Would You Pay $60 For A Browser? (ft. Firewalls Don't Stop Dragons)
Alright, hey everybody!
So Brave has released a minimal,
but a paid version of their browser.
That's very interesting, we're
gonna talk about that.
Meta has started keylogging
their employees.
And we're finally gonna talk about
Anthropic Smithos tool.
And all this and more coming in this
week in Privacy Number 50, so stay tuned.
(Music)
Welcome back to This Week in Privacy,
our weekly series where we
discuss the latest updates with what
we're working on within the
Privacy Guides community and this week's
top stories in data privacy
and cybersecurity.
I am Nate, and joining me this week
is a very special guest, Kerry
Parker, the host of Firewall's
Don't Stop Dragons.
So thank you for joining us this week.
Kerry, how are you?
Hey man, I'm really glad to be here.
We just did this recently when you
guys were on my show, so it
seems like only natural for
me to come on yours.
I'm really looking forward to this.
This is great.
So thanks for inviting me.
This is gonna be a good time.
Yeah, I'm super excited.
I've definitely been wanting to collaborate
with you on something
for quite a while, and I'm glad we're
able to make this happen now.
Yeah, me too, for sure.
Alright, with that, we'll go ahead and
jump straight into the news.
And we're gonna start off with a pretty
hot story that has gotten a
lot of discussion this week,
which is Brave Origin.
So for those of you who have not heard,
which is weird, because
Brave didn't make a blog post,
I don't think.
I don't know what their
official method of
distributing this news was,
but Brave Origin.
So the Brave browser,
as many of you may know, is a little
bit controversial for a lot of reasons.
And one of the reasons is that it just
comes with a lot of stuff
that some people don't necessarily want.
I think it comes with a ton
of crypto integration.
It comes with an AI assistant called Leo.
I think those are kind of the two most
controversial ones, but you
know, stuff like that.
And some people, you can disable it,
you can ignore it, but some
people still argue like you shouldn't
be there in the first place.
And so now Brave has announced this new
browser that they're calling
Brave Origin.
And it strips all of that stuff out.
I looked at the original press release,
and they had everything at
a bullet point, oh, here we go, here
it is in this article.
So it strips out rewards, Brave ads,
the built-in crypto wallet,
Leo AI, their news feature, their VPN,
the Tor integration, and it
turns off all the analytics by default.
So yeah, it's a minimalist stripped
down version of Brave.
The catch here is that it costs $60,
and that's a one-time fee.
So I mean, there's pros and cons, right?
Like, it's a one-time fee, and it's
actually free on Linux.
So if you're a Linux user, you can just
go download this right now, no biggie.
Actually, for the record, I think
it might be in beta.
I'd also explain why they haven't
made a blog post about it.
But when it comes to Linux,
whenever you're
ready, if you want it, you can
go get it for free.
The $60 fee does come with
10 activations,
meaning you can use it on
up to 10 devices.
We'll get into that in just a minute.
Actually, I mean, I guess we could
get into that now, because I
think that's kind of the meat
of the story there.
But why don't I...
I'll start by throwing it
over to you, Kerry.
Do you have any particular thoughts
on the story first?
Or I can start it.
Well, this doesn't...
No, we can go together.
But I think it's weird, right?
I mean, basically, they're
saying, "Here's all
these really cool features we've
been releasing."
They've been touting these
features as they release them, certainly.
You know, these are things why you might
want to use their product.
And now they're saying, "Or for $60,
we could take a lot away."
So, it kind of gives a really mixed
message about what they're doing, right?
I mean, if these things are bloatware
that people don't like enough
that paying for them makes them go
away, why are they there
in the first place?
I don't know.
Brave is...
We were talking before the show.
Brave is basically my second browser.
I use Firefox, as I think a lot
of my listeners know.
And Brave is certainly the
easy button option.
If I think somebody doesn't,
you know, want
to do anything to get privacy,
I'll just...
Easy button is brave.
I mean, it's a great browser.
I like a lot of things about it.
But, you know, the attention token
thing and the Leo stuff,
everyone's shoving AI at everything.
I would like this.
The other thing that I think that was
in the article, and you could
tell me, but it was $60 lifetime, right?
So, even as a method for making
money for Brave,
I mean, we all hate subscriptions, but
I mean, if this is going to
be an ongoing thing, I can't imagine a
$60 lifetime is really going to cover it.
I mean, those are just some of
my initial thoughts.
Yeah, for sure.
Yeah, it's a one time $60 fee.
We've already got quite a few people
in the chat, actually.
Yeah, somebody said it's not out of
beta yet, as far as we know.
Lucas kind of has my thoughts, which
is why would you pay for it
when you can just turn it all off?
To be fair,
if you get the paid version,
you can download...
So, there's two ways to go about this.
And let me recap this real quick
for those who don't know.
You can pay for it and you can
download it fresh.
And all that stuff is gone.
Like, it is not there at all.
It's not even like an option
you can turn on or off.
It's just completely gone.
Alternately, you can upgrade, quote
unquote, your existing browser.
And then basically, it turns all that
stuff off and then you can
turn it back on, which I will
say personally,
if I was going to pay for this,
I would do that.
Because there are a few things like, I
think like Speed Reader gets removed.
We were, like you said, we were talking
about this before we went
live, but I do use Leo a little bit,
mostly for like research.
It's a real good time saver for research.
I can type it in.
Yeah, there was this story about AT&T
had a data breach and here's the details.
And it's like, oh, you're talking about
this 2019, blah, blah, blah, blah, blah.
And it spits out all the links.
And I always double check
it for the record.
I do it sometimes.
So, I mean, I like the idea of being
able to turn things back on.
But yeah, I mean, this has been
a really polarizing story.
And I don't know if I have a...
I don't know if I really have
a strong one way
or the other, because I do
see both arguments.
Like you said, like some of the people
here are saying is like, you
have to like pay developers somehow.
You know, but you also made a really
good point about like, why
would you pay for something that
people didn't want in the first place?
Like that's kind of silly.
I don't know.
It's certainly a mixed marketing
message, right?
I mean, obviously, as again,
as these features
came out, I know they were
touting these things.
Oh, we got this really cool thing.
What'd you get this in the next
version of Brave?
And now to suddenly say, or you could
take all out of the way if
you pay us money, just seems really...
I mean, just as a pure marketing
thing seems like a really
bizarre message.
I mean, and yes, all this
stuff costs money.
We should absolutely be supporting
these folks.
You know, I try to donate where I can.
A lot of people don't.
I don't know if that's a sustainable
model for a lot of these companies.
I wish it were.
I get that part of it.
Just the marketing aspect of this just
is what I guess confuses me the most.
And it also is really interesting.
All right, so let me ask if
you see if you know.
So is there a way to get a better idea of what
you're doing? Let me see if you know.
So if you pay the 60 bucks to get the
second version of this where
all these things are disabled, can
you, if you re-enabled
everything, would it be right
back where you started?
Or is there still some difference?
No, as far as I know, it would basically
be like as if you just
downloaded the free version fresh.
Huh.
Strange.
So, yeah, I don't know.
I mean, my other concern is, you know,
this Charles said here, the
whole thing about like, you have to
be able to pay developers.
I don't want to shoot myself in the
foot or anything, but $60 one
time isn't really sustainable
in my opinion.
Right.
I feel the need to point that out.
But also like, I don't know.
It's, I do want to, I do want to point
out, I actually kind of
sympathize with Brave a little bit here
because a lot of people, I
know I just mentioned it a minute ago,
but like, you're paying to
get rid of features you don't want.
Yes, but that means they have to make a
completely separate version of
the browser every time.
They have to make a completely separate
version that has all this
stuff taken out.
And then they have to like put it
out there to the public.
It's completely different upload.
And so
that is actually true.
And from a software development
standpoint, that is, that's
actually incurred cost because that
basically doubles the amount of
testing you need to do against
that browser.
You'd have to test the features that
are removed, but you still got
to run it through everything else that
doesn't work and make sure
you didn't break anything by removing
those features.
So it actually does incur them some
overhead to support two
different versions of their browser.
So yeah.
Yeah.
I actually, uh, I'm glad Jonah
reminded me here.
I wanted to go ahead and run
a little poll and
see who, who would be willing
to pay for this?
Yes, no, or maybe.
Um, for those of you who don't know
how the polls work, you leave
one, two or three in the comments,
but, um, yeah, I'm, uh, I'm curious.
I haven't, I keep waffling.
Cause on the one hand, one thing I hear
people defending it is this
is really good.
If you've got like, um, if you've got
friends or family who are
maybe not a little bit more tech savvy.
I mean, brave has really good built in
out of the box privacy protection
features.
I don't think that's really arguable
regardless of how you feel about them.
I think it would be really cool to
have, you know, to get your
friends and family on brave and to,
to be able to give them this
like minimalist version where you
can just be like, you know,
install this origin, but like I bought
it, but I'll activate it for
you and install it and it's good.
And there's no chance they're going to
accidentally wander onto the
Leo page or the crypto page or any
of that kind of crazy stuff.
So that's an interesting point actually.
And I want to support these guys too.
So I may just pay for this just to
support them, but as a gift for
people, like you're saying that, that
I don't want to take the time
or it's too tedious because we all know
this, you know, the tyranny
of the default is Steve Gibson
likes to call it, right?
Whatever, whatever comes out of the box
is what almost everyone's going to use.
And if you have to start tweaking that
to get to the point where
you want to people often won't do it.
Certainly a lot of the, you know, my,
again, like my mom is often my avatar.
She's not going to do it.
Then, then most of my audience is
not going to do it either.
So yeah, if it could pay to give it
to pay to give somebody else a
version of this that is already
ready to go.
That might be actually more interesting
as a gift thing.
Yeah, for sure.
And I mean, I forget what I was
listening to lately.
I think it was about ad blockers, but
that was a point that came up
is like, I mean, even I've had times
where, you know, my ad
blockers stop things from working or my
wife's, you know, she also
uses brave and yeah.
No, Jonah, I don't think
polls are broken.
I think I forgot to hit resume
on that one.
But yeah, I don't know.
It's it's it's interesting.
It's a tall order.
I think it's really cool.
I think I don't know if he was being
tongue in cheek, but I did see
somebody asked the CEO of brave
why it's free on Linux.
And he's like, try to push
people towards links.
So I don't know if he was joking
around or not, but that was pretty cool.
So yeah, that's weird too.
I mean, did they, did they say why
they're, I mean, why are they,
is this just a matter of we want, this
is another way for you to
support us basically going this way or.
Because I'll give it away for
free on the phone.
Get it for anyway.
I don't know.
No, I think that's I don't know.
I mean, that's I'm not much of a business
person, but I feel like
that's the only explanation that makes
sense to me is like we
wanted to try and support
the Linux community.
I think it's also I know I think you you
mentioned this a little bit,
but I think it's.
Kind of like trying to find that middle
ground of, you know, like
people complain about the bloat and
it's like, OK, here's a bloat
free version, which of course now
they're going to complain that it's paid.
But yeah.
Right there, we want Linux to win.
So.
But yeah, you think it'd be
the way around, right?
Like the basic one to be free and then
all the stuff with all these
features we've spent all
this time putting
into there, that would be
the for pay for.
Yeah, that's what's getting me.
Not to be cynical, but one thing I've
noticed is the average person
doesn't care.
Like I love my wife.
I mentioned she uses Brave.
She still has the sponsored backgrounds
turned on, which I don't
know how she does.
I just hate ads personally.
I'm like, oh, I do too.
With a passion.
Yeah, so I don't understand.
Like every time I have to use her computer
for something and I pull
up Brave or I see her pull
up Brave and I'm
like looking over her shoulder
for whatever reason.
And it's just like I see a little
sponsored thing.
I'm like, how would you not
turn those off?
But it doesn't seem to bother her.
So I don't know.
I just have the tyranny of the
defaults if there's good defaults there.
So I guess that could be another argument
going back to my whole
like not playing tech support for the
parents is, you know, you get
this, you install it on their
computer and guess what?
They have good defaults right there.
Like all the analytics are turned off.
So.
I do imagine that people that watch
ads, this is the same
experience I have is want to look
at anybody like on Chrome.
And it doesn't have you block or
something installed and there's
ads and stuff all over the place.
And I can all I can guess is that they've
already looked their brains
tune that out.
Like they they're so used to it.
They're so numb to it that
they don't see it.
Whereas you and I who don't see ads
all the time, it's just it's
glaring to us because they're trying
to get their attention.
They've already ruled them out.
And for us who are not used to it, you
know, it's like anyway, we
haven't built up the resistance
to it like they have.
I I've stopped saying it because I
feel like I'm a party pooper every time.
But on that note, every time I see
certain like TikTok videos or
something, I'm like, why were they
filming this moment?
And that's to me, that's a good
way to tell if it's an ad.
But real quick, I didn't
want to call out.
Jonah said he's going to keep using
Zen browser on the topic of competitors.
I know we're going to get ahead of it
because a lot of people have
asked about this is the helium browser
has been a really popular subject lately.
It's popped up on the forums a few times.
I know there's some videos have
been made about it.
So Jonah asked me earlier this week if I
could test it out and kind
of take a look at it.
And actually, I guess you guys can't
see the whole window here, but
I'm actually using helium browser today.
And it's you know, I will go on record
and say I was I was really a
hater when Jonah was like, hey,
can you test this out?
And I was like, why?
But you know, I got to say it's
been pretty pleasant.
Like some people have been promoting
it as a let's see if I can
pull up their website here real quick.
It's coming up because you know, we're
talking about things like
Zen or like helium, like why pay for
this when you can just do this
or you can just manually debloat it.
I've definitely found little things
here and there like every once
in a while my my well on this computer,
I have a solo key.
But every once in a while my solo key
won't work with it quite right
for some reason.
But I mean, I got to admit
it was it was it.
