GrapheneOS has a Hardware Partner!

A major Android OEM agreeing to create a future Graphene OS compatible phone, ProtonMail sharing data with the FBI, the OpenAI Pentagon deal, and more. These are the stories that we'll be discussing in this episode of This Week in Privacy, our weekly live stream where we discuss the latest updates within the Privacy Guides community, and this week's top stories in the data privacy and cybersecurity space. I'm Jonah, and with me this week is Nate. How's your week been going, Nate?

Been keeping really, really busy, but could be worse, so I can't complain.

Oh, good. Let's hop right into it. We'll start off with the biggest news story I think that we've seen in privacy and security from the past week. Of course, it's Motorola confirming Graphene OS support for a future phone. and bringing over features to their lineup. This article we have is from Nine to Five Google.

They published it on March first, and they said, following rumors swirling for quite some time, Motorola has announced a partnership with Graphene OS that will see the privacy-focused, de-Googled version of Android pre-installed on upcoming Motorola devices.

A new long-term partnership between Motorola and Grafino S was announced at Mobile World Conference, earlier this week on Monday, with plans for both a future smartphone to have Grafino S pre-installed and certain features from Grafino S coming over to other Motorola devices, the company said in a media briefing in Barcelona.

In a press release, Motorola said, Motorola is introducing a new era of smartphone security through a long-term partnership with the GrapheneOS Foundation, the leading nonprofit in advanced mobile security and creators of a hardened operating system based on the Android open source project. Together, Motorola and the GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility.

In the coming months, Motorola and the Graphene OS Foundation will continue to collaborate on joint research, software enhancements, and new security capabilities with more details and solutions to roll out as the partnership evolves.

All of this comes after some leaks at the end of February that we saw on Reddit and also discussed on our own Privacy Guides forum where some Motorola or Lenovo media slides were leaked ahead of this showing Graphene OS being referenced in their roadmap for future devices. And so those rumors did prove to be true this week. It's not...

It's unclear how this partnership is going to work, especially with Motorola saying that they're going to be bringing over features from GrapheneOS into their devices. We do know right now that all of Motorola's current devices will not be compatible with GrapheneOS. That will be coming as a future device. We've seen social media updates from the GrapheneOS team confirming that none of Motorola's devices currently meet their security standards.

And they're saying that a future Motorola device that can run GrapheneOS will have similar specs to the flagship end of Motorola's devices, like the Motorola Signature, but the current Motorola Signature will not be supported. GrapheneOS social media team members have also said that we can expect a device to come out in twenty twenty seven.

So this is not an immediate launch by any means, but it is now confirmed that they will be working with Motorola, putting to rest all of the rumors of all the other OEMs they could possibly be working with. I know there's a lot of speculation for the past few months since Graphene OS originally announced they would be working with an unnamed hardware device partner. And now that's confirmed.

But yeah, this will definitely be a big shift for Graphene OS and how they've always done things in the past. So Nate, you've taken a look at this story. It's been big news throughout the week. Was there any key takeaways that you wanted to discuss here? Um, no, I think you kind of covered it. I mean, at this point, it's still so early on that there's, I mean, I don't want to say there's a lot of speculation. I mean, it is, there is a lot of speculation.

Like, um, you kind of covered everything we know for sure. Um, I, I'm interested. I, you know, uh, Jordan said here in the comments that Mortarola was an interesting choice, which I totally agree with, but also like, I, I'm not sure. I'm not much of a hardware guy, especially when it comes to phones. I know that pixels, of course, have like the best security, which is why we recommend pixels. And also iPhones have good security, but obviously that's never going to happen.

That would be interesting. But I think I'm notoriously critical of Samsung security. So I've seen some people saying like, oh, I wish they'd work with Samsung. I cynically do not see a world where Samsung security will ever be good enough. to run a graphene device, in my opinion. They would have to really do a lot of work there. But yeah, it's really just... I can't think of anybody off the top of my head that I'm like, oh, it's weird they didn't go with these people.

I definitely was not expecting Motorola, but again, I don't know who I was expecting. I think I will be really impatient to see what comes next. I'm really interested... Because Motorola's official announcement for this had a very heavy emphasis on enterprise features. And I know that's historically something that's been missing from a lot of FOSS projects.

With all the stuff about age verification going on, a lot of people have pointed out that a lot of FOSS projects like Linux are missing... parental controls. And so it kind of makes it harder to, uh, pull yourself out of those systems, but still maybe monitor what your kids do.

And so where I'm going with this is I will be interested to see if maybe graphene is able to pull, uh, some of those optionally, of course, some of those like enterprise features to create like some kind of parental control thing in a secure way. Um, or anything I will be, I've seen some rumors that there's not necessarily a guarantee that these phones will come pre-shipped with graphing, but they will be graphing compatible.

I've also seen other rumors that graphing will be an optional, like when you buy it, you can select graphing. I hope that will be commercially available and not just for enterprise users. Um, so yeah, it's, uh, I dunno, every, again, I feel like a lot of things we could say at this point would be speculation, but I'm really hopeful. I'm really excited to see where this goes. I'm happy that graphene has access. I'm assuming they now have access to Android. Um, in a, in a more stable kind of way.

Cause I know that was a big thing is Google's been locking down Android slowly and making it less available and less open source in practice, if not officially. Um, and a lot of ROMs have struggled with trying to get ahold of Android so that they can modify it and get it ready for releases. And that's been slowing down cycles. So I'm assuming now they have better access to that kind of stuff.

And they'll, you know, of course they'll have, I'm assuming access to the hardware to be able to like modify that and they don't have to reverse engineer things. I'll be interested to see if they continue to support the pixel or not. So just a lot of questions, but I'm, I'm really hopeful to see where this goes. Yeah, for sure. I've definitely seen a lot of conflicting reports on this. I know the nine to five Google said that Graphene OS would come pre-installed.

I'm not sure if Motorola said that because they didn't mention it in their press release, but maybe they did at the in-person event. I wasn't at Mobile World Conference, so I wouldn't know.

I do think, yeah, I'm definitely interested to see what this phone looks like because Graphene OS has for a very long time touted the idea of like the the the titan security chip in pixels being like the gold standard for for smartphone security and a lot of their features do rely on that whereas um all of these other existing devices don't really have a comfortable security chip in place that has all the same features so if we look at like all of motorola's

devices right now which use qualcomm chips You know, Qualcomm has some sort of secure element, which the name of is escaping me off the top of my head, but it's not as comprehensive as the Titan M chips in the Pixels. in terms of what they can do. And so I'm really interested to see if Motorola is going to be able to provide an alternative in these future phones and what that will look like. I don't know what sort of secure element requirements would be needed in this case.

I don't know what commercially available options there are for Motorola to choose from. That's kind of... Oh, that would be above my pay grade, but I'm sure Grafino S and their team is figuring all that stuff out and probably... has been working with Motorola on this for quite some time. I mean, obviously, this news was released today, but GrapheneOS has been talking about this for a while. And they've obviously been planning this behind the scenes for quite some time.

It's also, it's an interesting relationship that they seem to have with Motorola. And I think it explains why they haven't gone with other OEMs because I've seen Graphene OS representatives on social media say that Motorola essentially came to them asking for the partnership and committing these resources as opposed to them reaching out and trying to find one that's most suitable for them.

Which makes sense because you would really need a pretty high level of buy-in from whatever OEM you partner with to take on a lot of the responsibility. GrapheneOS is of course a very small team still and can't exactly make all of these hardware decisions and software changes to support a new device just like on a whim, resources are limited. So being able to work with Motorola and kind of maybe direct their team in a security-minded focus is really interesting.

And it's a really cool opportunity for them. Yeah, I think we'll just have to wait and see what this looks like. I know I've seen some people disappointed. The OEM wasn't some of the other top picks. I know people were hoping for OnePlus or nothing or perhaps Sony. But I don't think Motorola is the worst choice out there.

And I think it's a very positive sign that Motorola... seemingly initiated this partnership or at the very least is very invested in making this happen so um it's a good level of commitment on on their end as far as we can tell yeah i agree while while you were talking i was thinking about some of the more um The more, I guess, open source aligned phone makers out there, like nothing isn't really open source, but I think they have the whole modular thing going on.

I might be thinking of somebody else, but like Fairphone, Purism, what's the other one? The Pine phone, which I know those were probably never even on the table for security reasons.

But yeah, I mean, it's one thing worth noting is I did see a video this week that dove into this topic a little more and showed also the, the hacker news y combinator uh forum where daniel was pretty active responding to some people and he made a point of saying like this is not an exclusive partnership so he said at this time there's no plans for graphene to work with any other oems but it's not off the table and i actually didn't know that about motorola coming to them but um i

think i mean i'm sure you said this and i'm sure this is a given but like i think this is great for graphene i think this is great for open source. I think this is great for, uh, the general consumer to have this easily accessible, um, potentially ships with graphene device, uh, especially if that is again, a consumer accessible option at checkout.

So I think if this phone does really well, um, I think that will show other OEMs that there is an interest in this and being that again, graphene, this is not an exclusive relationship, then that would be, uh, that would potentially be on the table that they could go to graphing and be like, oh, we want to work with you to make our phones graphing compatible as well, which would just give us even more option for other manufacturers. So, I mean, I know I'm getting really, really ahead of myself.

This is probably years down the road if that ever happens, but, you know, we can dream, right? So... Yeah, absolutely. I know I see some chats here about PinePhone. It would have been nice certainly to see a partnership with a more niche or especially like repairable phone.

Fairphone, I think, would have been a top choice for a lot of people for sure, especially in this community, because a lot of these values, I think, go hand in hand a lot of the time between open source privacy security repairability like a lot of people are very passionate in this community in this community about all of those things um but yeah no matter no matter which way you look at this um any sort of partnership i think with uh with an oem and especially one that's big name as motorola

is is huge for any custom rom but especially graphene os it's definitely The Android realm of choice that we would want to see partnering with OEM versus a lot of the other options out there. So yeah, it's very cool news. Yeah, I don't have much else to add. Like I said, everything at this point is kind of a speculation. We'll just have to wait and see where things go. Yeah.

