The US Bans New Foreign Made Routers?!
The U.S.
government has banned all foreign-made
consumer routers,
SystemD's new age verification feature,
and the Meta and Google social media
addiction lawsuit.
All this and more coming up on This
Week in Privacy, number forty-six,
so stay tuned.
Welcome back to This Week in Privacy,
our weekly series where we discuss the
latest updates with what we're working on
within the Privacy Guides community,
and this week's top stories in data
privacy and cybersecurity.
I'm Jonah,
and with me this week is Nate.
How are you doing, Nate?
I'm doing very well.
Busy week behind the scenes here,
but very excited.
Good stuff.
How have you been?
I'm doing fantastic.
I'm excited to be back on the show.
Now we'll start off with the biggest news
that we've seen in privacy and security
over the past week.
Our first story today is reported by The
Verge.
The US government just banned consumer
routers made outside the US.
The US claims foreign-made routers pose
national security risks.
So this gives some context.
In December,
the Federal Communications Commission
banned all future drones made in foreign
countries from being imported into the
United States unless or until their maker
gets an exception.
Now the FCC has done the exact same
for consumer networking gear, citing,
quote,
an unacceptable risk to the national
security of the United States and to the
safety and security of U.S.
persons.
So as this article says,
we did see this happening with DJI,
who opted to just not sell new drones
in the United States rather than try to
comply with this.
And now a similar thing is happening here.
As The Verge points out,
the vast majority, if not all,
consumer routers are currently
manufactured outside the United States,
and the vast majority of future consumer
routers are now banned.
By adding all foreign made consumer
routers to its covered list,
the FCC is saying it will no longer
authorize their radios,
which de facto bans new devices from
import into the country.
So this is a interesting ban,
to say the least.
It doesn't seem to be like a lot
of other things that are banned,
because as this article points out,
domestic router manufacturing is pretty
much not a thing.
I have a couple of questions about this
and actually posted this on Mastodon.
But my biggest question is kind of like
how this relates to
they're differentiating between consumer
routers and other routers.
I've seen the FCC,
their definition of residential routers,
which basically says that it's all routers
that are intended to be used in a
residential setting and can be installed
by the end user,
which seems to me like it would
not affect something like the router that
your ISP provides.
So I think that this ban could certainly
mean that we're all going to be stuck
with these probably far more insecure
trash routers that Verizon or Comcast or
whoever provides you rather than you being
able to replace it with your own.
But yeah, it's crazy stuff.
Did you see anything in this article that
you wanted to point out, Nate?
Oh, yes.
A couple of things.
Well, specifically,
I wanted to point out that according to
the article, well,
according to the FCC as well,
this is about national security, right?
And they specifically mentioned the Volt
Typhoon, the Salt Typhoon,
and the Flax Typhoon,
which that one I'm not familiar with.
But they cited those cyber attacks,
which targeted critical American
communications, energy, transportation,
and water infrastructure.
But the thing they don't mention that I
thought was interesting is that Salt
Typhoon happened because of a law
enforcement backdoor in our
telecommunications infrastructure.
And I think the article pointed out here
that Volt Typhoon happened because
American-made routers,
they specifically â yeah,
Cisco and Netgear mostly â
we're just not kept up to date.
So it's like the flimsiest, um,
like I'm trying to think of an example.
It's,
I guess it's like that classic joke that,
you know, Oh, I don't drink water.
Do you know how many people that kills
every single year?
And it's like, that's not really related,
but okay, sure.
Go off, I guess.
Oh,
So one thing I thought I read here
that maybe you know more about is,
is this a ban on the routers or
is this a ban?
I think the article said something about
it being on like the radio chips,
which kind of makes it even worse because
I know there are,
there's a few in my non-expert opinion,
there's a few decent American
manufacturers like Netgear, for example.
But if the chip itself is the part
that's on the covered list,
then how are they supposed to produce
these?
um without getting a chip did you read
anything about that am i misremembering
that so i mean typically each individual
product is going to need to be approved
by the fcc so they do um they
would they would approve like the entire
product and the only thing that i've seen
is that they're not going to approve
consumer residential router products.
So this is not going to affect business
routers.
As far as I know,
it wouldn't affect the chips if they're
used in a non-consumer router.
So like one of my questions is,
there's certainly an interesting line in
the router space once you get to the
higher end between like
residential routers from like NetGate or
Linksys or whoever,
and then like more prosumer routers like
Ubiquity.
And then you get into like enterprise
routers, which as far as I know,
are not affected.
I don't know where something like in that
prosumer middle ground is going to fall.
But usually like even on the enterprise
side of things,
if you're looking at the the actual chips
involved there,
they're similar,
if not the same to what's in a
lot of routers,
just because there aren't like a ton of
options for chips.
So as far as I know,
individual components shouldn't be
impacted,
which makes this all the more
interesting because I don't know what
they're exactly trying to defend against
here.
I would imagine the bigger issue that they
would say that they have is more to
do with the router firmware and how it's
deployed.
But as you pointed out and as the
article said,
the most recent big attacks on routers
have been against major American ones and
enterprise ones that are typically more
powerful, enterprise firewalls.
So something from the likes of Cisco or
FortiGate or whoever are the most recent
major attacks lately.
Whereas consumer-grade routers,
certainly have security issues like don't
get me wrong but i don't think they
warrant um something a total ban like this
kind of similar to the drone thing uh
what their goals are aren't exactly clear
to me but uh it seems like they
really want
these manufacturers to just cut some kind
of deal to get approved rather than just
being approved because they made a product
that people need.
So yeah,
it's kind of like all of the tariff
stuff lately and the other trade bans that
have been going on in the US.
I think it's going to be a big
challenge for American consumers right
now.
Manufacturing capacity for these routers
certainly cannot shift to the US at a
moment's notice.
I mean,
it would take years for this to even
be a possibility.
So in the meantime, it seems not great.
And I guess we'll see how these router
companies respond.
I haven't actually looked this week to see
if any of them have made a statement.
I would be interested to know how many
are going to take DJI's approach to just
exit the US market versus how many people
are going to try to comply with this.
But pretty much the entire router industry
is going to be impacted by this.
So it's crazy stuff.
Yeah, nothing has come across my feed.
I haven't specifically gone looking in
terms of if anybody's made a statement.
um another thought that occurs to me uh
i'm assuming okay i i have a really
stupid question here i mean there are
enterprise level wi-fi routers right most
of my work is done with like hardwire
switch i've never i haven't done a whole
lot of routers or like wi-fi so yeah
definitely um i mean there's like ubiquity
for example you see that installed in
small and medium businesses uh
A lot of the time,
these enterprise things are split up into
multiple components.
They'll have an access point and a router,
and those will be separate things,
which is the case for most of Ubiquiti's
products.
It's also the case for something like
Aruba or Cisco.
They both make access points.
There's other...
There's other manufacturers like MicroTik.
I can't remember other big enterprise
ones, but there's certainly a lot of them,
which in theory should not be impacted,
but I guess it depends on how widely
the FCC decides to define all of these
products.
And then, okay,
so the other stupid question here is
there's kind of a big price gap,
isn't there,
between a consumer-level router and an
enterprise one?
How big of a price gap are we
talking?
yeah so that's where it really depends on
the product i think most of these um
enterprise routers are going to be or like
the entire system it's always going to be
more expensive because you have to buy the
router and the access points separately um
so there's that whole aspect but of course
on the router side of things you can
set up like a old computer or something
and use some open source software like
open sensor pf sense so you have that
option and then the access points um
generally cheaper you probably only need
one to cover a house realistically so it's
possible especially with um some fraud
some products like either from ubiquity or
microtik i know that they make access
points that are probably readily
accessible um some of the more enterprise
stuff like uh from aruba or uh maybe
cisco or or other companies they're gonna
require like
a whole subscription service for
management and all of this stuff.
So once you get into the real enterprise
side of things like that would be
extremely hard to do from your house,
but it really depends on the manufacturer.
But there are some lower end ones where
you could see that being possible.
But I don't know if the FCC is
going to extend that to pretty much
anything that normal residential consumers
will buy or whether it'll just be like
things that are marketed towards
consumers.
One of the questions that I had on
Mastodon was whether we're going to see an
uptick in
small business or home business routers um
that say like not for residential use on
them because i know we've seen um in
other areas that the government regulates
like uh all sorts of crazy drugs and
peptides for example i was just thinking
about research drugs that are not approved
by the fda they're not for human
consumption but of course they get sold um
to random people anyways,
and you can find plenty of threads on
Reddit and other sites that indicate they
might not be following all of the labels
on these products.
So I don't know if that would be
the case here,
but I would be interested to see if
that's the case.
Yeah, I don't want to get too political,
but that is a thought with what you
were saying about,
I think regardless of whether you're
pro the current administration or not,
this whole idea of like bringing
manufacturing back to the U S again,
whether you think that's a good idea or
not, it, it can't happen overnight.
And so this like out of the blue,
like, okay, all these routers are banned.
It's like, dude,
it's going to take us five years at
best, probably even more than that.
That's probably like delusionally
optimistic to get the manufacturing done
back over here.
And then to get the supply chain instruct
in place and the infrastructure,
it's like, it's not, it's,
Yeah, it's it's crazy.
So I'm hoping and again,
not to be too political,
but we have seen I feel like we've
seen the current administration do things
like this where like they'll ban something
or they'll institute tariffs and then
they'll kind of start to like make
exceptions.
And OK, except for this guy.
And but here's a workaround.
And and I think it's because once they
do it, they realize like, oh,
wait a minute,
that can't happen that fast.
So I'm hoping we'll see something similar
here, to be honest.
Yeah,
I don't see any other way around it.
I think they're going to have to
personally.
The worst case scenario, I think,
for this whole thing from a privacy
perspective is that the available options
that will be left on the market,
I think it's going to be much easier
to track because...
The specific definition of residential
consumer routers that they're using here
do say it's routers that are intended to
be installed by the end user.
So presumably something that your ISP
installed would not be affected.
So like I said before,
I think a lot of ISPs will be
installing their own routers.
And those are pretty well known to track
a ton of information.
It's one of the main reasons,
aside from the poor performance and other
things.
There's a lot of reasons that people will
replace their ISP-provided router,
but tracking and privacy concerns are
certainly one of them.
And this could also, I think,
get more people to switch to cellular
connections or use their cell phones more
because you don't need a router at all.
But of course,
the whole cell network system is more
problematic for surveillance and privacy
as well compared to these hardline
internet connections.
Yeah,
I think we'll have to see how this
resolves,
but there's a lot of potential privacy
concerns here.
Jordan asked in the chat whether there's
any U.S.
manufactured routers.
Not as far as I know is the
answer to that.
I think that there are
There are certainly some routers.
Yeah, they're like U.S.
designed.
So there are American companies that are
making routers,
but the manufacturing in the U.S.,
it's non-existent.
And even like companies in end products
that are making wireless chips on the
other side.
Like we've seen Apple get into this with
their latest products where they're now...
creating their own modems.
But all of that is obviously not
manufactured in the US.
It's just designed here.
And I think that a part of the
concern that they would have is whether
the back doors could be inserted into
these ships during the manufacturing
process that the designers wouldn't know
about.
So I don't know how this is going
to impact American companies.
But yeah, it'll be interesting to see.
Possibly stupid question.
Are manufacturing and assembly the same
thing?
in this context?