Ironically, it was a little bit longer
of an install, I feel like
than most browsers because you know,
most browsers like they just
want to get out of your way and
get going real quick.
But this one's this one had
like a whole page
of like what settings do
you want to enable?
What search engine do you want to use?
So it felt like it took a little
bit longer to get started.
Not not by much longer, just a few
seconds, but it definitely felt
like it was a little more involved.
But I mean, once I got up and running,
it's it's it's been treating
me well, pretty, pretty well so far.
I'm always a fan of anything that
comes included with you block origin.
I don't I just realized I didn't
pull the page up.
I'm sorry.
I'm talking about it.
But yeah, I don't know.
I mean, I just I know people are
going to ask us about it.
So this is kind of an unofficial review.
I don't know if there's enough
there for us
to do an entire review of
it specifically.
But I thought it was okay.
I thought it was pretty cool.
You could check it out if you want.
I don't think I'm going to switch from
brave to be totally honest.
Like this has been an okay experiment.
I think after this, I'm going
back to brave.
But yeah, I mean, doesn't seem to be
anything wrong with it in my
expertise, at least.
So it's actually amazing how
many browsers we have.
And even even how many different privacy
oriented browsers we have.
That's I mean, it's a good problem
to have, I guess.
Yeah, for sure.
I mean, we've got, I mean, for the
record, I think they've all got
most of them, you have to do some various
tweaking to like really get
the most out of it.
But we got brave, we got Firefox,
we got mobile,
we got Leberwolf, we got even
things like Vivaldi.
And comparing them to like mainstream
like Chrome, for example,
like even Vivaldi comes with like a built
in ad blocker and all that kind of stuff.
So I mean, have you used
Zen browser at all?
I haven't used it.
But I know Jonah speaks
very highly of it.
And I think Jordan's used it too.
So I know Zen's a really popular one.
But so like you said, it's a good
problem to have for sure.
Yeah.
All right.
I don't think I have anything else
to add to that story.
Did you have anything you wanted to?
Oh, here we go.
We got a question for you.
What browser are you using?
I thought you said it a minute ago.
I use Firefox and I've been using
Firefox for a long time.
And sadly, I saw the numbers on Firefox.
It's down to like single digit
percent usage.
It's really, really sad.
I mean, I guess maybe some
of that is the fact
that we've got so many browsers
to choose from.
But I don't know.
I've been a longtime Firefox user.
One of the reasons I like Firefox,
though, and I like to support
Firefox is I really want something
besides chromium.
I'm honestly surprised that Google
I know that Google is the
browser and we're or was the search
engine on Firefox for a long time.
And that was kind of how they
indirectly supported.
But there were times in history with
Apple, for example, where
Microsoft gave a bunch of money to Apple
because they didn't want
Apple to die because they
needed a competitor.
Otherwise they'd be a monopoly.
And so for that reason alone,
maybe Google
should kick in some money to
the Mozilla Foundation.
Anyway, I like to support these.
I want something besides chromium.
And so for me, it's Firefox
and you block origin.
That's my go to.
Yeah, I am.
I'm not gonna lie, I kind of want to
go back to Firefox for the
same reason you said like just to
support the the wide range
of browser choices.
But I'll admit I use Leo quite like most
of the time, okay, most of
the time, I'm either going to like the
things that I would log in
with a with a YubiKey like my next
cloud instance, my mastodon
instance, or I'm doing research for
a video at which point, like I
said, I kind of come to rely on Leo
pretty heavily for that, just
because it speeds up the research
process so dramatically.
So I don't know, but I'm trying to
use Tor a lot more as well.
And I know there's that like ask mode
in Brave, I think I need to
play play around with that
a little bit more.
Well, of course, Tor is Tor is
based on Firefox too.
So what happens to Tor if
Firefox goes away?
I don't know.
Yeah, that's true.
That is that is very, very true.
Normally we save questions till the end,
but the chat is really popping tonight.
So I don't want to lose questions.
Somebody said, do you use Arken
Fox with Firefox?
Do you have an opinion on the
Arken Fox project?
I've looked at it.
I've basically gotten Firefox to the
point where I've tweaked it.
And so I don't know.
I've not gone through.
I've looked at some of the things
that Arken Fox has done.
I've kind of looked through their bullet
list of of modifications.
Some of them are a little further
than I would that I go.
I've got other things going on, too.
I use Next DNS and some
other things, too.
So some of them kind of overlap, perhaps.
I'm not, you know, I'm not super,
super hardcore.
Plus my audience is not.
So I also kind of try to do what I
recommend so that I'm more
familiar with it.
So you know, so there's some of
that going on there, too.
Yeah.
And I mean, my personal opinion is
like I feel like the Mulvad
browser has closed the gap so much.
I actually thought I heard that Arken
Fox was going to stop
developing because the Mulvad
browser was so good.
I mean, I use it sometimes, too.
Yeah, I was going to say, I don't
like it again, like we were
saying earlier, it's great that there's
so many choices out there.
So I'm not like mad about it.
If they want to keep developing, that's
that's cool for them.
But yeah, I have I literally I have
four browsers on my computer.
I brave Firefox, Tor and Mulvad.
And I've
got all those bus safari.
Well, OK, OK, yes.
We want to talk about the Mac.
I only use this when I'm traveling,
to be honest.
Otherwise, I'm either on
Linux or Windows.
But the keys just the keys.
I don't know.
I might I might I feel like I should
buy origin now just in case it
does turn into like a subscription
or like prices go up later.
Like price now.
Had your bets.
These are pretty straightforward.
Don't they just work like keyboards?
Like how do they fail?
I'm sorry, we're getting off
topic, but you're talking about the Mac.
No.
Well, you said some of these keys
don't work with some of the
browsers or something that some
of your hardware.
Oh, no, I don't.
Oh, yeah.
Yeah.
On Helium.
I don't know.
Just the other day I went to log
into what was I trying to log into?
It might have been it might
have been massed on.
I don't know.
I went to log into something and I
hit my my solo key and the key was fine.
But like it gave me some kind of error
about like could not parse
something or other.
And I like I made a note
of him in my head.
But then by that point, I was like,
whatever, I'm going to bed.
But it's been a long I went
to New York this week.
I went to upstate New York.
So I had to travel and everything.
And yeah, that's that was fun.
Yeah.
But yeah, I think before we move on,
I do want to point out this
new Keith person here, I think is
actually a member of the brave team.
So thank you so much for stopping
by and answering.
Oh, hey, we really appreciate it.
But with that, I think I will
turn it over to
you to talk about this new
law from Maryland.
Yeah, yeah.
OK, so Maryland has passed
the first and first
in the US law for banning surveillance
pricing.
They called it the Protection from
Predatory Pricing Act.
Actually, I think New York actually has
a law, but it's only about transparency.
New York, I believe, has a
lot that says if you
do it, you have to tell people
you're doing it.
But this sounds going to outright ban.
It was Westmore is going to sign it.
Apparently surveillance pricing, if
you if you don't know, is this
notion of the collects all this information
about all these data
brokers, all these things that we've
been talking about on shows
like this in mind, where all this
data, personal data has been
collected about you often without your
knowledge, supposedly with your consent.
But we all know how that goes.
And then when the time comes to show
you a price based on all that
information, if they think you're
desperate, they might charge you more.
If they think you're rich, they
might charge you more.
Or if they haven't seen you
in a while when
to get you back, they might
charge you less.
There's all sorts of things baked
into these algorithms.
But the point being is that people
get different prices.
And there's been all sorts
of studies that
people have and they've asked
questions to people.
Do you like this idea?
And everyone says no, like nobody
likes this idea.
And yet there are still other things like
loyalty programs or whatever
your croaker card.
But the thing with those is everyone
gets the same deal.
Like if you've got the card,
then you get the price.
So anyway, this is a situation where
potentially you like your
particular person might get a
different price than someone next to you.
And so I guess food retailers
as in grocery
stores are a big place where
this happened.
Obviously a lot of this would be online
so that two people not
sitting next to each other are
noticing that the prices are different.
Though Walmart and some other stores
are going to those electronic tags now.
And some people are envisioning
this like I
walk up to a tag and then the
price changes for me.
I don't think that's going to be
happening anytime soon.
But anyway, so Maryland has come up
with this law saying that this
is bad and we're going to treat it as
a fair and deceptive trade practice,
which is great.
We need more things like this.
I think this is a good idea.
I've got some questions about how this
is really going to work out.
And the devil's always in
the details like,
you know, how are they going
to enforce this?
How do you catch this, for example,
how do you prove that this is happening?
And then how do you then even if I get
a different price, how do I
prove that it was because I'm different
than somebody else that I
got this price, that it was some
algorithm behind the scenes and
not just, well, we just changed the
prices five minutes ago.
Also, what is not clear,
I looked at the I
tried to look at the law
before we came on.
It doesn't appear to have a private
right of action built into it.
Now, sometimes in different states, there
are other laws that would
come into play that might give you this.
So it doesn't have to be directly
in the law.
But a private right of action basically
says if I figure out and
can show I'm pretty sure I can show
that I was just discriminated
for some reason and I was given a
way worse price than somebody else.
Let's say through surveillance, they
figure out that I just had a
death in my family and I went to go
shop for a flight at Delta dot
com and Delta dot com gets information to
the back door carries hard up right now.
You really need to fight.
Let's charge you more.
Now, maybe it's a bad example because
I know some airlines actually
have bereaved net fares and whatnot that
are usually cheaper for a
last bit of flights.
But anyway, let's just say that
that's what happened.
I can show and prove that that happened.
I if I had a private right of action
could personally sue.
Whereas if you don't have a private
right of action, which is what
I think is going on here, you actually
have to get the state
attorney general to sue on your behalf.
So probably have to have a lot of people
complain about it or they
have to be a really egregious
case because
they've got other things
they're doing, too.
Right.
So without a private right of action,
some of these things sound
good on paper, but in reality, don't
have a lot of teeth to them.
Also remains to be seen if someone gets
brought up on this with the
you know what the remedy is going to be.
Is it going to be the margin of a lot
of money or is it like a lot
of things with meta and all
those companies?
It's going to be the cost
of doing business.
Right.
Like, oh, it's a fine.
It's a small fine.
We'll pay that whenever you
can make that happen.
We'll pay that because we're still
going to make money.
So I don't know about that.
I will also say that I just did an
interview with Justin Brookman
from Consumer Reports and Eric Gardner
from More Perfect Union.
They did a real interesting study about
this actually, where they
got a whole bunch of people into a room
together at the same time
on the same phone on the same IP, the
same websites and said, OK,
everybody find this item and
buy it right now.
And they found that there were differing
prices for a lot of these
things and they kept track of
this and looked into it.
So if you're interested, you should
definitely check that out.
But there are things that we kind of
do this for already today to
the kind of muddies the waters like
if you think about it like
airline tickets, like no one gets the
same damn price for an airline ticket.
It depends on when you buy it.
Depends on what not just
what fare you want,
but like what things are
going on right now.
And it could be fuel prices, but
airline tickets are weird this way.
There's surge pricing for Uber.
Does that fall under this category?
You know, I don't know.
So those are just some of my initial
thoughts on this after I
read this article.
I think it's good that we're
calling it out.
I think I don't think a lot of
people understand this.
I think that surveillance pricing is
one of these issues that is
finally going to make a lot of people
sit up and notice all this
data gathering is a real problem.
And this is why we care.
Some of the other things are just kind
of nebulous and like, yeah, I don't care.
I get targeted ads.
Fine.
I want to look at an ad that
I don't want to see.
Show me those ads that are targeted.
That's good.
I like that.
This is where this is going to hit home.
I think this is actually an issue that's
going to get traction.
What do you think?
No, I totally agree.
And it's funny on that note.
I am so backlogged on podcasts today.
I finally listened to your freely
episode with McNeroll.
Oh, you mentioned that like, okay,
coming up, we're going to be
talking about, you know, consumer
reports and how they put everybody
in the room.
So while you were talking, I'm like, was
that his podcast or was that
somebody else?
Where did I hear that?
But, um, yeah, no, I, it's another
podcast I listened to.
Um, they talked about this and
that was his take.
He's like, he's like, no, I think like,
um, I mean, he didn't come
right out and say like, I
think this would be
awesome, but he, he's just such
an optimistic person.
He's just like, I wouldn't
mind if they use my
data to like, give me a discount
or something.
I'm like, yeah, but the difference is
they're going to give you a
10% discount and somebody else a 20%
discount or like, they're
going to charge you a little bit more
and then give you a discount.
So it's the same price, which Amazon
already does that anyways, but
yeah, that's actually the point that
came up with the thing is
that, is that what often what
they do is they
changed it's all psychological
games, right?
So it's, they show you a list price
that wasn't the real, the MSRP
or whatever, and they show
you seven bucks
for you, but you know, five bucks for me.
And then they sell it for three bucks.
One of us thinks they're getting
a $4 discount.
One of us thinks they're getting
a $2 discount.
You're both paying the same price.
So it works in other ways too.
This whole surveillance thing.
Yeah, for sure.
Um, but no, I, I agree with you.
Like I feel like this is where this
is unfortunately one of those
moments where like privacy, a lot of
the time the hypotheticals
have to become real before people
start to notice it.
Like we've, we've already seen with
cars now, you know, that that
stuff is used to influence your insurance
rate, which I, I think I
told this story on a previous episode
of like, I just moved to a
new area and I decided I would take
the hit and get like the
little, um, the little tracker thing
you plug into your car.
It's not on my phone.
It's on the car.
Well, because it was like, it would
cut my insurance rate in half, but it
kept being the ODB two dongle.
Yeah.
But it kept dinging me.
When I asked them, I'm like, I need to
return this thing because my
insurance is going to be more than
if I hadn't bought the damn thing.
And you know, they were like, it was
so funny because they were
like, okay, well, um, I mean, some of
it is like, you're, you know,
you're driving, which I explained.