I think in the meantime, we can talk about a different phone if we're ready to move on, which is the iPhone. And this is pretty exciting news, but apparently the iPhone and the iPad are now approved to handle classified NATO information. Um, I'm not gonna lie. This is kind of a headline says it all. This is a, for audio listeners, uh, this is a new press press release directly from Apple.

So, um, it kind of, there's a little bit of information in there, nothing super technical, but you know, Apple kind of touts all of the security features they built into their phones recently. Like, um, Biometric authentication with face ID, memory integrity enforcement. They say best-in-class encryption. I mean, I guess. Government has struggled to crack lockdown mode, and even in the past, just the regular encryption. So that's probably not terribly misleading.

Um, yeah, they say that, uh, they have gone through, did they say there was an audit here? I mean, I'm assuming there was some kind of audit certification process, but, um, yeah, iPhones and iPads running iOS and iPad OS, OS are certified for NATO use in all nations. Um, I don't think I have too much to add to that. Again, it's a pretty self-explanatory headline, but I think it just really, really attests to Apple's security, which this is going to come up again later in the show.

But I want to remind everyone watching that privacy and security and anonymity are all very different things. They're very distinct things. And they do complement each other. They do work together. And some of them, like security is how we enforce our privacy wishes, right? You know, with things like... just as a really low hanging fruit example, a password at its most basic form is designed to control who has access to an account.

So that is kind of a form of privacy controlling who has that password in theory, at least. So yeah, Apple, we would definitely like to see them do more on the privacy front. There is of course room for improvement, but again, they are, they do make incredibly secure devices. And I think this is just kind of a further testament to that.

One thing that's interesting is they say that this is the first consumer, first and only consumer devices in compliance with the information assurance requirements of NATO nations. So yeah, like I said, I don't have too much to add to that. Jonah, did you have any thoughts on this story?

yeah so um it's very cool i think like you said according to this press release and as far as i know these are the only consumer devices that can handle any sort of nato classified information um which is a big accomplishment for for apple the auditing process um for any of this is uh fairly extensive and i think it's probably no surprised that one of the best phones we already know for in terms of security can pass this.

But it is just more evidence that a lot of the safeguards in place on these devices are functional and work as expected and can be trusted. audits like this aren't the end all be all of security by any means. And they mostly make sure there's no like super obvious mistakes, but they don't test for everything. And so it's not like a complete assurance that these phones are unhackable.

And indeed, like if we look at the level of classified data that these phones are now able to handle, which is the NATO restricted level. That's out of the four classification levels that NATO has. That's the lowest one. You don't even necessarily need a specialized security clearance in order to access NATO restricted information. So you know, the most top secret governments are the most top secret documents that NATO has are not going to be stored on iPhones anytime soon.

But it is interesting that like a full operating system and especially a consumer one is now able to handle this data because typically you would see like a NATO restricted classification limited to something like a A lot of those USB drives that have hardware encryption and a pin that you enter, some of those will be NATO-restricted in terms of security, which is good, but those are obviously much simpler devices. They just have to handle encryption, and that's pretty much it.

Whereas an iPhone is a... complicated device and obviously more challenging to guarantee the security of those documents on it. And so yeah, it is a big step for Apple to have this done.

I don't know what the process is for like a company like apple or a os developer to get nato certified i don't know if that is something that um like the company itself would have to reach out for and pay to get certified i would imagine um it typically is and so thinking about like this being the first consumer device to be to be certified to handle nato restricted information That might not be that surprising because I would imagine a lot of consumer devices

probably are not willing to undergo the effort to get this certification and audit in the first place. Thinking about like Graphene OS we just talked about, I can't imagine they would have the resources to do like a comprehensive audit to be certified to handle NATO restricted information, even if the operating system is theoretically secure enough to do that. So there is that takeaway that I would think about.

I don't think And for that reason, I wouldn't consider iPhones to be the most secure devices in the world now or anything like that. But it is certainly a good sign for them at the very least. For sure. I don't have anything to add to that, but we did have a few questions in the chat I thought might be fun to talk about. Yeah. Dyson Fan said, do you think this will be affected by the war in the Middle East? I don't think so.

I think overall, I know there's a big push in Europe right now for digital sovereignty. I think one of the reasons that NATO would view Apple as a maybe less risky company compared to someone like Microsoft is... Putting aside the fact that Microsoft has been hacked by China more times than I can count. I think Apple does have a history of pushing back. Not all the time. Definitely not all the time. I'm not defending Apple here. There's times they should have pushed back that they didn't.

But they do have a history, especially in the U.S., of pushing back against government data requests. And I don't know.

I would just imagine that kind of... makes the the geopolitical landscape a little bit more uh nuanced i guess um in terms of why they might be willing to trust someone like apple but um and then yeah jordan just real quick said i wonder what they use for computers because mac wasn't included i don't know that's a good question i know uh germany specifically i know there's a few states in germany that are like switching over to linux and and uh libra office and stuff

like that but i don't know about nato as a whole that is a really good question so yeah i'm not sure i mean as far as like the war in the middle east i nato is i know the us is a part of nato but the us typically when it comes to like classified information or military stuff they kind of do their own thing and they have their own requirements for all of this.

A lot of the NATO specific stuff like this certification, for example, is going to apply more to European countries than the U.S. in its own interest. So... There is that to think about too. I believe iOS and other Apple devices have been certified for a variety of US government security standards for quite some time, but I don't remember exactly what level they would be certified at or if it's comparable to this. I'd have to do more research into that.

Cool. Yeah. I mean, that was a pretty quick story, but That was all I had on that one.

Yeah, before we go on... Oh, yeah. Let's talk about this. So this story was reported by TechCrunch here. Meta sued over AI smart glasses privacy concerns after workers reviewed nudity, sex, and other footage.

According to TechCrunch, Meta is facing a new class action lawsuit over its AI smart glasses and their lack of privacy after an investigation by Swedish newspapers found that workers at a Kenya-based subcontractor are reviewing footage from customers' glasses, which included sensitive content like nudity, people having sex, and using the toilet. Meta claimed it was blurring faces and images, but sources disputed that this blurring consistently worked.

The news prompted the UK regulator, the Information Commissioner's Office, to investigate the matter. Now the tech giant is facing a lawsuit in the United States as well.

In the newly filed complaint, plaintiffs Gina Barton of New Jersey and Mateo Canu of California, represented by the public interest-focused orcs and law firm alleged that meta violated privacy laws and engaged in false advertising um So, I mean, looking at this story, my immediate reaction is like, well, yeah, of course this would happen if you strap cameras to your face that are constantly streaming to a big tech company. And this is really a problem that we've seen over and over before.

The one that most immediately comes to mind is was pretty much a very similar situation with Siri recordings. And those weren't video at the very least, unlike this, but they were being sent to a bunch of contractors for review when that was not clearly stated in Apple's privacy policy. I believe there have been similar cases with other voice recording systems like Alexa.

And so it's it's just a sign that these these big tech companies they're not going to be treating your data properly and they're not going to be giving it the production that it needs because they are more interested in consuming all of this data as much as possible and like having a bunch of random people contractors whoever review all of it to supposedly probably improve their ai services and other things that they that they're working on just with complete

disregard to your own privacy or personal data. And so, yeah, hopefully there's a big punishment for meta here, but I can't imagine a lot is going to change. Unfortunately, I think that we need to be aware of these dangers and we really need to just eliminate devices like this from everyday use.

it's a bit crazy to me um how much things have changed in the past ten years because i remember back when um google glass originally came out um and there was this glass holes term for people who wore it and were constantly recording in public spaces and now all of this stuff is kind of being normalized unfortunately and there isn't as much pushback anymore and i think that we need to revisit that because I don't think we were we were wrong back in those days.

I think that we we were on to something and maybe we should remember how much we dislike products like this again. Yeah, totally agree that. Honestly, that was something that really confused me too. With the whole like you mentioned Google Glasses. I remember when when those came out, and they were such a flop. And so when Meta announced their AI glasses, I was like, okay, we've already been down this road.

And I know, I think even before Meta, I think Snap had announced their glasses, and then I never heard of them again, which I think those exist. But I don't know. I never hear about them anymore. So my point being, I was like, oh, this isn't going to go anywhere. And now I think this article said that last year they shipped like seven million of these things. Hold on, where was it in this thing?

But... Yeah, while I look for that, it just blew my mind that it's like, wait, yeah, in twenty twenty five, over seven million people bought meta smart glasses. And it's like, how did it like what's different this time that it worked when it did not last time? I'm very confused. I think it's got to be like. Are they making it fashionable? I know the Ray-Ban partnership must have a lot to do with that. Are people willing to give in and use it?

Yeah, if they're partnered with like, more recognizable brands. Kind of an unfortunate way to shop, but I think that might be it for a lot of people. I mean, that does, yeah, that could be it. I mean, maybe it's the AI part. Like, I have said before that, like, I get on paper, I get the idea, because I'm convinced I have, like, a mild form of face blindness, and I run into people all the time.

I mean, not obviously, like, with someone like you that I work with all the time and I see every week, I know you, but, like, I run into people all the time that they're like, oh, hey, Nate, it's me, so-and-so, and I'm just like, who are you? And then when they're like, oh, we like did this thing together. And I'm like, oh yes, yes. Like I'm a contextual person. When you tell me like how I know you, then I remember, but I'm so bad with names and faces.

So I would love the idea of like AI glasses that tell me like, do the facial recognition, like, oh, you know, this person from this, like save me that whole step. But I don't want it pinging back to the cloud, which of course it would have to do to do that.

But my point being is like, I get it on paper, but I still can't believe that like they managed to to actually like make it stick this time it's so weird to me well and i mean it it doesn't have to do that necessarily ping to the cloud i know not that i would advocate for this product to exist necessarily but certainly facial recognition that's something that has been around for for quite some time and well, you would need to have a local database in your contacts or whatever.

I do think a lot of people will already use this feature in the Apple Photos app or the Photos app on their Android phone that automatically classifies faces and you can put a name for it. I think that's a fairly popular feature that runs entirely locally.