Um, cause my thought process is, um,
in Texas, I think it's so funny.
I see a lot of Toyota trucks driving
around with a sticker.
It has like the Texas flag on it.
And it says, uh,
built here lives here because Toyota has
an assembly plant in Houston.
And every time I see that, I'm like,
yeah, but Toyota,
like this is not an American company,
but they assemble the trucks here in,
in Texas.
So good enough.
Right.
And that's kind of my thought is like,
Would that be a loophole maybe?
Like, OK, just take all the components,
ship them over here,
and we'll spin up a factory in Houston
or wherever, Indiana,
and just assemble them here.
And now it's not manufactured.
I wonder, I don't know,
that just kind of popped into my head
while you were answering Jordan's
question.
Yeah, that is a great question.
I don't know how they would apply this
to individual router components.
That's a great question.
It's hard to say what loopholes will be
available.
I was just curious if you knew anything
about that.
Like, no, those are...
Okay.
Yeah.
I know, like, for example,
I know this ban does extend to routers
that are designed in the US.
So like right now,
those American companies are impacted.
But whether they can do like this,
I've definitely seen that before to like
get the made in the USA stickers on
different products.
It's definitely a thing that happens.
And I don't know if that'll be enough
of a loophole to get these routers in
or not.
But I guess we'll see what companies come
up with.
Yeah, that's what I was about to say.
I guess we'll find out.
Yeah,
I think the biggest thing with this story
is just if there are security concerns,
we could certainly look at all of the
security concerns and issues that we've
seen with routers.
We've definitely reported on some or
talked about them on this show before
various routers being attacked with
malware or updates that you should
install.
But this kind of blaming that on it
being because they're foreign routers
routers doesn't make a lot of sense to
me this is definitely a case of like
because all routers are foreign um it's
it's sort of a correlation situation not a
causation right like that's not the reason
it just happens to be
all routers that have security issues are
foreign because all routers are foreign,
right?
Yeah,
and something else that popped into my
head that I forgot until just now,
not to put on too much of a
tinfoil hat,
but it's weird to me that they're like,
oh, this is a national security risk,
so we have to ban consumer routers.
But...
Wouldn't we want to keep...
And China has a proven history of stealing
U.S.
intellectual property.
That's known.
That's a proven thing.
So why wouldn't we ban the business
routers instead?
It's very confusing.
It's not lining up with... Absolutely.
I mean,
the business routers definitely have a
more sensitive position in the networks.
So there should be more concern there.
I do think...
I'll play devil's advocate and...
share why I think banning like consumer
routers or taking them more seriously
makes sense because I have
Ben Tu talks and other things where people
talk about not routers,
but like those fake Android TV boxes that
have a bunch of pirated content that you
can get on Amazon or whatever,
and sort of products like that,
or browser extensions that you can install
that give you a free VPN or something.
And all of these things are typically used
to create basically a botnet of all of
these residential routers or
like proxy services where you can get a
residential IP.
And I think just the sheer scale of
like how many internet connections are
residential ones versus like a business
one is typically going to have one
fairly large business connection,
but there are less of those.
I think that from a botnet perspective,
you could be concerned about consumer
routers being used to attack like just in
a DDoS scenario more than like a data
exfiltration scenario that you might want
to protect against on the business side of
things.
But again, like I said,
I don't think that just because they're
foreign means that that is going to
happen.
So the ban doesn't make a lot of
sense to me from that perspective.
But it is certainly a concern that you
could have.
That makes sense.
I think last note on this story,
Jordan said the US doesn't really have
semiconductor fabrication capabilities.
Well,
we have a Samsung factory that last time
I checked was supposed to start pumping
out chips in twenty twenty three.
I haven't checked recently,
but as of late last year,
they still are not making chips.
I know Tesla just announced their factory,
and I think there's another one that.
I heard about this supposed to be built
in New York, I think, but I like,
I heard about the initial funding a few
years ago and that's all I've heard.
So yeah, we definitely don't have.
TSMC has been building one in Arizona for
a while as well,
but none of these have launched as far
as I know.
It's not super easy to do.
Nate, I think you're muted or you're.
Sorry about that.
Ah, okay.
Yeah, just to drive home the point,
the one in Texas is supposed to take
twenty years to build,
and that's if it's on schedule.
That's not including that it is now
running behind,
and it will probably just compound,
and we'll fully habitate Mars by the time
that thing's done.
But you know what I mean?
It's like, yeah, they â
What we were saying earlier,
you can't just spin this stuff up
overnight.
It doesn't matter your political leanings
and whether you think manufacturing should
be here or not.
We can't do this overnight.
It's just not possible.
And it's not even a matter of getting
the equipment to do it.
You can't just build a building and fill
this up with semiconductor equipment to
start making these chips.
In Taiwan right now,
there's just such a massive centralization
of knowledge of how to make these chips
and how to use all of these machines
and how to design this stuff that you
can't
you can't just replicate this.
Like we see Intel, for example,
has some of the most advanced
manufacturing equipment in the world as
well, just like TSMC,
but they've had a lot of struggles.
I don't know what Intel is up to
these days,
but I know for a while they had
a lot of struggles with improving their
processes even more,
just because it's extremely challenging to
do.
I was going to say something about AI,
but then I realized I was thinking of
Nvidia.
Yeah,
I have no idea what Intel's up to
these days.
Okay.
Before we jump into the next story,
I do want to highlight earlier today,
we had a new member join.
And if you're watching, I apologize.
I'm not even going to try to pronounce
that name because it's in a foreign
language.
It looks maybe, I want to guess Korean,
but I'm not super familiar.
It's something from that part of the
world,
but thank you so much for becoming a
member.
So now on YouTube,
you will have early access to videos and
we will talk about membership a little bit
more later in the show.
But first,
we're going to talk about everyone's
favorite topic, age verification.
SystemD is not controversial enough,
so they decided to go all in and
build in an age verification feature.
So for those who don't know,
SystemD is a Linux...
I'm going to let Joan explain what it
is better a little bit later,
because I truly don't know how to explain
it.
I know it's deep, deep in the system.
I'll put it that way.
And it's used by a lot of major
Linux distros.
I know Ubuntu uses it.
And therefore,
all the Ubuntu derivatives like min, pop,
Oh, man,
there's another one I'm forgetting off the
top of my head.
But another really, really popular,
Debian, I think, uses it.
I think that was the one I was
thinking of.
Technically, Ubuntu is based on Debian,
but either way.
So systemd is this really high privilege,
low in the system kind of thing.
And they have added a field to the
JSON user records that is simply
birthdate.
And it is what it says on the
tin.
Now, when you make a new user,
you can choose to enter their birthday.
So the good news is this is totally
optional.
This is not a mandatory field.
If you've ever made a user in Linux,
in most Linux distros,
you'll get all kinds of options like real
name, email address, location, and,
you know...
if you're like me,
you don't really need that kind of stuff.
So you can kind of skip through it
all.
But, uh, so this is the same thing.
This is just an extra field that is
four digit year, two digit month,
two digit day,
and you can skip it or,
or enter it in if you want to.
And they've specifically said,
this is not a policy engine.
This is not an API.
We just define the field so that it's
standardized if people want to store the
date, but it's entirely optional.
Um,
Yeah, I mean,
I feel like those are kind of all
the facts of the case.
Jonah, what do you think about this?
I think it's cool that it's optional,
but I also kind of see the argument
that they shouldn't have added it in the
first place.
What are your thoughts on that?
Systemd is a very interesting project.
So I'll go back to your original question
first before I get into that.
Systemd, at its core,
is an init system in Linux,
which is basically the process that starts
all of the other software on your
computer.
So if you think about booting up your
computer,
it gets ever more complex as you go.
So typically on Linux, you would have
like grub the bootloader which is
extremely lightweight and all that does is
you boot up it goes into that and
then it starts the linux kernel which is
much more complex than grub but you need
something to start it and then the kernel
starts your init system which in this case
would be systemd but it could be any
process and then
the init system starts everything else and
it's responsible for knowing what software
you want to start and doing it all
in order so that something doesn't get
started first that depends on something
else and then fails because it was started
too early and all of that stuff.
So the init system has to always be
running and it's just kind of the parent
of all of the other software that you
run on your computer, if that makes sense.
But system D is also
a whole project with a lot more ambitions
than just being an init system.
And they make a lot of different software
that basically tries to replace a lot of
basic operating system components with
systemd-developed ones.
So beyond the init system,
we see software like systemd-resolvd,
which replaces the DNS resolver on your
system.
And other and other stuff like that that
isn't necessarily related to just service
management and starting processes.
So they really want to be like the
core software for all of your system,
which is why I think they are pretty
divisive project in the Linux space.
But
Yeah,
I don't know what component this age
verification is actually being installed
in.
I didn't see this, but maybe I should.
It probably says in this article.
I don't know if it's specified.
It just said the JSON user records when
you make a new user.
XDG desktop project portal is adding age
verification portal that needs a date
source for the user's age in the user
DB.
Does that help any?
It's an interesting change to make.
You can definitely see their reasoning
behind it,
because I think if age verification is
going to come to Linux, for example,
it would be quite annoying if there were
one million different implementations of
it that the rest of the system has
to integrate with.
But I'm not sure if this makes a
ton of sense for it to be here
instead of in your desktop environment.
And also,
I don't necessarily think that age
verification is kind of a lost cause.
And I think it's unfortunate to see it
being adopted so readily in Linux
because...
I think in certain projects,
I wish that the open source community
would take a bit more of a stand.
But everything has just become very
corporate, especially in the Linux space,
and there's a lot of compliance in
advance.
So it's very tricky to kind of
keep with solid ethics and this has been
an issue for a very long time i
could go back to um one of i
personally the most annoying things that i
can think of in this space which is
um back in i want to say firefox
adding drm as like a first party thing
in their browser rather than like
relegating that to a third party
extension,
because that was kind of the end of
Firefox having any sort of say in the
web browser space and how all of these
web standards were made.
I think once they gave into that,
that was
the slippery slope that made them lose a
lot of ground in the standards committee
to Chromium because they basically showed,
hey,
we will implement anything that Google
asked for.
And I think that this is a case
certainly of the main developers behind
Linux saying, hey,
we are going to implement whatever the
corporate side of Linux asks for,
regardless of what the rest of the
community wants, which is unfortunate.
so yeah i'm not a fan of this
change there's a lot of arguments for and
against this i it i don't know like
what the point of this is really because
if you can just set your age to
whatever you want yourself i don't know
why this would be trusted by other
software um
But I guess we'll see how this is
used,
which is the main thing it'll come down
to.
I think it is like,
even if there isn't a huge issue with
how this specific thing is implemented
right now,
we are just kind of laying the foundation
for more anti-user systems and more
problematic systems to be implemented on
Linux in the future,
which is not a path that I think
we should be going down.
So that's my main concern with this whole
story pretty much.
Yeah, I agree with you.
I think, you know, I mean,
we always talk about how like companies
and services have to follow laws, right?
And somebody I spoke to recently in an
interview you guys will be seeing pretty
soon mentioned that.
It's like this whole idea of like
cyberspace as this nebulous,
like doesn't matter.
It's like, no,
the person writing the code,
your feet are touching the ground
somewhere and therefore there's
jurisdiction or your server is located
somewhere
in a physical space somewhere.
And so I understand they have to follow
the law,
but I do agree that it was really
disappointing to see them just roll over
with no fight, no nothing.
