Windows 0 Day Exploit Situation Is Wild
A new Windows Zero Day from Nightmare
Eclipse on Patch Tuesday.
LAPD is dropping their Flock contract.
And new research into the privacy of top
period trackers.
All this and more coming up on This
Week in Privacy, so stay tuned.
Welcome back to This Week in Privacy,
our weekly series where we discuss the
latest updates with what we're working on
within the Privacy Guides community and
this week's top stories in data privacy
and cybersecurity.
I am Nate,
and with me this week is Jordan.
How have you been, Jordan?
I've been good and been looking forward to
diving into some privacy and security news
this week.
Yeah.
All right.
Well, then let's jump right in.
Let's talk about our first story,
which is about Microsoft.
So the headline says,
Microsoft Zero Day Drops the Same Day
Microsoft Releases Record Number of
Patches.
So for those of you who are blessed
enough not to have to use Microsoft,
or not to use Windows, I should say,
Microsoft releases...
Once a month,
they release their patches all at once.
And that includes everything.
That includes feature fixes, bug fixes,
security fixes.
And they call it Patch Tuesday because I
believe it's the first Tuesday of every
month or maybe the second Tuesday,
something like that.
So this month's Patch Tuesday had...
I want to say like five hundred give
or take patches,
which I did not realize was a record.
I swear I thought they released like six
hundred once upon a time,
but apparently it was a record number of
patches.
And at the same time,
let me let me go back a little
bit and give you some context.
We've covered this on this channel before.
There is a security researcher who is
going by the pseudonym of Nightmare
Eclipse,
and they
They claim that they have disclosed a
number of vulnerabilities to Microsoft,
which Microsoft has ignored.
They say that they've disclosed these
vulnerabilities, they've proven they work,
and Microsoft either brushes them off,
or I think at one point Microsoft even
got them removed off GitHub,
got this person banned from GitHub.
So...
This person is kind of – understandably
so,
has kind of taken it personally and been
like, okay, okay, fine.
Then I'll play dirty.
And so instead of doing the normal
responsible disclosure is what it's called
where you alert the company and then you
give them about ninety days to fix it.
And then you tell everybody like, hey,
I found this vulnerability.
Here's how it works.
Now they're just –
just going scorched earth,
I guess you could say.
And yeah, it's pretty wild.
I feel like they had to have done
this on purpose.
Within hours of Microsoft releasing all
their Patch Tuesday fixes,
they released this new zero day,
which according to this article is now
sending Microsoft scrambling to fix it.
So this new zero day is being called
Hive Legacy.
It's an escalation of privilege exploit
that targets a vulnerability residing in
the Windows user profile service.
And it seems to me,
as someone who is very open about not
being super great with code,
it seems to me like this requires...
A little bit of legwork.
This is definitely not, you know,
I always mention that we talk about
vulnerabilities sometimes that are like,
you know, oh,
you have to have access to the device
for three hours and you have to plant
malware on it.
And it's like, really?
Like,
is that really a vulnerability at that
point?
This one sounds like it can be done
remotely, but it does.
It's a little bit more than just like
point and click.
So basically what you have to do.
It says it allows users with limited
system rights to compromise an admin
user's account by modifying its classes
registry hive,
which is a resource that ensures the
correct application opens when certain
types of files are clicked in Windows
Explorer.
Again,
some of this really goes over my head.
So if it goes over your head,
I apologize too.
But for those of you who want the
details, basically...
They say the attacker can modify Windows
registry associated with an admin account.
The exploit requires the attacker to know
another user's credentials.
So that's the first step.
It says the account need not be admin.
I think they're talking about the
attacker's account.
So basically,
let's say you have a computer that has
an admin account and a regular user
account.
If you compromise the user account and you
know the admin user's credentials,
that's step one.
um this is where i feel like it's
starting to get a little bit iffy but
it says an attacker must also know the
username of a third account also with or
without admin status on the machine so at
minimum the account has to have three or
excuse me the machine has to have three
accounts
which I'm going to go out there and
say is probably not that unusual.
I know at my last job,
they gave us work computers and those were
our laptops.
Like we took them around with us
everywhere.
We used them to clock in,
clock out teams, all that stuff.
Those really only had our accounts on
them,
but I'm certain that there are a lot
of places where it's far more normal to
rotate desks and like multiple people log
in and there's multiple accounts.
And yeah,
I am pretty sure that when somebody logs
into a machine,
the account kind of stays there until you
go in and manually remove it.
Don't quote me,
but I'm pretty sure that's how Windows
works.
So in theory,
I could see a lot of potential
organizations where that is a realistic
setup,
where there's multiple accounts linked to
one computer.
However, again,
you have to know the admin user's
credentials.
You have to know a third user's
credentials.
And actually,
I didn't even think about this before,
but now that I think about it,
Oh, you know what?
I take it back.
Okay, I was about to say, like,
if you know the admin user's credentials,
doesn't that kind of get rid of it?
But it says here that the account... Okay,
so none of the accounts need to be
admin.
You just need to know three user
credentials,
and then you can break into the admin
users.
Okay.
Sorry about that.
I swear I read this article earlier,
but we're going a little bit earlier than
usual,
so I haven't had as much time to
process it.
But yeah, so this...
I mean,
that's really kind of all it is here,
is this researcher has disclosed this,
again,
hours after Windows dropped their updates,
because they're probably trying to make a
point and trying to piss off Microsoft on
purpose, which is probably fair.
And yeah,
Microsoft said that they're aware of the
vulnerability, they're investigating.
They also noted their preference that
reporters follow a coordinated disclosure
policy, which again,
this researcher is saying that...
Microsoft has been ignoring,
which is why they're not doing coordinated
disclosure.
And, uh,
there are some instructions here on how to
like, see if this affects you.
But I think for the average everyday home
user, um,
this is probably not that big a deal.
I guess maybe if you have like a
family computer where each user has their
own account,
but if you just have like your own
computer where it's just your user account
or like your user account,
your admin account,
which is one trick that I think we
recommend then, um,
that probably reduces the likelihood of
this attack.
So real quick before I turn it over
to Jordan, some people are asking,
what are we talking about?
We're talking about Windows Zero Day,
a vulnerability that was dropped hours
after Microsoft released their patch
Tuesday.
So yeah,
I was kind of explaining how that works.
But Jordan,
did I miss anything in this story?
Or did anything jump out at you that
you wanted to discuss?
I think the most important thing about
this story,
like I think you did a great job
of like explaining the attack stuff.
I think, you know,
I don't really have any more to add
on that, but I do think, you know,
it does highlight Microsoft's kind of,
they're kind of tricky to work with,
right?
Like this,
this person submitted this patch to
Microsoft before they were ignored and now
they've decided not to do that, but it's,
you know,
I think it kind of shows that Microsoft
doesn't respect people that are submitting
these vulnerabilities and they're not
taking them as seriously as they should.
I think, you know,
obviously there's issues with not doing
coordinated disclosure because now there's
possibly a bunch of people who are at
risk of this and Microsoft kind of has
to scramble to find a fix.
So that is a concern as well.
But I also don't really blame this person
because, you know,
They probably are.
I don't think someone would do this out
of nowhere.
I think they probably would have been
trying to get Microsoft to fix this for
a while and they kept ignoring them.
So I don't know.
I just think if Microsoft embraced these
people a bit better and, you know,
instead of being kind of antagonistic
towards them,
instead they decided to, you know,
work with them or, you know,
patch the things that they're submitting,
I think that'd be like a much healthier
dynamic there.
It's just, you know,
this is like another time where we've
heard Microsoft just not being good with
vulnerability disclosures.
I think a couple of weeks ago,
like you were saying,
there was this story about like
Microsoft banning someone from every
disclosure platform and everything um
because they you know submitted something
that was in Microsoft's view you know used
for like hacking and such or criminal
activity um when you know it doesn't
really matter I think you should just be
fixing the vulnerability if it exists um
it doesn't really matter where it's come
from
or anything like that.
So very disappointing stuff from
Microsoft,
but Microsoft is just disappointing
anyway.
So it's not really any different from the
usual, I guess.
Yeah.
Yeah, that's true.
Yeah, I actually went to go look up,
because I know we've covered this story in
the past,
and I looked up Nightmare Eclipse in Brave
Search,
and there's no shortage of articles.
I think their last big disclosure was
called Rogue Planet.
So, I mean,
if you guys missed that story,
definitely go ahead and check that out.
Yeah.
Yeah.
I don't know.
I don't think I have too much to
add to this one.
It's pretty unfortunate.
Yeah, it's really...
I don't know.
I mean,
I want to give Microsoft some credit in
the sense that they've always had
vulnerability issues.
There's always hundreds of things getting
patched in these Patch Tuesdays.
And again,
some of them are just regular bugs.
Some of them are just feature things.
They're not all security updates.
It's not like there's hundreds and
hundreds of security updates every time.
I don't think.
Don't quote me on that.
But yeah,
they're definitely not doing great the
last couple of years to the point where
a while back they had to admit.
What do they say that like Windows is
quote unquote fundamentally broken and
they promise that they're going to go
ahead and try to fix it.
So.
Yeah,
I think we could endlessly rag on
Microsoft.
And I think, you know,
maybe people would enjoy that.
But I think, you know, unfortunately,
in the next story,
we're also going to rag on Microsoft again
a little bit.
But before we get to that,
I did want to say...
that this was, you know,
something that you,
you didn't mention this,
but there was in the article,
it mentions that Kevin Beaumont created a
detection script.
So you can check,
if you check this article out,
which will be in the newsletter,
it will include a link to the detection
script.
Kevin Beaumont is like a really like very
well-known like security person.
um so definitely check that out if you
think you might be affected obviously like
nate said it is kind of a bit
more rare because you need so many
accounts right um so just keep that in
mind but i think that was kind of
kind of interesting i'm sure that's going
to be very useful for people working in
like an enterprise and like business areas
where you know
people do silly things.
So there was a question here from Iceman
Co UK.
Why not people just use Linux instead
then?
