¶ Intro
Google's creepy smart glasses are coming this fall. The FBI wants to buy nationwide access to license plate readers and researchers wanted preschool teachers to wear cameras to train AI. More of this coming up soon on This Week in Privacy, fifty four.
¶ Start of podcast
Welcome back to This Week in Privacy. This is our weekly series where we discuss the latest updates with what we're working on, what's going on within the Privacy Guides community, and this week's top stories that we've seen in data privacy and cybersecurity. I'm Jonah, and with me this week is Jordan. How are you doing, Jordan? I'm doing great. Looking forward to jumping into some topics with you here this week. Sweet.
¶ Google smart glasses are coming this fall
Well, why don't we move on? With that said, we can start out with some of the news here. Why don't you kick us off with our first story? Yeah, definitely. So this is kind of a... An update to an existing story, I guess, because if you don't remember, probably like I'm going to feel like ten years ago, Google already tried making smart glasses with Google Glass and it kind of flopped pretty, pretty terribly for obvious reasons, I guess. But Here's kind of what's happening.
So this is the Google blog post here. Intelligent eyewear is coming this fall. We're revealing new frames from Gentle Monster and Warby Parker, plus features that let you get directions, send text, snap photos, and more.
I'm not going to read too much into this press release because a lot of things when it comes to AI products and... creepy technology like this that i'm not sure who asked for this um this is kind of a lot of marketing stuff here um i think the most important part to talk about with this is this is kind of uh a terrible trend because we already saw this with Meta. They released their Meta Ray Bans and Meta Glasses. And that was kind of, unfortunately, it was kind of a success.
And, you know, maybe you're thinking, oh, this doesn't really sound that bad. Like, is this really an issue, right? And I think the most important part about this to think about is these products have cameras on them. They are also owned by two of the largest advertising companies in the world, Meta and Google. They collect probably the most amount of data in the entire world, probably the largest two data collectors ever. And you're strapping a camera to your face.
Now, I know most people in our audience are probably like, yeah, I'm never doing that in my entire life. I'm never strapping a camera from Meta or Google to my face. But that's not the problem. The problem is that this is going to be other people strapping a camera to their face. And especially in public, this is going to be a pretty big issue.
And I also think this is another kind of awful move where these Ray-Ban meta glasses weren't originally planning to be part of like this whole, you know, AI ecosystem, but now we're seeing with, you know, these new changes, these new glasses that meta and Google are releasing. they're integrating these AI features into these glasses. And they're basically like wholesale, like sending and collecting information and sending it to these AI models.
And I do want to talk about this a little bit afterwards, but I kind of want to throw it over to Jonah a little bit. Like, how are you feeling about this announcement? Do you have any thoughts? Yeah, my initial thought was definitely kind of along the lines of what you just said. I think it's very unfortunate that Google didn't learn their lesson from Google Glass. I think it was pretty clear at that time that this sort of thing was unacceptable.
But now, yeah, it's just become so normalized by I think the first mainstream one was those Snapchat glasses, but especially the meta glasses. I think people are wearing those out in the wild.
run into like Instagram stories and things like that from regular people like they've kind of gotten mass adoption and they've really figured out that they need to market it as like this fashion item this partnership with these existing glasses companies and that is really how this is taken over which is just very unfortunate um Yeah, it's a shame that we went in this direction because I think I've said this on the show before, but definitely in some various threads,
I'm not totally opposed to the idea of smart glasses in general.
I wear a smart watch myself and something like a heads up display in your glasses would be super convenient, especially at the time where I used to wear glasses all the time, which i don't anymore so maybe it'd be less convenient now but i did want them before and that they're not even doing an option uh to do that without like having these cameras strapped to your face i think is is a shame and I think that's kind of how these big tech companies like Google operate.
They kind of just take away any choice that you have so you have to go with the version of the product that they want you to have because competition is kind of eliminated. We've seen this in the smartphone space where there's only a few major players now. There used to be a ton of smartphone manufacturers like ten years ago and now those are gone and I think Yeah, everything is just kind of standardizing on this one design, which is annoying.
Yeah, it is kind of frustrating as well as like, I think the eyewear industry has also kind of been profiting from this, right? Because... I think a lot of places that sell glasses, they sell the glasses at like a regular store. Like this isn't something that you can just like only get on like an electronic store or something like that. It's literally like next to the standard glasses. So I think it becomes kind of normalized through that as well, definitely.
I definitely saw them at the Sunglass Hut stand at Macy's. They're just meta glasses next to the Ray-Ban glasses. It's all the same stuff.
They just... sell them all together um yeah I mean I feel like the price is also kind of ridiculously low but I think also that's also kind of done by the fact that these are like powered by collecting a crap ton of information so it's probably subsidizing the cost a little bit yeah I actually don't even know how much these cost I've never I've never looked into it personally that is interesting though They are not expensive. They're definitely less than a thousand dollars.
So I feel like that's, I mean, I feel like Ray-Bans is definitely a cheaper brand. I've never heard of these, like I've never heard of Gentle Monster or that other one, Warby Parker, but I mean, maybe they're. Warby Parker is pretty big in the like online glasses area. I think you would see it recommended a lot.
on like Reddit and stuff as a cheaper option to buy your glasses in the store because I don't know how it works around the world but like at a glasses store here you can pay three hundred dollars for some frames or something and then not to mention the lenses but if you order it online from that they're like thirty dollars or something I don't know so I think that's why they're popular I don't know if they're super known for being like a trendsetter in style or anything maybe
they are though maybe people are super into them Yeah, I mean, I don't know. I also want to kind of talk about this. I don't know if we... There's another story that kind of follows this up because I feel like some people might be like, oh, this is... Yeah, this is concerning, but, like, is there any proof that these glasses are collecting ridiculous amounts of information on people?
Are they actually as creepy as, like, are we just... making this up like no we're not making this up um so here's a story from the bbc uh and basically a regulator has contacted meta over workers watching intimate ai glasses videos so basically there's a uk data watchdog has written to meta following a concerning report claiming outsourced workers were able to view sensitive content filmed by the company's ai smart glasses and it's a little bit concerning.
So they, they were saying that they were even seeing, you know, living from living rooms to naked bodies, you know, people on the toilet and stuff like that. This is, this is experiences and things that, you know, a lot of people assume is private and that is like kind of sacred, which is being sent to these companies.
And I guess we don't know whether this is going to actually be the case with the Google ones, but I think given Google's track record of basically wherever possible sending information to Google's like a Gemini service, I mean, that's how they make money. That's like, that's the whole AI industry at the it's kind of unfortunate that, you know, there's this normalization of this technology when we already know that this technology is like completely, uh, it doesn't have privacy built in.
And I think the normalization of this is we're basically going to see every country, like no matter, like a lot of people say things like, Oh, you know, China has like a million cameras and like, you know, these cities in the U S they've got cameras on every single corner. Um, Now there's going to be cameras literally everywhere. Every single person is going to be having these cameras always on at all times. There's going to be cameras everywhere.
And I think these are a little bit more concerning compared to a smartphone because the camera in your pocket or in your bag is... You know, it's not pointing at someone. It's not, like, primed, ready to capture content at all times. So I think this is definitely more creepy. I think it's definitely also kind of breaking the consent model here as well. Like, if you're talking to someone who's wearing these, like, do you know whether they're recording you?
Do you know if they're sending your face to some, like, AI company? Like, no, you don't. It's kind of creepy.
So... yeah that was kind of the point i wanted to bring up as well like not only do we not know what these are collecting um or like what extent these are always recording but you also can't know not you not only can you not know like what these tech companies are doing but um you can't really tell like if other people just around you are recording them right now and if you look at the images from uh this google blog they are um really hidden i think the fact that they have
cameras i literally had to when i read this for the first time i had to zoom in really on this gentle monster thing to see on on those frames to see if they had cameras at all you can barely tell uh there's an outline of a camera when you zoom way in but i was wondering if they were making some models without cameras that only um i don't know if these i think they said they have heads-up displays but i know they also like talk to you in your ear. Yeah, those ones.
I don't know if you can zoom in on that easily or not. But it's, you really have to look closely to to see those cameras. And I think that that's the thing that is most concerning to me because yeah, it could just I mean, it just really normalizes all of this in in modern society that you don't really have any privacy when you go outside in public spaces anymore. A lot of people would argue you probably didn't have privacy in these public spaces before.
But I think that the dynamics are a bit different because cameras used to be just less ubiquitous in general. They used to be bigger, so it was more obvious that you were taking pictures. Or even now, if you hold up your phone, you can tell if someone is trying to take a picture of you. And it's just very, very different now because now you can't tell any of that. It's very unobvious. yeah, I am not a fan of this development one bit.
Obviously, besides the camera issue, these are really built around Google Assistant, like all of these smart glasses will be with their respective voice vendors. All of these big tech companies really want to push AI and having AI in your ear at all times as the as the future right. And I mean, we've talked about AI stuff on here in the past, but it's just concerning to me how much data that people are giving up to these voice assistants and other AI chat tools.
We've talked about AI chats misleading people. We've talked about how AI doesn't protect your data because it doesn't have things like end-to-end encryption, and they're making it... Not only is it was already hard to run AI locally, now it's practically impossible because who can afford the hardware these days because of these AI companies buying all the computers on the market so us mere mortals can't get one anymore. It's all just not great, I guess is the best way to put it.
Yeah, it's a shame. A lot of people in the chat hear about this. I like this comment. We need proton face masks. You know, that'd be funny. I wonder if there will be some sort of product that comes out. I know we've seen it with facial recognition stuff in the past, kind of adversarial stuff. things you can wear to mess with facial recognition or cameras or whatever. I don't know if there will be a good way to kind of avoid being recorded by these things.
But yeah, that would certainly be an interesting product. I wouldn't say I'd recommend Proton get into it, but they make a lot of random things sometimes, so you never know. Yeah, I think the last thing we need is another Proton product. Yeah, I know. Uh, no, but I agree. I agree with everything you said. Um, but I do think like, you know, I think a lot of people are purposely saying like, Oh no, you know, I'm not like using it. Like it's a cool product.
And like, I just want to be able to take pictures everywhere. Um, but I think a Just because you want Meta to see everything that you see constantly, not everyone else wants that. I understand the comment when you talk about privacy in public, but I feel like it's taking a little bit... in a strange direction. Like just because you don't have privacy in public doesn't mean you should have cameras literally everywhere and everyone with one strap to their face.
Like, yeah, I think also that's kind of, it's kind of changed. I feel like the aspect of that has changed now that we have cameras everywhere. Maybe that would have been true like, you know, back when people had it was hard to take pictures of people and hard to do that sort of stuff. But now everyone's got a camera, everyone's got, uh, easy ways to take pictures of people. Um, I also think that these, I'm not sure, like they didn't actually show it in the demo.
Like I watched the demo to see exactly how these work. And you did mention a little bit, like there's, there is ones with a display and there's ones without a display. So there's, there's different things going on there. It's the same as, um, meta's ones. Um, but, They're also trying to like if you watched last week's Android IO thing, they're kind of pivoting towards like, you know, using these connected devices instead of your phone.
Like one of the demos they showed was like ordering something on DoorDash and it was basically Gemini was doing the entire process for you. Um, and I think that's just another thing where it's like, wow, think about all the information that Gemini is processing. Like it's processing your location, it's processing your order, it's processing like so many things at the same time. And it's all just like getting heaped into this product. Um, I don't think like it doesn't protect anything.
