Windows 0 Day Exploit Situation Is Wild
E62

Windows 0 Day Exploit Situation Is Wild

A new Windows Zero Day from Nightmare

Eclipse on Patch Tuesday.

LAPD is dropping their Flock contract.

And new research into the privacy of top

period trackers.

All this and more coming up on This

Week in Privacy, so stay tuned.

Welcome back to This Week in Privacy,

our weekly series where we discuss the

latest updates with what we're working on

within the Privacy Guides community and

this week's top stories in data privacy

and cybersecurity.

I am Nate,

and with me this week is Jordan.

How have you been, Jordan?

I've been good and been looking forward to

diving into some privacy and security news

this week.

Yeah.

All right.

Well, then let's jump right in.

Let's talk about our first story,

which is about Microsoft.

So the headline says,

Microsoft Zero Day Drops the Same Day

Microsoft Releases Record Number of

Patches.

So for those of you who are blessed

enough not to have to use Microsoft,

or not to use Windows, I should say,

Microsoft releases...

Once a month,

they release their patches all at once.

And that includes everything.

That includes feature fixes, bug fixes,

security fixes.

And they call it Patch Tuesday because I

believe it's the first Tuesday of every

month or maybe the second Tuesday,

something like that.

So this month's Patch Tuesday had...

I want to say like five hundred give

or take patches,

which I did not realize was a record.

I swear I thought they released like six

hundred once upon a time,

but apparently it was a record number of

patches.

And at the same time,

let me let me go back a little

bit and give you some context.

We've covered this on this channel before.

There is a security researcher who is

going by the pseudonym of Nightmare

Eclipse,

and they

They claim that they have disclosed a

number of vulnerabilities to Microsoft,

which Microsoft has ignored.

They say that they've disclosed these

vulnerabilities, they've proven they work,

and Microsoft either brushes them off,

or I think at one point Microsoft even

got them removed off GitHub,

got this person banned from GitHub.

So...

This person is kind of – understandably

so,

has kind of taken it personally and been

like, okay, okay, fine.

Then I'll play dirty.

And so instead of doing the normal

responsible disclosure is what it's called

where you alert the company and then you

give them about ninety days to fix it.

And then you tell everybody like, hey,

I found this vulnerability.

Here's how it works.

Now they're just –

just going scorched earth,

I guess you could say.

And yeah, it's pretty wild.

I feel like they had to have done

this on purpose.

Within hours of Microsoft releasing all

their Patch Tuesday fixes,

they released this new zero day,

which according to this article is now

sending Microsoft scrambling to fix it.

So this new zero day is being called

Hive Legacy.

It's an escalation of privilege exploit

that targets a vulnerability residing in

the Windows user profile service.

And it seems to me,

as someone who is very open about not

being super great with code,

it seems to me like this requires...

A little bit of legwork.

This is definitely not, you know,

I always mention that we talk about

vulnerabilities sometimes that are like,

you know, oh,

you have to have access to the device

for three hours and you have to plant

malware on it.

And it's like, really?

Like,

is that really a vulnerability at that

point?

This one sounds like it can be done

remotely, but it does.

It's a little bit more than just like

point and click.

So basically what you have to do.

It says it allows users with limited

system rights to compromise an admin

user's account by modifying its classes

registry hive,

which is a resource that ensures the

correct application opens when certain

types of files are clicked in Windows

Explorer.

Again,

some of this really goes over my head.

So if it goes over your head,

I apologize too.

But for those of you who want the

details, basically...

They say the attacker can modify Windows

registry associated with an admin account.

The exploit requires the attacker to know

another user's credentials.

So that's the first step.

It says the account need not be admin.

I think they're talking about the

attacker's account.

So basically,

let's say you have a computer that has

an admin account and a regular user

account.

If you compromise the user account and you

know the admin user's credentials,

that's step one.

um this is where i feel like it's

starting to get a little bit iffy but

it says an attacker must also know the

username of a third account also with or

without admin status on the machine so at

minimum the account has to have three or

excuse me the machine has to have three

accounts

which I'm going to go out there and

say is probably not that unusual.

I know at my last job,

they gave us work computers and those were

our laptops.

Like we took them around with us

everywhere.

We used them to clock in,

clock out teams, all that stuff.

Those really only had our accounts on

them,

but I'm certain that there are a lot

of places where it's far more normal to

rotate desks and like multiple people log

in and there's multiple accounts.

And yeah,

I am pretty sure that when somebody logs

into a machine,

the account kind of stays there until you

go in and manually remove it.

Don't quote me,

but I'm pretty sure that's how Windows

works.

So in theory,

I could see a lot of potential

organizations where that is a realistic

setup,

where there's multiple accounts linked to

one computer.

However, again,

you have to know the admin user's

credentials.

You have to know a third user's

credentials.

And actually,

I didn't even think about this before,

but now that I think about it,

Oh, you know what?

I take it back.

Okay, I was about to say, like,

if you know the admin user's credentials,

doesn't that kind of get rid of it?

But it says here that the account... Okay,

so none of the accounts need to be

admin.

You just need to know three user

credentials,

and then you can break into the admin

users.

Okay.

Sorry about that.

I swear I read this article earlier,

but we're going a little bit earlier than

usual,

so I haven't had as much time to

process it.

But yeah, so this...

I mean,

that's really kind of all it is here,

is this researcher has disclosed this,

again,

hours after Windows dropped their updates,

because they're probably trying to make a

point and trying to piss off Microsoft on

purpose, which is probably fair.

And yeah,

Microsoft said that they're aware of the

vulnerability, they're investigating.

They also noted their preference that

reporters follow a coordinated disclosure

policy, which again,

this researcher is saying that...

Microsoft has been ignoring,

which is why they're not doing coordinated

disclosure.

And, uh,

there are some instructions here on how to

like, see if this affects you.

But I think for the average everyday home

user, um,

this is probably not that big a deal.

I guess maybe if you have like a

family computer where each user has their

own account,

but if you just have like your own

computer where it's just your user account

or like your user account,

your admin account,

which is one trick that I think we

recommend then, um,

that probably reduces the likelihood of

this attack.

So real quick before I turn it over

to Jordan, some people are asking,

what are we talking about?

We're talking about Windows Zero Day,

a vulnerability that was dropped hours

after Microsoft released their patch

Tuesday.

So yeah,

I was kind of explaining how that works.

But Jordan,

did I miss anything in this story?

Or did anything jump out at you that

you wanted to discuss?

I think the most important thing about

this story,

like I think you did a great job

of like explaining the attack stuff.

I think, you know,

I don't really have any more to add

on that, but I do think, you know,

it does highlight Microsoft's kind of,

they're kind of tricky to work with,

right?

Like this,

this person submitted this patch to

Microsoft before they were ignored and now

they've decided not to do that, but it's,

you know,

I think it kind of shows that Microsoft

doesn't respect people that are submitting

these vulnerabilities and they're not

taking them as seriously as they should.

I think, you know,

obviously there's issues with not doing

coordinated disclosure because now there's

possibly a bunch of people who are at

risk of this and Microsoft kind of has

to scramble to find a fix.

So that is a concern as well.

But I also don't really blame this person

because, you know,

They probably are.

I don't think someone would do this out

of nowhere.

I think they probably would have been

trying to get Microsoft to fix this for

a while and they kept ignoring them.

So I don't know.

I just think if Microsoft embraced these

people a bit better and, you know,

instead of being kind of antagonistic

towards them,

instead they decided to, you know,

work with them or, you know,

patch the things that they're submitting,

I think that'd be like a much healthier

dynamic there.

It's just, you know,

this is like another time where we've

heard Microsoft just not being good with

vulnerability disclosures.

I think a couple of weeks ago,

like you were saying,

there was this story about like

Microsoft banning someone from every

disclosure platform and everything um

because they you know submitted something

that was in Microsoft's view you know used

for like hacking and such or criminal

activity um when you know it doesn't

really matter I think you should just be

fixing the vulnerability if it exists um

it doesn't really matter where it's come

from

or anything like that.

So very disappointing stuff from

Microsoft,

but Microsoft is just disappointing

anyway.

So it's not really any different from the

usual, I guess.

Yeah.

Yeah, that's true.

Yeah, I actually went to go look up,

because I know we've covered this story in

the past,

and I looked up Nightmare Eclipse in Brave

Search,

and there's no shortage of articles.

I think their last big disclosure was

called Rogue Planet.

So, I mean,

if you guys missed that story,

definitely go ahead and check that out.

Yeah.

Yeah.

I don't know.

I don't think I have too much to

add to this one.

It's pretty unfortunate.

Yeah, it's really...

I don't know.

I mean,

I want to give Microsoft some credit in

the sense that they've always had

vulnerability issues.

There's always hundreds of things getting

patched in these Patch Tuesdays.

And again,

some of them are just regular bugs.

Some of them are just feature things.

They're not all security updates.

It's not like there's hundreds and

hundreds of security updates every time.

I don't think.

Don't quote me on that.

But yeah,

they're definitely not doing great the

last couple of years to the point where

a while back they had to admit.

What do they say that like Windows is

quote unquote fundamentally broken and

they promise that they're going to go

ahead and try to fix it.

So.

Yeah,

I think we could endlessly rag on

Microsoft.

And I think, you know,

maybe people would enjoy that.

But I think, you know, unfortunately,

in the next story,

we're also going to rag on Microsoft again

a little bit.

But before we get to that,

I did want to say...

that this was, you know,

something that you,

you didn't mention this,

but there was in the article,

it mentions that Kevin Beaumont created a

detection script.

So you can check,

if you check this article out,

which will be in the newsletter,

it will include a link to the detection

script.

Kevin Beaumont is like a really like very

well-known like security person.

um so definitely check that out if you

think you might be affected obviously like

nate said it is kind of a bit

more rare because you need so many

accounts right um so just keep that in

mind but i think that was kind of

kind of interesting i'm sure that's going

to be very useful for people working in

like an enterprise and like business areas

where you know

people do silly things.

So there was a question here from Iceman

Co UK.