There's still so many people using Windows
despite all its flaws.
I mean, not everyone really has a choice,
right?
Like it depends on the software that you
use and it depends on your situation,
right?
Like if you're working for a company,
they're not going to probably like you
using Linux because a bunch of stuff isn't
going to work.
um or you know if it's a personal
computer maybe you've got programs that
only work on windows um stuff like that
we don't really um we have recommendations
and you know that's up to you to
follow those and we do recommend people to
use linux but not everyone has the ability
to do that so we just try and
keep like everyone like up to date on
what's happening um
and talk about these issues.
Hopefully we bring in some Windows users
onto this and they're aware of this issue
and maybe they would consider switching or
something like that in the future.
But that's all we can really do here.
Yeah,
I just want to add to that that
unfortunately,
a lot of privacy tools are really lagging
behind when it comes to
device management.
So I'm pretty sure the vast majority of
windows usage is corporate usage.
Um,
not that there aren't plenty of windows
personal users as well, but I remember,
um,
like there was a huge jump in users
when we went, uh,
when we went from windows ten to eleven,
like as ten started to get deprecated
because that's when all the corporate
environments started migrating to eleven
and all of a sudden you saw like
a huge jump in the numbers.
Um,
And it's – I guess my point is
like don't – the number of corporate users
is a significant number of Windows users.
And because of that,
that means a lot of those corporate users
need to have corporate IT controls.
They need to have like endpoint detection
systems and like they need to have like
the controls that block off certain
websites, certain malicious domains, blah,
blah, blah, blah, blah.
And –
Linux is just fundamentally lacking a lot
of those things.
So Linux, for the most part,
I think there are some distros that are
starting to solve this issue.
But at least up until recently,
Linux hasn't really had tools that make it
good for large corporate environments.
And unfortunately,
in large corporate environments,
we simply cannot trust everyone to...
practice good digital hygiene,
like being careful what phishing links
they click and stuff like that.
Otherwise we would not be talking,
I would not be publishing a data breach
roundup every single week because the vast
majority of them are done via like
phishing attacks and stuff like that.
So it's one of those things that like
corporate really needs this.
Linux is not meeting that need.
And I'm also thinking of like parental
controls on like graphene.
I don't think graphene has any parental
controls.
I'm not a parent, so I don't know,
but just things like that,
things that as an individual user,
you're like, I don't need that.
I don't care.
But in a corporate environment,
all of a sudden the math is completely
different.
And you're like, no,
I absolutely need this.
And Linux doesn't have that.
And,
Just to add on, like you said,
like sometimes there's very specific
software that like,
like me as an audio guy,
ninety percent of my plugins are not on
Linux,
which unfortunately is kind of like a it's
a negative feedback loop because I'm not
on Linux because my plugins don't work.
Therefore, there's nobody on Linux saying,
hey, make this plugin work.
So therefore,
they don't make them Linux friendly.
And I don't know how to fix that.
But yeah, there's.
There's a lot of reasons people are still
not using Linux, unfortunately.
There is still a gap.
It's a very niche gap, I think,
for the average person at home who's just
surfing the web, checking their email,
playing some games.
I think Linux does work,
but unfortunately,
for a lot of the niche stuff,
there's still a huge gap there.
So I just wanted to throw that out
there.
And I'm also looking at the website,
trying to see... We do recommend...
Oh, operating systems.
Yes,
we do recommend certain Linux distros on
the website.
So yeah.
Anyways, yeah, that's all I got.
Cool.
Yeah,
I guess we can dive into this next
story.
Like we said,
we're going to drag on Microsoft again.
But yeah,
this is sort of a different thing going
on.
This story is from IGN.
Microsoft restores player's
Microsoft has restored a player's account
access to his twenty five year old
account,
which contain photos of his son and
thousands of dollars worth of games.
This is this isn't just any twenty five
year old.
This is a streamer named Joshua Kane
basically shared.
that on July sixteenth,
Xbox had reached out to him and restored
access to the account which was previously
suspended after being hijacked by a hacker
a few days prior,
while he was extremely happy and thanked
Microsoft for its help recovering his
account and all the invaluable information
therein.
He levied some criticisms toward the brand
for its initial response,
claiming it had told him the suspension
was irreversible at first.
So yeah, this is, uh,
kind of an interesting story, right?
So I think it's the most important thing
to note here is, uh, this person,
Joshua Kane, um,
isn't particularly famous, I would say.
Um,
obviously he has some sort of following,
like I think a couple of thousand
followers on Twitter and stuff.
So like not super popular,
but he definitely has more, more, more,
um,
more uh clout than the average person i
would say so you know this is um
kind of unfortunate if any of you have
ever had this issue before like you know
you've had an account compromised or
something and it was used for nefarious
purposes it's really hard to get access to
it again um and especially you know an
account like that Microsoft account it can
contain a lot of data that can be
kind of important um
So it's good this guy got his account
back, but it did take three days and,
you know,
public posts on Twitter to get their
attention and to get them to kind of
reverse their decision.
I think the most important thing about
this situation is that it is not a
good idea to centralize all your data into
one place and
if you put everything into a singular, um,
account like this, then, you know,
if it gets hacked,
then you're going to lose a ridiculous
amount of data because you've stored so
much in there.
So I think that's like one thing we
can take from this.
Um, I guess I'll throw it to you,
like, do you have any,
any thoughts and like extra things that,
that I didn't cover yet?
Well,
the only thing I went and found is
Twitch account.
Apparently,
he's got eight point five thousand
followers.
So, yeah,
not not he's not single handedly keeping
Twitch afloat,
but it looks like he's pretty consistent
with the streaming, I would guess.
But yeah, I mean, my my thought was,
well, first of all,
I do want to I do appreciate this
guy because.
I think a lot of the time we
read these stories and they're just like,
oh, thank you for Microsoft for helping,
working with me to get my account back
and basically sucking up.
And it's really cool to see him be
like, hey, I am appreciative,
but also like,
He said here,
it's unfortunate that such a big company
can bring your account back if you ask
them to.
The way it all went to me is
a little bit shady because it's not that
they can't bring your account.
They won't bring back your account if
you're a nobody, which is true.
You shouldn't have to shame a company and
go viral and be a big-name person in
order to get this kind of treatment.
It's really crap.
Yeah.
Yeah, I think other than that,
you really hit kind of my other big
point,
which is I've been sending this to friends
and family,
especially I've mentioned my sister had
her first kid recently.
And kind of sending this is like, hey,
where are you storing pictures of your
kid?
Like what happens if that gets deleted?
And I'm thinking of several years ago,
we were talking about this before we
started streaming.
There was a guy who...
His his toddler son started to develop a
rash in his genital area.
And so his doctor,
I believe this was during lockdown.
And I think that's why his doctor said
this, but I could be remembering wrong.
But his doctor basically said, like, well,
keep an eye on it.
See if it grows bigger.
I think even told him specifically, like,
take some pictures.
And, you know, if if it gets worse,
we'll we'll take a look at it.
And so he started taking pictures with his
phone and the pictures sync to Google
Drive.
Google closed his account and turned
everything over to the police and said
that it was CSAM,
which is child sexual abuse material,
for those who don't know.
The police investigated and cleared this
guy and told Google, like, no, it's fine.
Everything's above board.
Like, this is a medical thing.
And Google still would not reinstate his
account.
He actually had to get his data back
from the cops.
Like, the cops were basically like,
that sucks.
We don't know what to do.
Here's what Google gave us,
if that helps any.
So...
Yeah, I mean, it's really hard not to...
It kind of sucks because everything is so
digital now.
You can either self-host,
which is a huge commitment,
especially if you're going to self-host
everything,
like all your own photos and calendar and
email and everything,
or you can rely on someone else.
But even these encrypted services,
you know,
like if I'm relying on ProtonDrive and
Proton decides to ban me for whatever
reason, what do I do?
So, I mean,
it's really important just to keep backups
and ask yourself that question.
Like, if this goes away today,
what's my redundancy?
What's my safety?
You know, if...
I think about that a lot with signal.
I've got my whole family using signal.
If end-to-end encryption gets banned and
signal pulls out of the U S which
would be weird because signals based in
the U S,
but you know what I mean?
Like,
where am I going to move my family
to?
If, um, if simple login goes away,
where am I going to move my email
aliasing to just at least have those plans
in place?
I think is what I'm getting at.
Cause it's, uh, like he said,
if you're not a big name,
you're probably not getting your crap
back.
So yeah.
Yeah.
Definitely.
I mean, yeah, this original,
like the tweets that Joshua Kane posted
were getting, you know, hundreds of,
hundreds of boosts and likes and stuff.
So I think it's,
looks like his original post was ten
thousand retweets.
So, and eighty two thousand likes.
So just just so we know the scale
of this, it kind of blew up.
So, you know,
if your post doesn't blow up on Twitter,
then I kind of doubt that you'll get
your account back, which sucks.
I can kind of understand why it did
so well, though,
because his original post,
I don't know if we can show it
on the screen.
Yeah, give me a second.
I can go find it here.
uh,
Microsoft deleted my account and OneDrive
and it's like all in capitals when with
deleted and stuff.
So I can understand why, like, you know,
people saw this and were like,
oh my gosh, that's like awful.
Um,
it seems like it resonated with a lot
of people.
So, um, yeah, it's, it's definitely,
there it is.
Yeah.
Cool.
Um, yeah.
So it's, it's interesting.
Um,
that this happened,
but also kind of a special person in
a very special circumstances.
it is kind of funny when something starts
damaging your brand,
then suddenly the company is like running
out to make special arrangements.
So really this should be something that's
handled better by Microsoft in the future.
But like Nate said, you know,
make backups,
don't store all your baby photos in one
drive and expect it to just be there
forever.
Like three, two, one, three, two,
one backups, everybody.
yeah absolutely um yeah what is that ten
thousand almost ten thousand posts reposts
eighty two thousand likes a reach of five
point seven million forty seven hundred
comments so yeah i mean i don't have
kids but thousands of dollars spent on
games yeah yeah good point so that that
would be demoralizing for sure
Alrighty.
