I think it's,
it has some knockdown impacts, right?
Because like you said,
there's so many distros that base their
distro on Ubuntu.
So like the changes that they make,
like allowing their developers to use AI
to develop the software can have a
knock-on impact and introduce security
issues, like I was saying.
For sure.
I don't have too much to add to
this.
But real quick before we move on,
I would be remiss if I didn't point
out, over at Privacy Guides,
our official recommendations for an
operating system are Linux.
You may be not surprised.
We recommend Fedora Linux.
I don't know if these are in order,
per se.
But I will say I've used Fedora a
few times.
I'm pretty happy with it.
It's really good.
Yeah,
so this is our recommendation for people
who are new to Linux.
We do also recommend OpenSUSE Tumbleweed.
We do recommend Arch Linux,
which I can already hear all the Arch
users in the audience.
If you want an atomic distribution,
we do recommend Fedora Atomic, which...
Um,
it looks like we don't recommend silver
blue specifically,
but I know silver blue is one of
the more popular ones there.
Nick's OS is another one.
And then, uh, you know,
who nicks and tails aren't really kind of
the things that you would use day to
day, but, um,
they are the best for anonymity.
And, uh,
I will say as a cubes user,
it is super, uh,
there's a very high barrier to entry,
but you know, it's, um,
It's very secure, I will say that.
SecureBlue, KickSecure, again,
those may not be right for everybody,
but definitely go check that out on our
website if y'all are thinking about
jumping ship from Ubuntu.
I would say start there as your
recommendations.
Real quick,
I do see a question from Lucas,
and I think we will take questions a
little bit later,
but I just wanted to let you know
that we did see that, so thank you.
Do you have anything else to add to
this story, Jordan?
I think you're muted.
Oops, sorry.
Yeah,
so there's a comment from Peaceboy John.
So they said, sadly,
to answer the video title question, yes,
sadly, it is.
It's definitely becoming less popular.
I remember back in the day,
Ubuntu used to be basically like the
pinnacle of Linux like it used to be
like the distro that everyone would like
choose and now it's sort of becoming like
uh yeah they made a lot of controversial
decisions um but yeah I don't really have
much more to add here
Yeah, I think I will real quick,
since it's relevant.
Bam Owen said few grandma-friendly distro
recommendations there.
And you were talking about,
you're thinking about not only what can
the tech-savvy people do,
but also everybody else.
And I think that's really valid.
I am always championing that mentality
myself of like, hey,
that's great that you use this thing and
you're not affected by this age
verification law or whatever,
but what about everybody else?
So I really applaud that.
But one thing worth mentioning
noting is uh you know privacy is a
spectrum and personally i think fedora is
pretty user-friendly um i mean obviously
there's always going to be certain people
that do struggle more with technology in
general but uh i mean like i mentioned
earlier my wife uses pop os she doesn't
have any issues with it at all she
never almost never asks me for
troubleshoot i think she asked a few
months ago and that was the first time
in literal years that she's like needed
help with something on that so
Um, I mean,
pop OS is not an official recommendation,
but my point is like, it's a spectrum,
right?
Like Fedora is not as secure as cubes,
but I don't think we're telling everybody
to go out and get a cubes computer.
Cause that is quite a bit of a
lift.
So it's, um, it,
I think even moving to something like
Ubuntu, even if they do add the AI,
even if it's not perfect,
I would argue is way better than using
something like windows or, you know,
moving somebody to a Mac instead of
windows.
So,
which I know there's a price problem there
for the record, but point being,
I see you, I do agree with you.
Like some of these,
some of these recommendations might be a
little bit out of reach of the less
tech savvy,
but I think there's still a lot of
good options that do move the needle.
So it's not always about being perfect.
Sometimes it's,
Sometimes it's about outrunning the other
hiker, I hate to say.
Yeah,
and I do think it's important to know,
like, you know,
you don't have to use the recommendations
that Privacy Guides has, right?
We specifically chose those because they
offer the best, like,
privacy and security stuff.
You need to, you know,
look at other sources,
find what you need for your situation,
like...
Cause that's the most important thing,
right?
Like if you're not tech savvy,
then maybe those recommendations aren't
going to be good for you.
And there's no point in it being more
private and secure if you can't use the
operating system.
So, um, yeah,
just definitely don't feel pressured into
using any specific distro.
You need to think about what, you know,
your needs are.
And if your needs are to use something
that's a little bit easier to use,
then definitely don't feel like you're,
uh,
added like you know you have to use
what we recommend for sure well said
All right.
On that note,
we're going to move into some sad news
coming out of Europe,
which is Europe is attacking,
not as a whole,
but a couple of European countries are
attacking anonymity right now.
Well, arguably,
Europe in general has got some problematic
laws they're proposing right now.
But we're going to focus specifically on
anonymity.
And first up, this came in first.
On April twenty third,
Turkey wants to ban anonymous VPNs.
And I mean, honestly,
it's pretty straightforward.
They want to require VPNs to basically
keep logs.
I don't think it's specifically said to
keep IDs, but basically,
they don't want anonymous VPNs anymore.
They want all VPNs to be able to
be tied back to a user.
Oh, man.
OK,
so the headline is pretty straightforward,
if I remember correctly here.
I mean,
I just read this a couple hours ago.
I should remember pretty well.
But there's a – yeah, let's see here.
So the licensing proposal would add a
legal ceiling.
Right now,
Turkish users can route around blocks.
A licensing regime would close that door.
So yeah,
there's a lot of concerns here about –
the more veteran listeners in the crowd
will know that just being under
surveillance changes people.
When people know they're being watched,
they behave differently.
So not having somewhere that people can go
to –
to, to freely research and explore,
you know,
that's one of the reasons we're such big
proponents of anonymity on the internet,
but also just it's, it's a,
It's another way to help try to keep
government in check, right?
Like censorship is one of the first signs
that something is not right in your
country.
I don't know about one of the first
signs, but it's up there for sure.
It's not a good thing.
So, you know,
when a country can require VPNs to keep
logs like this,
then even if they never actually say, hey,
block this website,
they can de facto block it because they
know everybody who's done it.
Yeah.
To the surprise of no one,
this is being described as a measure to
help protect the children.
I haven't seen this argument in a long
time.
They said that this has something to do
about attackers reportedly drawn to
violent mobile games.
So we have now regressed back to nineteen
ninety where we are blaming violent video
games for all our problems.
um you know i play boatloads of
civilization and i have yet to try to
take over the world i play quite a
bit of lately i've been playing a lot
of stardew valley i have yet to move
to a farm trying to think what else
um i've played tons of jurassic world i
have yet to bring dinosaurs back to life
so i don't really know where they're
getting all this from but you know we're
like i said we're back in the
separate but part of the same law they
said that they also wanted to add a
parent control child sim cards which i'm
not necessarily opposed to that but i i
would have to see what the implementation
looks like and also a cap on how
many mobile numbers a single person can
register which is
I don't know,
that just feels unnecessary to me.
But yeah, so, I mean,
that's kind of the thing there is Turkey's
trying to,
they interviewed ProtonVPN for this
particular article.
So, I mean,
take it with a grain of salt.
We also recommend Mulvad.
We also recommend IVPN.
But one of the things that I like
is Proton didn't even try to appease
Turkey.
They were basically like, yeah,
now is the time to sign up.
Now is the time to download the app
because once you have it, they can't,
technically,
they can't really go in and force you
to remove it.
And things like Proton, for example,
do have built-in censorship resistance.
MOVAD probably does too.
I think it requires a little bit more
manual configuration though.
But yeah, so I mean...
And if you have an Android,
you can always go to their website and
download the APK.
So yeah, that's a thing there.
And real quick,
we'll also move over to Greece who wants
to ban anonymity on social media.
And specifically, interestingly,
I'll give them credit.
They didn't go for Think of the Children.
They went for Toxicity.
And I mean this is basically – again,
the headline is what it says it is.
They don't want people to be able to
make anonymous social media accounts
because they're tired of people being
crappy online.
My first argument would be I think there
are a lot of people who are willing
to be garbage without anonymity.
We see plenty of people on Facebook using
their real names and their real faces,
and they're still being terrible.
I also – I thought this was such
a weird –
This is one of my personal things,
quoting the minister who spoke to this
article.
He said, in ancient Greece,
everyone could express their opinion
openly and by name.
They would raise their hand and share
their view.
This should inspire us as we shape a
new digital democracy.
Yes,
but the thing that people always forget
with this stuff is like back in ancient
Greece,
That wasn't written down.
They didn't sit there and take a roll
call of everyone who was in the audience.
They didn't sit there and write down every
single thing a person was said.
And more importantly,
they didn't sit there and sell it to
advertisers.
And they didn't sit there and put it
in this database that you can access from
anywhere in the world.
Like these are not one-to-one comparisons
because even like court records, you know,
as I say,
like they didn't sit and write everything
down.
Like, yeah, court records,
they sit and write everything down.
But again,
those are not sold to advertisers.
A thousand years ago,
that stuff wasn't kept in a data center
where you could, again,
pull it from anywhere in the world.
Back in the day,
if I lived in California and I wanted
information on somebody from New York,
I had to fly to New York and
get it.
And the internet has removed all these
barriers.
That's not really a one-to-one thing.
I will say that they do make some
good points about – they talk about how
with elections coming up,
Greece has a real problem,
which I think everybody does these days.
There's a real problem with fake news,
disinformation, trolls.
We know that is a thing.
Governments around the world on –
Every end of the political spectrum are
very heavily engaged in propaganda,
trying to sway public opinions, trying to,
you know, spread certain narratives.
And I will say,
not that I'm encouraging it,
but I do think it was funny that
when Twitter suddenly decided to start
saying what country everybody was based
out of,
it's amazing how many American accounts
were suddenly based out of, like, Moscow.
But...
I don't think that's a uniquely American
thing.
I don't think that's a uniquely left or
right thing.
I also don't think it's enough to really
justify this.
I think that's a very dangerous road that
they're headed down.
But yeah,
that is unfortunately what's going on in
Europe right now.
Did you did you see anything in these
articles that I missed, Jordan?
Oh, no,
I think that was a really good recap
of what's going on.
I mean,
Peace Boy John for twenty four said in
the chat, you know,
violence in video games is the biggest
excuse by far for fascism control over our
freedom and privacy.
Yeah, I think like, you know.
it's an easy, it's such an easy scapegoat.
I think what, what we used to see,
I wasn't around back then,
but I'm going to assume this is what
I'm going to, from research,
I guess I can say, uh, the, uh,
people used to say that about television,
like, oh, like, you know,
you're watching all this TV.
It's going to turn you into a violent
criminal if you're watching all these like
violent shows.
Um,
And as far as I know,
like there's no,
there's actually no evidence that that's
even true.
So, you know, there's like,
there's always these extreme cases where
there's like someone who's like a serial
killer and they like enjoyed GTA five.
And it's like the correlation doesn't
equal causation there.
You know, like it's irrelevant, right?
Did you have something you wanted to add?
No,
I was just going to back up what
you were saying.
It's funny because I do listen to a
lot of true crime,
and they actually know when there's a
serial killer that it's like, yeah,
he was really – like Jeffrey Dahmer
historically was really into – I think it
was The Exorcism III.
And they know that because it is so
unusual.
It's like normally they're not the
stereotype.
I mean there's several different serial
killer stereotypes,
but it's not always like the person who's
like super into horror movies and stuff
like that.
It's like – I mean look at Dennis
Rader, BTK.
Dude was a freaking Boy Scout leader.
He went to church.
I think he was a deacon at his
church.
Like it's – I mean slightly off topic,
but it's not an indicator.
And especially when you think of like how
many –
this past year has been like a huge
year for horror movies.
How many people went and saw bring her
back and then didn't go home and like
kill somebody, you know, it's just, it's,
it's cherry picking the things of like,
I know I don't want to downplay it
or anything,
but there was a shooter recently who like
made a simulator in Roblox.
I think how many millions of people play
Roblox Roblox and don't do something like
that.