Why not people just use Linux instead

then?

There's still so many people using Windows

despite all its flaws.

I mean, not everyone really has a choice,

right?

Like it depends on the software that you

use and it depends on your situation,

right?

Like if you're working for a company,

they're not going to probably like you

using Linux because a bunch of stuff isn't

going to work.

um or you know if it's a personal

computer maybe you've got programs that

only work on windows um stuff like that

we don't really um we have recommendations

and you know that's up to you to

follow those and we do recommend people to

use linux but not everyone has the ability

to do that so we just try and

keep like everyone like up to date on

what's happening um

and talk about these issues.

Hopefully we bring in some Windows users

onto this and they're aware of this issue

and maybe they would consider switching or

something like that in the future.

But that's all we can really do here.

Yeah,

I just want to add to that that

unfortunately,

a lot of privacy tools are really lagging

behind when it comes to

device management.

So I'm pretty sure the vast majority of

windows usage is corporate usage.

Um,

not that there aren't plenty of windows

personal users as well, but I remember,

um,

like there was a huge jump in users

when we went, uh,

when we went from windows ten to eleven,

like as ten started to get deprecated

because that's when all the corporate

environments started migrating to eleven

and all of a sudden you saw like

a huge jump in the numbers.

Um,

And it's – I guess my point is

like don't – the number of corporate users

is a significant number of Windows users.

And because of that,

that means a lot of those corporate users

need to have corporate IT controls.

They need to have like endpoint detection

systems and like they need to have like

the controls that block off certain

websites, certain malicious domains, blah,

blah, blah, blah, blah.

And –

Linux is just fundamentally lacking a lot

of those things.

So Linux, for the most part,

I think there are some distros that are

starting to solve this issue.

But at least up until recently,

Linux hasn't really had tools that make it

good for large corporate environments.

And unfortunately,

in large corporate environments,

we simply cannot trust everyone to...

practice good digital hygiene,

like being careful what phishing links

they click and stuff like that.

Otherwise we would not be talking,

I would not be publishing a data breach

roundup every single week because the vast

majority of them are done via like

phishing attacks and stuff like that.

So it's one of those things that like

corporate really needs this.

Linux is not meeting that need.

And I'm also thinking of like parental

controls on like graphene.

I don't think graphene has any parental

controls.

I'm not a parent, so I don't know,

but just things like that,

things that as an individual user,

you're like, I don't need that.

I don't care.

But in a corporate environment,

all of a sudden the math is completely

different.

And you're like, no,

I absolutely need this.

And Linux doesn't have that.

And,

Just to add on, like you said,

like sometimes there's very specific

software that like,

like me as an audio guy,

ninety percent of my plugins are not on

Linux,

which unfortunately is kind of like a it's

a negative feedback loop because I'm not

on Linux because my plugins don't work.

Therefore, there's nobody on Linux saying,

hey, make this plugin work.

So therefore,

they don't make them Linux friendly.

And I don't know how to fix that.

But yeah, there's.

There's a lot of reasons people are still

not using Linux, unfortunately.

There is still a gap.

It's a very niche gap, I think,

for the average person at home who's just

surfing the web, checking their email,

playing some games.

I think Linux does work,

but unfortunately,

for a lot of the niche stuff,

there's still a huge gap there.

So I just wanted to throw that out

there.

And I'm also looking at the website,

trying to see... We do recommend...

Oh, operating systems.

Yes,

we do recommend certain Linux distros on

the website.

So yeah.

Anyways, yeah, that's all I got.

Cool.

Yeah,

I guess we can dive into this next

story.

Like we said,

we're going to drag on Microsoft again.

But yeah,

this is sort of a different thing going

on.

This story is from IGN.

Microsoft restores player's

Microsoft has restored a player's account

access to his twenty five year old

account,

which contain photos of his son and

thousands of dollars worth of games.

This is this isn't just any twenty five

year old.

This is a streamer named Joshua Kane

basically shared.

that on July sixteenth,

Xbox had reached out to him and restored

access to the account which was previously

suspended after being hijacked by a hacker

a few days prior,

while he was extremely happy and thanked

Microsoft for its help recovering his

account and all the invaluable information

therein.

He levied some criticisms toward the brand

for its initial response,

claiming it had told him the suspension

was irreversible at first.

So yeah, this is, uh,

kind of an interesting story, right?

So I think it's the most important thing

to note here is, uh, this person,

Joshua Kane, um,

isn't particularly famous, I would say.

Um,

obviously he has some sort of following,

like I think a couple of thousand

followers on Twitter and stuff.

So like not super popular,

but he definitely has more, more, more,

um,

more uh clout than the average person i

would say so you know this is um

kind of unfortunate if any of you have

ever had this issue before like you know

you've had an account compromised or

something and it was used for nefarious

purposes it's really hard to get access to

it again um and especially you know an

account like that Microsoft account it can

contain a lot of data that can be

kind of important um

So it's good this guy got his account

back, but it did take three days and,

you know,

public posts on Twitter to get their

attention and to get them to kind of

reverse their decision.

I think the most important thing about

this situation is that it is not a

good idea to centralize all your data into

one place and

if you put everything into a singular, um,

account like this, then, you know,

if it gets hacked,

then you're going to lose a ridiculous

amount of data because you've stored so

much in there.

So I think that's like one thing we

can take from this.

Um, I guess I'll throw it to you,

like, do you have any,

any thoughts and like extra things that,

that I didn't cover yet?

Well,

the only thing I went and found is

Twitch account.

Apparently,

he's got eight point five thousand

followers.

So, yeah,

not not he's not single handedly keeping

Twitch afloat,

but it looks like he's pretty consistent

with the streaming, I would guess.

But yeah, I mean, my my thought was,

well, first of all,

I do want to I do appreciate this

guy because.

I think a lot of the time we

read these stories and they're just like,

oh, thank you for Microsoft for helping,

working with me to get my account back

and basically sucking up.

And it's really cool to see him be

like, hey, I am appreciative,

but also like,

He said here,

it's unfortunate that such a big company

can bring your account back if you ask

them to.

The way it all went to me is

a little bit shady because it's not that

they can't bring your account.

They won't bring back your account if

you're a nobody, which is true.

You shouldn't have to shame a company and

go viral and be a big-name person in

order to get this kind of treatment.

It's really crap.

Yeah.

Yeah, I think other than that,

you really hit kind of my other big

point,

which is I've been sending this to friends

and family,

especially I've mentioned my sister had

her first kid recently.

And kind of sending this is like, hey,

where are you storing pictures of your

kid?

Like what happens if that gets deleted?

And I'm thinking of several years ago,

we were talking about this before we

started streaming.

There was a guy who...

His his toddler son started to develop a

rash in his genital area.

And so his doctor,

I believe this was during lockdown.

And I think that's why his doctor said

this, but I could be remembering wrong.

But his doctor basically said, like, well,

keep an eye on it.

See if it grows bigger.

I think even told him specifically, like,

take some pictures.

And, you know, if if it gets worse,

we'll we'll take a look at it.

And so he started taking pictures with his

phone and the pictures sync to Google

Drive.

Google closed his account and turned

everything over to the police and said

that it was CSAM,

which is child sexual abuse material,

for those who don't know.

The police investigated and cleared this

guy and told Google, like, no, it's fine.

Everything's above board.

Like, this is a medical thing.

And Google still would not reinstate his

account.

He actually had to get his data back

from the cops.

Like, the cops were basically like,

that sucks.

We don't know what to do.

Here's what Google gave us,

if that helps any.

So...

Yeah, I mean, it's really hard not to...

It kind of sucks because everything is so

digital now.

You can either self-host,

which is a huge commitment,

especially if you're going to self-host

everything,

like all your own photos and calendar and

email and everything,

or you can rely on someone else.

But even these encrypted services,

you know,

like if I'm relying on ProtonDrive and

Proton decides to ban me for whatever

reason, what do I do?

So, I mean,

it's really important just to keep backups

and ask yourself that question.

Like, if this goes away today,

what's my redundancy?

What's my safety?

You know, if...

I think about that a lot with signal.

I've got my whole family using signal.

If end-to-end encryption gets banned and

signal pulls out of the U S which

would be weird because signals based in

the U S,

but you know what I mean?

Like,

where am I going to move my family

to?

If, um, if simple login goes away,

where am I going to move my email

aliasing to just at least have those plans

in place?

I think is what I'm getting at.

Cause it's, uh, like he said,

if you're not a big name,

you're probably not getting your crap

back.

So yeah.

Yeah.

Definitely.

I mean, yeah, this original,

like the tweets that Joshua Kane posted

were getting, you know, hundreds of,

hundreds of boosts and likes and stuff.

So I think it's,

looks like his original post was ten

thousand retweets.

So, and eighty two thousand likes.

So just just so we know the scale

of this, it kind of blew up.

So, you know,

if your post doesn't blow up on Twitter,

then I kind of doubt that you'll get

your account back, which sucks.

I can kind of understand why it did

so well, though,

because his original post,

I don't know if we can show it

on the screen.

Yeah, give me a second.

I can go find it here.

uh,

Microsoft deleted my account and OneDrive

and it's like all in capitals when with

deleted and stuff.

So I can understand why, like, you know,

people saw this and were like,

oh my gosh, that's like awful.

Um,

it seems like it resonated with a lot

of people.

So, um, yeah, it's, it's definitely,

there it is.

Yeah.

Cool.

Um, yeah.

So it's, it's interesting.

Um,

that this happened,

but also kind of a special person in

a very special circumstances.

it is kind of funny when something starts

damaging your brand,

then suddenly the company is like running

out to make special arrangements.

So really this should be something that's

handled better by Microsoft in the future.

But like Nate said, you know,

make backups,

don't store all your baby photos in one

drive and expect it to just be there

forever.

Like three, two, one, three, two,

one backups, everybody.

yeah absolutely um yeah what is that ten

thousand almost ten thousand posts reposts

eighty two thousand likes a reach of five

point seven million forty seven hundred

comments so yeah i mean i don't have

kids but thousands of dollars spent on

games yeah yeah good point so that that

would be demoralizing for sure

Alrighty.

