Apple's Lockdown Mode Blocked the FBI?

Welcome back to This Week in Privacy,

our weekly series where we discuss the latest updates with what we're working on within the Privacy Guides community and this week's top stories in the data privacy and cybersecurity space, including how lockdown mode thwarted forensics tools, Windows reconsidering their AI tools, and more. I am Nate, and joining me this week is Jordan. How are you doing, Jordan? I'm good, thanks. Happy to be here again, returning on the podcast. It's good to be back. Yeah, it's been a minute.

Glad to have you back. It's exciting. Yes, a very exciting week this week. Indeed. Real quick, for those who don't know, Privacy Guides is a nonprofit which researches and shares privacy-related information and facilitates a community on our forum and matrix where people can ask questions and get advice about staying private online and preserving their digital rights.

This week, we are jumping straight into the news and we're jumping straight in with a story about how the FBI could not get into a Washington Post reporter's phone because of lockdown mode. Um, so this story is admittedly not super, super detailed. Um, I mean, I guess it's about as detailed as one would expect, but, uh, let's see, where's, oh, my screen popped off the stage. Sorry about that. Y'all let me go ahead and add that back real quick. Uh, shoot. Hold on.

I think I'm hitting the wrong button twice. Yeah. Okay. There we go. Got it. Okay. So this story comes from four Oh four media. Let me scroll up to the top here. And, um, You know, the title, like I said, the title really says it all. So the FBI did have a warrant. That's a nice change of pace here. The FBI had a warrant and they went to a Washington Post reporter's home and seized a bunch of devices.

And specifically, they say that when they plugged in the iPhone to their forensics tool to try and extract information, they couldn't. There's some interesting stuff here that we talked about behind the scenes this week and we were trying to figure out. They said there was a notification on the device's home screen that specifically said it's in lockdown mode.

And those of us here at Privacy Guides that have iPhones, we were kind of playing around with it and turning on lockdown mode and plugging it in and trying to like, can we recreate this? Because I've never heard of that. And as far as I know, none of us were able to recreate that. So we think this may have been a... This may be or I think this may be like something specific to that tool.

Like maybe when you plug this thing into the forensics tool, it pops up and like, oh, lockdown mode is enabled or something. But yeah. And then here's like a little screenshot for video viewers. Here's a little screenshot of the warrant that or the court record that says that they were unable to get it. So. I guess just to kind of round out this story, there is kind of some bad news, which is that they were still able to get the information because they had the reporter access her MacBook.

And specifically... This is interesting. They told her to use Touch ID. They asked her for a Touch ID or a password, which, for the record, I have it on good authority from a lawyer. You don't ever have to hand over your password. That is a violation of, I believe, the First and Fifth Amendment here in the U.S., But Touch ID, they can do. They can make you unlock the device or enter biometrics. You just never have to specifically hand over your password.

She said that she does not use biometrics, but investigators told her to try anyways. And they say when she applied her index finger to the fingerprint reader, the laptop unlocked. And then they were able to, excuse me, it says they have not yet obtained a full image. But they did take photos and audio recordings of conversations stored in Signal. So a lot of lessons to learn here.

And I do wonder, not to be a judge or anything, but that's really not going to go over well that she's like, oh, I don't use biometrics. They're like, we'll do it anyways. And then it worked. So, you know, is that going to be like, who's that New York mayor that was like, oh, I lost my phone. And it's like, yeah, sure you did, buddy. Anyways. So this is a man. There's so many things to take away from this story.

First of all, I guess to address the I don't want to say elephant in the room, but to address the headline, these stories are useful because iPhone is closed source, right? And I think it's really cool to get this kind of insight and confirmation that things like lockdown mode do work and they do provide that benefit that we're trusting them to provide. And I know that in a perfect world we would use something open source, but I don't know.

The point I'm getting at is regardless, it's still good to know that these things work, and it's good to have this kind of third-party confirmation, even if it's kind of unfortunate that it has to come that way. And the other thing that really jumped out at me is, like I said at the end there, they were still able to access Signal because her device was unlocked.

And I think that's a really important thing to talk about because a lot of the time we see this – abused in the news or twisted in the news where they're like, oh, my God, they access this person's signal. And it's like, well, yeah, if the device is unlocked, of course they did. So these tools, all tools have limitations, right? There is no perfect tool out there. But it's important that we take it. First of all, it's important that we know that.

So if you send anything, you know, I've said in the past on other recordings that anything you put in a digital format, you should be prepared for the possibility that It may end up in a data breach or something like that. So keep that in mind. But also, it's important to enable things like disappearing messages to keep in mind that there's only so much we can do from the endpoint itself. So I think those were kind of my takeaways from this story.

Jordan, did you have an opportunity to read this story? And did you have any thoughts on it? Yes, definitely. Uh, it's good coverage there from, uh, from you just there.

But I think that, uh, one thing that was quite interesting about this story is, um, the, uh, four or four media article kind of goes into, uh, some, some more detail about the reason why, like, I think we should talk a little bit about why lockdown mode is kind of able to thought these sort of, uh, police forensic tools, um, And one of the most important things that the lockdown mode actually does is it disables the device connections.

So if you connect your iPhone or iPad to a computer, the device needs to be unlocked. So without lockdown mode enabled, sometimes it can actually automatically connect to a computer without explicit approval. So... that can allow mobile forensic tools like GreyKey and Cellebrite, which is like the common police forensic tools to basically be able to extract information from the device.

And we've seen this as well with Graphene OS, they have a similar setting in the settings where you can control the USB connection and allow, you know, change the options that are required if you connect the device to another computer, right? And as you can see on the screen, Nate's brought this up here. It's the Apple support page about like the specifics of lockdown mode.

And another thing that these forensic tools do is they often utilize vulnerabilities in, you know, software and hardware and with lockdown mode enabled it kind of protects you in on both fronts right because it stops the device connections which can sometimes be uh exploited with vulnerabilities and also it disables a lot of these you know quality of life features but ones that are often used in exploits and vulnerabilities such as like you know complex web browsing uh

um like tools are disabled in this case it says certain complex web technologies are blocked which might cause some websites to load more slowly or operate uh correctly so you know as well as you know some it disables some of the apple services as well so i think this is quite an interesting story to see that uh lockdown mode actually did provide quite a benefit to someone, especially in like quite a vulnerable position.

It's good to always see that this tool that Apple has put out is actually helping journalists in the field. But it is another thing that's kind of a bit of an unfortunate thing with this case that Nate kind of talked about was that they were kind of able to bypass the entire process because she had her MacBook with a Touch ID. And I think it'd be really good if you could, Nate, if you could elaborate a little bit. You said there was laws around the First and Fifth Amendment.

Could you maybe go into what exactly that means and why Touch ID can kind of bypass that? Yeah. Yeah. Real quick. Thank you for mentioning graphene because officially privacy guides are our top recommendation for a phone will always be a graphene phone because it really does have the best privacy, the best security. But there's lots of reasons people may want to use an iPhone. Like there are some countries where pixels are not available and things like that.

But yeah, graphene has some very granular controls over the USB port. uh, port, but yeah, the, so the first and fifth amendment here in the U S, um, the first, the first ten, I believe it is. It's been a while since I was in school. Um, the first ten amendments in the U S constitution are called the bill of rights. And they were, I think the first ten that like existed when the country, when the U S was founded.

And, uh, The first specifically is – I mean a lot of them have multiple parts, but the first mostly pertains to freedom of speech. The government is not allowed to infringe on your freedom of speech or your freedom of expression, your freedom to lobby the government for complaints, things like that. And then the Fifth Amendment is the one that protects against self-incrimination.

So for example, if any of you have ever watched a cop show that's set here in the US, which I'm sure is most of them, the Fifth Amendment is the one that when people say, I plead the Fifth, I'm not going to talk. What's the word? I invoke my right against self-incrimination, whatever. There's a million ways to put it.

But basically the reason that this passwords and stuff like that fall under this is because first of all, they can't force you to give up your password because that one, and that's the one I'm not sure of, but I feel like I read this somewhere that would fall under free speech.

Like they're kind of forcing you what to say, but it definitely falls under the fifth amendment because you have a right, whether you're guilty or innocent, you have a right to not give, incriminate yourself um that's kind of the way the u.s justice system the u.s justice system is supposed to work is it's supposed to be that and i don't want to get too far off topic but on paper the way it's supposed to work is that the defense is supposed to prove that you are not guilty no matter what and

the prosecution is supposed to find the truth whether that's you're guilty or you're not um which is a subtle but distinct thing anyways so yeah there's this protection against Admitting and confessing if you don't want to. I mean, obviously, if you want to confess, you can confess. Nobody's going to stop you. But yeah, so it falls under that because giving up your passwords could incriminate you. And therefore, you are not required to do it. But like you said, there's workarounds.

Biometrics... I want to say is a gray area. I could be wrong about that because, well, real quick, let me say I know for sure that you can be ordered to unlock a device, whether that's putting in the password and then handing it over, scanning your fingerprint, whatever. That is something the court can force you to do.

Biometrics, I've heard conflicting reports, and a lot of these – we talked about this last year with the person who was charged for wiping their phone, which was also a four-oh-four story. Phones and biometrics and things are really in a gray area right now legally in the US because some courts have ruled that you need a warrant to search phones, and other courts have ruled, no, you don't.