Like there's It's basically just sitting clear text on Google servers, which, you know, maybe Google has good security now, but, you know, there's always a possibility of it being breached. And like we saw with the regulator talking about meta, like, you know, who gets access to this data? Like, is it going to be outsourced to these workers overseas? And even then, I feel like just storing that data is also kind of concerning, too. Yeah. you know, all these intimate things that you're doing.
Like, does that really need to exist on Google servers? Probably not. I would argue not. Yeah. It's strange. I saw we got a comment from Anonymous in English. in the chat saying that they saw a good comment about privacy in public spaces. I tried to open this link.
I'm using brave browser for the screen sharing right now and apparently lobsters has blocked the brave browser so I can't access it but I'll assume it's good and if it's related to this other comment you sent how it's not about the lack of privacy it's about it being societally inappropriate to eavesdrop like that. I totally agree, and I think a lot of our society could take a lesson from the Japanese in this regard.
In Japan, they notoriously have a camera feature on their phone, a law, really, that requires all their phones to make a very obvious sound when you're taking a picture. And I think that that's the sort of thing that would not be unwelcome, in my opinion, because it's exactly about making it societally inappropriate to do these privacy violations in public. I think if you're taking a picture of... anyone who wants you to take a picture of them, they're not going to mind the sound at all.
And for everyone else, you want to have that notification, I would imagine. So that's the sort of thing where Japan clearly saw a problem in society and solved it. And I think we could probably do something to that effect as well. Will we? I doubt it, but you can always, you can always hope. I also think, no, I think that's an interesting point to bring up because, you know, I think they have tried to like dissuade people a little bit by saying like, no, no, no, it has a notification light.
Like it has a little light on it that shows that it's recording. And people have already, people are modding their glasses to get rid of that. People are offering that as a service. They're like, I don't want people to know I'm recording them. Like it's something that people are actively looking to, disable, right? Maybe there's also a camera sound, you know, oh, we just removed the speaker.
Sorry. So, yeah, I mean, of course, these mods exist, because it's an asshole move to do that with random people who don't consent to that. I mean, we, this is exactly what we learned with Google Glass, which is that nobody likes it. It's still the case that nobody really likes to have cameras all up in their face. But what these tech companies are doing is not only normalizing it, but making it very easy and pretty hidden to do so.
I. I don't know what these I don't I don't know what these glasses look like specifically when they're recording, because I don't think they have any pictures of an indicator or anything that I've seen.
Someone can correct me if I'm wrong, but I would not be surprised if these tech companies are probably making it intentionally easy to mod I would imagine a speaker would be more difficult I mean you can always remove it but a camera you don't even have to you don't have to affect the camera hardware I mean the glasses hardware at all because you can just paint over it or put a piece of tape on it right it's not that hard to block light sound is a little bit more tricky but yeah it's
It's strange that we're kind of accepting this, but I think Meta has done a pretty good job at advancing their agenda in this regard, unfortunately. Yeah, definitely. I don't really think I have any more to add, but there was a comment here from Anonymous, and they said, is there a single Google product that doesn't violate your privacy by default? I'm just going to stop there with your question. I think no, no, there's not.
I think the fact that you need a Google account to use a lot of these services is kind of the issue, right?
I feel like a lot of this stuff would be probably – okay right if it was like not connected to a google account but i think that's kind of how they make money right like they have this central account that's connected to all these services that are all collecting information about you to make better choices for advertising all that sort of stuff um i mean i can't really think of anything off the top of my head but maybe there is and i'm not thinking right well no i totally
agree personally because I mean, people will point out pretty often if we talk about any Google stuff, how they do have some products which are private or secure or only run locally. And Google does put in some effort to make some of these features local. So you could look at like on the Pixel phones, for example, they have a song recognition feature on the lock screen and that runs completely locally on your device. So it's not like it's streaming locally.
all of the music that you're listening to to Google or everything going on around you or whatever. And there's little features like that. You can enable end to end encryption of your sync in Google Chrome to protect your browsing data and passwords and history and whatever. So little stuff like that, people will say, that does exist so they can make private and secure software.
But the reality is all of that stuff that they're making, they're kind of side projects and they really exist for the purpose of getting you to use all of these other Google services and getting you to trust Google. Google software development a bit more. I think like all of these things being pixel exclusive, like that song recognition thing, for example, a lot of them are like that.
A lot of them are to get you invested into the Chrome ecosystem and stuff like that is, that's kind of their motivation at the end of the day. I mean, people will even argue that some Google services can be private. Like they'll point at Google Workspace for Education, for example, which has these terms of service, especially because of laws and regulations relating to how student and children's data can be used in the first place.
But even that is not like a selfless act on Google's part to release a good product that is private. private for students, it's a way to normalize the entire Google software ecosystem so that when they become adults, they'll use Gmail and Google Drive, or when they enter the workplace, they'll demand to use Google Docs because that's what they're familiar with, and Microsoft Word will seem old and crusty in comparison. And That's ultimately the only thing that Google cares about.
It's building this market share and getting as much advertising data as possible. So no, I would not use any of these Google services. I think it's I think they just don't lead to anything good happening.
And historically, maybe the handful of things that Google has done that are good for the world, like creating the Android open source project, for example, I think they're actively trying to distance themselves from it and lock it down as much as they can, through changes to their to how they run the source code and making even more features pixel exclusive, I think, a long time ago, they they took out the dialer in the messaging app from Android itself.
So it's not even usable as a phone anymore. And like on its own, they depend on themselves and OEMs making these apps. So now Android is like, unless somebody is going to maintain those things, it locks people into these ecosystems that keep growing, growing smaller and smaller. So Yeah, Google has just become kind of an evil company, unfortunately. And I don't think there's much to do about it at this point. Definitely.
¶ The FBI Wants to Buy Nationwide Access to License Plate Readers
All right, I guess we can move on to the next story here. Jonah, what's our next story here? Yeah, let's take a look. So this was reported by four or four media. Their headline is the FBI wants to buy nationwide access to license plate readers. Only a couple of vendors could likely fulfill what the FBI is after, namely Flock and Motorola.
So their article says the FBI wants to buy access to ALPRs nationwide, which would likely allow the agency to track the movements of vehicles and by extension people across the country without a warrant, according to FBI procurement records that for foreign media reviewed. The documents that they reviewed show that ALPRs continue to be a sought-after tool for law enforcement, not just for local police and individual communities, but federal agents too.
This news is coming, as they note, as protests and pushback against these license plate readers have spread around the country, which, of course, we've covered many times here on the show.
Luckily, there are a lot of stories about individual agents uh cities and towns rejecting these things or going into contracts with flock and then canceling them because of outrage i think these are things that most people generally do not want or see the value of uh but they are still being adopted in a number of other places so this four for media article notes that In the case of Flock specifically, all of the Flock systems that get installed are under the control of the
cities or other entities that order them, not Flock themselves. I don't know if that's technical or just a matter of policy, but at the end of the day, The city that installed it can choose whether to share data with federal law enforcement. And I believe the default is that they don't share that information, although it would be easy to check.
And I'm sure a lot of law enforcement agencies, local police stations, et cetera, would be more than happy to share all of their data with federal law enforcement. So I don't think that's a huge protection.
But yeah, it's very concerning because all of this data being kind of combined by flock into this massive database in a very easily searchable database will reveal very fine grained detailed information about people's travel habits, And I wouldn't be surprised knowing what applications of AI we've seen in other fields, like the military, for example. I think we talked about that in a previous episode,
but there was a story about... Yeah, I believe it was Anthropic who were kind of taking a stand against the military by saying you can't use... their AI for like targeting people and that sort of thing. But other AI companies have not been as strong against this.
And I would imagine that we're very close if this goes through from a system where not only can the FBI look up people's license plates to track them and see what they're doing, but they will be able to implement AI systems who can analyze all of this data and probably preemptively track people, find people of interest depending on where they're going. Maybe there's hotspots that they are concerned about and they want to see all the people who go in and out and that sort of thing.
We've seen that sort of geolocation feature in other stories in the past. uh specifically with google this most often happens with people or law enforcement agencies will make requests to google asking for all of the phones basically that were in a given area and these areas can be quite large and cover tens or hundreds or thousands of Google accounts that will then have their privacy breached just because they were somewhat in the vicinity of a crime that occurred.
So I would be very concerned about that. We've definitely seen a lot of flock in the news. That's the big name that people are pushing back against right now. I know that Motorola has a pretty extensive system as well, which for media called out in this article. I don't actually know how extensive that is or how many cities have installed it or what that system entails. I'd have to look. more into that.
But in this article, the FBI says that they are open to awarding a contract to multiple vendors if that helps them achieve their goal of pretty much nationwide access to this data. So it's very possible that they could enter a contract with Flock, Motorola, maybe even some other companies and combine all of that data into one system. So Yeah, I think this is a very concerning development in the area of government mass surveillance.
This is exactly the sort of problem that Nate just talked about with Naomi Brockwell in that interview we did recently. As far as warrantless searches of our data goes, that was more to address data brokers. But this is the same category of stuff where they can get all this data from private companies and compile it all and use it without getting a warrant, which it's just scary stuff, I think. Yeah, I definitely was going to touch on that.
Like it does seem like this is sort of exactly like what we were talking about with that interview. Like, you know, this data shouldn't be just easily accessible by like police departments and like the government. Like they shouldn't be able to know every single person's movements within a city and whatnot. I think that is pretty bad information.
Is the solution to this basically at this point, you know, just getting these camera systems removed or perhaps like a legal precedent for perhaps, you know, this being against the Fourth Amendment or? Yeah, I mean, it's my opinion that it's clearly against the Fourth Amendment, but obviously that's not much of a concern to the government these days, it seems. I think that you definitely have to take both approaches.
The best way to do this is to make sure that this isn't happening in your town, and that means getting involved with these city councils.
I know that politics is very... annoying to deal with and i think a lot of people lose hope uh when it comes to like nationwide federal government or even their state government um in some cases but Your local government, you can't have a lot of power and it's a very small group of people, I think, that they can get away with a lot of stuff just because there's no pushback at all. So even a little pushback on this sort of thing can definitely help out your community.
And I would try to do that and I would try to get more community members involved and just be persistent about it if your city or town is... considering implementing flock or has already implemented it um but the other approach is definitely something like the the surveillance accountability act that naomi brockwell drafted and recently introduced with uh thomas massey i you can if you want to learn more about that you could go watch that interview after this i would say
telling other all the listeners here, I would say that I think it's very unlikely that that will come to pass, especially because Thomas Massey lost out in the Republican primary because Trump really wanted him out and spent a lot of money to make that happen. So I don't think either way, I don't think it was really going to go anywhere. But I do think that that kind of bill was important for like privacy education.
I'm glad that Thomas Massey signed on to it, even if he's going to be out of office soon, because it's kind of like a nice parting gift to the American people to at least educate people about privacy and be like, this is what should be happening. And we should at least be discussing it more and seeing what we can we can do about it. Because We need some more protections against this kind of... The government would probably consider gray area stuff with the Fourth Amendment.
And we need an easier way to hold the government accountable and sue the government for... violations of the fourth amendment because for some reason we're in the situation right now where the u.s constitution guarantees a lot of rights but if the government violates those rights you have very little recourse it's very challenging to sue the federal government because the entire system is stacked against the ability for you to do that which kind of I mean, weakens the entire idea of having this
judicial system in the first place. I think it's very unfortunate.
