License Plate Readers Are Framing Innocent People
Flock is targeting innocent people and
WhatsApp is trying to sue NSO group.
Apple is announcing new features that
allow you to automatically change your
compromised passwords and more.
All this coming up this week on This
Week in Privacy, so stay tuned.
Welcome back to This Week in Privacy,
everyone.
This is our weekly series where we talk
about what's happening in the Privacy
Guides community and this week's top
stories that we've seen in the data
privacy and cybersecurity space.
I'm Jonah and with me today is Jordan.
How are you doing, Jordan?
I'm doing good.
Really excited to jump into some of these
stories this week.
We've definitely got a great lineup of
stories to cover.
I totally agree.
Let's get right into the first one here.
This was reported by Times of San Diego.
They say a flock license plate reader
linked a San Diego man to a violent
crime.
He was five miles away.
Basically, the story starts out, well,
I'll read the beginning.
It kind of explains it.
When Hugo Parra was arrested last year on
felony charges,
his pleas of innocence fell on deaf ears.
San Diego police had a description of the
Alfa Romeo car he was riding in and
a witness who identified him during a
curbside lineup as the man who brandished
a handgun in Golden Hill.
They had also checked the city's automatic
license plate camera system run by the
private company Flock and got a hit,
substantiating the claim.
The problem, says attorney Alex Kuhlman,
was that Para was five miles away from
Golden Hill at the time of the crime,
and the so-called hit
from license plate reader was captured
before any police pursuit began.
The flock hit was obviously the wrong car
as it could not have been in both
places simultaneously, said Kuhlman,
who represents Para and the driver,
twenty three year old Ariel Beltran.
So basically the story
coming from San Diego,
is talking about this man who was accused
of a crime while the Flock license plate
reader system proved that he was nowhere
near the scene of the crime at the
time.
The article says that Paris spent nearly
one month behind bars missing Thanksgiving
and other family events before the assault
charges were dropped.
We've talked a lot about
lock and license plate readers on the
show.
So I think people who watch this regularly
kind of know about all of the issues
with flock.
But I think we wanted to include this
story because it kind of demonstrates how
none of these tools are ever going to
be used in your favor,
even when they clearly prove that
uh you've been nowhere near the scene of
the crime or anything going on that you
might have been accused of any of those
results are going to be disregarded by
police but if any shred of evidence can
be gleaned from them that might place you
at the scene of the crime they will
be used to
basically accuse you and ruin your life,
or at least that part of it.
So yeah,
that was the only thing I really wanted
to highlight.
It's just the demonstration, I think,
that all of this mass surveillance is not
worth the cost because it's so unreliable
in so many ways,
whether it depends on AI or whether it's
just
a system that isn't reliable like this one
and can't be trusted,
we are placing a lot of faith in
these automatic systems like license plate
readers and other forms of mass
surveillance in our society that don't
have a very clear benefit and get things
wrong a lot of the time.
Yeah,
that's basically what I wanted to cover.
I think we've kind of done flock stuff
to death maybe at this point,
but just an update for you.
Jordan,
was there anything in this article that
you saw that you wanted to highlight?
I feel like the most surprising thing in
this article for me was like,
if you read like further down in the
article,
there's like stuff about how like the
officers literally didn't even check any
of this first.
They were just like, oh,
it's a hit on flock.
And then they went and arrested this guy.
And apparently they literally took him to
like jail and everything.
Like they literally jailed him based only
on this information.
Like it's...
it is kind of ridiculous that maybe I
feel like maybe police are relying a bit
too much on this technology when,
you know, like you said,
it's not really that reliable in terms of
like actually detecting things and
correlating information.
But yeah.
Yeah.
It's a great question.
Like what they consider to be a hit,
because if they're just basing it on like,
is this car in the flock system?
That's not exactly proof of anything,
is it?
Not really.
Yeah.
And especially because like, I don't know,
the,
if that's all they're going on to like
actually arrest someone and put someone in
jail, like just to,
that's the only thing that they need.
I feel like that's maybe a bit ridiculous
that they're like relying so heavily on
it.
They even said like in the article,
it even says like, Oh,
we checked this guy's car.
We like looked through all of his stuff.
He had no weapons.
Like there was,
there was not really a whole lot of
evidence that this person was
like even immediately obvious evidence
that this person was connected to this
crime.
So that's why it's kind of surprisingly
ridiculous.
And I think the San Diego Police
Department is going to get sued pretty bad
for this because I don't think they really
had any evidence to arrest these two
people.
And apparently they're seeking at one
point five million in damages.
So I don't know.
I mean, yeah,
this has life-altering implications for
sure when you're convicted of a crime and
you're jailed for that long.
I think that's one of the most ridiculous
things to me.
I think being wrongfully accused of a
crime...
in general is a terrible thing to happen
to anyone.
But in the heat of the moment,
some of these things can happen with
police.
But to spend an entire month in jail
because of a crime you didn't commit is
ridiculous.
Spending more than one night while they
sort anything out is ridiculous because
You really should be innocent until proven
guilty,
and that is just not what we see
in a lot of cases,
and especially in this one.
That is quite a significant punishment,
I think,
spending an entire month or more in
jail um that the police just kind of
did arbitrarily this wasn't you know the
result of any sort of conviction or
anything it's it's too long of a waiting
period for sure especially again at the
hands of these very unreliable tech
systems that that we just cannot push all
of our judgment and accountability on
because again they get things wrong so
much of the time so
Yeah,
I hope his lawsuit goes through and he
makes some money because usually hitting
them where the money is might make them
change their minds.
But at the same time,
Even that's a bit challenging with the
police because they're taxpayer funded.
So what do they care, right?
But hopefully there's some accountability
and some changes that are made here.
And hopefully other places learn a lesson
from this as well,
because I think that we're going to be
seeing more stories like this throughout
the country and around the world as these
license plate readers and other systems of
mass surveillance like this get
implemented more widely.
So yeah,
it's just super unfortunate stuff.
And it's exactly the kind of thing that
people who have been against flock or
people who have been against mass
surveillance in general for an even longer
period of time have been
warning against from the very beginning.
It's a very predictable outcome, I think,
of these systems.
And, yeah,
now we're seeing the results of that,
which is crazy.
Maybe for people that, like,
aren't super familiar with what, like,
who and what Flock actually is, like,
how exactly is this, like,
is it like a camera system that has,
like, some AI detection, like,
algorithm or something,
or how exactly does that work?
Yeah, so they sell these to...
like cities and police departments as a
camera system that you can put up pretty
much all around your city to track cars
basically wherever they go based on their
license plates.
So it kind of maps out people's specific
locations where they traveled, et cetera,
and gives that information to law
enforcement or other people to basically
trace people anywhere in the city based on
where their car is going.
The way that flock systems work in general
is somewhat different depending on the
jurisdiction.
Law enforcement agencies or towns would
have the option to, for example,
share all of this data with a national
database, so like with the FBI,
for example,
so that they can all be linked together
and potentially trace people even outside
of that one specific flock system.
You can opt out of that, but
All of these flock systems still kind of
interconnect to the flock company's
servers,
and that potentially gives a lot of access
to third parties to all of this
information.
Yeah, it's just a very popular thing.
It's not the only solution.
There are other automatic license plate
readers systems that are being
implemented.
But Flock is kind of a big one,
and it's the one that has been in
the news the most recently.
We've seen a lot of stories about either
these systems being implemented in
different cities or pushback from citizens
of those cities
getting those flock systems removed.
We've seen a lot of examples where a
lot of money has been spent on
implementing these flock systems only for
the public outrage to be so great that
they have to go and undo all of
those changes,
which
is of course not great for the taxpayers,
but is important to keep in mind,
I think,
for any city council who is considering
implementing such a system.
The pushback against this sort of thing
from the general population when people
are aware of what's going on here is
pretty significant and universal,
that it's just not a great idea for
this system to be implemented and
we kind of need to avoid implementing such
things in the future.
And I think city councils need to take
a lesson there.
It's funny,
I think a couple episodes ago we talked
about a flock situation like that where
One of the city council members had a
very emotional reaction to their system
being removed from the town.
And they were like, well,
we might as well just let crime be
rampant in the area.
And that he took it so personally,
probably, I mean, to me,
only kind of speculating is an indicator
that he was probably getting some sort of
kickbacks from Flock or something to get
this stuff implemented.
So I wouldn't be surprised if there's a
lot of lobbying going on from Flock and
these other ALPR.
companies to get these systems implemented
in a lot of different cities,
unfortunately.
But we have seen time and time again
that local city councils are very
responsive to people who actually show up
and care.
So if this is something that there's even
a whisper about in your communities,
I think it's super important to make your
voice heard and voice your distrust of
luck and your dissatisfaction with any
sort of
ALPR system because it's a massive
invasion of your privacy being basically
tracked wherever you drive,
wherever you go in a city,
potentially revealing a lot of personal
information about yourself.
So yeah, the flock system is not great,
not great at all.
I guess one thing that kind of crossed
my mind talking about this,
like more at like the government level is
how does this even interact with like,
you know,
the fourth amendment and like all these
laws to like you know have actual privacy
does does privacy just not exist in public
if if they're just allowed to record every
place that they see your car like how
does that work exactly yeah i mean i
think this stuff specifically points to a
larger problem that we have with the laws
in at least in the us currently some
countries have solved this but it's not
super widespread but i think
basically when you're in sort of a public
space which would probably include any
roads because that's government property
they will say you have no expectation of
privacy and they can basically track you
or take your picture or do whatever sort
of privacy invasive things they they want
to do um
And that's all perfectly legal because,
again, you have no expectation of privacy,
according to them, which is, I think,
just a super unfortunate situation that we
have with the current privacy laws.
