GrapheneOS is Taking Accessibility Seriously!

Graphene OS has released an in-house text-to-speech software, California is exempting Linux from age verification laws, and some major new research in both privacy and cybersecurity. All this and more coming up on This Week in Privacy, so stay tuned.

Welcome back to This Week in Privacy, our weekly series where we discuss the latest updates with what we're working on within the Privacy Guides community and this week's top stories in data privacy and cybersecurity. I am Nate. Glad to be back. And with me this week is Jordan. How have you been, Jordan? Oh, you're muted. Good. Yes. Thank you. Let's comment to dive into some of the stories this week. All right, yeah, there's, oh man, there were so many stories this week, so many big stories,

but we picked a handful of the ones we feel are the most important, and we're gonna go ahead and dive into those, starting with the initial release of Graphene OS speech services for text-to-speech. So this is kind of what it says on the tin. You know, to be totally honest, it's very straightforward, but it's still really exciting and pretty big. I don't personally I'm subscribed to an RSS feed where I'm subscribed to a lot of the major projects in the privacy community.

So like I think I'm subscribed to the blog for Signal, Debian, Fedora, a bunch of projects. And Graphene is one of them. But I kind of only get their releases, I think, on GitHub or something. So I don't know if this is something they announced they've been working on for a while or not. But to me, it kind of came out of nowhere. And, um, it's pretty cool. So it, uh, again, it is what it sounds like.

It's if, if you have, well, I mean, any phone really, um, you know, when it talks to you, like if you're using a navigation app or you're using a Duolingo or, um, trying to think what else, uh, maybe like a screen reader. Um, a lot of these apps do not, as far as I know, don't come, uh, like built in with their own voice library.

Um, they rely on the phone's text to speech ability and, uh, For those of you who have ever used a custom OS, you may have realized that A lot of the custom OSs do not come with a built-in text-to-speech library. And up until now, I believe I saw in the comments on this thread that Sherpa is a really popular one. I've never heard of that. I hate to admit, I historically have relied on just the Google text-to-speech.

I've went and downloaded that from the Play Store, which is probably not great for privacy. I honestly, it didn't even occur to me that there was a... I think I did a search in F-Droid and I didn't find anything, and that's why I did that. But... Might check out Sherpa now. I don't know. But this is really cool because Graphene now has their own that they're offering. It is currently only available for US English.

And if you're in another language, you basically have to go and manually change that. It says here in this announcement that once it's bundled with the OS, it will be enabled by default. So activating it won't be necessary. According to the changelog, that just happened, I think, on the twenty fourth. So like earlier this week. So if you are a Graphian user and you are on the latest version or you're about to install it, this should be enabled by default.

If for some reason you are not on the latest version, the Android UI for this is super, super confusing because... Let's say you go ahead and download this. Let's say you're on an old version. You download it and you go to settings and you go to system and you go to language and region. It says all this right here, speech, text to speech output, preferred engine. It'll show it there. And it looks like it's enabled. So it's really confusing because you're like, yeah, it's there. It's on.

Why isn't it working? But again, it's bad UI. You have to actually click on it and select it as if it wasn't there. It's a horrible UI. And that's not graphene for the record. That's just Android. That's Google. That's all on them. It's terrible, but thankfully it's bundled by default. So now you won't even have to think about it and it'll work. They say that this was built from a fully open source model for text to speech, which they created themselves using existing open source code and data.

And they actually, I guess they just recently got like a better, I think that's a GPU and RTX, so now they can continue to improve it and they can build these models faster and stuff like that. They said that they will most likely be doing German and French next. because they believe those are their next biggest user bases. And they said UK English would likely be much easier to add because of the shared code and data. So pretty interesting stuff.

And what I thought was exciting was they said they also plan to make their own speech-to-text implementation so you can talk to the phone, again, for things like Duolingo or not so much voice notes, but I think dictation. You can say what your text messages are and stuff like that. They said that if they do more languages, they might add the language as an optional download in the App Store, the Graphene App Store, just because that would be a lot of stuff to download. And I get it.

Let's say they get a lot of community support and they're able to pump out German and French and Finnish and Chinese and all these other languages. I personally would have no need for those. So I really appreciate them trying to keep the model pretty light. But yeah, I think that's kind of the... The core of this announcement, the only thing I did not see anywhere, I don't believe it's...

Because sometimes Graphene will make some of their apps available publicly, like their camera and their PDF reader. You can go download those from the Play Store right now. But I did not see any indication that they're going to be doing that for this. I don't know if that's something they're planning to do or not, but... I didn't see anything about that. So those are kind of the facts of the story. I'll turn it over to Jordan first.