And they're kind of at odds, and we're kind of waiting for the Supreme Court to weigh in and settle the matter once and for all. And yeah, biometrics kind of fall under that category of even if you do need a warrant or whatever, it would still be something that they can force you to unlock the device because it doesn't really fall under those those same purviews of like against self-incrimination and stuff. It's. Yeah, it's a fun gray area right now in the US. Right, yeah.

It is kind of, it's definitely tricky, especially for me as someone who's outside the US seeing what's going on. It is kind of hard to follow some discussions around it. So it's good that you kind of explained the situation.

But I think another important thing about this story that you kind of touched on a little bit when you were doing the initial coverage here was that when they were able to unlock the device, the MacBook in this case, there was actually a signal application on the MacBook and they were able to take evidence from that signal application on that MacBook.

And I think that's like a really important thing that we need to discuss because I think people need to be careful about using Signal desktop applications because of this instance, right? Desktop computers have less security protections than a mobile device. And in this case, it's... less of a security issue, more of just like an unfortunate circumstance where someone had biometrics enabled, but it does kind of show that, you know, your security is only as secure as your weakest link, right?

As soon as you have one link that breaks your entire signal history is going to be available to whoever's trying to attack the device. So I thought that was quite an interesting part of the story actually. Yeah, definitely. It's... Yeah, and it's... You're definitely a hundred percent right. Like I heard... I forget who it was, but somebody on Firewall's Don't Stop Dragons was talking about...

Phones are almost like, from a security perspective, it's almost like we took all the lessons that we learned from computers and integrated them into smartphones. So smartphones are, for example, smartphones rarely have their updates mess up. I'm going to take a fun little pot shot at Windows here.

When I bought my first Windows eight computer... brand new fresh out of the box i opened it i booted it up and it failed to install and had to reboot and it got it on the second try but uh i've never seen anything like that happen with a phone right like phones almost never don't update and they have significantly better security all around um you know they they have better sandboxing and all kinds of stuff i'm not really an expert on phones but i know they're significantly more secure but even

so yeah i think i think the I think it just kind of goes back to not just the security, because there's so many aspects of it. That certainly is a good point, that desktop devices are generally less secure, but also just being mindful of you know, backups, right? Like backups are a good thing to have, especially in the privacy community. We're really big fans of not using the cloud, generally speaking. And it's like, okay, that's great.

But what happens if, you know, there's a house fire or you're, you know, there's a flood or anything. What happens if you get robbed? You know, especially like I need to buy a new one. I used to have a little external portable hard drive that was my backup drive. And the first thing I did was encrypt it because I knew I'm like, if somebody breaks in, they can grab that right off the desk and go. Like there's no friction to stealing that at all.

So yeah, just keeping in mind every, again, all the end points. And we talk about that, I think in the privacy community, we think about that a lot in terms of, the far end, like I see a lot of people who criticize encrypted email because they're like, oh, most people don't use encrypted email. So, you know, it might be encrypted while it's in your inbox, but it's still unencrypted in their inbox. And which is a valid but different argument.

But the point is, like, we don't always think about it in the context of, OK, but now there's a second copy of your data on your end of things sitting on that external hard drive on the desk or sitting on that computer desk. you know, synced up through Signal or whatever that's less secure. Or, you know, some people run a NAS and they use, what is it, like SyncThing to sync their data.

And it's like, okay, now you've got this constantly running, twenty-four-seven device sitting in the corner that's syncing all your calendar, your contacts, your data. So, yeah, it's really important to, when you do that threat modeling and you start building your your security posture, I guess we'll call it. It's important to have that moment where you stop and think about every step of the chain. You know, what happens if this gets compromised?

If this threat happens, break-in, flood, you know, it's, yeah. I mean, it's really important to think about that whole picture and not just think like, okay, I'm using Signal, I'm good. Yeah, definitely. Your security needs to be like... very, your plan needs to be very clear and multi-layered.

But I think another thing that's also kind of important in this story is the person that had the iPhone seized, it was actually only an iPhone XIII, which isn't, you know, one of the latest generations of iPhones that has more of those hardware security features like the iPhone XII, which has mte memory tagging enforcement so it's interesting that even an iphone with lockdown mode enabled was able to block these sort of forensic tools um which i think kind of shows the power of this

of lockdown mode itself actually um because you would expect an older device is probably more likely to be exploited because of its age, right? Through hardware vulnerabilities and stuff like that. And because it doesn't have that updated hardware, it's kind of surprising. So that was another thing that was quite surprising to me in this story. Yeah, I think I missed that part. Thank you for bringing that up. I did see people mention that.

Now that you mentioned it, I saw people talking about an iPhone XIII with lockdown mode, but for some reason, my brain didn't make the connection. Obviously, we're always going to encourage people to do the best they can and use the latest devices and the best security measures, but I think that also I would like to use that as an opportunity to remind people that there's a lot of factors that go into security.

Cause I know there's some people that maybe can't afford like a brand new device or, uh, you know, for a lot of reasons, like environmentalism, like I don't want to throw out this perfectly good iPhone. Um, I don't know if the iPhone is still getting updates, but I assume so if, if lockdown would work, but, uh, you know, my point being like, I'm one of those people, like I have a pixel six a, and I plan on using it probably until next year when it stops getting updates.

And you know, it's, when that happens, I want to get the latest pixel so I can get all these nice hardware features. But I think that's just what I'm getting at is that's, that's part of threat modeling as well is like, will this meet my needs? Will it is, is this, am I doing enough to protect myself? And I think sometimes we can feel like we always have to do more because privacy, there's always more to do in privacy.

There's, there's always new, new tools, new ways to improve your privacy and, unfortunately, new threats popping up. But you know, that's, that's one of the reasons that we do threat modeling is to try and make sure that we are hitting those goals, we are doing what we need to to protect our data. And Yeah, I guess what I'm getting at is as long as you're fulfilling your threat model, it's okay to give yourself some grace if you're not going as hardcore as you would like to.

Keep going, keep trying to get there, but as long as you are meeting your threat model. And that doesn't necessarily mean you have to run out and buy the latest thing because now it's got this new hardware feature, but try to if you can. Again, I want to reiterate that, but this is why threat modeling works.

Exactly, yeah. And on the topic of protecting your data, let's head into this new story here. And this is Notepad++ update feature hijacked by Chinese state hackers for months. So Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year. The developer states in an official announcement today. So that's quoting from the bleeping computer article here.

A statement from the hosting provider for the update feature explains that the logs indicate that the hacker compromised the server with Notepad++ update application. External security experts helping with the investigation found that the attack started in June of twenty twenty five.

So I guess for anyone who's not on the who doesn't use Windows, Notepad++ is basically an advanced version of Notepad that has a lot of the features that you would expect in, you know, advanced note-taking applications like syntax highlighting and such, so it definitely builds upon the Notepad like piece of software that's available in windows. It's basically like a fully featured alternative to that. And it's actually extremely popular.

So that's why it's extremely concerning that the update feature has been hijacked by Chinese state hackers. And just quoting from the article again here, the attackers specifically targeted notepad++ domains with the goal of exploiting insufficient update verification controls that existed in older versions of notepad++.

So basically in December, Notepad++ released version eight point eight point nine, which addressed a security weakness in its Win GUP update tool after multiple researchers reported the updater would receive malicious packages instead of legitimate ones. And there was a great post on Mastodon that I saw by security researcher Kevin Beaumont, where he warned that at least three organizations were affected by these update hijacks.

which were followed by hands-on reconnaissance activity on the network. So yeah, this is kind of a pretty concerning story, especially because it's such a popular piece of software. Like a lot of people on windows that are editing text files will be using this software. So it is kind of concerning, but just handing it off to you here, Nate, what are your thoughts so far? Yeah, I will admit, I use Notepad++ on Windows. So that was a fun headline to read.

I think I say this partially to make myself feel better. One thing to note in the article is it does mention that this attack was very targeted in that the attackers very likely only targeted specific users of Notepad++.

so probably hopefully not me but they could have just as easily targeted me right um and actually real quick on that note i think here at the bottom of this article yeah um there's some links they talk about this group called rapid seven that did research on this and they released an analysis a technical analysis of the malware and they do include um how to check and see if you were compromised i i believe they concluded a What is it?

Caches of specific files, basically, that you can check and see if you have the right file or a compromised file. So if you are worried that you may be impacted by this, first of all, go ahead and update to the latest one because hopefully that should fix it and close off access. But also you can double check that to see. But yeah, it's really not a good feeling. And it's really unfortunate because...

Notepad++ kind of checks all the boxes that we would normally advertise for a good privacy tool, right? I mean, it's open source. As far as I know, it's offline. I'm sure it pings for updates and stuff, but it's not a cloud-based notepad. It's... It's very actively maintained. The developer is very active. But it just... This happened. And it's really frustrating because I was sitting here when I was reading this story and I was taking notes for the show.

I was thinking to myself, what's the lesson here? Because normally the lesson is try to stick to open source or try to make sure you only get it from official sources.

But when there's a supply chain attack like this, they're really... of just not what you can do i guess so yeah i don't know this this is a really unfortunate story i think my takeaway is and i know i already said this in the last story but just to to remember that um I mean, nothing is unhackable and it's important to be aware that anything you put in a digital format. And this is actually one of the things I like about notepad is you don't even have to save it.

Like I have literally like seven open notes that I haven't saved for weeks and I should really do something with them. But you know, that's one of the things is it'll like hold onto those notes, um, without having to save them. And so even if you don't save it, if it's any, any kind of a digital format, it's, it's at risk. And I hate to say that cause that feels like paranoia, but, um, Yeah, that's kind of, I don't know, is there any better lesson that you took away from this one or?