Well,

if that's all we have on that story,

I think we'll go ahead and move on

to the next one here,

which is actually some good news.

Some rare, rare good news,

which is that the LAPD is not renewing

their contract with Flock,

at least for the time being.

So the headline says,

LAPD lets contract with surveillance giant

Flock expire,

citing serious concerns over civil

liberties and privacy.

Um, so, uh,

a senior LAPD official told news outlets,

uh,

first ABC seven and the Los Angeles times

that the police department would allow its

three-year contract to expire when it

ends, uh, I believe would be this Sunday.

And they,

the department cited serious concerns

around civil liberties and privacies.

I don't know why I said privacy is

plural, uh, civil liberties and privacy,

uh,

They said,

particularly around privacy and the data

that is being collected,

the LAPD had to make a difficult decision

in this case,

discontinuing flock services until we can

get those data, privacy, security,

and sharing concerns ironed out through a

contractual relationship.

Uh,

a spokesperson for the LAPD did not

respond to a request for comment from tech

crunch.

And, uh,

I'm going to touch on this one in

a second.

It's unclear.

Fox flocks cameras will continue recording

in absence of an active contract.

According to ABC seven,

the police department is seeking new

language in its contract,

addressing privacy and data storage

concerns.

So LAPD is apparently the third largest

police department in the U S my money

is going to say that the first is

NYPD, New York.

And I'm going to guess the first is

probably going to be a federal agency like

the FBI, maybe.

Cause I mean,

LA and New York are the only mega

cities in the U S so I don't

know who would be bigger than them,

but yeah.

They said that several major cities have

also stopped working with Flock,

citing privacy worries and concerns that

federal officials use cameras to track

people in violation of local laws.

And a Flock spokesperson said that this

contract expiry caught them by surprise,

quote-unquote surprise,

and that they were confident they could,

quote,

clear up the current misconceptions,

unquote.

Of course,

they did not specify what misconceptions.

So –

Yeah, I mean, this is pretty cool.

I like the fact that they're basically

saying, like,

we want to get this information written in

the contract,

which I think is really cool.

I mean, personally,

I would like to see Flock go away

entirely,

but I certainly think that would be an

improvement, at least,

is to get something written down in

contract.

And then it is worth noting that...

They mentioned here the whole it's unclear

if Flock's cameras will continue

recording.

They mentioned further down that that has

been an issue is a lot of the

time these cities are now – this is

kind of like the new problem that we're

facing in some ways is a lot of

cities are successfully getting rid of

Flock, not all of them.

And I really want to know who's paying

off those politicians.

But a lot of cities are getting rid

of Flock.

And then there's this new question of

like, well,

now what happens to the cameras?

Because now there's this question of like,

okay,

who pays to get rid of the cameras?

And so the cameras just sit there.

And then people are wondering, it's like,

okay,

but like Flock has always owned

Everything about those cameras,

like you're basically renting the cameras

from them.

You're licensing the cameras,

you're licensing the software.

It's not like they roll in and they

go, okay,

here's your data rack and your server rack

that goes in your it closet.

And it's all yours now.

Like, no, it's theirs.

They control it,

which is where some of this controversy

comes from, because then it's like, um,

you know, it's like, oh, they,

they mentioned down here.

Um,

Uh,

four Oh four media reported that a U

S drug enforcement administration used a

local police officer's password without

their knowledge to search for a suspect

suspect accused of an immigration

violation.

And that's without him knowing,

like the local police are doing search for

the feds all the time.

And the feds are just,

it's the point is like, it's,

it's remotely accessible anywhere.

So if these cameras are still there,

they could at very least in theory,

still be recording.

I don't know.

I'm not going to say if they probably

are or not.

I don't know, but they could.

And they said in this article that in

some cases, like,

the cameras have been removed and then

come back.

Where did that go?

Um, yeah.

Uh,

some locals have taken matters into their

own hands by dismantling flock cameras and

covering them with trash bags.

Even as some communities found that flock

reinstalled cameras without permission

from local authorities.

So yeah, I, I don't know.

Um, this is good.

It's really good to see LAPD pushing back.

It's really good to see flock facing all

this intense criticism.

Um,

I need to get a good lawyer because

I keep saying stuff like this.

The Flock CEO, in my opinion,

is absolutely morally bankrupt and has no

moral compass other than money.

And so until we start seeing stuff like

this happen,

these major organizations – because I

don't think they care about the little HOA

in –

Backwoods County, Kansas,

like they don't care about that.

But LAPD,

that's millions of dollars a year easily.

I guarantee it.

So until these bigger police departments

and agencies stop using Flock,

it's not going to hit them in the

wallet and they're not going to change.

That's the only way they're going to

change.

So again,

I would like to see them go away

entirely.

But the fact that LA is at least

demanding...

So some sort of contractual improvement

here.

I guess my only question at that point

is we would have to wait and see

if it gets enforced.

If there's some kind of contract

violation,

will they actually take flock to court?

But now I'm getting like five years ahead

of myself.

So I don't know.

I think those are all my thoughts.

I think that's the story.

Did I miss anything?

Do you have any thoughts I missed?

I think it's interesting,

like when you talked about like the budget

and like what,

how much money is going to flock here,

just so we're on the same page, everybody,

the LAPD has a budget of one point

nine billion dollars.

Like that's literally like an obscene

amount of money,

especially just for like a single

department.

Right.

So when we talk about like all this

flock contract,

we're probably talking like

hundreds of millions like maybe tens of

millions maybe a hundred million like it's

probably a lot right like this is probably

a pretty big um a pretty big contract

for them so like this is kind of

a big win like this is uh taking

a pretty massive chunk out of um

out of flock's pocket here.

And I think it was interesting.

This article by Zach Whitaker, it's, uh,

he says researchers have identified an

uptick in documented cases of motorists

being pulled over,

detained and held at gunpoint by police or

jailed due to false positives and errors

with licensed flight readers.

So like we, like, you know,

we've kind of talked about this a lot,

but these systems are like notoriously not

very accurate.

Um,

yeah.

And they're just, you know,

they lead to all these sort of problems.

Um,

and it's good to see that the contract

did get canceled in the end.

Um, and especially such a big contract,

because like I said before,

one point nine billion,

that was in twenty twenty three.

Um,

and apparently they're probably hiring

more people.

So that's probably going to go up a

couple hundred million.

Um, so definitely, definitely a win there.

Um,

I think it's, yeah,

it's definitely interesting.

They didn't mention anywhere in the

article the contract cost or, like,

how much it would have been for them

to lose, but we can kind of speculate,

obviously.

Yeah, no,

this is just kind of a win.

I don't really have too much more to

add on it.

I do want to add in relation to

cost.

Yeah,

the last city I lived in in Texas

was a major city,

probably one of the smaller ones in Texas

to be honest,

but it was a major city,

and I know that our budget –

The police department budget for Clearview

AI was somewhere in the neighborhood of

two million dollars a year.

So, yeah,

just to kind of give you an idea

of how much this may or may not

cost.

Yeah,

a lot of these megacities like New York

and L.A.,

their police have more budgets than a lot

of militaries in other countries.

It's it's wild.

But, oh,

they operated one hundred and thirty eight

cameras in Los Angeles.

I wonder if that's Los Angeles proper or

the entire basin.

so sorry, I'm on the LA times.

So, yeah,

I think it is kind of astounding when

you, when you think of the budget,

I think people, yeah,

I don't realize that states in the United

States are like mini countries basically

compared to like, you know,

things in Europe and stuff.

Um, so it is kind of, um,

it is kind of a lot of money,

um, that this contract was probably,

I mean,

two million for that contract probably.

Um,

But, yeah, we'll see.

We can hope that this continues and,

you know,

more cities are discontinuing this

because, like we've said, this is, like,

really bad for people's privacy and really

bad for mass surveillance.

You know,

I would say maybe put a trash bag

over some cameras.

I mean, that's probably not a crime,

right?

I don't know.

But, yeah, this is sort of creepy stuff,

so.

You can get involved with that.

I believe there's a website that's got

people organizing.

It's called Deflock.

Deflock.org, I think, yeah.

Deflock.org, yeah.

So, yeah, definitely check that out.

Yeah, and I was going to say, oh,

wow.

LA Times says the LAPD's automatic license

plate reader system includes two hundred

and forty eight pole mounted cameras,

one hundred and forty cameras mounted on

police vehicle roofs,

fifteen hundred cameras installed inside

police vehicles and seven mobile trailer

cameras.

Wow, that's.

Geez.

Anyways, no, what was I going to say?

Yeah,

and not to put too fine a point

on it,

but just last week we covered a story

about a cop who was abusing – a

cop in Florida who was abusing all the

databases to stalk a girl that turned him

down while he was trying to hit on

her.

So yeah,

these things are just so prone to abuse.

As far as I know,

there's still no studies showing that

there's a significant drop in crime due to

mass surveillance.

So yeah, it's just –

just yikes but that's all dag said uh

states in the eu are literally yeah that's

what i meant i meant like the countries

like you know like i feel like the

states in the u.s almost like many

countries but that's that's what kind of

what i was trying to say i don't

know if i said that right but

It's, it's honestly very similar.

Um, I mean, obviously I've,

I've never lived in Europe,

so I can't say for sure,

but from what I understand,

it's like States in the U S do

have a pretty large degree of autonomy.

I think,

I think our federal government does have a

little bit more say than like the EU

commission or whoever in Europe.

But, um, it's honestly,

it's a very similar system where States

have a lot of autonomy.

So it's, I mean,

everything is simple as a tax rates.

Um,

Like, even how you register vehicles,

how you register to vote.

Like,

some states allow mail-in voting for

anybody.

Some states, you have to be, like,

active-duty military.

Like, it's very patchwork.

But, yeah.

I think we're ready to move on to

site updates,

unless you had anything you wanted to add

to that one.

Cool.

No, yeah,

let's dive into some site updates here.

But I guess before we dive into some

privacy of...

top period trackers.