But just like we have Section two one, which reinforces the First Amendment, I do think we need something similar when it comes to data brokers, when it comes to these huge tech companies like Flock that are collecting all of this camera data around the country, preventing that sort of surveillance from happening, especially preventing the government from abusing that data and compiling it all into an even larger mass surveillance system I think absolutely needs to happen
and I think we need to be talking about that more and demanding it. Definitely and it's yeah it is kind of unfortunate that like we kind of had a I feel like in the US there's very few politicians who actually care about privacy. I think the other one was Ron Wyden, I believe, and I guess that kind of sucks now that we've got only basically him left. It is kind of frustrating, but I think what Jonah said, the local level is also really important.
I feel like these companies like Flock and Motorola, they probably are doing... Isn't there probably a lot of lobbying and a lot of money behind this whole initiative? Is that why a lot of cities are choosing to implement this? I mean, absolutely. There's got to be. I remember we saw... I don't know if it made it into the show notes, but we just read in one of our chats about... a city in Texas that is losing flock because of pushback from the community.
And one city council member had a total crash out basically and wrote a huge manifesto about how crazy it is to get rid of flock and how they might as well go back to the eighteen hundreds if they can't use these surveillance cameras to track people around their city. If you read that entire letter that he wrote, it came from a very emotional place, which I think that isn't typical of even politicians who don't get their way unless they were like personally invested in this in some way.
So I would not be surprised at all if there are kickbacks from flock and these other surveillance providers to to these cities that implement them, because it seemed like, you know, he was really personally losing out. And that does seem like the sort of thing that that they would do.
Yeah. I think just to like finish out this topic here, I guess like for some people in the audience who, you know, might be feeling a little bit skeptical of this technology, maybe they're not a hundred percent against it yet. They're not really sure. Is there, is there like evidence that this technology is even good for catching criminals or is actually an effective tool or is this just, you know, a thinly veiled excuse to actually install these cameras everywhere?
Yeah. You know, I haven't seen much evidence to that effect. Even if there were evidence, I would have to look into that more. But it certainly isn't having the, like, enough of a profound effect to make it worth it by any means. At the end of the day, you have to balance this against the rights that people have to privacy and the rights that people have against privacy.
warrantless and illegal government searches at least in theory and any potential benefits that this has for law enforcement aren't outweighed by people's rights and by the u.s constitution i don't think um it's probably not super controversial to to most people to want to make catching crime easier and to help help out law enforcement with their jobs a little bit.
But that help has to come through legal routes like requiring a warrant and having some oversight from another branch of government from the from the judicial side of things rather than their executive branch. And without those checks and balances, it's just an authoritarian system, which is completely unacceptable.
¶ Researchers Wanted Preschool Teachers to Wear Cameras to Train AI
Definitely. I a hundred percent agree. Um, I guess here we can dive into this next topic here. Uh, this is a story about researchers wanting preschool teachers to wear cameras to train AI. So this is kind of a ridiculous story. I can't believe we're actually, this is actually a thing. Um, And this is a quote from this article by four or four media with your permission, your child's lead teacher may wear a small teacher worn camera that captures the teacher's approximate first person perspective.
And, or we may place a fixed video camera in the classroom, a document given to parents and later shared with four or four media reads university of Washington researchers plan to have preschool teachers wear cameras that would record everything they saw from a first person perspective. including the children they were teaching. Then they would use this footage to develop AI models. One parent who spoke to for media understood the program as opt out rather than opt in.
The university said that classroom participation was contingent upon receiving parental permission from all the children. Uh, I just want to say like already from the top here, uh, when it comes to children, like we already have a lot of laws around, you know, collecting children's information because let's be honest, like children can't consent. They don't, they don't, they're not fully, uh, capable of consenting.
Um, so, you know, when we have preschool children here, like these are like, you know, these are toddlers, like these are, these are very, very young children. Um, It's kind of concerning, right? So I think that That should already be our thing from the top here. These are children that can't consent. Their information, their faces could have been recorded. I assume that none of the parents approved this, but maybe I'm thinking too positively of them.
But, I mean, I certainly wouldn't allow this to happen if my child was going to a school. So, yeah, this is, I guess, another aspect of how AI is becoming very entrenched into the education system. I think, you know, we're probably going to see like children accessing AI models and these children safe AI models and like, you know, all this kind of creepy stuff. But yeah, Jonah, do you have any thoughts on this one? You're muted.
Oops. My immediate thought when I saw this story, I sent this picture in the chat right away because I feel like we were warned about this sort of thing. How many years ago? Eight years ago. And there's a lot of lessons in the media that I think people should be taking away from and don't. But that is the classic problem. It's a classic quote about sci-fi writers and other writers in the arts and literature space will write a story about the torment nexus and how it's super bad.
Don't build it and then tech pros are like, let's build the torment nexus. It sounds so cool. That's the sort of thing we're getting into here. I don't know what it is that like these schools are hoping to learn from the from this. I feel like I know that this article does say the goal is to better understand children's everyday learning experiences and develop AI tools that can help assess classroom interaction quality.
That to me feels like the sort of thing that you could just ask teachers about how things are going in your classroom.
what what issues are you having i don't know if you need ai to analyze all of this and put it into a nice chart for school administrators to look at i i don't know what these charts are really doing for for the education sector in general i think that this is like a lot of things in the schools these days um overly bureaucratic administrations really taking away from the educational system and really hurting teachers, hurting students, and I don't really see how this could be beneficial.
What I did not see in this article is what the teachers in question think about this system. We've heard what parents think and what the people doing the study and what the administrators at the school think.
would be kind of surprised if the teachers were like super on board with this and really wanted to know how to integrate ai into their classroom more i feel like that's not something that people are clamoring for and i think that a lot of people in the educational space know that all of this integration of ai and all of this reliance on ai is making the quality of education worse uh it's making like like an overuse of technology in the classroom especially
without proper technology education in the first place no uh no no guidelines for students to follow no i mean in a lot of cases no advice is really given you just put in front of a an ipad or a chromebook and told to do things. And a lot of students are expected to know the basics. But if you're not learning the dangers of this stuff, if you're not learning how to browse the internet responsibly, it's just a gateway into all sorts of bad behaviors.
I don't think that technology needs to be completely removed from the classrooms or anything like that. cameras probably do. I can't imagine. I still can't imagine why anyone would want what's described in this article. But in general, you know, technology is important. And certainly you should be skilled in it. But I think students are basically being trained to be consumers of technology and whatever is put in front of them, AI is only going to worsen that problem.
And something needs to be done about that we need to bring back proper tech education, we need to bring back I think more Just more reliance on the people who are actually doing these jobs and interacting with these students and giving them the tools that they ask for. Because while this is happening, while they're trying to shove cameras and AI into every corner of these classrooms, teachers are not getting the resources they need.
They have to spend their own money to get pencils to hand out to their students and stuff like that. Our priorities are so... mixed up here in the educational space. At least that's my perspective here in the US. I don't know how education works around the world. I feel like I hear China has a lot of education stuff done, but then they have their own separate problems. I don't know what the best solution is, but I think that something needs to be done. This is clearly not the right direction.
Even if there are multiple directions we could be going in, this is not it. Yeah, I definitely agree with your analysis there. I think also the the thing that I feel like kind of happens with schools is I feel like sometimes people don't think that children need human rights. Like just because they're children doesn't mean that they can't, like they can be guinea pigs for this technology.
Like I feel like if you said we're going to be installing machines AI cameras in McDonald's that's going to automatically analyze your facial patterns and like send all of this data to train AI, I feel like people would be kind of like, what the heck? Like what? I'm not going to McDonald's anymore. Like what? But then as soon as you say it's for a learning environment, you know, we're trying to help kids. Like it's like, no, like I don't think that's really, I think that's kind of a bad excuse.
It did say in this, they got a response back from the University of, was it University of Washington? Yes, University of Washington, they got a response back and they said, our initial outreach was intended to help us better understand how families would feel about a project that uses artificial intelligence to support teachers.
Now, I actually kind of feel like this is a little bit of a cop-out maybe like I kind of am interested to see what this actual thing that they were trying to do contained um I think there is a yeah there is actually a picture of it on there I don't know if we can open that up on on this on the stream but uh yeah it is kind of strange like I don't think it's it says specifically that that's a reason And I don't know, it just kind of comes across a little bit strange that they would say that's the
reason why they were doing this, not because, you know, well, these are the nefarious reasons, but... Maybe, oh yeah, I can share the document that they got here.
It basically said what you said at the beginning, your child's teacher may wear a small camera, And they will be used for supporting teachers through coaching and Ai tools research and children's learning experiences research publications and conference presentations project demonstration videos restricted access research data set and it may be processed using cloud based Ai services. They say that participation is completely voluntary.
If you change your mind, you can let the teacher or research team know, and we will remove any recordings that include your child. If recordings have already been used in AI model training a group with other data prior to your through a withdrawal request, it may not be possible to remove your child's data, which is a problem you see in a lot of research studies. Once it gets anonymized, it's very challenging to change whether you can send to them.
But I think this is in particular, especially because they are using cloud-based AI, is problematic uh so and and also the fact that they are still going to take these recordings they're just going to go through and remove your child from them if you if you opt out um which is obviously not like an ideal solution mistakes can always be made to that effect and how would you how do you even know the university of washington is not doing this research anymore uh they
say given the early responses from parents we have terminated the study they're no longer seeking participation at any site so that's that's good once again just like with the flock stuff it's good to push back against these very invasive things that are happening in our communities in our society taking some responsibility um and making sure that i mean making sure that your children are protected their data making sure that this kind of stuff doesn't impact their futures in any way
that's all super important for parents to do so So, yeah, I, you know, in this case, it's a good outcome, but I would not be surprised if this exact sort of thing gets tried by research teams and by other companies around the country and around the world in the future. I mean, already there's so many products for education that kind of surveil what children are doing in the classroom on their computers.
You could look at like GoGuardian, which constantly records your screen so that that can be checked later. And this is just one step beyond that. But I wouldn't be surprised if this is the sort of thing that AI companies or other tech companies are itching to turn into a full product at some point.
Yeah. And I do think also the, I think it would definitely be a benefit if there was like, you know, in the U S there was a nationwide privacy law or something, you know, that was, I think it also is like the, the protection of like, I think some of these privacy laws are like, you know, we don't allow a collection of children. Like I think it's the CCPA or something. It doesn't allow collection of data on, on minors, but it's like, what about everyone else too?
Like, I think it's, Most people would probably be against this sort of thing, being recorded and then that information being sent to be trained. I think that's also another problem with these AI models is the training data. How do they delete it? Once this information gets put into an AI model, what if it contains personal information of somebody? Yeah. I mean, they said they don't delete it, so that answers that. Yeah. As far as we know, that's the case for every other AI model as well.
if there's information that gets scraped by these things or that gets fed into it like uh you know that's just a black box exactly exactly yeah i think that's kind of uh everything we wanted to share about that article.
¶ Site updates
We're going to get into a story about discord, rolling out some end to end encryption, which is cool. But before we dive into that, let's share some updates with what's going on within the community and our team. Jordan, why don't you start us off with some updates on the videos that's been happening? Yes. So I guess for anyone that's kind of missed it, we put out a video last week with Naomi Brockwell, and that was an interview that Nate did.