And I'm not trying to let Roblox off
the hook.
I know they've got other problems,
but yeah, it's,
it's just like you're saying,
it's like selectively cherry picking like,
Oh, this makes it look bad.
And it's like, yeah, but that's,
doesn't it?
they're not necessarily related like that.
So.
Yeah, a hundred percent.
Um, I mean, this is just like, uh,
I think with the,
with the VPN thing as well, like,
I think this is where we see a
lot of these,
the issues of these centralized platforms
like Google play and the app store, right?
Because like you said,
people are kind of rushing to download
this because like the Turkish government
is kind of
they can kind of compel Apple or Google
into banning a lot of these things.
Like we already saw that.
I think there was,
when you did your interview with, uh,
Cindy Cohen,
she mentioned there's an ongoing legal
case in the U S about the U
S government forcing, uh,
a app that was used to track ice
agents, um,
to be removed from the app store.
And, you know, it's a tool,
it's a tool of censorship really.
Um,
And maybe there were legitimate reasons
for that being removed,
but it's clear that it's used as a
method to control the access to things
people can run on their devices,
which
seems not great.
So in this case, I think, you know,
it's good that ProtonVPN is,
they're kind of like one of the only
companies that are sort of actually
putting their money where their mouth is
and providing a free VPN service.
Like I'm sure there's loads of people in
countries where there's a lot of
censorship using their
using their free VPN to bypass the
firewalls.
And now it's like,
you don't even need an account.
You can just use it as a guest.
So it is,
it's really good to see that they're doing
that.
But yeah, I think it's,
unfortunately there's been a couple,
I think it was the UK that kind
of has pushed this whole like social media
anonymity ban thing.
And then Australia,
and then there's US states that are doing
it.
And then there's,
you know,
all sorts of countries that are doing this
stuff now, which kind of sucks.
But yeah,
it feels like every week there's like a
new story for age verification or like
something like that.
Yeah.
Yeah, for the record,
I think Australia was first and
everybody's been copying them.
But yeah, the UK has definitely, I think,
taken it a lot further.
They've openly floated the idea of banning
VPNs and yeah.
Okay, I think it was the, yeah,
the UK did, it was,
I think the UK was blocking...
uh, adult content.
And then Australia did the social media
ban.
Yeah.
I think that might be what it was.
Gotcha.
Social media is probably worse though,
because that kind of affects a lot more
people.
Right.
Um,
Yeah,
I don't know what our government is doing.
Help me.
Please help me.
Same.
Lucas here said,
I used to live in a sanctioned country
and paying for a VPN was not possible.
Yeah, I mean, I know there is Tor.
Tor, I think,
is sometimes a little bit easier to block,
but also has more...
It also has the openly available proxies
and workarounds, but...
Yeah,
he said it's great having ProtonVPN for
free.
So yeah, that's super awesome.
It's also not to like get this too
far off topic,
but we are big fans of things like
Monero to try and pay for things
anonymously because those are
significantly harder to sanction by
governments who try to do this kind of
stuff, so.
Yeah,
I think it's actually quite bad when
there's, you know,
the sanctions like that because a lot of
times it's like, you know,
even if your account is detected from
originating from a country that's
sanctioned,
it basically –
your account is immediately blocked on a
lot of services and stuff.
So it is definitely a problem.
It's good that like ProtonVPN has a way
for people to do that.
I think it's definitely an issue.
Like people don't really think,
cause like a lot of us,
at least on the privacy guide team are
from, you know, countries where there's,
No sanctions,
no major internet restrictions.
Well, anyway, you know,
sometimes it is good to understand there's
other people that also have different
needs.
Yeah,
it's definitely good what Proton is doing
for those countries.
For sure.
All right.
On that note,
I think that's all we have to say
on that story.
So I'm going to turn it over to
Jordan here to tell us about this exciting
new Linux vulnerability that I've seen pop
up in quite a few of the headlines.
So Jordan, why don't you take it away?
Yes, thank you.
So this one is kind of been floating
around and just to like,
I guess for people that have been
following a lot of Linux vulnerabilities
in the past,
this is sort of a continuation of
you know,
vulnerabilities in Linux that local
privilege escalation vulnerabilities in
Linux that have been basically using a
specific vulnerability in Linux, right?
So before there was dirty cow and dirty
pipe.
So if you have seen those before,
this is a similar thing.
I'm going to kind of read from their
press release because, you know,
I'm not the most – I'm not a
security researcher.
I'm not the most knowledgeable about this.
So I'm going to kind of just quote
a lot from this article here.
And you can take – we can kind
of discuss after.
So basically this is a –
local privilege escalation.
So that means it's not a remote privilege
escalation, which is much more damaging,
right?
So you need to have local access to
the machine,
which could mean that
It affects more shared hosting
environments, for instance,
where there's multiple users on a single
system.
And when we talk about local privilege
escalation,
we mean going from a regular user,
unprivileged user, to a privileged user.
So going from a user account to a
root user account.
And now I'm just going to quote from
the press release here, uh,
who is affected if your kernel was built
between.
And the patch,
which covers essentially every mainstream
Linux distribution,
you are in scope copy fail requires only
an unprivileged local user account,
no network access,
no kernel debugging features,
no pre-installed primitives and the kernel
crypto API.
AF underscore ALG ships enabled in
essentially every mainstream distros
default config.
So the entire twenty seventeen to patch
window is in play out of the box.
And they also discussed here that
distributions we directly verified.
So twenty four point oh four LTS Ubuntu,
Amazon Linux twenty twenty three,
RHEL ten point one.
Yeah, RHEL ten point one.
Sousa, sixteen.
So those were like kernel six point twelve
to six point eighteen.
So that is, you know,
it affects quite a lot of things.
And it also specifies which users are most
impacted.
So multi-tenant user Linux hosts.
So like, you know, shared dev boxes,
basically where there's
multiple users on the same system that are
unprivileged um which basically multiple
users are sharing a single kernel that
could be a user could use this exploit
to basically gain root user privilege
kubernetes and container clusters so uh if
you're running a kubernetes cluster then
it's possible that one of the containers
if it had this exploit it could
gain root access, and access the host,
basically.
And that is kind of concerning.
CI runners and build farms.
So basically,
CIs are basically the system that
developers use to automatically build
packages based on their code.
So these automatically run after merge
requests are made.
So basically, it can possibly...
you know, insert malware into the,
it could basically, you know,
have a PR request that basically allows
the user to gain root access to the
runner,
which can affect
If the runner is, you know,
shared by other systems,
cloud software as a service running user
code.
So like notebook hosts, agent sandboxes,
serverless functions.
And then they also talk about like
standard Linux servers,
single tenant production is not really as
popular.
much of a concern because you'd need to
have stolen credentials to do this.
And single user laptops and workstations,
which is probably the majority of privacy
guides users here,
is a low risk because you're the only
user, basically.
So you would need, basically,
if someone gained access to your system,
they could do this.
But that's not very likely.
That's not very in scope for a lot
of people.
So I guess we can kind of go
into the write-up of how this works.
I'm just going to read...
sort of how this works.
So AF-ALG,
which is the exploitable kernel module,
is a socket type that exposes the kernel's
crypto subsystem to unprivileged user
space.
A user can open a socket,
bind to any authenticated encryption with
associated data templates,
and invoke encryption or decryption on
arbitrary data.
No privileges required.
And basically it uses the splice core to
transfer data file descriptors and pipes
without copying,
passing page cache pages by reference.
So splicing a file into...
So it says when a user splices a
file into a pipe and then into AF-ALG
socket, the sockets... Oh my goodness,
this is like extremely...
extremely complicated.
So I think if you want to read
a little bit more about how this
specifically works,
then definitely check out the press
release,
because I'm not going to read the whole
thing here.
But last I checked,
this is still effective in basically all
the stable Linux gestures,
like Debian and RHEL.
Red Hat Enterprise Linux.
So yeah, this is like slightly concerning,
but I think for a lot of our
users,
I don't think this is particularly of an
issue because, you know, it does allow,
it does need one user to basically have
like local account access,
which is not really
not really that useful it's also good to
mention that this is like we kind of
talked about this last week but um with
the claude mythos stuff um this exploit
itself was actually found using an ai
assisted method so we're kind of seeing
that more and more um basically it was
able to identify and audit the whole
crypto subsystem and find this
vulnerability basically
so you know i think that's interesting i
think we're going to see more and more
of these like ai assisted exploits because
you know it's definitely able to analyze
the code a lot more easily than you
know because you kind of have to be
a pretty pretty uh
experienced, uh,
pen tester and security researcher to like
find these exploits.
So, you know,
if someone's not looking that carefully,
then it's definitely possible that
they'll,
it really needs like someone to look quite
closely to find these things.
So using an AI model definitely allows
that.
I think what I've heard though,
with these AI audit systems is that they
do cost a lot of money.
Like they cost a lot of basically, uh,
They cost a lot of tokens, I believe.
That's what they called in the AI sphere.
Like you need to basically use tokens and
that costs a lot of money to basically
analyze every line of code.
So this is probably not the cheapest way
of doing things.
I feel like if you're spending twenty
thousand dollars on like an AI assisted
audit, it's like.
Why don't you just like pay someone to
do that?
But I mean.
I guess it's easier because you don't have
to deal with another human, so maybe.
But I'm not really sure.
This is kind of an ongoing thing with
page cache corruption.
So this was the same issue that Dirty
Pipe and Dirty Cow had.
But in a lot of those cases,
it was...
There was a lot more specific
requirements, basically.
And where this is different is that
there's no conditions.
It's basically any system.
And there's no things like that.
So someone here sees LF.
I think the issue for workstations would
be a phishing attack that could get a
local user to execute the exploit on their
own or a chaining of an RCE with
copy fail to achieve root access.
I think that's definitely a possibility.
Yeah.
It's like,
it is possible to be for that to
happen.
I'll also say like this,
I was looking at this yesterday,
so I'm not sure if it's super up
to date,
but I saw Debian stable still hadn't fixed
this issue.
And it seemed like people were
I don't know,
not taking a very proactive approach to
fixing this.
And I think maybe it's because there's
not, you know,
there's not that much of a risk to
workstations.
Maybe there's a limited attack surface
because this does only sort of affect
shared hosting instances.
I'm not sure, but yeah.
Do you have anything you wanted to add
on this one, Nate?
I just had a couple of quick thoughts.
I mean, for one,
I wanted to drive home.
I know you already said this,
but I really want to drive home that
this requires local access,
which C's is absolutely right.
I mean,
that was my first question because this is
also too technical for me to fully
understand.
So I was asking about this the other
day when it came up.
In theory, yes,
somebody could get a hold of your...
For example,
I use SSH to manage my servers and...
theoretically,
if they somehow got a hold of my
private key,
then they could log in as me and
now they're in there.
But it's not one of those things that,
you know,
typically when we talk about a remote
access thing, it means that you wouldn't,
you wouldn't need to take any additional
steps like that.
You wouldn't need to fish somebody.
You wouldn't need to like plant.
I personally,
I used to laugh at these as surveillance
report all the time, not laugh per se,
but like there would always be these big,
like, Oh man, there's this really crazy,
like your phone can turn into a microphone
while it's sitting on your desk.
So the first thing the researchers did was
plant malware on the phone.
And I'm like, well,
no shit at that point, dude, come on.
And, and we saw that every single time.
So yeah,
That's not to like downplay these and say
they don't matter,
but just to kind of put it in
perspective of like, this is important.
This is something that they should
definitely fix if for no other reason than
the fact that it can break out of
containers.
And I don't know about you guys,
but I think a lot of people who
host self-host, I think the vast majority,
if they're using a VPS,
they're using shared hosting.
Very few people I think are willing to
pay for a dedicated server for any number
of reasons.
So it is important to patch,
but it's definitely not like,
like something that's just going to,
you know,
randomly start getting exploited.
There's some additional steps to take
there.