I'm just going to give some quick updates

about what we've been working on at

Privacy Guides this week.

In case you haven't seen,

we put out a new video.

This was an interview with

Rudy Wang from Cape Mobile.

We've had a lot of questions about this

service and people just wanting to know

more about it, whether it's trustworthy,

whether what they say is actually true.

So Jonah kind of sat down with Rudy

and asked a lot of questions that

I think a lot of people would have.

So if you've seen the service,

I guess this is very much a US

specific video because this isn't

something that's available outside the US.

So if you're in the US and you

have heard of CAPE and you're kind of

skeptical or you kind of have questions

about it, you can check out the video.

As always,

we're not affiliated with anyone.

We don't give the questions beforehand.

There was no financial incentive or

anything for this video.

We just kind of wanted to

to ask questions and get some responses on

how some features work and stuff like

that.

So if you've had questions about how that

works or you're skeptical about it and

you're not really sure if it's legit or

not,

I think it could be a good idea

to check that out.

It's quite a long interview,

but you can have a look.

There's timestamps for every question in

the video and

Maybe there'll be something there if

you've been considering it.

Hopefully that answers some questions that

you have.

Cool.

Yeah, I've been using Cape.

It's worked pretty well for me.

Every once in a while,

I will have to reboot my phone.

Just this morning,

I went out to get coffee.

And for some reason,

the cell signal was not working.

So I just had to reboot my phone,

and it popped right up.

Yeah,

I have not listened to it yet because

it is about an hour long,

like you said.

But it's going to go in my queue

for sure.

I cannot wait to listen to that.

That's kind of really the only site

update.

There was a really quick,

we fixed a broken link about data erasure

that was in the Linux overview page.

Um, but other than that, I mean, it's,

it's been, uh, um, I, I actually haven't,

uh, told Jordan this,

but I did film the next video.

Um, like we wrote the script,

I filmed it.

Um,

so now I need to do the first

cut of that and then send that over

to Jordan,

but I know you're still working on the

video before that.

So yeah, we're,

we're chugging along at a nice rate and

there is content on the way in addition

to this podcast.

And, um,

That content is made possible by

supporters.

So you can sign up for a membership

or donate at privacyguides.org slash

donate or pick up some swag at

shop.privacyguides.org.

Privacy Guides is a nonprofit which

researches and shares privacy related

information and facilitates a community on

our forum and matrix where people can ask

questions and get advice about staying

private online and preserving their

digital rights.

And now it is time to talk about

Cloudflare's latest bot detection plan.

Yes,

let's dive into this story here from

nerds.xyz.

Cloudflare precursor watches your mouse

and keyboard to decide if you're human.

Cloudflare wants websites to stop asking

visitors to prove they're human with

irritating capture puzzles.

Its replacement, however,

involves watching how people move, type,

scroll,

and interact without a page throughout an

entire session.

Cloudflare's response has basically been

to release this new product called

Precursor,

a behavioral bot management system for

Cloudflare Enterprise bot management

customers.

Instead of checking one login, click,

or checkout attempt,

Precursor continuously evaluates activity

inside the browser to determine whether a

visitor appears human.

Cloudflare says the system looks at

signals such as mouse movement,

scrolling rhythm, typing cadence,

clipboard activity, page visibility,

and whether keyboard events happened while

a text field was selected.

It does not capture the actual keys being

pressed, according to the company.

It studies the timing and rhythm instead.

so i think the immediate thing from this

is this is a lot more tater than

uh what previously they were trying to

collect right like before it was like you

know your mouse movements and how you

clicked on a checkbox um that was how

the turn the cloudflare turn style used to

work um and you know it would it

would also get information about your

connection and such to kind of evaluate it

but this is like

a lot more invasive because it's you know

it's checking a lot more uh parameters to

basically identify if you're um a human

being and i think this is basically a

response to like agentic systems right

because people are using agentic browsers

and um

you know,

systems to basically automate processes.

And a lot of times they're using it

for abuse.

So basically just because someone's using

an agentic system doesn't mean they're

inherently a good actor.

So, you know,

websites kind of have to crack down on

this sort of thing, which is kind of,

it's just like another thing that AI is

bringing us

you know, thanks AI again for doing that.

So, you know,

this is another way for websites to

basically determine if you're a bot or

not.

I think this is, again,

like Cloudflare is like one of those

companies that has a bit too much control.

They have, you know,

a large network that is covering a

majority of the internet and basically

them becoming like the gatekeeper becomes,

kind of an issue um but I guess

if this all worked like locally I'm not

sure if this would be as much of

an issue but I think just the inherent

way that this is described is that this

data would have to be collected and and

analyzed by Cloudflare itself um so

it's kind of unfortunate um this is

definitely better than google's way of

doing things like google was originally

asking you to download an app on your

phone um and you need to have like

a verified google android device to verify

your identity with which i think was

definitely worse um so yeah this is kind

of interesting but also just like a little

bit dystopian um the fact that they have

to track so much information to determine

if you're human or not um

But yeah,

kind of throwing it back to you here,

Nate.

How do you feel about this one?

Yeah, no, I'm with you.

I mean, I think further down,

they do say that they try to...

Where is it here?

Uh...

Cloudflare is emphasizing privacy in its

description of precursor.

The company says it collects the minimum

information needed to identify automated

activity and does not record actual

keystrokes.

It also says behavioral information is

analyzed as aggregate patterns and not

connected to login identities,

customer accounts,

or persistent user profiles.

But the author goes on to say those

protections are important,

but the privacy concern is still difficult

to ignore.

And it says,

software that continually measures mouse

movements, typing cadence,

clipboard activity, focus changes,

and page visibility may feel invasive even

when it does not capture the content being

typed.

So yeah, it's definitely...

I don't know, Cloudflare is,

my complaints with Cloudflare are

different than most people.

I actually have more complaints about the

amount of centralization, you know,

that one of their engineers will

accidentally push bad code and crash a

third of the internet and now people are

stranded in the airport.

But I mean, this is still, yeah,

it's like, I don't know,

even when you aggregate this kind of data,

I still feel like there's gotta be ways

for it to be de-anonymized.

There's gotta be concerns with how it's

stored.

Cause I mean,

it has to be stored individually so that

you can discard old data, right?

Like you can't just have this pool where

you just keep throwing everything.

It'll be like water, it'll mix together.

How do you know what the old water

is?

And I don't know.

It's just, yeah,

I'm not really a fan of this,

but I do wonder what trying to get

around this is gonna look like.

Cause I know that,

for example, with like you block origin,

for example,

if you disable JavaScript entirely,

sometimes captures just won't load at all.

And then you just can't get onto the

website.

So yeah, it's, um, it's frustrating.

Cause this is,

this is like a cat and mouse thing

where, you know, the bots,

there were bots on the internet.

So then we added captures,

but then the bots learned how to do

the captures.

So now we're doing something else.

And it's,

Yeah, I don't know.

It just sucks.

I don't think I have much more to

say than that.

It just sucks.

Not a fan.

Yeah, I think the main issue that, like,

you kind of touched on a bit, but,

like,

I think the main issue is people don't

really like that, like,

the entire internet is centralized on

Cloudflare.

You know,

especially I think Cloudflare is,

everyone kind of knows it's, like,

you know, an American corporation.

I think a lot of, like,

companies in Europe are, like,

becoming skeptical of these sort of

things, trying to not have everything be,

like,

routed through a company like that um i

think also the uh the issue with this

sort of system is that it locks people

into a capture based system right like if

you if you set this up on your

website then um

you know,

it kind of locks you into continually

paying for this forever to protect your

website.

And yeah, I don't know.

I don't think Cloudflare is as bad as

every other company we talk about.

Like we talk about like Microsoft, Google,

Facebook, Meta,

like they're all really bad and Cloudflare

is definitely less bad.

So, you know,

not letting them off the hook,

but like

They're definitely not as bad as those

companies.

But I think it does seem like this

is a good faith attempt at stopping this

sort of thing.

But, you know,

obviously we're going to have issues when

it's collecting, like Nate said,

a bunch of information that

is in the broader scheme of things

somewhat unnecessary,

but I guess there has got to be

a way for websites to protect themselves

against these bots and like agentic

systems.

So I'm not really sure what the solution

would be that doesn't collect this much

information.

Um, yeah,

it kind of just is a really crappy

situation.

Um,

Yep.

All right.

Well, if that's all we got,

I think we'll move on to this next

story from Mozilla.

All righty.

So this will be a fun one.

This is some research from Mozilla that

says, well,

sort of from Mozilla that says your period

should your period data should be private.

This is sort of from Mozilla because they

actually work together with the

transparency hub at Harvard's Berkman

Klein Center and

and the Siebel school of computing and

data science at the university of Illinois

to examine historical changes to the

privacy policies and provide additional

Android testing.

So, um,

I mean,

I'm actually going to read what they wrote

because it's pretty short and I think it's

pretty good.

So it says the data we keep on

our phones is sensitive.

For women,

period data is one of the most sensitive

data points we share with our device.

That's because period tracking apps aren't

just about when your period happens.

Apps in this space ask you to log

extremely intimate details so it can

predict your cycle or help you get

pregnant from when you bleed,

but also when you've had late night

chocolate craving and even when you have a

miscarriage.

In a post-OBs landscape,

we believe safeguarding this data and

keeping it private is more important than

ever.

Our privacy expert Shoshana Wadinski did

hands-on testing of six popular period

tracking apps, Yuki, Clue, Flow,

Period Calendar, Planned Parenthood,

SpotOn, and Stardust.

We discovered data sharing to analytics

companies, privacy washing,

but also a standout option when it comes

to keeping data safe.

So you can see here that they did

like a ten-point scale.

Yuki got a perfect ten,

and for the record, if you click these,

if you go to the website,

which Jordan mentioned earlier,

this should all be in the newsletter that

you can go see,

privacyguides.org slash livestreams,

plural, I think.

I usually get that wrong.

I think it's plural.

But yeah, you'll find the link in there.

And Yuki, if you click on it,

it'll take you... Oh, yeah,

it's going to load right in here,

actually.