So basically we asked her some questions about, like we talked about earlier, the Surveillance Accountability Act that finally got public release. And if you haven't seen that already, definitely check it out. We also released this week.
We released a bonus section of that of that video where we asked her some less privacy related questions so if that's something you're interested in you can get access to that by becoming a member at privacyguides.org donate and yeah you can definitely check that out if you're interested in extra stuff we're trying to basically offer more stuff for our members and you know give you extra perks for supporting us because we do really appreciate it. So definitely check that out.
That is available on, oh, hold on a second. That is available on privacyguides.org slash videos. You can check that out there. You can see the bonus episode there and the standard episode that we released. So that's now live, the bonus section. It's only like ten minutes, but it's definitely some interesting stuff. If you're curious about Naomi's background or if you just want to hear some more of her personal thoughts, definitely check.
that out as you know some cool bonus stuff to check out um and if you haven't already seen the interview with her i would definitely recommend seeing that too um And I guess on my end this week, I've been working on a video that Nate put together. He recorded and edited the basics of that written up by him as well. And I've just been editing that this week. And I'm kind of hoping it's kind of a more complex video.
It's about passwords, kind of debunking some of the issues that we've had with information on the internet being a little bit outdated when it comes to these password-related topics. So definitely look out for that one. That'll be coming soon. It's more of a complicated edit. So I suspect it might take a little bit longer to edit because there's all sorts of stuff we need to explain visually in that video. But I think it'll also be pretty interesting.
Yeah, I don't really have anything more in terms of video content we're working on. What about you, John? Is there any extra site updates you can talk about this week? Yeah, there's a couple things going on. This week and last week, I've been working on kind of a redesign for the entire website. So that's currently accessible in a GitHub PR right now, if anyone is interested in taking a look. But a couple changes that we're making to all of that that I hope we'll be able to publish soon.
because I think it's time for a change. We've had the same website for quite a while, and I think there's improvements and things that we've learned that we can make it a bit easier to read and a bit easier to navigate for sure. So hopefully this helps out a bit. There's also a discussion going on on the forum right now that I opened a few hours ago, which is about a project that I want to work on, which is maintaining our own directory of Android app fingerprints for the app verifier app.
I don't know if anyone is familiar with that here or uses that on Graphene OS. You can get it from a Crescent. So I know that a lot of people who are concerned about the security of what they're installing or who are on Graphene OS use this.
And the way that the app works is you have to enter the fingerprint of the api of the apk signature that you get from an external trusted source so you can confirm whether it is um the correct thing that you're installing i think that we could pretty easily crowdsource a trusted list of this and i think that it would be a good benefit for the community and i think that we'd have enough people to maintain it well so that's a potential project that we're starting on it seems to
have support in the on the forum so far but if you have any thoughts on it i definitely want to get people's feedback on that thread so i would highlight that Otherwise, a lot of the usual stuff, as usual, privacyguides.org slash news. You can catch up on other news stories in privacy security that we've seen in the space that we don't talk about on the show because we are a bit limited here. We discuss these news stories a bit more than just read through them.
So we can't get through them all or we'd be here for like six hours every live stream. But... There's a lot of good stuff there as well, and it's a good place to stay up to date in addition to our forum. So that's kind of the main things that I'm aware of for this week. All of the stuff that we work on at Privacy Guides, of course, it's made possible by our supporters.
Like you said, if you go to privacyguides.org slash donate, you can send us a one-time donation, or you can sign up for... a monthly membership, which would include access to early access videos and the bonus questions and interviews and other exclusive videos like the ones Jordan just talked about.
This is the only bonus questions video that we've done for interviews so far, but it's something that we hope to continue doing for for future interviews that we do we have and we have a couple lined up and i think getting people's personal perspectives on different things in the in this space is is cool and useful uh another way to support us is by picking up some swag at shop.privacyguides.org i have a water bottle says privacy guys on it i like this water bottle a lot uh there's some more
Maybe boring merch like this one that just says privacy, guys. But we have some good designs there as well if people are more interested in the activism side of things. I think we have some good stuff that you might be interested in. So you can consider checking it out. As always, I'll remind you that Privacy Guides is a nonprofit project.
We research, we share privacy-related information, and we facilitate communities on our forum and matrix where people can talk about this stuff, ask questions, get advice about staying private online and preserving your digital rights. So that's my spiel with all of that out of the way. Jordan, why don't you take us away with our next story here? Or is it my turn? Wait, who just did that one? I think it's your turn if you want to take this next story about Discord. I will do this.
If my computer works, why can't I like this?
¶ Discord rolls out end-to-end encryption on voice, video calls
Sorry. This is from Bleeping Computer. Discord rolls out end-to-end encryption on voice and video calls, which is very cool. Discord has announced that all voice and video calls through the communication platform are now protected by default, which is important, with end-to-end encryption. The implementation was completed in March.
Extensive at-scale testing has given Discord the confidence to formally implement announce the end-to-end encrypted deployment now and to start removing client code that supports unencrypted fallback. There's some technical details here. The migration to end-to-end encryption was achieved by extending the open source encryption protocol, Dave, to support all of the platforms where Discord clients run, desktop, mobile, web browsers, PlayStation, Xbox, and Discord APKs.
I think that is very cool of them to work on stuff that's open source and stuff that could potentially be adopted by other video chat providers because Discord clearly has the resources to build something that works and works well and works at scale that smaller projects and smaller companies probably wouldn't be able to do or wouldn't be able to do very well. So... Yeah, contributing to open source is always good.
This Bleeping Computer article says that this protocol called Dave was first introduced in September of twenty twenty four, and it was developed in with assistance in auditing from Trail of Bits, which is a pretty reputable security auditing firm when it when it comes to encryption and all of that stuff. So Hopefully, it is all done well. And I think that this is a big upgrade for Discord.
I believe Discord has already added end-to-end encryption for, no, I don't think they have it for text messages yet, unless their DMs do. I'd have to look this up quick, unless anyone knows in the chat. But at least for voice, it's something... I know that Discord is mainly a chat app, but I know that video calls and voice calls are very extensively used by Discord users as well. So this is not like a super insignificant change.
There's some platforms that rarely, if ever, get video calls used on them. But this is not one of them. It's very common. So having this available by default, at least on videos, is... It's great for everyone, I think. And as usual, end-to-end encryption, I think, not only benefits users, but it also benefits these companies. They don't need all of this data. And kind of distancing themselves from potentially that liability is also good for businesses.
So it kind of works out for everyone on both ends to support encryption as much as possible, which is why more companies should work on implementing it. Did you see any interesting stuff in this article, Jordan? No, I think you covered the main stuff. I do want to add, though, you did hint that possibly Discord might have encrypted DMs or anything like that. At this stage, that's not something that they've said that they're going to do.
I think they've said in a couple of times on Twitter know when they've been pressured on this and people have asked them in questions like why why aren't dms encrypted like you know it kind of makes sense this should be something that you do um confusingly worded because it said that the encryption layer covers dms but then i realized they probably just spent video calls in dms i don't know if i would call those DMs them because it's not a message. But whatever, whatever, bleepy computer.
We got there eventually. I did want to highlight one thing in this article that I didn't mention, which is that they had issues with this encryption layer in Firefox, with their web client in Firefox. And instead of just doing what I think a lot of companies, especially Google, of course, because they're biased. But what a lot of companies would probably do and just block Firefox and say, you got to use got to use chromium to do this.
Discord actually worked with Mozilla to solve those problems and get it working. So that's another cool thing that they're doing. Would I recommend Discord overall? Probably not, especially without encrypted messages. But a lot of people use it anyways. A lot of even open source projects use it anyways. So if you're in certain open source spaces even, it is sort of unavoidable, unfortunately. So yeah, I think it's good overall.
It's always good even with these less privacy-respecting products to... move in the direction of them being more privacy respecting because not only does it benefit the users but it kind of normalizes this stuff it makes more people expect end-to-end encryption because they'll be like well discord has this and this other app doesn't so that's a selling point for discord and people will need to add end-to-end encryption if they want to compete and i think that that is a
good thing you should always all of these products should always be competing on security features because that's how we all that's how we all benefit Yeah, and I also think, you know, we're seeing companies now that are, like, pulling out of encryption. Like, we saw Instagram DMs are, like, they're discontinuing encryption on that for some reason. Like, what? What is going on there?
Like, we need to, when companies start, you know, saying that this is too hard, this is, like, causing too much friction or, like, you know, it wasn't making sense. Yeah. There's plenty of platforms that do it. Signal is everything. Every single thing through Signal is encrypted and it works perfectly fine. So, you know, I think this excuse or like, you know, thing is like kind of a little bit ridiculous, I think.
I feel like discord was almost filling a role like similar to zoom for some people. Like they were doing like company meetings on discord. Like people, people use it for a lot of stuff. Um, so it kind of makes sense why they finally pushed to have this enabled on every chat. Um, But I think it's a good start. But I think stuff like if we had, it's obviously not a good service from a privacy perspective. It all runs on Google Cloud infrastructure. Its business model is questionable, I would say.
Having Nitro and having a shop and all these things, I think it's a better business model than WhatsApp, let's say. it's still a little bit sus and I think they're they're kind of uh vying to be purchased and I think when that does happen they're gonna become a lot less privacy uh and a lot less freedom oriented. Like, you know, they're not going to care about supporting Firefox. They're not going to spend the development time to do that once they get purchased, which I think is going to happen.
I think they're going to get bought by someone. It's just, they're so big at this point that I think, you know, it's their value is probably ridiculously large at this point, because if you think of any online communities, they've got a discord server. So it's kind of become very ubiquitous, especially when it comes to gaming stuff. Yeah, that's the problem with this VC-funded stuff.
You either have to make way more money than Discord is probably making, or you've got to be acquired by a company that is doing that. So yeah, Discord has stuck around this long, but who knows in the future.
It is very easy to see why... people have switched to discord, the UI, the user, the interface and the experience is for some reason remains very unique i don't know why more people are not just doing what discord is discord pretty much just did what slack does except slack is absurdly expensive and annoying to use and discord is not um and there's been really no development in other spaces since which is is unfortunate i've always thought that matrix and element clearly need to just
copy discord set up uh these like having roles and having colored usernames and having all of your communities in one sidebar and having easily sorted rooms and having all of this stuff like that is extremely useful for communities and Matrix and Element, as well as pretty much all other chat platforms, just refuse to do the same thing. Like, if you see something that's good, you could just copy it. I would be fine with that. But they don't. Somebody in the chat said, check out Fluxer.
It's an AGPL complete Discord clone. I did look at Fluxer a while ago, and it seems very cool. It actually does seem like the most promising potential replacement. I got to look at it again because I haven't looked recently. It... I'm really hoping we can find an alternative that supports Federation. There's that other Discord alternative that I think it's called Revolt. I can't remember the name. They like rebranded or something. So it's confusing in my mind.
But they are like an open source thing, but they have a worse experience in my opinion. And also it's just one centralized service. And I think we're in a bad place if we're swapping out one centralized service for another, even if it is open source. especially if it's not encrypted because it is just putting all of your eggs in one basket, basically. But Fluxer does have Federation on their roadmap, so I'm very hopeful that they can do it and get it done.
We have seen other projects and other even chat projects say that they're going to do Federation and then they never get around to it because unfortunately it is a it is a challenging problem to solve. But I don't think you have to do federation in the way that Matrix does it, which is extremely inefficient and weird because all of the servers in a federation basically have to sync data with each other and they all have to store all of that information.