I don't know if I have a whole lot of analysis or opinions, but so Jordan, did you have any thoughts on this one? I mean, I just think this is a good step in the right direction, right? Like we should be having this feature built in by default. I think accessibility gets put on the back burner a bit. I think most people when they think of text-to-speech, this is mainly used... The thing that came to mind for me personally was navigation apps.

You probably want Because I don't know, it depends on where you live, I guess. But generally looking at a phone while you're driving is legal. So you probably don't want to do that. So like having someone read out instructions is kind of important, right?

Like that's a basic function that I think a lot of people would would want right and that's something that has originally it was done through Google's speech synthesis um model which you know that's another problem you have to download that from Google you probably don't want to have to do that if you can avoid it right so um I think this is just another addition though that Graphene OS has been doing where they've been building out stuff specifically for like

like as a replacement for Google's tools, right? Like we saw how they've got, you know, they proxy a lot of requests that are made on the operating system, stuff like that. It's just another additional thing where we're not relying on Google for their software because, you know, like we saw we've been seeing, I guess, is that Google is kind of being a bit restrictive with their whole ecosystem. The future of Graphene OS on Google Pixels is a little bit up in the air.

There's a possibility that it may not continue in the future or it might have issues because Google wants to lock things down and limit access right so I think this is good from that perspective and also for people that are you know low vision or no vision you know like some people use their phone like specifically in uh in Android there's this option for talkback which basically allows you to navigate your phone without having to look at the screen, right?

So I think this is also going to be kind of big because I think, you know, here at Privacy Guides, we really kind of push this a lot, but like privacy should be accessible to anyone, especially, you know, people that shouldn't be excluding people based on, silly things like that, right? I think this is just a step in the right direction on that aspect from an accessibility point of view as well. Like for people that... I think having this added by default is going to make it a lot easier, right?

Because before you would have to go through, log into the Google Play Store, download this thing. It's like you can't expect someone to be able to do that. So I think this is pretty cool. It's a good addition. I personally found that... This wasn't enabled for me by default. I had to go and download it on the GrapheneOS app store and then follow the instructions in the GrapheneOS forum to actually enable this. So I would probably look at that if you're interested in using this.

Another thing is it's... I think they definitely are going to be working on the sound of this a little bit. I'll just play some example audio clips right now so you can hear kind of what it sounds like, because I'm sure some of you probably are wondering that. Here's just a test from Organic Maps. If you know a software developer, you can ask him or her to implement a feature that you need. Our main goal is to build fast, privacy focused, easy to use maps that you will love.

So, I mean, I think it sounds fine. You can understand what it's saying, right? But I think it's definitely a very early... I think it definitely doesn't sound as good as what Google offers, right? Which kind of makes sense. They're a massive trillion-dollar corporation. But I think it does what it says on the tin. So, I mean, I think that's just good in that respect. But yeah, it wasn't enabled by default if you already have the operating system installed.

But I think like Nate said, it'll be enabled by default and selected on new installations possibly. So I would follow the instructions if you're interested in getting that installed. So just to clarify, you're saying that when you updated to the latest release, like you already had graphene, you updated to the new release and it still wasn't enabled by default for you as a pre-existing user? So I had to go into the GrapheneOS app store and download this package.

So the GrapheneOS speech synthesis package, and then I was able to enable it in the settings. Okay, okay. So yeah, so okay, I guess if you're an existing user, you have to go grab it via the instructions here on this post, which are in the show notes. We link directly to this post, but if you are moving to Graphene for the first time, it should all be bundled with, which is pretty cool. Yeah, there were a couple things you said that I wanted to add to.

Number one, you did mention the Google one, and... One thing I forgot to mention is the Google one, in my experience, doesn't always work offline because I know that's kind of like that was my first thought when I was like, OK, well, I'll download the Google speech synthesis and then I'll just use the firewall to just cut off access. And for some reason, some people said they've done that successfully. For me, that didn't work. It like needed an Internet connection.

But yeah, so it is really that is one reason it's really cool to have this like private alternative platform. It is if you're one of those people that it's not working for you to just firewall Google. And yeah, I also just want to back up what you're saying about accessibility is I feel like and, you know, I I have good vision as long as I have my glasses on. So so I could be wrong here, but I feel like open source has done a. mostly OK job, at least some of the bigger services like Mastodon.