Yeah, I think this is kind of an unfortunate circumstance, right? But I think it does need to be said that, you know, open source tools are just as vulnerable to being exploited by these sort of things as closed source ones. You know, just because a tool is open source doesn't technically mean that this wouldn't have happened or this would have happened, right?

So I think that's one thing to consider, but I think when it comes to note taking tools and such, I think it's important to use tools that have been independently verified, right? So if a security researcher had done an audit on this piece of software, for example, I think it would have been pretty obvious that this was a mistake in the update process, right? Any security researcher that would have had an eye over this, would have noticed this.

So, you know, I think it's unfortunate, but I think there's things you can do to make sure that the software you're using isn't, uh, doesn't contain easily exploitable stuff like this. So, you know, with privacy guides, we, a lot of times we require independent verification by security researchers, um, or like a security firm, such as like cure or other ones. Um, so that is, that is something you can do to try and mitigate some of these concerns.

But in that case as well, it is, you know, Things get missed. Not every single piece of software is infallible. And I think, yeah, someone in the chat said, JS said a secure OS could help a lot. Yeah, exactly. So if you have an operating system that has more control over the sandboxing of applications, for example, I'm sure Nate would like to talk about cubes, but there's all sorts of things you can do on Mac OS and Windows even has some sandboxing capabilities.

So I think that is another important thing that people need to think about, right? Having adequate security protections and sandboxing and separating tasks into separate areas can definitely reduce the damage of an attack because in all circumstances, it's possible. Every piece of software can be exploited. So trying to reduce the damage that can happen is definitely a good step in the right direction.

Yeah, I'm glad you mentioned audits, because that did completely slip my mind, because audits are really good. And I do want to point out that audits, and you did kind of mention this, things can still slip through the cracks, because audits are a snapshot of code at a specific point in time. So it's entirely possible that Notepad++ could have been audited in June, or let's say May, And then this happened like the following month and there's really nothing to protect against that.

But another thing, another advantage of audits is that they tend to show that an organization is really serious about their security and securing their supply chain and stuff like that. And, um, Again, I want to point out like audits are also really expensive. So just because a company doesn't get an audit doesn't mean that they're not safe or they're not taking it seriously, especially if it's like a really hobbyist project.

Like I think notepad plus plus, if I remember correctly is donation only. So they probably don't have thousands of dollars to invite cure fifty three to come in and look at their code. But for those organizations that do have that kind of money, like Proton, Moldad, IVPN, I know there's plenty of others, but signal.

When they bring in auditors and have them look at their code and they have that kind of resource, it shows that, again, like you said, things can slip through the cracks, but it's a really good sign because it means that they probably have a culture of security and it's less likely for bad things to happen. So yeah, I'm glad you brought that up.

Um, and yeah, I mean, if you want, I will say cubes or, you know, there's, there's plenty of other ways to do this, but, uh, yeah, I, I am using cubes right now in front of me for those who didn't know. And, um, that is one of the things I like about it is the compartmentalization of, I literally have a cube for privacy guides. I have a cube for my personal stuff. I have a cube for banking.

And, uh, if, if one of my software was to become in, um, I don't know why my brain refused to pick a word there. If one software I use became compromised and impacted, it would limit the damage to that specific cube, which is still suck, but at least it would limit the damage, right? So yeah, compartmentalization and secure OSs and things like that really do go a long way. All righty.

Before we move on to the next story, we're going to pause here briefly to give an update of what's been going on behind the scenes at Privacy Guides. Um, so yeah, we're going to talk about Ram shortages affecting the raspberry PI, but first in case you guys didn't hear our smartphone security course is now open to the public or the first part of it is. So there's a, there's three parts technically kind of four, cause we have like a little intro video.

And then from there, it branches off into Android and iPhone, and there's a beginner and intermediate and an advanced level. The beginner level is now open to the public. I will let Jordan talk about the intermediate iOS video in a second. But yeah, the beginner video focuses, if you guys haven't seen it yet, I do think it's on PureTube now. I could be wrong about that, but I'm pretty sure it is.

The beginner video focuses on things that are really subtractive instead of additive to make your phone more secure. So things like removing apps you don't use, changing the settings and things like that. which I think should be doable for a lot of people because even simple things like downloading Signal or switching to Brave or Firefox, those are things that require people to take action, right? They require them to go download an app, sign up for an account, no matter how easy.

And I think some people... I think it's a mental block that some people have a hard time doing that. And so the beginner level is things that anybody can do anytime, right? Like you're laying on the couch, instead of doom scrolling, start deleting apps and stuff like that. So yeah, I'm really excited that that's out to the public now. And I will turn it over to Jordan real quick to give us some updates on any upcoming videos if you'd like to, or if you want to hold off on that. Yeah, thanks.

So I guess, yeah, like Nate said, we've got the intermediate smartphone security guides coming out soon, and we've already got the Android version done, and the iOS one is pretty close as well. So I'm hoping possibly early next week we can get that published for members. And if you're a member, you can get early access to videos, just a reminder.

And that was sort of covering, I guess I should say, this whole smartphone security course has been written by Nate and overall direction by Nate here, which I think he did a great job with. And I think it'll be really, really useful to people. We've already had the beginner ones released to the public, and we already had some really good feedback on those videos. And that's just the beginning.

So the intermediate ones dive more into things that, you know, are less to do with your device and more to do with the services that you use and the applications that you're utilizing. So for instance, you know, moving to encrypted email providers instead of using a plain text one like Gmail. I'm not going to give too much away just because I don't want to spoil the video. But we also do go into some of the things on Android, such as alternative app stores.

So if you're interested in that sort of thing, you're not all the way into the advanced area, definitely look out for those videos next week.

And we should have the advanced series coming out shortly after that as well because that's you know quite a bit shorter than the intermediate ones and Nate's kind of been on fire here he's been like writing so many videos up and sending the footage over to me so we've also got another video in the works which is the private messaging video which we're working on there's also I guess we haven't released have we released this yet We're also working on a video about private browsing.

I'm not sure if that's actually released yet. Is it, Nate? That's a good question. The wheels are turning. I know because you've sent me the preview versions, but I don't know if we've published those to members yet. We're going to have to follow up on that one. I don't think we have. All right, then. I guess members, be ready for that. That'll be coming out hopefully after the stream if we can line everything up. But that's also done.

So that was another video that Nate's scripted and put together the footage and recorded. And that was another really interesting video, I think, which is going to be useful for people to send to people that are stuck using Chrome or that have misconceptions about the private mode on Chrome because it's called incognito mode, but you're not really very incognito.

So I think that'll be an interesting video for some people to send to their relatives, family, friends, you know, get people moving off Chrome. I think it's one of the easiest things you can get people to switch, you know, instead of Chrome, use Firefox, you know, instead of using incognito mode, you could use more bad browser instead. And that's really a private way to browse the internet. So that's kind of what it's looking like. We've got that look out for the private messaging video.

That's what we'll be working on next week. And yeah, I guess I can throw it back to you, Nate. Is there any other things that we've been working on this week? I know we've got a few more news articles coming out this weekend. I, I tried really hard to, Throughout the week, I will collect news stories that I'm like, oh, this is important enough that I think we should write a brief about it, but it's not necessarily important enough to put in the podcast.

And I keep telling myself every day, I'm like, all right, just take, you know, ten minutes, twenty minutes, write up a little quick, short thing about this. And then for some reason, by the time I get done with my work for the day, I'm so tired. So my point being, I end up, like, stacking them all towards the end of the week, and I really shouldn't do that. But... Yeah, we do have a bunch of those coming out, maybe half a dozen or so.

And some of those are from me, some are from Freya, who's one of our regular writers. So I think that's about it. Yeah, and just to real quick, just to kind of address it, some of these videos we're putting out right now, I think are very entry level. And I think they're really good for sharing with your friends and family who maybe are not as excited about privacy as you are, or maybe... I don't know.

I think most of you guys probably do a really good job of like sharing the stuff with your friends and family, but I guess it's just something you can share with people. But the point I'm getting at is don't worry. We will still be doing plenty of like really advanced, uh, stuff in the future for, you know, whatever your tech level is.

So if, if you're thinking like, man, these are really entry level stuff, it's honestly, cause we kind of looked at our, our library of content and went, Oh, we haven't covered a lot of the really basic stuff. So that's kind of what we're doing. And, um, we're definitely going to get back into other stuff as we go. I think, um, probably sooner than later here, actually, probably after this next video, I would imagine we'll maybe looking to do in something a little bit more high level.

So Yeah, I think one other thing that I guess we can touch on now, which should be coming out at least I would say in the next month or so, we're working on another section of the website. So if anyone's... I think people should kind of get hyped for that. There's been a lot of work behind the scenes from Em who's been working a lot on a separate section. I don't think I'll go into too much detail about it here because...

There's, you know, it's still all being finalized, but it's definitely being worked on. And I think this is going to be kind of a pretty big year for privacy guides because we're expanding in so many exciting ways. So I'm really excited to see how that pans out. Yeah, definitely. Em has been super, super busy working on that. And I... I've seen the outlines of how that is going to be structured, but I haven't seen the... What I'm trying to get at is I'm excited to see it.

I think it's going to be awesome. I know she's been working really hard on it, and yeah, it's going to be great. One more thing real quick before we jump into the next story is JS left another comment here about private browsing. Said Brave has a pretty good strategy with having ad block included. Yeah, it's really...