I'm like, yeah, I'm in an area with
really aggressive drivers.
Like there's nothing I can do about that.
And then also some of it was like,
you take a lot of short,
inconsistent trips and I'm like, cause
I work from home and I just,
I just run to the store when I need to,
like I don't commute to an
office every day.
What do you want from me?
But yeah, it's, you know, anyway,
sorry, that was a, you know,
we're, we're at the point now
where like our car
data is being used to determine
insurance rates.
And now like this stuff could be
used to determine individual pricing.
And this is different.
Um, I know I've said this before, but
for anybody who doesn't know,
this is different from surge pricing
or dynamic pricing, right?
Cause that affects everybody.
You know, if you, the example I use
is if you're at a concert and
the concert's over and you call an
Uber, it's going to be more
expensive because it's a concert.
It's crowding.
Everybody's trying to get home, but it's
going to be more expensive for everybody.
The surveillance part comes in where
it's more expensive for you
because your phone's at 10%
and they know that
you can't afford to wait for
traffic to die down.
So you say that, but that was a thing.
Uber was one of the things, if you
give it permissions, the Uber
app was looking at the charge
on your phone.
And if you were charged was low on
your phone, they figured you
were desperate and they would give
you a different price.
Also, as Cory doctor was very common
to point out or very, um, the
drivers themselves are subject to kind
of surveillance pricing as well, as well.
Like what they are offered for a ride
before they accept it varies
depending on factors on their end too.
And it's just, it's this whole algorithmic
game that is all, you
know, it's very untransparent to the
people that affects, but the
companies are using it to
make a lot of money.
There was, when I was talking to these
guys, uh, one of the things
I thought was interesting was the whole,
the whole point of this is
they don't want to leave
money on the table.
Right?
So all these companies want to charge
you as much as possible and
still get you to buy you personally.
Like what, how much can I charge Carrie
and get him to buy without
charging him too much so he walks away?
It's same thing with Nate.
That could be a different price.
And so, and it's called a
customer surplus.
Whatever they, whatever they left
on the table of Carrie, if I
charge Carrie seven bucks for
something turns out Carrie
would have paid 10.
And so that that's three bucks.
I didn't make that's the way
they look at that.
And that's what they're trying to
solve with this surveillance pricing.
Yeah, for sure.
Um, for the record real quick on the
Uber one, I don't know if they
were ever like convicted of that, but
yeah, I do remember that was
like a, um, somebody alleges that
was, that was the thing.
But yeah, it's a Vonnegate here says
Wendy's had plans to introduce
surge pricing that they pulled
back because of backlash.
I vaguely remember that.
What was the brand?
Oh, surge price.
Okay, sure.
Yeah.
I don't, I don't know.
Uh, that's weird.
Everybody's trying to get in on, which
I know like for the record,
I understand like welcome to capitalism.
Everybody's trying to make as much money
as possible, but like it's
still just crazy.
Like is nothing sacred, man?
I don't know.
There's still some basic fairness
that needs to be in there.
And this is something I bring up all
the time when people talk
about capitalism, unfettered capitalism
is still not good.
I mean, the way I usually put it is
that any game worth playing
has, has rules and any game with enough
consequences needs a referee
to enforce those rules.
Do you need fairness or it's
capitalism has to
be fair at its basic level
or it's predatory.
Yeah, for sure.
Um, yeah, I don't think I have much
to add to that one, um, personally.
So I guess, uh, let's move on
to our next section.
Um, in a little bit here, we're going
to talk about meta and a meta
is basically key logging their employees,
um, to train AI.
But before we talk about that, which
should be fun because I love
making fun of meta.
Um, first we're going to give
some quick updates.
Um, we're going to talk a little
about a little
bit about what's been going
on at privacy guides.
So for anybody who is not subscribed
to our newsletter or our
YouTube channel or any of our socials
or anything, uh, you really
should be because we have a new interview
out with Carissa Bailey's
and, um, she talked about AI and actually
just this thing we were
just talking about now about how, um,
AI and predictive algorithms
are making things less fair and not
more fair and really taking
away a lot of opportunity from people.
Um, amazing video.
I don't have it on me.
It's in the coffee table.
Um, but I, uh, I preordered
her book and it
got to me like the day before
it came out.
So that was super cool.
I got to read a little bit
of it on the plane.
It is so far.
It is amazing as always.
Um, she's an amazing author.
Uh, in other news, Jonah put up a video
about the parents decide
act that we covered a little
bit last week.
Um, we covered that last week before
the text of the bill was out.
So we were kind of going off of
PR statement that the
representative put out,
but Jonah actually
read the text of the bill and kind of had
some, it's actually pretty short.
Oh, okay.
I, I didn't have time to read it,
but, um, yeah, Jonah had some hot takes.
Uh, he kind of disagreed with everybody.
And um, you know, I mean,
it shows there's so
many comments on that video,
which that's great.
I mean, you know, we're, we're having
discussion, which I think is
awesome, but, um, you don't have to
agree with him obviously.
But I think if you want to hear a
different perspective on it, I
would say definitely go check that out.
And like I said, you may not agree
with him, but it's, it's another opinion.
Well, for what it's worth,
I agree with him.
Um, and I, and I don't like
the age gating
stuff and I don't like the ID
verification stuff.
That is not what this bill is.
So that's the, that's the thing.
It's not that long.
It's like almost a one pager.
So it's, it is worth listening.
It definitely, I watched Jonah's video
and it's what it watched
that before you make your decision
because I, I, I have knee jerk
reaction to whenever I see these kinds
of bills because so many of them are bad.
This is one you need to take a look at
because it's none of this is
good, but I think this has an
interesting approach.
So I think it's worth at
least considering.
Yeah, for the record, I don't really
know how I feel about it
because I think Jonah really did make
a lot of good points, but I
think a lot of it is also like, at least
the, the what I heard from
it was like, assuming this doesn't get
abused and I'm very cynical
of government.
So I don't know, but I also full, full
honesty, I think Jonah's a
lot smarter than me.
So even if I don't fully believe him,
I'm still going to listen.
Oh yeah.
I mean, there's still problems with it.
I mean, it's, it's definitely
not perfect.
And there's always a slippery slope
article, uh, argument against
a lot of that's true.
That's what it starts out being good
and then ends up going wrong.
And so as soon as you enable it once it
might start out being good
and then go to crap.
That is most definitely possible.
But it's worth the debating by
looking at this bill.
Yeah, for sure.
And that's, that's a really good point.
Like we can make the slippery slope
argument about anything doesn't
always mean it's going to happen.
So that's true.
And we do have another video is already
in the editing phase.
And all I will say is that
it is a tutorial
that some people have been asking
for for a while.
I'm really excited about it.
Like I just, I've told you all, I
do like the initial cuts.
Like I'll record something.
I'll do like a rough cut to get rid of
all the pauses and the starting over.
And, um, even that initial cut, I was
like, damn, I don't, I'm not
normally one of those like, I'm so
good at this kind of people.
But even I was sitting there,
I was like, I
think this is going to turn
out really good.
So I'm excited to share that with y'all.
But, uh, and then we wrote a bunch
of articles this week.
It was a really busy week.
Um, Apple has fixed the, uh, the issue
that was causing signal
notifications to be stored on phones.
Uh, Madison Square Garden, I think
it was wired, did like a real
deep dive into their facial
recognition software.
I got to walk by MSG this week, so
I'm pretty sure I'm on there.
Um, fingerprint.com, fingerprint.com
discovered a vulnerability
that can link your tour
browsing together.
Definitely go check those out.
Cause unfortunately we're not covering
any of those stories on the
podcast this week, but they're good,
important stories that are
worth knowing about.
And on that note, I'm going to turn
it over to Carrie and you can
tell us a little bit about what's
coming up over on Firewall's
no stop dragons.
Right.
Well, you beat me to all the interviews.
So, uh,
my interview with Chris of Lee's is
going to come out Monday and I
have had a chance to read the book.
It is amazing.
Privacy is power, which you've got
behind you on the wall.
There is still my go-to.
Like if I recommend one book to
anybody about privacy, it's that one.
If you have not read it, you need to
read it and buy it for your
friends and family because it's,
it's just that good.
Um, she's a philosophy professor and
she approaches this from a,
from a very human angle and a very,
very interesting and
provocative angle and says
a lot of things.
I've been doing this stuff for a while
when I read that book.
And there were still points
of view in that book.
They're like, wow, I really liked it.
That it really, that I really took home.
So anyway, so that's really good.
Uh, Chris is amazing and I got a chance
to talk to her as well about
her new book.
So she and I have an interview
coming out Monday.
I also talked with Cindy Cohen.
You've already talked with her.
Uh, and so I did talk to her as well.
Another amazing woman and
another great book.
She's got out privacy's defender.
That's well worth a read.
Uh, so both of those interviews are
coming out, uh, for me, the next two.
Uh, then this is something I've
been wanting to talk about for a while.
Uh, we talk about surveillance all the
time and mass surveillance
all the time, but I wanted specifically
to talk about employee
surveillance and which is a
great, it's going to
be a great segue when we get
to the meta article.
Um, and so I found a couple of people to
talk to me about the technology
behind it.
Like the, the, the MDM profiles and
things of what really happens
when you use your own device at work
and what you should expect for
privacy when you're using company
resources or on
company property, which spoiler
alert is nothing.
You have no privacy.
Um, so we talk a lot about that.
So I get, those are kind of the
interviews I got coming up.
Um, and also maybe I could say this
for the end when we wrap up,
but I've got some big news to talk about
with the, uh, the book and the podcast.
I'll say that for the end
when we wrap up.
All right.
I'm excited.
And I'll definitely be listening
to those interviews.
Yeah.
Karisa writes in plain English, um,
but like so articulate.
I love it.
So, um, yeah, so all this
is made possible
by all our supporters for privacy guides.
You can sign up for a membership or
donate at privacy guides.org.
You can pick up some swag at
shop.privacyguides.org.
Like this awesome water bottle
that I take everywhere.
When I travel for firewalls, don't stop
dragons, you can head over
to firewalls, don't stop
dragons.com, or I
will fully admit your little,
uh, FDSD.me.
I use that like crazy.
So just type that in.
If you're, if you're like me and that's a
lot to type and you make a lot of typos.
Oh,
I make so many typos and I'm
a writer for a living.
Can you tell?
But, um, but yeah, that'll take
you to his website.
You can get a copy of his book and
learn more about the podcast.
But for now, um, I'm going to leave
it with Carrie and we're going
to talk about Mozilla and
anthropics mythos
that you guys may have heard
so much about.
Yeah.
Yeah.
So I guess, uh, you guys haven't talked
a lot about this show, so I
want to start by giving a little
bit of background.
Cause I think that's going
to be important.
I honestly, the, the takeaway from
the art that we have a couple
articles, the tip takeaway from the
articles is pretty short.
So, but I do want to talk about what
mythos is and just general,
general generative AI and coding.
So I'm a retired and recovering
software engineer.
I did it for, I mean, I've been
writing code for 40 years.
I've been doing it professionally for 30.
Um, and I'm here to tell you
this stuff is for real.
I, you, there's a lot of
problems with AI. I
say this whenever I do it, my show,
I've got these disclaimers,
like, like, yes, there are a lot of
environmental problems with the AI.
We didn't have to do it that
way, but we did.
There's a lot of copyright problems
and content things with AI.
We didn't have to do it that
way, but we did.
But all that aside, if just from
a strictly, from a coding
perspective, gen AI, LLMs, large language
model, chat bots, you
know, your Clods, your Gemini's,
your chat GPTs.
Um, turns out code is, is just
ideal for working in these situations.
LLMs training on code is,
is almost perfect.
Um, there's always bugs in code.
I would have would have said that
for my entire career.
We maybe get to the point where that's
not true anymore, but in,
but before we get there, we're going
to be finding a lot of bugs
and that's kind of what we're going
to be talking about today.
So mythosis, the latest version of
Claude, which is from anthropic.
And so they did this big song and dance
release recently where they
said, we've got this new
version of Claude.
It is so amazingly powerful.
It is so unbelievably powerful in
coding and finding bugs and
exploiting vulnerabilities in software.
It is so good.
We can't give it to you yet.
So, so they created this thing called
project glass wing and
project glass wing is this, I don't
know, pseudo charity thing
where they said, okay, we're going to let
the quote unquote good guys
have it first.
And so I think there's like 40 different
companies that they're
giving it access to before they
release it to the public.
They're running it on a lot of open
source projects, which
especially a lot of the big
ones, which is great.
Uh, we're going to find out in this next
article when I finally get
to it, that Mozilla has used
it to good effect.
But I'm, I'm here to tell you that this,
these tools are the real
deal and there's a lot of
hype behind this.
A lot of people are saying, oh, they're
going to IPO this year.
They're just trying to get
a lot of interest.
They are getting a lot of interest.
Uh, they're making such a big
deal out of this.
It's all hyperbolic.
It's just, you know, it can't
be this good.
It can't be this dangerous as a software
engineer, in my opinion.
And that actually, it's just, it's
not just my opinion.
There's actually a lot of
cybersecurity researchers who
share this opinion.
And I can, if you're interested, I can
maybe try to give you some
links, but, um, this is the real deal.
They are finding a lot of bugs.
Uh, one of the things that they point
to, and then I'll get to the
story and I'll have more to say, but
I'll finally get to the story
is somebody's keeping track of the
meantime to exploit how long it
takes before a patch is released.
Like somebody's fixed a bug and then
the bad guys find people who
have not updated their software
yet and then
exploit it in the wild, like
eight years ago.
It was like two years.
It took two years on average.
And I don't know what the, um, standard
deviation on that is.
But anyway, the point is over the last
few years, it's come down
very, very fast.