And I think to kind of go back
to, you answered it a little bit here,
but this person asked us, Leonard asked,
or Leonardo asked,
do you think air verification is a lost
battle?
I wouldn't say lost.
I mean,
there's definitely that part of me that's
like,
If I thought it was a lost cause,
I wouldn't be here, right?
Like I would just go get another job
and give up privacy.
But I do think...
I think it's partially lost in the sense
that I think this is coming,
whether we like it or not.
This is just my personal opinion.
I think it's coming,
whether we like it or not,
because I think there's just too many
people that don't understand the downsides
of it.
And I think it's really important in light
of that for us to have a seat
at the table and have this conversation,
which system deed clearly did not where we
say,
let's at least try to control it in
a way where it's less damaging.
So I think,
In that sense,
I almost like this because you can put
any age in there, right?
They're not going to verify it.
They're not going to ask you to upload
an ID.
And, you know, then there's the question.
I almost worry if like if everybody starts
doing that, like, OK, fine,
here's an age field.
Go ahead and lie.
We don't care.
Then the government's just going to be
like, fine, now you have to verify IDs.
And it's like, crap, now it's worse.
Yeah,
that's exactly my point about it being a
slippery slope.
Because if it can always be set
arbitrarily forever,
I don't understand what the point of this
would be in the first place, right?
To me,
the intent of this feature is clearly to
eventually have some sort of much more
verifiable way to set this field that
won't be as user-controlled.
And I think that that is...
dangerous to have because if they weren't
planning on doing that,
then they could just do what sites always
do,
which is like ask people to enter their
birth date or like confirm that they're
over a certain age or whatever without
this being built into the system.
I think that that works fine until you
want a much more verified way to confirm
people's ages, which,
as we talked about on the show a
lot,
is is very problematic from a privacy and
censorship standpoint and that's really
the only reason to build this feature
that's and that's my main concern here
i've seen a lot of um a lot
of mixed reactions to this like in our
community and elsewhere on the internet
where people were kind of saying like what
you were um saying at the beginning of
your thought which is like hey this isn't
really doing anything right now you can
set it to whatever you want and i
would just be
It doesn't make sense to me that that
will always be the case.
I think that the fact that they're doing
that is concerning.
And this is kind of similar to me
to the current discussions that are going
on
In the Android world right now with
developer verification,
I think we are seeing a lot of
app developers and a lot of custom Android
operating systems and other third party
open source app stores beginning to comply
in advance with that sort of thing or
make statements saying like, hey,
we are going to participate in the
developer verification system.
And I think that that is unfortunate,
because you could look at the Keep Android
Open campaign for a lot of explanations on
why you shouldn't be doing that.
You should be taking a hardline stance and
saying, hey,
we're not going to comply with this
system,
even if that means some restrictions on
where apps can be installed.
that is the best move to make our
voices heard and to potentially make a
difference.
So it's just a similar thing here.
Exactly like you said,
I think that we got to take a
stand and we can't lose our voice when
it comes to this.
And SystemD is...
kind of giving that up,
which is a real shame.
Yeah, and I think,
just to kind of add to what you
said, I think, ironically...
I think if we took more of that
attitude of, like,
let's have a seat at the table and
try to steer this, I think, ironically,
it would become a self-fulfilling prophecy
in a good way,
a good kind of irony, where, like,
because we're participating,
we might have more attention to be able
to draw attention to these issues and
point out, like,
this is why age verification doesn't work.
These are all the problems with age
verification,
the knock-on effects that are going to
make things worse.
And we might end up actually being able
to do something about it.
But, yeah, I think...
I think definitely just I know we've
called this out in the past with other
stories,
but just this attitude of like of,
you know, oh, well,
this doesn't affect me.
So I don't care because I know how
to get around it.
Congratulations.
It's coming for Linux.
It's coming for the things that we use.
We can't have that attitude forever
because eventually we're going to run out
of places that are not touched by this.
Or at very least,
they're only going to apply to like a
handful of people that are
really tech savvy and know how to write
their own code.
And now we have privacy for one percent
of people instead of, you know,
right now where it's what, ten percent.
I don't know.
I'm just making up numbers.
But my point being is like,
I think standing up and trying to do
something gives us more power and it
builds momentum to the point where maybe I
will be wrong, which for the record,
these are the kind of things I'm happy
to be wrong about where it's like, hey,
we were able to roll back age verification
because we took such an active role that
we were able to spread awareness and
attention.
So, yeah.
And real quick, just to roll here,
point it out.
Like, yeah, it's not age verification.
It's identity verification.
I'm trying to get more in the habit
of saying that, but I don't always.
So thank you for pointing that out because
you are right.
It's not just kids because how is it
going to know if you're a kid without
verifying everyone?
So yeah, thank you for noting that.
Yeah.
It's an interesting story.
I don't know if I have too much
to add.
I...
I can certainly imagine some reasons that
something like this could be useful in the
grand scheme of things,
regardless of age verification plans right
now.
But certainly the timing of this with all
of the age verification stuff going on
this year is extremely suspicious.
So that doesn't give me high hopes for
how this feature will be used.
For sure.
um i think we can move on from
this story before we dive into the meta
and google social media addiction ruling
um i want to give some quick updates
about what we've been working on at
privacy guys this week um on the website
side of things uh the big stuff has
been a lot of news articles so there
are a ton of stories that we aren't
able to discuss here on this show but
freya and others have been writing them in
our news brief section which you can visit
at
privacyguides.org slash news.
So some of the articles include the cadnet
botnet hijacking ASUS routers.
Good example of the kind of botnet issues
I was talking about earlier in the router
space.
FBI seeking info from gamers who installed
malware from Steam.
Big tech creating an accord against online
scams and fraud.
A severe meta cybersecurity incident
caused by an AI agent.
Graphene OS saying that they won't
implement age verification.
which is fantastic,
exactly what we do want to see,
unlike SystemD here.
A French aircraft carrier being located in
real time via a fitness app,
which we've definitely seen in the
military before.
Android-XVII getting a post-quantum
cryptography upgrade and Vizio TVs.
now requiring a walmart account um crazy
stuff really annoying the smart tv
industry uh so if any of you think
any of those topics are interesting or
want to learn more about them we have
those articles again at privacyguides.org
news all of those articles are also
automatically published to our form when
we publish them and there are some
discussions that go on there or you can
ask questions and follow up and we can
Talk about it there.
I think that's kind of the main stuff.
I know that there have been more
discussions in our forum and on the
community side of things,
but we're going to get into some of
the biggest ones later on in the show,
so I will leave that there.
But I know Nate has some stuff to
share about our YouTube channel and some
videos we've published lately,
so I will pass it over to you,
Nate.
Yeah, so just a really quick one here.
Last, God, was it last week?
It's been a week already.
Jonah and I were invited to Austin, Texas,
EFF Austin,
which I am a board member of.
We threw an unofficial South by Southwest
party that we called EFF Austin
Interactive because- I will just say,
technically two weeks ago, Interactive.
Two weeks ago, okay.
We did that live show, if people remember.
Yes.
That was cool.
Sorry,
my sense of time is all checked up.
It's been a busy couple weeks ever since
I got back.
It's crazy.
But yeah,
South by Southwest Interactive has been
retired,
so therefore we decided to be sneaky and
use the name.
And Jonah and I got to film some
of the talks,
and we thought they were really
insightful,
so we've been publishing them on our
channel.
We have Hugh Forrest,
who was actually one of the co-founders of
South by Southwest Interactive, who gave,
I thought,
a really good talk about South by
Southwest's
and how it ruined the world um good
talk so check that out uh dr sharon
strover who is a professor at ut austin
talked about public opinions of
surveillance technology which is i thought
was very hopeful um you might be surprised
to check that out and then uh john
lebkowski
who is also an EFF Austin board member
and very early pioneer of the internet.
Um,
he's been around since the early days and
I swear to God,
I feel like he has a story about
every,
like if you name somebody in the digital
space, um, like Phil Zimmerman or,
you know, um,
Pretty much anybody.
I feel like he knows them.
Cory Doctorow, like he knows them.
He's met them.
He's got a story.
But anyways,
he gave a very short talk that I
would loosely describe as like the state
of the internet and a call to action.
I think it's less than five minutes.
That was definitely the shortest one.
So if any of those sound interesting,
head over to our YouTube channel or it
is also over on PeerTube and check those
out because they were really good.
Yeah,
I will just say I might be a
little biased, but I did love Dr.
Sharon Strover's talk a lot,
just mainly because, well,
a lot of reasons, actually.
But she included a segment about
Minneapolis and what's going on here that
I thought was interesting as well.
So totally,
totally check that out because all of
these mass surveillance systems in cities
right now,
we've talked so much about flock in other
systems here on this show.
And it's a really good,
really good take on all of that.
Yeah, for sure.
And not to beat a dead horse,
but I would say it's as fact-based as
you can get.
I mean,
it is a lot of surveys and self-reporting,
but it's not just like, oh,
we read some news articles or we looked
at Twitter.
It's like they went out and tried to
get the best numbers they possibly could.
So it's really good stuff.
All of this stuff, the articles,
the videos,
the upcoming videos that I've been teasing
at,
all of this is made possible by our
supporters.
So if you are not a supporter and
you would like to be,
you can sign up for a membership or
donate at privacyguides.org.
We also have a merch shop,
shop.privacyguides.org.
And I think we've added some new designs
ever since we launched our activism
section.
So be sure to check that out if
you're interested.
Privacy guides is a nonprofit that
researches and shares privacy related
information and facilitates a community on
our forum and matrix where people can ask
questions and get advice about staying
private online and preserving their
digital rights.
And we'll talk a little bit more about
that later.
But for now,
we're going to talk about Hong Kong and
a new law regarding device passwords.
And I'm going to turn that one over
to Jonah.
All right.
This was reported by the BBC.
Hong Kong police can now demand phone
passwords under a new national security
rules.
This article starts out,
Hong Kong police can now demand phone or
computer passwords from those who are
suspected of breaching the wide-ranging
national security law.
Those who refuse could face up to a
year in jail and a fine of up
to Hong Kong dollars,
which is about US dollars.
and individuals who provide false or
misleading information could face up to
three years in jail.
It comes as part of new amendments to
a bylaw under the national security law
that the government gazetted on Monday.
The NSO was introduced in Hong Kong in
twenty twenty in a week in wake of
massive pro-democracy protests the year
before.
Authorities say the laws which target acts
like terrorism and secession are necessary
for stability, stability,
But critics say they are tools to quash
consent.
Of course,
this is an issue that we have talked
about in other countries.
Certainly in the UK, for example,
this is a problem right now that we
know of.
It's also kind of a gray area in
U.S.
law where you technically don't have to
provide this information,
but what they can do for you,
do with you in the meantime is kind
of up in the air and not decided.
We've seen stories certainly of people
being held in temporary custody.
temporary jails for years or more because
they didn't decide to comply with sharing
their passwords with police or they simply
forgot their passwords and weren't able
to, which is always a possibility.
And in a lot of cases,
it is exactly used to quash dissent or
target people who otherwise haven't
committed crimes.
This is a big part of the issues
that we see with encryption in general and
end-to-end encryption,
where governments really want to make any
form of encryption or end-to-end
encryption illegal.