Jonah and I touched on this in last week's episode, but... I think in my experience, one of the best ways to try and nudge people towards privacy tools is rather than focusing on the privacy and the security benefit, treat that as like a bonus and focus on how it makes their life easier.

Like I've had really good success with getting people to try password managers because I happen to be in the room when they're trying to log into something and they're like, oh my God, what was my password for this website again? And I'm just like, hey, you want to know how to never forget your password again? And I run into those people six months later and they're like, oh my God, this is amazing. How did I live without this? So yeah, definitely.

I've gotten people to switch to Brave doing that exact same thing. I saw two people in a Discord room I was in having a conversation where they're like, oh my God, the ads on this website are obnoxious. I'm like, have you tried it in Brave? And like, oh my God, Brave fixed it. This is awesome. So yeah, that is one thing Brave has going for it. But I know there's probably ways to recreate that in something like Firefox as well. So yeah, I just wanted to mention that.

Yeah, it's kind of surprising to see what people will put up with on the modern web, like full-page ads, auto-playing video ads. Like, oh my goodness, it's a wasteland out there. Dude, I had to turn it off on YouTube the other day for something. I can't remember what it was. Oh, it was our intro video. I wanted to make sure that the end cards were, you know, click here to go to Android, click here to go to iOS. Quick note for other Brave users. And I wasn't seeing the end cards.

And I'm like, did we not put end cards on there? And so I turned off my Brave Shields. I guess I had some optional thing turned on that got rid of the end cards. But while the Brave Shield was off, there was literally like a one minute pre-roll ad to start the video. There was an ad on the side. There was an ad below that. There was an ad at the bottom of the video. I'm just like, oh my God, how do people put up with this? It's so bad. Oh yeah.

So definitely, I don't know how people live like that.

Speaking of bad things, there is being an ongoing RAM crisis. And I don't know if you've seen that, but one of our previous team members, Kevin, he wrote an article about the whole RAM crisis that's going on. And unfortunately, that has now started to affect Raspberry Pi. So Raspberry Pis have received another price hike in the last two months. And basically, the more RAM the board has, the more its price is increasing.

So just quoting from this article here from Ars Technica, the ongoing AI-fueled shortages of memory and storage chips has hit RAM kits and SSDs for PC builders the fastest and hardest, meaning it's likely that for other products that use these chips, we'll be seeing price hikes for the entire rest of the year, if not longer.

And the latest price hike news comes courtesy of Raspberry Pi CEO Eben Upton, sorry if I said that wrong, who announced today that the company would be raising prices on most of its single board computers for the second time in two months. Prices are going up for all Raspberry Pi four and Raspberry Pi five boards with two gigabytes of or more of LPDDR four RAM, including the compute module four and five and the Raspberry Pi five hundred computer inside a keyboard.

And the two gigabyte boards pricing will go up by ten dollars. Four gigabyte boards will go up by fifteen dollars. Eight gigabyte boards will go up by thirty and sixteen gigabyte boards will increase by a whopping sixty dollars. So I'm kind of happy about this in a very selfish way. I actually bought a Raspberry Pi like two months ago before the price hike. So I'm kind of happy that I decided to finally replace mine. But what do you what do you think about this?

Yeah, I happen to have a couple of Raspberry Pis sitting around at home that I'm actually not using, and I'm trying to figure out what to do with them. And pardon my technical difficulties while I try to get my screen share back up here. But yeah, it's... I don't know. It's really a bummer because the whole selling point of the Raspberry Pi is that they're so cheap, right? And personal opinion, I think that's a... I think that's slightly misleading to say that they're so cheap because they do...

They're very cheap if you just want the board. But if you want the case that goes over it and stuff like that, I think it becomes a very different story at that point. I think the price does start to go up significantly. And maybe it's me because I have cats. And I'm like, the cat hair will get everywhere. It will absolutely get all over the board and everything. But either way, they're very inexpensive. And there's certainly... In my opinion, I don't think they make for good full computers.

It's not like, oh, I got this thirty dollar computer. They're still definitely. They're still definitely. They're made for very specific tasks, is what I'm trying to say. They're really popular, and this is why we're covering them. They're really popular in the privacy community for running like a single and single member Mastodon instance or like a simple next cloud instance or DNS, you know, to block ads and stuff at home. Um, ads and trackers and all kinds of stuff. And so this to me.

Sorry, I know I'm rambling a little bit, but this to me touches on a larger issue that I've been trying to figure out how to put into words and address for several years now, which is the idea of privacy as a privilege. Because it is really unfortunate when you have to pay for privacy. Like kind of going back to phones, right? We talk about something like Graphene OS. And Graphene OS is only available on a Pixel, which is a several hundred dollar phone. which is still cheaper than an iPhone.

But it's not a cheap phone. And again, certain areas can't get pixels. And so it's almost like you have to be privileged enough to have the money and live in the right area to get a graphene phone. And that's really unfortunate. But at the same time, things like Raspberry Pis, things like VPN servers, those things cost money. And you can't You can't pay the rent for your office by, I don't know, telling the landlord, how do you signal, right? That's just not how the world works.

So the point I'm getting at is it's really unfortunate to see this price go up on these very reasonably priced tools that are designed to help, or maybe they're not designed to, but they're very good for helping people reclaim control of their data. And it's really unfortunate to see that that barrier to entry go up, even if it's only a little bit. But at the same time, it's like, I don't know, some things just cost money. And that's an unfortunate reality of especially this situation right now.

So, yeah. I think this is just another good reason to really dislike AI. This is the reason why all of this stuff is becoming more expensive. There's all these AI CEOs, tech companies, they're buying up all the RAM, they're buying up all the SSDs for running AI models because they need all that memory to train and to run all these models, right? It's not... And I think we've kind of seen this for a while with Raspberry Pi. It's kind of been a continuing drama with Raspberry Pi.

They keep kind of, I don't know if you've noticed, but over the last couple of generations of Raspberry Pi, it's like they've been pushing the price up and up and up. And it's got to a point where, you know, I was looking at, like I had an original Raspberry Pi from like, like a Model B. And it finally died this year after. Fourteen years of dedicated service. So I had to replace it. Right. And there was nothing that was really the same price as what I'd paid for that original Raspberry Pi.

I think I only paid like twenty five dollars for that original Raspberry Pi. So I guess I could have bought like a Raspberry Pi like mini one. But, you know, I think it's. Still, I think it's a problem with affordability, right? And I think Raspberry Pi has kind of been becoming more and more unaffordable as time goes on. And I'm not sure if the pricing is justifiable, in my opinion. I think there's plenty of alternative options to Raspberry Pi.

Unfortunately, it does come with, you know, downsides such as software support not being as good and, you know, just general community support not being as good. But I think, you know, There's definitely, you know, bargains to be found like JS in the chat said, I bought a mini PC, sixteen gigabytes of RAM and one hundred Intel CPU for one hundred and sixty USD. Exactly. You know, I think that's oh, yeah. So they increased the price of that because of the RAM shortage.

I think also another another thing with with these buying new is kind of not always the best way to go. Right. there's plenty of used options for, you know, you don't need a Raspberry Pi to run a couple of small services. You could always get like a refurbished business computer, like a Dell Optiplex or, you know, these old retired business computers that they're selling for like absolutely nothing. Like you can basically get them for free.

They may not be as power efficient, but you're still getting the, ability to run those low powered services. So I think there is always an option. But I do think when it comes to the thing you said about privacy being a privilege, I think it's definitely a matter of perspective. I think people can still do quite a lot for their privacy. Like a lot of privacy tools are free, like ProtonMail, Tudor, that's all free. Like you don't actually need to pay.

Like you can still get away with having a free account. And I think it's important to have these free options, right? Where, you know, freemium model is really good in that circumstance, right? Like with Bitwarden, you can have a syncing vault with security and it's free for the most part. You miss out on some small features, but you're getting a lot of those features that are the most important for free.

And I think, you know, it is kind of unfortunate that there's things like hardware where it's a little bit more tricky with like, you know, like Nate said, there's Google pixels. They cost quite a lot of money depending on what country you're in.

And they can also kind of, uh, have you know problems with international uh shipping you know not every country has has pixels available um it's not a globally available uh device but you know I think a lot of people can also get a really good level of privacy just by, you know, deep loading their phone, switching the usage on their device, or, you know, instead maybe going for an iPhone, which is available in a lot of locations. So I think people don't have, you know, zero options.

But I do think if you do want that highest level of security and privacy, you definitely are going to need to shell out some money for the hardware. But I think when it comes to software, we have a lot of good free options. There's a bunch of examples like the Tor browser. You can browse anonymously for free. It doesn't cost money. But a lot of that is supported by Tor network operators who do this for the love of the game. They're not... in this to make money.

They're doing it to promote the free internet, to allow people to access information. So I think we do have a lot of privacy tools that are accessible to a lot of people. But there's also that gap that I think needs to be filled when it comes to hardware, because we don't really have very many affordable hardware options. Because Google Pixels, they're starting at like, five hundred bucks. And it's kind of hard to shell out that much money.

A lot of people don't have that much expendable income to just drop on a phone. That's why a lot of people, they go with carrier plans, like they pay their phone off every month. So I think we do need to be thinking about the accessibility of things and It'll be good if there was another phone option that was similar security to a Google Pixel that, you know, would allow people to do the same thing, but with a much more affordable price. But right now we don't really seem to have that.