It'll take you to a full expanded,

you know,

should I trust their default settings?

What personal data do they collect?

What's their track record?

The good and the bad,

so on and so forth.

And they do that for each one of

them.

So yeah,

Flow is a very popular one I've heard

of.

Stardust is...

a very popular one because they've all got

pretty websites,

but Stardust actually rated the worst two

out of ten.

Yuki is one we do recommend on privacy

guides, and that is all, I believe,

entirely on device.

I think there's even ways to lock it

down to make the data erase if you

need to.

I could be wrong about that, but yeah,

it's...

It's pretty cool, I guess.

I'm a cis male.

I've never used any of these myself,

but I know my wife has come to

me a few times about like, hey,

I've heard about this one.

What do you know about this?

Clue is one that I'm particularly mad at

because that was one that she heard about

and came to me and was like, hey,

could you look into this for me?

And their marketing on their website is

all like, oh, we can't turn over data.

But then when you read their privacy

policy,

it's like we use these twenty analytics

companies and eighteen of them are based

in the US and

So I'm particularly pissed off at them

because I feel like they're really lulling

users into a false sense of security.

But... Oh, Flo has an AI chatbot.

How cute.

I'm sure there's nothing wrong with that.

So, yeah.

This is just... I mean,

health data in general is really

sensitive.

And I feel like this is another area...

There's a lot of areas where...

I'm gonna get on my soapbox here.

There's a lot of areas where privacy

developers,

and I feel bad when I criticize

developers, because again,

I don't know any code,

so I cannot be part of the solution

here.

But there's a lot of areas where privacy

developers focus too much attention.

Like I swear to God,

you can throw a rock and hit ten

encrypted messengers.

But then there's other like very simple,

like there's not a lot of to-do lists

out there.

There's not a lot of really good quality.

There's like one calorie tracker that

looks like it was built in like,

There's not a lot of...

I'm trying to think what else there,

I don't know.

There's just, there's, I mean,

there's also like million Bible apps for

some reason.

I'm not sure why that is.

I don't really care.

I just find that interesting that if you

go to F droid,

there's like a million Bible apps,

but it's just,

there's certain things in privacy that are

overrepresented and certain things that

are underrepresented.

And I feel like health in general is

one of those things where we just don't

have enough good quality health options

out there.

So I don't know.

It's good to know that Yuki did well.

I think there's a couple others we

recommend on the website.

Um,

But yeah, if you,

I'm assuming most of us,

unless you are an extreme hermit,

probably know at least a few women.

Definitely go ahead and send this to your

friends,

send this to your family and let them

know about this kind of stuff.

But I don't know that I have anything

too specific to add to this story.

I just thought it was a really important

story that deserved to be mentioned.

And I'm glad that our recommendation

performed so well.

Yeah, definitely.

It's definitely good to see that things

are, you know,

our rigorous process is also, you know,

being approved and confirmed,

which is great.

I think I do want to add here

kind of quickly.

I don't know,

this article mentions like women a lot.

Like, I just want to mention like,

you know,

Not just women,

like just people that menstruate.

Just saying.

You've got to be a bit more inclusive

there.

I think the interesting thing here is some

of the stuff that they talk about that

kind of goes over my head and,

you know,

maybe this is something that people who

don't menstruate don't realise.

I don't know how much you can talk

about this, obviously,

because this is more of a US thing.

This is not really a thing in Australia.

But what is...

kind of the risks with this because as

I understand it there's quite a situation

regarding like abortion and stuff like is

this really as risky as as the article

is saying like so um I don't know

how qualified I am to talk on this

because I have not been following it

closely but

Okay, this is purely personal opinion.

Well, okay, this part's not.

So Post Dobbs is talking about – so

in the sixties,

we had this case in the US called

Roe versus Wade.

And basically what the Supreme Court – the

US Supreme Court decided that – and –

This is true,

which is going to lead to the opinion

part.

Basically,

they said that the government does not

have a right to a woman's body and

that that is like a privacy issue.

And like like it's not really the

government's place to tell somebody that

they can't get an abortion.

And that effectively legalized abortion in

the US for decades until a few years

ago when somebody challenged it and the

Supreme Court,

who is now stacked with conservative

judges, decided, you know what?

Yeah, well,

this is not something that the federal

government should decide on.

This is something that should be decided

at the state level.

And then all of a sudden,

a whole bunch of conservative states raced

to introduce anti-abortion laws.

Texas decided to make a point out of

one particular woman.

I will die on that hill.

Yeah.

The opinion part that I want to throw

out there is I really think this was

the wrong way.

Even if you are – like even if

you think abortion is murder,

I don't think this was the right way

to go about that because, again,

the Supreme Court said this is about the

government saying they don't have a right

to your body.

And I think that's a really weird one

that you want to fight to get your

way.

But I digress.

Yeah,

so in – I don't know how much

it has been exercised.

Like it's definitely –

We've definitely seen situations where I

don't know that they're necessarily

privacy related.

But again, OK, so in Texas,

there was a lady that I might have

the finer details here wrong.

But basically, like.

I think the OK,

forgive me if I get the details wrong,

but it's not too far off from this.

The fetus is not going to be born.

I mean this was a long time ago,

so I should be talking past tense.

But the fetus was not going to be

born, period.

But no doctor was willing to operate

because they knew that they would get in

legal trouble for performing an abortion

even though medically she needed it and

there was zero chance that the fetus was

going to survive.

And if they don't operate,

there's a pretty good chance she won't

survive either.

And Ken Paxton still refused to make an

exception for them because like nobody

wanted it.

So like they literally put someone's life

at risk just to make a statement out

of her to make this an anti-abortion

thing.

So this is having like real impacts on

people and their lives and.

It's – I don't know.

Again,

I have not kept too close of an

eye on this,

so I don't know exactly how many privacy

invasions this has resulted in.

But I do know that this is definitely

like – it basically chipped away at your

protections from the government for

privacy.

So yeah, it's –

It's not great.

And it's, again,

this is one of those things that the

Supreme Court decided is now a state

issue.

So some states have still legalized

abortion.

Some states have not.

Some states you can with certain caveats,

like if it was a sexual assault that

resulted in the child, it's, yeah,

I don't know.

It's a whole, it's a mess.

It's a mess.

But I think people are right to be

worried about it because if you live in

one of those red states and one of

these apps,

decides that um like if you had a

miscarriage you could look at the metadata

of the app and it could suggest that

maybe you had an abortion you know it's

like it's one of those things where the

metadata can sometimes tell a misleading

story so it's definitely something that i

think people at very least should have on

their radar and should pay attention to

regardless of their political beliefs

because there's no protections there

anymore so i don't know i don't know

if that made sense

Yeah, I guess.

Yeah.

I, I think it's good.

You're bringing it back to like the

privacy aspect, right?

Like this is important data that could put

people at significant risk, right?

Because, um,

no matter how you feel about abortion, um,

you know, this data is, um, you know,

if someone wants to get an abortion, uh,

then that data could be problematic,

could mean that they get jailed.

This is a significant issue.

This is data that could put you in

prison, basically.

So take it with a grain of salt

because this is the AI summary from Brave.

But according to the AI summary,

there have been criminal prosecutions and

data subpoenas because the Roe v.

Wade protections are no longer in place.

They said there was a Mississippi mother

who was accused of murder after

investigators used her online search

history for abortion medications as

evidence following a stillbirth.

And for the record, these are summaries.

I don't know if these people are actually

guilty of anything or not.

In another case,

prosecutors secured a twenty-year sentence

that was later overturned by using a

woman's text messages to argue her

miscarriage was self-induced abortion.

A Texas man utilized his wife's private

text messages regarding abortion pills to

file a civil lawsuit against her and her

friends.

Um, so yeah, I mean,

this is definitely having an impact for

sure.

So yeah.

Yeah.

I think as well, I believe, um,

a former team member, uh, intern Kevin,

I believe wrote an article reviewing.

all sorts of these period tracking apps,

which I'll just kind of bring this back

to the tools here.

This is on our health and wellness page.

We recommend Drip, Yuki,

like the one Nate mentioned,

and also Apple Health for...

um menstrual cycle tracking so if that's

something that you know if you've been

using like flow clue period calendar um I

know there's a lot of different ones um

that's

definitely check out our recommendations.

It's worth it, especially if you're,

you know,

living in a situation where you could be

at risk.

I think this is an easy switch for

that.

They do allow import of data as well.

So, you know,

you can export your data from those other

less private apps imported in.

I think it's definitely important to

uh, be concerned about that, um,

and not to become complacent because yeah,

I think that's probably the most, uh,

concerning thing about that situation,

just like how quickly things can change,

um,

and how quickly things that you took for

granted can disappear.

Um, so, you know,

don't become complacent because stuff

that's legal today may not be, um,

Why do you think Apple Health is private

enough?

Henrique asked in the chat.

The main reason is because it uses

end-to-end encryption with syncing.

You also don't have to sync it either.

um and you know basically no other app

offers syncing with end-to-end encryption

the other two apps are both offline so

they don't sync at all which can be

an issue but um apple is basically the

only company that does end-to-end

encryption on like health records and

fitness data it is what it is it's

the best

that we have.

Apple has problems as well.

I think, you know, be careful with that.

I think syncing the data is also more

risky as well.

And I believe that is something that Kevin

did mention in that article.

So just be aware of that, too.

And, yeah, I don't know.

It's tricky.

You've got to use the best tool.

I was talking about that to my sister,

but she ignored.

I mean, yeah,

you've got to pick your battles, I guess.

Sometimes some people don't get super

engaged on something unless, you know,

they're personally invested in it,

which kind of sucks.

But, yeah,

we kind of talked about this a lot,

but, like,

you know,

getting people to care about these issues

is definitely something that doesn't

happen overnight.

So, you know,

keep subtly pushing someone in the

direction and maybe they'll finally

understand.

Yeah.

And something I want to add on to

that is, um, definitely try to resist the,

uh, the urge to, I told you so,

um, which I, I feel it too,

for the record when like people that

normally say they, you know, Oh,

I have nothing to hide, whatever.