I think a system... more like Mastodon where there are like centralized servers, but you can access all of them in the same UI would be very beneficial for people. So like, for example, we could host a privacy guides Fluxer server. But then if you go to the main Fluxer app, you could still access it and also other Fluxer servers that you see. So that is something I hope happens. Or if it doesn't happen with Fluxer, I hope some other app does it.
I'm just really hoping I just really hoping someone does it.
It's probably one of the top things that I would hope to see because right now I've kind of got all of these chats going in signal which is okay but it's clearly not the same level of organization as something like discord and not everyone is willing to join public signal groups because signal shares a lot of information you can direct message anyone in there you can't really block that uh so Yeah, at least you don't have to share your phone number anymore.
So Signal has improved in that regard, but it's not at all even close to replacing Discord for a lot of people, unfortunately. So there's got to be another app. And hopefully it happens sooner rather than later, but I guess we'll see. Yeah, I think also Discord is kind of, it's become like sort of a centralized place where a lot of communities are now.
And I feel like getting people to move is going to be a challenge unless something else comes along that is like superior to Discord in every possible way. You know, I think if they are like this Fluxer project, I haven't heard of this before today, but, you know, if they are able to, create something that does allow like federation and stuff like that.
Like, I think that's going to be, that's going to solve one of the, the biggest issues that the discord has, which is everything is just centralized on discord, which is, I would argue is a little bit of a problem because, you know, it gives them kind of a lot of control over the communities that are there. Um, whereas, you know, like what we've done is, you know, Jonah's set up like a forum for everybody to discuss stuff on and that's all like public.
You don't need to provide like personal information and stuff. I think we should go back to, should go back to forums and stop putting everything on like discord service. Cause yeah, I'm kind of over that method of putting information out there. It's not very easy to search. I don't know. But maybe I'm becoming too old, and that is too cool. That's just the cool new thing. No, searchable information is always good. And I think the messaging space is ripe for a Discord replacement.
Because, I mean, I agree it's going to be very challenging to get a lot of people to switch, especially right away. But I think the moment Fluxer implements Federation, for example, or maybe... another federated app comes out for messaging that lets you run a centralized service so you can control the user experience. I think a lot of open source projects especially will switch to that.
There are still a good amount of communities on Matrix and we saw a lot of them switch when Matrix first came out and got good because it was better than IRC for a lot of people. But I think the user experience of Matrix at the end of the day, even now, it's not up to par. It's not as fast. It's not as nice as something like Discord.
And I think... open source projects had this problem where they want to have chat rooms on matrix but some people would be joining with matrix.org which is a terrible server to be using or would be joining with some other bad servers or would be you know they can't control the experience of the end users so a lot of these uh a lot of these open source projects end up opening the their own servers to registration so they can at least guarantee something but then that's a huge
undertaking to to like run a mozilla.org server for to just to the public to a ton of people like that requires a lot of space and processing power so matrix a very a very hard solution i think for projects to stick with but something more lightweight and not focused on like full decentralization but more focused on just letting people self-host their own communities i think uh i think that that will convince a lot of open source projects to switch i i'm pretty certain of it and i think that
if that happens that's that's typically how we see change especially online because that that once all the technical people switch i think that pulls in other people it'll pull in the gaming space next because they're that's pretty tech adjacent a lot of those people are also very techy and then that'll pull in even more mainstreams i think that's the sort of way that these projects become mainstream but they have to be usable they have to be usable by a lot of people and have
a good experience as well as adoption uh so haven't seen a messenger that does all of that yet but Maybe this will be it. Or maybe another one will be it. I don't know. But hopefully, again, hopefully something soon. Yeah, and I think the most, like the most important part, though, is like, I feel like it needs to be, we keep making this mistake, like Skype, I remember everyone used to be on Skype, and then everyone moved to Discord, or like everyone was on TeamSpeak, and they moved to Discord.
And it's like, can we move to, like, an open platform? Can we move to something that's not, like, controlled by the whims of, like, a couple of people that own this company? Like, I think that's kind of the thing I'm seeing here. Like, Discord, I remember back in, like, I joined it when it, like, first came out in, like, and, you know, it was a really cool alternative. It was, like, way better than everything else.
But, like, I feel like we've gotten to the point now where it's, like, we have the ability to, to make something better. Like I feel like it wouldn't be that hard for someone to make something that is better because there's so many teething issues now with it. Like people are complaining like about decisions that have been made by the development team. Like, Oh, why is it moving to like, why are you moving every platform to like a non-native experience?
Like why are you, why are you making the app like really laggy on my phone?
Like it's, it's it's decisions that like this this top-down system is kind of making right like I feel like if it was a decentralized open source uh sort of thing it would be maybe that is an option that you can switch your clients to but there's also another option you know like there could be something a bit you know avoid these issues that we keep having but again like you know matrix also has showed us that that doesn't always work that well.
Um, because I think a lot of the, a lot of the development around matrix is done by a single company. It's not really done by a community of people as much as we would like. Um, like, you know, matrix.org foundation is like quite strong behind the development of, of it as a project, um, which kind of makes sense, but, it does mean they can make decisions that affect everything else. Like I remember it's like all the spaces stuff.
And then we had before spaces, it was like everything was in, I don't know. I'm not honestly that much of a matrix user. I'm just on there because there's channels that I have to be in. But there's definitely issues with that aspect as well. But I feel like the issues are a little bit more forgivable at least. Yeah, totally agree. A couple messages in the chat here. Ion Sailor said, Stout, thank you. Not Revolt. Revolt was the original name.
I didn't much like it at the time, but I think Stout is much worse. No offense to the Stout people. Harder to remember. Yeah, I'm not a fan of Stout, unfortunately. I would have loved for it to be cool, but I know they've rejected Federation and they're just kind of building their own thing.
do i want to see something more able to be self-hosted but also um i just don't like it as much as discord in the first place so kind of loses on on both fronts um hello asked why is matrix.org terrible or do you just mean the ui um no i was talking about the matrix.org home server is just very, very slow to federate and causes a lot of problems. And it's a very, it's a centralizing force. Mastodon sort of has this issue with Mastodon.social too.
Most people just join that by default, but Mastodon puts in more of an effort to guide people to other servers, whereas Matrix doesn't really, which is very annoying because their main server is, can very often be slow to sync with other servers. So it makes, you know, there's a bad experience when you're interacting with anyone else on matrix, who's not on matrix.org, um, it, you just receive message slower.
You can miss messages and other people can, can receive message messages slower from you. Uh, the size of their server causes problems in rooms because it's the majority of the room. And so if it decides to break something, things can randomly break.
And it's so centralized that when matrix.org goes down, which it, done in the past and will in the future it basically turns most of matrix into a ghost town because there's only like ten people in each room who are on a separate server in a lot of cases or or even less in smaller rooms so yeah it's definitely a putting all your eggs in one basket case and it's not even a very performant basket unfortunately so Whenever anyone complains about Matrix, the first thing I tell them is to
switch from Matrix.org to literally anything else. And they always come back and say, wow, this is much better to use Matrix after I switched. Wow. Yeah. I mean, I don't know. I'm not on Matrix.org and my experience has been fine. I mean, I think it's definitely helped with the Element X sliding sync stuff. Like it is a little bit nicer that it doesn't like kind of lock up the entire experience when it's sinking.
Um, I think that's kind of like the worst part of it, um, with like the original element clients. Um, but. Yeah. I think it's also the issue that I see with matrix is I've looked into this. I've been like, Oh, I wonder how, how hard it would be to run like a matrix.org home server. Like surely that's not like, um, matrix home server. Like surely that's not that hard. And then I look into it and it's like, Oh, you know, you need quite a bit of Ram. You need quite a lot of disk space.
You know, it, it makes it a lot more inaccessible. I think when you start requiring all these, uh, extra things and, like, quite high hardware requirements. It's going to end up costing a lot of money if you're doing that on a VPS. Or, you know, it's going to require a lot of decent hardware to at least have, like... I feel like you need to have decent hardware for the performance to just be okay. And SSDs and all that. So, I don't know. Yeah. This is the problem I have with Matrix.
That I alluded to earlier with everything needing to sync with each other. It's just, like... Not only is it challenging for a project like Mozilla or a project like Privacy Guides to self-host everything so we can control our rooms and our own accounts and stuff, but also just to use Matrix. You can't spin up your own instance super easily. And when you do, you have to get all of that data.
matrix like it makes sense for very specific use cases where you would want to actually have all of that data it's certainly good for decentralization but it's not it's not what most open source projects or what most projects in general need and it doesn't really make a lot of sense for the huge groups uh who are trying to use it um so like At Privacy Guides, for example, we host our own forum, as you mentioned, at discuss.privacyguides.net, and that runs on Discourse,
which is a great forum software, and that's something that we can just host ourselves. You don't have to host anything to use it. No, you can't access other Discourse forums to it or anything. It's just a normal website, but it's an experience that we can control, and it's easy for people to use, and if you get, like, the discourse mobile app, you can add multiple discourse forms to it to get notifications and stuff from from all of them that you're a part of.
I know the discourse is commonly confused with Discord, but it's separate. And Discourse is very commonly used in the open source space as well. So many Linux distros, Fedora, Ubuntu, so many open source projects all use Discourse. So you'll probably, you'd recognize it if you saw it because a lot of these sites look the same. But it's nice to have a system like that.
And that's why I think if there is a federated version that's more like The open source project can kind of control it, but it's all separate. I think that that would see a lot of adoption because a lot of open source projects are already doing that when it is an option here. But there's just not really a product that's good for instant messaging right now.
¶ Poland urges officials to ditch Signal for state-run messaging apps
Yeah, definitely. I guess we can kind of move on to the next story here, and that is about Poland urging officials to ditch Signal for state-run messaging apps. This is a story from Cyber Insider.
Basically, Poland's government is urging public sector organizations to reduce their reliance on Signal for official communications and instead adopt domestically controlled encrypted messaging systems for following a surge in phishing attacks targeting politicians, government, personnel, and military staff.
And basically, instead of, you know, whatever Signal or any of these other encrypted apps that we suggest, they are pushing people to use I'm not going to even try pronouncing that, but this app that they're suggesting, I don't know how to say that. I guess it's in Polish, which definitely makes sense. But yeah, there's two apps there, MSZYFR, I don't know how that's meant to be said, and SKR-Z. Okay. I did see someone also mention that this first one here is actually a Matrix client.
So that definitely tracks considering Matrix's involvement with governments and militaries and police forces. I think that definitely makes sense. So if we just dive into this here, yep. So according to the advisory, both systems operate entirely under Polish jurisdiction with their infrastructure hosted in Poland and administered in accordance with national cybersecurity standards. The move mirrors a broader European trend towards digital sovereignty in government communications.
Earlier this month, Germany's Bundestag similarly encouraged lawmakers to transition to away from signal and use wire messaging platform after phishing attacks targeted politicians.
So I think this is a little bit, I can understand why these countries are saying that they would rather use something that exists in their own country, like for, you know, sovereignty reasons and, you know, not trusting software from other countries, but But I think the issue that comes with this whole practice is you start recommending people use less secure options. You actually reduce security when you do this because you're telling people not to use the most secure apps.