And then for the AI one,
like not to defend AI too much,
but you were talking about like,
I don't know why they wouldn't just pay
a normal auditor at that point.
I definitely think human auditors need to
be in the loop.
I think it was...
Oh, I don't wanna slander anybody.
Was it Entei recently?
Somebody,
one of the smaller projects we like that
kind of had an impromptu audit.
There was like an AI company that
approached them and they're like, hey,
we did this audit and we found these
things.
And like,
I hesitate to call it an audit because
it didn't sound like it was super formal
and it didn't sound like it was really
sophisticated.
But at the same time,
I do have respect for the idea that
it is, in a way,
it's another set of eyes.
It's another perspective.
It might notice things that you miss,
either just through, like, you're tired,
your eyes are glazing over from looking at
five million lines of code all day.
It can move way, way faster.
So I'm not trying to say it's perfect.
I know it's probably going to miss things
here and there.
But...
I don't know.
I guess where I'm going is I could
see value on it.
Again,
I would hope people are not relying solely
on AI for their audits, but yeah,
I don't know.
But yeah,
there probably is a point where it's like
we're spending twice as much on this when
we could get a human audit that's just
as good.
I don't know.
I could see arguments both ways,
but that just kind of came to mind
while you were talking about that.
Yeah,
so that is a good point to bring
up.
I definitely think it's kind of a little
bit silly to have everything be,
you can't only rely on AI, I guess.
There has to be some human input,
but I guess an update to this as
well.
Debian has released fixes on Bookworm and
Trixie.
Forky and Sid both had it fixed earlier,
so that's fine.
But yeah,
they both released fixes for Bookworm
stable releases.
If you're on Bullseye,
it's still vulnerable,
but you should probably update at this
point.
Bullseye is going to be phased out soon,
so probably look at updating to Bookworm
or Trixie at some point.
But yeah,
I don't think this is going to affect
most desktop users.
I think this is like you said,
it's concerning because people have VPSs
on
these like shared hosting platforms and I
think that's a bit scary that there's a
possibility of being able to break out of
a container or I'm not sure if I
guess it depends on what software the
hosting provider uses but yeah basically
anything that uses a shared kernel which
I'm not sure if it actually would affect
VPSs.
I think it would more affect shared
hosting,
like WordPress hosting sort of thing.
Cpanel and stuff like that.
Yeah, stuff like that,
where it shares a single kernel.
Because I think, yeah, the kernel,
it maybe would allow you to get root
access of the VPS,
but it wouldn't allow you to break outside
of that.
Yeah.
Yeah, definitely an interesting story.
This one was brought to our attention by
Freya,
who's also in the process of doing a
write-up on this.
So if you probably want to get some
more insight,
definitely check out privacyguides.org
slash news if you want to keep up
to date on some of the latest privacy
and security news and kind of get Freya's
thoughts on this.
And they had a little bit more
time to look into this so they've probably
got some more condensed thoughts but i
haven't really seen too many people
talking about this so i was kind of
surprised that uh that no one was talking
about it um so i thought it would
be good to at least mention um i'm
also kind of in the boat where like
this kind of goes over my head a
little bit um
I'm just reading what the press release
says.
So hopefully I did at least a decent
job of explaining it.
Definitely check out the article if you
want to learn more.
But yeah.
I feel like I've seen it pop up
in my newsfeed a little bit over the
last couple of days,
but I think it's still pretty new.
So, I mean,
it's already got a Wikipedia page
apparently, so that's cool.
That's our Wikipedia page.
What's that?
Oh, yeah, I know, right?
Man,
we have this conversation all the time.
This is crazy that we don't have one,
but...
Anyways, I actually did want to,
one thing that you said that somebody else
said,
and I meant to bring this up in
the first story,
but Bam here said that it's hard to
patch an old kernel such as Motorola on
Android X that stopped releasing security
patches.
Number one,
I think Graphene OS posted a big thing
on Twitter or Mastodon about how this
doesn't really affect Androids in the same
way, because I mentioned this before,
and I actually got this from Kerry Parker,
one of his guests that he interviewed,
is from a security perspective,
when we made mobile phones,
we as a society,
we kind of took all the lessons we
learned from desktop computers and fixed a
significant number of them.
So things about like,
I believe phones use like immutable
updates,
things about like app permissions,
things that phones do really well from a
security perspective,
but desktops have still not caught up.
So, I mean,
it probably wouldn't affect Androids in
the same way,
but
Going back to what she said and also
this and also the first story,
the first story mentioned that people were
saying like, oh,
I'm just not going to update Ubuntu
because of this AI stuff.
I don't mean to sound arrogant,
but y'all are absolutely insane with those
kind of takes.
I still see people commenting on old
YouTube videos where we talk about like AI
coming into Android and they're like,
well, I'm just gonna stay on Android nine.
And it's like, cool.
I hope you're not gonna touch the internet
with that thing because all of these
updates, yes,
they do often come with crap that we
don't want like AI,
but they also come with really important
security fixes.
And I don't know, just my personal take,
I think you're really gambling there,
especially the longer it goes on.
If you're like,
six months out of date like and you
don't really use your phone that often or
use it for anything sensitive okay fine
whatever but the longer it goes on the
more and more severe vulnerabilities
they're gonna find uh the easier they're
gonna become to exploit it's just to me
that's extremely uh i wouldn't do that if
i were you personally but um not my
phone so i guess y'all do whatever you
want but
I don't know.
I just, I wanted to address that.
I think people who choose not to update
in protest of features,
I think you're personally,
I think you're not getting a good trade
off on that one.
I think you should look into just a
completely different solution.
Like on Android, for example,
go to graphene where there are no AI
features.
So, yeah.
I think, you know, uh,
people have definitely very specific, uh,
decisions for choosing things.
And I don't know,
I think a lot of times a remote
execution vulnerability is probably not
too likely if you're being careful.
But I mean, obviously, I don't know.
You have to kind of know what you're
doing.
Otherwise,
I could say it's definitely probably not
the greatest, I mean, idea.
Yeah, I mean,
and I know there's always situations,
right?
Like there's definitely a lot of people
who live in countries where like they
don't sell pixels and an iPhone is too
expensive and stuff like that.
But I just, it's,
I'm more addressing it to the people who
are doing it strictly out of protest.
Like, I just don't want these AI features.
Well,
then you should probably move to another
operating system.
Like if you have the resources to,
I don't know.
That's just weird to me that it's like,
I could update to something else,
but I'm not going to,
I'm just going to stay on this release.
And it's like, okay,
but the longer it goes on,
the more vulnerabilities and in time,
like things are going to stop being
supported, you know,
eventually a lot of services you use or
like even who wasn't recently,
I think Firefox recently was like,
we're going to stop supporting this old
version of windows that I didn't know
anybody still used, but yeah.
So yeah.
I don't know,
just feels like the longer you go on,
the more you're opening yourself up to
risk, but that's my opinion.
Yeah, I definitely think it does depend.
Uh, I was using, I guess I'm gonna,
well, I'm not using it anymore,
but I was stuck on using an older
phone for like quite a lot of years
and it only back on Google pixels only
had.
like two years of updates.
Like that was so abysmal.
It was so ridiculously expensive as well.
Like it was like an a thousand dollar,
I guess like six hundred USD phone.
And, you know,
it only had two years of updates and
it was like,
I ended up using that phone for like
six years.
So, you know,
like four years of not getting updates.
Probably not the greatest idea,
but still like, you know,
I never got hacked.
So I don't know.
Maybe I was lucky.
Yeah.
I don't know.
I think we'll leave that one there.
I think we could argue this one all
night.
okay um so i did see there was
a question here from i'm wondering and is
there any sign that other companies will
adopt the privacy screen feature samsung
has introduced and what do you think of
it i mean i think it's interesting i
think the the issue that i've had with
like the privacy screen protectors is
they're like they kind of
make your screen look awful and they are,
I guess,
a strain on your battery because it's
basically covering the screen with like a
film, a dark film.
So, you know, I think it's,
it's interesting.
I think it's a better alternative to a
privacy screen protector, but I think,
you know,
there are trade-offs like there was
clearly trade-offs with the,
with the Samsung, uh,
with the Samsung galaxy S twenty-six, uh,
ultra, like there was,
there was trade-offs for having that on
the screen.
And I'm not sure if the trade-offs are
worth the
benefit,
especially because not everyone needs that
feature, right?
So like people were buying it because it
was a novelty,
but once it stops being a novelty,
it's just for a lot of people,
it's just a downgrade.
Like a lot of people don't care about
this feature like maybe you don't go on
public transport like if you don't take
public transport or you don't you know
open your phone in public then this
feature is not really that useful for you
so I don't know I think it's an
interesting I think it is sort of a
gimmick like it is like oh whoa look
at this cool new feature that we added
like it's really cool like everyone was
kind of obsessed with it for a while
because it's we've never seen anything
like it right and
but I think it's not very likely.
It's like how the Google Pixel added like
a temperature sensor.
It's like cool, but like no one's like,
I've never used that feature ever.
Like I don't need that.
Like it's a gimmick.
Like it's a thing that's like there as
like a selling point for the phone that's
oh,
look at this extra thing you can do
that you might want.
But I think for a lot of people,
they're like, oh,
the screen brightness is not as good
because it has this feature.
It's like, it's kind of just not,
people just want the best,
the biggest and the best.
And, you know, really,
you kind of have some trade-offs to that
feature, I think.
Yeah, I mean,
I don't know if I'm the best person
to weigh in on this because I'm a
notorious Samsung hater,
which for the record, no, for the record,
I finally addressed this.
I've had several comments over the last
year or so where people ask like, Nate,
why do you hate Samsung so much?
And to be fair,
I've said it over the years,
but I don't expect people to go back
and watch like every single podcast I've
ever been on.
So I finally wrote a blog post over
on my personal,
over at the new oil where I outline,
it'll be public on Sunday.
Right now it's like early access where I
outline all the reasons I I'm so angry
at Samsung.
And for the record,
this is not an official endorsement from
privacy guys.
It's my personal blog post.
But I did mention the privacy screen.
And basically, I'm with you.
I think it's privacy theater because
Samsung has had so many other things where
they could provide actual meaningful
privacy and security to their users.
And instead,
I don't want to go off on too
much of a rant here,
but Samsung's whole thing
is flash.
Like there is no substance to Samsung
phones in my opinion.
And their whole thing is like celebrity
endorsements and flashy features.
And like, don't get me wrong,
I've known people that have Samsung phones
and they love their phones.
It's almost like a cult.
It's like browsers.
People love their Samsung phones.
And don't get me wrong,
like some of the features, they're like,
oh, I can do this thing.
And I'm like, okay,
that sounds pretty cool.
I get it.
But once you dig under it and you
look at what's the privacy policy,
look at some of the history of
vulnerabilities they've had,
look at how they've responded to some of
those.
I don't remember all of it.
That's why I wrote it all down.
But when you look at all that stuff,
it's like, wow.
And then on top of it,
at the very end, I talk about this.
I'm like,
what really takes the cake is they are
the seventh most valuable brand in the
world.
Like there's Google and Apple are in like
the top five or whatever.
And then Samsung's in the top ten.
And then the next phone maker is freaking
Huawei all the way down to like fifty
something.
And so it's like you have for all
intents and purposes as much money as
Apple and Google.
And yet you can't make a phone even
remotely as secure as them because you're
too busy spending your money to pay for
BTS.
So, yeah, I am.
I hate Samsung.
Yeah.
So, yeah, I mean,
if you want to see all the reasons
I hate them again,
that'll be public on Sunday.
But that's what I think about it.
Like, sure, it's a cool feature.
And like, I don't mind it.
Like, I'm not mad that it exists.
But to me, it's just it's it's theater.
It's like, oh, look, it's cool.
Privacy feature we gave you.
There's no actual privacy built into the
phone.
There's no actual security built into the
phone.
Certainly nothing on the level of of
Google and Apple.
And don't ask about Knox.
I address that in the blog post, too.
And so it's like, it's just the,
the example I used was Oreos.