And extending that to a basic device like this, even if it has to ping your phone to run this computation, Certainly it's not necessary to ping servers if you don't want it to, but big tech companies are very disincentivized to do anything locally because there is so much data that they can slurp up with their servers and use for all sorts of AI and other purposes.

And of course, we'll talk about a future story here in the show about these AI companies partnering with people who you probably don't want them to be. So that's the kind of direction that all of this puts us in. And yeah, it's not great. And it certainly doesn't have to be this way. Just because this is the way that Meta has decided to make this product doesn't mean it's the only way that this product has to exist. And I think that that's really important to remember. For sure.

Yeah, two things I wanted to add real quick in response to redacted, said someone needs to make glasses that beams lasers at cameras as you walk around. That's probably destruction of property.

There is an app, this is not an official recommendation because we haven't really vetted it, but I know there is an app that's supposed to warn you if there are people nearby wearing smart glasses, not just the meta ones, but also the snap ones and Apparently, there's more than just those two, but I do have it on my phone. It has not pinged me yet, although I don't know if I live in an area where people are not using them. I don't know if it's maybe just false negatives.

Your mileage may vary, but it is fully open source. You can go take a look at it. I will say, I've never seen any of these in person myself. I don't know what area these are super popular in, but not around me yet.

Yeah, and I've had situations where somebody's got the big glasses and there's a screw in the front, and I've asked them, and I try not to sound like I'm upset about it, because if they think I'm angry, they're definitely going to say no. But I've asked people, I'm like, hey, this is totally out of left field, but are those the meta smart glasses? And they're always like, no, no, they're just whatevers. So I haven't run into anybody yet, but yeah.

And then the other thing I was going to say just real quick to add some context to this article, it says that the reason there's a lawsuit is because Meta's advertising specifically says, and I quote, you're in control of your data and content. And then there was like another quote there too. Yeah. I don't know. I lost it. Oh, built for privacy, designed for privacy, controlled by you. So, yeah, it's it's I think they've got it.

I hope I'm not a lawyer, but I feel like they've got a really solid case here that if Meta is going to. And I mean, all of the veterans listening know that this is like, oh, no, Meta lied. Like the what's the Captain Kirk William Shatner like? Shocked face. But when you explicitly say in your advertising that like you control your data and then find out that there was no toggle not to submit the footage and people are reviewing it.

I think I put this in the newsletter that went out actually for this episode that. As much as we've talked about these things, we kind of blew over that part where it's like part of training AI is that people have to review it, even if only every now and then. People have to review it and make sure it's working and correct it, which is a whole other thing.

worm bag of worms that we're not going to get into right now but i i think it's funny that like for you and you and me like that never even came up once because we just thought that was kind of a given i guess or for whatever reason like we never even thought to mention that that like hey by the way there is no world in which people will not see so at least some of the images and footage taken by these videos so yeah um one of our team members uh jordan asked sorry i'll let you do it what

protection do people have against being recorded in public um which is a great question unfortunately i think the answer in most countries including here in the united states is not much but i think that this is a good example of um i think why data privacy concerns are certainly not only a technical issue because people very often get caught up in this um trying to think of technical solutions and i do like unredacted suggestion of lasers being beamed at cameras as you walk around but at the

end of the day um the the best way to prevent something like this is to get strong data privacy laws out there that would prevent people from doing this and using your data without your consent. Because I don't think that just being out in public or walking around is necessarily consent to be recorded and filmed and that footage stored permanently for the rest of time, right? It's We really have to rethink our relationship with technology and privacy.

And we can't just apply past norms to the current state of what we're in. But of course, there are so many incentives to not do this that I think people need to be more vocal about. You know, we've talked about this in the past few episodes, but even governments are getting in on this like constant mass surveillance via companies like Flock, for example, just constantly trying to collect as much data as possible and seeing what they can do with it.

And in a lot of cases, I think they don't really know what they can do with it yet. I think meta with these glasses probably doesn't know what they can do with the data yet. But they're collecting it all in the hopes that they can do something with it. And that that's, that's not good. And I don't think we should allow that. So hopefully, so hopefully, that can change.

Yeah, the only technical solution, quote unquote solution that came to mind was I really want to buy some and review them one of these days. But I know you've probably heard of there's a company that makes glasses that they've got a few different models and one of them is supposed to reflect IR. So they look like relatively normal glasses, depending on how you feel about the style of them. But the frames are designed to very invisibly reflect light back to a camera.

And it's mostly for facial recognition if I've read... Granted, this all came from their website, so it may not be a hundred percent accurate. But according to their marketing materials, it's like some cameras, like surveillance cameras, They'll use IR to like better map your face for facial recognition purposes. And it's designed to throw those off.

But the nice thing is, again, if I pose for like a family photo, my glasses look normal as opposed to they have another model that like will explicitly like if you take a flash photo, it'll reflect and block you. And so anyways, my point is like something like that comes to mind. But I mean, that comes with so many like let's just assume it works for the record. But you shouldn't have to like if you don't wear glasses, why are you going to buy them just to throw off facial recognition?

You shouldn't have to buy them because I think they're pretty expensive. The frames are like two or three hundred dollars, which I guess is how much frames normally cost without insurance. But either way, it's it's I guess my point is like it's one of those like I agree with you. Like I don't like. When ordinary people just trying to live their lives, have this unnecessary burden put upon them, and I understand that like. Like it. I understand that there's a limit to that, right?

Like we're not all entitled to like free DoorDash or anything like that, right? Like there's gonna be times you have to put in some work and you have to put in some effort and learn some things. But I mean, in this situation, like I feel like these companies are just so out of control and there is no data privacy law in the U S at least not universally. There's a patchwork of limited laws.

Like somebody here said, there's some states in the U S which don't allow facial recognition without explicit consent. Yeah. There's like two or three that I'm aware of. I think there's like Texas, Illinois, um, probably California with the, their privacy law and maybe like a couple others, but you know, overall there is no like us version of GDPR that says like, Hey, here's the bare minimum.

And I, the more we go through this stuff, the more I feel like we really need something like that, that just kind of sets a standard, which for the record, it will not be good enough. I guarantee you that, but at least something, some kind of bare minimum thing so that people, ordinary people don't have to jump through a hundred and hoops just to try to have like a basic level of privacy. It's so insane.

And it's really important that like, you can't just claim to be working around these privacy restrictions by like anonymizing that data or whatever, because in cases like this, for example, we know that that technology doesn't really exist or it will, like, if you want to blur faces, um, in all of these videos, it probably relies on AI, which again, I'd point out Meta said that they were doing in this case and it didn't work consistently.

That's just going to be inherent to all of this technology. You're never going to be able to. One hundred percent, uh, ensure that all of this data is being handled privately no matter what Meta is claiming about this. And really the only solution here is to not collect that data in the first place and to not give Meta that data in the first place.

So yeah, this whole thing's a bummer because it really puts a bad spin on AI glasses in general, which is probably a good thing because it seems like every single one that's come out lately has been... just in the form of cameras strapped to your face, right? Which is always like, that's never been what I wanted from smart glasses, even before I got into privacy.

I've always just been a huge fan of future technology, and I was like, smart glasses, that could be cool, because I would want a heads-up display to see navigation or live translation or a ton of stuff that does not at all require cameras. Recording people constantly, that's probably... Most of the very bottom of the list of things I would ever want to do with my glasses.

Um, but that is the direction that all of these tech companies are going in rather than, um, something more, more useful and less privacy invasive, unfortunately. So it's a shame. Yeah. I, I really just real quick, I want to drill home what you were saying about like how the face blur isn't enough. Like. It takes a shockingly small amount of data to de-anonymize somebody. And it always cracks me up when it's something like location, right? Like, oh, but we anonymize the location.

And how many other people in the world spend eight hours a night at this location and then eight hours a day at that location? Like that alone tells you who I am. And then this one with like the whole, oh, but we blur faces. Hi, hello. I don't think that matters for some people. for audio listeners, I'm showing off my arm tattoos. Like even if you blurred my face, it's, I don't, it's pretty obvious, you know? And so, yeah. Um, I, I could see, I'm thinking back in my own history.

I could see a few small scenarios where like having a camera strapped to my face would be super useful, but that was like three times a year at my old job just for me. Like, I don't think most people really need it that much. So yeah. And certainly, you know, that could be a separate product that like, what if I just have a little camera that clips onto my glasses if I want to record something, right? I don't need it constantly. Yeah. Constantly on and recording.

This is a very niche use case, I think, for a lot of people.

Yeah, super crazy. But on that note, we do have some site updates before we launch into our next story. We are going to talk a little bit later about ProtonMail. I know that story just came out the other day. But first, here's what's going on at Privacy Guides. And for those of you who may not know, Privacy Guides is a nonprofit which shares data privacy related information.

And we facilitate a community over on our forum and on Matrix where people can ask questions and get advice about staying private online and preserving their digital rights. So first up, big news, our smartphone privacy and security course that we have been talking about for months now. We've been releasing videos little by little. It is finally one hundred percent available in full. No membership required. You can go over to YouTube. I believe it's on pure tube now.

If it's not, it will be very, very soon. We have, for those of you who may not be aware of this, we basically built a three-part smartphone course about how to make your smartphone more private and more secure. And there's a beginner, intermediate, and advanced level. And there is also an iPhone and an Android version. So yeah, whichever one you use. And you can watch them all and you can decide maybe some of the stuff in the advanced level doesn't apply to me. Maybe some of it does.

If nothing else, it lets you know what your options are out there and our official recommendations at this point in time about how to make your smartphone as private and secure as possible. And again, that is out now. So go ahead and check that out. And then some big exciting news. Myself and Jonah next week will be in Austin, Texas. We are at an unofficial South by Southwest party being hosted by EFF Austin.

We will be doing a little workshop about how to improve the privacy and security of your phone. So, and, um, if, if anyone's in the area and you have never tried graphene and you're like kind of worried about it, we will actually have a little demo device that has graphene on it so that people can play around with it and kind of see like, oh, this is just like a normal Android. Like there's nothing to be scared of. I can use it just like an Android.

Um, so we'll have that little demo device, but also we'll just be answering questions and, you know, offering our advice about how to harden your phone. And full disclosure, I am on the board of EFF Austin. So yeah, we will be there for anyone who's in the area. Yeah, come stop by if you're not and it'll be super fun, I think. And we'll share a link to the to the event information meetup stuff in the in the sources of the show. So yeah, if you're in the area, definitely check it out.