Well,
if that's all we have on that story,
I think we'll go ahead and move on
to the next one here,
which is actually some good news.
Some rare, rare good news,
which is that the LAPD is not renewing
their contract with Flock,
at least for the time being.
So the headline says,
LAPD lets contract with surveillance giant
Flock expire,
citing serious concerns over civil
liberties and privacy.
Um, so, uh,
a senior LAPD official told news outlets,
uh,
first ABC seven and the Los Angeles times
that the police department would allow its
three-year contract to expire when it
ends, uh, I believe would be this Sunday.
And they,
the department cited serious concerns
around civil liberties and privacies.
I don't know why I said privacy is
plural, uh, civil liberties and privacy,
uh,
They said,
particularly around privacy and the data
that is being collected,
the LAPD had to make a difficult decision
in this case,
discontinuing flock services until we can
get those data, privacy, security,
and sharing concerns ironed out through a
contractual relationship.
Uh,
a spokesperson for the LAPD did not
respond to a request for comment from tech
crunch.
And, uh,
I'm going to touch on this one in
a second.
It's unclear.
Fox flocks cameras will continue recording
in absence of an active contract.
According to ABC seven,
the police department is seeking new
language in its contract,
addressing privacy and data storage
concerns.
So LAPD is apparently the third largest
police department in the U S my money
is going to say that the first is
NYPD, New York.
And I'm going to guess the first is
probably going to be a federal agency like
the FBI, maybe.
Cause I mean,
LA and New York are the only mega
cities in the U S so I don't
know who would be bigger than them,
but yeah.
They said that several major cities have
also stopped working with Flock,
citing privacy worries and concerns that
federal officials use cameras to track
people in violation of local laws.
And a Flock spokesperson said that this
contract expiry caught them by surprise,
quote-unquote surprise,
and that they were confident they could,
quote,
clear up the current misconceptions,
unquote.
Of course,
they did not specify what misconceptions.
So –
Yeah, I mean, this is pretty cool.
I like the fact that they're basically
saying, like,
we want to get this information written in
the contract,
which I think is really cool.
I mean, personally,
I would like to see Flock go away
entirely,
but I certainly think that would be an
improvement, at least,
is to get something written down in
contract.
And then it is worth noting that...
They mentioned here the whole it's unclear
if Flock's cameras will continue
recording.
They mentioned further down that that has
been an issue is a lot of the
time these cities are now – this is
kind of like the new problem that we're
facing in some ways is a lot of
cities are successfully getting rid of
Flock, not all of them.
And I really want to know who's paying
off those politicians.
But a lot of cities are getting rid
of Flock.
And then there's this new question of
like, well,
now what happens to the cameras?
Because now there's this question of like,
okay,
who pays to get rid of the cameras?
And so the cameras just sit there.
And then people are wondering, it's like,
okay,
but like Flock has always owned
Everything about those cameras,
like you're basically renting the cameras
from them.
You're licensing the cameras,
you're licensing the software.
It's not like they roll in and they
go, okay,
here's your data rack and your server rack
that goes in your it closet.
And it's all yours now.
Like, no, it's theirs.
They control it,
which is where some of this controversy
comes from, because then it's like, um,
you know, it's like, oh, they,
they mentioned down here.
Um,
Uh,
four Oh four media reported that a U
S drug enforcement administration used a
local police officer's password without
their knowledge to search for a suspect
suspect accused of an immigration
violation.
And that's without him knowing,
like the local police are doing search for
the feds all the time.
And the feds are just,
it's the point is like, it's,
it's remotely accessible anywhere.
So if these cameras are still there,
they could at very least in theory,
still be recording.
I don't know.
I'm not going to say if they probably
are or not.
I don't know, but they could.
And they said in this article that in
some cases, like,
the cameras have been removed and then
come back.
Where did that go?
Um, yeah.
Uh,
some locals have taken matters into their
own hands by dismantling flock cameras and
covering them with trash bags.
Even as some communities found that flock
reinstalled cameras without permission
from local authorities.
So yeah, I, I don't know.
Um, this is good.
It's really good to see LAPD pushing back.
It's really good to see flock facing all
this intense criticism.
Um,
I need to get a good lawyer because
I keep saying stuff like this.
The Flock CEO, in my opinion,
is absolutely morally bankrupt and has no
moral compass other than money.
And so until we start seeing stuff like
this happen,
these major organizations – because I
don't think they care about the little HOA
in –
Backwoods County, Kansas,
like they don't care about that.
But LAPD,
that's millions of dollars a year easily.
I guarantee it.
So until these bigger police departments
and agencies stop using Flock,
it's not going to hit them in the
wallet and they're not going to change.
That's the only way they're going to
change.
So again,
I would like to see them go away
entirely.
But the fact that LA is at least
demanding...
So some sort of contractual improvement
here.
I guess my only question at that point
is we would have to wait and see
if it gets enforced.
If there's some kind of contract
violation,
will they actually take flock to court?
But now I'm getting like five years ahead
of myself.
So I don't know.
I think those are all my thoughts.
I think that's the story.
Did I miss anything?
Do you have any thoughts I missed?
I think it's interesting,
like when you talked about like the budget
and like what,
how much money is going to flock here,
just so we're on the same page, everybody,
the LAPD has a budget of one point
nine billion dollars.
Like that's literally like an obscene
amount of money,
especially just for like a single
department.
Right.
So when we talk about like all this
flock contract,
we're probably talking like
hundreds of millions like maybe tens of
millions maybe a hundred million like it's
probably a lot right like this is probably
a pretty big um a pretty big contract
for them so like this is kind of
a big win like this is uh taking
a pretty massive chunk out of um
out of flock's pocket here.
And I think it was interesting.
This article by Zach Whitaker, it's, uh,
he says researchers have identified an
uptick in documented cases of motorists
being pulled over,
detained and held at gunpoint by police or
jailed due to false positives and errors
with licensed flight readers.
So like we, like, you know,
we've kind of talked about this a lot,
but these systems are like notoriously not
very accurate.
Um,
yeah.
And they're just, you know,
they lead to all these sort of problems.
Um,
and it's good to see that the contract
did get canceled in the end.
Um, and especially such a big contract,
because like I said before,
one point nine billion,
that was in twenty twenty three.
Um,
and apparently they're probably hiring
more people.
So that's probably going to go up a
couple hundred million.
Um, so definitely, definitely a win there.
Um,
I think it's, yeah,
it's definitely interesting.
They didn't mention anywhere in the
article the contract cost or, like,
how much it would have been for them
to lose, but we can kind of speculate,
obviously.
Yeah, no,
this is just kind of a win.
I don't really have too much more to
add on it.
I do want to add in relation to
cost.
Yeah,
the last city I lived in in Texas
was a major city,
probably one of the smaller ones in Texas
to be honest,
but it was a major city,
and I know that our budget –
The police department budget for Clearview
AI was somewhere in the neighborhood of
two million dollars a year.
So, yeah,
just to kind of give you an idea
of how much this may or may not
cost.
Yeah,
a lot of these megacities like New York
and L.A.,
their police have more budgets than a lot
of militaries in other countries.
It's it's wild.
But, oh,
they operated one hundred and thirty eight
cameras in Los Angeles.
I wonder if that's Los Angeles proper or
the entire basin.
so sorry, I'm on the LA times.
So, yeah,
I think it is kind of astounding when
you, when you think of the budget,
I think people, yeah,
I don't realize that states in the United
States are like mini countries basically
compared to like, you know,
things in Europe and stuff.
Um, so it is kind of, um,
it is kind of a lot of money,
um, that this contract was probably,
I mean,
two million for that contract probably.
Um,
But, yeah, we'll see.
We can hope that this continues and,
you know,
more cities are discontinuing this
because, like we've said, this is, like,
really bad for people's privacy and really
bad for mass surveillance.
You know,
I would say maybe put a trash bag
over some cameras.
I mean, that's probably not a crime,
right?
I don't know.
But, yeah, this is sort of creepy stuff,
so.
You can get involved with that.
I believe there's a website that's got
people organizing.
It's called Deflock.
Deflock.org, I think, yeah.
Deflock.org, yeah.
So, yeah, definitely check that out.
Yeah, and I was going to say, oh,
wow.
LA Times says the LAPD's automatic license
plate reader system includes two hundred
and forty eight pole mounted cameras,
one hundred and forty cameras mounted on
police vehicle roofs,
fifteen hundred cameras installed inside
police vehicles and seven mobile trailer
cameras.
Wow, that's.
Geez.
Anyways, no, what was I going to say?
Yeah,
and not to put too fine a point
on it,
but just last week we covered a story
about a cop who was abusing – a
cop in Florida who was abusing all the
databases to stalk a girl that turned him
down while he was trying to hit on
her.
So yeah,
these things are just so prone to abuse.
As far as I know,
there's still no studies showing that
there's a significant drop in crime due to
mass surveillance.
So yeah, it's just –
just yikes but that's all dag said uh
states in the eu are literally yeah that's
what i meant i meant like the countries
like you know like i feel like the
states in the u.s almost like many
countries but that's that's what kind of
what i was trying to say i don't
know if i said that right but
It's, it's honestly very similar.
Um, I mean, obviously I've,
I've never lived in Europe,
so I can't say for sure,
but from what I understand,
it's like States in the U S do
have a pretty large degree of autonomy.
I think,
I think our federal government does have a
little bit more say than like the EU
commission or whoever in Europe.
But, um, it's honestly,
it's a very similar system where States
have a lot of autonomy.
So it's, I mean,
everything is simple as a tax rates.
Um,
Like, even how you register vehicles,
how you register to vote.
Like,
some states allow mail-in voting for
anybody.
Some states, you have to be, like,
active-duty military.
Like, it's very patchwork.
But, yeah.
I think we're ready to move on to
site updates,
unless you had anything you wanted to add
to that one.
Cool.
No, yeah,
let's dive into some site updates here.
But I guess before we dive into some
privacy of...
top period trackers.