It's sort of related to this other problem
that we have with the Fourth Amendment
with the government.
relying on third party companies like data
brokers,
but to gain this information without
having to go through official channels
like getting a warrant.
But in this case,
since the systems are kind of operated by
these governments and law enforcement
agencies themselves,
that sort of like third party loophole
isn't being used as far as I know.
But I do think that accessing these
databases
should absolutely require a warrant.
I mean,
I think that even collecting this
information in the first place should
require a warrant,
but that's kind of tricky with the privacy
laws that I stated.
There just aren't a lot of safeguards in
place right now to protect people from
being surveilled in a mass way like this.
And I think that that's a big problem
with all of these systems and mass
surveillance systems in general.
are kind of giving up a lot of
privacy for dubious gains.
And it's really just getting rid of like
any sort of responsibility on law
enforcement's end to perform their own
investigations,
they can kind of offload this to these
computer systems who can trace anyone and
kind of get give results based on whatever
algorithms are in place,
which is not a very targeted approach at
all, which I think is really bad.
Yeah,
and I think also talking about this like
massive database that's, you know,
available nationally as well,
like we can kind of move into this
little,
I don't kind of wanted to use this
as backup to show that this is like
a really bad idea, but cops are,
they keep getting arrested for using this
technology without people's consent for
people that aren't,
for people that aren't actually criminals,
right?
So this story here from four or four
media cops keep getting arrested for using
flock to stalk people.
Who would have thought that that
information could be used for that as
well?
Yeah.
So basically there was a couple of police
officers who were using this flock tool to
basically track their ex-girlfriend's
license plate through the flock automated
license plate reader system database.
And apparently this officer used it sixty
nine times.
So, you know, I think.
This is data that is ripe for abuse
as well,
because all it takes is this data to
get leaked or like, you know,
for that to be like an API issue
where someone's able to access this and
they can basically find out where anyone
lives, right?
Because their cars are going to be driving
around.
I don't know.
I just think it's too much data and
it's centralized too much into like these
massive databases.
And yeah,
it's almost too much power to give people
And I feel like it's almost,
it's obviously not the same level as
facial recognition, right?
But it's like still like a similar thing,
right?
It's like just tracking you based on your
number plate instead of your face.
So, I mean,
it's definitely less invasive than that,
but it's like,
I feel like it could kind of segue
into that eventually if they're like,
you know, lobby hard enough or anything.
Yeah,
I think that that article is a good
example of the dangers of there being no
checks or accountability on these systems.
I mean,
you take a look at this sort of
reporting and you read about what this cop
was doing and his...
behavior was so egregious uh this the four
or four media article says it was so
commonplace that uh his colleagues noticed
him researching his ex-girlfriend's
whereabouts while the officers were
sitting in their police cruisers so he was
being pretty open about it and i think
that a lot of those cases which lead
to arrests um are going to be completely
ridiculous like that but a lot of cases
I think almost certainly there are a lot
more cases where this behavior is
happening,
but because they're not doing it in such
a stupid way, like this guy,
they're not being caught.
And this kind of thing is just going
to happen because there's really nothing
in place to stop them besides...
David Price- Maybe being reported by by a
colleague or being caught up in some sort
of manual audit at some point,
but in the moment,
all of these systems are just sitting
there waiting to be used by anyone who
has access to them so.
Yeah, exactly.
Like you said,
I think just having this power in the
first place represents a danger.
I think that people in general just can't
resist using this sort of thing if they
if they have access to it.
At least at least some people,
which is just another way that people are
put in danger by by these systems.
Yeah, exactly.
I guess we've kind of covered like that
quite thoroughly now.
I guess we can kind of dive into
this next story here from this one here
is about WhatsApp.
So if you didn't know already,
like it's kind of been an ongoing thing
that for the last three years, I believe,
WhatsApp has been suing NSO group because
they keep using their technology to hack
people's devices through WhatsApp.
So basically this new story is basically
an update to that.
WhatsApp says it caught new spyware
attacks linked to the NSO group in
violation of court order.
So basically there was a court order that
specifically said that NSO group could not
target people on WhatsApp.
And basically it was found,
WhatsApp found that there was
evidence that they were still doing that
um so here i'll just read straight from
this article last year as part of a
years-long lawsuit launched by whatsapp
against nso a court ordered the spyware
maker to stop targeting whatsapp and its
users whatsapp claimed that the new
phishing campaign revealed on monday
violated this permanent injunction and as
such filed a contempt order against nso um
Yeah, so this injunction, I guess,
stems from a twenty nineteen mass hacking
campaign by NSO that targeted more than
fourteen hundred WhatsApp users following
the discovery.
WhatsApp notified the victims and sued the
spyware maker.
And a jury ordered NSO to pay a
hundred and sixty seven million in
damages,
which was later lowered to four million.
Oh, my goodness.
That is tragic.
But, yeah, I think this this story,
if you're not familiar with NSO,
one of their basically the biggest
victims.
I wouldn't say the biggest,
but like maybe the most prolific Pegasus
spyware.
That's like one of their biggest products,
I guess.
And you know,
this is a company that is actually put
on a block, like a block list in,
in,
in the U S and they've even had
sanctions and stuff.
So, you know,
this is like a company that is not
particularly
good, I would say.
So this is kind of not that surprising
that there would be still trying to hack
WhatsApp users.
But I don't know.
Do you have any thoughts on this one,
Jonah?
Yeah,
so all of this kind of stems from...
Some rulings that Meta got in their favor.
It was back in just May of last
year.
They were awarded that, what was it,
a hundred sixty seven million dollars in
damages in the injunction against NSO
Group being able to hack WhatsApp,
basically.
And then in October,
the payment was reduced to four million,
like you said,
but that injunction against NSO Group
basically blocking them from targeting any
WhatsApp users was granted insulin effect.
So the fact that they are continuing to
do so anyways,
is just a blatant violation of that court
order, which is crazy.
So I guess we'll just see.
I guess we'll see what comes of this.
they are basically seeking to hold NSO
Group in contempt of court because they
are violating that ruling.
So will it make a difference?
I guess I don't know.
I kind of doubt it since it seems
like NSO Group is going to be flagrantly
violating all of this stuff anyways.
And I don't know how much exposure to
the U.S.
jurisdiction that NSO Group even has
because they...
are putting a lot of pressure on them.
This article, did you mention,
they are going to continue with their
plans to enter the American market.
The US government hasn't removed NSO Group
from that block list yet,
but apparently they are lobbying to get
that done.
Hopefully this represents a gigantic
hurdle for NSO Group to enter their
operations here because I think,
depending on who they're selling this to,
I wouldn't be surprised if their end goal
is to get these tools in the hands
of law enforcement agencies or local law
enforcement
in a similar way to these flock cameras
we were just talking about which would
represent a huge danger in in the name
of like supposed help with investigations
and stuff like that so yeah i mean
it's kind of all i have to say
it's a it's a quick story but at
least meta is not letting this go which
is which is something
Definitely a rare, rare meta W, very rare.
Um, but like,
I think this is also like,
they did mention in this article as well
that like, uh,
this spyware maker NSO group,
which is like an Israeli company, um,
did get acquired by us investors.
So like,
that does raise kind of some questions if
possibly, you know,
that does mean maybe this technology might
end up being implemented in the United
States.
But I mean,
I think it's also too early to tell
at this point,
especially considering that they're still
on the block list and they're still being
sanctioned.
So I think it's, yeah,
it would definitely be really terrible if
this did start rolling out,
like this technology,
because I feel like NSO Group has been,
I mean,
I think you could argue maybe that this
technology is good when it's used against
bad people,
but I also think it does end up
being used for bad things as well, right?
Like when you have this much power to
hack people,
it is going to be used for something
bad.
I'm not really super familiar with who and
what they use this technology,
NSO Group's technology on,
but I don't think that should be
used on anyone if possible.
I mean,
I feel like it also could be targeting
like journalists and all that sort of
stuff as well.
I'm not really sure though.
Yeah,
I think that's the main thing that we've
seen.
Journalists, activists,
politicians especially.
There's been, I mean,
we've seen examples of this happening to
politicians in Europe and other countries.
We've also seen
i believe we mentioned this in a recent
episode but ron wyden has been warning uh
senators and other congress people here in
the us that they are being targeted by
spyware on their phones and they need to
switch to more secure systems so this
stuff is pretty prevalent and a lot of
people are impacted even at even at these
higher levels uh by intelligence agencies
and other people who are using this
spyware so it is
it is a danger and these spyware companies
are basically developing all of this in
the open and selling it, which shouldn't,
shouldn't really be,
shouldn't be allowed at all, honestly.
Yeah, it is,
it shouldn't really be happening,
but unfortunately it is.
I guess also kind of like a follow-up
a little bit to the,
to the story where we talked about like
the Phlox, Phlox license plate readers,
there's this new story here from
massachusetts if you want to grab that one
yeah so some good news in this case
this was reported by tech crunch
massachusetts votes to pass a new privacy
rights bill that bans sale of precise
location data massachusetts lawmakers have
voted to pass privacy protections that
grant the state's residents new rights
over accessing and deleting their data
held by big tech giants the bill also
bans companies from selling their users
precise location data
Later on in the article,
they say the move makes Massachusetts the
latest U.S.
state to push for stronger consumer
privacy rights after years of documented
abuses by the wider technology advertising
and social media industries.