Like Samsung is like Oreos.
It's tasty.
It's delicious.
I love Oreos.
I do.
They're one of my favorite junk foods.
Nobody would eat a box of Oreos and
be like, I had a great dinner.
I mean,
you might need a box of Oreos for
dinner anyways,
but you're probably not going to feel
great.
You know what I mean?
Like, it's just, it's,
there's no substance there.
Nobody would eat that and be like, yeah,
that was a healthy meal.
Like, and that,
that's how I feel about Samsung.
So the privacy screen feature, um,
I wouldn't be against other companies
adopting it because again,
I don't necessarily hate the feature
itself.
It's just coming from Samsung
specifically.
It's like,
You know, it's – unfortunately,
this has happened before.
It's like serial killers that get caught
and then they complain about like, oh,
movies depicting my life are disrespectful
to my victims.
And it's like you killed your victims.
I don't care.
Like that's not disrespectful that we're
making fun of you.
Like don't pretend you care about this
stuff.
So that's just the same vibe I get
from Samsung.
It's like, oh,
look at this cool privacy feature.
You don't care about user privacy.
So anyway, sorry.
Yeah.
Yeah, and they'll be like,
we're protecting your notifications from
prying eyes.
Meanwhile,
we're sending all of your notification
content to Facebook or something like
that.
It's like, yeah,
it doesn't really make sense.
But I get it.
I get what you're saying.
I definitely think that's a good point to
bring up.
I mean, I don't know.
I wouldn't be opposed if Google was like,
we're going to add this.
I wouldn't be opposed to it, but like,
yeah, same.
I just,
I don't think it's going to happen though.
Cause like, it's kind of a gimmicky thing,
but it would be cool.
I mean, I would wouldn't mind it.
Yeah, that's fair.
And like you said,
it really depends on who you are.
Like if you travel a lot or in
your, in a lot of,
cause I know though it's, I mean,
part of it I think is probably to
protect against the whole,
there was that thing a couple of years
ago that's probably still going on where
we saw a real rise in like the
people snatching your phone at like a bar
or something.
And it's like, okay, cool.
Apple and Google also address that with
their like stolen phone protections.
And it was probably a little bit more
meaningful than a privacy screen.
Why don't you roll that out?
Especially because it's built into AOSP as
far as I understand,
I could be wrong about that part,
but like, it's like, why,
why don't you just do something like that?
So I don't know.
I think it might be part of like
Samsung's proprietary, like one UI thing.
Is it one UI?
I can't remember what they call that.
No, it's one UI.
When you add eight point five,
that is now like eight months behind
schedule.
Yep.
Oh, OK.
I'm excited for you.
I'm excited.
I saw you were working on that.
I'm excited to see what the what the
what the what you say,
because I honestly don't know that much
about Samsung.
Yeah.
So definitely.
I don't know if you want to link
it or.
um i i can't i'll ask jonah if
that's okay but um i will say for
the record i i found myself corrected on
a few things there were a few things
like i um i was gonna bring up
the one ui eight point five thing because
i thought it was they were like a
year behind on android sixteen turns out
i'm wrong on that they have pushed out
version eight already had android sixteen
eight point five is just like the next
like major build
And they have been pushing out security
updates.
So there was that.
And I swear to God,
I remember a story where their source code
got breached and people looked at it and
said it was really bad.
But I cannot for the life of me
find that anywhere.
So I dropped that part too.
So I just want to make the point
that it's not me just like making up
things and looking for reasons to hate
Samsung.
Like I did my research.
And if I'm like, okay,
that wasn't how I remembered it.
I didn't include it because clearly I was
wrong.
So yeah, I don't know.
Hey, fair enough.
No, no, no blind hatred here.
Just, uh, just facts, you know?
Hopefully.
Yeah.
Uh, so, okay.
Um, what do we, let's, uh,
I think we'll move into site updates now.
On that note,
we are going to talk about RightsCon in
a little bit,
because that is an unsettling and chaotic
story.
But first,
we're going to talk about what's new over
at Privacy Guides.
And it's actually been a little bit of
a slower week, at least in terms of...
visual progress uh there's been a lot of
work going on behind the scenes um we
have a new video coming out that um
i guess jordan's been editing so i don't
know how far along you are but i
i'm imagining probably pretty far along by
now um hopefully we'll have that out to
you guys what do you think next week
or is that too ambitious
Um,
I'm hoping to get it finished this
weekend, so we'll see.
Okay.
We'll see.
So potentially next week,
we'll see how far we get.
Um,
I'm already scripting the next video with
a lot of help from Jonah.
Um, and I think that's,
that's going to be a good one.
I'm excited about that one.
Um, we're going to revisit,
we're going to revisit some, uh,
some basic topics,
but also it's one of those topics that
has had a recent update.
Um, you'll,
you'll see what I mean when it comes
out, but.
Yeah,
that's kind of all that's been going on
on the video side.
Like I said, not a ton to share,
but it's been good, solid progress,
I think.
Cool.
Yeah.
Is there anything going on on the site
side of things, Jordan?
Yes.
So there's, like I said before,
like Free has been working on news
articles as usual.
There was another,
they're currently working on one here
about the copy file one,
the one that I mentioned before.
And there was also another one that they
posted where apparently Firefox has
quietly added Brave's Rust-based ad
blocker.
So, oh,
they're taking some inspiration from Brave
there.
That's interesting.
So if that sounds interesting to you,
you can check it out at privacyguides.org
forward slash news.
Do you have something you want to add
on that one actually?
I was just going to say,
I'm super excited for it personally.
I would love to see Firefox ship by
default with an ad blocker.
So we'll have to see what kind of
lists they enable,
the block lists and stuff,
and what it's going to look like for
the end user.
But yeah,
I'm definitely going to try to keep an
eye on that myself.
So definitely read that article if you're
a Firefox user.
I'm a big fan.
I like it.
Yeah, definitely.
I think Brave is, like,
that's the one thing that I think Brave
has absolutely nailed.
Like, it should be included.
Like, come on, Firefox.
Like, it'd be really good if, like,
you know, there was two different, like,
we had, like,
we didn't have to rely on uBlock Origin,
right?
Like, if there was, you know,
Firefox had its own inbuilt ad blocking
system similar to, like,
what Brave is doing, it'd be pretty cool.
And I think, you know,
it would give people better privacy by
default,
which is what we're here for that.
Like that's exactly what we want.
And it's also just,
it makes it such an easier sell.
Like right now,
usually when I try to get people to
switch browsers, I'm like, yeah,
just switch to Brave.
And, you know,
I get why some people may not like
that.
And I'm with you on that.
But also it's like, yeah,
because I can tell them just switch to
Brave and it's got the ad blocker.
It's got good defaults.
It's like, everything's good to go.
Not that you can't make it better for
the record,
but it's pretty much good to go.
Versus if I tell somebody, I'm like, yeah,
switch to Firefox.
But also you have to download uBlock
Origin.
And when you start adding in steps,
people are just like, oh, dude, I don't.
And I know it's ridiculous because it
takes two seconds, right?
But for some reason,
it's a mental block for people that
they're just like,
I already have to switch browsers.
Now you're telling me to do more stuff.
So if it comes built in with an
ad blocker,
I think that's going to make it so
much easier for people to just like...
Yeah, switch to Firefox or Brave,
whichever one you prefer.
And it's just that one click.
And then maybe later they can go change
some settings, but yeah.
Yeah,
I think that also the thing that I
think is important with Brave though is,
or any browser that comes with an ad
block included is,
if you give people the choice,
people are going to use the ad block.
I feel like not many people would be
like,
Yeah, I like ads.
I like seeing garbage all over every
webpage and I like watching YouTube ads.
It's like not many people really enjoy
that.
So I agree.
It's definitely an easy sell.
Like Brave isn't a super easy sell to
people.
I think I will say,
I don't know if people enjoy that,
but I know a lot of people will
just default.
Like,
I met so many people that are like,
oh, yeah, the ads don't really bother me.
But then once they start seeing life
without an ad blocker, they're just like,
wow,
this is a completely different internet.
So, yeah.
Yeah.
I mean, I don't mind...
ads per se,
like if it's like a non-intrusive one,
but we've gotten to the point where the
internet is like,
do you want to accept cookies?
Do you want to join our newsletter?
Do you want to watch this auto-playing
video with audio?
Like, like, no, I don't.
Like if it was less intrusive,
like maybe I would be somewhat more okay
with it.
Right.
Like I'm not completely against it,
but it's just,
we've gotten to a point where it's just
so irritating.
Yeah.
I know I've told this story before,
but my brother was one of those people
that was like, yeah,
the ads don't really bother me.
They got to make money somehow.
And even he at one point texted me
and was like, hey,
what's that ad blocker you always talk
about?
Because like these YouTube ads are just
out of control.
So it's hitting a point where even the
people who say they don't mind are getting
sick of it.
Yeah, for sure.
Yeah, like a three-minute video ad.
Oh, YouTube, what are you doing?
Anyway, kind of refocusing here.
So Nate also put together,
so if you don't know already,
Nate puts together a data breach roundup
every week so you can kind of keep
on top of what is,
if your information is being breached.
It's not every data breach, obviously,
because I feel like that would be
A lot to cover,
but it's like basically the biggest ones
that were this week.
So kind of giving a quick overview.
Vimeo had a third party breached.
Hackers have threatened to leak over nine
million Amtrak records.
Medtronic confirms a breach after hackers
claim nine million records theft.
And ADT confirms a data breach after shiny
hunters leaked.
leak threats so check out that um if
there's like stuff you want to kind of
know about those specific things or if you
want to see if you've had a breach
or not um that'll be good uh to
check out and i'd also recommend if you
do enjoy these podcasts you can go to
privacyguides.org slash live streams and
you can subscribe to get those into your
inbox and you can also um
find this news updates section.
You can also subscribe to that to get
that to your inbox as well.
Basically gives you an option to choose
what you'd like to get to your inbox.
So if you do appreciate that,
definitely check that out.
All right.
So I just want to mention, oh,
do you want to,
do you want to add something?
I was just going to say it's, yeah,
it's whatever data breaches I find.
So that's the caveat I give people is
there may be more that didn't come across
my newsfeed.
We always find out about a lot of
them after the fact.
So I wouldn't rely on it as a
Bible,
but hopefully it'll let you guys know if
something you use had a breach.
So.
Yeah,
especially because not every company,
sadly,
is disclosing this to their users
properly.
We hope that most companies are doing the
right thing,
but a lot of companies will try and
minimize the damage.
So it is kind of important to keep
up to date on that stuff.
But I do want to mention all this
is made possible by our supporters,
and you can sign up for a membership
or donate at privacyguides.org or pick up
some swag at shop.privacyguides.org.
And you can see that Nate's got one
of those water bottles you can check out.
And basically,
Privacy Guides is a nonprofit which
researches and shares privacy-related
information and facilitates a community on
our forum and matrix where people can ask
questions and get advice about staying
private online and preserving their
digital rights.
Now,
let's dive into this story about
Talkspace.
Alrighty, yes.
So Talkspace.
Ooh, I hit a button.
Talkspace,
many of you have probably heard of
Talkspace or similar apps to Talkspace.
It's a...
It's an online therapy app,
kind of like BetterHelp or one of those.
I have mixed opinions on those personally.
I'm a big proponent of therapy, very open.
I have depression.
I've been in and out of therapy.
I've been on and off medication over the
years.
It's been really great for me.
And I also,
growing up as a teenager in the days
of instant messaging and stuff,
I understand how sometimes it can be a
little bit easier to open up to a
screen instead of a person.
That is actually a known psychological
phenomenon where like,
When, ironically,
when there's not a face in front of
you, it goes both ways.
Sometimes having a face humanizes it and
makes the emotional connection better.
Other times it makes it a little more
anonymous so it's easier to open up.
But unfortunately,
a lot of these apps are riddled with
privacy concerns.
And I mean,
the headline of this article kind of
really says it all.
So this woman, I believe there was a,
is this, let me double check here.