So, yeah, I don't really have, I feel like I've been talking about this for a while, but do you have anything you want to add to that, Nate? No, that's fine. I mean, I ramble plenty. No, and yeah, just to back up what you said, you're absolutely right. There is so much in privacy that can be done for free or cheap, like Signal and encrypted email. But it's just, yeah, it's unfortunate that once you start getting to those higher, and those things do so much. How am I trying to word this?

It's the whole like, what is it? The Pareto principle, like, that, you know, I think, like, switching browsers, switching communication methods, blocking ads, all that kind of stuff, probably gets you, like, There are a handful of, I would argue, very reputable free VPNs, but they're also horribly slow and very limited on their capabilities.

Like you were saying, it's unfortunate that once you start getting to those higher levels of really... I guess perfecting for lack of a better word, like perfecting your privacy. Cause obviously privacy is a journey. We'll never really get there. There's no such thing as perfect privacy, but once you start really doing those advanced things, like you mentioned switching to a graphene phone, like there's significant barriers and it's just, it's very unfortunate I feel like. But yeah.

I don't know. Yeah. I think, I think you kind of summed up all my, my thoughts on this one. It is, It's unfortunate, and yeah, it's another reason to be mad at AI, because yeah, this is... Oh my god, yeah. I'm so mad. Everything's so expensive right now, and... You know, you and I were talking before the recording about maybe, yes, the rain cloud, perfect. We were talking before the recording that maybe I might need to get a new computer and my wife, she's been having some issues with her Pop!

OS laptop, which it's not system. It's literally like a different ThinkPad that has Pop! OS on it. And thankfully we found some stuff online that we could install and it helps with the power management. And so that can has been kicked down the road, but yeah, now is not a good time to need new computers. So frustrating. Yeah. I'm truly sorry to anyone who needs to buy an SSD or RAM right now. I still need to buy a backup drive. Yeah. I do wonder if hard drives are affected.

That would be interesting. I was going to say, I think hard drives are significantly less affected, if at all. So it's probably not that big a deal. But yeah, that's frustrating. Okay.

We do have one more story real quick, and I think I got my screen share fixed here. And this is about Microsoft and their use of AI. Is it going to work? Oh, hold on one moment. Yeah, so this is actually potentially some good news, which is that Microsoft is apparently, allegedly reconsidering how much AI they are cramming into Windows.

So for those who are fortunate enough not to have to deal with Windows Eleven, Microsoft, on the topic of AI and raising prices and everything, Microsoft is part of the problem because they have been cramming AI aggressively into everything you could possibly imagine.

Like, I'm going to get really niche with my references here, but if you guys have ever seen the show The IT Crowd, which if you haven't, you should because it's hilarious, but In the first season of The IT Crowd, and I didn't notice this until I rewatched it years later, there's EFF stickers literally everywhere. And I found out later that's because Cory Doctorow was one of the advisors on that show. And he was, I believe, a board member at EFF at the time. So he just stuck stickers everywhere.

And then in season two, there's significantly less stickers because I think even the EFF told him to chill out. So that's basically what Microsoft has been doing with AI is anything you can think of, they're slapping AI on it. And... This has not gone over well at all, at all, at all, at all, because numerous studies are coming out showing that most people at best do not care about AI. Most people either hate it or they're completely indifferent.

There are very few people that are excited about AI. And Microsoft is finally getting that memo. Oh, man. Where do we even begin? Apparently, Copilot is integrated into Notepad for some reason on the topic of why people use Notepad++ earlier. It's in Paint, which I guess that one I kind of understand a little bit better for generative AI, but... I don't know. If I want a powerful image editor, I'll probably go with Photoshop or something. I don't know. I'm getting off topic.

But anyways, I'm just pointing out how deeply they've shoved AI into everything. Most notably, many of the privacy veterans will remember Recall, which is one of the most horrifying privacy invasions of the last several years, probably. I said one of, for the record. It's definitely not the worst, but it's up there. Which, real quick for those who don't know, it's literally an AI that takes a shot of your screen, a screenshot, every couple of minutes or couple of seconds.

And the idea is that you're supposed to be able to type into your computer, like, oh, what was that website that had the green shoes that I was looking at or whatever? And it would go through and it would be like, oh, that was this link on Amazon. The problem is it was so poorly thought out that it didn't redact social security numbers, passwords. It did redact Netflix though. So we know where Microsoft's priorities were.

Anyways, anyways, all this hatred aside, real quick, just to round off that saga for anyone who wasn't there, there was so much pushback that Microsoft did actually delay it a whole year to try and fix it. And by fix, I'm going to put that in heavy quotations because it They made it less obviously terrible, but it was still pretty bad. But anyways, according to... So this article is pretty light on details. I do want to acknowledge that upfront.

But this comes from Windows Central and they have unnamed sources that work at Microsoft who basically said Microsoft is reconsidering a lot of things. Unfortunately, I don't think most of it's going away from the way this article's word. They said they have paused work on any additional co-pilot buttons for inbox apps for now. I do believe there are a few things that they're still going to go ahead with, like semantic search, agentic workspace, Windows machine learning, and Windows AI APIs.

Microsoft believes that these under-the-hood AI efforts are still important for app developers and users, even though nobody wants an agentic AI workstation, but whatever. There is, I can't find it now, but I think they did say there are a few things that they're just dropping entirely. Oh, sorry. Okay, so they didn't, here it is. They didn't commit to it, but Notepad and Paint, the ones I mentioned earlier, they said that those are under review. So those might get pulled entirely.

What's very also likely is they said that the company is basically trying to rethink things uh what they used a phrasing about copilot that i thought was or not copilot recall uh recall in its current implementation has failed though i understand the company is exploring ways to evolve the concept rather than scrap it entirely possibly dropping the recall name in the process though this is unconfirmed uh personal opinion they can evolve it right into the recycle bin where it

belongs but anyways yeah it's it's So it's, it's really unclear what direction this is going to take, but it is good that they're finally listening. And, uh, this is coming, the article notes, this is coming on the heels of Microsoft admitting that windows is horribly broken right now. Uh, it's been in my headlines in my newsfeed a lot lately and usually not for good reasons. And they did commit to trying to quote unquote, fix windows this year.

Although again, they didn't really say what that entails. This is probably part of that. Um, I will say that in my opinion, I think their AI implementation is so bad that really anything is fixing it at this point. Anything they can do to make it less terrible, whether that's making it less obnoxious, whether that's getting rid of it completely, whether that's hopefully making recall less of a privacy nightmare. I think the very least they should do is make it optional.

They're probably not going to do that because this is Microsoft. I guess I'll just say that. I don't really have high hopes that this is going to be revolutionary, but I am hoping that they can make it less terrible. I really think... I don't want to say that's the only direction they can go in because this is Microsoft. They can definitely find ways to surprise us, but I definitely don't have hopes for them to actually make this good in any way.

I just hope they'll find a way to make it Not so bad. I think those are kind of my thoughts on this one. Do you have anything you want to add to this, Jordan? I think you're lucky enough not to be subjected to the nightmare that is Windows, but I don't know if you still have any thoughts. Yeah, I've kind of avoided using Windows almost completely. I mean, Mac OS isn't really that much better, but Linux is definitely a good place to be right now.

So I think that's, yeah, I agree with everything you were saying. You know, it is kind of frustrating that like Microsoft is working on stuff that seemingly not that many people are actually interested in. Like, you know, adding all these AI recall features and co-pilot things. I think, you know... Microsoft is kind of realizing, yeah, we're going to have to actually add features to the operating system that our users actually want.

You know, like we don't just have to add silly like AI integrations.

I really hope that, you know, this is a sign that the AI bubble is finally going to, you know, explode because you know these companies aren't getting the returns on their investments they were looking for right they're probably dumping a huge amount of money into into developing these features and kind of going all in on AI because I know like I've seen the CEO of Microsoft he was saying you know they're going all in on agentic operating systems and utilizing all these new you

know developing all these new AI integrations and I think it's finally good to see them realize that, you know, the majority of people are not really interested in this and that they're going to start scaling it back because yeah, it's, I guess we should also talk about this from a privacy perspective.

You know, I think it goes without saying, you know, an agentic operating system and operating system that is basically sharing a lot of information about your system with, you know, a third party because in a lot of cases, this processing isn't done locally. You know, a lot of the processing that is done for these agentic systems is actually being sent to a third party service.

And this is kind of terrible for a lot of reasons because, you know, information that you thought was private and was local on your computer is then basically being broadcast onto the internet.

Like I know a really good, uh, a really good thing to think about this, right, is let's say you're talking to someone on Signal on a Windows computer, and they've got some agentic operating system features running at the same time, that could be recording you, that could be monitoring your call, and it could be saving that or sending it to a third party server, which is breaking the privacy of Signal. You're just adding a listener on the other end.

You're just sending this information to a third party server. So I think at least some people that care about their privacy have been saying this, but I think it's good that in general people aren't that interested in this because if this was to become more popular and available on operating systems, it would kind of be a nightmare.

It would kind of be a privacy nightmare because then you don't really know what you're sending to another person is actually private or if it's being sent to a third party server. I'm just happy that Microsoft is realizing that this is a bad idea. Maybe it's not for the same reasons that we care about, which is, you know, it being a privacy nightmare and destroying any sense of privacy that people have. But it's good either way. I think we can take this win. Yeah, for sure. And that's...

That's something that's in the back of my head, too, when I talk about, you know, I said, like, hopefully this will be optional and it'll be, like, less terrible. But even optionally, Microsoft is, or Windows, I mean, is such a notoriously leaky operating system from a privacy perspective. And I don't... I think I posted it in a group chat with my friends. I don't think I posted it in the Privacy Guides chat. But a few weeks ago, I may have mentioned it on here, actually.