While the United States does not have a
nationwide privacy law,
unlike many of the world's major
democracies, U.S.
states have filled the void of legislation
by bringing their own patchwork of privacy
rules that apply to their states.
So I think at this point in time
in Massachusetts,
the lawmakers have passed this bill.
The article says that their Senate has
also advanced their own bill doing the
same thing,
and now those bills are basically going to
be combined in the Senate,
and then it'll be sent to the governor's
office.
So there is that whole process where the
governor eventually has to
approve this,
but the article says that it's expected
that they will sign it into law.
It's just not clear
when that will happen so there is a
bit longer but the article says that the
bill if it is passing the law is
going to apply to companies that handle or
process the personal data of more than one
hundred thousand consumers which will
mainly affect medium-sized startups as
well as silicon valley technology titans i
think in addition to the big tech
companies that will be impacted by this
Another major impact this is going to have
is on cell carriers because they have been
found to sell sort of this location data
to data brokers and other parties as well.
And hopefully this puts an end to that,
at least in Massachusetts.
I think that this is a really important
issue because
The data broker thing,
as I alluded to in that flock story,
is kind of a loophole around the Fourth
Amendment.
Basically,
all of these private companies are selling
data to data brokers,
and then those data brokers in turn are
selling all of that data to the
government.
And the government can say, basically,
since they're getting this information,
like a third-party company is voluntarily
giving it to them they don't have to
you know have a warrant in order them
to give the handover that information
they're saying that a warrant isn't
required to obtain all of the sensitive
information about people when normally if
they wanted to obtain that information
from the companies that process this
information directly they would have to
get a warrant in a court order to
tell like google for example to hand over
the data so the data broker thing is
a gigantic loophole in
Privacy laws,
at least in the US right now,
that definitely needs to be patched
because there's really no oversight
whatsoever when it comes to the government
using all of this data that data brokers
are collecting.
This data broker data is also used by
a lot of different companies for stuff
like targeted advertising,
which will lead to problems like
surveillance pricing,
which we've talked about in previous
episodes where companies will eventually
adjust prices for things based on all the
stuff that they know about you.
And geolocation data,
like where you're traveling, reveals,
again, a lot about where you're going.
This is not just from where you're driving
in your car, like with Flock,
but this would be data from your phone
and other technology sources that
can reveal even more information about you
than, than Flockwood.
And all of that data is,
is very revealing and very powerful.
I mean, we,
we know how revealing it is because we've
seen the privacy policies of like car
companies these days,
like spelling out all of this data that
they can get basically by,
by tracking the computers in your car.
And it's a ridiculous amount of,
of information that they are able to have
and
Yeah,
it's really just not something that should
be in the hands of all of these
companies kind of sharing it all around.
So stopping that from happening is a huge
win for people in Massachusetts.
And hopefully more privacy laws are
implemented or national privacy laws
implemented that stops all of this even
further.
Yeah,
I think this is like one of those
things where we're seeing like,
it feels like almost every year we're
seeing like more and more states like
adopting these privacy laws.
And like, you know,
maybe that does mean that there'll be a
push towards something national because I
feel like that is kind of like the,
that would be ideal, right?
It would be better if it was a
national thing instead of just like state
by state, right?
Or is it better to have things like
this or...
Yeah, absolutely.
It would be better to have a national
law that's more uniform.
That sort of thing is obviously harder to
pass, I think.
And in the meantime,
more states adopting this is is super
important.
So hopefully this sort of legislation in
other states gets passed forward.
But yeah,
having a minimum baseline across the
entire country would be it would it would
be a huge improvement because
There's probably companies who aren't
going to comply with state laws,
especially if they have not a huge
exposure to that state.
So making it uniformly applied to all
states in the United States would be a
huge improvement as well.
Definitely.
I think one thing that was kind of
surprising to me, though,
in this specific law that the TechCrunch
article talks about is the law would block
the sharing or sale of sensitive
information without a user's explicit
consent.
So you're saying, like,
I don't know if I'm reading between the
lines enough here, but, like,
does that mean that if you consent to
this,
then they can technically go ahead and
just sell the sensitive information?
Is that kind of what I'm reading right
now?
Yeah,
I'd be concerned about this a bit
because...
There aren't a lot of protections,
I think,
in place about people accepting terms of
service.
And like,
could this be snuck in there into these
things that people just kind of agree with
or agree to without reading them?
I think that's a concern.
That hasn't, in a lot of court cases,
really held up,
that you can just hold people to these
super lengthy terms of services that the
companies know most people probably aren't
reading in full,
but it's certainly going to make any cases
against these companies harder,
so I wouldn't be surprised if that's a
technique that they try to use here.
I think there's also an issue with...
A lot of the times when people consent
to their data being collected in this
manner or being sold in this manner,
it's because they don't have maybe the
context or the education about data
privacy, for example,
to understand all of the different ways
that this data can be used.
Because typically,
if companies are going to ask you to
opt into giving a permission on your phone
or opt into participating in a program
like this, they're going to highlight,
like,
the benefits and not highlight all of the
downsides that are taking place.
So then it becomes a question of like,
can people provide informed consent in the
first place when it comes to stuff like
this?
And I think in a lot of cases,
that isn't really the case.
These tech companies know far more about
how to exploit the data that you're giving
them than you know about what data you're
giving them.
So it is a huge imbalance
in that whole dynamic that I think is
dangerous.
So yeah, I guess to answer your question,
these laws do leave open a lot of
questions.
And again,
it's sort of a situation where we kind
of have to see how it all plays
out, basically.
Yeah,
it did seem like this law in particular
had people like Evan Greer from Fight for
the Future and the ACLU also saying that
this was a really good move.
Even if there might be things that aren't
super great about it,
there's still a little bit of a loophole
there.
it's definitely still like cracking down a
little bit, right?
Like,
I think we should try and get the
wins where we can.
Like if, if there's a,
if there's something that goes through,
that's like still offering some protection
to people,
that's better than something that's,
you know, just wholesale allowing it.
So that is still better.
Right.
Um, and I think this also, like,
it kind of touches a little bit.
If you look on this article,
it also touches a little bit on,
The author of this article mentions that
data brokers have basically relied on app
developers selling their users location
data.
People will just kind of allow access at
all times to their location to apps and
stuff like that.
And that's also being used to aggregate
into these data brokers as well.
So I don't know.
It would be interesting to see how that
also plays.
Because if someone...
if all this means is that then those
app developers just have to say like, oh,
do you explicitly consent to us selling
your location data?
I'm sure most people might actually say no
to that, but I don't know.
It definitely does raise questions about
that, but at least seems like,
this might have some impact at least on
larger companies.
Is this something as well,
like I see a lot of these laws
apply only to like larger like
organizations,
like medium organizations where it's like
a hundred thousand plus consumers.
Is this like a concern as well?
If it's like a bunch of small players
that are just doing this as well,
like is that kind of also a bypass
for this or?
Yeah, that's a great question.
I don't really understand why,
I guess I'm not really super familiar with
the data broker or data exchange landscape
when it comes to much smaller providers.
I don't know how common that is or
what kind of use cases they would be
doing if you have less than a hundred
thousand consumers worth of data.
What are you realistically doing with that
and who are you selling it to?
I don't really know.
I think a hundred thousand consumers is
maybe a little like that bar is a
bit higher than i would like it to
be i think it should be a bit
less but
I think there is some danger,
especially with small businesses,
that they would want to balance this
against because it's also very easy for
small businesses to be kind of accused of
violating all of these laws that they
didn't necessarily even know about and
then having to defend against that sort of
thing.
Even if they're not even doing this in
the first place, I think that would be...
that could be killer to a lot of
small businesses just being involved in
unnecessary lawsuits.
So I think that that is the reason
why we commonly see a lot of these
laws have some sort of bar where it's
only going to apply to larger
organizations, even the GDPR and the EU.
A lot of the provisions only are going
to apply if you have, I think,
more than like a certain amount of
employees, if I remember,
which is another way that this is commonly
done.
So
Yeah, I'm not sure if I totally agree,
but if you are not past that,
a hundred thousand consumer threshold,
you might not be doing mass surveillance
in the first place,
because when we're talking about mass
surveillance,
typically it's like this is going to
impact everyone in the community or this
is going to impact, you know,
people nationwide,
like millions of people are going to be
impacted.
So this does limit the impact of smaller
situations.
But I don't know
How dangerous that is.
I do think that the most prevalent cases
of this are going to be these big
tech companies, like the article says,
and putting a stop to that.
Regardless of what anyone else is doing
with this data,
that's still going to have a huge impact
on people's privacy.
So it's a good first step.
I guess what you were saying about it
being a good stepping stone,
I think that that's totally true.
We talked about that a bit when we
talked about the Surveillance
Accountability Act that Naomi Brockwell
drafted.
And I even asked Naomi Brockwell about
this, like,
do you think it's likely to get passed?
And she said, no, probably not at all.
And the reason is that this stuff is
still super important because it gets the
conversation going or it gives us...
a base to build off of with more
comprehensive privacy laws in the future.
I think governments are just slow,
whether that's because of bureaucracy or
whether that's because it's by design or
whatever.
They are just slow to take action and
prevent this sort of thing.
But establishing some precedent helps with
speeding things up in the future.
And just making people more aware of this
with laws I think helps with speeding
things up in the future.
A big reason that the Surveillance
Accountability Act was so important was
because it just gets things out in the
news that like, oh,
the government is doing this.
There's some efforts to stop it.
Even if those efforts aren't passed,
it's a conversation that we need to have
and that lawmakers need to have.