If they're saying not to use Signal or they're saying not to use SimpleX or they're saying not to use any of these other recommended messages that we suggest, you're pushing people to these apps, which I would argue probably don't offer the same guarantees of privacy. Although they're in a foreign jurisdiction, but I don't think that really matters when it comes down to the encryption guarantees because Signal, they can't access the message content. So I think it's it's a little bit silly.
In my opinion, I don't think there's any evidence that these apps are compromised. And I think the phishing attacks are also something that needs better education. Like we just need to basically make sure that these public sector organizations are telling people, you know, like Signal is never going to text you and ask you to scan a QR code. Like these, these, these organizations need to, to give better advice and better cybersecurity hygiene.
Like they should be telling people, you know, don't do this sort of stuff because, I don't think switching to these national messengers is going to increase security. I feel like it's going to decrease security. But that's kind of my initial thoughts. Do you have anything you wanted to add on that? I feel like I would imagine all of these systems, even though they're built on Matrix in this case, Germany switching to wire, of course. I'll talk about that in a sec too.
I would imagine even though it's Matrix, they probably don't federate at all or they... I've seen some governments set up like a Matrix server per agency and stuff like that, but then they only federate with each other and not the wider area.
So that's probably a way that they want to have phishing protection since there's no way to kind of block phishing attacks on signal um but at the same time yeah that education is still important and you're still going to have phishing attacks occur through other means even if your matrix system is totally walled off so like just ignoring that as a problem and not You know, it can go both ways.
I don't think it's ever a great solution when the answer is like, you just got to educate your users because if there's one thing that has proven to not be very effective is just telling people to do something. But at the same time, you know, tech literacy is important. And again, all of these social engineering attacks, they can take so many so many routes to get to people.
I don't know how much of a benefit switching just this one service over is going to have As far as wire, I didn't actually know that the holding company for wire moved to Germany because I remember in twenty nineteen, it was a whole thing where they moved to the US and then it was like, well, is this under US jurisdiction anyways? I just looked this up now because I wanted to look up like, is that still the case? Why would Germany be there still sticking with a US company?
But I guess they're not American anymore. so it makes a bit more sense um unfortunately wire has kind of gone downhill for consumers here so it's not like something we focus on just because they are really focused on the business side of things now so whatever but yeah it's it's interesting that they're all switching i don't I'm of two minds about it, because I feel like it's important. It's not only is it important to like own all of your data and self host your own stuff.
And that goes not only for people personally, but also for organizations and governments. And also, I think not being reliant on the US is important for the for the rest of the world. But I don't know how much better these solutions are going to be for them, especially in light of... known to be secure solutions like Signal.
It's one thing to switch from Microsoft Windows and from Google Drive to European solutions or Linux distros or something like LibreOffice or OnlyOffice or NextCloud or whatever. That sort of stuff makes sense.
But when you abandon tools that are... provably secure like signal or like the tour network or etc that that's where it makes a bit less sense to me to just like blindly shy away from american companies so it can go either way i don't think this is like a a terrible idea for for poland to be doing but matrix security not up to Signal's quality by any means. There's a reason that Signal is kind of the standard in that space.
So yeah, maybe it's going a bit too far, or maybe it's good for the EU to be more self-reliant. I don't know. You all can let me know what you think about it, but yeah, I kind of mixed up the whole thing. I do think, you know, I don't know. I feel like I sort of take like a somewhat pragmatic approach. Like if something is in the US, but it offers a much more secure experience and a much more usable experience, I'm okay with using that, right?
Like I think if, you know, if ProtonMail, for instance, was in the US, I think it would still be like, verifiably, like, it would still have good security, right? Like, I don't think that would. That'd be a little email specifically could be a little tricky. I was just gonna bring this up. I think people are a bit like, overly paranoid about data entering and leaving the US. In reality, especially for an app like Signal.
or like the Tor network, for example, there aren't really a lot of laws on the books that could compel them to like turn over a lot of information right now.
And that can always change, but like, We've talked about European countries with very invasive policies in the past and when we've seen a lot of pushes to get rid of end-to-end encryption in messaging apps and in other apps, a lot of those pushes are more from Europe than in the US because I think Europe is a bit overly focused on businesses exploiting your data, which is a good thing to be concerned about.
But I really don't think in the EU and in other European countries, enough focus is being turned on to stopping the government from abusing your data. We see a lot of privacy laws in the EU that are very good and very robust, and they reign in tech companies, both in the EU, but also American tech companies, which is always a good thing.
But those privacy laws very often do not apply to the government getting your data or the government collecting it, or they have specific carve outs for government agencies. And so When you're talking about regular people, I mean, obviously, this is an app for the government, so it doesn't really matter in this case. But when you're talking about people switching to European services, it is concerning.
Going back to Proton, though, while I think the way that they secure messages is good, and I don't think that there's really... necessarily a mechanism in the US that they could be compelled to decrypt someone's messages, for example, or build a backdoor into their web encryption.
Wiretapping, the whole wiretapping situation in the US is not great, and I can certainly imagine an issue where they are forced to collect unencrypted emails coming in, and since that's most emails, that would be a concern for me. So There's probably some more protections against that in Proton's current jurisdiction, but it's not a cut-and-dry thing is the main thing I would say.
I think I just see a lot of Europeans very overly... putting their faith into things like the GDPR, which does have very good protections, but it's not completely comprehensive against anybody who might want your data. In my opinion, that bill is primarily made to rein in American companies more than anything else, which has been a European goal for a while, which again, probably makes sense for them, but it's not going to save you from all potential privacy threats.
yeah as someone who's not in either europe or america uh i guess i'm definitely less have no skin in the game, I guess. So I think, yeah, I don't know. I, I don't really care that much about like the jurisdiction, I would say. I would prefer if it wasn't in Australia though, because we have like really awful surveillance laws. So anything that isn't in Australia is like a better, in my opinion, just because, yeah, we don't really, it's kind of a problem with our country. I don't know.
Our politicians are, not great at, they just rush through surveillance stuff. And there's a comment here from Cannabida. They're switching to a communicator built in-house. Also, it's not available to the public, only government officials. I guess that is interesting. I kind of assumed that they were doing that, but I think it is one of the ones that they mentioned is based on Matrix, I think. But, yeah, it is still like an in-house communicator.
system i think um which i guess can prevent a little bit of the phishing aspect but like i still think you know phishing is kind of a large attack surface especially if you're a public sector even a public figure like i feel like the risk of phishing is a lot more likely if you're a public figure um and phishing attacks can can include lots of different things like you know installing malware on your device like it doesn't matter where the app is is is installed from or where the app is um
is developed. I think that's not really protecting against the phishing attacks. Um, you know, installing malware on devices, getting people to click on links. Uh, I don't really see how that is relevant to the location of the app being in your current jurisdiction. Whereas not, um, I'm not sure that's the greatest reason to want to do that. I can certainly see from like a sovereignty aspect. Like I think I would probably, I don't know.
I think when it comes to public citizens data, I don't think it should be shared with some American tech corporation. That's obviously not where that data should be going. But if it's communications with public sector stuff, I guess there could be national security concerns with sending that data. But again, if it's encrypted, I don't see how that's really that relevant. Speaking of national security, I just wanted to fact check this message quick. This is why they're recommending two.
The first one is indeed built on Matrix, and the second one is totally isolated, and that's for... handling restricted information and that is the the home the homemade one i don't know if they're saying because this the the second messenger that we mentioned is an isolated classified communications network i don't know if that implies the first one is going to be more open to federation or not but um yeah it does seem a little confusing that they need to have two different messengers
instead of having one good one but i guess maybe it's nice for governments to segment classified information into its own thing easier to keep track of so probably makes sense I don't know I'm not a government data manager so however they decide to handle all their classified information is probably good but it does seem a little inefficient yeah and I'm not really sure if you know I know Poland I feel like Poland is like one of the smaller countries in Europe but I might be wrong
on that I feel like trusting data to like you know a tiny group of developers from Poland who may or may not have the world-class expertise of cryptography that signal has is probably not the greatest idea but you know maybe they are maybe they do maybe there are just so many cryptographers in Poland that I I'm not sure but um I don't know how Poland compares uh like in terms of population I know it's it's it's quite a big country like on a on a map geographically but I don't know how
many I don't know if it's If I'm looking at a map quick, it is top ten. I will say, just in the defense of some smaller countries, there are a lot of surprisingly good open source projects and internet-related projects if you get into the networking DNS space coming out of the Czech Republic. There are some experts in these countries, but also... It does seem strange to me. I mean, I guess it makes sense. But does every single EU government need to have their own homemade system?
I don't know if that's the case. Maybe they could pool some resources. And I guess they sort of are with Matrix. But yeah, it's still a whole situation of standing up throughout stuff that probably... not the most necessary. Someone in the chat said the EU could really do with the First Amendment. I think a lot of like, I think it, I mean, I don't really hand things too much to the US, but I feel like that is pretty much the gold standard when it comes to like, freedom of speech, I guess.
I feel like not many other countries have such a robust protections. Because Yeah, I mean, a lot of countries really, really don't. I think it's taken for granted in the in the US. And I think a lot of people just assume because it's I mean, it is a human right. You should just have it. And I think a lot of people in Western countries like assume they just have this right. And they assume it up until the point where they find out they don't.
And I know there's a lot of complaints coming out of like the UK, for example, about them like really cracking down and policing social media stuff uh super super strictly um and that's the sort of scary thing that's happening in society lately um you know the us is not obviously not perfect by any means and certainly hasn't been great lately but it's good to have these legal protections on the books even if they can get abused um by the government we were just talking about fourth amendment
rights issues earlier so it's not a perfect system by any means but it at least gives you potentially some some recourse and it does usually eventually end up happening where um like your rights eventually get defended in court and precedence is set and like this stops being an issue whereas like there's there's no reason for that to happen in countries without like a codified bill of rights in their constitution because all of these violations unlike in the u.s they they're just legal um
At least if they're illegal in the US and the US abuses it, there's potentially something that will be done. I don't really see a way out for people in the UK, for example, unless they get the law changed and get that right established. So it's just an extra uphill battle that needs to happen in countries that don't have this codified into law. Yeah, I can't believe the founding fathers didn't think of data brokers like collecting all your information. I know. That's, like, unfortunate.
They really did not predict any of the problems today. I don't know what they were doing. They should have got that crystal ball out. Yeah, I mean, I don't know.
I definitely agree, like, there's people that maybe would deny that, but, like, it is pretty much, like, it is definitely a pinnacle of... yeah, there's definitely like stuff that goes on in Australia and in Europe where, you know, people think that they've, they can say anything and not face repercussions or not say anything, you know, within reason, obviously, but it's definitely, it's definitely a benefit of that jurisdiction.
But yeah, I think we've kind of, do you have anything more to add to this story or should we move into some forum updates?
¶ Forum updates
I don't think so. I think we could move on. All right. So I guess moving into forum updates here in a minute, we'll start taking viewer questions. So if you've been holding on to any questions about any of the stories we've talked about so far, go ahead and start leaving them on our forum thread or in the comments section on the live stream. For now, let's check in on our community forum. And as always, there's a lot of activity going on there.
But this week, the forum, we wanted to talk about this thread that was kind of popular this week. And it's about Bitwarden scrubbing always free and inclusion values from its website as its longtime executives stepped down. Yeah, I just posted this article from Fast Company to the forum almost a week ago because someone sent it to me on Mastodon. It's proven to be a little controversial on the forum.