I'm just going to give some quick updates
about what we've been working on at
Privacy Guides this week.
In case you haven't seen,
we put out a new video.
This was an interview with
Rudy Wang from Cape Mobile.
We've had a lot of questions about this
service and people just wanting to know
more about it, whether it's trustworthy,
whether what they say is actually true.
So Jonah kind of sat down with Rudy
and asked a lot of questions that
I think a lot of people would have.
So if you've seen the service,
I guess this is very much a US
specific video because this isn't
something that's available outside the US.
So if you're in the US and you
have heard of CAPE and you're kind of
skeptical or you kind of have questions
about it, you can check out the video.
As always,
we're not affiliated with anyone.
We don't give the questions beforehand.
There was no financial incentive or
anything for this video.
We just kind of wanted to
to ask questions and get some responses on
how some features work and stuff like
that.
So if you've had questions about how that
works or you're skeptical about it and
you're not really sure if it's legit or
not,
I think it could be a good idea
to check that out.
It's quite a long interview,
but you can have a look.
There's timestamps for every question in
the video and
Maybe there'll be something there if
you've been considering it.
Hopefully that answers some questions that
you have.
Cool.
Yeah, I've been using Cape.
It's worked pretty well for me.
Every once in a while,
I will have to reboot my phone.
Just this morning,
I went out to get coffee.
And for some reason,
the cell signal was not working.
So I just had to reboot my phone,
and it popped right up.
Yeah,
I have not listened to it yet because
it is about an hour long,
like you said.
But it's going to go in my queue
for sure.
I cannot wait to listen to that.
That's kind of really the only site
update.
There was a really quick,
we fixed a broken link about data erasure
that was in the Linux overview page.
Um, but other than that, I mean, it's,
it's been, uh, um, I, I actually haven't,
uh, told Jordan this,
but I did film the next video.
Um, like we wrote the script,
I filmed it.
Um,
so now I need to do the first
cut of that and then send that over
to Jordan,
but I know you're still working on the
video before that.
So yeah, we're,
we're chugging along at a nice rate and
there is content on the way in addition
to this podcast.
And, um,
That content is made possible by
supporters.
So you can sign up for a membership
or donate at privacyguides.org slash
donate or pick up some swag at
shop.privacyguides.org.
Privacy Guides is a nonprofit which
researches and shares privacy related
information and facilitates a community on
our forum and matrix where people can ask
questions and get advice about staying
private online and preserving their
digital rights.
And now it is time to talk about
Cloudflare's latest bot detection plan.
Yes,
let's dive into this story here from
nerds.xyz.
Cloudflare precursor watches your mouse
and keyboard to decide if you're human.
Cloudflare wants websites to stop asking
visitors to prove they're human with
irritating capture puzzles.
Its replacement, however,
involves watching how people move, type,
scroll,
and interact without a page throughout an
entire session.
Cloudflare's response has basically been
to release this new product called
Precursor,
a behavioral bot management system for
Cloudflare Enterprise bot management
customers.
Instead of checking one login, click,
or checkout attempt,
Precursor continuously evaluates activity
inside the browser to determine whether a
visitor appears human.
Cloudflare says the system looks at
signals such as mouse movement,
scrolling rhythm, typing cadence,
clipboard activity, page visibility,
and whether keyboard events happened while
a text field was selected.
It does not capture the actual keys being
pressed, according to the company.
It studies the timing and rhythm instead.
so i think the immediate thing from this
is this is a lot more tater than
uh what previously they were trying to
collect right like before it was like you
know your mouse movements and how you
clicked on a checkbox um that was how
the turn the cloudflare turn style used to
work um and you know it would it
would also get information about your
connection and such to kind of evaluate it
but this is like
a lot more invasive because it's you know
it's checking a lot more uh parameters to
basically identify if you're um a human
being and i think this is basically a
response to like agentic systems right
because people are using agentic browsers
and um
you know,
systems to basically automate processes.
And a lot of times they're using it
for abuse.
So basically just because someone's using
an agentic system doesn't mean they're
inherently a good actor.
So, you know,
websites kind of have to crack down on
this sort of thing, which is kind of,
it's just like another thing that AI is
bringing us
you know, thanks AI again for doing that.
So, you know,
this is another way for websites to
basically determine if you're a bot or
not.
I think this is, again,
like Cloudflare is like one of those
companies that has a bit too much control.
They have, you know,
a large network that is covering a
majority of the internet and basically
them becoming like the gatekeeper becomes,
kind of an issue um but I guess
if this all worked like locally I'm not
sure if this would be as much of
an issue but I think just the inherent
way that this is described is that this
data would have to be collected and and
analyzed by Cloudflare itself um so
it's kind of unfortunate um this is
definitely better than google's way of
doing things like google was originally
asking you to download an app on your
phone um and you need to have like
a verified google android device to verify
your identity with which i think was
definitely worse um so yeah this is kind
of interesting but also just like a little
bit dystopian um the fact that they have
to track so much information to determine
if you're human or not um
But yeah,
kind of throwing it back to you here,
Nate.
How do you feel about this one?
Yeah, no, I'm with you.
I mean, I think further down,
they do say that they try to...
Where is it here?
Uh...
Cloudflare is emphasizing privacy in its
description of precursor.
The company says it collects the minimum
information needed to identify automated
activity and does not record actual
keystrokes.
It also says behavioral information is
analyzed as aggregate patterns and not
connected to login identities,
customer accounts,
or persistent user profiles.
But the author goes on to say those
protections are important,
but the privacy concern is still difficult
to ignore.
And it says,
software that continually measures mouse
movements, typing cadence,
clipboard activity, focus changes,
and page visibility may feel invasive even
when it does not capture the content being
typed.
So yeah, it's definitely...
I don't know, Cloudflare is,
my complaints with Cloudflare are
different than most people.
I actually have more complaints about the
amount of centralization, you know,
that one of their engineers will
accidentally push bad code and crash a
third of the internet and now people are
stranded in the airport.
But I mean, this is still, yeah,
it's like, I don't know,
even when you aggregate this kind of data,
I still feel like there's gotta be ways
for it to be de-anonymized.
There's gotta be concerns with how it's
stored.
Cause I mean,
it has to be stored individually so that
you can discard old data, right?
Like you can't just have this pool where
you just keep throwing everything.
It'll be like water, it'll mix together.
How do you know what the old water
is?
And I don't know.
It's just, yeah,
I'm not really a fan of this,
but I do wonder what trying to get
around this is gonna look like.
Cause I know that,
for example, with like you block origin,
for example,
if you disable JavaScript entirely,
sometimes captures just won't load at all.
And then you just can't get onto the
website.
So yeah, it's, um, it's frustrating.
Cause this is,
this is like a cat and mouse thing
where, you know, the bots,
there were bots on the internet.
So then we added captures,
but then the bots learned how to do
the captures.
So now we're doing something else.
And it's,
Yeah, I don't know.
It just sucks.
I don't think I have much more to
say than that.
It just sucks.
Not a fan.
Yeah, I think the main issue that, like,
you kind of touched on a bit, but,
like,
I think the main issue is people don't
really like that, like,
the entire internet is centralized on
Cloudflare.
You know,
especially I think Cloudflare is,
everyone kind of knows it's, like,
you know, an American corporation.
I think a lot of, like,
companies in Europe are, like,
becoming skeptical of these sort of
things, trying to not have everything be,
like,
routed through a company like that um i
think also the uh the issue with this
sort of system is that it locks people
into a capture based system right like if
you if you set this up on your
website then um
you know,
it kind of locks you into continually
paying for this forever to protect your
website.
And yeah, I don't know.
I don't think Cloudflare is as bad as
every other company we talk about.
Like we talk about like Microsoft, Google,
Facebook, Meta,
like they're all really bad and Cloudflare
is definitely less bad.
So, you know,
not letting them off the hook,
but like
They're definitely not as bad as those
companies.
But I think it does seem like this
is a good faith attempt at stopping this
sort of thing.
But, you know,
obviously we're going to have issues when
it's collecting, like Nate said,
a bunch of information that
is in the broader scheme of things
somewhat unnecessary,
but I guess there has got to be
a way for websites to protect themselves
against these bots and like agentic
systems.
So I'm not really sure what the solution
would be that doesn't collect this much
information.
Um, yeah,
it kind of just is a really crappy
situation.
Um,
Yep.
All right.
Well, if that's all we got,
I think we'll move on to this next
story from Mozilla.
All righty.
So this will be a fun one.
This is some research from Mozilla that
says, well,
sort of from Mozilla that says your period
should your period data should be private.
This is sort of from Mozilla because they
actually work together with the
transparency hub at Harvard's Berkman
Klein Center and
and the Siebel school of computing and
data science at the university of Illinois
to examine historical changes to the
privacy policies and provide additional
Android testing.
So, um,
I mean,
I'm actually going to read what they wrote
because it's pretty short and I think it's
pretty good.
So it says the data we keep on
our phones is sensitive.
For women,
period data is one of the most sensitive
data points we share with our device.
That's because period tracking apps aren't
just about when your period happens.
Apps in this space ask you to log
extremely intimate details so it can
predict your cycle or help you get
pregnant from when you bleed,
but also when you've had late night
chocolate craving and even when you have a
miscarriage.
In a post-OBs landscape,
we believe safeguarding this data and
keeping it private is more important than
ever.
Our privacy expert Shoshana Wadinski did
hands-on testing of six popular period
tracking apps, Yuki, Clue, Flow,
Period Calendar, Planned Parenthood,
SpotOn, and Stardust.
We discovered data sharing to analytics
companies, privacy washing,
but also a standout option when it comes
to keeping data safe.
So you can see here that they did
like a ten-point scale.
Yuki got a perfect ten,
and for the record, if you click these,
if you go to the website,
which Jordan mentioned earlier,
this should all be in the newsletter that
you can go see,
privacyguides.org slash livestreams,
plural, I think.
I usually get that wrong.
I think it's plural.
But yeah, you'll find the link in there.