And that sort of,
just from an educational perspective,
is super important to have.
yeah,
any sort of privacy law being passed is
a huge improvement,
but there's certainly still a longer,
there's certainly still better paths that
this could go and this could be improved
pretty greatly,
but hopefully this leads to that
happening.
Yeah, definitely.
I think it's also important,
like we've kind of been pushing for this
for people to, you know,
contact your local representatives,
make sure you're doing like that
grassroots action and trying to get people
to
actually take this stuff seriously.
Um, because yeah,
it is definitely does seem like it is
a bit of an uphill battle, I guess.
Um, because there is so much,
like we've talked about it previously,
like with flock and all this like mass
surveillance stuff that's being rolled
out.
Um, so yeah,
definitely is important to do that.
Um,
do you have anything more you want to
add here or do you want to dive
straight into some site updates?
I think that's kind of it.
Yeah,
why don't you give us some updates on
what you've been working on on the video
side of things so far?
Yeah,
so I guess I'll also give an update
on what Nate's been working on too,
because we've kind of been also working
together on it.
But yeah,
Nate put together a Jellyfin tutorial,
because I don't know if everyone's seen,
but Plex is now upgrading the cost of
their lifetime Plex pass,
which basically gives you unlimited access
to all the
features of the Plex Media Server.
They're upgrading the cost to seven
hundred and fifty dollars US dollars,
by the way.
And that is kind of expensive.
It was like I think it's now two
fifty.
And before that, it was even less.
It was like I swear it would drop
down to like fifty before.
So it is kind of wild that they've
increased it so much.
In fact, a little bit greedy.
So we kind of wanted to, you know,
cash in a little bit on that and
put something out for people that are like
very frustrated with
plex doing all these silly things i think
plex has also kind of done some strange
stuff that's kind of diverged a little bit
from the people that use their product
like like including a bunch of streaming
stuff um not really focusing as much on
the media service stuff i think people are
kind of
looking for alternatives.
So that's what we're trying to do is
provide like a way for people to switch
away to something that doesn't even cost
any money.
You should donate,
but it doesn't cost any money.
Jellyfin is like an open source project.
There's no strings attached.
It's definitely less expensive.
of a good experience,
but if that is okay for you,
like if you can put up with that,
then I think it's definitely a good
alternative to Plex.
Um, so yeah,
Nate has recorded that this week and he
shot that over to me the other day.
So I've already started like doing some
basic edits on it.
Um,
that should be an interesting video to
look out for.
And we've also been working on a video
about passwords.
So that is currently out to members on
YouTube.
And I think we're just waiting on,
we've had like a lot of stuff going
on behind the scenes this week.
So we haven't had time to put that
on peer tube yet,
but that will be also up on peer
tube at some point.
Um,
that that's a video kind of going through,
I feel like there's a lot of
misconceptions about passwords and,
what is a secure password.
So that video was written up by Nate
with some help from Jonah as well.
And we kind of went through a lot
of the,
I guess,
misconceptions that people have and,
you know,
tried to give people good actionable
advice on how to create good passwords.
So that's definitely going to be an
interesting video that will go public.
I believe that will be going public on
Saturday at ten a.m.
Central Time.
So definitely look out for that going
public.
But right now it's available to members.
Yeah,
that's sort of everything that I've been
working on.
What about you, Jonah?
Yeah,
I just want to say about the Plex
stuff quick.
I hope that that does convince a lot
of people to switch to Jellyfin.
I think that all the Plex stuff,
especially the weird stuff that you
mentioned about them adding streaming
stuff and stuff like that is really
indicative of the VC funding issues that
we've seen.
Obviously,
Plex has taken on a lot of money
and now investors are hoping to cash in
on that.
And Plex doesn't really have a clear path
to doing so probably because you know,
what is it it just serves files on
your local server in theory,
but now they've spent all this time and
money on building features that nobody was
really asking for.
So
I honestly think if Jellyfin is a bit
too rough around the edges for people,
it's probably also worth looking into MB,
which an older version of that,
which used to be open source,
is what Jellyfin forked from.
I've been using both Jellyfin and MB
recently.
just because i don't agree with the
direction plex is going in at all and
i will say that the experience right now
on mb is significantly better they they
charge some amount of money for either a
subscription or a lifetime pass obviously
significantly way less than plex but i
think that it's a project
that plex users who are willing to use
these i guess proprietary alternatives
because plex they're already using plex
which is proprietary it's worth looking
into because i think mb is doing what
plex should be doing which is just being
focused on serving your own media and not
also adding in all of these other things
or taking on a bunch of vc funding
to add pointless features that nobody
asked for so
In the meantime,
if Jellyfin isn't going to work for you,
I do think it's worth looking into.
But in the long term,
I hope an open source solution like
Jellyfin really takes off and gets a lot
of attention.
And hopefully these changes will make it
so that more people are contributing to
Jellyfin because now you kind of need to
if you don't want to spend that absolutely
insane sum of money that Flex is now
demanding.
Anyways, yeah,
I'll share some other things that we've
been working on.
A lot of the time I've spent this
week has been redoing our server setup,
which is not super exciting,
but I'm converting it all into scripts and
code that we will publish on our GitHub
so there's more visibility into what we're
running and more people can make changes
to all of that stuff if there's any
sort of
emergency because right now we just kind
of have a lot of systems that we
need to get unified so i don't know
how many people are interested in that
sort of thing but if you are for
some reason probably hopefully by next
week we'll have a repo on github that
will be public that kind of
has all of that stuff in it.
So at least on my end,
for me personally,
that'll be cool because it simplifies a
lot of the stuff that I have to
do.
The other thing I've been working on is
more stuff for verified apps database.
And the app that we have on Android,
I've been improving that,
working on getting it submitted to app
stores,
and also just going through submissions.
So there's a few more apps in there.
We have a lot of submissions open right
now.
People have been really contributing.
I would definitely say if you would like
to help improve our services,
it would be really appreciated to submit
the apps that you have on your phone
as well so we can kind of expand
this database.
We are expanding it right now with apps
that we can basically verify from
different app stores,
but eventually we'll move on to verifying
stuff like APK files that you download
from websites directly or from GitHub or
what have you.
Yeah,
I'm just excited about that project
because I think it's a pretty useful
feature for people on Android,
especially if you're downloading apps from
the internet or maybe untrusted sources
because, for example,
you don't have access to Google Play
yourself,
either because it's not available in your
country or because you just don't want to
use
Google Play services in a Google account.
And you have to get your apps elsewhere.
This is a good way to check whether
those apps are legitimate, in my opinion,
and hopefully other people agree and find
it useful.
So yeah,
basically working on building that.
In other site news, mostly Fria,
but also the team in general have been
publishing
more news stories to privacyguides.org
slash news so a lot of the stuff
that we've seen that we don't have time
to talk about here on this show typically
gets published at privacyguides.org slash
news so that is a good place to
really keep up with a lot more news
stories in this space that we're aware of
in addition to what we post on the
forum and stuff of course from the
community so yeah definitely check out the
articles there if
That is something that's interesting to
you.
I would definitely recommend it.
All of the stuff that we work on
at Privacy Guides,
it's made possible by our supporters.
So if you like all the stuff that
we're doing and want to support the
project,
you can sign up for a membership or
you can donate at privacyguides.org slash
donate.
You can also pick up some swag at
shop.privacyguides.org if you want
something there.
Privacy Guides, of course,
is a nonprofit project,
we research and share privacy related
information.
And we facilitate that community on our
forum and matrix where people can ask
questions, get advice,
learn about staying private online and
preserving your digital rights.
So yeah,
I think with all those updates out of
the way,
let's talk about our next story about a
new Apple feature,
which is automatically going to change
your compromised passwords.
if I could pull it up here.
This was reported by Bleeping Computer.
The headline is, just as I said,
there's a new Apple feature here.
They say, at WWDC,
Apple announced an Apple
intelligence-powered feature that can
automatically fix weak and compromised
passwords.
Right now,
Safari and the built-in Apple Passwords
app can automatically flag weak duplicate
or compromised passwords.
Now, this is an AI-powered feature.
Apple says that the built-in password app
and Safari can now use AI to agentically
take action based on your behavior and
secure your passwords automatically.
This feature will launch with iOS for the
passwords app in Safari,
which can automatically update eligible
accounts to strong passwords.
I think that this is a cool development.
There's a lot of concerns about AI and
how this will be used.
For example,
I would certainly hope that this feature
in particular is going to be done entirely
locally.
Apple says in a blog post that the
latest models that they have run on device
and on servers using private cloud
compute.
But I would imagine something like this is
going to work on device.
It doesn't
specify very concretely in this article
from what I've seen how,
how this feature is going to work.
But so yeah,
that's something to look into.
But hopefully it works well,
and is reliable.
Because I do think this is a big
problem that people have when they when
they switch to password managers, it's,
they import all of their passwords,
and they're usually like all the same
passwords,
and then they have to go through and
update them all.
And that is
difficult.
So a one button way to fix all
of your passwords or to fix passwords that
are compromised in a data breach would be
actually helpful for a lot of people and
hopefully would improve their security.
I guess the main thing is I hope
this doesn't stop websites from adopting
even more secure alternatives like
passkeys.
I think that that's the ultimate fix
probably is to get much more passkey
support
implemented across websites.
We've seen a lot of passkey adoption so
far,
which has been super great because it kind
of guarantees all of the security by
design.
So I'm glad to see a lot more
sites adopting that than had adopted like
security keys, for example,
even mainstream consumer sites are adding
passkeys now because it's just an easier
and more secure way to secure your
accounts.