It's to the point where so far, I think
this year, the meantime to
exploit between publishing a patch
and somebody exploiting that
patch in the wild for somebody who has
not fixed their software yet is 10 hours.
That's that's nuts.
That's basically instantaneous.
I just need to chime in real quick.
I remember when I was on
surveillance report, it was
like three days.
So it's going down constantly.
That's insane.
It's basically immediate.
So that is what these tools are doing.
So that is why anthropic basically said,
okay, we can't, we can't
just release this to everybody yet.
We're going to let the, we're going
to let the good guys have it
first and try to fix all their stuff.
And so that leads to this article.
And that is that Mozilla used this tool
and in the latest version,
uh, well, okay.
So it's, it's a little fuzzy.
They said they found 271 bugs in Firefox.
I don't think they're all fixed in here
and I don't think they're
all critical bugs.
Um, they fixed a lot of them in
Firefox one 50, which just came out.
So it does exactly what they
said they wanted to do.
They wanted to give it to the two, you
know, in this case, Mozilla
say, find all your bugs before the bad
guys do fix them now and then release.
And, you know, at some point soon, I
don't think they've said when
they will eventually release this,
but now this brings me to
another point is I want to say that.
Even if this particular version of
Claude is not as good as they
say it is, the next one will be, but if
it's not them, it's going
to be chat GPTs.
They're next.
They've got a cyber version out
now that they think is about as good.
And by the way, uh, opening, I released
their chat GPT cyber and
said, we're also going to, they
took a lot of pot shots at
anthropic without saying it by name
and their press release.
But basically they're doing
the same thing.
They're good.
They're not releasing it
broadly yet either.
But even if these guys don't
do it, someone's
going to do it and it's going
to be out there.
That's going to happen.
So all I want to say, well, some of
the things I want to say about
this, that to you guys, the audience
and anybody, you know, that
has a business or works for a
company that might, well,
that's everybody.
This is real and we need to be taking
advantage of it now.
Uh, Steve Gibson on security now liking
this to the Y2K thing.
It's like, this is coming.
It's going to happen.
We need to fix our software.
And it turns out back then, it ended
up being a nothing burger
because we get, we had enough notice
and we, we, we worked ahead
enough that when that actually happened,
it was nothing really
happened because all the software had
been fixed and we're all good
when the clock rolled over on
January 1st of 20, 2000.
I don't think this is going to
be like that at all.
There's a lot of existing software
out there that's not being updated.
Uh, on devices that are no
longer supported,
people are not going to be
on top of this stuff.
And so for all of that software that
is already out there and
vulnerable, even if all these companies
do get privileged access to
this tool ahead of time and fix these
things at a time and release
their updates to this, those updates are
not going to be put on everywhere
right away.
So for, I think companies and there's
this white paper that, gosh,
I wish I could remember the name of it.
I'll maybe while you're talking or
whatever, I'll look it up and
say, but these guys basically said
you, you need to prepare now.
They're talking to like the, the CEOs
and the CISOs of companies,
the chief information security offers
and saying, this is real.
This is coming.
You guys need to prepare, like hire
people, get ready for a big
wave of bugs to be found either before
you release, because you're
using this tool.
You're privileged enough to get access
to this at a time or the bad
guys are going to find them for
you after the fact.
You're going to need to be ready to
fix these things and quickly.
And for just regular everyday people
that the company is going to
be able to fix, they're going
to be able to fix this.
And so I think that's the kind of advice
I'm giving is the advice
that we've always been giving,
but it's more urgent.
You know, get your old, unsupported
devices off the internet.
Make sure that you're not have internet
holes in your firewall.
You can use tools like shields up and
show Dan to find those kind of things.
If you've got software that needs to
be updated, get it updated.
You know, get your data
offline as much as
you can, you know, because
that if you got old
there, reduce that as much as you can
now while, you know, until
because these things are going
to be exploited.
I've been talking a lot.
I'm sure you've got some things to say.
So let me take a breath.
Nate, tell me what you think about
all this stuff I just put out there.
No, you're good.
Yeah, I mean, honestly, I agree
with you like I.
It you said it really well, like AI has
so many problems and I'm not an AI Maxi.
You know, earlier I said that I do use
Leo quite a bit, but I'm fully aware.
Of, you know, the copyright issues, the
privacy issues, I try to
use it sparingly.
I try to use it specifically for
like, hey, find this article
or something.
I generally don't use it for creative
stuff, but it is I've heard.
I feel like we covered this
on an older episode.
There was a one of the top Linux
maintainers was talking to the
register and he said that, you know,
historically companies, open
source projects have had issues
with AI bug reports.
Because there's just too many of
them and they can't keep up with them.
And but now he's in and this
was like a month ago.
So now he's talking about two
months ago or so.
But at the time of the interview,
he's like, yeah.
And then like a month ago,
all of a sudden it
was like a switch flipped and
something changed.
And now, like a lot of these
bug reports are
really good and they're actually
really helpful.
And we're we're finding a lot of
things and fixing them.
And so I think AI, like one of the valid
use cases and again, like
we should have done it differently.
I'm not going to argue that.
But now that it's here, one thing it's
actually really good for
is technical stuff.
And like I use it all the time to
help me troubleshoot server.
Like you can ask Jonah, he used to be
my go to person even before I
started working at Privacy Guides.
He was like my go to person where
I'm like, hey, I'm having a tech issue.
Can I pick your brain?
And now I think ever since I've started
using AI for that, I think
I've only had to hit him up like once
or twice like and I've had
one other issue that the AI was
giving me bad information.
But I thankfully I able to
imagine that you
read the logs and I might tell
you what's wrong.
But you know, it's like it's really good.
Like 99 percent of the time
it maybe not 99, but
for coding stuff specifically,
it's really good.
And I think it's very I'm with you.
Like even if it does turn out that
it's hype and it probably is
some hype like I mean, it's a company.
Yeah, they're trying to make money.
They're trying to get more investors.
Like there's always a little
bit of B.S. marketing.
But even still, like I'm willing to bet
there's quite a bit of good
substance under there.
And so it's it's good.
I guess what I'm getting at is it's
good to see it being used for
something useful for once
instead of like,
oh, let's make fake news
and let's make a.
Oh, my God.
I've been raging the last couple of days
because I just uploaded a short
video for the new oil.
I just uploaded one to like
TikTok and stuff.
And every time I go to TikTok, I do it
on the computer and I'm not signed in.
So I get like the generic home page and
I swear to God, it's at least 50 percent.
AI slop like obviously a.i. slop.
And I'm just like, why are people
using this website?
But, you know, it's so much like this
is such a better use case for
that instead of, you know, I don't know.
Yeah, it's crazy.
All right.
So a few other points that I'll
bring up is that coding in
particular, again, I'm a
software engineer.
I've done this for a long time.
And one of the things that I think
makes LLM supremely.
Good at doing code is code.
Software code has a very strict syntax
and a very strict format.
And it's either right or it's wrong.
It'll either run or it won't.
Now, you can write code different
ways to do the same thing.
But if you want code to work, it's got to
follow rules and they're pretty limited.
Unlike the English language,
which has all
sorts of ambiguities, every
language does right.
Coding language is very strict.
And so not only can you because it's
so strict and the syntax is so
fixed, it makes it, I think, perfect
for something like an LLM to
study lots of existing code that's
already out there and then be
able to write new code from that.
You can also have it write
tests and prove that
it works, which you can also
do automatically.
So this entropic, these entropic tools
and some of this is from
tools that are even before mythos.
But for mythos, what they told him was
literally this is the instructions
to mythos.
Here's some code.
Read the code.
Find me a vulnerability.
And they walked away.
That's it.
And it found them.
It's that good.
And it's not some of these bugs.
If you're into cybersecurity
and you'll know
that today, a lot of our software
has gotten better.
It's gotten more secure.
We've put in lots of sorts of safeguards
on software to prevent,
you know, it's a cat and mouse game.
You know, the cyber hackers
figure out, you
know, oh, code is vulnerable
in these ways.
And so we've actually rearchitected
entire operating systems to not
let that be a vulnerability and where a
whole class of vulnerabilities
have gone away.
So oftentimes today, when you're
finding a vulnerability in
software and you find an exploit that
allows you to take over a
system, for example, it's what it
really is under the covers.
It's usually three, four, five,
six chained exploits.
It's not any one bug that gets them in.
It's a set of bugs.
This bug gets me this far.
This bug gets me this far.
This bug lets me raise my permissions.
This bug lets me access this
other software.
And by the time you're done,
all of these things
together in order will get you
this vulnerability.
This tool in this case found an exploit
chain that I think that was
six links long.
It's it is that it is that good.
I'm here to tell you if this is the
real deal and we should be worried.
The next 12 months is going to be bumpy.
I mean, I don't want to.
I am not hyperbolic.
If you follow me at all, you
know this is I am
not a chicken little skies
falling kind of guy.
And I think there's also a lot of
upside to like I think this
project glasswing for all the
hype and everything.
I think it's still a good idea
that we're doing it.
Once we build these tools into our
software development process, we
are going to be shipping
much, much cleaner
code with a lot fewer security
vulnerabilities.
That day when it comes will be good.
Until then, we have a lot of software
that exists already out there
that is not going to get patched that
is at least not quickly.
And it's going to be vulnerable
to these things.
So it's I'm not a prepper.
No, I'm not.
You know, but I'm telling you and
I usually avoid hyperbole.
This is a case where I think the hype
I think both things are true.
I think there is a lot of hype.
I also think these things really
are that good.
And we need to I'm glad they're
giving it access.
We're actually going to talk
about the next story.
They screwed that up, too.
But I'm glad they give them access
to ahead of time.
I think that's a good call.
Yeah, I think you kind of summed up what
what there's there's a lot
of hype, but I think there's also
a lot of substance, too.
So well, I guess real quick before
we jump into that next story,
I'll give the audience a
chance to disagree.
We'll try these polls out again.
Do you think I will change cybersecurity
will be useful?
Let us know in the comments
one, two or three.
But in the meantime, I'll let you
keep rolling and tell us more about this.
What what's the latest development
in the mythos saga?
Well, OK, so this is this is one of
the downsides to doing what they did.
And so the one thing I think that they
got wrong with this whole
project glass ring thing where they
came out again, anthropic came
out and said, we have this tool that
is so amazing and so good
called mythos that we can't just give
it out to everybody yet.
We're going to we're going
to let the the good
guys, the blue teams have access
to this first.
And that was great.
But if I was in retrospect, I wouldn't
have told anybody that I was doing that.
I just would have done it and then
announced it when you could release it.
You know, you don't have to tell everybody
you're going to do this.
And they went so far, by the way, just
just to show you how the
hype works in this and the
marketing work.
Somebody figured this out.
What they did was in the press release
is they basically said, we
found we've already found all these bugs.
We can't tell you what they are yet
because we don't want the bad
guys to exploit them yet because the
people that the software that
has the bugs hasn't fixed them yet
haven't released the patches.
So we're not going to tell you.
But we want we so badly want to prove to
you that we know that these
are real bugs.
And what we did was we wrote the report
with all the details that
explains and proves that we know
what we're talking about.
And this was a real bug.
And then we took that report
and we hashed it.
Now, if you don't know what a hash
is, it's a cryptographic
function that basically takes any amount
of input data and distills
it down into a fixed link
number, essentially.
It's a big number to the point where
if you took an entire book and
hashed it all the text from a book and
hashed it, you get a number.
If you change a period in
that book and hashed
it again, you would get a totally
different hash.
It's like a fingerprint for the book.
So basically what they did, because they
wanted to be able to prove
so badly that when this thing came out
like, see, we told you we
knew this was here.
They took their bug reports and hashed
them and released the hashes
so that when those bug reports eventually
do come out, you can hash
them, get the same value and say,
oh, yeah, they really did have that.
They knew about that weeks ago.
So anyway, what what happened here is,
of course, because they came
out and said this thing
is super valuable.
Everyone's going to want this, but
you can't have it yet.
Somebody figured out how to get it.
And the weak spot is always people.
So this article in TechCrunch, the
summary basically is some some
group of people, I think they had like a
discord group where they they
evaluate stuff.
They figured out by looking at the
pattern of various clawed
releases, they kind of guessed where
the service was going to live on the Web.
Got it.
And then somehow through a third party,
because there's always a
third party, there's always
your partners.
Always what kills you.
They partnered with some people, some
partner had a had a vulnerability
or something.
I don't know.
So I don't know if it was social
engineering or what.
It's a little bit vague.
But somehow through a they've compromised
a third party and got
access to the mythos tool ahead of time.
Now, we could only hope that they're
not using it for for evil.
I don't know.
But but whatever you come out and
say that these things are so
amazing, you're just paying
a target on your back.
They should have.
They should have just waited.
I think that's all I got
to say about that.
Nate, what do you think?
Any comments on that?
Sorry, I was having some slight
technical difficulties.
Sorry.
All right.
Yeah, no, I I thought that
was funny, too, that.
Yeah, it does seem kind of inevitable.
I feel like when I read this headline, I
was kind of like 50 50 on the one hand.
I was like, whoa, that's crazy.
And on the other hand, I'm like, yeah,
I guess that was kind of inevitable was.
But I don't know.
My my only real thought, to be honest,
is that I'm surprised we
haven't seen any further
developments yet,
because this was you see, this
was on the 21st.
So that was like, what,
Monday or Tuesday?
And I mean, it's a good thing.
It's a good thing, I guess.
And, you know,
the week is young.
Like we could still see stuff
come out of this.
But it's like, OK, they say
that they've got
access now, but what are
they doing with it?
And so I guess I'm curious.
Because, yeah, we really don't know much,
or at least publicly they
haven't said much about
who's behind this.
So yeah, this this this smacks to me
of somebody like almost like,
hacker interest group that just wanted
to see if they could.
And they and they poked around and
figured out they could.
And they did it.