Simply the act of using it because it...
certainly makes it much easier to
investigate crimes if you don't actually
have to do any investigation of the crime
or any of the data involved.
If you can just say, hey,
the fact that this encrypted data exists
is a crime enough that
can be used to target a lot of
people who have otherwise done nothing
wrong.
And it wouldn't surprise me to see the
same thing happen here.
There's a couple stories mentioned in this
BBC article,
if you want to check it out later,
about some examples of activists and other
big names in the area being sentenced to
jail or being
being targeted by laws that expand on this
kind of NSL national security law.
So it's definitely being used to target
protesters, activists,
former opposition lawmakers even in Hong
Kong.
So unfortunate stuff for sure to happen
here.
I think that that
would be would be kind of my main
point.
It's it's something that we could
certainly see expand to other countries.
And it's something that if other countries
aren't doing this,
there are at least plans to do something
like this,
which is is bad news for everyone around
the world.
Yeah, Nate,
do you have any other thoughts on this
story?
I don't think so.
I think you kind of covered it.
Jordan said they've already been doing
this for years in Australia.
That's wild because, yeah,
it's very â here in the U.S.,
I â
Oh my gosh.
I've taken in so much information the last
few days I'm forgetting.
Basically,
the way the courts are supposed to work
is they're supposed to take existing laws
â like when it comes to new technology,
they're supposed to take existing laws and
interpretation and figure out how to apply
them to the new laws in a way
â supposed to,
for the record â
in a way that protects Americans and
preserves their existing rights.
So for example, with privacy, right?
Here in the US,
we have the Fourth Amendment,
which says that cops need a warrant to
come in and search your home.
And so in theory,
the way the court is supposed to interpret
that when it comes to the electronic world
is the same way.
They're supposed to figure out,
electronically speaking,
what counts as your home,
and therefore the police would need a
warrant to come in and search that.
So-
Yeah,
that's not to say like this couldn't
happen here in the US because in the
US we have repeatedly refused to make a
final decision on whether or not you need
a warrant to search your phone.
But it's just really.
Yeah,
it's really unfortunate because I'm with
you.
This is something I think we could see
here in America, in the UK,
if it's not already.
I mean, anywhere, really.
And it's just it's such a.
Things get really bad once we go downhill
like that.
And, you know,
they also I think they said,
what is it like you could face?
Yeah, here it is.
They could face a fine or jail for
providing false or misleading information.
So like my first thought is if you
have a graphene phone and they're like,
oh, what's your passcode?
And you give them the duress pin that
wipes the phone.
Congratulations.
You're still going to jail because that
wasn't the pin and you knew it.
You knew that wasn't what they meant.
So, yeah, it's absolutely.
It's bad.
I have got a ton of thoughts about
courts, uh, interpreting the laws,
but I think we can talk about that
in the next story here.
So, well,
maybe we should get into that one.
Okay.
Yeah.
So, uh, on that note, um,
let's talk about the courts and meta and
Google and, uh,
Man,
so this isn't directly privacy related,
but it has a lot of knock-on effects.
And this headline, this comes from NPR.
I was going to quote Reuters,
but they do this annoying thing where it
doesn't do a link preview in Ghost.
But NPR also covered this story very well.
This is a very thorough article.
And the headline says,
jury finds Meta and Google negligent in
social media harms trial.
So the short story â the short version
is there's a woman.
I believe some other article said that
she's in her twenties.
And she was suing Meta and Google.
And she also sued Snap and TikTok,
but they settled before it went to trial.
So Meta and Google went all the way
to trial.
And â
This woman basically says she's been
addicted to social media since she was a
child because these companies purposely
make social media addictive.
And therefore,
they should be held accountable.
And the jury agreed.
And they awarded this woman six million
dollars in damages,
mostly coming from Meta.
And the article rightly points out for all
of you who are thinking like, oh,
six million dollars, who cares?
You're one hundred percent right.
Mark Zuckerberg probably â his breakfast
probably cost six million dollars.
He doesn't care.
But what matters is that this is now
on record,
and this is now set a precedent,
and that â
Oh, man,
this this just has so many knock on
effects.
And I think that's why we want to
talk about this is not even so much
for what the story itself is actually
about.
Although, for the record,
I think that is a very important thing
that I'll elaborate on in a second.
But the fact that it holds these companies
accountable and opens the door for so many
more legal actions in the future.
On behalf of everyone, I feel like,
because who hasn't had a Facebook account
or a YouTube account at some point?
Many of you are watching on YouTube.
And thank you for watching, by the way.
But yeah,
I do want to point out real quick,
again, personal opinion here.
I've been saying for a long time about
a variety of privacy topics that I think
it's extremely...
We'll take misinformation, for example.
I know a lot of people who are
like, oh, I don't fall for fake news.
That is extremely arrogant.
And I'm including myself in this.
I have definitely read stories that
somebody else is like, hey,
here's an opposing viewpoint and all the
things they left out.
And I'm like, oh,
I probably called that one wrong.
Because when there are companies whose
whole job, forty hours a week,
is to sit there and pump out fake
news,
They're going to get you at some point
or another because that's just how it
works.
Like,
think about your job and how good you
are at your job because you do it
all the time.
And now imagine some random person coming
in off the street and being like,
I could do that.
You know, whatever your job is,
it doesn't matter.
It's like, no, dude,
there's certain skills and flows and
processes that I've learned over the
years.
And it's the same thing with these.
I think...
we really underestimate how addictive
social media is.
And I'm not trying to let people off
the hook.
Agency comes with pros and cons.
If you're in charge of your own actions,
you're also responsible for the
consequences.
But at the same time,
we have to acknowledge these things are
made to be addictive by experts who are
paid to make this thing as addictive as
possible to keep you there one second
longer.
And I feel like when we discredit that,
it's like we're forgetting that
It would be like saying, oh,
cigarettes aren't that addictive.
Bro, they bake nicotine into it.
Yes, it is.
And it's the same thing here with this
kind of stuff is like this stuff is
made to be addictive.
And I think we're just really â yeah,
I know I'm kind of going in circles
now,
but I think we're just really being â
it's just really not good to ignore that
is what I'm trying to say.
So yeah.
I think that's kind of all I've got
for now on that one.
I know you said you have a ton
of thoughts on this.
So what, what was your takeaway from this?
So I've seen a ton of mixed responses
to this case on the internet,
and I have a lot of mixed feelings
on this myself, because I,
even on this show,
have said that all of the social media
stuff,
and especially the stuff that Meta is
doing, which we've,
I think it's even mentioned in this
article in a separate case from the six
million dollar one,
but
It's been found in Discovery that they
have internal discussions about
specifically targeting kids who are
thirteen or even younger and making it as
addictive as possible.
And this is, in my opinion,
a public health concern for exactly the
same reasons that marketing cigarettes to
children was a massive health concern.
But on the other hand,
I think that this really closely relates
to Section two thirty issues that we've
seen here.
And the social media companies originally
tried to use Section two thirty as a
way to say, hey,
we shouldn't be responsible for any of
this.
And they tried to get the case dismissed.
Thankfully, in this specific case,
they chose not to address any section
two-thirty issues at all.
So this can't be used as a way
to like get around section two-thirty in a
court case.
That still applies in this case,
did specifically focus on the design of
these apps and kind of the algorithm that
they're using and not on the content of
these apps themselves.
Um,
but I have a lot of fears here
that this case will be used as a
gateway to attack some of this section two
thirty stuff.
Um,
because I think it is not a stretch
for a lot of these, uh,
concerned parent groups or these
conservative religious groups to say, hey,
you know,
the algorithm on this app turned my child
trans or gay or what have you,
and they just blame the algorithm instead
of the content,
and it's a new approach to attack these
companies.
And depending on how those go,
it could be a similar case to either
attack these companies without
Section two thirty being involved,
or this could be used as an excuse
to implement such something like COSA or
the repeal of Section two thirty in the
future.
And this is just kind of a way
in.
Even though the issue at play here really
has nothing to do with the content,
I think that the parallels here to the
tobacco industry and how they were
marketed
they were marketing to children,
for example,
are very apt here and they make a
lot of sense.
And that is a case where like regulation
was needed.
And I think in a similar way,
like the way that these apps are designed
and the way that the algorithms work,
which is to kind of find all of
the most
inflammatory and addictive content they
can find um and really highlight that
which is not the fault of the content
itself but it's the fault of the algorithm
that these apps designed i think that that
is a big problem and just like um
the the tobacco industry um which i mean
their their products weren't banned um
they're they're still around you can buy
them anywhere um but they really got hit
with um
huge restrictions on marketing and how
they can sell their product.
And I think that that is probably
something that should happen here.
And just like that,
I think the fact that cigarettes weren't
banned, for example,
that's kind of similar to how all of
the content on these apps shouldn't be
banned or restricted.
We can't be going after the content
itself.
We have to be going after the format
with which these companies are presenting
that to make money.
Because we know...
that some social media is not inherently
addictive.
We can see non-algorithmic social media
like Mastodon, for example,
which doesn't have these problems,
even though you can post the exact same
content there that you can post anywhere
else.
And we know that
Facebook and other social media platforms
like Twitter,
they didn't used to be so bad until
Twitter really started making very
algorithmic timelines instead of just
showing, you know,
posting chronological order from people
that you follow.
Or, I mean,
I remember the days before Facebook had
the news feed, for example,
and they made that switch to kind of
tell people
um that like hey we're going to be
showing you the most relevant stuff
instead of uh just a way to keep
up with your friends or whatever and there
was some controversy there but facebook
was really adamant that hey this is a
very good thing whereas in reality we know
that while they were designing this they
were intentionally trying to make their
platform more addictive and more um
don't know reactionary i don't know the
right word but it was a way to
get people to stick around on facebook for
longer and to uh more effectively sell ads
right and i think that those motivations
that these social media companies have is
really at odds with how they sold these
things to consumers and that is a
legitimate
problem in deceptive marketing.
There is really no place, I think,
in our society and from these companies to
be deceptive,
just completely deceptive to how they sell
their products to consumers.
And so some restrictions here do make
sense.
But I think that
I think that the big problem is that
courts and lawmakers do not really
understand technology or the Internet.
And lawmakers are consistently very
unwilling to make a decision about this
themselves.
And it's only gotten worse lately.
And now that the doors are open here
to this issue,
I think that the doors are open to
wider issues that may impact content or
Section two thirty and other courts,
because
All of these courts around the US are
going to have slightly different
interpretations.
This isn't something that the Supreme
Court decided on.
And I think that that's really
unfortunate.
My main thought is that
We should be focused on some of these
very specific problems with how social
media apps market themselves and how they
design very addictive platforms,
because it is a problem.
But we need lawmakers to say, hey,
we are only focusing on this specific
thing, right?
We're leaving all of the content and all
of the Section two thirty and all the
free speech stuff alone.
We don't want courts to think about it.
We want to have this law that just
focuses on this one specific issue so that
it doesn't expand into a ton of different
issues,
which is exactly the reason Section two
thirty was created in the first place.
We already have these protections under
the First Amendment,
but lawmakers had to step in because
courts were interpreting.
how the First Amendment applied to
technology companies slightly differently
or very differently,
depending on like what court you were in.
And lawmakers had to say, hey,
this is how the First Amendment works for
all of these tech companies.
And now tech companies can use Section two
thirty to easily get these cases
dismissed.