People are really sticklers, in a good way, for making sure that you alt text your pictures and stuff like that. And I know even Loops, when I upload Loops, there's an option to add a description of the video. And so I feel like some privacy or some open source has done a really good job of being accessible for visually impaired people. But overall, I do agree that there's a lot of work to go still in terms of having a good, smooth voice sound.

Which again, yeah, considering we're competing against a company that probably built their voice synthesizer by just stealing everybody's voice all the time. I think the graphene one sounds pretty good for what it is. But definitely, I think... I've been trying to think... I would like to write some blog posts about this topic, but I'm trying to think of how to put it into words. I know like...

You know, my wife, I'm very open, has like severe ADHD and that's something she struggles with is the UI. Like for someone like me, it's just kind of like, yeah, you know, it's not that pretty, but it works. But for someone like her, like that, it fails to grab her. And it's like, it's grating to use. It's like nails on a chalkboard for her because of her ADHD, or they're missing things. Like she hasn't switched a proton calendar yet because it doesn't have tasks like, like Google does.

And like, she needs those, like she lives by a to-do list. And so, yeah, I think in general, open source has a lot of room for improvement on accessibility. And it's really cool to see people taking a step forward, not trying to get on anybody's case, just pointing that out. So. Yeah. If that's all we have, you have any more to add to that

one? Ah, no, not really. I guess we can jump onto the next one here. So this next topic is about researchers issuing a warning about tech that could turn every router into a potential means for surveillance. So here's this article here from Gizmodo. Um, so basically researchers warned that a new method of detecting people through wifi signals poses a serious privacy risk. So basically they did a study, um, And they focused a little bit on beam forming feedback information.

So I guess for people that don't know what beam forming is, basically it allows routers to direct signals towards devices more efficiently. And there's like, that's like an unencrypted connection that is made basically. And that feedback that is received by the router can be accessed. So that is kind of what this research paper is talking about here. So according to the study's press release, once a machine learning model has been trained, identifying someone takes only a few seconds.

So they can identify people based on their feedback that their device basically makes to a router, which is, I guess, kind of makes sense, right? Because, you know, That would be, I mean, I think this is interesting, but I'm not sure how likely this would be in practice. But it says, during the study, researchers collected Wi-Fi signal recordings from nearly two hundred participants as they walked through a Wi-Fi field using different walking styles.

The data was recorded from four different perspectives using both the BFI method and another older wi-fi sensing approach relying on channel state information basically channel state information is basically how a radio signal changes as it travels through a room that's what the article says here so the old csi method was able to identify individuals based on their normal walking style at eighty two point four percent accuracy Basically, they're saying that this technology where

they can analyze the feedback from people's devices using the beamforming basically enables them to identify that device as being there. So that could be used to track your location or track where you've been, basically. I'm not really sure what the... what the fix for this would be. I guess like there would have to be an update to Wi-Fi standards to basically overhaul and replace beamforming technology completely.

But I think also the other technique that they mentioned in this article is also kind of still applicable in that method as well so I don't know it's kind of it's kind of concerning but I think this is basically you know if your device is making or connecting to like any sort of radio signal it's kind of able to be tracked I think this is kind of a a normal thing that we should be acknowledging as possible like we talked about this a little bit last week or the

cellular technology, for example, like, you know, that's the same thing, right? You're connecting to towers, radio towers, like cellular towers. So, you know, whenever you're making connections like that, the information can be intercepted or like tracked, right?

So, I mean, I think this is I guess this is kind of obvious to me so I'm not sure if this is like it feels like it's a little bit scaremongering this article um like your device makes wi-fi signals that can be tracked like I don't know that seems kind of obvious to me but um yeah do you have any thoughts on this one Nate that you wanted to add I feel like I'm not seeing this this is that much of a concern but No, yeah.

So I think one of the reasons we picked this article this week is because it did make the rounds. A lot of people were sharing it. I did see some people had very similar takes to you where it's like, yeah, this is – like is this genuine research or is this just kind of fear-mongering? And I think it's a little bit of both because like I didn't really pay much attention to this article when I first saw the headline because I'm the same as you.

We covered a story exactly like this I think two or three times back at Surveillance Report when I was on there. But I think – From what I understand, this is kind of like the next evolution. You know, we talked again back on surveillance where we talked about how like at least the first time I remember seeing this, which I think somebody said in like because I found this article through Bruce Schneier and somebody in his comments were like, yeah, they've been able to do this for decades.