A few weeks ago, I realized that for some reason, my Windows computer hadn't updated since version, like, . It was whatever version just stopped getting support in November. And so I was like, okay. I need to sit down. I need to figure this out because I want to make sure I'm getting those security updates. And I had to jump through many, many hoops. I had to chase down all kinds of issues. Eventually, I did get it to update. Everything went smooth.

But then because it was an update, it's introduced all these new features. And it was basically like a whole new computer. So I had to go through and I had to use... And for the record, not all of these are equal. So this is not like a broad endorsement, but I have very specific third-party scripts and tools that I trust to like de-bloat some of this Microsoft stuff. And I swear to God, it was like an hour long process to go through.

And I only have like three of them that I use, but to go through all three of them and run them to get rid of the telemetry, get rid of the AI, get rid of this, get rid of that. And it was such, and that was, I'm not even talking about the whole updating process. I'm talking about just that part of going through, making sure all the settings that I want turned off are off, making sure that these scripts run, checking the scripts and making sure I know what they do and I'm okay with it.

And just, it was so obnoxious. And it's like, it shouldn't be this ridiculous to use a computer without giving up all my privacy, plus the kitchen sink, plus the neighbor's kitchen sink, like it's insane. And so going back to what you were saying about AI is that's my concern is that even if they roll this out in a form where it's optional, does that only mean optional to the, like on the end user facing, like what's, what's the word I'm looking for? Like, where it seems optional.

But in the background, it's still submitting data. It's still collecting data. And I'm sure it's less than if it was running in agentic mode or if Recall was taking those screenshots every three minutes or whatever it is. But it still just worries me that it's like, yeah, but this thing could still be running in the background, potentially introducing vulnerabilities, potentially sending more data than it should be back to Microsoft. That's what worries me.

And it's such a shame as somebody who grew up on windows, like I'm not a windows fan boy by any measure, but I mean, let's be real. Like Macs are really expensive. And I mean, I guess now they're about the same because Mac is the only one that can afford to eat the price hike on Ram, but you know, historically Macs are really expensive and they work great and they've got great security, but you are absolutely unarguably paying for a brand name. That is a fact.

And then Linux is free, but historically doesn't always do the things I need it to do. I really do want to test some of my production stuff and see how well it works. But I guess my point being is like, Windows has always been such a relatively affordable, customizable system. And it's really frustrating to just see it become worse and worse and worse in every sense of the word, from the UI to the privacy, to the bloat, to the just, it makes me sad.

Like I said, I was never a Microsoft fan boy, but it's just, it used to be better. We used to be a society. I digress. I've ranted about that plenty.

If that's all we've got for now, I think there are a couple of quick stories that we wanted to highlight. We're not going to talk about these extensively because admittedly we had this conversation earlier in the week. Jonah and I have been covering all the age verification stuff for literal weeks and we have nothing new to add. It's bad. We're not in favor of it. We think that there's better ways to protect children online.

But we did want to let some of our listeners know, specifically in Spain and Greece, if you are Spanish or I guess it's Greek, isn't it? I almost said Grecian for some reason. But if you are Spanish or Greek, these are the latest countries who are now planning to ban social media for children under fifteen. So yeah, like I said, I don't think we really have anything to add to that, but if you do live in any of those countries, you should be aware of that.

Do you have anything you want to add to that, Jordan? Not particularly. I mean, I think both you and Jonah have talked about this pretty extensively, so I don't think we need to drag this out, but It's frustrating that the start of this, you know, was with Australia's social media ban and now other countries are following.

I think this is basically what we were saying from the start, you know, as soon as you normalize this in one country, every other country is going to start following suit and yeah, it's kind of unfortunate that that is exactly what is happening right now. We warned you, like we warned them that this is going to happen and no one was taking it seriously, but here we are. So it is kind of frustrating.

Yeah. It is kind of frustrating that, you know, we've, we've been here, we've been, uh, saying it from the start, but, uh, now it's actually coming true. So yeah, I think, you know, do what you can in these countries, make your contact, your representatives, you know, try and educate people in your life about why this is bad.

Hopefully there can be some, positives from this like you know it's it sounds like these are both announcing a ban they're not actually implemented yet so there's still a chance for you to have your voice heard so definitely try and at least make some noise about it because in a lot of cases uh if a lot of people are against this then you know it will end up being uh a lot harder for them to pass this with you know as many uh restrictions but i guess the the thing to remember

about this is these are both you know in spain um I feel like they might have much stronger data protection laws than that of like Australia or the UK. So it's interesting how they're going to actually be able to implement this without, you know, because they're going to have to require people to provide their ID or do some sort of facial scanning. It'll be interesting to see how they're going to navigate that, like regarding the data protection laws.

So that'll be something interesting to watch, I guess, but definitely try and make your voice heard about this issue. Yeah, I just want to add the slippery slope is I kind of hate using the slippery slope argument because it is not always applied in good faith and it doesn't always turn out to be true. But in the case of tech, I feel like it is true more often than it's not. Actually, a really good example is facial recognition.

There have been multiple articles and stories written about how Facebook invented their little Ray-Ban facial recognition glasses years ago. And even at Facebook, they were just like, no, this is too much. This is a line too far. We're not going to do this. This is creepy. Until Clearview AI came along. And once Clearview AI came along and made facial recognition totally cool, now they couldn't wait to jump on the bandwagon.

So yeah, I feel like with tech in particular, the slippery slope is true more often than it's not, which is so, so frustrating. Absolutely.

With that, in a moment, we're actually going to start taking viewer questions. So if you have been holding on to any questions about the stories that we've talked about, go ahead and start leaving them on our forum thread or in the comment section of the livestream. But first, we're going to check in on our community forum. There's always a lot of activity, and this week has been no exception. But we're going to highlight just a couple of interesting stories that we wanted to discuss here.

One of them is DuckDuckGo did a poll that shows that people are against AI. I feel like I read this story when it was first published. But yeah, I mean, the author of this post sums it up pretty well here. DuckDuckGo made a public poll to see what people think about AI, and ninety percent voted against. And I believe this thread has largely just been people discussing their opinions about AI.

And I don't know, we just got done talking about AI and the RAM shortage and how that's affecting everything. Do you have any thoughts about AI, Jordan, or do you want me to go first? I mean, I think we can kind of, you know, I think we talked about a little bit before, but I think for a lot of people, these... you know, AI companies are kind of having a pretty negative impact on people, like just at like a personal level, right? Like they're building massive data centers.

They're using a bunch of electricity, which is driving up electricity prices. It's driving up RAM prices. Like this is nothing that's good for the average person. And all for, you know, my cool little chat bot I can talk to whenever I want. Like, is that really, is the benefit really worth the cost? And I think, for a lot of times people are saying, you know, maybe not, you know, this is not really that useful. So I don't know, it could just be a sort of There could be a bias in the sample here.

Like, for instance, this could have been posted. I did see it being posted on Mastodon, which means, you know, it's kind of people on Mastodon don't like AI. So that definitely could have skewed the results a little bit. But I think it's still an interesting idea, right, to see and to have a poll go out like that.

It would have been interesting to see if, you know, where a lot of these votes were coming from and how this was published, because I think that could have had a pretty big impact on the results of this poll. But I think, you know, ninety percent is kind of conclusive, I guess. So, yeah, I'm not really not really that surprised by ninety percent being against it. What about you? Yeah, no, I think that's a really good point, the selection bias.

I will say, ninety percent surprises me a little bit because I know DuckDuckGo is one of those companies that has integrated A.I. a little bit. I think they even have their own like A.I. proxy and. I think it's. Yeah, I mean, I think that's a really interesting point for sure, but. I mean, my personal opinions, I definitely like... We mentioned this on a previous episode.

I like the point that Em made a few weeks ago about AI in its current form cannot be private because it scrapes up so much user data from people who probably didn't consent. And I think... This is one of the... This is one of the... Sorry, I'm trying to put my thoughts in order. This is a thing that I've said before is... I think there's certain things about AI that are technical problems in the sense that they can be solved. Can be. Will they? I don't know, but they can be.

Things like the energy usage. I think that in time, I think AI will become more energy efficient simply because the financial incentive is there to make it cost less money or maybe find more sustainable ways to power that energy. Um, I wish they would open up more solar farms instead of nuclear plants, but I don't know. I digress.

Um, but then I think there's, there's the much harder problems that I'm not sure if we'll ever be able to tackle, which are things like compensating the people for the data collected, the training sets, things of that nature. And I think those are, yeah, I think those are the things that are, like I said, going to be harder to solve if solvable at all.

And, um, yeah, I think, um, Not to be pedantic, but I know there's also a really good discussion to be made about the difference between, because AI is just such a blanket term that we're applying to everything nowadays. And I think there's useful types of AI, like machine learning that's being used for medical research and stuff like that, versus the generative AI that's drying up an entire lake just to make everybody on Facebook look like Studio Ghibli.

And yeah, I think it's really unfortunate that, I don't know. It's just really unfortunate. And also, as a creative type myself, I'm really annoyed that AI is taking away all the fun jobs, like making music and writing stories and making videos, and instead of taking away the crap jobs that nobody wants to do. Yeah, it's... It's really unfortunate. I think it's one of those things that could be good, but probably, it definitely is not right now.