And Yuki, if you click on it,
it'll take you... Oh, yeah,
it's going to load right in here,
actually.
It'll take you to a full expanded,
you know,
should I trust their default settings?
What personal data do they collect?
What's their track record?
The good and the bad,
so on and so forth.
And they do that for each one of
them.
So yeah,
Flow is a very popular one I've heard
of.
Stardust is...
a very popular one because they've all got
pretty websites,
but Stardust actually rated the worst two
out of ten.
Yuki is one we do recommend on privacy
guides, and that is all, I believe,
entirely on device.
I think there's even ways to lock it
down to make the data erase if you
need to.
I could be wrong about that, but yeah,
it's...
It's pretty cool, I guess.
I'm a cis male.
I've never used any of these myself,
but I know my wife has come to
me a few times about like, hey,
I've heard about this one.
What do you know about this?
Clue is one that I'm particularly mad at
because that was one that she heard about
and came to me and was like, hey,
could you look into this for me?
And their marketing on their website is
all like, oh, we can't turn over data.
But then when you read their privacy
policy,
it's like we use these twenty analytics
companies and eighteen of them are based
in the US and
So I'm particularly pissed off at them
because I feel like they're really lulling
users into a false sense of security.
But... Oh, Flo has an AI chatbot.
How cute.
I'm sure there's nothing wrong with that.
So, yeah.
This is just... I mean,
health data in general is really
sensitive.
And I feel like this is another area...
There's a lot of areas where...
I'm gonna get on my soapbox here.
There's a lot of areas where privacy
developers,
and I feel bad when I criticize
developers, because again,
I don't know any code,
so I cannot be part of the solution
here.
But there's a lot of areas where privacy
developers focus too much attention.
Like I swear to God,
you can throw a rock and hit ten
encrypted messengers.
But then there's other like very simple,
like there's not a lot of to-do lists
out there.
There's not a lot of really good quality.
There's like one calorie tracker that
looks like it was built in like,
There's not a lot of...
I'm trying to think what else there,
I don't know.
There's just, there's, I mean,
there's also like million Bible apps for
some reason.
I'm not sure why that is.
I don't really care.
I just find that interesting that if you
go to F droid,
there's like a million Bible apps,
but it's just,
there's certain things in privacy that are
overrepresented and certain things that
are underrepresented.
And I feel like health in general is
one of those things where we just don't
have enough good quality health options
out there.
So I don't know.
It's good to know that Yuki did well.
I think there's a couple others we
recommend on the website.
Um,
But yeah, if you,
I'm assuming most of us,
unless you are an extreme hermit,
probably know at least a few women.
Definitely go ahead and send this to your
friends,
send this to your family and let them
know about this kind of stuff.
But I don't know that I have anything
too specific to add to this story.
I just thought it was a really important
story that deserved to be mentioned.
And I'm glad that our recommendation
performed so well.
Yeah, definitely.
It's definitely good to see that things
are, you know,
our rigorous process is also, you know,
being approved and confirmed,
which is great.
I think I do want to add here
kind of quickly.
I don't know,
this article mentions like women a lot.
Like, I just want to mention like,
you know,
Not just women,
like just people that menstruate.
Just saying.
You've got to be a bit more inclusive
there.
I think the interesting thing here is some
of the stuff that they talk about that
kind of goes over my head and,
you know,
maybe this is something that people who
don't menstruate don't realise.
I don't know how much you can talk
about this, obviously,
because this is more of a US thing.
This is not really a thing in Australia.
But what is...
kind of the risks with this because as
I understand it there's quite a situation
regarding like abortion and stuff like is
this really as risky as as the article
is saying like so um I don't know
how qualified I am to talk on this
because I have not been following it
closely but
Okay, this is purely personal opinion.
Well, okay, this part's not.
So Post Dobbs is talking about – so
in the sixties,
we had this case in the US called
Roe versus Wade.
And basically what the Supreme Court – the
US Supreme Court decided that – and –
This is true,
which is going to lead to the opinion
part.
Basically,
they said that the government does not
have a right to a woman's body and
that that is like a privacy issue.
And like like it's not really the
government's place to tell somebody that
they can't get an abortion.
And that effectively legalized abortion in
the US for decades until a few years
ago when somebody challenged it and the
Supreme Court,
who is now stacked with conservative
judges, decided, you know what?
Yeah, well,
this is not something that the federal
government should decide on.
This is something that should be decided
at the state level.
And then all of a sudden,
a whole bunch of conservative states raced
to introduce anti-abortion laws.
Texas decided to make a point out of
one particular woman.
I will die on that hill.
Yeah.
The opinion part that I want to throw
out there is I really think this was
the wrong way.
Even if you are – like even if
you think abortion is murder,
I don't think this was the right way
to go about that because, again,
the Supreme Court said this is about the
government saying they don't have a right
to your body.
And I think that's a really weird one
that you want to fight to get your
way.
But I digress.
Yeah,
so in – I don't know how much
it has been exercised.
Like it's definitely –
We've definitely seen situations where I
don't know that they're necessarily
privacy related.
But again, OK, so in Texas,
there was a lady that I might have
the finer details here wrong.
But basically, like.
I think the OK,
forgive me if I get the details wrong,
but it's not too far off from this.
The fetus is not going to be born.
I mean this was a long time ago,
so I should be talking past tense.
But the fetus was not going to be
born, period.
But no doctor was willing to operate
because they knew that they would get in
legal trouble for performing an abortion
even though medically she needed it and
there was zero chance that the fetus was
going to survive.
And if they don't operate,
there's a pretty good chance she won't
survive either.
And Ken Paxton still refused to make an
exception for them because like nobody
wanted it.
So like they literally put someone's life
at risk just to make a statement out
of her to make this an anti-abortion
thing.
So this is having like real impacts on
people and their lives and.
It's – I don't know.
Again,
I have not kept too close of an
eye on this,
so I don't know exactly how many privacy
invasions this has resulted in.
But I do know that this is definitely
like – it basically chipped away at your
protections from the government for
privacy.
So yeah, it's –
It's not great.
And it's, again,
this is one of those things that the
Supreme Court decided is now a state
issue.
So some states have still legalized
abortion.
Some states have not.
Some states you can with certain caveats,
like if it was a sexual assault that
resulted in the child, it's, yeah,
I don't know.
It's a whole, it's a mess.
It's a mess.
But I think people are right to be
worried about it because if you live in
one of those red states and one of
these apps,
decides that um like if you had a
miscarriage you could look at the metadata
of the app and it could suggest that
maybe you had an abortion you know it's
like it's one of those things where the
metadata can sometimes tell a misleading
story so it's definitely something that i
think people at very least should have on
their radar and should pay attention to
regardless of their political beliefs
because there's no protections there
anymore so i don't know i don't know
if that made sense
Yeah, I guess.
Yeah.
I, I think it's good.
You're bringing it back to like the
privacy aspect, right?
Like this is important data that could put
people at significant risk, right?
Because, um,
no matter how you feel about abortion, um,
you know, this data is, um, you know,
if someone wants to get an abortion, uh,
then that data could be problematic,
could mean that they get jailed.
This is a significant issue.
This is data that could put you in
prison, basically.
So take it with a grain of salt
because this is the AI summary from Brave.
But according to the AI summary,
there have been criminal prosecutions and
data subpoenas because the Roe v.
Wade protections are no longer in place.
They said there was a Mississippi mother
who was accused of murder after
investigators used her online search
history for abortion medications as
evidence following a stillbirth.
And for the record, these are summaries.
I don't know if these people are actually
guilty of anything or not.
In another case,
prosecutors secured a twenty-year sentence
that was later overturned by using a
woman's text messages to argue her
miscarriage was self-induced abortion.
A Texas man utilized his wife's private
text messages regarding abortion pills to
file a civil lawsuit against her and her
friends.
Um, so yeah, I mean,
this is definitely having an impact for
sure.
So yeah.
Yeah.
I think as well, I believe, um,
a former team member, uh, intern Kevin,
I believe wrote an article reviewing.
all sorts of these period tracking apps,
which I'll just kind of bring this back
to the tools here.
This is on our health and wellness page.
We recommend Drip, Yuki,
like the one Nate mentioned,
and also Apple Health for...
um menstrual cycle tracking so if that's
something that you know if you've been
using like flow clue period calendar um I
know there's a lot of different ones um
that's
definitely check out our recommendations.
It's worth it, especially if you're,
you know,
living in a situation where you could be
at risk.
I think this is an easy switch for
that.
They do allow import of data as well.
So, you know,
you can export your data from those other
less private apps imported in.
I think it's definitely important to
uh, be concerned about that, um,
and not to become complacent because yeah,
I think that's probably the most, uh,
concerning thing about that situation,
just like how quickly things can change,
um,
and how quickly things that you took for
granted can disappear.
Um, so, you know,
don't become complacent because stuff
that's legal today may not be, um,
Why do you think Apple Health is private
enough?
Henrique asked in the chat.
The main reason is because it uses
end-to-end encryption with syncing.
You also don't have to sync it either.
um and you know basically no other app
offers syncing with end-to-end encryption
the other two apps are both offline so
they don't sync at all which can be
an issue but um apple is basically the
only company that does end-to-end
encryption on like health records and
fitness data it is what it is it's
the best
that we have.
Apple has problems as well.
I think, you know, be careful with that.
I think syncing the data is also more
risky as well.
And I believe that is something that Kevin
did mention in that article.
So just be aware of that, too.
And, yeah, I don't know.
It's tricky.
You've got to use the best tool.
I was talking about that to my sister,
but she ignored.
I mean, yeah,
you've got to pick your battles, I guess.
Sometimes some people don't get super
engaged on something unless, you know,
they're personally invested in it,
which kind of sucks.
But, yeah,
we kind of talked about this a lot,
but, like,
you know,
getting people to care about these issues
is definitely something that doesn't
happen overnight.
So, you know,
keep subtly pushing someone in the
direction and maybe they'll finally
understand.
Yeah.