And then something happens and they come

running to you and they're like,

Oh my God, what do I do?

And it's like, well,

if you'd have listened to me a year

ago, you wouldn't be in this situation,

but try, try not to do that.

Um,

cause then they're just not going to come

back to you next time.

So

yeah it's it sucks it really does suck

that most people don't care until they're

in the fire and then at that point

they just want like you know it's like

doxing right like people will come to you

and they're like oh my god i'm being

doxed what do i do and it's like

what do you want me to do i

can't take the information off the

internet like yeah there's stuff we can

try to do but it's i mean really

unless you're gonna move there's nothing

we can really do but wait for it

to blow over and it sucks but it

is what it is um

I was going to say,

I'm pretty sure my wife is using Yugi

and I think she was pretty happy with

it.

So yeah.

I will also say these apps do a

lot more than just period tracking.

So if you need tracking for any sort

of like sexual health stuff,

definitely check it out.

Even just tracking mood stuff.

It's good as well.

So yeah.

Yeah, not only for people that menstruate,

but yeah,

definitely worth checking out if you're

using something that's less private.

Yeah,

I was going to say it's helped her

understand a lot more because, you know,

since it's like hormone related,

like sometimes she's just naturally more

tired and other times she has more energy

and just being able to track that has

helped her with that stuff too.

I think that's all we've got for stories

so far.

Awesome.

Cool.

I guess we can roll into some forum

updates then.

In a minute,

we'll start taking viewer questions.

So if you've been holding on to any

questions about any of the stories we've

been talking about so far,

go ahead and start leaving them on the

forum thread or in the comments section on

the live stream.

But for now,

let's check in on our community forum.

There's always a lot of activity on the

forum, but...

Here's one particular thread that we

thought was worth highlighting this week.

So I'll give a quick overview and then

I'll throw it back to you, Nate.

Briar is in maintenance mode.

This is a post from the Briar project.

This is a quick update about the status

of Briar.

Short version,

the project is still active,

but we're only making essential security

updates and bug fixes for now.

I guess the long version for several years

we've been trying to find solutions to

some of the longstanding issues with

Briar, such as high battery usage,

unreliable background operation on

Android,

missing features like account backup and

file attachments,

and a difficult user experience for adding

contacts and communicating offline.

We considered completely rebuilding the

application from the ground up or even

splitting it into a separate application

for online and offline use.

Meanwhile,

the project didn't have funding.

We were reluctant to look for funding

without having a long-term plan.

And so we could only work on Briar

in our spare time.

Last year,

we decided that we wouldn't realistically

be able to solve these issues.

And so we reluctantly decided to shut down

the project.

We worked on releasing a final update for

Android and desktop to allow the app to

remain functional for as long as possible.

In the meantime,

we were hearing a lot of supportive words

from people who we had told about the

decision.

The app continued to attract new users.

So finally,

we decided to continue the project in

maintenance mode.

We're only making essential security

updates and bug fixes for now,

but eventually we hope to make some

incremental progress on these longstanding

issues.

We're sending out this update because some

rumors have been circulating that the

project is shutting down.

Based on conversations we had with people

in the internet freedom and privacy

community last year,

these rumors are out of date.

The project is continuing.

All right.

What do you think, Nate?

I think that's good.

I know a minute ago I was just

like, oh my God,

there's too many messengers.

But the reason I think there's too many

messengers is because I think a lot of

them are not...

meaningfully reinventing the wheel.

Not that every messenger has to be like

completely unique from the ground up,

but you know,

a lot of them it's like, oh,

it's just a different UI or like it

routes through, you know,

I to P instead of tour or whatever.

And it just,

it does all these little things that for

the record, I guess, I mean,

that's important to somebody, but again,

I think there's other places developers

should be focusing their attention in my

opinion.

But Briar is one of those ones that,

I mean,

I think my only beef with Briar is

that it's not available on iOS,

I don't think.

Briar actually has a unique niche,

which is that it can function offline.

It can function peer-to-peer.

The only time I've really used it

personally is...

Sometimes my wife and I will fly.

And because I am very cheap,

I will not spring the extra money to

make sure that we get seats together.

And usually you can just ask somebody and

they'll switch like, Hey,

do you mind if I have your seat

so I can sit next to my wife

or whatever?

It's usually her asking actually,

but sometimes we can't do that.

And so we'll use Briar to like keep

in touch while we're on the plane and

we don't have cell signal.

And which is, it's pretty interesting,

but yeah,

Uh, you know, there's,

there's other actual use cases, you know,

if you're in an area, um,

like I could see this being useful in

a, especially foreign countries.

Like,

was it Venezuela recently that had like

really bad earthquakes?

Like when you get outside the U S

and Europe,

the Android adoption rate is so much

higher.

And so a situation like that would be

great for something like Briar.

If you live in a country that has

a really bad infrastructure,

it could be great for something like

Briar.

So yeah.

yeah i'm just i'm really glad to see

that they are going to stick around even

if it's just maintenance mode and i hope

that they will be able to get the

resources they need to keep developing

because like they mentioned there are

Some things that do genuinely need

improvement, you know,

better battery life.

I mean, the UI, in my opinion,

could use a little bit of an update.

And I'm sure there's a whole host of

things from people that actually use the

project regularly.

But yeah, I think it's really cool.

I'm happy they're not going away.

And I hope they will be able to

get whatever they need to resume full

development as soon as possible.

I think that's my takeaway.

Yeah, I definitely agree.

Um,

I think this has definitely been one of

those apps that like, you know,

like we saw in Iran,

there was like a whole internet shutdown,

right?

Like, you know,

you're not going to be able to use

signal if the entire internet is down.

Um, you know,

having an app that can operate without

accessing the internet is kind of

important.

And, um, um,

Henrique said,

probably simple X is enough for most

people.

No,

because like if the internet

infrastructure is down,

then you're kind of, you know,

what are you going to do?

So if you don't have internet,

that's why I think something like this is

so important.

All righty.

I mean, yeah,

I didn't really have much else to add

to that.

I also think I wanted to include this

story just because Briar is one of our

recommended tools.

And they said rumors are going around that

it's shutting down.

So I guess I kind of wanted to

signal boost that a little bit.

But if that's all you have,

I think that's all I have for that

one.

Yeah,

I've never actually met anyone that used

Briar before.

So I've never actually used it.

But it does seem really cool.

Yeah, like I said,

I've only used it in small bursts,

but it's interesting to me for sure,

especially...

I was a little disappointed once I moved

to Android, and I was like, oh,

now I have access to things like Briar,

and like you said, nobody uses it, but...

Which is a bummer, because it's cool.

But yeah,

it takes a hit on your battery life

for sure.

But I think with that,

we'll move into our Q&A segment.

So we're going to start with our questions

on the forum from our paying members.

If you want to get priority in the

Q&A,

you can become a member by going to

privacyguides.org slash donate.

Or anywhere on privacyguides.org,

you can click the red heart icon in

the top right corner of the page.

We did actually have one question that

somebody left, I think,

after we started streaming.

It says,

what are your thoughts on private message

sharing?

They say people will often share

screenshots of messages between other

people,

whether that be in public groups or

private messages.

From people wanting to respect others'

privacy, should we call this out more?

Are there any factors that would make this

okay,

such as the person you are sharing them

with, for example,

a partner versus a large group?

What else do you see people do that

despite being privacy invasive of others

often gets overlooked?

I don't know about that last part.

That kind of puts me on the spot.

But yeah, I think it's very contextual.

I think

Personally speaking,

I think – I don't know.

I think it's a gray area because on

the one hand,

I think anything you do in a public

space is kind of public,

and you should not –

necessarily expect privacy and i think

that's a little bit different from like a

right to be forgotten like personally i

really love that mastodon has the ability

to automatically erase old content and um

i i wish i would see that on

more websites and services because i think

that's a great thing um like personally if

i saw a screenshot in a public place

like a public discord or a you know

website i would be okay to share that

on mastodon because i know that in three

months it's not gonna be on my account

anymore so it's not like i'm selling

somebody out there

Although I guess web archive exists,

potentially.

I think it's also different.

Yeah, like, you know,

my wife tells me everything.

We tell each other everything.

So I mean, saying like, hey,

this person messaged this,

I think is kind of a given,

in my opinion, personally.

But I think it's, yeah,

I think it's very contextual.

I don't think,

if it's a one-to-one message,

I don't think you should necessarily be

sharing it with like,

like on the forum or something.

And I don't know, it's,

it's really contextual of like what it is.

You know, it's,

I usually ask people to be honest.

I'm like, Hey,

do you mind if I share this?

And I'll,

I'll like censor certain information or

I'll, I do.

I mentioned before,

I have a friend who's in law enforcement

that shares information with me sometimes.

And I will purposely never copy and paste

him or screenshot him.

I will like paraphrase what he said.

Cause even like his, his speech patterns,

I don't want that to get out there.

So,

I don't know.

I think it's definitely something that

people should think about a little more.

If you're just too lazy to paraphrase the

information or something,

it really depends on what the information

is, I think.

I don't know.

I don't know if I'm making sense.

No, it definitely makes sense.

I think you have to be very careful

about sharing stuff that has been shared

with you in private.

I think some people are like...

Some people definitely have this...

this idea that there's no consent required

for that.

Like you'll take a photo with somebody and

then suddenly they'll post it on every

social media platform,

post it everywhere publicly and link your

identity to it.

It's like, no, we need to normalize,

you know,

we need to normalize asking for consent

and not just doing stuff because we think

it's fine.

Um, because, you know, maybe,

maybe you're fine with that,

but maybe they're not like, you know,

you have to,

you have to ask instead of just assuming,

um, I guess, bring it back to, um,

this person's question.

Um,

Yeah,

I think you kind of just have to

do as much as you can.

Like if you're going to share someone

else's messages,

which I feel like you should ask them

first if that's okay,

black out their username,

black out their profile picture,

get their approval first.