It should be fun. And also, I will say, since it will be taking place next Friday, we will be hosting this show in person there. So that'll be fun for people who watch this as well. In other news, we have a bunch of big stuff that we announced on our website this week. The biggest thing that we launched was a new section related to privacy activism.

So if you go to privacyguides.org slash activism right now, you can find all of these resources um our staff writer m has been working super hard on getting all these up and it has a ton of useful advice um not for like just activists in particular but activists for privacy people who want to advocate for data privacy in their local communities or in terms of legislation or in terms of anywhere else that you might want to be an activist for privacy rights.

And so all of these tools are meant to empower the kind of digital rights community that we are in. And the first tool that we released in this section is the privacy activist toolbox, which it looks like Nate is scrolling through now here on the screen. Essentially, this toolbox is a list of resources and articles that give you advice on how to be the most effective privacy activist you can be and how to effectively and clearly and sustainably advocate for privacy and digital rights.

And so if that is interesting to you, if you've been in the privacy community for a while and you're wondering how to best make a difference yourself, definitely check out these articles. They're extremely extensive and just a wonderful resource. We've gotten a ton of positive feedback from people in this space and elsewhere who have been reading these and learning new things or sharing these with other privacy activists and privacy related organizations. in this space.

The activism section in general is something that we hope to continue expanding. We have a few things on the roadmap and hopefully we can share a bit more information about that soon. But for now, I think that all of these tips will prove to be super helpful for some of you out there. And if any of that sounds interesting to you, definitely go to privacyguides.org slash activism and check out that resource. Other site changes, we've done a few very minor things.

The most notable one was that we removed mention of zero knowledge encryption or zero access encryption from our site because those terms are not very... clear and we found them to be confusing. So we're kind of transitioning to being more descriptive. Zero access encryption is kind of a marketing term that gets thrown around a lot. And zero knowledge encryption is not really technically accurate.

It doesn't make a lot of sense outside of like zero knowledge proofs, which are totally different things. So Hopefully some of our resources around encrypted tools that we recommend, et cetera, are more clear and we hope to use better terminology to describe that stuff going forward. That's not just marketing jargon. That's a big thing that we want to try to eliminate from all of our resources as much as possible. So that was a big change.

um related to our news section our volunteer journalist freya has been publishing a ton of articles lately so you can go to privacyguides.org news and check those out there are a lot of stories that we don't get a chance to discuss here on the show but are still important nonetheless, and that is the best way to stay up to date with those in addition to our community forum.

Some of the articles include a full-length article on how to game privately, which might be interesting to the gamers out there, as well as more news briefs like Samsung TV's halting data collection in Texas, a spyware maker going to jail, TikTok refusing to add end-to-end encrypted direct messages, and a lot more. So again, that's at privacyguides.org slash news if you want to stay up to date on all of those topics.

All of the stuff that we do at Privacy Guides is made possible by our supporters. So you can sign up for a membership or donate at privacyguides.org. Or if you want to promote privacy in your own life and you want to support us as well, you can buy some swag from shop.privacyguides.org. I think that does it for all the updates from us this week. So let's talk about chat GPT and the Pentagon. Nate, what do you got for us here?

Yes. OK, so for those who missed the memo, which I wouldn't blame you because there is so much freaking news going on right now, it's hard to stay on top of it all. Like I actually forgot part one of this story until I was reading the article and refresh my memory. So the Pentagon used to have a contract with Anthropic, who makes the AI Claude, which I've heard good things about as far as AI goes. I guess it's pretty good at what it does.

But Anthropic had some stipulations in their contract, specifically that you could not use Claude for mass surveillance on Americans, and you cannot use it in autonomous weapons. And the government tried to pressure Claude into dropping those stipulations and doing whatever they wanted. I will admit I'm not fully versed in the nuance of this story.

So I apologize if any of my opinions are a little wrong here, but to their credit, Anthropic stuck with their guns and said, no pun intended, stuck with their guns and said, no, we're not going to do that. And the government dropped them and said, we're not doing business with you anymore. Went on to declare them a supply chain risk. That's a whole nother thing that we're not going to get into, but open AI is, as they do, swooped right in and said, hey, we'll do business with you.

I mean, I don't know how else to put it. So Sam Altman, the CEO of OpenAI, basically he's clarifying the terms of this deal now because he recognizes that that was not a good look to just come in. Here's what he says. We were genuinely trying to deescalate things and avoid a much worse outcome, but I think it just looked opportunistic and sloppy. You can take that at face value if you want or not. You can probably tell how I feel from my tone, but that's neither here nor there.

But either way, he's clarifying that they are still holding to the terms that OpenAI cannot be used for mass surveillance. Noticeably, I don't think this article said anything about the autonomous weapons. But yeah, and I think that's kind of the... Again, that's kind of the bare bones of the story. We don't know a lot more. We know that AI, and I'm sure a lot of our veteran viewers know this, but AI is so much more than LLMs, right?

And there's a lot of people who don't even like the term AI because it's been around for a long time. AI research goes all the way back to like the sixties, I think, which is pretty crazy when you think about it. But I mean, even before it was called AI, we've had targeted ads, we've had machine learning, we've had algorithms determining all kinds of, I mean, for years, algorithms have been determining whether or not you get approved for a loan, your insurance rates.

And it's just, this is like, the next step, um, I've had to explain that to a few people is that like, it, it seems on the, from the outside, it seems like chat GPT just came out of nowhere, right. In twenty, twenty two, I think it was, but I mean, it's, it's kind of been building towards that behind the scenes. It's just, that was like the next leap forward, at least publicly and visibly.

So, um, Yeah, AI is being used by the military, which is, again, probably not a shocker to our veteran listeners, but it's being used for, again, it's more than just LLMs and chatbots. It's being used to identify targets. It's being used to calculate how sure are we that this is a target? Where do we think this person is going to be next? All that kind of stuff. And so I think I'm not going to lie. This has actually been on my mind for a long time.

Back on Surveillance Report, Henry used to tell a famous story from Edward Snowden where it was the – I believe it was the Boston Marathon bombings. It's like him and one of his coworkers were in a bar, and they saw the news about the Boston Marathon bombings. And I think it was his coworker was like, how much you want to bet that guy's in our system? Like we flagged him. We knew he was a threat and we did nothing.

And when they went back to work the next day, sure enough, they looked him up and it's like, oh, he was in the system. Yes, absolutely. And I think that has long been a criticism that I personally have heard from intelligence people. Not that I know any, but I've just like, I've seen it around in articles and stuff is they're so inundated with data that they cannot sort through it to make sense of it. which to me tells me you should stop collecting so much data.

But I think that's one of the most obvious uses of AI is to sort through that data, which raises a lot of concerns that the article did actually address here that AI is known for getting it wrong or hallucinating. Like it says right here, AI large language models can make mistakes or even make things up known as hallucinating, which... Fun fact, that was actually my first experience with AI. Back in the day, I was like, well, let me try this out and see if it's any good.

And so what I used it for was, this was back when I used to recommend Threema over on the new oil, and I was writing a review. And so I was like, okay, give me the pros and cons of Threema. And one of the pros, it was like, it has a password manager built in. And I'm like, can you cite your source for that? And of course it couldn't. And it just went, oh, you're right. I'm sorry. It doesn't have a password manager. And I'm just like, Where did that even come from?

So yeah, AI, that's one of the big concerns with AI in this context. I mean, aside from just the privacy in general is... I mean, I think there's so many issues with privacy in general, right? Concerns about privacy in general. Aside from the fact that it's just a given human right, I think it was also Edward Snowden or somebody said that you never have to justify why you deserve a right. Someone else has to justify why they need to infringe on it.

But in addition to that, I think something that should be said is that, and again, we know this thanks to Snowden in A lot of the time, the loophole for spying on American citizens is that once data leaves the country's borders, it becomes subject to surveillance. So last year I went to Europe, right? Suddenly you can spy on me because if I, you know, had to call my wife back home, that data's crossing borders.

Or even on a much more innocuous note, he would talk about how data centers like Gmail, for example, completely unbeknownst to you, they might move a server, like copy the data somewhere else temporarily to like do maintenance on that physical server, right? And that data might go to Canada, Mexico, whatever, or even just sending an email.

You know, the internet... as far as I understand, like it tries to optimize and take the fastest route to something, which let's say hypothetically, for some reason, the fastest route from, I don't know, Texas to California is jammed up. It might, again, bounce over to a server in Mexico and then bounce back over to California to use the fastest route. And now again, your data is open for interception. So it's, yeah, there's just so, so many privacy concerns with AI. And the fact that they...

The fact that this is even a discussion or a question from the military of like, well, can we use it for mass surveillance on Americans? Why? Just, yeah, I don't know. That's... I think that's kind of all my thoughts on that one. Yeah, I... I would definitely and you said we wouldn't talk too much about this, but I would want to highlight the the idea that the US government was going to flag anthropic as a national security threat or for making these demands.

I think it is very concerning that the US government was so insistent originally that like the ability to spy on US citizens domestically was like a hard line that they needed to have not roped enough in this application, especially because this is an agreement between AI companies and the military. Certainly not the people you would want surveilling on your own citizens. But Yeah, I mean, there's problems with AI everywhere.

I think Jordan brings up a good point here that even if there are safeguards against US citizens that eventually get added on, all of this technology, which we already know is extremely unreliable, is going to be used in military operations around the world. And all of this AI stuff, like you mentioned, It's come out very recently. I mean, none of this stuff is like super well tested by any means.