And something I want to add on to
that is, um, definitely try to resist the,
uh, the urge to, I told you so,
um, which I, I feel it too,
for the record when like people that
normally say they, you know, Oh,
I have nothing to hide, whatever.
And then something happens and they come
running to you and they're like,
Oh my God, what do I do?
And it's like, well,
if you'd have listened to me a year
ago, you wouldn't be in this situation,
but try, try not to do that.
Um,
cause then they're just not going to come
back to you next time.
So
yeah it's it sucks it really does suck
that most people don't care until they're
in the fire and then at that point
they just want like you know it's like
doxing right like people will come to you
and they're like oh my god i'm being
doxed what do i do and it's like
what do you want me to do i
can't take the information off the
internet like yeah there's stuff we can
try to do but it's i mean really
unless you're gonna move there's nothing
we can really do but wait for it
to blow over and it sucks but it
is what it is um
I was going to say,
I'm pretty sure my wife is using Yugi
and I think she was pretty happy with
it.
So yeah.
I will also say these apps do a
lot more than just period tracking.
So if you need tracking for any sort
of like sexual health stuff,
definitely check it out.
Even just tracking mood stuff.
It's good as well.
So yeah.
Yeah, not only for people that menstruate,
but yeah,
definitely worth checking out if you're
using something that's less private.
Yeah,
I was going to say it's helped her
understand a lot more because, you know,
since it's like hormone related,
like sometimes she's just naturally more
tired and other times she has more energy
and just being able to track that has
helped her with that stuff too.
I think that's all we've got for stories
so far.
Awesome.
Cool.
I guess we can roll into some forum
updates then.
In a minute,
we'll start taking viewer questions.
So if you've been holding on to any
questions about any of the stories we've
been talking about so far,
go ahead and start leaving them on the
forum thread or in the comments section on
the live stream.
But for now,
let's check in on our community forum.
There's always a lot of activity on the
forum, but...
Here's one particular thread that we
thought was worth highlighting this week.
So I'll give a quick overview and then
I'll throw it back to you, Nate.
Briar is in maintenance mode.
This is a post from the Briar project.
This is a quick update about the status
of Briar.
Short version,
the project is still active,
but we're only making essential security
updates and bug fixes for now.
I guess the long version for several years
we've been trying to find solutions to
some of the longstanding issues with
Briar, such as high battery usage,
unreliable background operation on
Android,
missing features like account backup and
file attachments,
and a difficult user experience for adding
contacts and communicating offline.
We considered completely rebuilding the
application from the ground up or even
splitting it into a separate application
for online and offline use.
Meanwhile,
the project didn't have funding.
We were reluctant to look for funding
without having a long-term plan.
And so we could only work on Briar
in our spare time.
Last year,
we decided that we wouldn't realistically
be able to solve these issues.
And so we reluctantly decided to shut down
the project.
We worked on releasing a final update for
Android and desktop to allow the app to
remain functional for as long as possible.
In the meantime,
we were hearing a lot of supportive words
from people who we had told about the
decision.
The app continued to attract new users.
So finally,
we decided to continue the project in
maintenance mode.
We're only making essential security
updates and bug fixes for now,
but eventually we hope to make some
incremental progress on these longstanding
issues.
We're sending out this update because some
rumors have been circulating that the
project is shutting down.
Based on conversations we had with people
in the internet freedom and privacy
community last year,
these rumors are out of date.
The project is continuing.
All right.
What do you think, Nate?
I think that's good.
I know a minute ago I was just
like, oh my God,
there's too many messengers.
But the reason I think there's too many
messengers is because I think a lot of
them are not...
meaningfully reinventing the wheel.
Not that every messenger has to be like
completely unique from the ground up,
but you know,
a lot of them it's like, oh,
it's just a different UI or like it
routes through, you know,
I to P instead of tour or whatever.
And it just,
it does all these little things that for
the record, I guess, I mean,
that's important to somebody, but again,
I think there's other places developers
should be focusing their attention in my
opinion.
But Briar is one of those ones that,
I mean,
I think my only beef with Briar is
that it's not available on iOS,
I don't think.
Briar actually has a unique niche,
which is that it can function offline.
It can function peer-to-peer.
The only time I've really used it
personally is...
Sometimes my wife and I will fly.
And because I am very cheap,
I will not spring the extra money to
make sure that we get seats together.
And usually you can just ask somebody and
they'll switch like, Hey,
do you mind if I have your seat
so I can sit next to my wife
or whatever?
It's usually her asking actually,
but sometimes we can't do that.
And so we'll use Briar to like keep
in touch while we're on the plane and
we don't have cell signal.
And which is, it's pretty interesting,
but yeah,
Uh, you know, there's,
there's other actual use cases, you know,
if you're in an area, um,
like I could see this being useful in
a, especially foreign countries.
Like,
was it Venezuela recently that had like
really bad earthquakes?
Like when you get outside the U S
and Europe,
the Android adoption rate is so much
higher.
And so a situation like that would be
great for something like Briar.
If you live in a country that has
a really bad infrastructure,
it could be great for something like
Briar.
So yeah.
yeah i'm just i'm really glad to see
that they are going to stick around even
if it's just maintenance mode and i hope
that they will be able to get the
resources they need to keep developing
because like they mentioned there are
Some things that do genuinely need
improvement, you know,
better battery life.
I mean, the UI, in my opinion,
could use a little bit of an update.
And I'm sure there's a whole host of
things from people that actually use the
project regularly.
But yeah, I think it's really cool.
I'm happy they're not going away.
And I hope they will be able to
get whatever they need to resume full
development as soon as possible.
I think that's my takeaway.
Yeah, I definitely agree.
Um,
I think this has definitely been one of
those apps that like, you know,
like we saw in Iran,
there was like a whole internet shutdown,
right?
Like, you know,
you're not going to be able to use
signal if the entire internet is down.
Um, you know,
having an app that can operate without
accessing the internet is kind of
important.
And, um, um,
Henrique said,
probably simple X is enough for most
people.
No,
because like if the internet
infrastructure is down,
then you're kind of, you know,
what are you going to do?
So if you don't have internet,
that's why I think something like this is
so important.
All righty.
I mean, yeah,
I didn't really have much else to add
to that.
I also think I wanted to include this
story just because Briar is one of our
recommended tools.
And they said rumors are going around that
it's shutting down.
So I guess I kind of wanted to
signal boost that a little bit.
But if that's all you have,
I think that's all I have for that
one.
Yeah,
I've never actually met anyone that used
Briar before.
So I've never actually used it.
But it does seem really cool.
Yeah, like I said,
I've only used it in small bursts,
but it's interesting to me for sure,
especially...
I was a little disappointed once I moved
to Android, and I was like, oh,
now I have access to things like Briar,
and like you said, nobody uses it, but...
Which is a bummer, because it's cool.
But yeah,
it takes a hit on your battery life
for sure.
But I think with that,
we'll move into our Q&A segment.
So we're going to start with our questions
on the forum from our paying members.
If you want to get priority in the
Q&A,
you can become a member by going to
privacyguides.org slash donate.
Or anywhere on privacyguides.org,
you can click the red heart icon in
the top right corner of the page.
We did actually have one question that
somebody left, I think,
after we started streaming.
It says,
what are your thoughts on private message
sharing?
They say people will often share
screenshots of messages between other
people,
whether that be in public groups or
private messages.
From people wanting to respect others'
privacy, should we call this out more?
Are there any factors that would make this
okay,
such as the person you are sharing them
with, for example,
a partner versus a large group?
What else do you see people do that
despite being privacy invasive of others
often gets overlooked?
I don't know about that last part.
That kind of puts me on the spot.
But yeah, I think it's very contextual.
I think
Personally speaking,
I think – I don't know.
I think it's a gray area because on
the one hand,
I think anything you do in a public
space is kind of public,
and you should not –
necessarily expect privacy and i think
that's a little bit different from like a
right to be forgotten like personally i
really love that mastodon has the ability
to automatically erase old content and um
i i wish i would see that on
more websites and services because i think
that's a great thing um like personally if
i saw a screenshot in a public place
like a public discord or a you know
website i would be okay to share that
on mastodon because i know that in three
months it's not gonna be on my account
anymore so it's not like i'm selling
somebody out there
Although I guess web archive exists,
potentially.
I think it's also different.
Yeah, like, you know,
my wife tells me everything.
We tell each other everything.
So I mean, saying like, hey,
this person messaged this,
I think is kind of a given,
in my opinion, personally.
But I think it's, yeah,
I think it's very contextual.
I don't think,
if it's a one-to-one message,
I don't think you should necessarily be
sharing it with like,
like on the forum or something.
And I don't know, it's,
it's really contextual of like what it is.
You know, it's,
I usually ask people to be honest.
I'm like, Hey,
do you mind if I share this?
And I'll,
I'll like censor certain information or
I'll, I do.
I mentioned before,
I have a friend who's in law enforcement
that shares information with me sometimes.
And I will purposely never copy and paste
him or screenshot him.
I will like paraphrase what he said.
Cause even like his, his speech patterns,
I don't want that to get out there.
So,
I don't know.
I think it's definitely something that
people should think about a little more.
If you're just too lazy to paraphrase the
information or something,
it really depends on what the information
is, I think.
I don't know.
I don't know if I'm making sense.
No, it definitely makes sense.
I think you have to be very careful
about sharing stuff that has been shared
with you in private.
I think some people are like...
Some people definitely have this...
this idea that there's no consent required
for that.
Like you'll take a photo with somebody and
then suddenly they'll post it on every
social media platform,
post it everywhere publicly and link your
identity to it.
It's like, no, we need to normalize,
you know,
we need to normalize asking for consent
and not just doing stuff because we think
it's fine.
Um, because, you know, maybe,
maybe you're fine with that,
but maybe they're not like, you know,
you have to,
you have to ask instead of just assuming,
um, I guess, bring it back to, um,
this person's question.
Um,
Yeah,
I think you kind of just have to
do as much as you can.
Like if you're going to share someone
else's messages,
which I feel like you should ask them
first if that's okay,
black out their username,
black out their profile picture,
get their approval first.