A lot of, you know, a lot of hackers
is just for the laws, as we
say, you know, it's just to say that we
could do it, maybe get a
little street cred.
But if they can do it, what that really
means is someone else could do it, too.
And if I were North Korea or Russia
or China or Iran or any one of
the other state sponsored actors,
I'd be trying this, too.
And if they could, if these guys
could be in, the chances are pretty good.
Someone else can, too.
I if again, I know we talk about
security through security.
And it's not a great thing, but
it's also not a bad thing.
I entropic should have just sat on this.
They should they shouldn't have gone
for all the marketing hype
with the we're sitting on something
we can't tell you about.
And it's it's like I've got a secret,
but I can't tell you.
Right.
I mean, we all know as human beings
that never works out.
That's funny.
That's a really good comparison.
Yeah, that's yeah.
I mean, that reminds me of the the 80s
and 90s hackers, like what
it was all about, just because you could.
And there was no real incentive
behind it.
But yeah, yeah, I certainly
hope that's it.
And I certainly hope we're not about
to see a string of like all
these companies were hacked in a way
where clearly they must have
been abusing me, those because
there's nowhere
else that you could have done
it or something.
But yeah, interesting stuff.
I think that's all I got.
And I feel like we've covered
that pretty well.
Yeah,
Jonah's, I think, trying
to give you a real
quick plug again, if you guys
are enjoying Carrie,
which somebody said that in the signal
trap, by the way, they said
they're really enjoying you on the show.
So fireballs, don't stop dragons.
FDSD dot me.
Definitely check them out.
And we'll talk about that a little
bit more in just a moment.
But first, we're going to get into
a fun story about Meta.
We all love to jump on.
Oh, yes, that is one of my favorite
companies to pick on.
So Meta has started keylogging their
employees, allegedly to train A.I. data.
I'll be honest, the story is pretty
straightforward, but there's still
some good takeaways here.
So let's start with the facts
of the story.
Meta is installing new tracking software
on employers' computers
that will measure mouse movements,
clicks and keystrokes for
training its artificial intelligence
models.
This is called the Model Capability
Initiative, and it will run on
work related apps and websites and
will also take occasional
screenshots of the employee screens.
And they say that the goal
is they're trying
to improve areas where agentic
A.I. struggles.
Well, they said the company's
A.I. models.
I'm assuming this is an across the board
thing or maybe their A.I.
really just sucks that much compared
to everybody else.
I don't know.
I haven't used any A.I. agents.
I wouldn't know.
I don't trust them enough.
I don't mind telling me click.
I just it's a control freak thing.
I don't mind telling me like, hey,
click on this article because
that's got the news you're looking for.
I do mind when it's like, let me
go buy your plane tickets.
Like, no, don't.
But anyways, they say that they're
specifically looking to improve
things like like when you
have to choose from
a dropdown menu or you use
keyboard shortcuts.
Apparently, that's something where
A.I. still struggles.
They also said that.
Where did it go here?
Oh, yeah, here it is.
They said that the MCI would not
be used for performance
assessments or any other purpose besides
model training and the
safeguards were in place to protect,
quote unquote, sensitive
content without elaborating on
which types of data would be excluded.
So.
I mean, me again, I hate meta.
I love to take shots at them.
So my first question is, it's not going
to be used for performance stuff for now.
And like, how are they going to if
it's taking screenshots like,
OK, first of all, and I think this is
probably where we're going to
start getting into the analysis portion,
but like you shouldn't be
doing anything personal or work computer.
But hypothetically, let's say someone's
opened like an email or
something like something that they
need to do real quick.
I mean, we've all had those moments,
right, where it's like, I need
to do this thing.
It'll take five minutes.
I'm at work.
Let me step outside and make this
phone call or whatever.
So what happens when they open their
email and that's the moment
that it decides to take a screenshot,
there is not a world in which you can
convince me that that is going
to throw that away.
Like, yeah, I'm sure they'll
say they will.
I don't believe it for a second.
Yeah,
Lucas says I want them to train
their replacement.
They may.
Maybe you're not wrong.
Yeah.
So it's one.
So, OK, so one of the things I got
from the article was that it
seemed like what they were really trying
to do is, again, toward
this agentic I was talking about,
they want to understand how
humans interact with this stuff so they
can better implement their
agentic guy, which will take over
and do these things for you.
So that's one of the one of the reasons
supposedly why they're why
they're doing this.
And so let me just take a quick
segue to say you're absolutely right.
In my opinion, you're absolutely right.
Do not use anything agentic
at this point.
I think it's really cool.
I love sci fi.
I can't wait for the day
when this stuff is
trustworthy and I can tell my
computer do the stuff.
It can do great stuff like my my doctor,
of all people, was telling me, oh, yeah.
So I started I installed called Kowork
and just told it to clean
up my Mac for me.
And it went and found all these files
and get rid of stuff for me
and tweaked all my settings and
it's so much better now.
I'm like, oh, my God, like I can't trust
these things yet to do those
things on my behalf.
I someday maybe I'd love that.
But no, we are not there.
We are already.
I bet you that story was
so close to ending
with like and then it deleted
all my my kids photo.
Right.
Right.
Yeah.
And so we're building some of the
things we need to do.
And we're already starting to do them.
There's this thing called MCP, which I
think is what is model control protocol.
We're starting to build
in frameworks into
our operating systems that
allow these things.
So
you will they're already building in
hooks, basically, software
hooks into our applications that
are operating systems for agentic AI.
So it'll be easier for these guys to
basically script and automate
things on your computer.
So and that's good in the sense of it's
coming from the operating
system vendor, Apple, Google, Microsoft.
Hopefully they're going to build
in some guardrails.
And hopefully they're going to set up
types of permissions that you could give.
It's going to be like apps all over
again, where you have to go
through and say, yes, you can have
access to my microphone.
No, you can't look at my this folder
that has my taxes in it.
You know, you're going to have to go.
You're going to have to go through that.
But right now it's the total Wild West,
you know, Claude, was it Claude
Baut or Molt?
Originally, what was the what
was originally called?
Open Claw.
It's Open Claw now.
I think originally it was Claude
Baut and then it became like Molt Baut.
And now it's Open Claw.
I can't remember exactly either.
And so so when I read that, first of all,
like that is that again, I'm an engineer.
I love to automate things like
that's totally cool.
But I would never do that.
I would never trust this thing.
So I was like, OK, how do I do this?
So I'm actually building my own server
to do this on, because I
first of all, I've got to sandbox this.
And so I've got to keep this totally
separate from I would never
run these things directly on my
machine because then they run as me.
They could do anything I can do.
And in most cases, that means
you're admin, so they could do anything.
No way am I going to do that on
any computer I care about.
But so I bought a dedicated computer for
this and I'm running local models only.
It's using Olama, if anybody's
familiar with that.
So it's all local.
There's nothing cloud based on there.
And I want to try to get this thing
to do this kind of things.
But it's going to be more
like an assistant,
like it's going to have their
own personality.
Like I've already got this box set up.
It's OK, this is going to sound horrible.
I totally understand that AI is not real.
Do not worry about me.
But I called it Sam and I called it
Sam because that's the name of
the AI and her, which is a movie.
If you've not seen, you need to watch.
It's very relevant now.
That's been on my list for like a year.
Oh, yeah.
Go watch it.
It's in fact, I need to watch it again.
It's a weird love story with AI.
I'm not spoiling too much.
But it's it's really talk.
It speaks a lot to what we're
doing now with those agentic AI stuff.
So I called it Sam.
Anyway, Sam's going to have a memory.
Sam's going to have a eye, but it's
all going to be local.
And Sam is different from me.
Sam is not me.
Sam is not sharing my accounts.
This is the kind of thing where Sam's
got her own proton account.
Sam's got her own signal account.
Sam's got her own phone number.
And I and we will communicate my signal.
She will only ever respond to me
and she will do automated stuff, but
she's going to do it as her, not me.
And with whatever sharing kind of
permissions, I'm able to set up in like
proton or wherever we're going
to share stuff.
So that that's that's how
I'm attacking this.
But eventually we will get
to the point, I
think, where these things
will be trustworthy.
We are not there yet.
Yeah, for sure.
I don't know.
For me, I think it's just a
control freak thing.
I don't you like.
I don't know.
I've never been in a job where
I've had an assistant.
I've never.
You know, I've always been.
My mom raised me to be self-reliant
and not
have to rely on like anyone
to take care of me.
So for me, I think I'm just too much
of a control freak to like.
And also, like I honestly, I
do ask myself a lot.
I'm like, is there anything where I can
offload this to AI and I'll
be, you know, like I'm being stubborn,
I'm being a lot, even though
I know that phrase gets used wrong,
but, you know, I ask myself that a lot.
And I just I never seem to
run into anything.
It's like I've tried having and I know
this isn't a genteck AI, but
I've tried having like AI write
blog posts before.
And I won't lie, it's really good.
Like I'm not going to lie.
I did this with with my interview or my
review of Cindy Cohen's
book just for fun.
I'm like, OK, here's a link to my blog
post, like my entire old
blog that I've been writing since
like 2018 on write as.
I'm like, here's a link to that for tone.
I want a review of this book.
Here were my thoughts about it.
And it was really good.
I'm not going to lie.
But at the same time, I looked
at it and I'm like.
But I just I'm not comfortable
publishing that like I didn't write that.
And there were definitely like a couple
sentences that I was like,
OK, actually, I really like
the way it put that
and so I'm going to use that
specific sentence.
But there were like two sentences
out of the whole thing.
I just I don't know.
I'm the same way.
I think it's I think it's a pick
and choose kind of thing.
So think of it like I'm the
same way I would love.
This is something I'm working on as well.
It's called RAG and I forget
what RAG stands for.
It's it's an acronym.
But basically you feed it a whole bunch
of stuff and I basically want to give it.
Here's here's my book.
Here's my all my blog posts.
Here's the transcripts from my podcast.
But I want to know things like have
I talked about this before?
When was the last time I talked about it?
Who did I talk about?
Did I have a guest where they
talked about this?
What were the points that
we brought up then?
Go back and look at my podcast that I
ever say something like, you know what?
If this if this changes, I'll
get back to you.
And I don't want to forget that.
So go back and help me find to do lists
from things where I said,
oh, that's good.
I told my audience I'd get back to you
on this and I want to make
sure I do that.
But yeah, I've done the same thing.
I I would I don't think I would ever
let it write an article for
me, but I have had it's like, OK,
give me some bullet points.
Give me some ideas.
Here's what I'm looking for.
And I've done some brainstorming with it.
And I did for fun, kind of like you.
Like I would I'm too OCD about it.
I would never let them.
I've got to write in my own voice.
It's me.
And I like my tone and the
way I do things
that I wouldn't trust something
else to mimic me.
But I did, you know, I did say,
OK, give it a shot.
Take this and just write this article
as if you were me and see it.
It wasn't me.
It was a good death.
It probably will be Sunday, but
it's not there yet.
I probably still wouldn't do it.
I'm with you.
When it comes to things like that,
content creation, things that
I'm creating, it's got to be for me.
But there are so many things
that I got on me.
Here's here's another one for you
that I'm looking at doing.
And I've already kind of started
putting some groundwork.
I hate most news aggregators.
I have an RSS feed where I can actually
just, you know, I can get
the raw articles into a nice set
of folders or whatever.
But what I really want is I want to
write my own news aggregator
that goes and finds these things for
me and then highlights the
ones based on my criteria that are
interesting and then maybe even
notifies me like, hey, this is hot.
This is happening right now.
You might want to go check this out.
I want to and I want it to be tailored
to me and I don't want ads
and I don't want tracking and I
don't want data mining.
But in summarize, give me give me three
bullets and they can be a
slightly executive summary version.
And then if I want to go on, I'll
read the whole thing.
I would love to have something like that
because most all OK, every
news thing I've used lately just sucks.
It's full of ads.
It's full of autoplay videos.
And I just can't stand it.
I'm going to build my own.
And so let me make another point.
That's where we are.
Another thing I'll make another
prediction for you.
And Chris Belize would not
like it because
and that is that we are in the
age now of custom apps.
We're already there.
I'm already doing it.
And the rest of us are going to
be doing it very soon.
This is going to put some software people
out of business, certain
a lot of these subscription based ones
where you're going to say
that I just read this article recently
and I think I might talk
about this on my next podcast where this
guy, no, I actually did my last podcast.
He wrote his own word processor
because he was so sick of
all the other ones.
He needs a certain set of features.
I don't need 100 features.
I need five.
And then I need of the five that
Microsoft Word has that I really do use.
I need two more that it doesn't have.
Like he likes Pomodoro time.
Pomodoro timers.
He's into that getting things done
system, which I've heard of never used.
He built that into his own
word processor.
He just had, he just vibe coded
the whole thing.
And so now he has a custom word processor
that lets him, it has
folders where you can bring
in source material.
Like here's a PDF I want to reference.
Here's a link I want to reference.
And now I want to write an
article about this.
Help synthesize that for me.
He wrote a custom word processor.
This is what we're all going
to be doing soon.
We're just going to be writing
our own apps.
It's amazing.
I've heard other people make
those predictions too.
Yeah, I don't know.
And I mean, I guess as far as vibe
coding goes, I know for the
simple stuff, it's probably fine.
Like maybe a note taking app that does
this and looks like this.
It's I think right now, once they, the
complexity is where it's going
to go wrong, right?
Like somebody's going to be like,
"Oh, but I wanted to do 500 things."
And then it's like the next thing you
know, your social security
numbers on the front page of Google.
But you know, yeah.
I will say not to like keep getting
on the topic, but I will say
the, the Cindy Cohen, the
article that I had
it write, the AI write was
actually pretty good.
And I'll be honest, if I published it,
I think most people probably
would have not noticed maybe, but it's
still just, it just doesn't feel right.