And I think that we need
um another federal law like this that says
like hey this specific design is bad but
it doesn't mean that we have to regulate
or ban free speech on these platforms
because that is an unnecessary problem but
it seems to be the the direction that
some of some future cases could go in
based on this um so I think
I think it's kind of unfortunate just
because I can see what direction this is
going in and I don't think we live
in an ideal
world and i think this is more of
a failure of lawmakers than the courts to
be honest and i just wish we were
more effective about making these laws
that are more substantial and specific
than than we currently are we're just
leaving everything up to the courts it
seems like these days and that is not
an effective way to govern a country not
at all
Um, I don't necessarily disagree with you.
I definitely see how this could be a
slippery slope,
but did you by any chance happen to
see the last section of this NPR article
that says the LA case focused on design
of social media platforms to overcome
liability shield?
Uh, was there a specific point?
Yeah.
So they, they, um,
they specifically mentioned how the,
the prosecution,
I believe it was stayed away from section
two thirty.
Um, they said that, uh,
Where was it?
Yes.
By taking this approach,
the lawyers pursued a case alleging
defective design that was able to get
around the high bar set by section two
thirty.
It's not what the users post,
but the very architecture of the platform
itself.
So, I mean, again,
I don't disagree with you because I I
know there's probably there's a saying in
the legal world that you can indict a
ham sandwich.
So, I mean,
which I know an indictment is not the
same as what we're talking about here.
But the point being is like a good
look.
for better or worse,
our legal system in the U S is
basically who makes the better argument.
And, um, so it's definitely could happen,
but I think it's just a,
maybe a little bit reassuring that they
purposely stayed away from talking about
section two thirty or even any of the
content itself.
And instead they focused on things like
infinite scroll, constant notifications,
auto playing videos and beauty filters.
And they mentioned how, um,
when she was young the the the plaintiff
when she uh what was it she so
craved the validation of social media that
she would run off to the bathroom at
school to check the number of likes her
poster received um and where did it go
There was another section where basically
they talked about the beauty filters.
Oh, here we go.
She developed depression and body
dysmorphia as she continuously compared
herself to others and used beauty filters
to enhance her appearance.
And that's the thing that I think applies
to everybody.
If not the beauty filters or the physical
thing, I will admit,
I fall prey to this where somebody's like,
oh, I'm going on vacation.
We're going here.
We're spending the weekend here.
My sister has been to Europe more times
than I can count.
because we have different uh different
dads i don't want to talk too much
about privacy we have different dads and
her dad has a lot more money and
i don't know if she ever used that
for the record maybe it's all maybe she's
just really damn good with money but
either way like she's traveled quite a lot
and i really haven't and i i won't
lie that i'm like jealous of that but
also like being her brother i have the
insight into like i know how hard she's
worked i know that she's good with money
It's not necessarily just that her dad
wrote her a check, like, yeah,
go to go to Germany or whatever.
Like she probably earned all that money
herself.
It's not like she was there every other
week.
But when you don't know that person,
when you're looking on social media and
you're like, God,
they're in Europe all the time.
Yeah,
maybe they're posting a picture from six
months ago.
And they've been back in the States this
whole time.
And you don't know that because you don't
know them or you don't know how many
overtime shifts they worked or overnight
shifts.
Like you don't know how many times their
friends were like, hey,
let's go get drinks.
They're like, oh, no, thanks.
I'll catch the next one because I'm trying
to save money.
Like, you know,
and it's what's the statement about like
you're seeing somebody's highlight reel.
And anyway, I mean,
I guess that's more about content.
But my point being like we can all
relate to the fact that
social media gives us this warped
interpretation of what's going on in other
people's lives that if you don't know them
personally and you can't ask them like man
how are you affording all these trips
they're like oh you know my dad's really
good with credit card points or something
um i forget who it was but one
of the podcasts i listened to said the
same thing they're they're i think they're
even a personal finance podcast they're
like yeah we don't make that much money
but my wife is really good with the
travel points or else we would never
travel this much so it's um
Yeah,
it's anyways getting back to the topic.
Sorry, I kind of got distracted there.
It's I think it is heartening that they
purposely avoided the content and the,
you know, people are posting this.
And it's the beauty filters.
It's the infinite scroll.
It's the architecture of the platform
itself,
which I think is absolutely a huge part
of the problem personally,
but maybe not the whole problem,
but definitely a big part of it.
So yeah,
not to say that it couldn't happen because
I could totally see a world where this
does open some doors,
but hopefully that will at least make it
a little bit harder since that's not the
direct argument they took.
Yeah, I totally agree.
I think that them sidestepping the whole
content issue entirely was the correct
approach,
and I think that that is the main
issue with these social media platforms.
The challenge that I see here is that
I think the line between the content on
this platform and the algorithm serving
that content is...
it's not it's it's a fine line it's
not very clearly defined and i think what
we could see is future court cases um
exactly like i said um not necessarily
focused on the content but focused on the
content that these algorithms are
promoting um for like these
conservative or religious groups to say
like, hey,
it's the algorithm that turned my child
gay because it surfaced all of this
content related to that or whatever.
And I think that we could see...
a response to that from social media
companies that would be very similar to
the response that we would probably see if
Section two thirty was repealed.
I think that they could interpret that
like like if that's the case in the
future.
And there are already some cases where
this exact argument is being made.
I think and I think in other countries,
I'm not aware of cases in the US
right now,
but we've seen this before and we know
it could happen where
Like if Facebook gets sued for that issue
and they lose that case,
I can see them potentially censoring or
moderating much more heavily like LGBTQ
information or education or not even that.
It could be any topics that...
certain groups find undesirable or they'd
rather ignore.
And I think that that could lead to
a free speech issue on these platforms if
the algorithm can be targeted like that.
even if Section two thirty remains just
for liability reasons.
So this is the main reason that I
would love to see a law that really
restricts app design and a lot of that
stuff,
because I think that that or like the
beauty features that filters that you
mentioned, for example,
or some other aspects of these apps do
need to be reined back in.
And I think
um just how heavily these apps are
marketed to kids in the first place i
think that needs to be reined in as
well um but it would be nice to
have a law that delineates that from even
from the algorithm which which is
problematic but um
I would be worried about it being impacted
in future cases because I do think even
if it doesn't mandate censorship or
moderation,
I think that censorship and moderation
could be a likely outcome if these
platforms become liable for the content
that they display with those algorithms,
basically.
That makes sense.
I hear you.
Yeah, I don't have an answer to that.
Hopefully that does not happen.
So yeah,
it's something to keep an eye on.
I don't know.
I'm never very optimistic about the things
that our government is doing,
but you can always hope for the best.
But yeah,
I've definitely seen a lot of people very
concerned about this case,
even if they agree with some of the
issues that are being addressed here,
because...
there are concerns with how this will
affect future cases.
Totally.
I think that's kind of it,
if you don't have anything else to add.
In a minute,
we'll start taking viewer questions.
So if you have questions or if you've
been holding on to any questions about the
stories we've talked about so far,
you can leave them in the forum thread
for this show,
or you can leave it in the chat
here.
We'll try to get through all of them.
For now,
I think we should check in on our
community forum.
There's always a lot of activity on our
forum every week.
We can't talk about it all,
but we wanted to highlight a couple of
this week's most interesting discussions,
in our opinion, that are happening there.
Our first forum thread that I wanted to
take a look at was called Remembering
Device and Master Passwords.
This was a question that was asked to
the community talking about
password managers and replacing all of
their reused passwords with randomly
generated passwords that are stored in the
password manager.
But there are some passwords that the
password manager can't remember for them
because they need them
like the master password,
to access the password manager in the
first place, which is, of course,
a problem.
So they mentioned some examples,
the master password,
the user account password for each of
their devices,
the disk encryption password for each of
their devices.
And then if they had five different
devices, they would have eleven...
six word passphrases to remember,
which is a challenge.
So they asked basically what strategies we
have for remembering so many passwords,
or what password should you reuse in those
situations?
So Nate,
I know you had some things to talk
about and you saw Fria's answer there.
Do you want to kind of cover what
Fria talked about here?
Yeah,
because I really appreciated Fria's
response.
So for example,
one of the questions that the original
question asker said,
is it safe to reuse the same password
for disk encryption and user account?
And Fria said,
it's probably best to make those
different.
But ideally,
your online account would use a passkey or
something like that instead of a password.
And they also noted that your device
passwords don't leave your device.
So, for example,
my computer in front of me here... Well,
this is a Mac,
so this is a good example.
But my Windows computer, you know,
I have a VeriCrypt and I have the
login to my local account,
which is not a Microsoft account.
It's a local-only account.
So, in theory,
I can make both of those the same
password, right?
Because they're not going to leave the
device.
And they also mentioned that you can...
You can go ahead and enable biometrics.
I guess I should have said this to
start with.
It really depends a lot on your threat
model, right?
Because my threat model, for now,
is basically getting robbed.
Laptop, laptop, laptop, laptop.
several phones laying around.
Like my concern is not really the
government.
I personally am a strong believer in a
five dollar wrench attack and I do not
have a high pain tolerance.
So, you know,
the minute they threaten me with violence,
I'm going to fold like a souffle.
I'm just being honest.
But, you know,
if somebody comes in and breaks into my
house while my wife and I are out
and they steal all the laptops,
I want to make sure that they're not
going to be able to get into that
because that's when they're going to be
able to get into my password manager.
And I don't keep browser history,
but browser history and
any apps I have saved, any like,
like I use Thunderbird.
So all my emails are downloaded locally,
things like that.
And that's what I really want to protect
against.
So in that situation, yeah,
really just having one really strong
password
is probably sufficient because they're not
going to crack that as long as I
don't write it down and stick it on
the desk anywhere.
Right.
Um, you know,
like one randomly generated six word
passphrase.
If I really want to be safe,
I could give each device a different
passphrase.
So that way it's not, um, you know,
if they get one,
at least they don't get into all of
them, but at least that way, you know,
it's not, uh,
What's the word I'm looking for?
Like that's only three different passwords
instead of six, right?
Or something like that.
So it really does depend on your threat
model.
But going back to the biometrics thing,
what a lot of people have,
I've seen several people notice this where
they've been in a public situation and for
whatever reason,
they have to pull out their phone and
unlock their phone.
And they realize as they're typing it in,
they're like, dude,
there's a camera right over the cash
register looking at me type my password
into the phone.
Hmm.
And they're like, man,
I kind of wish I had just used
biometrics because at least then they
wouldn't have my password, right?
Or, you know,
we've covered stories in the past about
there's a scam that I think is still
going around where somebody will basically
watch you unlock your password for
whatever reason.
You know,
maybe they're flirting with you at a bar
or something and they see you type in
your passcode and then them or their
accomplice will steal your phone,
try to unlock it and send a lot
of money.
And I know Apple and Google have rolled
out some defenses against that,
but that's a good example where if you
unlock it with biometrics,
They're going to have a harder time
unlocking the phone when they steal it
from you.
So it's really about what are you trying
to protect and who are you trying to
protect it from.
If you have a very high threat model,
then yeah,
you probably want a bunch of different
passphrases.
I think it's also worth noting that it
is
I know this is really unpopular,
but it is okay to write down passwords
in some situations.
For example, do not call it password.
Do not stick it on a sticky note
on your screen.
But if you have a little notebook that
you carry with you everywhere or something
like that.
So I think my thing, I'll be honest,
I basically have two main passwords I use,
one for the encryption and one for the
local account.