Don't just share like text messages from
someone or messages from someone that you
don't
And I even think, you know,
maybe this will be a hot take,
but don't share, like,
messages from an ex-partner.
Like,
especially if you're not talking to them
anymore.
Like, it's not right.
You know,
I don't like those sort of things where
people just, like,
share private messages with their partners
that they don't have anymore.
Like, that doesn't...
That does feel like, you know,
just because you're not in a relationship
with that person anymore doesn't mean you
can just disregard their consent
completely.
But...
Yeah,
I don't really have any more to add
on that.
I mean,
there's some questions here coming in on
the live stream.
Do you think Graphene OS... Oh,
Henrique said, I said on the internet.
Yeah, yeah, exactly.
So SimpleX is definitely a good option
online and Briar is good for offline.
Do you think Graphene OS desktop mode is
better than having a desktop?
Yeah.
No, I think it's definitely got issues.
Again,
I don't have the latest Google Pixel,
so maybe it's become better or it's
supported a bit better on the Pixel X.
But on my Pixel X,
it is very low resolution.
I think it's
I would say it's not ready,
but like if you need something and that's
the only device that you have, then sure,
go for it.
But I would say most likely go for
something else.
Probably not going to be as secure as
Graphene OS.
Dag O'Hall said cubes?
Smiley face?
Which, you know,
I think that's definitely a different...
different sort of thing.
Um, you know,
you're not going to get access.
It's,
it's a much more virtualized
virtualization heavy system, um,
with much stronger containerization and
like separation.
So, um,
that obviously comes with some drawbacks.
Um,
I do feel like the average person is
not going to want to put up with
that.
It's also very complicated, um, to use.
I think it's not super intuitive.
So, um,
Yeah, it's kind of my thoughts on that.
Yeah.
I'm glad you mentioned the security thing.
Cause that was my thought.
I know I've said in the past,
this came from one of.
firewalls don't stop dragons guests.
I can't remember who it was.
And it was several years ago at this
point.
So I'm not even going to go look,
but he was talking about mobile phones.
And he said that from a security
perspective,
we kind of learned from the mistakes that
we made on desktop.
So there is much better like sandboxing
and you know,
like I guess you would technically call it
an atomic upgrading system.
Cause like,
when's the last time you saw a phone
like fail to upgrade and update and break
itself.
Like it's, it's really, really rare.
So yeah,
it's very um they're kind of solving
different problems but yeah my first
thought is just performance like i don't
know if i would trust even like a
pro version of a pixel like i don't
know if i would trust it to handle
games very well i wouldn't trust it to
handle video editing very well although i
hear the macbook neo does okay for some
basic video editing so
Um, yeah,
at this time I think it's just kind
of like the right tool for the right
job.
Like if you just need something to browse
the internet, watch YouTube videos,
check your email, then yeah, sure.
It'll probably work just fine.
But, um, for like serious desktop tasks,
desk desktop tasks.
I don't know if I said that right.
Um, yeah,
I don't know if I wouldn't for me,
I don't think it would use it.
Um,
I want to address this.
He said,
having a proper desktop has problems like
Intel ME and AMD PSP.
Okay, hot take, personal hot take here.
This is not an official privacy guide
stance.
I wrote a blog post a long time
ago.
I cannot find a single piece of evidence
that Intel ME is actually problematic.
It is absolutely problematic just from a
principal standpoint of like,
why is this thing running at ring zero
and...
why does it have such elevated
permissions?
But, like,
there has never been a documented case of
anybody being hacked.
There's...
Let me see if I can find it
real quick.
But, like, I literally went looking.
I spent, like,
a couple days researching this,
and I could not find... Yeah,
so I called it the not-so-scary truth
behind Intel ME, and if it'll load...
You know, they say that it's, like,
this backdoor built-in and whatnot, but...
It's just, nobody has ever called it.
It's coming back to me now a little
bit.
It's still loading, but like, oh,
it's not going to load because that's
blog, isn't it?
Okay, hold on.
God dang it.
Even in Wikipedia,
if you go to Wikipedia and it says
like, oh,
this person accused it of being a
backdoor,
and if you click the link and read
it,
the word backdoor does not appear anywhere
in the article that they cite.
So it's – to me,
it's very much a case of like this
hypothetical like it could be bad.
But there are no documented cases.
It's never been, it's basically,
I think it's one of those things that's
overblown a little bit.
It's like, sure,
try to avoid it if you can.
It's definitely,
it would be a lot better if it
wasn't there.
I'm not going to argue that.
But I think it's one of those cases
where like people have really taken it
It's become like a fear mongering thing
where it's like, oh,
it's the worst thing ever.
And it's like, no, it's just,
I don't know.
I don't know if I'm explaining it well,
but I just, I think too many people,
because especially there's scripts that'll
like remove Intel ME and half of them
will break your computer.
And so it's just, yeah, I don't know.
I don't know.
I don't know.
The web address has actually changed,
so I might post this in the Q&A
thread just so people can find it.
But yeah,
I think it's been kind of overblown
personally.
But again, for the record,
that is a personal opinion.
That is not official stance from Privacy
Guides, but yeah.
I guess to kind of back that up
with our recommendations here,
we don't recommend using Linux Libre
kernel and Libre distributions.
And the main reason for that is they
basically strip out microcode updates,
which, you know,
they're kind of important from a security
perspective.
And they also remove security mitigations
and they also suppress kernel warnings
about vulnerable microcode,
which is just not good from a privacy
perspective.
And the Libre distributions and stuff are
probably the ones you're going to want to
use if you're worried about like Intel ME
and AMD PSP.
So, you know,
that's kind of where we're standing on it.
We don't really have any,
as far as I'm aware, there's no,
you know,
recommendations for alternative
bootloaders,
such as like LibreBoot or CoreBoot.
Those have other separate issues,
but when it comes to operating systems and
stuff, I think there's,
like Nate said, I think there is some,
a little bit of overblowing going on,
but I think it's certainly something to
think about.
Um,
I think it comes back to like people
thread modeling, right?
Um,
if you're Edward Snowden and the American
government is trying to track you down
and, um,
they're going to use every possible
avenue,
which would include that sort of software.
Um,
And Henry K says,
using Arch with AppArmor and UFW for a
security perspective is good enough.
I think I would recommend looking at our
Linux overview page,
which you can find in the knowledge base
and under operating systems.
That's going to have a lot more
information about
things that you should be doing,
especially with Arch because it is so
customizable.
You could make it really insecure or you
could make it quite secure.
So definitely check that out.
Dag also said Secure Blue.
We did do a video about that as
well last year.
That's another one we recommend.
It's one of our most viewed videos.
Possibly, yes.
Linux stuff generally does really well.
There's some extra tips in the Linux
overview page specifically about
Arch-based distributions.
So definitely read that.
I think Linux is going to be significantly
better from a privacy perspective than
Windows and Mac.
So that's basically the main reason that
we would suggest it.
Definitely,
if you watch the secure blue video,
you'll get a better understanding about,
like,
the security issues with Linux itself.
But, yeah.
Kind of everything I had to cover on
that.
I might repost this blog post over on
my ghost now that I'm kind of migrating
stuff over there.
Okay.
Sounds good.
It's not really a question,
but when we were talking about the period
tracker apps, Dag said,
remember that gay priest that was outed by
conservative groups buying his data from
brokers?
Yeah,
I think just kind of goes back to
showing how sensitive data can be.
And yeah,
I think they tracked his location or
something that was being sold by Grindr
and saw that he was going to gay
bars.
So yeah, sensitive data worth protecting.
I think that's all I saw for questions.
I don't know if anybody has any more
last minute questions.
Yeah, we did forget this week.
We've been trying to ask for questions in
our privacy guide supporter signal group
chat.
If you're a supporter, you can join that.
And a couple of team members are in
there just to answer questions and chat
about stuff.
But we kind of have been wanting to
use that as a way to get questions
from our supporters and give them priority
and stuff.
We're trying to,
we'll make sure we get that onto that
next week, but we did forget this week.
So,
but if there's anyone in there now that
wants to leave a question,
feel free to do so.
When is Windows hardening article going to
be released?
There's already a knowledge base article
about Windows, Windows overview page.
which does have some information.
It doesn't have a huge amount of stuff,
but it does have some things already.
It's got a couple of sections,
which I believe are still coming soon,
which is the initial installation,
privacy settings, application sandboxing,
and security hardening.
But like we said,
Privacy Guides is like a volunteer
project.
Apart from Nate and I,
and I believe Jonah, there's not really...
You know,
we're doing work on video stuff and
everything else is kind of volunteer run.
So it's whoever has time, which, you know,
it's already kind of a lot to juggle
because we're doing so many things at the
same time.
It's basically that we can't really set a
deadline on what that's going to be done.
It's whoever wants to work on it,
whoever has time.
And, you know,
sometimes that doesn't always happen,
but we try our best to handle everything.
And I think we've been pretty good about
that because we previously didn't have
operating overview,
operating system overview plans.
pages but we do now um i'm not
sure who was the major catalyst behind a
lot of these it looks like it was
jonah um daniel gray redoomed um a couple
of those um
members were working on those websites,
on those sections of the website.
It looks like this one was mainly Jonah
and Daniel.
So, you know, you can submit, you know,
stuff like this.
You can join the discussion on our forum.
You can help to build out the site
and add resources.
I think that's kind of it.
There is recommendations for other
operating systems as well that we don't
recommend.
So...
Definitely check that out.
There's macOS, there's iOS,
and like we're talking about,
there's Windows as well.
So yeah, check it out.
Maybe help try and build that out if
you have time or if you want to
contribute.
Yeah,
I know Jonah was working on a credit
freeze guide recently.
I'm not sure what the latest on that
is, but there is...
new content on the way.
I think we're always trying to keep the
website up to date and add new stuff.
Privacy's an ever-evolving thing, right?
So there's always going to be updates and
changes.
Good stuff.
I mean,
I actually just this week I was because
we talked about that Windows global ID
thing last week.