Like there's proof of concepts going all the way back to I think he said the nineties. And I think when, again, when I first heard of a story similar to this a few years ago, it was kind of like, Whoa, that's crazy. And then we heard about it again, like a couple of years later and it's like, Oh, this again. And I think what it is is it's, it's just getting better every single time. And, um, I think that's what makes it concerning.

Cause yeah, basically the idea is, uh, for those who don't know radio waves of any kind, um, when they pass through something that changes, it's like sound waves or light. If you've ever seen, like as a school experiment or you've seen the, I wanna say animation, but that's not the right word, the examples, the graphics of like light hits water and then it bends, right? Like anytime something passes through a medium, it's going to change.

ask me how I know this is a sound guy who works with wireless equipment. Um, one of the most annoying things people can do that they still do. And I get it is in a big room, they'll take their little wireless microphone pack that like clips on here and they'll stick it behind them. And it's just like, cool. So now the antenna has to pass through your body, which is a giant bag of salt from an RF perspective. And you've just dampened my signal signal significantly because of that.

And, um, so it's the same thing with wifi. It's the same, it's a radio wave. It's the same thing.

And as it passes through a person or drywall or, uh, a couch or a cat or whatever it changes how the signal moves and so basically they're just getting better and better at detecting those changes to the point where now not only can they say like oh there's a couch and a cat sleeping on it and someone in the room they can be like i know who's in that room and which cat is in that room and i i think that's A little bit scary. But that said, you're right.

Like the researchers did say that they have not seen any evidence of this being used in the wild. The article really didn't give a lot of detail. They just said that researchers are urging the I, I think they call that IEEE, the organization that sets industry standards to include stronger privacy safeguards in the upcoming eight or two dot eleven BF standard, which is meant to standardize Wi-Fi sensing applications.

So they didn't really go into detail, but it sounds like there are some changes that could be made to, to at very least mitigate this. And hopefully those will get made, but yeah, I think it's, it's I don't know. I find research like this really interesting because it's, it's kind of a, it's like a balance, right? Because I think this is the kind of stuff that if we're not careful, this can turn into paranoia. Like your wifi signals can track you and this could track you.

And hypothetically, we're gonna talk a little bit later about a story where like your hard drive could be used to track you. Like there's so many ways to track you, But it's also a question of, like, is this actually happening? We have no evidence that this is happening. The article didn't really specify, like, do you have to be local? Like, they mentioned that beamforming is unencrypted.

So, okay, does that mean you have to be my next-door neighbor who's hacked into my Wi-Fi and you're doing this? Or does that mean that, like, my ISP on the other end of the connection could be doing this? It's not really clear, but... Yeah, I think it's just I think I like covering stories like this just to kind of make sure people are aware, I guess.

I don't know if it's a huge threat, but it's definitely interesting to know that these kinds of things are possible and hopefully fix them before they do become widespread, commonly abused tactics. I think one interesting thing that you brought up there was like, you know. the radio wave stuff. Like I feel like we almost might have seen this before, right? Like we saw lots of stores implementing Bluetooth beacons to sense like Bluetooth is the same thing. It's a radio, right?

Like it's radio waves. So like, you know, I can imagine that this would be used by stores to track customers or to track activity within a store, right? This could be used for something like that too, right? I don't think so because the Bluetooth thing is based on someone correct me if I'm wrong, but as I understand it, the Bluetooth thing is based on the idea that like your phone. So most people.

myself included, I hate to admit, when I go into a store, I have my, this is a pine time, but I have my watch and I have Bluetooth turned on, connected to my phone, mostly because sometimes I won't hear it ring. Like sometimes I have my headphones in and I'll listen to podcasts while I go, sometimes I won't. And if I don't have my headphones in and my wife texts me like, oh, hey, I just remembered to grab milk or whatever, I won't hear my phone.

But then if my watch buzzes and I look down and it says new signal message, Um, but anyways, the reason I bring that up is, you know, I've got my phone connected. And so my phone is, and my watch both are broadcasting Bluetooth signals and, um, stores will like, every time you go into the store, I think they, they basically record your device and they, they track it as you walk around because it's broadcasting. It's not really so much like the RF, like physically tracking you.

It's that they recognize your device.