So yeah, overall,
I don't think this is a terrible idea.
I think for people who are using the
Apple Passwords app, it's pretty cool,
which I would imagine it's a lot of
people because it's by default.
It's not a password manager that we would
probably recommend at all.
We have password manager recommendations
on our website,
mainly open source ones like Bitwarden and
KeePass are the big ones.
And I don't know how likely it is
that they'll be able to add a feature
like this anytime soon.
But for a lot of people who are
just using the built in password manager,
I think that this will improve kind of
the baseline security for all of those
people.
Jordan,
did you have anything to say about that
change?
Yeah,
I think this is kind of indicative of
Apple's, like, control over this, like,
whole ecosystem, right?
Like,
it feels like not many other companies
would really be able to do this.
And, like, maybe if there's...
I don't know.
It's just that they have such, like,
ultimate control.
I think one thing I have seen is
a lot of people will have, like,
a bunch of passwords in Apple Passwords
because it literally will ask you to save
your passwords in there automatically and
people just do that, right?
And...
I imagine a lot of times,
at least the people that I've seen in
my life,
they'll have the passwords app and it will
just be a list of compromised,
compromised, compromised.
So I think if this just updates those
passwords automatically in the background,
it's not super clear how this works yet.
And I think a lot of things when
it comes to AI and Apple,
I think we need to definitely hold our
breath a little bit because
They don't seem to be super good at
rolling out this sort of stuff.
They'll promise something and then it
won't really happen.
I don't know.
I don't think this,
it was kind of frustrating looking at WWDC
last week or this week, I guess,
because there was such a focus on like
AI stuff and,
And we didn't really see that many
security improvements or anything like
that.
So this was one of the few things
that was able to be positive, I guess.
I'm not really sure.
I feel like as soon as you start
assigning tasks to an AI agent,
it starts to become a little bit sus.
They were saying on here that it was...
an agentic password manager.
Like, I don't really like that idea.
I don't like,
I don't like the sound of that.
Like,
I feel like that could possibly end up
being, Oh,
we changed your password to something
that's really bad.
Or we submitted your information
somewhere.
I don't know.
I'm not really super convinced by this,
but if it does just do what they're
saying and it's kind of, they just,
you know,
plugged on a bunch of AI buzzwords,
maybe it's a good thing for those people
that are using Apple passwords.
But yeah,
Yeah,
Apple's definitely been making quite a big
fuss about like...
oh,
Apple intelligence is going to be very
private and secure and not sending your
data anywhere.
So that still remains to be seen.
I think most people on our team are
definitely more against this technology
than for it.
But if this technology has to get
implemented on people's devices,
because of the trends in the industry,
I'd rather it gets implemented in a way
that isn't sharing it with massive AI
corporations.
So yeah, I don't know.
Yeah,
definitely a lot of questions that need to
be answered here, I think.
Yeah, definitely.
I think that's kind of all I have
to say, though,
if you want to take our next story
here.
Yeah, sounds good.
So this is a story...
from Canada.
So signal DuckDuckGo among firms weighing
Canada exit over lawful access bill.
So I don't know if people have been
following,
but basically there's been a bill called
Bill C-二,
which basically would force companies
inside Canada to retain metadata for up to
a year and allow basically for police to
access that information and obviously when
we talk about stuff like Signal and
DuckDuckGo that technology is not
particularly compatible with this right
it's uh these are technologies that are
that work on the least metadata collection
possible right and as soon as you start
like forcing these companies to retain
this metadata and to do this sort of
stuff it's
it sort of breaks the entire like privacy,
like aspect of these tools.
So quoting from the article,
in its current form,
Bill C-Twenty-Two would convert the
everyday tools Canadians rely on into
sprawling,
insecure surveillance apparatuses.
signals vice president of strategy and
global affairs told the house of commons
public safety committee on tuesday if we
are ever forced to choose between
betraying the people who rely on us and
leaving a market we will leave which i
think is really good that these like
companies are actually making a stand on
this um i think we've seen this before
especially like in the uk we've seen
people saying they're going to leave um
Similar things in other countries that are
trying to pass these like metadata
retention stuff, which is good.
And basically the argument for this is
adding these metadata retention things and
adding backdoors for the good guys can
always be exploited by cyber criminals and
expose a bunch of this metadata to people
that shouldn't have access to this.
And the solution here is don't.
No metadata.
Don't collect it.
It doesn't need to be collected, right?
That's why it's so frustrating when
there's these politicians that are trying
to get this stuff pushed through.
So yeah, another quote here, effectively,
the government through this legislation
seeks to insert itself into the networks
and devices of various providers.
So yeah,
it's kind of a bit of a problematic
bill.
I've seen this definitely popping up a lot
as being basically a
Pretty much,
it's basically a mass surveillance bill.
As far as mass surveillance goes,
this is basically a mass surveillance
bill.
Even companies like NordVPN said they
would basically remove service from the
country this past.
This is going to affect the VPN services
too.
Windscribe,
which is a Canadian-based company,
that would be interesting to see how that
would affect them because they are
based in Canada as well.
So like,
would they have to move countries?
Like,
would they have to change jurisdiction if
this passed?
That is not entirely clear.
Well, I did see, I like this quote.
It's later on in the article,
but Windscript did have a quote here.
Apparently they wrote on X,
we pay an ungodly amount of taxes to
this corrupt government and in return,
they want to destroy the entire essence of
our service to basically spy on its own
citizens.
Not happening.
We'll move HQ and take our taxes
elsewhere.
So it seems like they are definitely on
board.
They get out of Canada train if such
an invasive bill like
C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C-C
I think that is one of,
that's always been one of those sticking
points for people in our community is
like, oh, you're based in Canada.
Like Canada doesn't have the best track
record when it comes to this sort of
stuff.
And now I guess we're kind of seeing
this hasn't passed yet, but you know,
there's definitely a possibility that it
will.
And it's good to see that companies,
especially even ones that are based in
Canada are like literally saying,
we're going to just get up and leave.
That should be the response to this,
this sort of law passing.
Um, yeah,
there was some more people just saying
like, there was also the, uh,
there's also tail scale,
which is also based in Canada.
Um,
they were also saying that they would have
to think about, you know,
maybe moving jurisdictions as well.
Um, I think when,
when you start having all these companies
coming out saying that they would
literally have to,
they would rather move jurisdictions than
stay in your country, that,
that is kind of a clear sign that
what you're trying to propose is very much
not a good thing.
yeah i mean all of these backdoor
proposals are just fundamentally flawed
there's because there's no way to
implement these securely and i think you
quoted this earlier but um exactly like it
says in the article these companies have
like not only do they should they like
not do this for security reasons but they
have an obligation to all of their
consumers that
They're going to protect this data from a
cybersecurity perspective.
All of these companies have an obligation
to protect people from data breaches,
and this basically prevents them from
doing that.
It's not very clear to me why governments
don't really understand this when it comes
to certain tech companies,
but it seems obvious that this is going
to impact companies far beyond just tech
companies or VPN companies or whatever.
If there has to be a backdoor into
encryption like HTTPS, for example,
that's going to impact the security of
your bank account transactions.
Yeah.
not just like from the government,
but from hackers.
We have said this before and I'll say
it again.
All of these back doors are going to
be exploited because there's no way to
implement them in a way that only one
person like the government can access and
nobody else can.
So people will eventually,
maybe not immediately,
but there will always be some sort of
exploit or way that people can use these
back doors outside the government to get
access to all this data.
Even if in like a perfect fantasy world
that these governments seem to believe in
for some reason,
if we imagine that there's a backdoor that
only they can access,
I think the flock story that we talked
about earlier also demonstrates that the
government can't be trusted with this data
because we'll see government agents,
law enforcement officers, et cetera,
use their access to these systems to track
people unlawfully and completely abuse
the type of backdoor that a law like
this would implement.
So it's just an incredibly dangerous
situation that Bill C-二 is creating for
Canadians right now.
And it's something that anybody in Canada
needs to really take a step to take
steps to prevent from happening.
You need to make your voice heard once
again.
because this sort of thing again public
outreach and kind of these grassroots
efforts to block bills and other stuff
from happening it can be effective but
people really do need to get out there
and make their voices heard and this is
a particularly dangerous form of of these
of this kind of back door that should
not be be put in the law so
yeah canada watch out one really important
thing like you were talking about with the
grassroots like organizing of people this
has already been uh knocked back i believe
like there was already a previous bill
that was tried they tried to pass that
was like similar to this i believe it
was bill c-two i believe um the strong
borders act which also included a bunch of
like mass surveillance stuff and that was
also knocked back because of public outcry
so like
it does actually work in this case,
it a hundred percent does work.
So this article itself is saying,
you know, at the end of it,
it's saying like,
they're going to make a amendments to the
spill to make it so that it's not
going to break encryption,
which I think is a little bit ridiculous.
So what, what does that exactly mean?
You know,
they're saying that they wouldn't shorten
the retaining of metadata.
They would still keep it for a year.
so you know I think this is a
little bit ridiculous it's it shouldn't be
it shouldn't be passed definitely get get
in contact with your representatives if
you're in Canada and try and make sure
that you let them know that this is
a really bad idea and you know the
government has not really it sounds like
they might be talking a lot to law
enforcement which you know of course they
want more data to to be able to
you know do police work but
kind of flies in the face of you
know individual freedom for people in the
country and like access to these tools so
um yeah it's just a kind of an
unfortunate situation but if you're in
canada definitely try and get in contact
with your representatives there's a good
uh article from citizen lab in canada that
kind of analyzes this law in more detail
and explains why
This stuff is fundamentally flawed.