Don't just share like text messages from

someone or messages from someone that you

don't

And I even think, you know,

maybe this will be a hot take,

but don't share, like,

messages from an ex-partner.

Like,

especially if you're not talking to them

anymore.

Like, it's not right.

You know,

I don't like those sort of things where

people just, like,

share private messages with their partners

that they don't have anymore.

Like, that doesn't...

That does feel like, you know,

just because you're not in a relationship

with that person anymore doesn't mean you

can just disregard their consent

completely.

But...

Yeah,

I don't really have any more to add

on that.

I mean,

there's some questions here coming in on

the live stream.

Do you think Graphene OS... Oh,

Henrique said, I said on the internet.

Yeah, yeah, exactly.

So SimpleX is definitely a good option

online and Briar is good for offline.

Do you think Graphene OS desktop mode is

better than having a desktop?

Yeah.

No, I think it's definitely got issues.

Again,

I don't have the latest Google Pixel,

so maybe it's become better or it's

supported a bit better on the Pixel X.

But on my Pixel X,

it is very low resolution.

I think it's

I would say it's not ready,

but like if you need something and that's

the only device that you have, then sure,

go for it.

But I would say most likely go for

something else.

Probably not going to be as secure as

Graphene OS.

Dag O'Hall said cubes?

Smiley face?

Which, you know,

I think that's definitely a different...

different sort of thing.

Um, you know,

you're not going to get access.

It's,

it's a much more virtualized

virtualization heavy system, um,

with much stronger containerization and

like separation.

So, um,

that obviously comes with some drawbacks.

Um,

I do feel like the average person is

not going to want to put up with

that.

It's also very complicated, um, to use.

I think it's not super intuitive.

So, um,

Yeah, it's kind of my thoughts on that.

Yeah.

I'm glad you mentioned the security thing.

Cause that was my thought.

I know I've said in the past,

this came from one of.

firewalls don't stop dragons guests.

I can't remember who it was.

And it was several years ago at this

point.

So I'm not even going to go look,

but he was talking about mobile phones.

And he said that from a security

perspective,

we kind of learned from the mistakes that

we made on desktop.

So there is much better like sandboxing

and you know,

like I guess you would technically call it

an atomic upgrading system.

Cause like,

when's the last time you saw a phone

like fail to upgrade and update and break

itself.

Like it's, it's really, really rare.

So yeah,

it's very um they're kind of solving

different problems but yeah my first

thought is just performance like i don't

know if i would trust even like a

pro version of a pixel like i don't

know if i would trust it to handle

games very well i wouldn't trust it to

handle video editing very well although i

hear the macbook neo does okay for some

basic video editing so

Um, yeah,

at this time I think it's just kind

of like the right tool for the right

job.

Like if you just need something to browse

the internet, watch YouTube videos,

check your email, then yeah, sure.

It'll probably work just fine.

But, um, for like serious desktop tasks,

desk desktop tasks.

I don't know if I said that right.

Um, yeah,

I don't know if I wouldn't for me,

I don't think it would use it.

Um,

I want to address this.

He said,

having a proper desktop has problems like

Intel ME and AMD PSP.

Okay, hot take, personal hot take here.

This is not an official privacy guide

stance.

I wrote a blog post a long time

ago.

I cannot find a single piece of evidence

that Intel ME is actually problematic.

It is absolutely problematic just from a

principal standpoint of like,

why is this thing running at ring zero

and...

why does it have such elevated

permissions?

But, like,

there has never been a documented case of

anybody being hacked.

There's...

Let me see if I can find it

real quick.

But, like, I literally went looking.

I spent, like,

a couple days researching this,

and I could not find... Yeah,

so I called it the not-so-scary truth

behind Intel ME, and if it'll load...

You know, they say that it's, like,

this backdoor built-in and whatnot, but...

It's just, nobody has ever called it.

It's coming back to me now a little

bit.

It's still loading, but like, oh,

it's not going to load because that's

blog, isn't it?

Okay, hold on.

God dang it.

Even in Wikipedia,

if you go to Wikipedia and it says

like, oh,

this person accused it of being a

backdoor,

and if you click the link and read

it,

the word backdoor does not appear anywhere

in the article that they cite.

So it's – to me,

it's very much a case of like this

hypothetical like it could be bad.

But there are no documented cases.

It's never been, it's basically,

I think it's one of those things that's

overblown a little bit.

It's like, sure,

try to avoid it if you can.

It's definitely,

it would be a lot better if it

wasn't there.

I'm not going to argue that.

But I think it's one of those cases

where like people have really taken it

It's become like a fear mongering thing

where it's like, oh,

it's the worst thing ever.

And it's like, no, it's just,

I don't know.

I don't know if I'm explaining it well,

but I just, I think too many people,

because especially there's scripts that'll

like remove Intel ME and half of them

will break your computer.

And so it's just, yeah, I don't know.

I don't know.

I don't know.

The web address has actually changed,

so I might post this in the Q&A

thread just so people can find it.

But yeah,

I think it's been kind of overblown

personally.

But again, for the record,

that is a personal opinion.

That is not official stance from Privacy

Guides, but yeah.

I guess to kind of back that up

with our recommendations here,

we don't recommend using Linux Libre

kernel and Libre distributions.

And the main reason for that is they

basically strip out microcode updates,

which, you know,

they're kind of important from a security

perspective.

And they also remove security mitigations

and they also suppress kernel warnings

about vulnerable microcode,

which is just not good from a privacy

perspective.

And the Libre distributions and stuff are

probably the ones you're going to want to

use if you're worried about like Intel ME

and AMD PSP.

So, you know,

that's kind of where we're standing on it.

We don't really have any,

as far as I'm aware, there's no,

you know,

recommendations for alternative

bootloaders,

such as like LibreBoot or CoreBoot.

Those have other separate issues,

but when it comes to operating systems and

stuff, I think there's,

like Nate said, I think there is some,

a little bit of overblowing going on,

but I think it's certainly something to

think about.

Um,

I think it comes back to like people

thread modeling, right?

Um,

if you're Edward Snowden and the American

government is trying to track you down

and, um,

they're going to use every possible

avenue,

which would include that sort of software.

Um,

And Henry K says,

using Arch with AppArmor and UFW for a

security perspective is good enough.

I think I would recommend looking at our

Linux overview page,

which you can find in the knowledge base

and under operating systems.

That's going to have a lot more

information about

things that you should be doing,

especially with Arch because it is so

customizable.

You could make it really insecure or you

could make it quite secure.

So definitely check that out.

Dag also said Secure Blue.

We did do a video about that as

well last year.

That's another one we recommend.

It's one of our most viewed videos.

Possibly, yes.

Linux stuff generally does really well.

There's some extra tips in the Linux

overview page specifically about

Arch-based distributions.

So definitely read that.

I think Linux is going to be significantly

better from a privacy perspective than

Windows and Mac.

So that's basically the main reason that

we would suggest it.

Definitely,

if you watch the secure blue video,

you'll get a better understanding about,

like,

the security issues with Linux itself.

But, yeah.

Kind of everything I had to cover on

that.

I might repost this blog post over on

my ghost now that I'm kind of migrating

stuff over there.

Okay.

Sounds good.

It's not really a question,

but when we were talking about the period

tracker apps, Dag said,

remember that gay priest that was outed by

conservative groups buying his data from

brokers?

Yeah,

I think just kind of goes back to

showing how sensitive data can be.

And yeah,

I think they tracked his location or

something that was being sold by Grindr

and saw that he was going to gay

bars.

So yeah, sensitive data worth protecting.

I think that's all I saw for questions.

I don't know if anybody has any more

last minute questions.

Yeah, we did forget this week.

We've been trying to ask for questions in

our privacy guide supporter signal group

chat.

If you're a supporter, you can join that.

And a couple of team members are in

there just to answer questions and chat

about stuff.

But we kind of have been wanting to

use that as a way to get questions

from our supporters and give them priority

and stuff.

We're trying to,

we'll make sure we get that onto that

next week, but we did forget this week.

So,

but if there's anyone in there now that

wants to leave a question,

feel free to do so.

When is Windows hardening article going to

be released?

There's already a knowledge base article

about Windows, Windows overview page.

which does have some information.

It doesn't have a huge amount of stuff,

but it does have some things already.

It's got a couple of sections,

which I believe are still coming soon,

which is the initial installation,

privacy settings, application sandboxing,

and security hardening.

But like we said,

Privacy Guides is like a volunteer

project.

Apart from Nate and I,

and I believe Jonah, there's not really...

You know,

we're doing work on video stuff and

everything else is kind of volunteer run.

So it's whoever has time, which, you know,

it's already kind of a lot to juggle

because we're doing so many things at the

same time.

It's basically that we can't really set a

deadline on what that's going to be done.

It's whoever wants to work on it,

whoever has time.

And, you know,

sometimes that doesn't always happen,

but we try our best to handle everything.

And I think we've been pretty good about

that because we previously didn't have

operating overview,

operating system overview plans.

pages but we do now um i'm not

sure who was the major catalyst behind a

lot of these it looks like it was

jonah um daniel gray redoomed um a couple

of those um

members were working on those websites,

on those sections of the website.

It looks like this one was mainly Jonah

and Daniel.

So, you know, you can submit, you know,

stuff like this.

You can join the discussion on our forum.

You can help to build out the site

and add resources.

I think that's kind of it.

There is recommendations for other

operating systems as well that we don't

recommend.

So...

Definitely check that out.

There's macOS, there's iOS,

and like we're talking about,

there's Windows as well.

So yeah, check it out.

Maybe help try and build that out if

you have time or if you want to

contribute.

Yeah,

I know Jonah was working on a credit

freeze guide recently.

I'm not sure what the latest on that

is, but there is...

new content on the way.

I think we're always trying to keep the

website up to date and add new stuff.

Privacy's an ever-evolving thing, right?

So there's always going to be updates and

changes.

Good stuff.

I mean,

I actually just this week I was because

we talked about that Windows global ID

thing last week.

And there was a I think you found

it.

If I remember correctly,

there was an article that finally had like

a lot more.