It's like a type of fingerprint, which I think is why, um, a lot of like apple and android both i think or maybe it's just like graphene does it but i know like apple will randomize i think they randomize the mac bluetooth address i know they do it with wi-fi but um they're they're basically trying to fight that a little bit so that way you don't have the same bluetooth address every time you walk into the store and they can't track you as easily but i think that's the i think that's how

the bluetooth thing works um uh so okay terracotta has an interesting point here i feel like at this point scientists should hold back from any research that's potentially harmful to privacy i don't know i appreciate this research in the sense that they're like trying to get it fixed you know like i said at the end they're they're trying to get the ieee to fix it and it goes both ways right because there's um like i don't I do and I don't agree with you because, yeah, on the one hand,

it could be, it's almost like a disclosure, right? Like when you publish a vulnerability, now all the cyber criminals are going to use it. But also like if we publish it, then maybe people will know it's out there and we could like try to get it fixed. So I don't know. I feel like that's a, that one has pros and cons that go both ways in my opinion. I think also it kind of sucks. I feel like the Wi-Fi ecosystem is...

They said that they might introduce a fix in Wi-Fi BF or whatever that... I think Wi-Fi eight or... Yeah. So I feel like that's another issue with Wi-Fi is like some people I know, they're still using like eight or two to eleven B or like some like ancient like Wi-Fi access points and stuff like that.

So it's like, you know, I think it's probably not going to be something that's going to be fixed very quickly because I feel like most people that are using Wi-Fi six, even Wi-Fi six or Wi-Fi seven or Wi-Fi six E they're like on the cutting edge. I feel like most people still haven't upgraded because there's not really that much of a need. I guess maybe if you live in a country where there's actually fast internet, maybe, but I don't know. That's another problem.

No, I totally agree because I'm in the same boat. I've had my same router for, God, like, ten years now, I think, or close to it. And, yeah, like, why would I upgrade? Like, the speeds are fine. You know, maybe – I mean, maybe I need to upgrade to a better plan for my ISP, but the router works. It covers the whole home.

If I got a bigger home, then I could just, like – you know, most people would resort to, like, repeaters or, like, a mesh network at that point instead of just, like, buying a bigger router. So – Yeah, I feel like routers are one of those things that you kind of only replace when they like break break. So I don't know if that's necessarily good or bad, but I agree with you. I think it's something that a lot of people just don't replace very often.

And so if you have an old router that is not compatible with this new BF standard, then you might be vulnerable to this for a while. But again, I hate when the articles don't mention like how possible is this? Again, is this something that like, I need the KGB agent surveilling me next door in secret, or is this something that can be done remotely? I don't know. I'm going to read the paper. I'm going to see if I can find out. I mean, I don't know.

I was convinced that you don't actually have to connect to a Wi-Fi network to actually cause it to... to be able to sense someone, right? I think it's just walking within a Wi-Fi connection, I believe. But definitely double check that because I didn't read the paper. Right. But I think the thing is that somebody has to be listening. It's a tree falls in the forest kind of situation, right?

Any beamforming network is capable of this, but somebody has to be listening for it in order for it to work, I think. At least that's how I read it. I don't know. Yeah, exactly. Yeah. I might keep that tab open and read it later. Cool. Sounds good. I guess, I mean, that's everything I had to add on that. Do you have anything more that you thought we should cover on that one?

I don't think so. So on that note, I think it is time to move on to site updates. We will be talking in a little bit about some new developments from FDroid and Tor about funding and digital freedom, some really exciting stuff there. But first, yeah, let's talk about what we've been working on this week. So it's another one of those weeks where we've been doing stuff behind the scenes.

I know it hasn't been a super big... publicly forward-facing, but we have a new video coming up that I think should be ready pretty soon, diving into NIST's updated password advice. So historically, you know, the password advice has always been... you know, long password, uppercase, lowercase, letters, random, all that fun stuff. But now a lot of people know that NIST's new guideline is that your password, you should focus more on length and complexity doesn't matter so much.

So we put out a video explaining, first of all, like where did this complexity advice come from? How does it even work? And then on top of it, we talked about the new advice. And like, how does it relate to the old device? How is it better? Is it better? So yeah, I'm excited for that one. I have not seen the edit yet. I know Jordan's been working hard on that. But I'm proud of the script. I think we did a good one there.

And then after that, I am in the middle of working on a new tutorial tackling the recent Plex price change. And I think you guys will like that one.

yeah um there's so many different directions you can go one thing i like about this job is that i have a lot of creative freedom um but sometimes that makes it hard for me to know the best path to take so uh but that one's coming along i think it should be ready to send to jordan here in the next few days so that's kind of everything that's been going on in the video side Cool. I'm excited to see how the Plex video turns out.

I'm kind of interested to hear thoughts, actually, because maybe we can dive into that a bit later, because I think that would be an interesting topic to talk about. But yeah, just to keep things on track here, I guess I can dive into some of the site updates this week. I've kind of been following a lot of this stuff, but just for... Clarity, this has all been Jonah's work here.