They've rolled back some of these changes, so it is a bit more clear on their website that the free version, they have the always free text back. But I mainly shared it because I think it's another example of David Price- bit warden doing some sketchy things post receiving a huge amount of vc funding. David Price- There was there was another issue related to the source code and their open source licensing that they eventually rolled back and they were like oh oh it's a mistake and they.
David Price- pretty much said the same thing about this issue, they said it was a it's an oversight and they and they made it better, but I don't think we need to be.
policing companies this much and pointing out these mistakes, I think it just shows that the culture at Bitwarden has changed a bit because I can't imagine this happening in its previous state where it was just a fully open source kind of community project and not trying to turn into this huge corporate juggernaut in the password manager space. So I think it's just an unfortunate direction for Bitwarden. And that was mainly the main thing that I wanted to point out.
It's just another step in that bad direction that we predicted quite a while ago.
When we talked about this first happening and them taking VC money, we predicted that this sort of thing would happen and that changes would be made to bitwarden eventually and there would be more of a business focus um i think we we just talked about wire messenger i think that's a good example i don't know if that was caused by vc or private equity but that sort of shift from like the personal consumer side of things to a b to b product never really helps consumers and Yeah,
I think that regular consumers of Bitwarden are going to be kind of left in the dust. The nice thing about Bitwarden being open source, of course, is that if that ever happens and if it becomes really serious with Bitwarden, I'm very confident that some community of open source developers will fork it and kind of pick up the torch wherever Bitwarden decides to leave off because so many people use Bitwarden, especially in the open source and tech space.
And there already are open source implementations of some some functionality of Bitwarden. So like there's Vault Warden, for example, which lets you self-host the entire server backend, which is actually probably a large chunk of the work that would be required to create a fully open source fork. All you would need to do is fork the Bitwarden client, basically, and maintain it going forward in the future. But everything Everything should be fine as far as Bitwarden and its longevity.
You might just have to stop using Bitwarden itself at some point and switch to maybe a client Vault Gordon makes or some other open source project, which will be annoying for people, but that might just be how it is because that's the direction that I really see Bitwarden going in, unfortunately. Jordan, you're muted.
I feel like password managers are kind of extremely irritating if they go down or if like there's an issue where you have to switch because I think they contain like so much information and especially, I don't know, this may not be the case for everyone, but, you know, I've got family members, I've got like friends who are using this and, you know, if they were to say, you know, remove the free plan, I think a lot of people would be like, I don't know. I don't really want to pay for this.
And because that's just the society we live in at this point, like people don't want to pay however much per month for software that they use, which is kind of being normalized by, you know, everything being driven by advertising. And when there's a company like Bitwarden who has this really good product, I think it's going to be more likely that it's going to move in a direction where they want to make more money with it.
And if they have a bunch of freeloaders, I guess in quotes, they're not saying that not paying is not good, but some people can't afford it. But I think there is definitely probably a lot of people using Bitwarden for free and not paying, and they could convert those users into paying users. I kind of remember... I don't know if I'm remembering correctly, but I think this was a similar issue with One Password.
I think they originally were doing a one-time purchase model, and you could use a local vault. And they kind of switched their entire business model to be a subscription company. away from, you know, buy it once. I think people are much more likely to be fine with buying it once and then having it forever than paying for another subscription because everything is a subscription. How, like, people are kind of sick of it.
Well, just look at Plex. Did we talk about that last week or did I just talk about it online? Because Plex is raising their lifetime price to seven hundred fifty dollars, which is insane because they obviously want people to sign up for their I think it's sixty or seventy dollar a year. So like yearly subscription, right? They just really want to. build that recurring revenue. And I think that all of these problems that people have with Plex developed because of VC funding in that case as well.
And it's the same case for OnePassword. They really focused on the business side of things. And of course, open source alternatives do arise. A lot of people switch to Jellyfin. A lot of people... don't because jellyfin isn't as good yet, unfortunately. But yeah, to play devil's advocate a bit.
There are some companies that kind of use the business to business model to kind of subsidize a different consumer plan which is good i says i'm pretty sure that's what bitwarden is doing currently i think i've read somewhere that they just don't make money on the consumer side of things but they keep it around but they get all their funding from businesses which which makes sense um one password is in the same boat you could definitely say that about something like
matrix an element because they certainly are getting most of their money from big businesses that are signing up for chat or all of these government agencies that are now adopting it i can't imagine they make like barely any money from matrix.org itself we just we just benefit from it we talked about Cape, the cell phone carrier last week, they recently launched a consumer plan that there's no way they're making money on, but they probably make enough from business contracts and government
contracts. The list goes on. The problem we see with that is a lot of the times that only holds true under the current leadership. And it's inevitable that leadership of a company will change. And it almost never changes to people who maintain that. Maybe Bitwarden is dedicated to keeping this up, but that dedication is only going to last as long as the people in charge want it to.
And when they get replaced, which also could happen more easily because of their VC funding, those VC funds might kick them out if they don't like them enough. Who knows how much shareholder voting power they have. It's probably a significant amount. Things can take a turn at any time once you switch to this model instead of going all in on the consumer side. So yeah, I remain concerned.
It's possible, though, that with all of those companies I mentioned, it might not be a concern for us for a good long while. But you just never know. That's the big problem.
yeah i think also i don't know i've kind of almost become very hesitant of companies that take vc funding now because of this cycle it just keeps happening over and over again like i just should i move my data to this company that's may not exist or be sold on to someone someone else or may completely change its values based on, you know, investors in the company wanting changes.
I think, yeah, it is definitely a concern, but I think at least in the password manager space, we have so many good options. Like if you don't like Bitwarden proton pass, if you don't like proton pass, there's key pass. If you don't like, I know we recommend CYONO as well. That's like a German one, I think. So, you know, there's lots of, there's lots of, options, I think.
And I think, you know, if you don't like this direction, if you're starting to feel like this is going in a direction that you don't want to be part of, I think it might be, this might be a sign a sign of the times that the, that this might need to basically, you might need to start switching things up or at least be ready to switch if something worse does happen. But I mean, I feel like the main business model of password managers is to protect your information.
So I feel like if they're not protecting your information well enough, or if they're making security compromises, then that's kind of compromising the product. And I think that's at least the security aspect is safe. I think that you could say the same about one password. I think it's, it is got a lot of VC funding, but at least the security aspect seems like something that they would never compromise on. So I don't know.
It's just an unfortunate situation that a lot of these Some of these projects at least are VC funded and there are risks with that. But at least right now there is no active concern, I think, with this direction. I think it's definitely a caution. I'm proceeding with caution.
But I think if we see more changes happening, that affect the product we might have to um you know re-look into the into the product but right now it seems like they're they're Their direction is to continue being a secure password manager. That's their main focus, at least. Yeah, just got to keep an eye on it. There's another password manager that I've seen around called Passbolt, too.
I need to look into them again because I know... I don't remember the reason we didn't want to list them at the time, but they seem to be doing something unique.
Anyways, I say that just to say, if anyone has used Passport and wants to let me know more about it, can share in the chat or definitely post it on on the forum because i would love to take another look at it that is more team focused but it seems like you could easily just use it as a personal or like a family password manager so and it's in its open source and stuff again i haven't i haven't looked into it but they've been around a while and i definitely want to so Yeah, I like companies.
I'm mainly interested in them because they make it very easy to self-host and they make it their prominent thing. I think they have a cloud service, but it's always a good sign, I think, when they make the option pretty easy. Self-hosting Bitwarden, somewhat challenging. Exactly why Vaultwarden exists, because the official stuff is hard. So, yeah.
¶ Q&A
Fair enough. I guess here we've kind of, this discussion has kind of covered everything we need here. I guess we could kind of move into taking some questions. I'm not seeing any in the chat or... Yeah, if you have any questions, this is a good time to share. I'm sure I'm in the chat. I did see a comment if I scroll up here somewhere. It wasn't... It wasn't a question. Oh, yeah, there it is from Hello.
I just wanted to thank you for the feedback on the form, especially because I was literally last week thinking about changing it to maybe that category view because the latest section can get a bit overwhelming, but also I do like it as well. So this is good feedback to know because I've definitely seen that on other forms and feel kind of mixed about it. I always do that view when I'm on the forum, so that is definitely a good change. The categories here or the latest?
I always go to latest first, so yeah. That should be the default, but yeah. We'll probably keep it as the default. Yeah, I agree. I definitely think it's the better view. We did get a comment here again on our forum post from XMR chat, please. This is a request to add XMR chat to the live stream. Yeah, I mean, we can look into it and we can try. But I mean, as Jonah said, there's like a whole website redesign going on. It's like all these projects going on at the same time.
We do accept Monero though. I was going to say, and it's probably one of the things that makes XMR chat a bit tricky because we accept Monero through BTC pay server right now, which kind of like... I believe it generates a new Monero address per person, basically, so you can get your receipt and stuff. We don't just have a single Monero address to send Monero to. Maybe we can get one, though. I don't know.
I haven't asked if we can do that, so I would have to just look into that more and see how it works. yeah definitely uh definitely more of a magic grants question i think um Another thing, if we don't have any questions yet, I wanted to point out another form post that's currently in the latest view right now because it was updated recently. There was a post in the Project Showcase that got a bit of traction because they are working on an open source home camera security system.
They just posted an update to the form with a lot of changes that they've worked on over the past... few months, which look pretty cool. So I got to look into this project again a bit more. It's called Secluso. But they're very active on the forum if you ask questions.
So I just wanted to point that out because if anyone is looking into home security cameras or wants to check out an open source solution, I think that they would at least be good to chat with on the forum because they're there and can answer your questions as opposed to opposed to some other things but i gotta check it out myself to see how good it is yeah it definitely looks interesting i think also we've kind of had discussions internally about like would we would we
ever cover like you know home automation security stuff um so maybe i know this there hasn't really been like that many good options to like yeah that's what i was gonna say the home automation stuff is kind of tricky because like i've been messing with all that stuff personally around my house over the past year and some stuff is working but a lot of stuff is not working super well unfortunately um and it's something that i mean we definitely want to base all of the stuff that we're writing on
community feedback and what people generally agree is the best solution and there's not a lot of like consensus on the forum about what's actually good um or like experiences being shared. So again, I keep talking about the forum, but I think if you have any insight into the home automation space, it would be very helpful for you to share it there. And so we can get a bit more ideas of things to look into.
Yeah, I also think like I feel like the smart home ecosystem is like incredibly hard to navigate, like there's so many standards, there's so many downsides, upsides, all these, every, all these protocols it's, and then, you know, there's also the thing of where are these products even available? Like, are these products available globally?
Like if we were to recommend something that let's say is very popular in Europe, but then it's not popular in the U S and it's like, well, that's not really very useful. Is it? Um, so I dunno, it is, I'm kind of curious to hear what other people think. Um, But yeah, I've been messing around with it a bit, but not really with, at least here, a lot of the stuff is basically all matter. And that has another set of problems compared to other standards. Yeah, I'm not a huge fan of matter.
I know some people in our chats are, but I don't know. I'll have to write up all my grievances sometime. I got to get my thoughts together on all this smart home stuff. Yeah. Oh, we got a comment here from Cannabida. Would be cool to see some privacy guidance when it comes to cars. They collect huge amounts of data.