I don't know why I do it that
way.
I just do.
Because now that I think about it,
if they get past the encryption,
they can just pop out the disk, right?
Yeah, I don't know.
But I think that's the big thing is
the threat model.
If your threat model is not very high,
it's probably safe to reuse the local
passwords that don't leave your device.
Just be aware that that is a risk.
If somebody gets it,
they can get into all the devices,
I guess.
So I don't know if Jonah has a
different strategy that he would approach
it with.
No, that makes a lot of sense.
I mean,
the main thought that I would have is
I think for most people,
the information that you store on your
different devices,
if you have multiple devices,
is usually pretty much the same
information.
you're going to probably install your
password manager on all of them and the
same web browser that you have synced
across them.
And people have a desktop and a laptop
and a phone for convenience purposes
rather than just separating all of their
data.
And so I think using the same password
for encryption
And using the same password for your local
account probably makes sense in those
situations.
At the end of the day,
those passwords aren't exposed to the
internet.
You don't have everyone on earth trying to
hack you in the same way that...
you have like thousands of hackers trying
to attack your online accounts all of the
time because because they can and it's so
easy to attack like all of this local
stuff it does it's not as much of
a deal and i think memorizing one password
for all that is good um you definitely
do want to have a different password for
your local account versus your encryption
password just because
you don't want to be entering your
encryption password all the time in case
of like shoulder surfing attacks.
So keeping that separate is nice.
And I wish that's a feature that could
be used on more smartphones,
but I digress.
But other than that,
Yeah,
there's a lot of good advice in this
thread,
and I think it really does depend on
your setup,
but usually I think that works.
If you do have very different information
on your devices,
it might make more sense to not reuse
those passwords,
but
I would also say if you're just trying
to remember these passwords,
even if you do use biometrics,
usually you could try disabling them for a
month or a couple months because I think
muscle memory is usually the way to
memorize these passwords quickly.
I remember back when I was in...
college I would always have to log into
different computers like in the computer
lab we didn't have laptops or anything we
just had these these desktops and I'd have
to use my account that I would normally
use a password manager for like um like
to access my email but the password was
the same to log in locally to these
computers and I didn't want to have to
like grab my phone or something to copy
my password over I just had to have
a passphrase that I could
Memorize to log in and it only took
like a month or maybe a month and
a half to eventually like have the pretty
long passphrase down I think if you just
do it all the time it's you'll probably
get it so yeah lots of good advice,
but I think typically.
There's only three main passwords that
most people have to remember,
which is for their local accounts or pins
or their encryption key and then their
password manager, master password.
I think that you should keep them all
separate,
but you probably don't need more than that
unless you have a good reason that you
know of to have more passwords than that.
So, yeah.
Oops.
There we go.
Yeah.
Last thing I want to add just to
double what she said is if this is
something you're struggling with,
definitely check out this thread.
Cause a lot of people gave really good
ideas from like different,
I wouldn't say different threat models,
but just different perspectives.
Like don't forget, you know,
hardware tokens and don't forget this.
And if this is your threat model than
this, and it was, it's a really,
really good thread for sure.
So there's a lot of different,
we're kind of just given like a rough,
you know, what,
what would probably work for most people,
but people gave a really thoughtful
answers about, you know,
keep this in mind.
And if your threat model includes this,
so.
Really good thread for sure.
And then,
if that's all we had on that one,
there was one other thread that I thought
was interesting that I wanted to talk
about a little bit because I've been...
My router started giving me issues right
before we went to Austin,
and I just got it fixed this week,
finally.
And this forum post asks about apartment
Wi-Fi privacy.
And so they were specifically talking
about the...
the router issued by their ISP.
They said they moved into a new apartment
complex and there's fiber pre-installed
from a provider.
The complex states that that provider is
the preferred provider and they have a
partnership.
And then after moving,
I was contacted by representative to begin
the internet setup process.
And so they were basically wondering,
can the apartment complex get any insight
into what I'm doing on my Wi-Fi and
what would be the best way to get
more privacy?
They mentioned,
should I get a different provider
altogether or something like that?
So as a longtime apartment dweller,
for most of my life,
I've lived in apartments.
Jonah can correct me on this one.
I don't think the complex would
necessarily have any insight into your
traffic.
Um,
but I think they probably just have a
relationship with that.
It seems like every apartment I go to
has a preferred provider.
So that doesn't really surprise me,
but it can definitely go both ways.
Um,
there's definitely a lot of apartments and
especially probably older apartments where
they have like,
one provider like a cable provider or a
fiber provider that has just like
pre-installed cables to all of the rooms
and so it's much easier to get that
access um and so that might be what
they mean when they're talking about like
this is our preferred provider and
especially typically if you have to set up
an account with the isp yourself usually
that's the case where the complex wouldn't
have access to that i have seen in
a ton of new developments around here um
apartments basically getting their own
connection and then running their own uh
ethernet and and access points to all of
these rooms but they run a central router
basically that keeps all the rooms
separate but it is all managed by the
apartment and usually they have like
apartment-wide
wi-fi for example so all of their routers
it gives you um sometimes they give you
a uh like a personal connection and
sometimes just this one wi-fi connection
for the whole building um that's in all
of the rooms um and you could certainly
see that and that would be managed by
the complex so it could go either way
for sure um and i it seems to
be even more common that it is apartment
run so i wouldn't rule that out
necessarily
was how our last apartment was they had
um i don't know if it was managed
by the apartment but they were like hey
this is included with the rent and they
did have the apartment the complex wide
wi-fi like you mentioned and there was one
ethernet port that was in the study for
some reason and that was the only one
that were no it was in the living
room and we had to run a cable
into the study because my wife has a
desktop that doesn't have wi-fi i remember
that now yeah so that was probably the
case i think in my last apartment it
was a similar situation where
If I wanted my own network,
I would have to plug in my own
router to their one Ethernet port that was
provided on the access point,
but I couldn't remove their access point
from the room and make a direct
connection.
And it was basically like a double NAT
setup.
It was on their network,
and then I had my own network just
for security,
but it was not a direct connection to
the ISP.
Okay.
Which leads into what I was going to
say.
This is what I've been doing for years,
and this is what I would recommend.
For those of you who are really passionate
about your privacy,
which is probably most of you watching
this,
I would strongly recommend getting your
own router.
Our official recommendation, I believe,
at Privacy Guides is OpenWRT, correct?
I think so.
We do recommend that as one.
You could use OpenSense or PFSense as well
if you want something more...
robust,
but usually that has to run on a
computer,
whereas OpenWrt can install on consumer
router platforms.
Gotcha.
OK, yeah.
Historically,
I originally went with DDWrt.
For years, it was not an issue.
And then recently, it became an issue.
I don't know what happened.
Now I'm using a different one that Jordan
actually recommended to me and so far has
been amazing.
Thank you for that recommendation, Jordan.
um but yeah if i if i whenever
this router dies assuming i can buy
routers again um given our headline story
i'm probably gonna go ahead and get uh
the what is it the
the one, I don't remember who makes it,
but it's endorsed by the free software
foundation.
And it is specifically designed to run
open WRT.
And I did try open WRT on my
router, but it,
because it is so open source,
it couldn't get access to multiple wifi
networks,
which is something I really want.
That's, that's really important to me.
Um, so it was like, yeah,
you get this one wifi network.
And I'm like, no,
that ain't going to work.
Um,
But I'm sure if I bought something like
the one router,
it would be specifically designed for that
and it would probably be able to do
more, I'm hoping.
I'll definitely look into it more when the
time comes.
But yeah, anyways,
where I'm going with this is every
apartment I've ever been to,
they tell you like, oh,
you can't use your router and our, okay,
some of them have not told me that,
but almost all of them are like, no,
you can't do that.
It's worked just fine for me, no problem.
Personally, your mileage may vary,
but for me, I've never had an issue.
There's only been like one or two that
are just like, yeah, whatever,
use your router, we don't care.
Um, I,
I know my current router and I think
a lot of ISP provided routers have this,
they have a bridge mode where it basically
shuts that router off and turns it into
just a pass through.
Um,
because a lot of the time it will
be, especially if it's fiber right now,
it'll be, um,
what's the word I'm looking for?
The fiber connection will have to go into
the ISP router.
And then from there it goes into your
router or there'll be like a coax cable.
So it's not like an ethernet that you
can just plug straight into the wall
usually.
And that's why you'll need their router.
But a lot of them,
you can put it in bridge mode and
then it shuts their router off.
Mine is not in bridge mode and it
still works just fine.
So yeah, I mean,
there's a lot of ways to go about
it,
but I really do think I would highly
encourage,
and some of them can be expensive.
Like I think my router,
when I bought it was like,
almost five hundred bucks,
and I think that was used.
So it's a nice router.
I love that router.
I'm glad it's lasted me this long.
It's a good investment.
So I'm not saying you have to go
buy a five hundred dollar router.
There's a lot of options out there,
but definitely if you're passionate about
your privacy and you are a renter and
you don't have complete control over your
ISP and what router they give you and
stuff,
definitely i would recommend doing your
research start on privacy guides start
with the open wrt see if that'll meet
your needs and um you know see see
about get another router because it pays
off now we've got an iot network we've
got a guest network we've got our main
network we've got a built-in ad blocker
we've got ad blocking dns um all the
networks are segmented vlans it's just wow
which is super overkill but i'm just
saying like the possibilities are endless
man yeah yeah
Absolutely get your own router.
I mean,
that's the point of having a router.
It's to segment your network from your
ISP.
Even if your apartment complex is your ISP
in this case,
you want to keep your stuff separate from
that.
And you can always do more advanced stuff
with your own router.
Like if you don't trust your apartment,
you can run a VPN on that to
protect all of your devices and stuff like
that.
Or you just use the router to prevent
other people on your apartment Wi-Fi or
maybe just other people on the internet if
your apartment
doesn't have proper security,
which they certainly might not because
they're an apartment building that knows
nothing about the internet.
You want to have like a firewall in
between to keep your devices safe.
So yeah,
there's almost no reason you can not use
a router because generally they can't
really tell what device you connect to it.
So even if they tell you you can't
use a router,
I would definitely just use one anyways.
Yeah.
Like I said, they,
most of them tell me you can't.
And then I'm like, Oh,
let me try it.
Plug it in.
Works great.
Um,
one last thing I wanted to add real
quick actually is, um,
when we're listing benefits,
a lot of the time,
the benefits are not always privacy
related.
It makes set up in your new place
super easy because you move to a new
apartment,
you plug your router in and look at
that.
All your devices are ready to go.
You don't have to type in a new
network.
You don't have to set up a new
network, just plug it in and go.
So yeah.
Yeah, absolutely.
All right.
So I think that's all we had for
the forums for now.
And now we're going to take some viewer
questions.
So we're going to start with questions on
the forum,
specifically from our paying members,
but I don't believe we had any paying
members right now.
But if you would like to become a
paying member and get priority,
you can go to privacyguides.org,
click the little red heart icon in the
top right corner.
So we'll jump into the forum first and
then hop over to our live chat.
Um,
and we only had a couple of questions
in the forum.
The first one asked us to talk about
this article from wired,
which I'm not going to talk about too
much.
Cause honestly,
I don't think there's much to talk about.
Um,
but I think it is a good thing
to have on your radar because it may
become more to talk about in the future.