That's a quote from them, and it's true.
If you open up this Global News article
from our newsletter where we have all the
sources,
this analysis is linked at the bottom of
the article.
So I would definitely check that out as
well,
especially if you're in Canada and you
need to find more reasons to tell
lawmakers about why this sort of...
bill is absolutely unacceptable and can't
work and will really endanger everyone in
Canada, their privacy, their security,
their... Yeah, I mean,
their security online in general.
So give that a look if you're in
Canada.
And again,
you got to take action because this kind
of stuff is super,
super dangerous if it gets passed.
Anything else to add, Jordan?
I think I kind of... Yeah,
I think that's everything I've got to add.
We can dive into the next story here,
I guess.
All right.
This one is reported by Bleeping Computer
again.
Headline is,
over four hundred Arch Linux packages
compromised to push a rootkit in
InfoStealer.
More than four hundred packages in the
Arch user repository are distributing a
Linux rootkit in InfoStealer malware
targeting credentials and access tokens.
A report from the open source intelligence
community Independent Federated
Intelligence Network notes that a new
maintainer is spoofing a trusted publisher
on the AUR platform to push infected
packages.
Later on in the article,
they say that the Linux binary that's
being distributed through all of these
package build files has InfoStealer
functionality,
which targets the following types of
sensitive information.
GitHub credentials, SSH artifacts,
HashiCorp, Vault tokens, browser,
cookie databases, Slack data,
Discord data, Microsoft Teams data,
Telegram data.
They say AUR maintainers are working to
identify and remove all malicious commits,
but obviously this has a pretty widespread
impact on the entire Arch ecosystem.
In a message to the community,
in Arch Linux Package Maintainer,
urge users to report any malicious package
they find.
As a general rule,
it's recommended to only trust projects
with frequent updates and an active
community around them.
I think overall, in my opinion,
this is kind of indicative of the danger
that the Arch user repository has if
you're using it.
There are quite a few warnings on the
site and throughout their wiki that you
shouldn't just kind of blindly trust the
AUR with packages and what's being
installed because they are
user-contributed and really anything could
be in them.
And if there isn't any oversight because
it's a...
not a super popular package, for example,
this kind of stuff can break through.
But at the same time,
I think the Arch community and many Arch
users do kind of blindly install a lot
of these packages.
And there's even a lot of programs that
you can install that kind of treat the
AUR as just a normal package manager.
And you can install things without really
taking a look at them.
And I think a lot of people...
think it's easy for a lot of people
to kind of fall in this trap of
just treating the aur as a package manager
instead of um instead of really looking
through the scripts that they're
installing because it's just a matter of
time i think it's it's the reason that
a lot of people will agree to using
apps without reading the terms of service
or reading the privacy policy it's just
overly complicated setup for a lot of
people that they're just not going to do
in favor of an easy solution but in
the case of arch it will will cause
problems like this that i think will
impact a lot of people so one of
the reasons i'm not really a fan of
arch is kind of what i'm trying to
say a lot of other distros have
Real package managers and maintainers,
any Linux distro is kind of going to
be susceptible to this sort of problem,
but we definitely see it to a lesser
extent on distros that have
a more trustworthy and more locked down
system like the Debian package manager,
for example,
has maintainers who are who are more
trusted than just like anybody being able
to upload a package to the Debian,
for example.
So yeah,
kind of I think that's kind of my
thoughts on this.
Was there anything you wanted to
highlight, Jordan?
Yeah,
I think I just agree in general with
like your analysis there.
Like this is like the Arch user repository
is literally just packages that people
uploaded.
Like anyone, like literally anyone,
when we say like actually anyone,
it's anyone can do that, right?
So like it definitely increases the
chances of something like this happening.
And then, you know,
having all these packages that people have
installed that have got like maybe
thousands of downloads and, you know,
some maintainer,
in quotation marks,
comes and takes over this package build,
they can insert malware.
You are putting a lot of trust in
that.
And I think if you are using the
Arch user repository because you need to
for some reason,
I would definitely check every single time
you update packages through the Arch user
repository,
make sure you actually check to make sure
that the package build file is not
compromised,
which is not always super easy,
but I think at least having some vigilance
is better.
And like Jonah said,
it's better to use platforms like
different distros that have more
restriction on who can actually apply for
package maintainers and do this sort of
stuff.
You don't actually need to use the Arch
user repository on Arch Linux either.
So you could just
not but i mean i can kind of
understand those sometimes as packages
that you really need um yeah i think
that because it does have an official
package manager but i think that just the
scope of it on on arch is much
smaller than on like debian or fedora for
example and so a lot of people do
end up relying on the user repository as
well um for even like
some larger applications that you would
expect to just be included in an official
package manager.
It's also worth noting that this is hardly
the first time this has happened with the
Arch user repository.
We talked about this on the show back
in July of last year, I believe,
where malicious packages that were
impersonating different web browsers on
the Arch user repository were infected
with a different sort of malware.
Yeah, it's the I mean, these kind of,
I guess you could call them supply chain
attacks in general.
Or just this sort of malware distribution
thing on these user contributed
repositories of packages is a it's a it's
a big concern.
And it's probably one of the bigger issues
that's facing Linux on desktop users at
the moment.
So definitely something to be aware of.
And
Yeah,
hopefully that gets cleaned up and
hopefully not too many people are
impacted.
I didn't see an analysis of like...
which packages were included I believe
there's a list somewhere but I don't know
like how popular the packages used were
like how many people this could
potentially impact so yeah if you're an
Arch user I would definitely look at the
list of effective packages they also um
They've provided a report linked to in
this article,
which has some indicators of compromise.
So you could use that to look at
your system as well and see if you
were impacted.
But definitely something to worry about if
you've used the Arch user repository
lately.
So yeah, Arch users, I would say,
should look into this for sure.
Definitely.
I mean,
if that's everything we have to add on
that story,
I guess we can dive into some forum
updates.
In a minute,
we'll start taking viewer questions.
So if you've been holding on to any
questions about any of the stories we've
talked about so far,
you can go ahead and start leaving them
on our forum thread or in the comment
section on the live stream.
It's been kind of quiet this week,
so maybe we may not have any.
But if you do have something,
do leave it soon so we can see
it.
For now, though,
let's check in on our community forum as
always.
There's a lot of activity there,
but there was one interesting thread I saw
this week,
which was basically a discussion on using
Tor instead of Molvad Browser with Molvad
VPN.
So basically the discussion on that
specific thread was like,
if you're just browsing clear net sites,
does Tor really add that much more
protection,
especially if the VPN is paid for
anonymously?
Do you want to kind of dive into
this one a little bit, Jonah?
yeah so and i believe we cover a
lot of this on like the page about
mullved browser for example and also just
our vpn overview and how it differs from
tor i think for a lot of people
you know using mullved browser with
mullved vpn is probably a perfectly
safe setup to use.
Whenever you're using a VPN,
you do have to trust that VPN provider,
of course,
which can be a problem or cannot be
a problem depending on your specific
situation and threat model.
I think a lot of people do use
VPNs and trust them and using mobile
browser in conjunction with that VPN is
going to provide
Good fingerprinting protection,
if that's the sort of thing you're
concerned about with the websites you
visit, especially, I think,
as Mulved Browser continues to become more
and more popular and you're using Mulved
VPN,
you do have a decent crowd to fit
in with where at least you have some
protections in place, which is good.
Tor, on the other hand,
there's pros and cons to it,
but the biggest advantage is that
you don't have that trust model you there
because there's clear separations with the
three hops you have you know your guard
node at the beginning which is going to
know your identity but not what you're
accessing and then you have the exit node
which will see what you're accessing but
not who you are and the middle node
which
separates those two and keeps the data
separate so they don't know who the other
node in the chain is.
So from that perspective,
it does provide a lot more
protection of your anonymity, for example,
than a VPN would provide.
On the other hand,
Tor notably is much slower than using a
VPN.
I think that's a big problem that Tor
has.
Another problem that Tor has,
which is maybe a bit less talked about,
is
Unlike generally VPN providers,
since anybody can contribute in exit node
and that exit node is kind of responsible
for your connections to websites and your
DNS lookups and things like that,
there have been cases where Tor exit nodes
uh either hijack your connections or
redirect you to malicious sources this is
especially the case if you're pretty much
downloading anything over http instead of
https there's kind of general uh i guess
malware running on these exit nodes which
will hijack that just because they can be
contributed by
any users.
So we've seen attacks, for example,
against people who are downloading
cryptocurrency related applications where
these exit notes will serve malicious
copies of those downloads for you to
for you to download and get hacked as
a result.
That's probably less likely on a VPN,
especially a trustworthy VPN,
in our opinion, like Movad.
HTTPS, of course, prevents that,
so that's something you should always look
at when you're using Tor Browser.
If you are using HTTPS everywhere and
you're blocking HTTP connections,
then that is much less of a concern.
You don't have to really be worried about
it because in that case,
your connection really is end-to-end
encrypted.
There is still the case where like exit
notes can get some metadata about your
connections,
which may or may not be an issue
typically that impact is very small,
but it is something to keep in mind
if you're accessing clear net sites so.
Yeah,
I think that kind of covers what I
have to say.
Does that make sense?
Yeah, that makes sense.
No, I think you covered that great.
I think, yeah,
there's definitely benefits, right?
But I think this brought up a really
interesting discussion,
which you didn't touch on yet,
which is multi-party relays.