And there was a I think you found
it.
If I remember correctly,
there was an article that finally had like
a lot more.
I mean, it still wasn't much,
but it was more information than any of
the other articles up until that point
that talked about like, yeah.
like what it is and what it submits
and how to disable it.
And so when I went to go check
my computer,
I noticed that some of the settings have
changed names,
so even just little things like that.
Real quick, Henrik said,
I don't use Windows,
but my grandpa wouldn't switch to Linux
very easily.
So this is not an official...
recommendation,
but I know Zorin OS was really popular
when windows ten stopped getting support
because when you install it,
you can pick if you want it to
look like Mac or windows.
And so for some people that would be
a transition towards Linux.
Again,
that's not one of our official
recommendations because it's based on
Ubuntu and there are more secure distros
out there,
like the ones we've been talking about,
but it might be like a good intermediate
step to get somebody over towards Linux
possibly.
I need to check out Zoran myself.
It's been a while.
It definitely does look interesting.
Not seeing too many other things here,
unless anyone else who's also watching
right now
has any,
anything that you want us to talk about,
um, any news stories that you've seen,
any questions you have about the website
or what we've been working on, definitely,
um, drop that.
Um, I guess there's also been, um,
some interesting,
more interesting threads on the forum,
which I think we could maybe talk about
one more, um,
to kind of give people a
I think we had two or three that
we were thinking,
but we ended up kind of choosing to
go with that main one about Briar.
But we could just do one more here
if you feel like it, Nate.
Yeah, I'm down.
Did any of them jump out at you
specifically?
I think we could talk about maybe
smart TV tracking.
I mean, we talked about that a bit.
There's one about windows steering users
to edge.
I don't know too much Microsoft bashing
this week.
Oh, there's no such thing.
Yeah.
I mean, so there was a,
there was a report.
Let me see if I can find that
one.
There was a report this week from Mozilla.
So, you know,
take it with a grain of salt,
but it's also not exactly hard to believe
that Mozilla,
that Microsoft still, so they, I mean,
this isn't really like quote unquote news
per se, but Microsoft has been accused of,
um,
pulling a lot of dark patterns,
which for those who don't know,
dark patterns are what we call it when
like it's one click to sign up for
a service,
but you have to email customer service to
close your account.
Um,
they call that a dark pattern because
they're trying to nudge you into doing
something that benefits the company and
not you.
And, uh, so yeah,
windows has been long been accused of
using dark patterns to make, uh,
make you use like their browser edge
specifically.
I'll be honest.
I've never really noticed maybe it's
because of all the changes I make to
windows,
but like I've heard people talk about
like, um,
Okay,
so the only dark pattern that I have
is no matter how many times I uninstall
Edge, it comes back,
which is why I just have it firewalled
now so it can never connect.
But, you know, people talk about, like,
they set their default browser to, like,
Brave or Firefox,
and then they update Windows,
and it goes back to being Edge or
something like that.
And I personally never experienced that,
but they...
According to Mozilla,
Microsoft still does not allow users to
download set as the default or keep using
alternative browsers without harmful
interference.
This might take the form of an all
you need is right here banner in Bing
when attempting to download alternative
browsers.
I don't know who's using Bing even in
Edge.
The pre-pinning of Edge to the Windows
taskbar and the misleading wording,
which according to the report could trick
users into making Edge their default.
And then there's the AI.
The authors found that Copilot ignores the
default browser when opening links and
that Copilot data shares toggles are
pre-selected on in the US and India.
I mean, why is that surprising?
Again, who uses Copilot?
It's terrible.
It's like the worst AI, except maybe Grok,
but...
I don't know.
Um, yeah, I mean, it's just,
it's really like, you know,
somebody asked earlier, it's like,
why don't people just switch to Linux?
And like,
there are valid reasons to be stuck on
windows,
but I definitely think it's one of those
things.
Cause I think a lot of the time
people just don't challenge their
assumptions, you know?
Um, like there's all kinds of, um,
there's,
there's all kinds of like brain teasers
and, and mental, uh,
I don't know what the word I'm looking
for is,
but like they're tricks basically that
kind of like trick you into like A
or B. And it's like, well,
if you stop and think about it for
a minute, there's also option C,
it just wasn't explicitly stated.
Um, and I,
I think a lot of the time we
do that to ourselves where it's like, oh,
I have to be on windows.
But if you stop and think about it
for a little bit, it's like,
actually I could do this in the browser.
I could replace this with some other open
source thing.
And, you know,
if I did this and this, like, well,
at very least I could dual boot Linux
and I could use Linux,
the time and windows, of the time,
you know, it's, um, so I,
I would just say,
I would use this as an opportunity to
ask yourself that question.
If.
Are you really stuck on windows or is
it one of those things where it's like,
actually I could reduce my dependency a
little bit.
So I don't know.
That's yeah.
Yeah,
it's interesting to see that this is so
different across different regions.
I think it kind of makes sense because,
you know, the EU economic region is, like,
much more...
I think they're definitely much more
focused on, like, bringing in, like,
stopping these monopolies and...
stuff like that, in some cases, I guess,
which, you know,
it's made things a little bit better.
According, like,
I'll just share this on screen.
This was a,
this is kind of what the report was,
a graphic from the report.
Basically, even in the EU,
there's still lots of
Lots of hoops that you have to go
through.
It looks like the US is the worst
out of all of them.
The UK is slightly better, like slightly.
Yeah, UK,
like USA and India are basically the same
and the UK is slightly better.
So still a lot of things that it's
doing though.
You can see here just like tricks that
they're using to get people to use Edge.
This is really...
pretty sinister stuff to kind of get
people to use this.
And I think most people are not super
aware of these tactics,
which is what makes it kind of even
more insidious, I think.
And these are things that unless you've
been trained to know exactly what is
happening,
I think we've all gone through the process
of trying to cancel something.
Well,
I guess if you live in a country
that doesn't have protections against
that,
then you've been through this process
where you try and cancel something and the
cancel button is
really hard to see,
or it's like really small.
And then like the, the, the opt out,
like the, the, the, Oh no,
actually I want to keep my subscription
button is really big and blue and
clickable.
Um, you know,
it's all those sort of tricks that they're
using to, to get people to use this.
Um,
And I hope something can happen with this.
I don't think this should be limited to
some specific economic region.
It's like with the Apple stuff,
being able to access those third-party app
stores and stuff.
I don't think that should be limited by
if you live in the EU or not.
It should be like a global thing, ideally.
But I think,
especially when it comes to these super
gigantic corporations,
they can kind of split things and develop
different versions of operating systems
because they just have so much money and
so much time to develop alternatively like
this.
Um, yeah, I don't know.
Um, it's frustrating.
Windows is really bad.
Um, yeah,
I didn't really have too much more to
add on this one.
Um, the only thing I want to add,
Henry care said you can edit some of
the files and make your computer be like
it was configured in the EU and then
it won't reinstall.
I hear you and I'm not yelling at
you, but like it shouldn't be that way.
And I mean,
this is normally something I complain
about other developers and Linux people
about, but like, it's not, I mean, you,
you've been saying yourself that like you
have family members that are not tech
savvy and like won't switch to Linux and
stuff.
It's like,
you really expect them to go in and
edit the configuration,
the registry and stuff like that.
Like,
I don't know.
I know you're probably not defending
Microsoft, but it's just, yeah, to me,
that's not a solution to me.
I'm looking at,
I reposted something from Macedon
recently.
It said, OMG,
you don't like the textiles that are
available?
Just go shear a sheep,
gather stinging nettles, skirt the fleece,
ret the stalks to get at the vast
fibers, make a spindle, spin the fiber,
build a loom,
disassemble a bike wheel to make knitting
pins, weave your own cloth,
knit your own socks, sew a tunic,
go live in a bog without any human
contact because all of this takes too much
time for being social.
By the way, this post is about technology.
and yeah i think uh sometimes we have
we uh we have that attitude so i
don't know that's that's a whole nother
rant that i could get on that is
neither here nor there but good old dark
patterns not as cool as they sound you
know usually you put dark in something and
it sounds really cool but
Not cool when you're the one being
manipulated, yeah.
Yeah, right?
I bet you it's great for all the
C-suites at Microsoft that are making
bank.
Make more money in a week than I
make in a year.
Yeah, probably a day even.
It is kind of interesting, though,
that this is, like, you know,
not being curbed in any way.
like I feel like this is obviously like
monopoly behavior.
Don't know what's going on with that,
but I guess, I don't know.
I guess there's not really any,
I guess this would be more of a
US thing maybe.
Maybe like it kind of depends.
I feel like if there was enough pressure
from outside of the US,
there would be pressure for that to
change.
But I guess it is kind of something
that the US has to,
has to work out,
which seems like you haven't been
particularly focused on at the moment.
Oh,
don't even get me started about where our
priorities are in this country right now.
I digress.
Um,
were there any other forum threads you
wanted to talk about or is that all
we got for this week?
Yeah, no,
I think we can probably close things out
unless, yeah,
no one seems to have any other questions.
Yeah, sounds good.
All righty.
All the updates from This Week in Privacy
will be shared on the blog every week.
So be sure to sign up for the
newsletter or subscribe with your favorite
RSS reader if you want to stay tuned.
For people who prefer audio,
we also offer a podcast available on all
podcast platforms and RSS platforms.
And this video will be synced to PeerTube.
Privacy Guides is an impartial nonprofit
organization that is focused on building a
strong privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice on the
internet.
If you want to support our mission,
then you can make a donation on our
website at privacyguides.org slash donate.
To make a donation,
click the red heart icon located in the
top right corner of any page.
You can contribute using standard fiat
currency via debit or credit card,
or you can opt to donate anonymously using
Monero or your favorite cryptocurrency.
Becoming a paid member unlocks exclusive
perks like early access to video content
and priority during the live stream Q&A.
You'll also get a cool badge on your
profile in the Privacy Guides Forum and
the warm,
fuzzy feeling of supporting independent
media.
Thank you guys so much for watching,
and we will see you next week.
See you next week.