I mean, it still wasn't much,

but it was more information than any of

the other articles up until that point

that talked about like, yeah.

like what it is and what it submits

and how to disable it.

And so when I went to go check

my computer,

I noticed that some of the settings have

changed names,

so even just little things like that.

Real quick, Henrik said,

I don't use Windows,

but my grandpa wouldn't switch to Linux

very easily.

So this is not an official...

recommendation,

but I know Zorin OS was really popular

when windows ten stopped getting support

because when you install it,

you can pick if you want it to

look like Mac or windows.

And so for some people that would be

a transition towards Linux.

Again,

that's not one of our official

recommendations because it's based on

Ubuntu and there are more secure distros

out there,

like the ones we've been talking about,

but it might be like a good intermediate

step to get somebody over towards Linux

possibly.

I need to check out Zoran myself.

It's been a while.

It definitely does look interesting.

Not seeing too many other things here,

unless anyone else who's also watching

right now

has any,

anything that you want us to talk about,

um, any news stories that you've seen,

any questions you have about the website

or what we've been working on, definitely,

um, drop that.

Um, I guess there's also been, um,

some interesting,

more interesting threads on the forum,

which I think we could maybe talk about

one more, um,

to kind of give people a

I think we had two or three that

we were thinking,

but we ended up kind of choosing to

go with that main one about Briar.

But we could just do one more here

if you feel like it, Nate.

Yeah, I'm down.

Did any of them jump out at you

specifically?

I think we could talk about maybe

smart TV tracking.

I mean, we talked about that a bit.

There's one about windows steering users

to edge.

I don't know too much Microsoft bashing

this week.

Oh, there's no such thing.

Yeah.

I mean, so there was a,

there was a report.

Let me see if I can find that

one.

There was a report this week from Mozilla.

So, you know,

take it with a grain of salt,

but it's also not exactly hard to believe

that Mozilla,

that Microsoft still, so they, I mean,

this isn't really like quote unquote news

per se, but Microsoft has been accused of,

um,

pulling a lot of dark patterns,

which for those who don't know,

dark patterns are what we call it when

like it's one click to sign up for

a service,

but you have to email customer service to

close your account.

Um,

they call that a dark pattern because

they're trying to nudge you into doing

something that benefits the company and

not you.

And, uh, so yeah,

windows has been long been accused of

using dark patterns to make, uh,

make you use like their browser edge

specifically.

I'll be honest.

I've never really noticed maybe it's

because of all the changes I make to

windows,

but like I've heard people talk about

like, um,

Okay,

so the only dark pattern that I have

is no matter how many times I uninstall

Edge, it comes back,

which is why I just have it firewalled

now so it can never connect.

But, you know, people talk about, like,

they set their default browser to, like,

Brave or Firefox,

and then they update Windows,

and it goes back to being Edge or

something like that.

And I personally never experienced that,

but they...

According to Mozilla,

Microsoft still does not allow users to

download set as the default or keep using

alternative browsers without harmful

interference.

This might take the form of an all

you need is right here banner in Bing

when attempting to download alternative

browsers.

I don't know who's using Bing even in

Edge.

The pre-pinning of Edge to the Windows

taskbar and the misleading wording,

which according to the report could trick

users into making Edge their default.

And then there's the AI.

The authors found that Copilot ignores the

default browser when opening links and

that Copilot data shares toggles are

pre-selected on in the US and India.

I mean, why is that surprising?

Again, who uses Copilot?

It's terrible.

It's like the worst AI, except maybe Grok,

but...

I don't know.

Um, yeah, I mean, it's just,

it's really like, you know,

somebody asked earlier, it's like,

why don't people just switch to Linux?

And like,

there are valid reasons to be stuck on

windows,

but I definitely think it's one of those

things.

Cause I think a lot of the time

people just don't challenge their

assumptions, you know?

Um, like there's all kinds of, um,

there's,

there's all kinds of like brain teasers

and, and mental, uh,

I don't know what the word I'm looking

for is,

but like they're tricks basically that

kind of like trick you into like A

or B. And it's like, well,

if you stop and think about it for

a minute, there's also option C,

it just wasn't explicitly stated.

Um, and I,

I think a lot of the time we

do that to ourselves where it's like, oh,

I have to be on windows.

But if you stop and think about it

for a little bit, it's like,

actually I could do this in the browser.

I could replace this with some other open

source thing.

And, you know,

if I did this and this, like, well,

at very least I could dual boot Linux

and I could use Linux,

the time and windows, of the time,

you know, it's, um, so I,

I would just say,

I would use this as an opportunity to

ask yourself that question.

If.

Are you really stuck on windows or is

it one of those things where it's like,

actually I could reduce my dependency a

little bit.

So I don't know.

That's yeah.

Yeah,

it's interesting to see that this is so

different across different regions.

I think it kind of makes sense because,

you know, the EU economic region is, like,

much more...

I think they're definitely much more

focused on, like, bringing in, like,

stopping these monopolies and...

stuff like that, in some cases, I guess,

which, you know,

it's made things a little bit better.

According, like,

I'll just share this on screen.

This was a,

this is kind of what the report was,

a graphic from the report.

Basically, even in the EU,

there's still lots of

Lots of hoops that you have to go

through.

It looks like the US is the worst

out of all of them.

The UK is slightly better, like slightly.

Yeah, UK,

like USA and India are basically the same

and the UK is slightly better.

So still a lot of things that it's

doing though.

You can see here just like tricks that

they're using to get people to use Edge.

This is really...

pretty sinister stuff to kind of get

people to use this.

And I think most people are not super

aware of these tactics,

which is what makes it kind of even

more insidious, I think.

And these are things that unless you've

been trained to know exactly what is

happening,

I think we've all gone through the process

of trying to cancel something.

Well,

I guess if you live in a country

that doesn't have protections against

that,

then you've been through this process

where you try and cancel something and the

cancel button is

really hard to see,

or it's like really small.

And then like the, the, the opt out,

like the, the, the, Oh no,

actually I want to keep my subscription

button is really big and blue and

clickable.

Um, you know,

it's all those sort of tricks that they're

using to, to get people to use this.

Um,

And I hope something can happen with this.

I don't think this should be limited to

some specific economic region.

It's like with the Apple stuff,

being able to access those third-party app

stores and stuff.

I don't think that should be limited by

if you live in the EU or not.

It should be like a global thing, ideally.

But I think,

especially when it comes to these super

gigantic corporations,

they can kind of split things and develop

different versions of operating systems

because they just have so much money and

so much time to develop alternatively like

this.

Um, yeah, I don't know.

Um, it's frustrating.

Windows is really bad.

Um, yeah,

I didn't really have too much more to

add on this one.

Um, the only thing I want to add,

Henry care said you can edit some of

the files and make your computer be like

it was configured in the EU and then

it won't reinstall.

I hear you and I'm not yelling at

you, but like it shouldn't be that way.

And I mean,

this is normally something I complain

about other developers and Linux people

about, but like, it's not, I mean, you,

you've been saying yourself that like you

have family members that are not tech

savvy and like won't switch to Linux and

stuff.

It's like,

you really expect them to go in and

edit the configuration,

the registry and stuff like that.

Like,

I don't know.

I know you're probably not defending

Microsoft, but it's just, yeah, to me,

that's not a solution to me.

I'm looking at,

I reposted something from Macedon

recently.

It said, OMG,

you don't like the textiles that are

available?

Just go shear a sheep,

gather stinging nettles, skirt the fleece,

ret the stalks to get at the vast

fibers, make a spindle, spin the fiber,

build a loom,

disassemble a bike wheel to make knitting

pins, weave your own cloth,

knit your own socks, sew a tunic,

go live in a bog without any human

contact because all of this takes too much

time for being social.

By the way, this post is about technology.

and yeah i think uh sometimes we have

we uh we have that attitude so i

don't know that's that's a whole nother

rant that i could get on that is

neither here nor there but good old dark

patterns not as cool as they sound you

know usually you put dark in something and

it sounds really cool but

Not cool when you're the one being

manipulated, yeah.

Yeah, right?

I bet you it's great for all the

C-suites at Microsoft that are making

bank.

Make more money in a week than I

make in a year.

Yeah, probably a day even.

It is kind of interesting, though,

that this is, like, you know,

not being curbed in any way.

like I feel like this is obviously like

monopoly behavior.

Don't know what's going on with that,

but I guess, I don't know.

I guess there's not really any,

I guess this would be more of a

US thing maybe.

Maybe like it kind of depends.

I feel like if there was enough pressure

from outside of the US,

there would be pressure for that to

change.

But I guess it is kind of something

that the US has to,

has to work out,

which seems like you haven't been

particularly focused on at the moment.

Oh,

don't even get me started about where our

priorities are in this country right now.

I digress.

Um,

were there any other forum threads you

wanted to talk about or is that all

we got for this week?

Yeah, no,

I think we can probably close things out

unless, yeah,

no one seems to have any other questions.

Yeah, sounds good.

All righty.

All the updates from This Week in Privacy

will be shared on the blog every week.

So be sure to sign up for the

newsletter or subscribe with your favorite

RSS reader if you want to stay tuned.

For people who prefer audio,

we also offer a podcast available on all

podcast platforms and RSS platforms.

And this video will be synced to PeerTube.

Privacy Guides is an impartial nonprofit

organization that is focused on building a

strong privacy advocacy community and

delivering the best digital privacy and

consumer technology rights advice on the

internet.

If you want to support our mission,

then you can make a donation on our

website at privacyguides.org slash donate.

To make a donation,

click the red heart icon located in the

top right corner of any page.

You can contribute using standard fiat

currency via debit or credit card,

or you can opt to donate anonymously using

Monero or your favorite cryptocurrency.

Becoming a paid member unlocks exclusive

perks like early access to video content

and priority during the live stream Q&A.

You'll also get a cool badge on your

profile in the Privacy Guides Forum and

the warm,

fuzzy feeling of supporting independent

media.

Thank you guys so much for watching,

and we will see you next week.

See you next week.

Episode Video

Creators and Guests