It's all just a lot of tech companies really trying to jam this product into as many possible segments as they can. And of course, that would include the government and the military. And it's all about getting a return on this massive, massive investment that they've all made into AI development.

it just it's it's becoming an actively dangerous situation i think we can see from from this story here and i totally agree with you that it really makes no sense that um this ai use and all the data collection that they're doing will make a real difference in terms of like stopping terrorist threats or plots or like affecting people's everyday lives um And this is an argument that people have known about and people have been making for literal decades, even before like the Internet and

computers were commonplace or used by everyone. It reminds me of like all of the reports that came out following nine eleven in the US about how certain government agencies had intelligence that indicated this might be happening, whether or not that was passed along to the FBI. Like before this happened, were people aware?

i think the general consensus there was like you know nothing was as definitive it wasn't completely reasonable for like anyone to expect that that event was going to happen ahead of time but certainly like these people were in the systems and that data didn't lead to anything actionable happening and it's similar to the to the case you talked about um where where the perpetrator was in their systems and was already flagged And that didn't lead to anything being stopped because all of this data

collection, it isn't leading to any positive outcomes here. They're using national security, I think, as a front for what they really want to do with all of this data. But much like a lot of security protections that we have, like the TSA, for example. This is just a matter of security theater in a lot of cases that isn't actually doing the things that it sets out to do. You know, they have plenty of other reasons to want this data.

And I think national security or stopping threats or stopping terrorists or protecting children or whatever excuse you want to you want to come up with these days. All of that is just an easy way to put a bow on things and describe it without having to really get into the details.

But if you did get into these details, you would see that all of the stuff, the AI stuff that we're introducing into the military, all of the data collection that we're doing on US citizens and people all around the world, really, all of this stuff is just completely unnecessary.

And it's bad it's bad for citizens of the us it's bad for for everyone else in the world and it's becoming actively dangerous um and i think more people need to be concerned about all of that yeah i mean we could make a whole podcast like not even just an episode we can make a whole series out of all the problems with ai but um One of the things also that Jordan said that I thought was pretty good is AI is pretty biased based on its training data.

That's historically been a big problem, especially in a policing context, is a lot of people have accused it of... One thing I've learned is if you go looking for a problem, you will find one. Generally speaking, whatever you go looking for, you find.

And so if police, for example, feed it uh feed ai like all these uh these arrest records right and let's say they all happen in the east side of town then these this ai is going to be like oh all the crime is in the east side of town more cops are going to go to the east side of town they're going to find more crime because there's more cops meanwhile the west side of town is where all the white collar crime is happening um but you know it's it's just it's such a it's such an imperfect thing and

There have been, so far, there have not been any studies that have shown that all this mass surveillance actually stops crime or has any meaningful impact on lowering crime rates. And one of the big things that concerns me with relying so much on AI for everything is, if you guys have never seen the movie Brazil, I highly recommend it. The ending's a little bleak, I'm just gonna warn you.

But it's basically this very absurdist sci-fi movie where this guy gets wrongfully arrested And his neighbor witnesses the arrest and he's like, I don't think they got the right guy. Like I've lived next to this guy for twenty years or whatever. He's never been an issue. And so he basically goes off on a quest to try and deal with the bureaucracy of like you arrested the wrong guy. And he keeps running into people who are basically just like, well, that's what the computer said.

Like, that's what my paperwork says. That's that's just like, no, but that's what it says. And like, that's one of the big concerns that I have with all this stuff and all this.

letting the machines do the thinking for us shout out to the dune fans in the room is that like we're entering this world where it's like when the ai gets it wrong what happens they're just going to be like well that's what the computer said yes but the computer's wrong yeah but that's what the computer said it's like oh my god dude so yeah it's it's a very scary time we're entering into yes We are going to get into some questions from live streamers in a bit. But before we do that,

we have an article here from four oh four media. The headline is proton mail helped FBI unmask anonymous stop cop city protester. A court record reviewed by four of our media shows privacy focused email provider ProtonMail handed over payment data related to a stop Cups email account to the Swiss government, which handed it to the FBI. So I'll read the beginning of this article quick.

Privacy-focused email provider ProtonMail provided Swiss authorities with the payment data that the FBI then used to determine who was allegedly behind an anonymous account affiliated with the Stop Cop City movement in Atlanta, according to a court record reviewed by Foro Fori.

The records that they reviewed provide insight into the sort of data that ProtonMail, which prides itself on both its end-to-end encryption and that is only governed by Swiss privacy law, can and does provide to third parties. Um, so pretty much this, this entire story, um, I, I kinda disagree with, with the headline a bit, although obviously FBI involvement was here.

It is important, I think, to draw this distinction, um, between like, uh, a foreign government asking proton for this information versus, um, the, the Swiss courts. asking Proton for this information because in this case, the FBI did go through those channels and the Swiss courts demanded that Proton hand this data over.

And I think that this is a big difference from a lot of like big tech companies, for example, which will comply with court orders from from other countries where they're Like they might not necessarily fall under their jurisdiction, but they will comply with them anyways, rather than like demanding everything go through the U.S. in a lot of big tech cases. And so. There is I do think you have to draw this distinction because. You know, the Swiss courts do limit a bit.

as far as like what what information can be requested. But obviously we've seen a number of times that they have been willing to demand the data of activists in this case who aren't necessarily doing anything illegal. I don't know exactly what these people are being accused of, but I do know that charges against a lot of the people in this case, according to for media in this article, actually, they said that they've been dropped.

So it's not clear like who's involved or like what level of certainty the FBI even had in the first place as to like what crimes the person behind this email supposedly committed.

At the end of the day, kind of similar to the big story with Proton revealing the IP address of a French activist a little while ago, the issue isn't necessarily the fact that they're handing over information, although it's certainly not great that they have this information to hand over in the first place because we can look at court cases from signal for example where the amount of information that they have and do handover is extremely extremely limited whereas it seems like a lot of uh

data that proton has is is not protected as you would expect um but i think it really just highlights the importance of understanding what data you have is protected and isn't protected when you use any service, including Proton. Because the encryption that is used in a lot of cases, and certainly in the case of Proton, which is an email provider, which is already not a great technology for protecting this sort of metadata.

The encryption that's used even in end-to-end encrypted products varies widely. So we could think about Signal again, just for a simpler example, compared to WhatsApp. They actually use very similar encryption technologies.

WhatsApp has famously used the Signal protocol to encrypt those messages for a while, but unlike signal, which has put in a lot of effort to minimizing the amount of metadata that that's collected and logged by the company, WhatsApp and their parent company meta are collecting and storing all sorts of information about like, who's registered on their service, when they're using the app, who they're communicating with, they have all of that information.

And in that place places you at risk, even though WhatsApp is end to end encrypted. And similarly here, At the end of the day, I don't think it's reasonable to expect Proton to not comply with court orders, of course. I don't know. Maybe you saw this in Consignment, but I don't know if I saw in this article whether Proton fought back against this court order or to what extent. And so I'd be interested to know about that.

But I will say, at the end of the day, looking at the... I think especially after the French activist thing, Proton has made a bit of this more clear and it is pretty clear in their privacy policy, like what information they have. And I think that people just need to go into situations like this, assuming that any data that they give to a third party service provider could potentially be either leaked in a data breach or handed over in a case like this.

and need to plan accordingly because the only protection that you can really rely on is strong encryption of all of the data you want to protect. You can't rely on privacy policies. You can't rely on companies avoiding court orders. if they have the data, it will eventually be leaked, whether it's the company giving it away or whether it's a hack, which seems inevitable. I mean, Nate, you publish like a data breach roundup every single week, right?

With all sorts of companies that are hacked all the time. I think it's more than most people would expect.

And yeah, you can find that on our website if you want to go back in time and see all of these happening but um yeah you have to rely on encryption and you have to really take a look at what these companies are encrypting because proton is taking a lot of data that they do not encrypt at the end of the day and you need to plan around that yeah it's um Yeah, real quick, fun story on the data breach note. I started doing that back many, many moons ago. I started my own just solo podcast.

And when I ended up teaming up with Henry at Surveillance Reporter, that was my one stipulation is I want to bring the data breach section And that's kind of why I started doing it here as well is because, like you said, I think people don't realize how frighteningly common data breaches are. And that was kind of like my thing is like I wanted people to realize, like, if for no other reason, take your privacy seriously than the fact that this happens literally every day.

But yeah, it's... I think the reason I always like to share these stories about Proton sharing data is not to beat up on Proton necessarily, but I mean, for one, I already know there's going to be a lot of people out there spreading conspiracy theories about how Proton's a honeypot and this just proves it. But it's like you're saying, like email... So many. I think this is actually in one of our upcoming videos here that should be coming out soon.

So many of the technologies that run the internet were invented literally in like the nineteen sixties when there were ten people online and they were all like college kids and there was no need for security because nobody was doing banking transactions. Nobody was doing sensitive military plans. Nobody was sharing like intimate communication. It was all just literally like research that was all going to be made public at some point anyways. Right.

And like maybe a few notes here and there about like, you know, Hey, did you get the document or whatever? But it, so security was really kind of an afterthought. And unfortunately as the internet grew and scaled, we kind of just kept bolting afterthoughts onto this, this stuff. And that's how we end up with things like encrypted email, which, you know, proton is great to does great.

But both of them and mailbox and like all of these, they're really just applying band aids to technologies that were never really designed to be secure. And that's why we like things that things like signal that were kind of like, what if we went into the ground floor and tried to be as secure as possible? But even then, those have use cases. Like, I always push back on that.

A personal pet peeve of mine, I hate when people are like, oh, well, you shouldn't use encrypted email because email was never designed to be secure. Use Signal instead. And it's like, great. The day my bank agrees to send me a Signal message, I will be in agreement with you. But we're just not there. Like, unfortunately, again, we still have all these legacy technologies that are floating around because they just are.

And I think... I think these stories are unfortunate because Proton, like every company is going to try to market why you should use them, right? And I think for, especially for the target audience of people like Proton, it's very difficult to explain to people in a nutshell why they need something like Proton or PGP or anything. It's very difficult to explain to them why Gmail and Yahoo are not secure. And also to explain nuance, right?

It's a very fine line to thread, especially when you're talking to the masses. And I think there's definitely places where Proton could do better. Like I think with that French activist one, Proton did actually change some of the wording on their website because it wasn't technically wrong, but I could see how somebody could get the wrong impression. And I don't know, this stuff, I'm trying to put my thoughts in order here.