And I don't know if we'll ever address those difficult questions for sure, but that's really unfortunate. Yeah, I think one thing to think about when it comes to this AI stuff is I'm not really sure if it could be done in an ethical way, right?

Because basically the whole, like, I don't know if you saw, there was like an article that I saw about Sam Altman and he was saying if there was a stop to the wholesale scraping of the internet for AI training, then these AI companies literally wouldn't be able to exist because the data that's required to train these models is basically done by scraping the entire network entire internet right um so you know i don't think that like i think people think about like their personal privacy like i'm

sure i could use like an ai model locally on my computer that wouldn't be sending information to a third-party company but the model itself was trained off non-consensual like scraping of people's information and, and data. And when you train that model, you're basically, you know, encapsulating an entire, you know, section of the web into a model. Right. And that's kind of the antithesis of privacy, right?

Because if you, let's say you, you deleted an article that you wrote about something that could have been scraped and put inside this model and, you know, you're basically, uh, storing this information forever. And, you know, it's also storing and scraping a lot of personal information as well. So, you know, it's, it's kind of problematic. I think there's not really any good way to do this.

Like I'm sure maybe this, there's a possibility that someone's made an AI model based on only publicly available and consensual data, but, um, I'm sure it's not very good and as useful as the ones that have scraped the entire internet. Right. Um, so, you know, I think I'm not even certain that, you know, if we were able to use completely consensual data and also have, you know, use renewable energy, I think it's just kind of a waste of electricity as well. Like electricity is not infinite.

Like it has an impact on the grid, um, just delivering electricity to people is producing carbon. So I don't know. I don't think that it's, I guess maybe our opinions differ slightly on this, but I think, yeah, there's definitely, in my opinion, not really any ethical way to do it that respects everybody in the process. That's just my opinion.

No, and I kind of agree with you because that was something that I said when I first mentioned this is like maybe, and that's why I say those like less technical problems I think are harder to solve because like you were saying, maybe we could, like I know Creative Commons is working on a license that basically says, yes, I'm okay with AI training on this data. But what if so few people opt into that, that it can't create a good AI model. And so there is no ethical way to, to do that.

And, you know, you mentioned the, the idea of like, or maybe I just heard you, you say this, but like, we can't even like really remove training data. You know, we can't, like we could remove it from the next iteration when they run the AI and update it, but we can't really reliably say that like, oh, I want this data removed from the model.

And because of that, it kind of doesn't respect like the right to be forgotten, which to me is personally is a really big deal to me because I think one of the most harmful things about the permanent digital record that we have nowadays is that people have almost lost their ability to grow. All the older listeners will be with me on this one. I grew up pre-internet, not super pre-internet. I think we got internet when I was in my teens, but it definitely wasn't like it is now.

Social media was not a thing until I was in high school. I think Facebook came out when I was in college. So I grew up in a world where You say dumb things. You do dumb things. You get in trouble for that, but then you grow, and you learn not to do those dumb things. And I don't want to sound too political, but I feel like we're in a world now where you say something dumb, and no matter how long ago it was, it lives there.

And so somebody will go like, and I guess I'm kind of sort of talking about cancel culture, but I don't mean it in that context. It's, you know, you say something and somebody will go dig up a tweet from twenty, you know, ten years ago. And it's like, oh, here's something really bad you said. And it's like, OK, but I don't believe that anymore. I've grown. I've changed. Or, you know, it was a. stupid edgy joke that didn't land well or whatever it was.

And it just, it doesn't give us that freedom to grow and like move on. And I feel like that's a concern with AI, even though it may not necessarily like directly trace back to you. It's just, I don't like that idea of something that you don't want out there anymore because you don't believe that anymore. And you've moved on. That's still stuck in the training data. So I don't know. That's why I said like, maybe, maybe those, those harder issues don't have a solution.

Maybe they don't, I don't know, but yeah. Yeah, I think those are the harder issues to tackle if they can be tackled at all. All right. There was another thread that we had written down to take a look at. This one, the title says, Android recommendations should reflect real life, not just worst-case threat models. And this author... This author... basically how would I summarize this? Cause this is a, um, very, not an overly long post, but it's a very detailed post.

And, uh, Basically, they're disappointed that, for example, we only recommend graphene. We don't really recommend other custom ROMs. We don't recommend iPhones or anything. And he mentions some of the stuff that we talked about earlier, like some people don't want to buy a Pixel because it's from Google. And they don't want to buy a Google device, even if they could buy it secondhand. Or Pixels aren't sold in their country. Pixels are out of their price range.

And graphene doesn't offer parental control options. I definitely have a lot of thoughts on this one. Do you need a minute to formulate some thoughts or do you want to go first? No, definitely take it from here. Okay. So, yeah, I think, and I'm going to try to paraphrase something I saw Jonah say, and I hope I paraphrase this right. So I apologize, Jonah, if I get this wrong. I think with websites like Privacy Guides, what we try to do is we're trying to give people the ideal answer.

And I think, I will say this is my personal opinion, but hopefully I'm getting it kind of close here. I think there's always going to be exceptions. So when we say, you know, like this person pointed out, when we say like, yeah, the best, and I went on a little bit of a rant about this this morning actually on the forum, two things can be real, even when they're contradictory. Graphene can be the best option for privacy and security.

But I think there's also situations where it's perfectly valid that you can't or won't do that. Because again, not sold in your country out of your price range. And I think in those situations, it's really important to or maybe not in those situations.

I think, I think it's just important to realize that, uh, you know, we, we can't possibly, especially when we make something that is being mass broadcast, like a website or like a, uh, you know, a podcast like this one, there's always going to be exceptions. There's always going to be people who have perfectly legitimate reasons that they can't do something. And I think the reason we suggest these perfect tools is kind of like the idea of like, try to get as close to this as you can.

Um, But yeah, I mean, I think obviously I'm going to defend our choices. I think there's a reason for the suggestions that we make. But yeah, I guess what I'm trying to get at is I understand where this person's coming from, that there's always going to be exceptions to the rule and reasons that somebody can't do something specific like that. But I don't think that necessarily makes the advice we give wrong, personally.

But yeah, we can't possibly cater to every single exception, every single threat model. We're trying to give advice that we're hoping will work for the vast majority of people in one way or another. And if nothing else, I think hopefully it will kind of give you a direction to aim towards. And so when you can see, especially this is something I really like about the privacy guides website, it tells you why we recommend these tools.

So when you can see like, oh, we recommend pixels because they have very good hardware security. You know, they have this, they have that. And if you say, okay, well, I can't get a pixel, but what else can I find that checks most of these boxes or which of these boxes can I look at that are important to me? And I can go find something that checks those boxes. So. Yeah, I think that's where I land. This was a very popular post. It's got a hundred and fifty seven replies. Holy cow.

Was there anything you wanted to add to that? I think this kind of goes back to some of the discussion that we had about like, you know, you were saying like privacy is a privilege, like people who have money can afford these things. I think, yeah, it is kind of interesting and important to at least discuss. I think that's like a good purpose of the forum in this case, right? Like people can discuss these issues.

less perfect tools in a place where, you know, people can be critical and talk about it. But I think, you know, the The recommendations on the website are kind of like, you know, meant to be like the most ideal ones. I know I've certainly used the forum like I've been interested in another tool and I've been like, huh, I wonder what the people in the privacy guides forum said about it because, you know, they probably looked into it pretty hard. You know, people are scrutinizing things a lot.

So I think just because something isn't listed on the recommendations doesn't mean that it's not something you can't use. For instance, I use a bunch of stuff that's not recommended by the website. Doesn't mean that it's the wrong option. It just depends on your specific use case, right? So yeah, I agree with what you were saying there. But yeah, I think this is definitely an interesting forum to have a read. I'm not sure if I agree entirely with what this person is saying.

I think stuff like headphone jacks and physical SIM slots and SD card slots are somewhat novelties. I find that they're not super important. I think the most important thing should be the security of the device if you can. So even if there was a cheaper device that could run something that is more private than stock Android. I think that would be better.

But yeah, it's kind of unfortunate that like Fairphone has, has got devices that they sell, but they're also pretty expensive and they're only available in Europe. So it kind of limits the, the availability of that. And they don't seem to take security as seriously as the graphing people. So, yeah, I don't know. It's kind of an unfortunate circumstance, I guess. I mean, I... I don't use an Android device daily.

I do have one, but I just prefer an iPhone just because, you know, it just works best for me. It's not recommended on the website, but it's something you can do instead. And I don't know, I think people need to make decisions for their circumstances and you don't have to a hundred percent follow everything that we recommend. It's kind of up to you to make up your own mind on things. yeah for sure yeah i don't think i have anything to add to that so i

guess we'll hop into answering questions now um unfortunately it looks like we didn't get any questions on the forum thread uh i know we kind of We've, uh, some weeks we kind of wait a little bit longer than, than others to pick headline stories, just to see if there's anything particularly, um, obvious that jumps out at us as like, oh, this should definitely be the headline story.

Um, and I don't know if, uh, this week people just didn't have enough time or, or what, but yeah, it looks like there's not too much there, but let's go ahead and address some of the questions in the chat here. And let's see. Excuse me. I guess I'll take this one. This person I don't think has a display name. That or my computer is not showing it. But I guess we'll say anonymous. So this is actually in regard to a question from last week. They asked if I had a chance to review the OPSEC Bible.

So last week, somebody asked about this website called the OPSEC Bible. I took a look at it. I don't know if Jonah did. Jonah's really busy. He may or may not have. I don't really feel like the website was for me. I kind of want to reiterate what I said when you first asked about this website, which is I think it's great that there's different levels of things that cater to different people.