Like it's, like you said, it's not me.
So, and then real quick, I, I was just
going to say, I'd feel bad
if we didn't touch on this, the whole
like the bossware aspect of
this meta story is, you know, just to
kind of remind, I don't know
about other countries, but here in
America, like I don't think, I
mean, it does specifically say that
this probably would not fly in Europe.
The Reuters article here did say that.
But I know in America, like
they can't make
you download anything on
a personal device.
I think on company computers, they
technically can, which is also
why again, you know, we made a point
of like, if you can try not to
do anything on company computers.
I know everybody's in a different
situation.
Some people are, they're in a situation
where like, that's the only
computer they have.
And that's really unfortunate.
But if you can try to, to keep
your stuff compartmentalized for sure.
We get into all that stuff
in this interview
area coming up, I think it's
going to be late May.
So it's good.
It's going to be, I think three, three
interviews out, which is six
weeks, because I alternate between
news stories and interviews for my show.
But we talk about that.
We get into those details
a lot about what
they can and can't do and
what they are doing.
And the fact of the matter is
it's their equipment.
And you're right.
So if you're using their equipment,
you should assume that they
can, they know everything you're
doing on there and they can
legally, you don't, you don't
have the right and
expect expectation of privacy
on a company device.
So from that perspective, I don't think
just because it's right
doesn't mean it's not creepy
and are legal.
Let me say it's not right.
Just cause it's legal doesn't
mean it's not creepy.
And that's what Facebook is doing here.
It's going to be super creepy.
And, you know, the Microsoft recall
was, was another thing like that, right?
Where Microsoft had this built-in AI
agent that's going to keep
track, take pictures every of your
screen every few, every few
seconds, I think is what they were doing.
Yeah, I think it was like every three
seconds or something.
Yeah, read all your texts so that
you could ask it later.
I mean, what was that website
I was looking at before?
Or Hey, what was that email I started
and then deleted?
I want to do that again, you
know, but, but that
also means that we're going
to mind that stuff.
And their security, of course, when
they first released, it was horrible.
But anyway, yeah.
So these devices you should assume,
even if it's your own devices,
if it's a mobile device, we call it
BYOD, bring your own device.
If you're, cause it used to be
issued a company phone back in the day.
And that's a lot less common now you
bring your own phone because
nobody wants to carry two phones.
And so they put an MDM profile on your
device, which allows them to
do certain things.
Usually it's pretty sandbox is my
understanding actually.
Again, we talked about this in the
interview, but that is actually
pretty clean.
And like they don't cross the streams.
Like they get access to Outlook or
whatever the company wants
you to install.
It might force you to have a pin or
a pin of a certain strength on
your device, things like that
security, things
like that's cause they want
to protect their IP.
And by that, I mean intellectual
property.
But yeah, when it comes to the corporate
laptop or the corporate
desktop, if you've got one of those,
you should just completely
assume that even off hours, if
you've taken it home,
they can, they can, they're probably
not doing it maliciously right now.
Like there's not somebody sitting in
a security room somewhere to
like flipping through channels
and look at
what employees are doing, but
it's being recorded.
So they could go back at any point
and look at logs and look at
those kinds of things and, you know,
find some reason to fire you.
Yeah, I used to at my last job
where they gave us
a company laptop, I, it was
on the guest network.
So it was behind a VPN.
It was isolated from everything else.
And I would like, I would come home,
I would log my hours, I'd send
my daily report and I'd turn it off and
put it in my backpack and put it away.
But, and I really tried to get in the
habit of doing that before I
even left the job site, just because
that way it's like, I don't
know, it just felt like it saved up
so much more time when I got home.
Like I get home and I just go straight
into shower, eat, whatever, but yeah.
Yeah, setting boundaries.
And that was a good way to
do it, probably.
Yeah.
All righty.
So I think we're at the point in the show
where we will start taking
listener questions.
Right on.
So if anybody, bring it on.
All right.
Yeah, if anybody has any questions,
I know the chat's been pretty
busy, but if you have any more you've
been holding onto, go ahead
and start leaving them in the comments
or in the forum thread,
we're gonna check that in a minute.
But first on the topic of
the forum, we're
gonna check in on, well, the
community forum.
So there's always a lot of activity.
This week has been really busy,
a lot of chatter.
I mean, we've posted a lot of
articles and videos.
So a lot of chatter this week.
But this week I wanted to highlight
specifically
a couple of very closely related
forum messages.
So one of them is,
somebody said, "How much privacy
can I really
have "when I'm being ratted
out by my friends?"
And interesting choice of words there.
But basically they mentioned that they
have a friend that they play sports with.
And that friend recently said they
chose their team lineup using chat GPT.
So basically they told chat GPT all
their friends, like playing
styles, strengths and weaknesses.
And they said, "Although the information
"was probably subjective
and not highly sensitive, "I'm still
uncomfortable with it."
And kind of just went on to talk about,
how do we interact with people who may
be a little bit less privacy
focused than us and may not necessarily
see the issues with that kind of stuff.
And similarly, there was somebody
else who asked about messaging apps.
They said they made a friend
who uses Line,
which is a really popular
messenger in Asia.
I think it is technically end-to-end
encrypted, but don't quote me on that.
It's definitely proprietary either way.
So basically like the Asian
version of WhatsApp.
And they said, "Why don't we use Signal?"
But the person declined.
They said, "I don't know why they
declined to use Signal."
Apparently they said Asian mainstream
media sometimes intimidates
people away from secure messaging apps
because it associates them
with criminal activities, which
is really unfortunate.
But they were kind of asking in that
specific scenario, like, "What
are my options here?
Like I could sign up for a line
using this, I could use it this way."
But again, the overarching theme here
that I really wanna discuss,
cause I know you and me, Carrie,
both kind of come from a
background, like me at the New Oil
and you at Firewells, and I
stopped Dragons, we come from a background
of like kind of trying
to meet people where they are and trying
to like nudge them towards
better security, but also accepting
that unfortunately, a lot of
people are just gonna do the basics.
And sometimes we'll just be lucky
if they even do the basics.
But so yeah, what are, I know this is
a very nebulous way to word
this question, but I mean, what are your
thoughts on that, finding that
balance between like
accepting that you can't always force
people to be as into privacy
as you are, but also like still wanting
to preserve your privacy
and respect that?
No, I think that's a really good point.
And it's something I think a lot of
people lose sight of and it
takes two to tango.
And so you've got to trust the other
people in your group.
And that is another actually a great
feature, a signal where you
can set your messages to be disappearing,
which is nice, right?
So at least you don't even have to count
on the person at the other
end to make sure they're wiping the
device every so often if you
could set that, which is another
great use for signal.
In this case, this person was using
this other tool, which I don't
know if it has such a feature, but even
so you've got to, I mean,
as far as if you're threat modeling,
what's going on, you've got to
just take into the account that everybody
that you're talking to,
end-to-end encryption only
goes to the ends.
And so any of those ends could
be compromised, right?
And like, what was it?
We're good on ops sec, right?
When the guy- We're clean on ops sec,
I think it was, but yeah.
We're clean on ops sec.
So clean.
Yeah, right.
So, yeah, it's something you gotta
take into account.
And as far as how do you,
this is a perennial problem with this,
with security and privacy
tools in general, is that you've got to,
and I struggle with this.
I mean, you want to communicate
to your friends.
I'm on several group chats that are
just, the ones that drive me
the most nuts are Android slash iPhone
group chats, where you're
getting green bubble messages everywhere.
And some people have older iPhones,
so they're like duplicating messages.
And when someone puts a highlight
on a message, instead of
highlighting it says, there's a text
message saying, so-and-so
it said, "Haha."
You know, so you know, technically that's
all, you're already screwed,
plus it's SMS.
So, you know, there's no security.
And I would love to say, "Hey guys,
let's all go to Signal and
do this there."
And I just don't, I just shut
up and roll with it.
So there's only so much you could do.
I've convinced certain sets of my
friends to use Signal for
when it matters.
And I keep trying to get more,
but that, well,
this is why it needs to be the
default everywhere.
So, you know, so there's,
there is no choice.
You don't have to worry about it.
Everyone's just, we should all
just have it by default.
It's not a criminal thing.
It should not be, should not raise
eyebrows when someone is using
end-end encryption.
It just should be the default.
Yeah, for sure.
And thankfully, like now RCS is starting
to come with encryption,
but I know that's still
in the early days.
I don't even think it's out of beta on
iOS yet, but, but even then,
you know, RCS comes with metadata
concerns, but it's certainly a
step up from, like you said, SMS, which
is, I always tell people,
I'm like, SMS is basically a
postcard at this point.
Yeah.
But yeah, it is really frustrating.
Cause like my, my brother, I'm
very close with my
brother, but he's pretty much
all in on Discord.
Like you might maybe call me on like
a cell phone if there's an
emergency, but he's not going to switch
to Signal or anything, but it does suck.
But yeah, I think kind of one thing
you said toward the beginning,
if I heard you correctly, you kind
of mentioned threat modeling,
and I think that's a really
important thing that,
you know, I'm a firm believer that like
privacy should not negatively impact you.
And it's definitely great to try and
like encourage people to use
these messengers and try to nudge people
towards that and offer to help them out.
You know, like it's such a fine line
to, between like being pushy
and being helpful of like, hey, what
if I install it for you?
Like, would that make you more
likely to use it?
Cause I've run into those
kinds of people.
Like I've mentioned on previous episodes,
I have my stepdad on
Signal and we have like a
family group chat.
We're probably the only people he uses
Signal with, but like I put
it on his phone and he uses
it, no problem.
And I guarantee you, it probably would
have been crazy to talk him,
I think he's almost in his seventies.
It, he might be in his seventies now.
And he's just, he's one of those, you
know, obviously there's a lot
of like tech savvy older people,
but he's not one of them.
And I'm sure trying to walk him through
it over the phone or
something would have been a nightmare,
but we just got together one
time and I was like, hey, if I put
this on your phone, will you use it?
And he's like, yeah, absolutely.
And so it's super awesome having all of
us in there now, but yeah,
it's, excuse me.
But where I was going with the threat
modeling is, you know, just
remembering that it's, how
important is it?
It's, it's finding that
trade off of like,
this person is important to me.
I'm willing to, you know, have, have
this SMS conversation, but
also recognizing that maybe there's
some things I'll wait to say
until we're in person or, you know,
some things, I don't know.
So it's a, it's a top line for sure.
Like, well, so when it comes to things
like family, like one thing
I did for my family is I
just went ahead and
sucked it up and paid for proton
family for everybody.
And that, you know, so once I'm paying
for it, it's, it's, it was
easier to talk them into doing it a
little bit of, little bit of a guilt.
Cause that was my first thought.
If I did that for my family, I'd
have to guilt them into it.
Guys, I spent like $600 on this.
Come on.
Right.
I wasn't, I wasn't above doing that
for my, for my family.
So yeah, I totally agree though.
Helping other people do it could be
a big, can be a big way to go.
Back to threat modeling.
I wish we could come up with a more,
less scary term for that.
Threat modeling sounds really technical.
It sounds really scary and people
like that immediately turns people off.
I wish we could come up with a better
marketing term for evaluating
your situation, right?
Yeah, that's why I did give
a talk recently
and I basically had to like
recap all the basics.
And I started with threat modeling
and I always tell people, I'm
like, it's just a fancy way of saying,
what are you protecting?
Who are you protecting it from?
Like it's, it sounds scary.
I think we use it cause it makes us feel
like spies and that's fun,
but it's a, it definitely
sounds intimidating.
But yeah.
The privacy dad said I put graphene on my
partner's phone and I don't even
think she realized.
Honestly, yeah.
I kind of want to ask my wife that
because she also has a pixel,
but she's at the point where
she settled in.
She's got all her apps on there
and everything.
And I've asked her before, I'm like,
hey, can I flash your phone?
Like put something on there.
And she's like, yeah, but I mean,
at first she was like, yeah, sure.
And then when I told her, I'm like,
you're gonna have to reinstall
everything.
She's like, oh God, that sounds awful.
So I think next time we buy phones, I'm
gonna be like, okay, before
you sign in, can I flash this phone?
And then it's all yours.
So.
I think browsers are a thing that really
fit in that category too.
I mean, surfing the web, there are
some nice features here and there.
Most people probably don't use them.
If you replace somebody's browser, I
think the chances are pretty
low they're even gonna notice because
they basically function the same way.
I have seen multiple stories on Reddit
of more tech savvy people
who were like, oh, I went to my mom's
house and found out she was
still using like Windows Explorer
or Microsoft, whatever it's called.
Internet Explorer.
Internet Explorer, yeah.
Yeah, and so it's like, I replaced it
with Chrome, but I changed the logo.
So it still says Internet
Explorer and she
hasn't even noticed that it's
been like six months.
Oh, that's funny.
I mean, some people for sure could
definitely do that, but I feel
like Chrome is different enough that
I think most of the people in
my life would notice like, wait, something's
different, but yeah.
So, all righty.
I think on that note, we'll dive into
questions and we'll start
with the questions on the forums,
specifically if we have any
paying members or if we have
any questions, I
don't think anybody did, but
I'll take a look.
And if you want to become a paying
member, you can go to
privacyguides.org and there's
a little red
heart icon in the top right
corner of the page.
So I told you all this brave story was
extremely controversial and
I'm not kidding because if you go look
at the forum post for this
episode, it's mostly people discussing
amongst themselves.
So the first question came from Nisromo
who said, "I'm sure you'll
talk about it, "but please be sure to
make a case "both before and against."
I hope we did that because I personally
feel very split on it.
So I apologize if I came off as very
like either way because I don't know.
I see both sides of the argument
personally, but.
Yeah, yeah, me too.
And yeah, again, to me, there's a
difference between the marketing
aspect and the financial aspect of this.
I think the marketing was kind of weird,
but that doesn't mean you
still can't do it.