Uh,
the headline says using a VPN may subject
you to NSA spying.
I did see this article.
The issue is the keyword there is may,
and that's kind of why we didn't include
this as one of our main stories is
basically, uh,
Excuse me.
Lawmakers are â well,
I'll just read the first part.
Lawmakers are pressing the nation's top
intelligence official to publicly disclose
whether Americans who use commercial VPN
services risk being treated as foreigners
under U.S.
surveillance law,
a classification that would strip them of
constitutional protections against
warrantless government spying.
So I know I mentioned this before in
the past,
but really quick recap for those who don't
know.
The way that â
surveillance laws on paper are currently
structured is the government is not
supposed to spy on its own citizens,
but any signals that move in or out
of the country are subject to surveillance
because now you're including somebody
who's potentially not a citizen,
potentially.
And there's a whole lot of reasons for
this.
Edward Snowden has a classic interview
with John Oliver,
or I guess John Oliver has a classic
interview with Edward Snowden,
where Snowden explains how a lot of the
time the communications will route through
the fastest network,
which may temporarily take them out of the
country,
or companies may move the server to
another location digitally to do physical
maintenance on the server, whatever.
Point being,
it's really not a good way of doing
things.
And this article points out why,
because they point out that since VPNs are
so ubiquitous,
Even if a VPN server is located here
in the US,
like say you've got your VPN set to
New York or LA or Dallas or whatever,
there's a really good possibility,
especially in those examples I gave,
that there may be users from other
countries using that server.
And so they're basically saying,
I don't know if somebody tipped them off
to this.
I didn't have a chance to fully read
this article all the way,
but they're basically saying because these
VPN servers could potentially include
foreigners,
does the NSA treat them as foreign
traffic,
which would mean that even if I'm a
US citizen,
if I connect to a server in Dallas,
I'm still in the country,
but are you going to assume that I'm
not?
So, yeah,
we didn't cover that story because it's
very speculative,
but I do agree it's definitely a good
thing to have on your radar.
Yeah.
I don't know what the impact of this
would be.
I think the opposite is also true here,
which people are concerned about,
whereas you're talking about connecting to
a server in Dallas,
and that could be a concern,
but also if an American server
connects to a server in some other country
um like like france will their data be
collected by the nsa because they don't
know that it's an american and they're
spying on people out of the country i
think that that's also a concern i don't
think about that that's a good perhaps
even more of a concern than connecting to
uh to an american server i would say
that this is probably likely to be the
case knowing the nsa we've seen similar
things um
And it is one argument that I've seen
as to why maybe you should use a
U.S.
server,
because if you are concerned about U.S.
surveillance,
there are more restrictions on what the
government can do in the U.S., supposedly,
than what they can do outside the U.S.,
which is pretty much anything they want.
But, I mean, even in the U.S.,
A lot of the way that this government
intelligence works is like the U.S.
can get other countries to do this
intelligence for them and spy on American
citizens,
just like they can get big tech companies
to spy on American citizens.
This is a huge problem that we've talked
about
for many weeks now, especially with Flock,
for example,
where the government doesn't have to do
anything because they just pay someone
else to do it.
It's also an issue with data brokers.
We've talked about that as well.
The government doesn't have to collect all
of your location data,
but they can buy all of your location
data, and that, for some reason,
is perfectly legal.
So
I would say,
I think I already said this,
but I think that this is likely to
be the case.
I guess we don't know for sure,
but I wouldn't be surprised if this was.
But also, if it is,
I'm not exactly sure how to
protect yourself against it at the moment.
The best thing we could do is if
this is confirmed, you know,
we'd have to demand change and demand some
restrictions on how the NSA works,
which we've also been talking about for a
while.
And I'm not sure if that'll happen.
Yeah.
Before we move on to the next question,
this is kind of a follow-up here from
one of our viewers.
We advertise VPNs as a tool against
surveillance capitalism,
not government surveillance.
So would this change how we recommend
VPNs?
Yeah,
I guess that's kind of my main point.
It doesn't seem like for the purposes that
most people use a VPN for,
this is going to make a big difference.
It's obviously a concern.
I don't think that the NSA should be
allowed to spy on American citizens,
just like the CIA shouldn't be able to.
None of these...
None of these agencies really have
authority to do that,
and they probably are anyways through
loopholes like this.
But there's a lot of ways that they
can get around this,
and it's not really the intent of a
VPN in the first place.
They're much more useful for like sharing
an IP address with other people so that
you
So that your data can't be like uniquely
identified in logs or by data brokers and
stuff like that.
So, yeah,
it's not something that I think is going
to protect from government surveillance in
the first place.
I think it's clear that
And using an anonymity network like Tor
makes a lot more sense if this is
your threat model,
but also if you are extremely concerned
about being targeted by the government
rather than swept up in their mass
surveillance,
even something like Tor may not be
the best choice for you and you really
need very specific help.
Whatever Edward Snowden is doing,
he has experts working on the best way
for him.
You can't just do that on your own.
But yeah,
for this mass surveillance stuff,
I think commercial VPNs are still all
right, usually better than your ISP.
At least you have a choice between VPN
providers.
But
They're certainly not perfect.
And yeah,
none of this would surprise me if it's
true.
Yeah,
that was kind of my same thought about
using Tor instead for government stuff.
We had another question here about our
outgoing team member, M.
I think I'll leave that one to you,
because you would be more qualified to
know what's going on behind the scenes
with all that.
um really there's a lot of questions here
um this person so em uh recently posted
on our forum about how she's leaving
privacy guides uh she's also posted some
stuff on mastodon um earlier this month so
this isn't like brand new information um
but i don't think we've talked about it
on the forum or their show before um
So,
I guess I'll go through these questions
one by one.
I guess I'll start with the end first,
because there's a couple questions here
that I probably can't get into.
So they asked,
what was the decision behind choosing
which staff to let go?
Are there plans for hiring Em again once
the financials allow for it,
as long as she's also available for hire?
Do we plan on hiring someone else?
Did you guys know we would have to
let someone go for some time,
or did it come as a shock?
A lot of questions about specific people
on our team and the contracts that we
have with them, I can't really get into.
It's not really my place to discuss a
lot of these contract questions and
there's kind of a lot going into it.
It's a very personal situation.
So unfortunately,
I can't really share a lot of information
on that front.
Because yeah,
that's that's that's not my place.
That's kind of a Personal thing
Yeah,
I just can't talk about any employer stuff
about specific employees, right?
That is more of a one-on-one thing that
we have with them.
So yeah,
I won't get into really any of that,
unfortunately, for you.
But I can talk about some of your
other questions.
So are there any goals or plans we
have for ensuring good financials to
maintain our current employees?
Yeah,
right now we have pretty solid financials
and there's definitely some plans to
improve fundraising and make more revenue
this year.
I'm not concerned at all about our ability
to keep our team hired.
And so that is not a concern for
me at all.
I think a big part of that will
be to focus more on videos.
We've seen a lot of good growth on
the video YouTube side of things and also
making more stuff for members.
You also asked,
do we plan to make more merchandise?
That is something that I,
we'd certainly like to do this year.
That's not,
the whole shop and merchandise thing isn't
a big, like,
source of money for us or anything.
We're really doing that more as like a
marketing expenditure.
It's good to get designs out there so
people are wearing them,
starting conversations about privacy,
all of that stuff.
yeah i hope to have more designs um
we definitely want to sell shirts and
other you know other stuff to to get
privacy guys out there and i'd be happy
to see more people wearing that stuff and
talking about it and going to conferences
or whatever and talking about privacy but
that's not a huge um like revenue
generator for us i will say um so
that is definitely not our main plan to
make money um
They asked about YouTube.
More views mean more revenue.
Yes, they certainly do.
The nice thing is that we've seen a
ton of growth on our YouTube channel so
far.
In the last twenty eight days,
we've got fifty thousand views,
which is thirty three thousand more than
our usual average for a month.
So things are definitely on an upswing and
we hope to continue that going forward.
Have we reached out for grants?
Yes,
we have some grant opportunities that
we've explored.
That's definitely a big thing that we'd
want to do.
We'd love to get grants for specific
projects in the future.
Yes, our sponsorships on the table.
All of the sponsorship stuff and affiliate
links,
that's not something that we plan to do
on our main content,
like the website or the forum.
It's not totally ruled out for the videos
that we make,
especially because it's so common on
YouTube.
um that's still an idea that we're
exploring we likely could at some point do
sponsorships from like companies uh
completely unrelated to privacy if if the
opportunity makes sense i i won't say that
we're that we never do a sponsorship with
this company but just because they're so
common on youtube i would just say like
raid shadow legends could be a good
example of something we might do just
because
They're completely unrelated to privacy
and they,
I don't know if they still do,
but at some point they were sponsoring
like every single YouTube video I watched.
So I won't say that specifically,
but that's kind of an example of something
we could potentially consider.
Another thing we could consider on the
video side of things is like if a
company we do recommend wanted to sponsor
like a tutorial about their product or
something like that.
Like,
it could be any company we recommend,
like Proton,
if they wanted us to do a walkthrough
on ProtonMail.
It's something...
I can't say whether we would do that
or not.
We'll have to explore it if the
opportunity arises,
but it's not something we would totally
rule out at this time.
So on the video side of things,
we may do that in the future in
some cases, but...
yeah we'll have to think about that a
lot more um and it's not something that
we totally that we have any immediate
plans for anything like that um but
potentially on the table uh do we intend
to make more members only content to
incentivize membership uh yeah absolutely
we do want to do more members only
stuff especially in the video uh side of
things um there's there's a balance that
we
uh want to draw though because a lot
of our members only a lot of the
content that we publish in general um we
feel that it's important to get out there
for everyone so it's very tricky to do
members only content in the first place um
it's i'm glad we have so many members
that um are generous enough to kind of
keep up with their subscriptions even as
we uh haven't published a ton of like
members exclusive content only like early
access to videos and stuff just because
Those memberships really help us get all
of this content out there and let us
make things that everyone,
hopefully everyone in the world,
anyone interested in privacy benefits
from.
So yeah,
I don't know where that line will be,
but we have some ideas and that is
something that we want to explore further
in twenty twenty six.
I think that's kind of all the questions
I will say.
A lot of the stuff that Em has
been working on recently,
we definitely plan to continue.
So like all of the activism stuff,
we want to keep up with that section,
expanding it.
It's going to be very challenging.
Of course,
it always is losing any team member for
us,
but
Will will make do and we,
we certainly don't want to give up on
any of those projects,
because we have received a lot of positive
responses to things like that.
And we're hoping to expand it.
So if you guys do like that stuff,
definitely let us know.
But all of that is we still plan
on
sharing that with people,
trying to expand it as much as we
can and keep it up to date and
really promoting it to people in
organizations who can use those resources
because they're really fantastic
resources.
Yeah,
I think that's all I would have to
say on that topic.
I know there's a lot of questions,
and I just said a lot of stuff.
But hopefully,
that answers most of your questions.
And if you have any other questions for
us, let me know.
I did want to add a couple things
to the questions about YouTube
specifically,
since that's kind of what I do.
They asked about upping the production
quality.
I'm not under the delusion that we have
the best production quality.
I know in a perfect world,
I would have a studio with multiple
cameras and everything.
And I mean this genuinely,
like I'm not offended by this question.
Like, what do you mean?
Feel free to like offer suggestions.