Because like you were saying,
there is the risk of a Tor exit
node being compromised and
you know,
being able to maliciously redirect
connections, right?
When we talk about like a multi-party
relay,
like I think the one that most people
think of is like iCloud private relay,
where there's two trusted parties,
but both of those trusted parties don't
like...
uh share the information right like
there's an ingress proxy an egress proxy
and then it goes to the website um
so instead you're not trusting like a
random operator of a server right um which
is definitely an interesting i i don't
think it offers the same privacy
protection like as tor right but it's
definitely like a little bit of a
interesting middle ground which offers
decent performance and also offers some
additional privacy compared to a
traditional vpn
yeah i the only two that i'm aware
of is icloud private relay that you
mentioned and also obscura vpn and obscura
staff members and their ceo are on our
forum so there's some threads if people
have questions about it you can ask there
but that one works with mullved an obscure
vpn might be a very good option to
use in conjunction with mobile browser
because your exit node is going to be
and so you're going to be blending in
with even regular Molved users as well as
obscure users on Molved browser.
So it is an improvement in the trust
model for sure.
It lacks the middle relay that Tor has,
which kind of separates your identity from
the ingress node and the exit node,
which basically comes down to you deciding
whether you trust the ingress node and the
exit node
collaborate with each other.
In the case of iCloud,
you have to trust that Apple and either
Cloudflare or Fastly or whatever,
they have multiple providers on the other
side.
You have to trust that they're not going
to be sharing data and kind of linking
your traffic together.
In Obscura's case,
you have to trust that Obscura and their
servers aren't going to collaborate with
MOLVAD and share data with each other to
kind of correlate that.
I think these are reasonable assumptions
to make, even if Obscura,
which is a much smaller, newer company,
for example, wanted to get this data,
which I really don't think that they do.
But the other side of that would also
have to agree to collaborate,
so that would also assume that Malvad also
wants to conspire to get your data,
and I think that's very unlikely.
I think it's definitely a good a good
option.
But again, compared to torts,
it's still a trust based model,
even if it's relatively safe to put your
trust in it,
whereas tours model is kind of
untrustworthy by design,
and you have that technical separation
that makes it harder to tie all of
that together.
So
Yeah,
I think the multi-party relay stuff is
interesting.
I believe Free has written an article
about multi-party relays,
and it's something that we are, I think,
generally still looking into,
but there's a lot of threads on the
forum about that sort of thing that I
would definitely recommend people take a
look at if they are concerned about any
of this stuff.
Because, yeah,
I think at the end of the day,
I do consider...
mall-led browser and a VPN to be a
very good option for a lot of people.
And there are inconveniences of Tor
browser that I think are resolved by
mall-led browser for a lot of people,
which is good.
Yeah,
and also I don't feel like you can
use both.
You don't have to use only Tor or
only Molvad.
You can actually use both of them.
And I think we also,
you've talked about this quite a bit,
Jonah,
but having a VPN going while you're
connecting to Tor is actually,
there are some benefits of doing that as
well.
So that's not a concern either,
as long as it's set up correctly, right?
Yeah, yeah, that should be the case.
OK, yeah.
So I don't know.
This thread was kind of interesting to me.
There was a lot of discussion about the
differences here between these two
software projects.
But yeah,
I think definitely check it out if you're
kind of also a bit confused,
because Nick kind of jumped in a couple
of times and clarified some things there
and made sure people were kind of
understanding the benefits of Tor.
yeah it was uh an interesting thread there
um that's kind of everything that i saw
on the forum that i didn't really see
any any other big threads unless there's
something you want to highlight um yeah
that's a good question i don't think i've
seen too much on the forum this week
i've been kind of checking it uh
what's the word, sporadically,
because I've been spending too much time
trying to redo all of our server stuff
this week, which is fine.
But yeah, taking a look here,
I don't know if there are any that
really stick out to me.
I think this is a good time to
remind people we definitely can take
questions if anyone has any,
do kind of a Q&A.
If not, then we won't do that.
But if you have any questions or want
to know about anything either we talked
about or privacy related,
this is the time to share it in
the chat.
Yeah,
I'm not seeing any comments on our forum
thread this week.
It was a bit later this week just
because we've had, yeah,
there was some hectic stuff going on.
But, yeah, hopefully that worked out okay.
And I didn't see any comments in the
chat.
We had a couple of people saying, like,
hi.
So, hi.
If you're still watching.
Not any questions here, really,
that I'm seeing.
Another story.
I think this came out in the last
week.
You'll have to remind me.
I didn't catch all of the show last
week.
But Brave just launched Origin Browser.
I think that was only...
like on Saturday, if I remember correctly.
So that's something that happened in the
last week,
which is something to check out because we
talked about Origin Browser,
Brave Origin before on the show,
and it's a pretty cool development from
them, I think.
Yeah, it's definitely, yeah,
it'll be interesting to see if maybe
that's something that gets recommended on
privacy guides.
But I think it's definitely something
we're still looking into.
I know some team members have already said
that they've like bought it and they're
trying it out.
So if we get more like comments,
I guess, from the community,
maybe that's something that could get
added in the future.
But it is definitely an interesting thing,
right?
Like having a paid browser, right?
in the recommendations.
I don't know if that would ever...
I guess there's technically no restriction
on that, I guess.
I guess to their credit,
it is free on Linux, which we do...
I mean,
we would recommend people switch to Linux
anyways.
So there is that option for you.
I think we'll probably add it as just
a note in the Brave section.
I don't really know if it has a
lot of advantages over normal Brave for
most people,
at least from a privacy perspective,
but
if you like a more minimal browser or
if you're the kind of person who likes
ungoogled chromium for example this might
be worth checking out because it's a much
more minimal version of brave and unlike a
lot of those chromium forks and in other
browsers it's being
maintained and kept up to date in a
very reliable way whereas a lot of like
on google chromium builds don't don't even
have like automatic updates for example
which is super important to have in
something with the attack surface as large
as a web browser so yeah if you
want a really minimal browser i think it's
i think it's worth checking out definitely
and it does seem like they have taken
the time like they've taken the time to
do the payment system in a way that's
not like
connecting it back to your identity or
anything as well.
So like they definitely have thought it
out pretty well.
I think that's basically always been the
concern in the community that I've noticed
is like people complaining about Brave
having so much bloatware attached and all
these features that are like unnecessary
and like it's increasing the attack
surface.
I think that is not particularly...
That's not really a huge issue,
I don't think,
but maybe there's people that really,
really despise it popping up every so
often when they add new stuff.
So that is a solution for you,
I guess.
And yeah, I don't know.
It's definitely going to be interesting to
see if they end up adding any Brave
Origin specific features,
but it's probably not.
Looking like that will be the case.
We did get a question here from Canabida.
Hello, Canabida, a regular on the stream.
And a lot of people talk about Zen
browser.
Are you familiar with that?
Any opinion from privacy perspective?
I'm going to throw this to you, Jonah,
because I feel like you know.
Yeah,
I've said it a few times before on
the stream,
but I have been using Zen browser for
a while and I quite like it because
it provides a lot of features that other
browsers aren't providing.
I will say, speaking of Brave,
I've talked to some people at Brave
recently and they say that they're working
on bringing a lot of these Zen browser,
Arc browser sort of features over to
Brave,
which I'm pretty excited about because I
do run into issues
In Zen browser,
sometimes of websites being less
performant or not working exactly the same
as they do in chromium,
which is a bit annoying.
So I have ended up using both brave
and Zen browser a lot of the time,
but some changes are coming.
Some of them are already available in like
brave nightly builds, for example,
with like better sidebars and workspaces
and
Website containers,
which I'm really excited about.
That's the main feature I really like in
Firefox,
and bringing that over to Brave is just
a good option for people to have.
But yeah, overall, personally,
I do like Zen Browser a lot,
and I think that they...
have been keeping up pretty well with
updates and they have a good privacy
policy.
It's something that I think not a lot
of other people either on the team or
in the Privacy Guides community in general
have taken too much of a look at.
So it's not something that
I've that I've really gone in depth on
or that other people have to my knowledge
so I can't really say for sure like
just from a privacy security perspective
where Zen browser lands so I would
hesitate to like say you know everyone
should switch to Zen browser or anything
but yeah personally I use it and I
have used it for a while and I
like it and I just think it's worth
supporting because I like all of these
Firefox forks that
are doing things correctly and
professionally and implementing regular
features,
but are also being developed by people
other than Mozilla,
which I've spoken quite a bit about in
the past.
I think that they are just kind of
mismanaging the organization and the whole
Firefox project,
and I think it's really unfortunate.
And so supporting these other projects,
I think, is very cool.
So, yeah,
that's what I have to say about it.
yeah it's definitely i think zen browser
is like definitely taking a lot of
inspiration from arc browser which was
really popular at one point and then they
kind of dumped that project and said oh
we're moving on to making this ai browser
now um which i've been testing out like
the last week and it is it doesn't
really live up to the same like uh
it doesn't live up to like the same
standards and like it doesn't have the
same features as arc does it's kind of
like a stripped down version
I don't know.
It's quite unclear what is going on with
the browser company as well.
I think they got purchased by Atlassian as
well,
and it's like the whole project is kind
of a little bit up in the air,
whether this will be something that even
the new browser that they're working on
will even stick around.
They keep making quite large changes to
that as well.
But yeah,
I've definitely really enjoyed Zen
Browser.
I used it quite a bit as well.
But I think more browsers should just have
this feature built in by default.
Like it should just have vertical tabs
implemented in the same way that Arc does
it.