And if you want to support them,
that is a way to do it.
And if it gets you a better version of
the browser or automatically
turns off all those things that drive
you nuts, sure, I guess.
I can see either way.
So we did have Cs listed a couple
of questions here.
Let's see, "I'd be interested to
hear your thoughts "on the
following topics and stories
if you have time.
"I know some of these stories."
So we can go through them pretty quick.
Did you hear about the Bitwarden CLI?
I did.
Was it compromised in the
supply chain attack?
Yeah, I did.
Do you have any thoughts on that one?
Not on that one specifically, but
supply chain attacks are a
serious, serious problem that
needs to be fixed.
We need to lock, that is, we found
another soft spot in our processes.
And as a software engineer, I can
tell you that that is,
for example, one of the things that's
often done in software is
that you say, "Here's a list of software
libraries I depend on."
Because software today is not, no one
writes their own software top
to bottom anymore.
We're all using, it's a Frankenstein.
You're taking a piece of this, a piece of
that, because someone's already done it.
So why reinvent the wheel?
And so you bring in all these
various parts and
libraries, some are open source,
some are not.
And if you don't specify,
by default, what usually happens is it's
like, "Okay, here are the 10
things I depend on."
They'll get you the latest
version every time.
When you do a new version of software,
it will go and fetch the
latest version, because it figures
you want that.
That's where the supply chain
attacks bite.
So one of the things we could be doing
and should be doing for all
these things is what we call pinning,
where you say, "Okay, here's
the 10 things I depend on,
and I want these
specific versions unless I
tell you otherwise."
So at least if you get to the point
where you can trust the
versions that are there, you're not
gonna get bit because one of
those got taken over by somebody and
the next version has got
built-in malware, because you're not
gonna go get that version automatically.
There are things like that.
There's processes that we need to, the
new best practices that we
need to adopt, but that is a definite
soft spot today with software
engineering.
So I don't hold it against the
Bitwarden-Steel Eye folks.
It's probably one of those kinds
of things that bit them.
Supply chain stuff is a serious problem.
Yeah, and I do wanna say for the record,
for those who aren't
familiar with the story, because
it is pretty new.
It just happened like the
other day, I think.
So this was a,
like Kerry said, supply chain attack.
So it wasn't Bitwarden itself.
It was one of the libraries they used.
The library itself was actually only
compromised for about two
hours, not even.
I think it's like an hour and a
half, 557 PM to 730 PM on April 22nd.
Bitwarden confirmed the incident.
They said that the breach affected
its NPM distribution channel,
and only those who downloaded
the malicious version.
So hopefully nobody downloaded it in
the hour and a half window.
They said there's no evidence at this
time that any end user vault
data was accessed or at risk, but
they've already fixed it up.
So yeah, I mean, I'm with you.
You talk about the supply chain.
What do you call it?
The bill of materials?
Or a manifest.
It has different names, but yeah.
You mentioned that a few times on
the podcast, and that's
definitely, I think, I was real hopeful
for a minute there.
We were seeing a whole bunch of
supply chain attacks.
Oh, S-BOM, software bill of materials.
Yes, I have talked about
that several times.
Keep going.
Yeah, and I remember thinking, I'm
like, we might finally start
making some progress on this, but I
haven't really heard anything,
so I don't know.
That is something that as a software
engineer, I would say we should all have.
And it sounds maybe easier than it is,
but basically what that is
is that ingredients list for your
software, and you publish that
with the software.
So you can say, these are all the
things that my software depends on.
Now, some companies are gonna say lots
of proprietary secret, even
if I'm using a public library of some
sort, OpenSSL, let's say.
Even if I'm using that, I don't wanna
tell people I'm using that,
because maybe, again, security through
obscurity, maybe it's gonna
expose me to people who's gonna find
an exploit in the version I'm
using, and then try to exploit me.
Okay.
But the flip side of that is it also
tells people, if we had
software bill of materials, if every
piece of software you
downloaded came with a machine readable
list of ingredients that
went into that software, then your
operating system could keep
track of all that and find like, oh,
OpenSSL version this, which
you have in this app, in this app, in
this app right now, is been
compromised, which means those apps
are then compromised, you
should stop using them, or update
those apps right away.
It would give us that transparency
and that visibility that will
allow us to react to those things.
So I think, yeah, you could look at it,
it's just kind of like open
source software.
A lot of people say, well, if I show
you, if I open Kemono this
whole thing, you're gonna know
how to exploit me.
Okay, but the upshot, when you look
at net net, it's better for
everybody, if people have had a chance
to review that stuff, and
now we've got tools that'll do it, like
Mythos, that will find bugs
in it, hopefully so you can fix them, as
opposed to just hoping that nobody
finds these bugs.
So yeah, that was software bill of
materials or S-bomb, which I
think is a fantastic idea,
but yeah, it has
not really, unfortunately
has not caught on.
Yeah.
Yeah, it's, oh, I was gonna say,
if you haven't, last week's episode,
I think we talked about this,
because cal.com went closed source.
Yeah, no, I heard that, yes,
I did listen to that.
Yeah, I was gonna say Discourse, which
is our forum software that
we use, their maker kind of issued a
very, very aggressive rebuttal
where they pointed out, kind of like
you're saying like, yeah,
okay, security through obscurity
might slow them
down a little bit, but probably
not that much, but
yeah, it's- Well, they also
got into the lighting.
Okay, good.
I was gonna say, like, you mentioned
earlier that like security
through obscurity isn't necessarily
bad, and I agree with you on
that, because to me, it's like, it
should be part of a defense in depth.
Like if you're only relying on security
through obscurity, that's
probably bad, but if you're layering
it with other things, like- Correct.
Like password logging, password
logins, right?
That's a really good example.
If your credentials, if you're not
using the same password, and
you're not using the same username on
every single website, that's
a little bit of security
through obscurity,
but then you layer it with
like two factors.
So probably not the best example.
(Laughs)
Yeah, so yeah, you definitely don't
wanna rely on security through
obscurity, but it's also another
layer that doesn't hurt you either.
I mean, you know, but where I take
exception to that is with open
source software.
I think it does help to have other eyes
on software, and now other
tools that can look at that software.
And I know you've mentioned this fact,
I think you mentioned it
maybe last week, where you said, you
said that just because it's
open source doesn't mean it's gotta
be more secure, but it gives
you the opportunity for other people
to look at it and perhaps find
bugs and get them fixed, which
is a good thing.
Yeah, that's my take at least.
(Laughs)
So this person did have a couple
other things they wanted us to look at.
Did you hear about how Firefox is
actually gonna start adding
built-in ad blocking?
No, I hadn't heard that one yet, huh.
Oh man, I'll have to go find you an
actual article because this
one, they just linked the
Mozilla Bugzilla,
like their little in-house
GitHub kind of thing.
I've seen at least one article write up
about it, but I'm not sure
how good it is.
But yeah, they're basically going to,
they're gonna be using Brave's ad block
implementation, which I believe
is written in Rust.
And again, I was traveling this week,
so I didn't really read it
that closely, but I think it is,
let me see if I can go find it here.
Yeah, they're gonna be using Brave's
ad block Rust engine.
And it's basically gonna be like a
little bit of a built-in ad
blocker, which I think is really cool.
How my YouTube reaction-- Because Brave's
built-in ad blockers,
because it's my secondary browser,
so I don't surf everywhere with it.
Is the built-in Brave stuff pretty
good for blocking ads?
I mean, I think it's pretty good.
Is it comparable to UBlock Origin?
I was gonna say, I think it's
honestly just like a copy
of UBlock Origin.
I think they make some changes
to it, but I
think it's largely based
on UBlock Origin,
or at least it uses a lot of the
same lists that UBlock Origin does.
So I don't know why they didn't just
go with that personally, but
yeah, it looks like this is a pretty...
Jonah says here that Brave's is a
little bit lighter weight.
So, okay, let's see.
Oh, this is a pretty short article.
Mozilla's bundling, pretty excited
to see them finally.
It landed in 149.
Oh, okay.
It's an experiment.
It's disabled by default, no
UI, no filter lists,
but looks like Waterfox rolls
it on, and then he
talks about how to enable it
in your about config.
So I might, if I remember, I will
try to add that to the show
notes, which means I might do it tomorrow
while I'm making clips of
these, but yeah, no.
I mean, I'm really excited about that
because I think personally that's been...
I have a lot of little nitpicky
complaints with Firefox,
and then I have a few that I think are
kind of bigger, I think this
is kind of somewhere in the middle is...
Okay, so actually, let me premise
this, or preface this.
So when I make shorts over
at the new oil,
I'll make shorts about ad
blocking, right?
And I'll tell people, I'm like,
download Brave.
And people get mad at me because they're
mad at the company behind
Brave, they're mad at the guy at the
top of Brave, which is fair, that's fine.
And they're like, well, you
should use Firefox.
And it's like, okay, but I'm
making a TikTok video.
And what are people more likely to do?
Download Brave versus download Firefox
and then install UBlock
Origin and then make these dozen
changes to bring it up to Brave's level.
Like Brave is just so set and forget,
and we have to make it easy for people.
And so I really appreciate that Firefox
is like doing that and
getting up to that level where it's like,
now it's becoming easier to recommend
that people just like go
download Brave or go download Firefox,
they're both equally good.
And I'm excited to see them getting
up to that level personally.
Okay, so I'll be flipping
that back at you.
So one of the reasons that I didn't
go to Brave and sometimes the
reason I don't tell people to use Brave,
as I recall back in the
day, and this may have changed, having
to like disable their bat
token thing and having to disable their
AI now and have it, which
by the way, Firefox, their new CEO is
like, we're all in on AI, I'm like, no.
Anyway,
so for me, it was like, okay, yeah,
Brave out of the box was
private, but then I'd also
have to tell people
to disable this, disable this,
turn this off.
So to me, it was kind of a wash.
And I mean, don't get me wrong, like
if you go to like privacy
guides, for example, if you go to our
website, we do have like a
recommendation, like you should
still tweak these things.
But I think, I kind of think for some
reason, most people just don't care.
Like again, when I look at my wife's
computer, she's got the bat
stuff turned on, she's got the sponsored
images turned on.
Like I think,
and for the record, I'm not saying this
in praise of them because I'm with you.
I kind of wish that stuff wasn't there
or at least I wish it was
off by default because I'm pretty sure
the crypto people are smart
enough to go looking through the
settings and know how to turn things on.
Which by the way, Joni just said,
that's the point of the new Brave Origin.
Yeah, true, good point.
And actually on that note, Cass here
said, maybe Firefox should
sell a $60 alternative for
the app in default.
You know what, I'd pay for that.
I'm not even gonna lie, I
would pay for that.
And it would be a sustainable business
model, unlike just buying
random extensions nobody's ever heard of.
And then killing the ones that
people actually liked.
You mentioned Pocket before
we started recording.
That was like the one time Mozilla killed
something and everybody
on my Mastodon timeline was like,
dude, what the heck?
Yeah.
Anyways.
But no, I think it's, for better
or worse, I think Brave has
designed those features in a way where
they're not really intrusive
to the average person.
So I don't know, it's, at
least I've never
heard anybody complain about
it, but I agree.
It would be nice if they turned it off,
but I think it's still just
an easier sell to tell people like,
go use Brave, that's one step,
versus go use Firefox, but also you
need to make some changes, so.
I will give Brave some credit
in trying to
find a different way to monetize
the internet.
Because it seems like, you know, micro
payments was gonna save us at one point.
Like, okay, we're gonna
do micro payments.
And then there was this push for a
little while of, let us mine
Bitcoin while you're on our page.
And it's all running in the browser,
it's all contained, but you
know, hey, while you're on our site,
there's this little thing
running in the background that's
trying to mine Bitcoin.
I thought those were at
least interesting.
Because ads, ad-based internet is what's
causing all of these problems
in the first place.
We've got to find some other
way to monetize
the internet that's kind
of free-ish, right?
That people don't have to necessarily,
I don't know.
So I give them credit for trying
to come up with some way to do that.
I just don't like what they chose.
No, and I agree with you.
And I find myself doing that too.
Like lately I've really been
thinking a lot about,
I'll be honest, I just think a lot
about diet and finances and stuff.
And I'm like, man, why am
I willing to buy,
especially with inflation and everything,
like a soda is like $3
now, and it's gone in like an hour, but
I'm not willing to pay like
five bucks a month for some kind
of membership or something.
And it's just, it's so weird.
Like marketing's got us all
messed up, man.
(Laughing)
I don't know what the solution is.
Because then on the other hand, there's
certain things where I'll
admit, like there's certain YouTube
channels I watch where I'm
like, I like this channel, but quite
frankly, I don't get enough
value to pay for it.
If it went paid tomorrow, I would
just stop watching.
But then, there's other things
that it's like,
yeah, but I do get a lot of
value out of this.
Like why am I not paying for it?
I don't know, it's weird.
It's weird what's happened to us.
But sustainability is an issue
for everybody, I think.
The last one we had here is they were
asking if we had any thoughts
on the way that Signal handles
edited messages.
So I don't know if you've noticed,
but basically when you edit a
message on Signal, I guess people
can see the changes that you made.
Oh, I actually had not noticed that.
I don't know if I've noticed
that before or not.
I personally think that's perfect.
In fact, I've argued for that on social
media, especially the damn
sites that don't let you
edit your messages.
Oh my God, that drives me nuts.
Let me edit it and fine,
keep the original.
I'm actually okay with that.
So that people can see if you've
altered something.
I think that, especially on social
media, perhaps, you could say
maybe for public figures, but whatever,
everybody fine.
I think that solves the problem
with the editing thing.
Edit it and just let people
see your past edits.
And I think that preserves
the, what's the
something trail, the audit trail
or the log trail.
I'm okay with that.
Do you have an opinion?