Was this the same story I was thinking
of?
I believe this woman was let go from
a job.
I'm trying to scroll down and find that
part to make sure I have the story
right.
But basically,
I'm trying to explain why her stuff came
up in a court case.
But...
I'll find it while I'm talking, but yeah,
I think she, she was, um,
she was involved in, uh,
she was let go from a job and
she tried to sue for discrimination and
basically say that she was wrongfully let
go.
Yes.
Okay.
Um,
so she tried to sue for pregnancy
discrimination cause she was almost nine
months pregnant.
And, um,
ultimately the judge decided that that
wasn't what happened here.
The company said they shut down her
location just for financial reasons.
Um, which is really unfortunate, but, uh,
as a part of this court case,
for some reason, uh,
or backtracking a little bit when she was
let go, she turned to talk space.
Cause again,
she was like almost nine months pregnant.
And, uh,
she was opening up to this therapist about
like how worried she is that she may
not be able to find a job when
she's so close to going into labor.
And for some reason,
this was considered part of the evidence
that was entered into court.
And, um,
I think – I mean as far as
that story goes,
it's very straightforward.
But what this article really – and I
don't mean like – there's no story here,
but let me explain.
What the article really explored a lot
more and focused on was the idea that
these online chat apps are really –
kind of dangerous, unfortunately.
Because, you know, one, one,
one therapist that they talked to found or
kind of pointed out that it's like most
therapists don't keep transcripts.
Like when you go in person and talk
to a therapist,
they might write some notes.
And a lot of them,
like after the session will, again,
they'll summarize what happened,
but they don't keep a word for word
transcript of everything that happened.
And there is a lot of like,
Kind of branching out from there,
you know,
actual therapy is protected by a lot of
legal things.
And obviously,
like when it comes to a court order,
a lot of these legal protections in any
situation kind of go off the table.
But the problem is a lot of these
these apps are.
Don't even offer that basic level of
protection.
This article does mention HIPAA,
which is the worst thing in the world
that we could possibly cite when it comes
to these kind of stories because HIPAA
does not have really hardly anything to do
with privacy.
They said that it requires people's
information to be de-identified,
but that's probably about it.
HIPAA is not really about privacy.
It's really a lot more about privacy.
I don't know.
It's just, yeah.
So anyways,
a lot of these apps have it in
their terms of service that basically once
you start using them,
they can do whatever they want.
And I mean, that's how all apps are,
right?
Except I think a lot of people don't
realize that going in.
And so this company specifically,
Talkspace,
they're very proud of the fact that they
have one of the largest mental health
databanks in the world containing a
hundred and forty million message
exchanges.
And they're going to use that to build
an AI therapy chatbot.
And I'm sure that'll go great.
And we have definitely not seen any
extremely tragic stories in the news,
thanks to chatbots.
So I'm sure that'll go awesome.
But I mean,
these things are just riddled with
problems.
We have seen, there was,
I believe in the UK,
there was a very similar app that got
caught selling actual transcripts to
advertisers.
So like not even the inferred data,
like the actual chat logs to advertisers,
not even to the court.
I know this app,
because I checked them on Wikipedia very
briefly, this app and BetterHelp,
I think BetterHelp was accused,
but I could be wrong.
This app was, or like BetterHelp,
we proved it.
This app, I don't think we proved it.
But they had both been accused of
Not using licensed therapists and playing
really fast and loose on like maybe you're
talking with a volunteer or something like
that.
And I don't know how they get away
with that one because there are very
strict rules,
even in between states here in the US.
Like when my wife and I moved out
of state,
she couldn't keep her old therapist and
they were very upset about that because
they had a great relationship and they
were doing really well.
But yeah, it's like...
It's just crazy stuff.
And it's, it's really unfortunate.
I don't know if we have too much
to say about this story,
but I think it's really important to
highlight.
Cause again, I,
this frustrates me because therapy is
freaking expensive, right?
Like I think everybody knows that it's a
form of healthcare and at least here in
the U S our healthcare system is
incredibly broken and it's,
it's so expensive, but it's so valuable,
especially in today's day and age.
And it's really unfortunate that this
stuff is not being protected.
There's no laws around this.
It's, it's not,
I mean, I guess there's HIPAA, but again,
that doesn't have anything to do with
privacy.
So it's really unfortunate that this is
being abused the way that it is.
And I will say, in my personal opinion,
if your choices are...
I'm not going to go to therapy and
I'm probably going to suffer or I can
take advantage of one of these apps.
I would say it's still probably worth
taking advantage of the app,
but unfortunately it's, you know,
me personally,
I always give the advice of like,
don't lie to your doctor, right?
We talk about like data breaches and, um,
how do you keep your,
your data from being swept up?
And in a lot of cases you can
use PO box, which for the record,
you should still do this with your doctor.
You can use a PO box,
you can use a forwarding email address,
but
But when I order something on Amazon,
I can get it sent to a locker.
I can use a fake name,
something like that.
When I talk to my doctor,
I kind of have to be real about
what's going on.
They have to be able to treat me,
whether that's a medical doctor or a
therapist.
And so it's really unfortunate that these
things are just not being treated with the
level of protection legally and
technologically that they deserve.
And I think that's just –
It's unfortunate because again, you know,
we talked earlier about when you're being
surveilled, it changes your behavior.
And so if I had to use one
of these apps, like again,
if I'm in a situation where it's like,
I can either not get treatment and things
are not going to go well,
or I can go get treatment through one
of these apps,
just using the app is going to change
how I talk and what I open up
about.
And that's just, it's so tragic,
but unfortunately it's something we have
to let people know about because this is
something you have to be aware of.
So yeah.
Um,
I don't think I have much more to
say about that without going in circles,
but that is a,
that is what's going on with these apps
there.
Um, if you can go to in-person therapy,
that would probably always be better,
unfortunately, or even telehealth,
even if it's recorded or not recorded,
but even if it's takes place over zoom
or something,
that's still probably better than these,
unfortunately.
So.
I think one thing that's also kind of
like an issue with these telehealth apps,
like we've seen in the past,
I don't know if anyone remembers,
but BetterHelp was also an online very,
it's actually extremely,
like it's promoted a lot everywhere on
podcasts, on YouTube,
basically everywhere.
Like I've seen like probably hundreds of
ads for BetterHelp at this point where,
you know,
they were sharing sensitive health data.
And I think they were fined.
Yeah,
they were fined seven point eight million
by the Federal Trade Commission in the US.
So, you know,
I think it's I do have some questions
about this article in particular, though,
like how how exactly like it's it's
How is it allowed that these records could
become public, though?
Like, isn't there some sort of, like...
I don't think so,
because according to the article,
really one of the only stipulations that
HIPAA has is that the medical information
needs to be anonymized,
which is one of those things that, like,
We always point out it doesn't take a
lot of information to de-anonymize
somebody.
Like location is a really good example.
How many people in the world spend eight
hours a day at one location and then
eight hours a day at another location?
Probably not a lot.
So it's the same thing with like a
lot of therapy.
Like how many people have that specific
backstory,
have that specific combination of
symptoms, have this specific...
And I mean,
also like when you're going through the
log, like...
or like when you're talking to your
therapist,
you're not gonna use like made up names
most of the time, right?
You're not gonna be like, yeah,
so my ex, let's call her,
I'm trying to think of a name, Alice,
right?
Let's call her Alice.
You're not gonna do that.
You're gonna use the actual name.
And so it's just, yeah,
I don't understand how,
I think it's just one of those cases
where like legislation has not caught up
to the situation that we're in right now
is what I think it is.
I think it worked back,
in the nineteen eighties,
but I don't know if it would work
now.
Yeah,
I don't think they I don't think they
thought we'd all be seeing therapists on
our glass slabs and typing everything our
entire life into it.
So HIPAA was passed in nineteen ninety
six.
Yeah,
definitely before any sort of it was not
when The Matrix came out.
When did The Matrix come out?
Oh, nineteen ninety ninety ninety nine.
But yeah.
I don't pay attention to this stuff.
Yeah.
Anyway,
so I guess the thing with this is
I think it's kind of – this is
kind of a clear breach of people's
consent, right?
Because when you're talking to a
therapist,
you consent to sharing very sensitive,
sometimes things you would never tell
anyone else, right?
You're –
This is information and things you're
telling somebody that you would never want
to be public.
So I think this is basically a it's
breaching the trust of everyone that uses
the platform, I think.
Obviously, there should be more.
protection, like, I mean,
I think that if there's these sort of
telehealth apps, right.
I think they shouldn't be saving the
conversations.
It should be end to end encrypted.
It should be.
deleted after a certain period of time.
Like, you know,
there should be more stuff than that.
And apparently according to this,
it was saying there was, you know,
a hundred and forty million message
exchanges.
Like that is a ridiculous amount of
information.
And even if it was like,
like Nate said, de-anonymized,
like if I'm talking about something
specific to my life,
I think it wouldn't be that hard to
find
that person.
Like if you're,
if you're talking about something pretty
specific to you, right.
So, uh,
this is just kind of disgusting and yeah,
it's, I think that, yeah, you're right.
The,
the laws definitely haven't caught up to
this globally even.
Well, and just to, to, um,
to add onto one thing you said, you,
you mentioned like,
this is a
it's quote unquote not because it was in
the terms of service, right?
The terms of service that nobody reads and
that are also like super vague anyways.
Like we will share your data with trusted
business partners for legitimate business
reasons.
And it's like, Oh cool.
That's, that's really specific.
Thanks bro.
So yeah, it's, I mean,
that's another major problem that
everybody's identified for years is just
these,
these terms of service are so broad and
so vague that they allow the company to
do basically anything they want.
And, um,
It's just, yeah,
unfortunately that's another, I mean,
there's so many things that need to be
fixed about our system,
but that's a big one, I think so.
Yeah, no,
it's definitely someone said in the chat,
wait, what is happening?
Yeah,
there's kind of a random time to join.
Yeah,
so there was this app called Women's
Talkspace, which is like a therapy app,
which breached a bunch of people's
information.
I guess if you want to learn more
about it, check out the articles about it,
because we did kind of talk about it
already.
Yeah, coming,
so there was another person whose name is
T, thank you for your podcast.
And then they said,
coming from mental health,
a lack of privacy absolutely destroys the
therapeutic alliance with the client.
Pretty much, yeah.
Like if my therapist or psychologist
started telling random people what I was
telling them,
I would be kind of disgusted and I
would never see them again.
Yeah.
That's exactly what I was thinking.
Like,
imagine you walk in and your therapist is
just like chatting with the receptionist.
They're like, yeah.
And then they said this and they said
this and it's like, what the fuck?
I'm never coming back here.
Like that's basically what they're doing.
It's crazy.
Yeah.
But apparently because it's a digital
platform, it's suddenly,
it's suddenly acceptable.
But yeah, this was really awful.
What were we...
We're talking about something.
Oh, I think it's coming up still.
But we were mentioning some of the issues
with the laws in America as far as
privacy is that a lot of them are
really solid in the real world but haven't
moved online.
So things like the third-party doctrine
where it's like, oh,
when you hand your data to a third
party...
you lose control of that data.
So like if you,
trying to think of an example that would
have applied under the third party
doctrine, I don't know,
if you bought something at a store, right?
Then of course they're gonna have like
that transaction, the receipt,
they're gonna have you on the security
camera or whatever.
But that one hasn't really translated very
well into the digital world where you're
handing over data to like everybody all
the time.
There's all these advertisers and
analytics and your ISP counts as a third
party.
And it's just like,
but that's not the same.
So yeah, it's crazy.
Yeah.
There's definitely, uh,
some interesting discussions that we're
going to have to work out a lot
of things to fix this.
Cause, uh, yeah,
this shouldn't be happening, but, uh,
I guess we can move on here to
the next and final story today.
And, uh, so this one is about RightsCon.
Um, if you're not familiar,
it's basically one of the largest like
digital rights conferences, uh,
And last year it was held in Taipei,
Taiwan.