Yeah. just don't drive one no um it's it's it's hard um and it's especially hard nowadays because not only do you have to be worried about your car but you're just being tracked by all these cameras that people are putting in um tracking you by your license plate so yeah surveillance while traveling is uh very very tough right now uh as far as i understand it as uh when it comes to cars really the only usable solution is to buy like a car from or earlier it can't be a fancy car
in i mean they have they'd already been doing some crazy stuff then but like if you get a a normal car probably isn't like fully computerized yet so uh But yeah, that's not a great solution for everybody, certainly. Especially if you don't want to deal with a lot of car things, because an older car is probably going to have more problems than a brand new one. But I don't really know of any... great solutions to this problem. This is another thing that we don't get a lot of information from.
So I either assume nobody in the community that we have really knows a lot about it, or it's just not a topic that a lot of people here are super interested in. So that makes it challenging to know what to look into as well. I mean, this is kind of something that came up in the news. I'm personally not someone that drives or has ever driven, but I did see that there's this brand called Rivian that said they're allowing you to disable all data connectivity in their cars. Okay. I did see that.
Hello literally just asked about that. And I had not seen that news. So that's good to bring it up. Do you know any more about it other than that? In fact, there was actually a thread on the forum about this already because someone was wondering, you know, like how does this work? Like is this like an airplane thing, like airplane mode feature? Like how does this work? And, yeah, it's in their support page.
Like if you go to Rivian and you go to their support website, it does say that, you can choose to do that and it prevents all data leaving the vehicle, but it disables some functionality. I think this is quite interesting. Like I feel like no other car manufacturers had this as an option before. And I guess, I think one thing with this though is it needs a bit of third party testing. I think, I think I wouldn't trust this a hundred percent.
Like, is this, I would think you would have to do a bit of testing to make sure this is actually the case. I'm very confused about this. I'm looking at their support page. They say it'll limit or disable certain functionality in the vehicle, and their list is navigation, active lane centering, over-the-air updates, which provide new features, better performance, safety enhancements, and bug fixes. Losing over-the-air updates obviously makes sense because it's like you disable connections.
I feel like it this we should still this technology should still exist because ten, fifteen years ago you could get a car with navigation and it would work without the internet. Like you can download an offline map. So should and maybe that is the case here. I guess they do say it will limit or disable it. So I don't have a Rivian obviously can't test this. Maybe maybe it is just offline maps and that's fine.
You know, you lose out on some cool stuff like Traffic or whatever, but probably not the worst thing in the world. What I don't know is whether Rivian supports...
Apple CarPlay or Android Auto, I would be curious about that because this would be a very cool feature if you could use your phone for all of the infotainment stuff and you could still get things like whatever Maps app you want and music streaming and all that other stuff without having to do it through the car sending and receiving data. But I don't know if Ravine supports that. Some car companies don't. So I'm sorry to break it to you, Jonah, but they don't support Android Auto or CarPlay.
That is crazy. They should do that. I think Tesla added it now. They were a holdout for a very long time, and they finally got on board to some degree. So yeah, that is a shame.
That makes the whole prospect... a bit worse, because I don't know, it's good to have this sort of privacy, but there often isn't like a need for it to come at the expense of too many features, or there are like private ways to alter to offer it alternatively, that maybe aren't the full experience, but they get like, ninety percent of the way there. And I think people will put up with that. Whereas here, Like, is this going to, can you not get Spotify in your car anymore? Is that how it works?
Do you have to do it, like, through, do you have to do music through Bluetooth? Yeah, I mean, you, some of this functionality I think is useful. Some of it is not. So it's good to have the choice, but I wish it was a bit better. I also think like the data connectivity issue, like disabling data sending is one issue when it comes to cars. I think someone, I can't remember which, who said this, but cars are becoming like walking computers with hard drives, right?
Like there's a lot of data on the car that it collects when you drive around, like, you know, every place you've ever been, all the distances and, all that extra metadata that possibly if you sell the vehicle at any point or if it gets impounded, for example, that data is incriminating or could be used in that way. I think just because it's not sending the data out doesn't mean that maybe we shouldn't be collecting this data in the first place.
Yeah, I think it also could help with offering this feature on more cars because I feel like not everyone... I've never heard of Rivian before. I don't even know what that is. Really? I don't think they sell... That is very surprising to me. Yeah, they don't sell in Australia. What are the most common cars you see in Australia?
Yeah. uh probably like toyotas and hyundais and ford f like the big fords ford trucks i don't know what they're called yeah everyone loves a good pickup truck ranger for some reason um i guess it makes sense that it would mostly be Japanese Korean Vehicles it's hard to it's probably hard to get vehicles over to Australia shipping wise Yeah. A bunch of like European car manufacturers are kind of dropped out of Australia because of that.
Um, cause it's not really like, there's not that many people here to buy cars as well. Like you're not going to sell many cars. There's only like, twenty seven million people here. That's like, that's like the, that's like the size of a US state. Like that's like nobody. Uh, so it doesn't really make, it doesn't make that much sense. I think, uh, in a lot of cases, but, um, Yeah, someone said it went viral on Hacker News and Reddit. Seems like definitely something technical people want. I agree.
Yeah, I mean, don't get me wrong. It's a great feature. More cars should have it. But I think, okay, I don't use an Android phone too often. or Graphene OS. So I'm curious, does Graphene OS support Android Auto? Because I know you can install all this sandbox Google Play stuff. I don't know if they have support for it. They do, yeah. It does. It basically works the same way as it does on Google Android. So, I mean... I really don't like Android Auto.
I don't like a lot of things in the Android world because you are reliant on Play services. But I think a lot of people would prefer if their car functioned entirely off of their phone through Android Auto and CarPlay. I think that would be better than doing it through the car manufacturer system for most people.
So I think it's a real shame that the only car company that is kind of doing something good in this space apparently is also not letting you do that because I feel like, I don't know, they're missing out quite a bit.
Yeah, it definitely seems, though, like I feel like electric car brands are probably, you know, they're a lot more like I feel like if you remember back like ten years ago, I feel like cars were like stuck in this weird phase where they were like still using like capacitive touchscreens and like really crappy interfaces and stuff. And now we've gotten to a point where these EV companies who are like they're not just a car company. They're like a software company as well.
Like they're building all this stuff.
this other stuff so there's really no excuse i think to offer i mean in tesla's case it seems to be the only thing they know how to build well so uh yeah this is why i did not buy it um unfortunately i still have to figure out how to make my current car i got recently more privacy respecting but i don't drive too often so it doesn't come up a lot i keep i keep putting it off um but yeah sometimes there are ways to like remove the SIM card or disable that sort of LTE connectivity,
and that can help quite a bit. I know Henry from Tech Lore a while ago, I don't know what car he drives now, but he got some older, I want to say Nissan Leaf or something, but he talked, there's probably a video on his channel where he talked about removing the SIM card and then it was fine. And there are some cars you can't do that with. And I still have to look up research whether or how much is possible with my Polestar two, but I'm worried. There won't be a lot, unfortunately.
It might be a trade-off that I'm making because I want an electric car, and all of the other electric cars are much worse. Except maybe Rivian, but I was never in a million years going to buy a Rivian because they only make a gigantic pickup truck and a gigantic SUV. So it was never... That was never going to happen. So unfortunately, I can't benefit from this feature. But yeah. Yeah, I don't think the advice...
It's really irritating that the advice... I feel like the advice now is buy a ten-year-old car. That is really bad advice. Don't buy a ten-year-old car. That's just going to have so many issues and it's going to be a pain. Well, you know what? People... do drive pretty old cars pretty commonly. But yeah, they can have problems too. I've got friends that have old cars and yeah, it's just, I don't know. I think it's, it's, it's always issues. Like it's always issues.
Like, you know, once you reach a certain amount of mileage, I can't say I've ever had to pay too much to get my bicycle repaired. Biking is like the private solution. You got to start doing it. Yeah, I guess specifically if you buy an older car, it's got to be like a Honda, maybe a Toyota.
the in my experience the Japanese are pretty good at making reliable cars um don't buy a Ford don't buy an American car wait what is that is that the consensus that the American cars aren't that reliable or well the main consensus is uh that Hondas are particularly good but I don't know how common this phrase is. Maybe this is only in my circles, in my family, but everyone says that Ford stands for fix or repair daily. So that's what I hear.
All the other American car companies are, I don't even know how many cars they make anymore that aren't pickup trucks. So unless you want a pickup truck, it might not even be an option. Or you want like a Ford Mustang or something and a sports car or something.
yeah that's probably not super practical though as a daily card i'd imagine um but yeah i feel like we've definitely been let's uh someone said uh check consumer reports yeah japanese cars are most reliable interesting okay um yeah i wasn't aware there was a trend oh no i definitely don't doubt it i mean i drove a honda civic for a very long time basically until recently last year and that had like over two hundred thirty thousand miles on it and now my sister drives it and she's
still she's still driving I think she had to fix up like a handful of things but overall since then since replacing as far as I know only like one or two things it's been reliable ever since so They kind of just last forever. Unfortunately, with that Honda Civic, the car itself and the engine and everything are very reliable. All of the stuff that surrounds the engine tends to be pretty cheap and kind of plasticky and falling apart.
So it's not like the highest quality car to drive, unfortunately, even though... Even though it will outlive everything. Yeah. But, you know, what can you do? You just gotta research cars if you're buying an old one. They're hugely hit or miss, for sure. Okay, yeah. I mean, at least you'll save a bit of money. I feel like cars now, like, the prices have definitely gone pretty bad. Well, even used cars. The used car market is insane, but...
It's ridiculous, but it's, you know, so is the new car market. It's even more insane. So there's, there's no winning. You're winning a little bit by used. Yeah. Yeah. I think my, my brother, he bought a car like five years ago and now he checked the price on, on the car listings and it's worth even more now than when he bought it. Like, how does that even work? When, when did he buy it?
probably like i guess ten years ago right now okay yeah that that makes sense i don't know if it's as i haven't looked at used car pricing in a while i know like during the pandemic it was absolutely insane and i don't know if it's come down a bit since then or if in fact it's continued to go up i have no idea um but yeah the used car market it's crazy it's crazy Yes, I guess, yeah, we should probably close out the episode here. We're closing in on the two hour and thirty mark. Oh boy.
well yeah i haven't seen any more questions from anyone anyways um so yeah i
¶ Outro
think this seems like a good time to end i'll remind everyone that all the updates from this week in privacy we'll share them on the blog we do every week so you can sign up for the newsletter or you can subscribe with your favorite rss reader if you want to stay tuned and read all the sources for the stories we talked about in this episode for people who prefer the audio version of this we also offer a podcast available on all podcast platforms in RSS.
This video is also going to be synced to our PeerTube and posted to our website at privacyguides.org slash videos. So you can check it out in a self-hosted manner if you don't like YouTube. Again, Privacy Guides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet.
If you want to support our work, you can make a donation on our website at privacyguides.org slash donate. To make a donation, you can click the red heart icon that's located in the top right corner of the page. You can contribute using standard currency via debit or credit card, or you can opt to donate anonymously using Monero or pretty much any other cryptocurrency.
Becoming a paid member on our site is going to unlock exclusive perks like early access to the videos that we put out, priority during this Q&A if we get a bunch of questions, You will also get a cool badge on your profile on the form. You'll get access to some member-exclusive bonus videos we do, and you'll have the warm, fuzzy feeling of supporting independent media. That's it for us. Thank you all for watching, and we will see you next week.