I can't promise we'll do them because
again,
we are limited by financial constraints,
space constraints, equipment constraints,
editing constraints.
But I mean,
if you have any very specific, like,
you know, oh, other channels do,
because honestly, that's how, at least me,
that's how I learn a lot of my
tricks is, you know,
watching other channels.
And I'm like, oh,
I really like the way they do their
titles or I really like the way they
do their transitions or whatever.
Um, so yeah,
if you have any specific ideas, um,
I'm personally all ears again,
can't promise we'll do it.
Maybe it's just, you know, um, but yeah.
And then you said current videos get
around one to ten K per views.
And yeah, I mean,
they're gonna fluctuate a lot,
especially because we do so many different
kinds of videos.
Like we do some, uh, interview videos,
we do some tutorial videos,
we do some
We're going to do some tutorial videos.
We do some videos that are more entry
level, like here's encrypted messaging.
And our next video is going to be
a little bit, not more advanced,
but it's not going to be quite so
entry level.
So, I mean,
it's kind of a wide range of topics.
So the views are going to fluctuate,
but I mean...
What I was taught learning YouTube is that
anytime you get more views than you have
subscribers,
that technically counts as going viral.
So considering we don't quite have ten
thousand views yet,
getting ten or ten thousand subscribers,
getting ten thousand views,
twenty thousand, thirty thousand,
which I know is
those are the exception but we have some
videos that really racked up quite a few
views and uh you know our our hope
is that eventually of course someday we
want to get you know a quarter of
a million subscribers and we want our
videos to get a million views each like
we definitely want to get there but um
yeah it's like jordan said here like i
think we punch above our weight for sure
so um just to kind of put it
in context like we're still very much
growing i think um
Oh,
and I had another thought that got away
from me.
Oh, yeah.
Just the other thing to remember is that
we are a very small team.
I think with Em leaving,
I don't know if I can say how
many staff members there are,
but there's not many.
And we all wear a lot of hats.
So a lot of these bigger YouTube channels,
like Veritasium and Fern and stuff like
that, they typically have...
Like,
at least one person whose sole job is
to write and research and write the
script.
And one person whose sole job is to
film the script.
And one person whose sole job is to
edit the script.
And one person whose sole job is social
media management.
But, you know, here we've got...
I cut most of the clips for the
shorts, which, again,
I haven't been doing lately.
I'm sorry.
But I cut most of the vertical clips
and stuff.
And I think Jordan and Jonah mostly handle
the social media.
And Jordan does most of the editing
because they're just so much better at it
than me.
But I try to at least do the
basic cuts and stuff.
So just kind of keep that in mind,
I guess,
just that we are â
I'm not trying to make excuses.
I'm just saying that when I said feel
free to offer suggestions,
sometimes we just may not have the
manpower to do something a certain way,
but we definitely want to get there for
sure.
I mean,
we talk every week about growth and what
our strategies are and what we can do
next to get the message of privacy out
to more people.
Yeah.
Yeah.
Some of those YouTube channels you
mentioned, I think they're definitely...
misleading not in like a malicious way but
just like i don't think a lot of
people understand there there's huge teams
behind them i mean the ones that you
mentioned fair tasium fern like they've
they've got more than one person working
on all of those things they got multiple
editors they're doing they're doing like
multiple animators uh people don't think
about that because i think a lot of
people just think about the person on the
screen on a youtube channel doing
everything and that is definitely not the
case for those larger channels
um but yeah definitely open to suggestions
on what we can do i wouldn't i
wouldn't rule anything out so let me know
what you like to see um i don't
wanna like uh i don't wanna we're i'm
not under any delusions that we're making
like perfect videos but i do think that
our videos are pretty good and i think
that a lot of what we can do
uh maybe better comes down to
marketing those videos and somehow finding
out like the best way to work within
the algorithms and stuff to get it out
to more people and there's certainly
improvements we could make there whether
it's with the script or whether it's just
with titles and thumbnails um but i don't
think the quality is that bad um
personally and i think that
I think that we're set up pretty well
to get a lot more views in the
future, thankfully.
And we're also almost at ten thousand
subscribers.
Probably could be as early as tomorrow or
next week based on how these numbers are
going.
So that's exciting stuff.
Yeah, I'm super excited for that.
That's going to be a big milestone for
me.
Also,
Seas said that it's World of Warships
sponsoring everybody now.
So we need to look into that.
We'll see.
All right.
I'm going to scroll back up to the
top here.
It's been a little bit of a quieter
week.
But let's see here.
We talked about ships.
Somebody asked about age verification.
We talked about that.
I know there were some questions.
I just have to go find them.
Oh, yeah.
Jordan mentioned, not really a question,
but here in the US,
if emails are more than a hundred and
eighty days old,
they don't require a warrant.
Um,
so this is one of the reasons that
we encourage, uh,
encrypted email providers like Proton and
Tudor and mailbox.
If you turn on mailbox guard and, um,
use that is because if you've got Gmail
or Yahoo or whoever it's,
I forget what it's called,
but it's basically this legal doctrine
where the government treats your emails as
abandoned property,
which is completely insane because like,
I'm sure,
especially those of us who are older,
you probably have like, I don't know,
letters from, okay,
using me as an example,
I was in bootcamp and my family sent
me a lot of letters.
I used to be in the military.
And so if I had kept those letters,
I'm sure my mom did,
if I kept those letters and put them
in a shoebox in the closet,
now that I've been out for over a
decade,
I don't think anybody would be like, yeah,
those are abandoned.
Like, no,
those are my memories sitting there.
Like, it's completely insane.
But if you use an encrypted provider,
then-
The cops can't access it anyway,
so it's a moot point.
Jordan asked if we saw that the FBI
director's email got hacked.
I did see that on social media.
I didn't have a chance to read the
story.
I just saw it this morning,
but I saw that that had showed up,
and I saw a lot of jokes about
it.
Like,
his password is probably cash with a
dollar sign and stuff like that.
Yeah,
I believe it's just his personal email,
which probably...
I mean,
I don't think it's like a threat to
the government,
but it is probably a pretty embarrassing
reason for him because I would imagine he
I'd imagine he's using a major service
like Google or Apple iCloud that
doesn't have security issues,
so it was probably more of an OPSEC
failure from the director of the FBI that
caused this rather than any service issue.
Yeah,
I haven't read that article myself either,
but...
Yeah, it doesn't look promising.
I haven't heard a lot of like what's
in the emails, anything yet.
So I don't know if they're going to
parse through it, but.
So that came in like last minute today.
I think yeah this article from the
Guardian says it was a personal gmail
address and The government has also said
There's no government information.
It's all just personal stuff.
It sounds like a lot of random pictures
of them and like historical emails in the
case of Google I
Like there's,
there's plenty of ways to protect your
account.
If you're going to be a Gmail user,
you can have a strong password.
You can have, um,
the advanced protection program, uh,
to call this a hack is probably
not the most accurate because I would
imagine there were plenty of things the
director of the FBI could do to secure
his data.
It probably wasn't like getting into the
mainframe of Google servers or anything
like that.
It was probably pretty mundane.
But what can you expect from the current
government?
Yeah, right.
Let's see here.
Okay, I'm catching up to the front now.
Yeah, I think that was all for questions.
I thought there was another one.
Oh, yes, here it is.
Anonymous,
fourteen sixty five said that there should
be a section on the website for router
scenarios.
I have no idea how to set one
up or be private for it.
The problem with detailed tutorials about
like,
here's how to get started and here's how
to do it is they get really outdated
really fast.
And so it would almost turn into like
a full time job just trying to keep
these tutorials current and, um, yeah,
I mean,
just trying to keep them current and
keeping on top of like, oh,
the UI changed and this options over here
and they added this new option.
And so, um, yeah,
we do want to do some tutorials in
the future.
I think I mentioned that earlier,
but it's, uh,
it's definitely a bit of a challenge to
figure out.
It's,
it's a challenge to keep them as evergreen
as possible.
Yeah.
I wouldn't rule it out.
But yeah,
we've been talking about doing something
like that for a while.
Which, I mean, just among the volunteers,
actually one of them really wants to do
that eventually,
but hasn't been able to yet.
But hopefully we can do something like
that.
Jordan asked if we saw that iCloud Hide
My Email was traced back to somebody after
a warrant.
I would imagine that's probably the case
for any of these aliasing services,
because that is how email works.
They can typically tie it to your mailbox.
yeah not yeah um most interesting story i
feel like but it also involved fbi
director cash patel because it was
regarding an email sent to his girlfriend
so a lot of cash patel stuff going
on in the email space this week i
don't know what's up with that it's been
a busy day for him i guess
I mean, at the end of the day,
like that alien,
the aliasing services and email in
general,
that's not going to apply to serious
threats.
Right.
So it's,
it's more like a spam prevention or again,
kind of like the,
kind of like the VPN thing.
It's good to protect yourself against, uh,
like mass surveillance or data brokers
because.
using a different email for every website
that is a good protection against your
accounts being correlated,
among other things.
But you know,
it's an email aliasing service.
It's not like a unique identity generator
for everything on the internet.
And they certainly can be linked together.
That's not really what these email
aliasing services are for.
Yeah, for sure.
I actually did remember one more question
that I skipped past.
I had another tab open.
Where did it go?
Oh yeah,
so earlier when we were talking about
social media,
somebody asked if there was a book on
the subject.
And I'm assuming you mean a book on
the,
because we were talking about how social
media is designed to be really addictive.
Age of Surveillance Capitalism by Shoshana
Zuboff touches on this a little bit.
Not so much the design of social media
itself, but just like how big tech works,
what their playbook is for invading your
data.
Jaron Lanier has a book called Ten
Arguments for Deleting Your Social Media
Accounts Right Now.
I have not read it personally,
but I know that is one.
And then a couple others I haven't heard
of,
but I found mentioned when I went looking
for answers, Hooked by Nir Eyal,
Addiction by Design by Natasha Shule,
and The Shallows,
What the Internet is Doing to Our Brains
by Nicholas Carr.
Again, have not read any of those,
but those did come up when I searched
that subject, so.
Because when I saw that you asked that
question, I was like,
I know there are some,
but I'm drawing a blank.
So those are what I found.
All righty.
Last chance for questions in the chat,
everyone.
Otherwise, we'll start wrapping this up,
I think.
Got a bit more to share here, but...
But yeah.
I think we can close off questions here
then, probably.
Thanks for tuning in, everyone.
All of the updates from This Week in
Privacy,
we share them on our blog every week.
So you can sign up for the newsletter,
or you can subscribe with your favorite
RSS reader if you want to stay tuned
on all of this and get all of
the sources.
For people who prefer audio,
we have a podcast version available on all
podcast platforms and RSS.
We also sync the recording of this video
to PeerTube.
Privacy Guides is an impartial nonprofit
organization that's focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
You can make a donation on our website
at privacyguides.org slash donate.
You can make a donation by going to
any page on our website and clicking the
red heart icon located in the top right
corner of the page.
You can contribute using standard currency
via debit or credit card,
or you can opt to donate anonymously using
Monero or with your favorite
cryptocurrency.
Becoming a paid monthly member will unlock
exclusive perks like early access to video
content and priority during the This Week
in Privacy live stream Q&A.
You'll also get a cool badge on your
profile on the Privacy Guides form and the
warm,
fuzzy feeling of supporting independent
media.
Thank you all for watching.
We will see you next week.