But this year it's being held in Zambia,
which I'm not exactly sure where Zambia
is.
I'm going to sound like a silly Australian
right now.
I want to say Southern Africa, but oh,
yeah, I'm not too far off.
Yeah, I was going to say South Africa,
but okay.
Okay.
Okay.
Yeah, there we go.
Sorry, sorry.
I'm not too familiar with that part of
the world.
But yeah, RightsCon,
a global conference of thousands of
advocates, technologists, academics,
policymakers,
and others concerned with issues at the
intersection of human rights and
technology,
was scheduled to kick off at Wasaka,
Zambia on May fifth.
But with just days remaining and with many
participants already en route,
the Zambian government officials announced
that they would postpone the conference in
order to, in quotes,
ensure full alignment with Zambia's
national values,
policy priorities and broader public
interest considerations, unquote.
So that does sound slightly red flaggy.
You know,
this is like a conference where they're
discussing
people's right to free press,
people's right to free speech,
people's right to privacy in their own
home.
Like this is definitely like a human
rights conference, right?
So this is like extremely sus already.
And basically on Wednesday,
after attempting to negotiate a solution,
rights con organizers announced that the
event in quotes would not proceed.
So yeah, basically the event is,
Not going to happen according to what our
latest information is.
On Thursday,
the Zambian news site News Diggers
published a report citing well-placed
sources that told the outlet the summit
has actually been cancelled because the
program involves Taiwanese delegates who
would potentially speak against China at a
venue donated by the Chinese government.
Ah, I see.
So there's like some political...
There's some political issues going on.
So I guess that could make sense.
Yes,
so there was a statement issued Thursday
by the advocacy organization.
Article XIX noted, we are aware of claims,
many of them well-founded,
that pressure from foreign governments
contributed to the Zambian government's
decision.
So, yeah, this is...
I guess not great that there was like
some pressure to get this canceled
because, uh, I guess we can know that,
you know,
China is sort of one of the largest
countries in the world that has a pretty
elaborate censorship scheme and, uh,
I guess, opposition to digital rights.
They have, you know,
the Great Firewall of China that's
blocking a lot of traffic outside the
country,
which does limit the free flow of
information.
And also the large scale camera systems
that they have in the country, which,
you know,
they have like a ridiculous amount of
cameras.
So I can see how, you know,
there might be some friction there.
And there was also this update here.
The Tor project actually did a little toot
on Mastodon and they said basically they
are standing in solidarity with RightsCon
and AccessNow local organizers basically
to
they wanted to highlight it because the
circumstances behind the cancellation
underscore the urgent fight against
censorship,
surveillance and restrictions on civic
participation.
And they also released like this blog post
along with that.
And yeah,
so RightsCon is basically about the right
to assemble, associate and speak freely.
And this conference being cancelled is
kind of like a slap in the face
of that particularly.
I think
everyone in this community is kind of on
the same page when it comes to this
stuff.
Uh, people should be able to assemble,
associate and speak freely and, you know,
people's digital rights are important.
So it's not great that this is being
canceled.
Um, because, you know,
human rights are important like online and
offline.
Um, but yeah, that's sort of,
what I thought of this.
I think this is just concerning.
We can see like the control that foreign
governments have over stuff like this,
but it's unfortunate to see this
conference cancelled.
Yeah,
I don't think I have much to add
to that.
It's very – it reminds me a lot
of – well, I mean, first of all,
I think it's important to note that this
first article that we quoted from said
that according to the nonprofit watchdog
Freedom House,
Zambia ranks as partly free,
and they know – and that's on digital
rights and free expression.
The government has imprisoned individuals
for online speech critical of the current
government,
and journalists are experiencing increased
harassment.
Okay.
So to me,
for any sci-fi fans in the room,
this reminds me of a few years ago
when they decided to host the Hugo Awards
in China.
And one specific author who my wife really
likes – I have her book actually,
and I need to read it –
I think it was the book Iron Widow.
I could be wrong.
I can't remember the author's name.
I'll look it up.
Um, but, uh, she was like shortlist,
like everybody knew like this, this woman,
actually, I may have their gender wrong.
I'm sorry.
This person, um,
everybody knew that this person was like
guaranteed, uh,
to be at least nominated and did not
so much as get a nomination.
And then it turned out later that the
government had pressured the Hugo Awards
not to nominate this person or like pay
any attention to this person because they
were of Chinese descent and the government
didn't like whatever their political
positions were or something like that.
And I remember when that happened,
I remember I sat there and I'm like,
so whose genius idea was it to host
the Hugo Awards in China?
Like if we knew this was a possibility,
like not even this specifically,
I'm sure they didn't know that
specifically was going to happen until
like a week before or something.
But also like,
why would you willingly choose to host a
convention in a country that is
notoriously critical of anything that
casts it in a negative light?
Just knowing that
literature and sci-fi included is like one
of those things where you,
you kind of push the envelope.
Sometimes you present new ideas that may
not always be popular.
And I just remember thinking, I'm like,
why would you do that?
Like,
why would you even tempt fate like that?
And this feels the exact same way to
me.
It's like you,
you decided to host a human rights
convention in a country where the
government has currently imprisoned people
for online speech,
critical of the government journalists are
experiencing increased harassment.
Like, why would you do that?
I don't know.
That just blows my mind, but yeah.
That's kind of my only thought is I,
I don't, I don't,
I don't like want to like victim blame
anybody here, but like,
I feel like the organizers should have
known better than to do that.
That's kind of my main thought.
Yeah.
I mean,
that is one way of looking at it,
but I think, you know,
this could have been a good platform to
discuss a lot of these issues in the
country, right?
Like, you know, there's obviously,
I think we didn't really know,
you don't really know what is going to
happen.
Uh, I think reading down to the,
to the end of this, uh,
of the article here from Tech Policy
Press.
China has significant leverage in Zambia,
according to a database of Chinese foreign
investments maintained
by at the college of william and mary
china donated thirty million dollars for
the construction of the mulangashi
international conference center where
rights con was to take place it represents
just one of hundreds of investments in
zambian infrastructure totaling nearly
thirteen billion over the past decade
according to the william and mary
researchers so i think this was less to
do with uh this was more like a
political thing right like they're
I think just so you know,
like the last conference was held in
Taiwan.
There was clearly people that were,
you know, supportive of, you know,
people's right to a free assembly,
which isn't always guaranteed in China.
So I think it kind of goes against
the values there.
And I think that's kind of the reason
why this was cancelled.
But I think, you know,
I definitely see your argument that like,
why would we host it there?
Like if it's going to get,
if there's a possibility that the Chinese
government isn't going to like that,
is it really a good idea to like
do it in the backyard of them?
Like, is that really like there?
Is that really a great idea?
I mean,
I think it would have been interesting
though, because like,
You know,
maybe it could have been a good time
to discuss a lot of those issues,
but I guess they overestimated the
allowance of that to happen.
Yeah, and that's a really good point.
You do make a solid point where it's
like, why not go...
I grew up in the church,
so I know a few Bible verses.
And one of them is where they were
criticizing Jesus for hanging out with
sinners.
And he's like, well, yeah,
the healthy people don't need a doctor.
So I kind of see that argument of
like, yeah,
why not go to the country where these
are happening?
And User Zero made a good point too.
Is there any country where this stuff
isn't happening?
And I mean...
objectively, yes,
there's places that are much more open and
free and accepting of that kind of stuff.
But I hear your point.
It's not exactly like, yeah,
just throw a dart and anywhere it lands
is good.
The choices are relatively limited.
So that's a fair argument.
Yeah.
I do think it's also important for people
in the global South to have these
conferences there as well, right?
Because not everybody can
afford to travel all the way to the
united states or well i guess europe or
any any sort of country that's in the
west i guess or like the global north
um so a lot and even a lot
of those countries i would be i probably
wouldn't travel there um so you know
there's there's all sorts of things like
that um but yeah this was just like
an important little one that we wanted to
cover um it's unfortunate but uh
It is surprising that this was,
it happened so like this seemed like it
was going to go forward and then it
suddenly was canceled,
which I think if it had just been,
if it had just been like immediately they,
the Zambian government said, no,
that would have been fine.
But since it happened so close to the
start,
it was like kind of a big story.
Um, at least on Marston,
I saw a lot of people talking about
it.
Um, so yeah.
Yeah.
And, um,
four Oh four wrote a couple articles about
it.
They actually just published another one
right before we went live with like the
latest update.
So.
Yeah.
Oh, okay.
Interesting.
Was there any,
did you notice there was anything to add
or?
I didn't really have a chance to read
it,
which is why I didn't include it in
the links, but I'm sure it's good.
It's, you know,
four or four does great work.
So.
Yeah, cool.
I guess go check that out then if
you're interested in learning more about
this story.
Also, just in case anyone is curious,
it's Zhiran.
I'm totally going to pronounce this wrong.
Zhiran Jiao.
I don't know.
The book is called Iron Widow.
But yeah, in twenty twenty two,
twenty twenty two, twenty twenty three,
they were a finalist for astounding award
for best new writer.
They received enough votes to be a
finalist,
but were declared ineligible and removed
from the ballot.
It later emerged that this was due to
self-censorship by the Hugo Award
administrators,
which was held in China in order to
appease the Chinese government.
So, yay.
This kind of stuff happens.
Anyways,
just in case anyone else was curious for
me to wrap that earlier thing up.
So I think in a minute,
we're going to start taking viewer
questions.
I know we had somebody leave a question
earlier,
and we'll definitely go back to check that
out.
If you're holding on to any questions,
go ahead and start leaving them in the
chat.
But for now,
we're going to head over to our community
forum where there is always a lot of
activity.
This week,
there was a lot of activity when I
sorted by the latest chats this week.
Busy week in the forum.
But specifically,
I think we were going to focus on
a post here that...
again, was almost a finalist for the news.
It's just,
there's so much happening this week.
But there's a rumor that Signal is working
on a standalone version of a desktop app
that does not require a mobile phone.
Now, to be clear,
it will still require a phone number.
That's not going away.
And I know that's a very controversial
requirement, but let's see here.
So there's,
I'm gonna switch over and show this
article on screen real quick.
Oh,
if I can remember to share my screen.
But yeah,
somebody spotted this in one of the latest
Git commits on GitHub.
There we go.
Oh, come on.
This is a very difficult program to work
sometimes.
There we go.
So yeah, going back to the top,
this comes from a website called About
Signal.
And it says that it was on the
latest Signal Desktop commit history and
makes several improvements to the
registration flow.
The feature has not been officially
announced,
but since we saw it in the commit
history,
I'm not going to say it's official,
but it's kind of one of those, like,
you know,
there's always rumors going around, but...
I think since we, again,
since we see some evidence of this in
the gate commits, it's like, okay, let's,
uh,
let's maybe pay attention to this a little
bit more than usual.
And it says that, uh,
users may soon no longer be forced to
use a smartphone such as Android or iOS.
And, uh,
instead you will be able to sign up
on signal desktop and you can use just
a regular mobile number or a landline,
which includes basic mobile phones or dumb
phones.
Um,
which I think is kind of new and
old.
Um,
In the sense that I think Joseph Cox
or somebody wrote a blog post one time
about how they managed to sign up for
Signal without using a smartphone.
And basically they found one of the last
pay phones in America and had Signal call
them and deliver a sign-up code over the
phone.
I don't think it was a person from
Signal,
but I think this was a feature they
used to offer.
So it seems like it's kind of coming
back now.
And then I think they go on to
talk about some of the other updates
coming into that app.
But yeah, I mean,
that's kind of the exciting part that I
think we're super interested in.
Did you have any thoughts on this one,
Jordan?
I mean, I'm excited about it.
I know the phone number requirement is
very controversial in general,
but I think anything we can do to
lower that barrier to entry and give
people more access to secure
communication, I think is good.
What do you think?
Yeah,
I think like a lot of times I
think having a mobile phone requirement is
a bit frustrating.
Like, for instance,
I've got two Signal accounts.