Because I think there's some people that when you go up to them and say, you have to use Graphene, you have to use SimpleX, you have to use Cubes, they're just going to stop listening. And that may be unfortunate. That may not be in their best interest. That may be a mistake. But that is what they're going to do, is they're going to stop listening and walk away. And I think that's...

That's kind of where some other projects come in to try and try to kind of make it a little bit easier for people to get started on privacy. And I think some people, most people, I hope, but I think some people will, once they start getting into privacy, they'll realize like, Oh, this is actually a lot more achievable than it sounds. And I can go, you know, I talked about threat models earlier. Like I'm a big fan of going above and beyond.

If you can, a threat model, in my opinion is kind of more of a minimum, like do this minimum to keep yourself safe, but feel free to go past that if you want to. And, um, I think it's great for people who want to go past that and want to learn how to do some of the more advanced stuff and use some of the more secure options out there for whatever reason. And so I don't really have an issue with sites that push the more hardcore things, but I, I don't know. I just, I don't think it was for me.

So thanks for bringing it to our attention, I guess. But yeah, that was, that was my thought on that one. I don't know. I think I may have shared that one in the chat. Did you check that one out, Jordan, or no thoughts? Yeah. I don't really have any thoughts on it. I think you covered it pretty well. I think we need to go super in-depth.

that website but i think it's definitely good to use multiple sources uh for finding your information right like if we recommend something don't just take that as the truth right you should also investigate other people who are recommending different things see what they say as well um so you know maybe this website could be useful as another resource to check what they say about certain things. And then you can come up with your own opinion, I guess.

Um, but you know, privacy guides has a specific way of doing things. We're going to choose specific tools based on specific criteria. So it kind of is going to differ to what other people recommend and that's fine. Everyone has their own recommendations and what they recommend. So I think it's good. More diverse, uh, information is better. For sure. All right, our next question came from JS, who asked about DuckDuckGo's AI.

You said, I hear people complain about DuckDuckAI as a proxy because it just queries the respective companies, which in this context, I think he means like a chat GPT, Anthropic, whoever. And you say, isn't this the same thing that private search engines do? From privacy guides, quote, DuckDuckGo does not log your searches for product improvement purposes, or does log your searches, but not your IP address or any other PII. Yes, this is actually... I don't know.

Personally, I use BraveSearch because I feel the same way. DuckDuckGo itself is just a proxy. I think most of these meta search engines do technically draw from multiple sources, but they usually primarily heavily draw from one source. So DuckDuckGo mostly draws from Bing. StartPage is mostly Google. And... I think there's a couple others that I'm forgetting. But there are a handful, like I think Kaji or Kagi, however you pronounce it, I think they mostly have their own index these days.

Brave mostly has their own index. And I think Mojik is the other one that they all kind of have their own index. So yeah, personally, I like to use those or I like to use Brave just because it has its own index. I'm already using the Brave browser. I think they do a pretty good job. I feel like I'm also just, I feel like maybe I just, maybe it's something about me and knowing how to use search engines the right way, quote unquote, the right way.

But because I hear some people will get off of Google and they'll switch to like DuckDuckGo or StartPage and they'll be like, oh, the results just aren't the same to which number one, yeah, Google is personalizing your results because they're stalking you. But number two, I mean, I just, I personally have never had that issue. And I don't mean to like invalidate people who do have that issue. I'm sure that must be really frustrating, but yeah.

don't know for me it's um brave does the job really well and that's what i use but yeah that's um Real quick, that is another thing that I think almost all of these AIs, like Jordan was saying, they're all, or going back to what Jordan was saying, they're all kind of just proxies.

Brave's Leo, Proton's Lumo, and they're done in such a way that it's a little bit more private for the end user, but at the end of the day, they're still using ChatGPT or Claude or whoever else, and So they still kind of do suffer from the same privacy problems of scraping data that they morally probably shouldn't have. So yeah, that's all I got on that one. I think, yeah, there's definitely, I think there's some valid issues with these alternative search engines, right?

Like I think one area that is sometimes not talked about is a lot of these alternative search engines, they aren't going to be as good. I think your location certainly does matter, right? Some people complaining about the search results might be in different countries. If I search something that's super relevant in my country and it doesn't show up, that's obviously going to be a problem, right? And I think it gets compounded even more, for instance, in different languages.

So if you were searching in a different language, I'm sure that is going to be even worse. The results are going to be even worse in Google. So it is kind of definitely a bit of a, I don't know, your use case might vary situation. Personally, I found that, you know, I've tried a lot of these different search engines and none of them have been particularly terrible. But, you know, I find that DuckDuckGo is generally fine.

But I think, you know, people need to try and see which one works the best and which one you're most comfortable with. I've tried a lot of them and a lot of them I just wasn't super happy with it. And, you know, it just depends on your use case of the search engine. Like not everyone is going to use the search engine the same way. So I don't think it's strange to have an issue with the search results.

Yeah, I wonder if his point was just kind of, maybe what he was saying is it's just kind of weird that people complain that like, oh, this is just a proxy. And it's like, well, yeah, but isn't the search engine? But I don't know. I think that might be more indicative of the, general attitudes that people have toward AI in general. Yeah, which I guess at that point, my question would be, is DuckDuckGo at least keeping... in line with their ethos.

I hate to take shots at Mozilla here, but Mozilla's AI integration is absolutely abysmal. I don't feel bad saying that, but their AI integration, they straight up tell you, even in their blog post, I'll give them credit, they're very open about this, but they're basically just like, oh yeah, we've integrated ChatGPT and you can just click the little button in the sidebar and it's super easy. And by the way, once you use it, you're totally at OpenAI's mercy as far as privacy goes.

But it's like, what's even the point? I can just bookmark chat GPT. I don't need a little pop-up window to use that. Why would I use this at all? So I do have to wonder if, and I think it does, but don't quote me.

I do have to wonder if DuckDuckAI is like, yes, it's a proxy, but at least they have legal agreements with the companies not to train on your prompts or they proxy it so it doesn't get your device fingerprint like i have to wonder if they've done anything to make it more privacy respecting in which case i would argue like yes it is still a proxy but at least they're in keeping with their ethos of like trying to make it a more private experience again for the end

user i really want to stress that but um but yeah i don't know um i will say real quick in response to what you said i think my favorite search engine in terms of actual effectiveness was uh I think it's search is how you pronounce it. The CRX, I think it's CRXNG now. Searching, I think is how it's pronounced. I used to use the crx.be instance, which I think is still around. And I will admit the results were impressive.

I could always find the weirdest niche stuff that I couldn't find anywhere else. Because it drew from so many different search engines. But yeah, at the end of the day, personally, I decided that what I really wanted was like an independent index that wasn't just a meta search engine. So that's one of the reasons that I went with Brave. But yeah, I'm with you. They're all different. I think it's totally valid to just try out different ones and see which one works best.

That's kind of really it for questions, I think. We did have another comment here. Somebody said, happy birthday, privacy. Is that in reference to Data Privacy Day recently? Or is this when Privacy Guides was founded? I'm not sure. I feel like I should know that. Yeah, I don't know. It seems an interesting comment to make. Thanks, I think. You know, I will take this as an excuse to go get some cake after this. I'm down. We'll put it on the company card. I don't have a company card.

Jonah, I want a company card. I'm kidding. I just like saying random stuff. And then, yeah, one last person left a comment when we were talking about AI. They said use local AI instead. Yeah, I think local AI is probably going to be best for, again, end user privacy, especially because a lot of them you can completely firewall them on your computer or your device and they never have to touch the internet.

But again, we were also talking, I know I'm like really beating it over the head lately, but just the idea of like, it's still trained on user data that may not have been consensually collected in a lot of cases.

There's several ongoing lawsuits about this very issue right now of copyrighted works that, and actually, you mentioned it earlier and I completely forgot to bring it up, but I think that's so funny that Sam Altman is like, oh, well, if we can't steal copyrighted material, then we don't have a business. And it's like, okay, Like, could you imagine a drug dealer using that in court? Like, well, your honor, if I can't cook meth, then I don't have a business. And it's like, well, meth is illegal.

So that sounds like a you problem. Like, that's insane that they're even trying to use that as a defense. And it's like, well, if I can't steal everybody's property, then I don't have a business. It's like, then you don't have a business. That's how it works. Sorry. I know I'm ranting a little bit, but the nerve to use that.

All right. I think that's all we got this week. So let me... pull up my notes here. All right, so all the updates from this week in privacy are already shared on the blog, actually. We have actually, in case you guys didn't know, we now are sending the blog post out at the same time that we start streaming. So if you want, you can go sign up for the newsletter and subscribe on your favorite RSS reader and you will get a reminder.

There's a link to the StreamYard stream right there in the newsletter, so it's a really easy way to get a reminder and start watching. For people who prefer audio, we offer an audio podcast available on all podcast platforms and RSS, and the video will also be synced to PeerTube. These will be after the fact.

Privacy Guides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, you can make a donation on our website, privacyguides.org. To make a donation, click the red heart icon located in the top right corner of the page.

You can contribute using standard fiat currency via debit or credit card, or opt to donate anonymously using Monero or your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the This Week in Privacy livestream Q&A. You'll also get a cool badge on your profile in the forum and the warm fuzzy feeling of supporting independent media.

Thank you guys so much for tuning in this week, and we will be back next week with more news. Bye, everybody.