Because I don't know,
it's just a no brainer.
It just works so much better.
Like I feel like no one's implementing it
quite the same.
And apart from Zen, basically.
Zen and Arc are basically your two only
options if you need
the same setup, right?
I know Firefox and Brave both have
vertical tabs,
but it's like a gimped version of what
you can find in Zen browser and in
Arc browser.
But it would be interesting to see Brave
if they actually do commit to this and
they add those extra features that Zen
browser has.
I think the main thing that I miss
from Arc browser is the ability to have
profiles on the bottom and you could just
easily switch between browser profiles and
it segments your data and extensions and
stuff.
I don't know.
As far as I know,
there's no browser that does that.
So I guess, yeah,
it is kind of a tricky situation if
you care about those.
Zembrowser almost does that, I will say.
But they don't segment extensions.
Yeah, it uses the container tabs,
which is, I'm OK with that.
That's OK.
But I don't know.
I do feel like having separate profiles,
it did enable a bit more customization,
which
I don't know.
It's kind of unfortunate they stopped
working on that project,
because I do like Zen Browser.
It is basically the replacement for Arc at
the moment.
I believe Brave is doing their version of
containers with a multi-profile approach
similar to Arch.
Don't quote me on that.
I haven't looked into Brave's
implementation and what they're testing
right now too much.
But if that's true,
and I hope that's the direction they go
in, that will be pretty exciting.
um i didn't actually know arc was uh
acquired by atlassian that's that's funny
i haven't looked into arc in quite a
while but yeah it's i i don't really
understand the direction that that whole
company is going but any arc users who
really liked arc i would definitely say i
mean if you were going to trust arc
which is like a proprietary service by
like a big company uh
zen is zen is going to be better
than arc from a privacy and security
perspective even if there is some reason
that zen isn't as great as like the
browsers we recommend um it's still you
know worth checking out for arc users at
the very least because it'll be I think
it'll generally be an improvement outside
of a couple a couple features like the
ones that you mentioned yeah definitely I
definitely would recommend at least giving
it a shot
Another news story on the forum that I
remembered seeing this week,
I just saw Proton release their
ProtonDrive command line interface for
Linux.
So finally,
some support for ProtonDrive on Linux,
officially.
Still,
the command line version doesn't do as
much as their typical desktop clients,
but it's a huge step forward.
I hope some people on Linux find it
helpful.
I hope that this also is able to
be used by Rclone, for example,
or other Linux projects that have sort of
implemented a ProtonDrive interface.
interface already,
but built around unstable APIs that Proton
hasn't really published.
They're just kind of doing it on their
own,
but Proton could maybe break it at any
time.
Maybe this will provide a more stable
approach to connecting to Proton Drive
from a Linux machine that other projects
can make use of as well.
Linux support is always, I think,
laking behind with anything Proton does,
unfortunately,
but at least they finally got around to
doing something for ProtonDrive.
I think it'll make ProtonDrive a bit more
usable for people who otherwise have a lot
of Proton storage they can't really make
use of right now.
Yeah,
it definitely sucks for people that are on
Linux that have been like kind of,
I feel like it's definitely been somewhat
neglected.
I think it's definitely gotten better.
Like if you've tried the ProtonVPN Linux
client, it's actually really good now.
It used to be like a web wrapper
thing, but they made it better.
So I don't know.
It's good to see them actually at least
pull through on some of their promises.
I know they've been kind of saying this
was the first step towards getting a
ProtonDrive client on Linux.
But I think what's going to happen is
the open source community is just going to
be like, fine, I'll do it myself.
And then they'll just like, you know,
make, make these projects, make like a,
an open source implementation of like
ProtonDrive or something like that before
Proton actually releases something.
So yeah, I would like, you know,
have it work with rsync or rclone, sorry.
And yeah, I don't know.
It's definitely, it's definitely positive.
Hopefully that's,
a thing that we get to see,
you know, in the next year,
I hope a Linux client for proton drive.
It's good to see that at least trying
to support it.
Cause it did feel like for a long
time,
they were kind of radio silent on it.
And then, you know, people were like, oh,
you're working on it.
Right.
And then proton was like, oh, we're not,
we haven't started.
So that was definitely a bit of a
shock for some people.
um another thing i want to highlight kind
of from kind of inside updates but uh
posted on a forum one of our team
members uh just wrote a guide for people
in the netherlands to set up uh something
called address secrecy which is a privacy
protection you can you can get there i'm
not personally super well versed in
things in the Netherlands,
so I'm not the right person to ask
details about this.
But if you are in the Netherlands and
you want to check out this post on
our forum in the community Wiki section
that comes from one of our team members,
I would definitely say check it out.
Again,
if you're in the Netherlands and if you
have questions about it,
you can ask them about it and they
will know far more than either of us
will.
But I just want to highlight that that
was posted because it is a pretty
comprehensive guide to all of that stuff
in the Netherlands with links to how you
can set that up and who it's for.
So just another cool thing that got
posted.
Excellent.
Yeah,
I did see that you did post the...
It does look like the Passwords video is
on PeerTube now.
So, sorry.
Yeah, for members.
For members, yeah.
So, that is out now.
If you go on the forum,
you can find the link to watch that.
Yeah.
So, definitely check that out.
It'll be going live publicly at ten a.m.
Central Time in the U.S.
So...
Yeah, should be a good one.
Got another question from Turnip Fanatic.
Does Zen Browser have the same fingerprint
in Firefox?
No,
it's definitely different from Firefox.
So that is something to keep in mind.
I don't know personally how...
good the or if they do any sort
of fingerprinting protection like to
distinguish you from other zen browser
users or if you will look kind of
similar to other zen browser users but
generally in firefox without like
hardening protections you're not going to
get much fingerprinting protections in the
first place you can block some tracker
scripts with just an ad blocker of course
but
no kind of technical means um unless
you're going to be switching to something
like mullved browser so yeah i definitely
wouldn't use zen browser if you need
fingerprinting protections but i also
wouldn't use really any browser besides
mullved browser or firefox if
fingerprinting is of
large concern to you because even even
like regular firefox for example is not
going to provide very strong protections
brave provides some protections but
they're done in a different way that i
would consider a bit less robust than what
Mulvad and Tor are doing,
but some people disagree with that,
so it's kind of up to you what
you think.
But yeah, Firefox browser, Zen browser,
I wouldn't trust either of those with
super strong fingerprinting protection,
so that's something to keep in mind.
I do think Firefox did at some point,
they did actually, they do have,
I think it looks like November last year,
they did add.
So if you use a strict mode,
it actually does have like an enhanced
tracking protection thing,
which does have some anti-fingerprinting
protection.
So, I mean,
if you're going to use Zen Browser,
I'd just say crank all the settings,
like put everything on maximum possible
thing.
Because because yeah,
Zen browser is going to inherit all of
those settings that Firefox has,
of course,
so you can enable like enhanced tracking
production and stuff like that,
which will improve things to some extent
for sure.
Yeah, but I think you're right.
It's definitely nowhere near the same
level of protection as like Moldad browser
or Tor, right?
It's like less protections that are going
to have less of an impact on the
browsing experience,
but also offer some additional privacy
stuff.
And as far as I'm aware,
like Jonah said,
like Brave is kind of ahead on that
as well.
So at least, you know,
if you decide to use Zen browser,
you'll get some of those benefits from
some of those settings in Firefox itself.
So yeah.
definitely enable those if you do decide
to use it.
That would definitely help somewhat.
Yeah.
I think in the absence of any other
questions,
we can probably start to wrap things up.
I don't see anything on the forum or
in chat.
We also do have a members-only Signal
community.
We're happy to take questions there as
well.
We haven't gotten any questions there
today, of course,
but I need to be better about...
notifying that group that these streams
have started so maybe next week i'll let
them know uh ahead of time that they
can join the forum and ask questions there
but that is an option for sending in
stuff uh because we'll check like signal
during the show and in that group and
see if anything is coming in addition to
the chats in in forum posts here so
you have a lot of ways to
interact with us on the stream if you
if you want to say anything um otherwise
are you fine to wrap things up jordan
or is there anything else you want to
talk about here yeah i think we can
wrap things up now um yeah we've kind
of covered everything that's on the agenda
this week
Sweet.
Well, thanks, Jordan.
Yeah, I'll end this here then.
If I can find my notes.
All of the updates on this week in
privacy,
we share them on the blog every week.
We email them out on the newsletter.
So you can sign up for that newsletter
or you can subscribe to the blog with
your favorite RSS reader.
If you want to stay tuned and read
all of the sources.
of the stuff that we talked about in
this episode.
For people who prefer the audio version of
this,
we also offer a podcast which is available
on pretty much all podcast platforms and
through RSS if we haven't submitted it to
your podcast app of choice for some
reason.
These videos are also synced to PureTube
after the fact,
so if you want to catch this away
from YouTube,
you can always follow our channel there as
well.
Again,
Privacy Guides is an impartial nonprofit
organization that's focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
you can make a donation on our website
at privacyguides.org slash donate.
To make a donation,
you can click the red heart icon located
in the top right corner of the page.
You can contribute using standard currency
via debit or credit card,
or you can opt to donate anonymously using
Monero or with your favorite
cryptocurrency.
Becoming a paid member of Privacy Guides
will unlock exclusive perks like early
access to video content and priority
during our
Q&A if we get a lot of questions.
You'll also get a cool badge on your
forum profile on our forum and the warm,
fuzzy feeling of supporting independent
media.
So with that out of the way,
thank you all for watching and we will
see you next week.
Bye, everybody.