Like I have one that I use for
work and then another one that I use
for personal stuff.
And now I have to have a second
phone that just has to be on to
like...
has to have the account on it.
So it is kind of annoying that you
have to have like a,
or I guess if you had an Android,
you could maybe use a different profile.
But it's kind of frustrating that that's
been a requirement when, you know,
I think you could do that with an
iPad.
Yeah.
You could do that with an iPad.
You could have an iPad as your main
device.
Um,
so it kind of makes sense that they
would allow this on desktop,
but it's kind of been an ongoing thing.
Um,
and I think when it comes to these
like source code leaks as well,
like we saw like, Oh, username, uh,
username support.
leaked through the same way, right?
We were like looking at the source code
and we saw, oh,
there's like this mention of usernames in
the source code,
but they're not added yet.
So,
and we did end up getting that feature
eventually kind of took a while, um,
which is.
kind of the usual with Signal.
I kind of appreciate Signal's slower
rollout of features though.
Whereas, you know,
I feel like a lot of projects or
I guess products are sort of taking the
move fast and break things approach,
which
isn't super great, uh,
from a stability standpoint.
Um, but yeah,
I'm kind of excited to just be able
to use this instead of having to have
a second phone.
Um, because yeah,
it's kind of been an ongoing issue.
I know that a lot of people are
going to like this, uh,
once it finally releases, if it releases,
which all signs point towards yes,
but there's always a possibility of it,
uh, not coming.
Okay, so someone in the chat said,
is X the only way to watch the
stream?
It feels uncomfortable.
Yeah, so I think,
I'm not exactly sure because I don't have
a Twitter account.
I don't know what it looks like,
but you can also watch this on StreamYard,
which is basically a platform agnostic
way.
You can also watch this on YouTube.
You can watch this on
TikTok, wouldn't recommend it,
but you can.
Twitch.
Twitch, Kik, LinkedIn.
Yeah, all those platforms.
So it's across all those if you want
to switch.
But if you want to find our YouTube
channel, it's just Privacy Guides.
It's an easy way to find that.
It's whatever platform you prefer.
We just find that there's at least some,
we get quite a decent amount of traction
on Twitter.
So that's why we broadcast there.
It's important to get this message out to
as many people as possible.
Cool.
Yeah.
Sorry.
I'm going through some of the comments
here.
Cause some people were like, Oh,
I wish it worked with voice over IP.
And I'm like, Hey, did they change that?
But then further down, people were like,
yeah, it does.
Okay.
So yeah, it does.
It definitely does.
Yeah.
I was like, did they change that?
Cause I definitely signed up with voice
over IP, but, um, yeah.
And,
and real quick on the topic of other
places to watch,
if you go to privacyguides.org slash live
streams, I think, um,
I think that'll take you, well,
it'll take you to the latest newsletter
and that'll take you to the, uh, the,
the stream yard link.
Um, the forum, we usually pin, um,
once we pick the headline story,
we pin a post that has all the
other places that we stream for sure.
So, Oh,
somebody went and posted them all here.
So cool.
Yeah.
Probably Jordan.
That was me.
I think it's time to move on to
viewer questions.
I have the forum post up here.
Let me take a look.
Not really a question,
but somebody on the forum mentioned when
we posted the headline story, which is,
you know,
is Ubuntu becoming the new Windows?
They said, speaking of Ubuntu,
they are the first Linux OS option to
come preloaded onto framework laptops.
So if you are interested in framework or
you are a framework user,
definitely be aware of that next time you
go to buy one.
I'm checking through here to see any
other... Oh, somebody posted here.
They said,
I don't know if this will still be
relevant by the time the live stream
happens,
but at the time of posting this comment,
much if not all of Ubuntu and Canonical's
infrastructure appears to be down via a
DDoS attack.
Yes,
I discovered that this morning when I went
to do...
So I have automatic updates on all my
servers,
but Fridays or weekends are kind of when
I sit down to manually make sure I
didn't miss any updates,
run my backups and stuff like that.
I know I shouldn't do it manually.
I haven't had time to get around to
making them automated,
but I had that issue too.
Cause like all my servers were like not
hitting.
And then on cubes,
I went to do snap refresh and I
couldn't connect to the snap store.
And I literally posted in the group chat.
I was like, is FOSS broken today?
Like what's happening?
Yeah.
And then like immediately after I asked
that I opened up my next cloud with
my RSS feeder.
And as I saw,
like Ubuntu has been having like a DDoS
attack for the last like,
hours or whatever.
And I'm just like, ah, okay.
That explains it.
So need to read more often.
Definitely.
There's definitely been,
it's been causing quite a lot of issues,
I think,
but I think one awesome thing about like,
at least when it comes to the apps,
like,
and when we talk about Linux package
managers is, you know,
they have mirrors.
So, you know,
I personally don't use the official like
repos.
Like I would prefer a local one, right?
You can, you can do that instead.
You can still get updates that way.
You could even set up your own, uh,
local, uh,
mirror on your own server in your home.
Uh, if you're, if you're nerdy like that.
Um, but yeah,
Yeah, it is kind of a random,
unfortunate thing, the story.
I think people kind of got a little
bit confused by the title.
I was kind of not really sure what
to put as the title to give away
the entire thing.
I thought it was good.
I liked it.
But yeah, on that note, in the thread,
I thought it was actually kind of cool.
People started talking about what distros
they prefer,
and a lot of people talked about gaming.
A lot of people said they like to
game on Linux.
So if you're a gamer, I'm told...
um i'm told that gaming has come really
really far on linux and is kind of
almost at the point where like unless
you're like a pro gamer or like there's
certain uh like i know a lot of
uh the anti-cheat games won't work very
well but if you're just like a casual
gamer um definitely look into linux
because i've heard it's really come a long
way and it's a lot more gaming friendly
than it used to be and it's almost
a one-to-one so
Yeah,
it's really frustrating with the
anti-cheat stuff,
and it doesn't really seem like the
industry is moving in the right direction.
If you remember,
Apex Legends did allow Linux Easy
Anti-Cheat to work on Linux,
and
they eventually just threw the towel in.
They said,
we've had too many people cheating.
So we're blocking Linux.
And that was it.
You can't play it on Linux anymore,
which is really unfortunate because,
you know, I guess, you know,
games have got to balance the player
experience with that sort of stuff.
So I have seen NVIDIA performance is bad
compared to
AMD, that's what Lusso One said.
I mean,
I would say Nvidia cards are generally
more powerful,
but there's a bunch of issues with drivers
in Linux,
which is a whole nother can of worms,
which you probably won't have as much of
an issue with if you're using an AMD
GPU.
um because basically i have to install
proprietary drivers um i think it's been
remedied somewhat now that we do have like
open source kernel drivers but there's
still a proprietary part to it which is
another you know it's another barrier to
getting people to switch because it's like
oh why isn't my graphics card working
correctly it's because you didn't install
the drivers which is a whole process right
um
So I think that's also another issue,
I guess, that NVIDIA causes.
This is not an official recommendation
from Privacy Guides.
But if you are interested in gaming on
Linux,
I highly recommend The Linux Experiment.
I listen to his weekly podcast.
And he focuses mostly on open source
stuff.
Every once in a while,
there's some privacy overlap.
But for the most part,
he talks about open source specifically.
And at the end of each episode,
he specifically talks about gaming news.
And he digs into like the drivers and
there's this new driver being released and
this one versus this proprietary one and
the benchmarks.
And so, I mean,
if you're really into that stuff,
I would say definitely check him out.
He's a really good source of information
for that, in my opinion.
Yeah,
I think Linux gaming is like we saw
like even recently that like Linux is like
cracking five percent on the Steam
hardware survey, which is.
quite substantial like when we talk about
the amount of users on their desktop it's
it's a lot of people i think it's
largely driven by the steam deck because
the steam deck i believe is based on
arch um but i mean it's super user
friendly my wife has one she loves it
she put brave on it so she can
use it like a desktop now if she
wants to but yeah it's uh
I think I'm going to get one of
those.
I've got a Nintendo Switch,
but I'm so done with Nintendo.
Oh my goodness.
I think I can give up some Nintendo
first party games and switch to something
that's a little bit better.
I'm very casual,
so I mostly stick to PC games,
especially because then I can take them
with me when I travel,
but I do have my wife's...
So my wife bought a Switch Lite back
when they first came out,
and then years later,
she decided that she wanted to start
streaming Switch,
so we upgraded to an actual proper Switch,
and
i like inherited the hand-me-down switch
light so technically i have a switch light
i think i have like star wars knights
the old republic is the only game i
bought for it so far because i just
you know a lot of the time i'm
either at this point when i do have
downtime i'm trying to get caught up on
like tv shows and movies and stuff so
like i just i think i just finally
watched the latest season of wednesday
like that's how backlogged i am on stuff
but
Oh, geez.
Yeah.
I'm backlogged.
I'm backlogged on video games and I'm also
backlogged on TV shows,
like obscenely backlogged.
I've got so many things to get through.
So I am going to make time for
silo though.
I'm so excited for that, but yeah,
Anyways,
getting back to questions that people are
asking.
Nobody's asking about silos, sadly.
So Lucas said,
what's your view on sharing personal
information with companies when applying
for jobs,
knowing that third parties are building a
database for marketing?
I mean, unfortunately,
I think personal opinion,
I think this is just kind of one
of those things where we don't have a
lot of choice.
Like, okay.
So the best way to get a job
still remains who, you know, right?
Like if you know somebody who's working in
a company,
they can put in a good word for
you,
but you still have to go through the
official process, which means applying.
And a lot of companies do have like
a first party portal.
So I guess that's pretty good.
But even then that like first party portal
really is like administered by someone
like, and my last job,
I think it was day force, um,
i just i just had a co-worker who
was like hey i need a job are
they hiring uh or a friend who was
a co-worker so we were in the same
industry and i sent him the link and
i texted my old boss i'm like hey
you know you should give this guy an
interview he's a really hard worker but i
still noticed when i sent him the link
i'm like oh this is just day force
so it's um unfortunately i think it's what
i try to do is i try to
minimize things so like i use a voice
over ip number i have an email dedicated
specifically for work
I do still use like Brave and,
you know, all my usual privacy browsers.
I try to use VPN.
I think, I don't know.
I think it's also like how sensitive is
this data really?
Like, yes, it identifies you,
like how many people have worked at that
same specific set of jobs, but it's,
I guess it's like a threat model thing.
Like, okay,
they're going to build it for marketing.
I mostly block ads anyways, right?
So I'm not super worried about that.
And also like in terms of a data
breach, again, voice over IP number,
I use a PO box.
I actually,
one thing I do is I don't put
in, at least on the resume,
I don't put it in an actual street
address.
I just put in like a city,
state and zip.
And then if they want to hire me,
I'll give them a PO box.
So I think it's like anything,
it's about threat model, right?
Like what are you trying to protect
against?
For me,
I'm mostly trying to protect against data
breaches,
And I think there's only so much you
can do to be totally honest.
I mean,
unfortunately we still need to pay the
bills.
So that's kind of my take.
yeah i mean i think it's also interesting
i mean i come from uh i come
from like not working for companies i come
from like being a contractor and working
for myself so i mean i don't know
not everyone has that opportunity like not
everyone can do that um but i think
that does give you somewhat more control
because you are your own employer like i
guess um which you know not every job
has the ability to do that but i
think that is one
area that you can have slightly more
control I guess um but yeah I don't
really have I've never really had a a
real job question in quotes like whatever
you know what I'm talking about but yeah
um so I don't know maybe that's something
else to consider but it's obviously it's
very applicable it's very depends on your
situation
Yeah.
I, um,
I was a freelancer for a lot of
years and ideally that's the way to go,
especially once I got into privacy.
Cause originally I was a freelancer before
I was into privacy.
And then once I got into privacy and
I realized I'm like, oh yeah,
I could totally like put my PO box
on all these invoices and set up a
separate email.
And, um, like it's,
it's pretty cool how much flexibility you
have as a freelancer in that regard.