It's frustrating because I don't think Proton necessarily did anything wrong here, but I could see how people could be lulled into a false sense of security. And I do want to point out, somebody pointed out here in the chats, they said like no end-to-end encrypted data was given away. The account owner simply had bad OPSEC. It's this person, like I will admit, I pay for my Proton account with a card. I use a privacy.com card. which is linked to my name.

Like if, if I was the person in this scenario, for whatever reason, um, the FBI could request data from proton proton. They, here's their card info. They could trace that back to privacy.com who could trace it back to me. I know that's not fully anonymous, but also I'm not an activist. If I was doing like serious, heavy activism work, I would probably take some more steps. I don't really want to victim blame here, but I guess, um, And Proton pointed that out too.

They said like, we do accept cash. We do accept cryptocurrency. They don't accept Monero. I'm going to always call out on that, but it's, yeah, it's, it's like, it's, it's important to know the limitations of a tool. And again, like I mentioned this earlier in the show, there's a difference between privacy and anonymity, right? Proton is not promising you anonymity, at least not by default. You're So I think it's just really important to keep in mind the limitations of these tools.

And I just remembered you said is from what I understand, Proton did not push back on this order because they were informed that apparently this person, I don't know if charges were dropped. The article said that charges hadn't been filed. What exactly did they say? Uh, four or four media is not publishing the person's name because they don't appear to have been charged with a crime according to searches of court databases. So maybe they haven't been charged with a crime yet.

Um, but yeah, Apparently, Proton was informed that the person in this situation was violent, that they had already shot at one officer, that they had explosives on them. I don't know how true that is. That's Proton's justification, and you are welcome to have your own opinions on whether or not that was justification enough. But it is... Yeah, it's – Proton does push back sometimes. They kind of do it on a case-by-case basis, which I don't know how I feel about that.

But they try to get as much of the facts of the case as they can before deciding whether or not they want to push back on a core order. But yeah, it's – I don't know. I think for me, the big thing again is I hate seeing people confuse privacy with anonymity and get really upset and be like, oh, Proton shouldn't have complied. Proton even said this. I don't know if it was in here, but there was a Reddit thread where Proton issued an official statement, which was very professional.

I was impressed by it. And they did mention basically that, look, nobody can operate above the law. There's not a country in the world where we're not subject to somebody's laws. And They choose to be under Swiss laws. They feel that Swiss laws are very thorough and set a very high bar. But yeah, I mean, ultimately, at the end of the day, I personally would be more worried by a company who ignores the law because they're going to get shut down eventually.

Like they just they can't keep operating outside the law. So, yeah. Yeah, I, I agree. It's a very fine line for them to be treading here. At the end of the day, like the headline is accurate. They did help the authorities. And you might not expect that from a company that markets itself so heavily around privacy.

And a lot of people in the privacy community, especially, I even saw a comment here from our team member, Jordan, saying they could make it more obvious the data isn't encrypted, which I think is certainly true.

But at the same time, I think you have a really good point about like Proton needing to market this product towards an extremely broad audience who does not care about these problems and who isn't like going to be affected by court orders because the demographic that Proton is targeting is primarily businesses and people who are switching away from the Google Workspace suite of things. And it is just objectively true that switching from Google to Proton is a huge benefit for those people.

No matter what they do, really, it's always going to be an improvement in their privacy and security. And a lot of these people are not going to be concerned about the nitty gritty details of some of this stuff. And also to Proton's credit, between their privacy policy and their blog and some pages on their website about transparency, for the people who are concerned about all of this stuff, you can find all of this information pretty accessibly on their site and in their resources.

You do have to look for it. Which you can certainly argue is unfortunate, but also you can see that as a legitimate decision for them to make because it doesn't probably make a lot of sense to overwhelm the type of person or business that's switching from Google and Microsoft to Proton with all of this stuff that isn't going to impact them. It's a very hard problem to solve.

And I think that for people who are in this situation, making it more clear that you need to be using tools like Signal or SimpleX or other messengers that are designed from the beginning to be secure rather than like you said, sixties technologies that have had a ton of stuff just bolted on over time.

like that is the actual solution here and i think that like more tools that are designed to be as private as possible by default without having to worry about this makes a lot more sense than than proton like trying to describe every possible case where your data could be could be leaked or shared like this So yeah, it's kind of unfortunate, but I'd agree that I don't really know what else Proton can do in a situation like this.

It's very challenging, and they've created this challenge for themselves because they chose to make an email service, but that is what they're doing at the end of the day, and there isn't a great way to handle this, unfortunately. Yeah, I agree. I mean, it's I think we hit a certain point where it becomes It becomes kind of a personal opinion thing in the sense that like, for example, this person here on YouTube said that I think that doesn't justify the move they've made.

And I could see that argument where like, again, if you're saying like they shouldn't have handed over any data period, no matter what, I completely disagree because they will. If you go with a bulletproof provider who does that, eventually they will be shut down. And now even if you didn't do anything wrong, your data is sitting in an evidence locker alongside everybody else.

We've seen that happen time and time again, but I could see the argument of like, well, they still, they should push back on every core order by default. And I can see that argument. I don't know if I necessarily agree with that for the record, but like, I definitely see where you're coming from. So that's what I mean when I say like, we kind of get to a point where it becomes personal preference. Like, should they have pushed back harder? Should they push back every time?

Because there's also a part of me that says, well, if they cooperate, let's say they cooperate on, objectively awful cases, like we know this person was genuinely a terrorist in the wrong, we know this person is trafficking CSAM, we know this person is doing awful, awful things, then I feel like that kind of improves Proton's position when if they get a BS request that's like, oh, we just don't like that this journalist wrote mean things about us. Okay. Cry me a river, go home.

We're not turning over the data. So I don't know. It's just, it's, it's personal preference, but yeah, it's that same person just said, there's a reason I've always avoided email. I'm kind of backing up what you were saying. It's, it's less, uh, but, uh, you know, we, we need to focus on things whenever possible. Again, I mentioned that my bank is never going to send me a signal message, at least not anytime soon.

And I wish they would, but, um, yeah, trying to avoid email when you can trying not to. I don't know, just trying to move to those more private or more secure from the ground up alternatives where possible is kind of the only solution. But it has its limitations for sure.

But I think that was all of our stories this week. I was poking around Proton's website. Let me close these tabs. Those were all the questions. So it's time to start taking viewer questions, actually. If you've been holding on to any questions about any of the stories we've talked about, go ahead and start leaving them in either the forum thread or the comments section of the livestream.

And we're actually going to go ahead and start with the forum thread, which Last I checked only got one question. Yes, that is correct. So we have a question from anonymous five, seven, one. First of all, big thanks for the work that we do. Thank you. You said in the past, I used a single Gmail address, which was not your main email address for all sorts of random account signups for things like discord, Amazon. Netflix, news websites, one-off trials, et cetera.

You said, I've used this email address for many, many years. Needless to say, it's a bit of a cluster. Younger me thought that I was being smart, not having these accounts fill up my main email address with spam. Cut forward to today and being more privacy and security aware, you got, ironically, a Proton subscription with a custom domain. You've been updating all your old accounts to either Proton or simple login aliases and aliases on your custom domain.

Got me thinking, however, is this merely updating my email with a unique alias a waste of time? Should I rather be creating completely new accounts for all these websites? The thinking is that they likely keep version history of my email address so I could still be linked or profiled based on previous email addresses. A data breach could also expose the email history, so it doesn't help in that respect either.

Updating my email with a unique alias on all these websites is one thing, but creating new accounts and closing the old ones gives me goosebumps just thinking about it. I have some complicated thoughts on this one. Well, complicated in the sense that I feel like it's very nuanced. You know, it's always nuanced, right? So, I don't know. Do you want to go first, Jonah? I mean, yeah, I could give a few thoughts on this.

We might be thinking about the same thing here, but I do think certainly it's a good thing to switch to Proton, start using simple login aliases for all your accounts because it is super important to use Proton a different email for every site that you use for the same reason, pretty much that you'd use a different password for every site that you use, which is that, you know, especially you don't you don't even necessarily have to be concerned about the website itself tracking you,

although that is definitely a concern with some websites. But as we talked about previously in the show, data breaches are super common. And these sites will, like when these data breaches are out, if your email is shared between data breaches, that does create a pattern that can be used to track you across these sites and create a profile of like the kind of sites that you're using. And these data breaches are super common.

So you don't want to have any information between data breaches that can potentially be linked together. That is a privacy concern. Um, As far as updating your email with accounts you already use or deleting accounts and starting over, that is something that is going to really depend on what you think is worth it.

I think the person who has this question really laid out a lot of the reasons why you might want to do that and also the reasons that you wouldn't want to do that, especially like just the effort involved in having to recreate all of these accounts. And it really depends on how you feel about that site. I don't think for a lot of websites that you would sign up with, it's probably fairly unlikely that they are tracking like email history, for example.

And if we're talking about like a big tech company or a data company like Amazon or Facebook, I would think that that is more more likely.

But if you're talking about like a general e-commerce shop or a random form or whatever, um it's probably unlikely that they're storing that historical data forever and so changing that might be fine but of course that is um a case where you would have to trust that is happening and and you'll never know for sure so i i think the way i would sum this up um is just like at the end of the day you have to decide whether the uh Whether recreating all of these accounts is worth it for you,

but that's going to be an individual and maybe even a site-by-site basis, which I couldn't really tell you. I don't know if you have more actionable advice than that, Nader, if that's kind of what you're thinking, but definitely share your thoughts. Yeah, very similar. I will say this isn't necessarily proof, but...

In all the years that my brain has become an encyclopedia for companies that have had data breaches, I've only ever seen one that had a breach that exposed the email you signed up with. I can't remember who it was, but I remember it does stick out in my mind because I remember thinking like, oh, that's weird. We've never seen that before.

So, I mean, I... I find it kind of hard to believe that if this was a common practice of companies keeping a history of your email addresses, that they would keep – I find it hard to believe that if companies were doing that, that we wouldn't have seen more of those breaches by now with how common these breaches are. Um, it's certainly possible, obviously, but I, I don't know. That's the, I've only ever seen one that did. I do agree.