Do you do not think that's cool to
be able to go back and see,
because when I edit something, usually
it's a typo or I want to
expand on something or realize that
something I said was ambiguous.
So I want to add a little
notes like this.
Here's the context that is
missing from this
that so you can understand
what I'm saying.
That's usually why I would edit
a message on Signal.
Do you have a problem, what do you think,
with showing that it's?
No, I mean, me personally,
no, because I'm
kind of in the same boat as
you, where I feel bad.
I try to reread my, especially longer
messages, because like I
said, I am pro at typos or just
forgetting a whole word.
Usually it's a small word, like the,
or something like that.
But yeah, so a lot of the time
I'll send a message.
And then if it's a long one, I'm
like rereading it and I'm
constantly like, oh, go edit,
I miss that word.
Oh, go edit, I type of that.
Oh, shit, go edit again.
And I try to group them because otherwise
I feel like I'm just
gonna keep pinging the person every
time I edit it, which is annoying.
But I don't know, I think somebody
pointed out, like I hate to do
whataboutism, but somebody pointed out
that like, I feel like the
bigger concern here is, because basically
they were saying like,
what if basically you said something
you didn't want the other person to see?
Like maybe you sent the wrong message
to somebody or you like,
maybe you're having an argument,
you said something hurtful,
which-- Could you just delete
that though?
I mean, delete, just delete.
Well, so for the record, that's my bigger
concern is because I've, I struggle
with depression.
I'm pretty open about that.
And every once in a while
when I'm depressed,
I'll say something to somebody, like not
anything hurtful, but like I
struggle to reach out.
I'm trying to figure out
how to word this.
But then sometimes I'll doubt myself.
Like I'll send somebody a message and
then my brain is just like,
man, just like, don't bother
them with your crap.
And so I'll delete it.
And I've actually had times
where people were
like, like, hold on, I saw
you deleted that.
I saw the message preview, like,
let's talk about this.
And I'm just like, oh my God, dude.
And you know, like that one's
kind of relevant.
And that one's a good one, right?
Like people are trying to like
help me out and be there.
But like, that's the bigger
concern to me.
And I know this is again, this is kind
of like what about is, but
like most people have notifications
turned on and the previews are turned on.
So what happens when you
delete the message,
the preview doesn't go away,
it's still there.
So I don't know, to me, that would be
the bigger concern is like,
they're still probably gonna see
that preview even if you delete it.
Cause otherwise, yeah, I'm with you.
Like that would be the easy workaround is
just delete it and redraft it completely.
So yeah, I don't know if this is, I guess
that's what I'm trying to
say is, I don't know if this
is the bigger concern.
I think the bigger concern
would be the message
previews that most people likely
have enabled, but.
I thought it was interesting that we
talked a little bit about the
signal thing where they figured out how
to, I mean, this was as far
as I was in a bug in iOS, which by
the way, they just fixed,
where they got into the signal messages
to somebody because the
notifications, there was a whole database
for the notifications.
And if you have those set to show in
your lock screen or certain situations,
they will get put in this database.
Even if you delete the app, which
was the big thing.
So I think what Apple finally fixes,
if you delete the app, it goes
to this database and also deletes the
history of notifications.
But, you know, I don't know.
I guess delete should be delete.
I think that's, to me, that
would be the solution.
So delete is delete.
So if I delete, it deletes it from all
this memory that should not
show up anywhere.
If they happen to see it,
I can't stop them.
But if they hadn't seen it
yet, I delete it.
I think it should just be gone
from their phone.
I think that's the delete angle and
hopefully that would cover most cases.
But I think otherwise edits, sure, I'm
fine retaining the edit history, I think.
And I wish that, like I said, I wish
that that's how they would
solve edits on social media
as well, because I
hate the fact that I will do
this all the time.
I'll put a notice on Twitter.
I don't wanna get an eight-mail.
I don't like, but I gotta be there
because that's where a lot of people are.
So anyway, otherwise I don't
like Twitter.
We have a Twitter too.
Yeah, it's the curse of being a
public figure, I guess.
So I post on Twitter, and
you can't change it.
And so I have to delete it.
And it very, by the time I'm posting
on the third, I'm copy and
pasting to the third thing, I've done
Mastodon and Blue Sky, and
I'm like, "Oh crap, there's a typo."
And I go back and fix Mastodon.
I can't fix Blue Sky, I can't fix
Twitter, and I gotta delete and re-add.
And of course, by then, someone's
already liked
it, and I've just lost, anyway,
drives me nuts.
How long has Twitter been around now?
And I swear to God, back when I used
to use Twitter, back in like
2012, people were asking for that.
And why, is there a reason why
they don't have it?
I don't get it.
Like, what's the reasoning?
I honestly don't know, I
couldn't tell you.
I don't know if there's some
kind of technical.
Well, I know, okay, so I know on Reddit,
when you make a post, you
can edit it within the first, I think
like five minutes, because
Reddit has a huge problem, or at least
had, I don't know if they
still do, but they used to have a huge
problem with like people
would go in, and they would make a
comment, and it would get like a
lot of upvotes or whatever, it
would get visibility.
And then they would go in and like edit
the comment and make it say
something completely different, like
sometimes something borderline
offensive or crazy, or like they would
like make it seem like the
person responding to them was
saying something crazy.
And I don't think Reddit lets you see
the post history, but there
is a little star, and that means it's
been edited after that little
five minutes.
So they give you like a little window
where like, if you're like me
and you're like, oops, I forgot a word,
like you can go edit it and
star is not there.
Yeah, that's not a bad compromise.
But yeah, if you come back an hour later.
But I do think if you edit it,
it should wipe all likes.
I mean, it should start over, because
for that exact problem,
because yeah, I don't want to put
up something like, I love
puppies, and everyone says, yeah, thumbs
up, and it's like, and also I'm Hitler.
And you said that later, right?
Yeah, that's the kind of thing people
were doing, I think.
Yeah, I mean, Anonymous here
is a good point.
Like they should make it, if you disable
edit history for yourself,
you can't see others edit history,
which I mean, Signal already
does that for like Red Receipt stories.
Like I do have stories enabled, but
I don't have view history.
So I can't see who sees my stories,
and they can't see when I like
there, it's, you know, it goes both ways.
So I mean, that seems like a good
compromise, but I don't know.
Yeah, interesting stuff.
Interesting fun things to
talk about, but.
Totally agree.
I think that was actually
all our questions.
It looks like all the other posts
were people discussing the brave thing.
And man, this was such a very
contentious topic.
People have, which I mean, I'm not
saying that's a bad thing.
Did they cover anything that
we didn't cover?
Are there any angles to this?
I don't think so.
They're just kind of explaining,
I think, let's see here.
They're talking about what
counts as a license.
Like if you install, if you reinstall
your operating system, does
that count as one of the 10 activations?
How do you get activations back?
So if I go through 10 devices
when I buy that
11th device, how can I get my
10 activations back?
So yeah, I don't know.
Oh, can I throw out one more story?
I've got one more story.
Sure, I love stories.
This goes back to the AI coding stuff.
If you can't tell, I'm kind of
fixated on this lately.
So do you remember, did you ever watch
"Halt and Catch Fire"?
No, but it's, I've heard of it, or I've
heard the phrase at least.
The first season satirized a thing
that actually happened.
And that was back in the day in the,
I guess in the 80s when IBM
had a proprietary BIOS for their PCs.
And of course, and they wouldn't, you
have to license or sell it or whatever.
Somebody figured out, hey, I got to take
a group of engineers and I
got to say, go dig through this BIOS
and figure out what it does.
I want you to look deep into it.
If you can find the code, find the
code, but give me a spec.
Tell me what this BIOS does
and describe it.
And then, okay, give that to me.
And then what they did is they hired
a whole separate set of
engineers and said, here's
your spec, make this.
So what they called, that's
called a clean room.
And basically what they did to get
around the copyright and the
licensing was they reverse engineered it.
And they had one group reverse, they
had one group actually pick it
all apart as a black box and come up
with all the specs for it and
hand that to another group of engineers
who'd never seen the code,
never worked with it to create a
complete copy that works just like it.
And so that's how they got around
this thing, they reverse engineered.
Somebody has come up with, and they said
this was supposed to be satire,
but it works.
They've come up with an AI tool that
will take a code, you give it any code.
I think it mostly works on
open source code,
but you could, by the way, you could
decompile binaries from
regular code and still get the code.
So even a side open source, you can
still kind of get to it.
He created a tool that takes one set
of AI agents and picks apart
the software, learns it, writes a spec,
figures out what it does
and comes up with a spec for
what that tool does.
And then takes the spec to a different
set of AI agents.
So this is all automated, this
is a single click.
Takes another set of agents.
I think I know where you're
going with this.
Writes the software based on that.
And then, and the reason, one of the
reasons this guy did is like
we didn't like the LG LPL license that
came with the original code,
which means I had a back contributor
or whatever.
I want to rewrite this with an MIT
license, which is much more permissive.
So I, they basically had AI,
two sets of AI agents
rewrite it so they could come, so
they could basically say, we
didn't look at the code when we did this.
That's the point of my mind.
I think I saw the headlines about
that one, but I haven't read the story.
Yeah, that's funny.
They're making like copyright free AI or
whatever because of that,
that's so funny.
People, I love the ingenuity of it.
I love it.
I'm tired of it.
Yeah.
All right.
I think we're gonna call it here
for this week though.
Thank you everybody who joined us.
All the updates from this episode
will be shared on the blog every week.
So if you are a regular listener, sign
up for the newsletter or
subscribe with your favorite RSS reader
if you want to stay tuned.
I'm still letting people know.
If you didn't know, we send the newsletter
out as soon as the show
starts at five, well, five Eastern time.
And if you are subscribed,
you'll get that.
And that'll be kind of your
reminder that, hey, the show is starting.
For people who prefer audio, we have a
podcast available on all
podcast platforms.
And again, on RSS and this video
will be synced to PeerTube.
We want to thank Kerry again for
coming on and being a guest this week.
And I'm gonna let him tell you guys a
little bit more about his
show and his book.
Yeah, just a couple more things.
So this has been a, this is gonna
be a big year for me.
It already has kind of been a big year.
So this is the ninth year I've
been doing my podcast.
I'm on episode, I don't know,
what am I on?
477.
I've done a podcast every week
for 400 seven times.
The book is actually about a year
or two older than that.
And both of those things are got
big things this year.
So as you could tell by
the numbering, I'm
gonna be hitting 500 in September,
episode 500.
That's gonna be a really big deal.
And so in years past, so the funny story,
in years past I tried to
get, you know, when I was in my tens
of episodes, I kept reaching
out to Bruce Schneier, who's a
cryptographer and well-known
security guy.
And I kept reaching out to
Bruce and he was nice
enough to respond, but he always
said he was busy.
I like, I want you to get on my show.
I want you to interview.
And finally, I was like, okay, the 100th
episode was coming up and
I said, Bruce, look, I'm gonna
ask you one more time.
I promise I will stop bugging you, but
this is the 100th episode.
I'd really like to make it special.
I'd like to have you do, I guess
I'm on the 100th episode.
He's like, you know what?
I'll do it.
So I got Bruce Schneier for the 100th.
I was super proud of that.
And then I think at the end
of that episode, I
jokingly said, well, I'll
see you at the 200.
Like, all right, I'll see you then.
I'm like, okay.
So I got him for the 200.
I got him for the 300.
So he's been my pod centennial guy.
So naturally I'm gonna be talking
to Bruce to come back, but I
really want to try to get some big names.
I'm gonna do multiple big episodes.
So anyway, we'll see if I can pull that
off, but I'm gonna try to
do big things to separate and not
just for the podcast.
I'm gonna do some fun things for that.
So be on look up for that.
Also, I just am about, I'm this close
to, I've got the contract in my hand.
I haven't signed it yet for the
sixth edition of my book.
So I wrote my book 10 years ago and
I've done multiple editions
because my book has got a bunch
of screenshots.
And so those get stale.
Like, I think two years later, I need to
unfortunately do the whole book
and it's getting big.
And the screenshots are like
40% of the content.
So anyway, I'm due for a sixth edition.
And I think what I'm gonna do this
time around is a little bit different.
I'll make it smaller.
I'll make it cheaper.
Yeah, there you go.
Sucker is 600 pages, no lie.
It is, it's big.
It's honestly, it's gotten too big.
So what I'm gonna do is I'm going to
split out the really volatile
parts and make that a free
downloadable PDF.
So that I can update whenever I want as
needed and not have to redo
the book every time.
So I'm gonna try to write a sixth
edition of this book.
And I'm about to sign the
contract to do that.
So it should be out hopefully
by this fall.
It's gonna be thinner, it's
gonna be cheaper.
And then all the PDF, all the
downloadable PDF for all the
really volatile stuff.
So anyway, the book could just hopefully
stand on its own for a while after that.
So I'm also hoping to do that
around September.
So they're all gonna, all
this stuff is gonna
kind of hopefully come together
in September.
Awesome, can't wait.
All righty.
As for privacy guides, we are an impartial
nonprofit organization
that is focused on building a strong
privacy advocacy community and
delivering the best digital privacy and
consumer technology rights advice
on the internet.
If you want to support our mission, then
you can make a donation on
our website, privacyguides.org
slash donate.
You could also click the red heart icon
in the top right corner of the website.
I think it's visible on like any page.
You can contribute using standard fiat
currency via debit or credit
card, or you can donate anonymously using
Monero or with your favorite
cryptocurrency.
Becoming a paid member unlocks exclusive
perks like early access to
videos, priority during the
live stream Q&A.
You'll also get a cool badge
on your profile in
the forum where Kerry is a
regular participant.
I see your name pop up quite a lot.
And you'll get the warm fuzzy
feeling of supporting independent media.
So thank you all for watching and
we'll be back next week.
(Upbeat Music)
Creators and Guests