But, um, yeah, not everybody has that.
Unfortunately.
And the taxes are awful.
Oh, my God.
My other project, the new oil,
for intents and purposes,
the government treats it,
the company that I structured it as for
privacy reasons,
the government basically views it as my
personal money.
So I have to pay taxes every year.
I haven't gotten a tax return in years,
which to be fair is a good problem
to have.
But boy,
do I have an attitude every time I
have to file taxes because I'm like, damn,
I don't remember Uncle Sam filing any pull
requests or writing any blog posts or
editing any videos.
Yeah.
don't get me started on the taxes i'm
so pissed but anyways yeah i mean yeah
that's uh that's definitely a downside of
that um kind of happy that i'm an
employee now i don't have to worry about
all the ridiculous tax structures um but
yeah there's uh there's
There's ways to do that.
Oh, someone in the chat has asked, Tam,
seven, four, eight, asks,
what's Silo about?
I was going to get to that one.
Not to get off topic.
Silo is a post-apocalyptic sci-fi show.
Think of it kind of like Fallout,
but a lot more serious.
It's humanity is now living in an
underground silo and they cannot go
outside and they don't know why.
That's kind of the elevator pitch I would
give.
I love it.
I got my sister into it.
My sister actually watched it twice,
which was wild.
I forget what it was,
but I texted her something one time and
she's like, Oh yeah, I'm rewatching silo.
And I'm like, wait, what?
So my next goal is I want to
get my wife into it next, but yeah.
Well,
that does sound pretty interesting
actually.
Stairs and more stairs.
Yeah.
Lesser one has seen it.
He's not wrong.
Lots of stairs.
i guess we'll uh we'll go back to
we got one more how private are messages
on signal i heard people had their
messages leaked or something like that um
so every single story i've ever heard
about somebody getting their messages
leaked on signal has come from the end
point being vulnerable in the sense of
like um several i think it was during
the first trump administration somebody
had their their signal hacked quote
unquote because the fbi sees their phone
and unlocked their phone and looked at
their messages like obviously there's no
amount of encryption in the world that can
save you from that
Um,
I know there have been right now in
Europe,
there's actually been a lot of phishing
attacks on politicians to get access to
their signal and their WhatsApp.
Um, so if they manage to,
and a lot of the time what they'll
do with,
in the case of signal specifically,
I don't know how WhatsApp works, but, um,
a lot of the time what they try
to do is basically try to trick users
into linking the attacker's device.
Like basically it's a really clever way to
get them to scan the QR code without
realizing it.
And so now the attacker over in Moscow
or Beijing or wherever
has a Signal desktop linked to your phone
and they get a copy of all your
messages.
And so those are the kind of things
like Signal has rolled out some things to
try and slow down those kind of attacks.
But those are things that are not
vulnerabilities in the Signal protocol.
Those are like phishing attacks.
And again, like your phone was unlocked.
Like those are things that we would expect
to see with anything.
So at this time,
as far as we know,
Signal is the most private and secure
messenger out there.
or at least like top five,
like point blank.
I mean, there's really no arguing that.
There have been so many experts from so
many different political leanings,
countries,
fields of expertise who have looked at the
code and been like, yeah,
this looks amazing.
This is really solid and secure.
So-
They don't log any metadata.
They're designed to be trustless,
where it doesn't really matter if the
server is compromised.
I mean,
I guess you could argue maybe the server
would be able to record some metadata in
real time,
but they won't be able to get access
to your messages.
They've had multiple court cases where
they've had authorities request data,
and the only data they ever have is
when the account was created and the last
time you connected to their server.
So...
I mean, yeah.
How private are messages on Signal?
Governments around the world rely on it.
And then Roy caught what I said.
What about SimpleX?
I'm less familiar with SimpleX,
to be totally honest,
but we do recommend it on Privacy Guides.
It is very secure as far as I
know.
I think they are
also working on post-quantum encryption.
So I mean, SimpleX is also really secure.
It's a harder sell for people because
there's less users, there's less features.
I hate to say it,
but when we're trying to make these tools
accessible to people,
people really care about the features.
Signal got a lot of flack when they
rolled out GIF support,
but that's what gets people around.
The group chats, the attachments,
the GIF support, the user friendliness.
SimpleX is great.
I have a SimpleX account,
but it's just a hard sell.
If you can find people to use it,
go ahead and use it.
I'm not saying not to.
You're just probably going to have a hard
time getting your friends and family on
it.
I don't know what I would do without
my stickers.
I'm slowly getting more and more into
gifts.
I hate to say it,
but I'm really getting into gifts.
I'm starting to use a lot of gifts.
And then the last thing that, you know,
you don't even need a phone number for
simple X.
I think now we're kind of getting into
like privacy versus anonymity.
And I think it's also worth noting that
signal does,
they save a hash of your phone number,
not your actual phone number,
if I remember correctly.
So like in theory, the, the cops can't,
I mean I guess the cops could give
them a phone number and be like,
do you have this user?
But they're not really going to get much
from that.
So I don't know.
I think personally I see the complaint.
We just talked about this.
I think I see the complaint with the
phone number requirement.
I think –
Most people make it a bigger deal than
it needs to be.
Are there people who absolutely cannot use
their phone number?
Yes.
I'm not going to argue that.
Is that ninety percent of people?
No.
I'm glad that tools like simple X exist
for people who are in that situation.
But I think for people to just like
completely throw away signal and be like,
oh, it requires phone number.
It's trash.
Like,
I think that's a really strong
overreaction in my opinion.
But I'll be honest.
I'm a little bit of a signal fanboy.
So maybe I'm just biased.
Yeah, I mean, I think as well,
like I don't want to throw simplex chat
under the bus or anything,
but it definitely seems like it's
technically sound.
It's got a good foundation, right?
I think the main thing, and again,
this is my experience.
I tried it like probably a year or
two ago maybe and my, yeah,
maybe a year ago.
um,
the setup process wasn't quite as smooth
as, uh, as Signal.
So, you know,
I think Signal does kind of have an
edge in terms of usability,
but I think SimpleX does seem to be
more of this, uh, like you said, uh,
privacy first solution, right?
They're not requiring, uh,
They're not requiring user identifiers at
all.
Yeah, and I think if I remember correctly,
the founder of SimpleX said that one time
is basically like when they started,
they were really putting all their focus
on security.
And now they're at a point where like
we feel comfortable with security and
they're trying to put more emphasis on
usability.
And he's acknowledged that.
He's acknowledged it's a shortcoming.
That's just the particular roadmap that
they decided to take.
Um, so I think,
I know we've already seen a lot of
improvement in simple X in terms of things
like battery life, for example.
And I think in the coming years,
we're probably going to continue to see
more improvement.
They actually just rolled out channels,
um, similar to like telegram channels.
So I'm really, um,
interested to check that out personally,
but yeah, I mean, I,
I think in the coming years we're going
to see, hopefully we're going to see some,
some real improvement on the user
friendliness side of simple X, but yeah.
Yeah.
We got one more question from Tim.
Should we be using post-quantum
cryptography?
I feel like I've been talking a lot.
Do you want to tackle this one first?
We already did a video about post-quantum
encryption algorithms and what the threat
actually is.
If you want to check that out,
you can.
I can give you the TLDR here if
you don't want to watch that.
Basically, it's
A concern in the way that if your
information and data is being collected,
it could possibly be decrypted in the
future.
So, you know,
we're not at a point where quantum
computers are at a point where they can,
or even if we don't even,
and we also don't even know if quantum
computers will ever reach a point where
they will be able to decrypt data.
these encryption algorithms,
because I think there's it's kind of like
AI, like there's so much hype behind this.
It's like it's just hype everywhere.
So I think, you know,
take it with a massive grain of salt
when when companies are saying, you know,
we've made our encryption quantum
resistant or quantum safe.
I think it's
It's useful.
It's a good thing that most people should
be doing at this point.
This is like a positive step in the
right direction.
But I think the main thing you should
be focusing on is using tools that respect
your privacy that aren't going to be
having the information in the first place.
Like we were talking about with Signal,
right?
Like it would be better if the service
wasn't collecting the information at all,
if the connection,
it didn't even matter if the connection
was encrypted or not because they're not
collecting the information in the first
place.
So I think it should be in every
privacy tool's best interest to implement
it, and we've already seen that now.
Molvad and Proton,
and they've been rolling out these
post-quantum encryption tunnels.
And, you know,
it's good to see that this is being
adopted more widely,
but I think it's not a major concern
at this point.
But I think it's definitely something that
we need to see pushed forward in the
next couple of years.
Yeah, I agree with all of that.
There's a lot of debate even among experts
about whether or not quantum computers
will ever achieve their promised
potential.
I think right now it's one of those
things where like,
we have the capability.
So let's do it out of an abundance
of caution, which God,
I wish more companies would do that.
Right.
We'd have so many fewer data breaches and
we'd have so much better privacy if
everybody was just like, well,
technically we can do it this way.
So let's do it just to be safe.
But, um, yeah,
I don't think it should be a deal
breaker.
Like,
I don't think you should avoid a tool
if it's not post quantum encrypted, but,
um,
I think if they've got it on their
roadmap or they've, um,
they're expressing an interest in it or
they're working toward it,
or they've already implemented it.
I think that's definitely a plus for sure.
True.
Yeah.
So Roy actually gave another comment here.
It's so cool and super fast to open
account,
an account with simple acts very handy
when you have many profiles on Graphene
OS.
Yeah.
So yeah, I mean, I could be wrong.
I could actually be a hundred percent
wrong on that.
Maybe they've re they've re they've
rejigged their, their setup flow.
Um, so yeah,
take what I say with a massive grain
of salt.
I haven't used it in a long time.
Uh, maybe I guess Nate,
you haven't set up a new account probably
in a long time.
So it's probably not helpful either,
but not, not super recently, to be honest.
Um,
I think a few months ago I set
up a,
cause one of the only things I don't
like is, um, they don't,
there is no like cloud sync of your
database.
So if you, um,
Oh,
I don't know if you have a phone
that literally explodes or something like
that.
You might accidentally lose your account
and all your contacts and everything.
So it's on you to keep really good
backups,
which I don't always keep as good of
backups as I should.
Actually,
I'll tell you exactly what happened.
When I left Surveillance Report,
I think we shut down our...
We had a business account and I was
trying to shut that down and I
accidentally deleted all of my accounts on
some on Siblex.
Um,
so I had to make a new one,
but yeah,
that was like end of last year,
beginning of this year or something.
Um, so not recent,
I don't remember it being like crazy
difficult,
but it's certainly not like something like
session or signal where it's just like,
yeah,
basically just keep clicking and
eventually you'll get there.
Like you do have to put a little
bit of thought into it, so.
Okay.
Yeah, that's cool.
Alrighty,
I think since that was all our questions
so far,
I think we'll go ahead and call it
a week.
So all the updates that we talked about
will be shared on the blog every week.
So sign up for the newsletter or subscribe
with your favorite RSS reader if you want
to stay tuned.
Don't forget that if you sign up for
that newsletter,
that also acts as a reminder because it
goes out right when we start streaming and
there's a link to the StreamYard stream in
there.
So super handy.
For people who prefer audio,
we also offer a podcast available on all
platforms and RSS.
This video will also be synced to
PeerTube.
Those last two are not in real time,
but if you prefer audio or PeerTube,
those will definitely be there.
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
you can make a donation on our website
by going to privacyguides.org.
You can also go straight to the website
and click the red heart icon located in
the top right corner of the page.
You can contribute using standard fiat
currency via debit or credit card,
or you can opt to donate anonymously using
Monero or your favorite cryptocurrency.
Becoming a paid member unlocks exclusive
perks like early access to video content
and priority during the This Week in
Privacy live stream Q&A.
You'll also get a cool badge on your
profile in the Privacy Guides forum and
the warm,
fuzzy feeling of supporting independent
media.
So thank you all for watching,
and we will be back next week with
more news.
Thanks, everybody.