I would just add onto that really quick that like, in my experience, hosting software, like thinking about open source software, we're talking about the major platforms like WordPress or form software, all the stuff that like all these tiny sites would be using. I've also never seen, um, really any situations where like that is commonplace in software. So I would imagine you'd only really see that from like a big custom made website, maybe from a big tech company, but it seems pretty unlikely.

I would agree just from the software side of things as well. I've never really seen features like that personally. And also that story that I referenced, it was literally only the sign-up email. So if you signed up with Gmail and then you changed your email like, it would only have that Gmail and then your current email. It was really weird. I wish I could remember who that was.

But anyways, my only concern with this, if you want to make all new accounts, I certainly don't think that's a bad idea. I know there's a lot of people in the privacy community that actually like just periodically nuke their accounts and start over all the time. I think we have a regular in our forum who did that recently, actually.

But I think my concern would be, especially with some of the more mainstream platforms you mentioned, like Discord and Amazon, I notice it's becoming increasingly hard to make new accounts, especially privately. Like a lot of them will ding you for using VPNs. A lot of them will ding you if you're on like Linux or an uncommon browser. So you run, and a lot of, some of them even like Reddit, Oh my God.

I get more and more pissed at Reddit with every passing day because Reddit now has this little user and it's totally invisible. There's subreddits you can go find and check it. It's called like CQS or something. It's basically like a user score. And if you're not active enough, if you're not messaging enough, if you're not using the platform enough, your score lowers and they think you're a scammer or a spammer bot, whatever, which I guess kind of makes sense because that is the thing.

If you're like someone who spends too much time on Reddit, which I have in the past, you're that is a thing where like people will literally make accounts and then sit on them dormant for like six months. And then they'll sell the account to somebody who will start spamming. Because, you know, now they're not like a brand new account and they don't look suspicious or, you know, they'll go out and they'll like get a whole bunch of karma and then they'll sell the account to someone else.

So I kind of get why they do that. Or, you know, people lurking that just like only send DMS or whatever, but it's, it's, It makes it frustrating. I shared this story a couple of weeks ago. I logged into, I have an account where I've identified myself as the new oil. I used to be really active in like r slash privacy. And I logged in for something. I don't even remember what, but I logged in for something. And on my homepage was r slash privacy.

And it was a question that I was like, oh, I can leave an answer to that real quick. Like I'm qualified to answer this. This person seems like they're asking a good question. So I went in and I typed out my answer. And when I hit post, it was like, oh, your score is too low. You can't post in here. And I'm just like, all right, whatever. Don't care because I haven't posted in like a year.

So yeah, it's just, it's that would, I guess where I'm going with that is that would be my main concern is if it's something like, you know, dominoes and you're ordering pizza, right? They don't care. As long as the card goes through, make a new account, whatever, if you want to.

But if it's something like, again, like Reddit, Discord, they're probably going to put up some blocks and like make it, probably more of a pain in the ass than it's worth in my opinion and especially some of them like gmail discord they might require a phone number and they're kind of strict about not allowing voice over ip so at the end of the day it's probably going to be more work than it's worth in my opinion but it does depend on your threat model um yeah i i guess that it really depends

on your threat model and how much work you're willing to put in but i i don't think you have to i think if you want to it's not a bad idea but in some cases you might get diminishing returns The other thing I would say is I certainly don't think you have to do this all right away unless you have a particularly good reason to. And kind of similarly to how we handle opting out of data broker databases in the US.

We typically recommend, unless you have an immediate concern right away of some threat against you, Just taking your time with it. I think you don't want to you definitely don't want to burn out like spending many hours straight just constantly recreating all these accounts. Right? This is something you could do over the course of I mean, even even a few months if you if you want, just do Just do a few accounts a day.

I find if you already use a password manager, that is a really helpful way to find all of your accounts. So you can go through basically a list and update the email on them at whatever pace you want. If you aren't using a password manager yet, definitely start using one because that's super helpful for just, I mean, not only like all of the typical benefits of a password manager in terms of security, but also just having a list of like all the places you have an account in the first place.

That comes in handy very often. And it's a huge benefit of using a password manager like that. So yeah, just going through things, taking your time is probably fine.

but yeah really really depends on your situation you mean you don't have to be me the psychopath who changed all my passwords in one weekend in one sitting I don't think you have to be I would say if that gets you going then good for you yeah I wouldn't recommend it but I definitely did that it was not wise All right, so going through the chat here, just to address a few of the chats.

Back with the headline stories, somebody asked, will Graphene OS have two flavors now, or will there remain one flavor? As far as we know, there's still just going to be one version of Graphene. There's not going to be multiple versions per device. Yeah, and I believe it's been confirmed that you'll be able to install Graphene OS from their website like usual on these devices, which I would expect because Graphene OS places such an emphasis on...

You have to trust every single aspect of the installation process to know that your phone is secure. And so doing it from a trustworthy source that you can verify from the very beginning is important for your security. And I can't imagine Graphene OS would give that up. They've also said that... I believe GrapheneOS has confirmed in one of their social media posts.

It's so hard to find some of this information about GrapheneOS because it's in a lot of sporadic social media posts rather than one place. So I don't have the post pulled up, but I believe I've seen that they're not going to be including any Motorola loadware in GrapheneOS or anything like that. I think it is still an open question as to whether Motorola will pre-install it as we discussed earlier.

And if that will be called Graphene OS or if like Motorola will be pre-installing maybe a fork of Graphene OS that does have their security tools and maybe they won't. call it Graphene OS. Maybe they'll do it for different branding reasons. So it's not considered to be a second flavor of Graphene OS, but maybe their stock operating system will incorporate a lot of Graphene OS features and you could maybe consider it similar to Graphene OS in that regard. I don't know if that will happen or not.

It's very unclear what the final product will look like. But I think that we're pretty certain that there will always be just the standard Graphene OS that we're all familiar with right now available across the board with this device and with Pixels as long as Google decides to support this and that the experience shouldn't change. So you'll always have just the standard Graphene OS option no matter what Motorola decides to do with the stock stuff on their end.

You know, that just occurred to me, this is totally off the cuff. So maybe I'm being stupid here. I wonder if this will in a way pressure Google to, to maybe, maybe not full on reverse course, but maybe be a little kinder. to custom operating systems.

I can't imagine it's a huge, huge... I doubt like, fifty percent of people that buy Pixels do it to put graphene on their phone or something, but I have to imagine there is a not insignificant portion of people, and I wonder if this opening of competition... Because graphene is really the only one that's pixel-only, right?

Kallax people can go to the Fairphone, there's a couple of Motorolas, lineage people can choose every device ever made practically like but so I feel like now that graphene has competent or like you know what I mean like now that there's other options I wonder if that'll kind of make Google like hesitate a little bit like oh maybe we should not be quite so aggressive because we might actually drive some people away I don't know maybe maybe it's just me dreaming but

true and kind of relatedly i brought this up in some of the graphene os discussions on our forum this week but i almost wonder if this partnership with motorola can maybe convince google to change their policies around like google play certification especially when it comes to banking apps um i know people replied to me saying like you know under under the current policies, they'll never accept something like graphene OS for a variety of reasons. And that's certainly true.

But Google's policies, especially when it comes to like Google Play certification, they're not like an inherent law of the universe that's written in stone, right? It's it's Google's. It's up to Google's whims to decide what they allow for Google Play or not.

And maybe Maybe Motorola can be like and whisper in Google's ear through some back channels and get some changes made to the Google Play policies and somehow get an exception or a rule change or something for Graphene OS that would get that approved. I don't know if that'll happen. It's I would agree. It's probably extremely unlikely, but it's probably the closest we've come to it.

And if that's possible, that would be that would be huge for graph, you know, because I know a huge issue that people have is especially banking apps, but other apps that unnecessarily use google plays like safety net api and other services that don't work on uncertified products like graphene os um so that could be that could be a game changer if google decides to allow like sandbox google play into that program seems unlikely but you know you never know i can always hope yeah for sure

We had another question early on. Question for question time. How do I choose a laptop? Any suggestions? Definitely going to be a Linux distro. We do have a page about how to pick your laptop hardware, don't we? I can't remember off the top of my head. I'm going to check familiar, but I feel like we could have had an article about it. I would say, I don't know, it really depends on what you're looking for. Because there's so much there's such a wide variety of hardware out there.

And thankfully, you know, Linux will run on like all of that. So you have a lot of options. For me, it'd be like very challenging. I think to use any of the Intel and AMD stuff lately, just because like power efficiency has turned out to be a really big, big thing for me. It's nice to have like a laptop that lasts all day. And something like Asahi Linux on a Mac is probably one of my favorite Linux experiences. But there are definitely limitations to that.

So it's not something I could recommend to anyone. Everyone, certainly. When it comes to other stuff, I know, and it looks like Nate just pulled that up, we do have a general guide on choosing hardware, and there is a picking computer section. So you could take a look at that for some...

Advice, there's a variety of things to look for, like researching how easy it is to patch the firmware on your computer from Linux, because that is important for security reasons, or what kind of secure element they have for encryption. Typically, all of these will come with that built into the CPU, so it's not a huge concern.

but yeah definitely like whatever provider or whatever manufacturer you decide you probably want to go with i would research uh their track record with non-os stuff like like firmware updates for example that you might want to have on linux because some of a lot of that will come down to the specific manufacturer but as far as specific brands of like what laptops you can choose i don't have um Any specific advice? Unfortunately, that would be a good question.

Like, if you have a lot of specific requirements, or want to share more information about that, I think if you ask on our forum at discuss dot privacy guides.net, and can share a bit more about what exactly you're looking for, what's important to you in a laptop, I think that the community would probably be able to come up with a lot of answers for you that you could consider.

Yeah, that was kind of my thought while you were talking is like what I, I feel like which Linux distro is going to determine a lot and your, your threat model and everything. Right. And somebody else here. Um, somebody else has price limit and then shared a link to Nova custom, which, uh, Yeah. Nova Customs sent Henry from TechLore.

He was telling me he's put the video out by now, but they sent him a laptop that had like ninety two gigs of RAM or something and say this was way before the RAM shortage. And I was just like, bro, what are you going to do with it when you're done? You want to give it to me? But yeah, it really depends because like I'm like I'm a cubes user, for example.

Right. And so if I'm going to buy a laptop, it has to meet very specific requirements about the TPM and it has to have an SSD and it has to have a certain amount of RAM and apparently also has to have a more modern processor, because older processors really slow it down. Versus if you're going to install something like Ubuntu, that'll run on anything, which we don't recommend Ubuntu. There are better distros out there.

But maybe you have a use case, and for some reason, that's the one you want to use. Yeah, I think I'm glad you mentioned the forum. Like definitely if you post in the forum and you're like, hey, here's my threat model. Here's my budget. Here's kind of what my values are. I'm sure people will give you all kinds of every perspective you can imagine about the pros and cons of everything out there.

So. Moving on from that question, first name, last name in our chat asked if there's any statistics we can share about the growth of the community or anything like that. I could pull up and take a look at some of this really quick. Unfortunately, some of our platforms that we were using for just tracking the amount of page views and stuff that we get aren't fully working right now. But overall, for the past year, Everything has been trending up by by quite a bit.

If I look at our form, for example, we typically averaged around like seven hundred thousand page views a month to pretty much over a million January one point two million. But every every month That's on the form anyways, and that excludes known crawlers and other traffic. So that's very good. We've also seen the amount of people who just log in every day and post often. That has gone up quite a bit.

so yeah we don't have like a ton of super detailed stats beyond that because uh we don't track a lot of that stuff but in terms of uh page views um that's up and i could look at like the number of members um that we have uh who sign up for either being a paid member and supporting our work or just signing up for a newsletter to get updates from our website about either about the show or new articles or videos that we publish. And all of that is going up.

You can see like the total number of people who signed up for those notifications is up. Seventeen percent from just last month. So yeah, everything is on an upswing and we hope to consider putting out even more content that people find super useful in their privacy journeys.

And we hope that people will stick around because I think we got a lot of good stuff going on, on our forum and in our communities that make it just a great place to discuss all of this stuff and hang out without any kind of negativity across the board, which I think is a really great thing. The next comment actually came from that same user. They said, a big story this week was the LLM de-anonymization. I did see that passed around a couple times.

I was going to tell you to go check out privacyguides.org slash news, which I do still recommend. But weirdly, I did not see that story. We did not write about it. Or maybe it's queued up and it hasn't published yet. Because I swear I thought I saw Freya post that one in the news chat. Yeah. I'm actually looking here at the... Oh, no, we haven't written about that one. Crazy. We need to write about that one.

But yeah, another... I would say as far as, I know we keep pushing the forum, but even if you don't want to sign up for it and you don't want to participate, the forum works with the RSS. So I actually, long before I came to work for Privacy Guides, I have the news section of the forum in my RSS feed just kind of as a safety net in case there's any articles that don't show up in my usual news feed.

If somebody posts about it on the forum, I will get it in my RSS feed and I'll be able to to go ahead and see that. So I think that one probably got posted because I've seen it in a few different places. But I mean, if nobody did, then you can go and post it and be that person. So yeah, that was a big story. Jonah said earlier in the show, like there's so many stories, it's hard to... kind of pick, like, I'm not kidding.

Every week we end up with like seven stories and we're like, we have to trim this down or this is going to be like a ten hour podcast. So it's really hard. Yeah, it's really hard to pick which stories to prioritize. And, you know, I'll be honest, like even even me, sometimes when I'm editing the clips over the weekend, I'm like, man, you know, I kind of wish we'd talked about this other story. Um, so like it, it happens sometimes it's hard to prioritize them. There's a lot of stories out there.

So, um, definitely find reliable sources, whether that's the forum, whether that's privacyguides.org slash news, um, or a trusted outlet. Um, we don't cover it all. We try to bring you, we try to bring you the, the big important ones. Um, yeah. And I'll also say on this show, like the stories that we can, um, that we can discuss and have, have, Good things to add to and probably that people have questions about that we can answer on the live stream.

We're certainly aware that like we don't cover a ton of stories. I know there's other shows that people might find similar to this one that really are more news focused and kind of cover every single headline throughout the week. And we explicitly haven't been doing that. But we know that people want to stay up to date with that stuff.

So we are thinking about like more ways that we can get um just headlines in front of people and get that content shared even if we don't discuss it here on the show whether that's through like privacyguys.org news or from uh from other from other things that we are thinking about working on that we can maybe see if people are interested in soon um so yeah Yeah, I was just going to add on to that real quick.

Even back when I was at Surveillance Report, where we regularly covered like, thirty to forty stories a week, there were still times that I was just like, man, we missed this story. We should have covered this story. It is so hard to pick which stories are the most important ones that people are going to resonate with. Going back to community statistics really quick, Jordan just shared that we just hit nine thousand subscribers on YouTube. So that's cool.

Over fourteen hundred of those subscribers are just in the last month. So that's definitely growing quite a bit. So, yeah. And of course, we're constantly getting new followers, whether it's on PeerTube or Mastodon or other social media platforms, too. So all of those numbers are up as well and continue to grow. So I'm very happy that more people are becoming interested in all of the topics that we're talking about here because I think it's important. Yeah, for sure.

We got a quick question from Twitter. Do you guys see MixNet and data type traffic, like the Molad data type traffic obfuscation tools becoming popular now that countries are coming for VPNs more and more? And then follow up, do you think these tools should be in more threat models? I don't know much about MixNet. I know data... I think data was designed... I mean, it's in the name. Data was designed more to combat AI traffic correlation as opposed to censorship.

Personally, I would like to see something like that become more common just with the rise of AI. Earlier, we talked about how historically defense contractors had a struggle with... having too much data and not knowing how to parse through it. And for better or worse, I think that is coming to an end with AI, which is why I brought out the danger of trusting AI implicitly, that AI just says, well, here's all this traffic correlation, so he's guilty.

And if nobody's double-checking that, things are going to get real bad real quick. I mean, yeah. But I think... I think if the last I heard the, the UK was very heavily favoring, uh, regulating VPNs. And I think if that happens, we're definitely going to see a spike in censorship obfuscation and resistance tools for sure. Um, but that's just my two cents. No, for sure.

The tricky thing with all of this, with all the tools like that, is that they typically are easy to detect, like, just from your ISP standpoint. So, well, similar to a VPN, like... It's challenging to see what you're doing with those connections and even more challenging with something like Tor or other mixnets because there isn't a single VPN provider that legal authorities can go after.

Hiding what you're doing, hiding just the fact that you're trying to maintain your privacy and trying to protect your security and your data on the internet, hiding the fact that you want to do all of that in general from your ISP is a very challenging thing to do. And again, similar to like what I talked about in earlier in the show, I think it's just incredibly important to remember that like, This isn't only a technical issue that can be solved with something like Mixnets.

It's really a case where people need to demand from their governments and from politicians that the right to maintain your security online and the right to maintain your privacy when you're browsing the web and avoid trackers and all of this stuff That is something that needs to be enshrined in law and upheld by these institutions. It's not something that technical people are going to be able to just thwart forever if the governments are really going after this super hard.

And so it's very challenging, I think, in a lot of places. And if you're in a particularly oppressive regime, you don't have a lot of options and you kind of just have to go with what works, but we're seeing all of these laws like age verification and other privacy invasive things, proposed VPN bans, et cetera, happening in countries that are supposedly very democratic and should give you a lot of control.

And these are wildly unpopular ideas, especially when people fully understand what these laws are asking for. I think people need to recognize that you actually do have a lot of power if you don't want these laws to be passed and you need to demand more heavily of your own government that this sort of law is completely unacceptable. That is the solution that we have to do in a democracy at the end of the day. And more people need to take up the mantle on that.

Yeah, I don't have much to add to that. I did one quick follow-up. I think this is probably our last question here. But first name, last name, that asked the laptop question earlier. They said they were thinking about Cubes. Yeah, somebody else mentioned the HSI score. Cubes does have, it should be fairly easy to find if you, I think if you just go to their documentation, it's like one of the first topics. They have a really good documentation for Cubes.

They have a list of all the different laptops they've tested, whether or not they're compatible, which ones are. They'll even tell you which components. The graphics card drivers don't work, but the CPU works. It gets pretty granular, and you can look up whatever specific laptop you're thinking about getting or desktop or whatever. And they'll tell you if it's compatible. They'll also tell you if it's been tested or not. Like, yes, one of our team members bought this and confirmed it. It works.

Yes, it works. But there's caveats or like, no, it doesn't work or like it should work, but we haven't tested it. It's really good. So I would definitely start there for sure. So. Not a question, but anonymous to at five so that ends new activism project is going to be a read for the weekend. Absolutely. I think this is an incredible resource, especially if you are interested in some of the stuff I was just talking about being an activist or an advocate for privacy rights in your area.

area, or starting a local organization like EFF Austin, for example, where we're going to be next week. But organizing groups like that, I think a lot of the resources that Em has published at privacyguides.org slash activism are super useful. And even if you're not sure if you are a privacy activist or you're not super into that. I think a lot of it is very good advice. If you are interested in any of these topics that it's definitely worth a read. So yeah, totally check it out.

Yep. Yeah, I saw that comment too. Thank you. We're super excited about it back here as I'm sure you guys can tell. So But I think that's all we've got, actually. So I guess we'll go ahead and call

it here. All right. Well, all of the updates from This Week in Privacy, we share them on our website on the blog every week. So you can sign up for the newsletter or you can subscribe with your favorite RSS reader if you want to stay tuned and get links to all of the stuff that we talked about. in the show. For people who prefer an audio version of this, we do put the audio version of this recording on all podcast platforms and RSS.

We also sync the video recording of this to PureTube after the fact, so you can find this video later without having to go to YouTube if you don't want to. Privacy Guides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, then you can make a donation on our website at privacyguides.org slash donate.

You can contribute using standard fiat currency via debit or credit card, or you can opt to anonymously using Monero, or you can donate with your favorite cryptocurrency, whatever that may be. Becoming a paid member can unlock exclusive perks like early access to video content that we publish on our channel, and priority during the live stream Q&A. You'll also get a cool badge on your profile in the Privacy Guides form and the warm, fuzzy feeling of supporting independent media.

Thank you all for watching, and we will see you next week live from Austin, Texas. Very exciting. See you, everyone.