Basically, there's been a new project that we're working on at the moment, and that is a Android app verifier database. If you've been following along and you're quite into the custom Android space, you'll know that A lot of times it can feel like downloading apps off GitHub and other places like that.

It's hard to know if app is safe or if it actually does come from the developer itself or if you're downloading the right thing and originally the way to kind of check that was if the developer offered a app certificate hash which you could compare to the one that you download so to basically verify that the app you downloaded is the one that the developer actually created so that was kind of only limited to very specific developers who actually made that information public,

which was kind of frustrating, right? Because there'd be a bunch of apps that you're not sure if their authenticity is actually verified or not. So we're kind of working on, and when I say we, I mean mostly Jonah, but there's this GitHub repository that we've basically opened up to the community, which allows people to submit their app certificate hashes.

And it basically, through GitHub Actions, it'll verify whether someone's submission is associated with currently known applications, like on FDroid, on Google Play, or a direct GitHub link. And that basically gets processed by someone on the team and added to this database. Basically, the goal is to have a database of apps that have app certificate hashes to basically make sure that you are actually running the apps that the developers have actually created. It's to avoid inauthentic apps.

I think this is actually a lot more important when we talk about custom Android. I think this is less important if you're just downloading everything from the Google Play Store because it's a trusted place to download apps. Trusted, I say in very large quotation marks because it's often filled with malware and all that stuff. But you at least know that if you click on something and download it, it's definitely going to be from the actual developer.

Although, you know, asterisks, as usual, there's apps that are trying to bypass that and all that. But it's a lot safer to do things through Google Play. But obviously, there's the issue with Google Play is it's not very privacy respecting because you have to have a Google account, download apps from there. And a lot of apps... don't meet the requirements for the Google Play Store.

So basically, I hope I've kind of summarized things well enough here, but There is also, this is all like pre-production stuff. So I wouldn't go out and use this right now. I think it's good to get people from the community to contribute to this project because I think it's good to have this resource. Jonah also just recently, he put together a, basically a website, which you can like search and check to see if, you know, if the apps that you've downloaded, you can compare the hashes.

So if you want to check that out, I've just put it in the chat here. But it's definitely an interesting new project that we're working on. So definitely keep an eye on that.

I think it's also project that we want to keep working on at this at this point though uh you know we're still kind of early in the process of developing it and there was someone that was working on an app verifier app which would basically allow you to check your installed apps and uh check to see whether the hashes match our database um so you know it's It's... that was an unofficial project by someone else and at this point we don't have any plans on maintaining any Android app.

like that so we can't really promise anything on that aspect it would be nice I personally would like that but I think it also is a lot more effort on our end and we're already like quite a small team and we're just trying to provide the best resources for people and I think even if this is uh done through a website at this point I think it's still very useful and very uh uh very good you know community project that we can all contribute to I personally already

contributed a couple apps it's really easy to do that if you just download the app verifier app you can get that on a crescent or you can download that on github you can basically get the hashes of your apps and submit a an issue which will you know line it up to be added to the database. I would definitely recommend checking that out if you're interested in contributing. We've already had so many submissions from people in our community.

So thank you so much to anyone who's been contributing on that. It's been really awesome to see just how enthusiastic people are about this new project. And like, I mean, enthusiastic. Like we've had like probably over three hundred. Let's over four hundred. Yeah. Between open and closed. We've closed three hundred and nine, but there's one hundred and two still open. They need review.

yeah so that is really awesome uh and that's only you know that's only popular apps so if you've got apps that are less popular i think that could be a good addition to the database as well um but yeah i'm just really excited for that project i think that was a really uh really awesome idea so uh what else have we got here so there is a lot of information there kind of i just info dumped super hard so definitely just check out on the forum on discuss.privacyguides.net definitely check

that out um there was also some uh news as usual we have news stories that freya and uh nate usually work on so if you check out privacy this week Ah, all free this week. But yeah, sometimes Nate, if he has time, it just, you know, we're busy. We're busy. We've got a lot of stuff we're working on. But I did notice Nate did put together a data breach roundup as usual. So if you want to look at that, that's definitely another thing to check out. Some posts by Freya.

One here about... Google Family Link, allowing people to get locked out of their accounts. Signal macOS desktop app, not actually deleting messages when it should. And yeah, as I said before, the Data Breach Roundup, some big stories in there, actually quite a lot this week. So definitely check that out if you're interested. And okay, I think that's everything this week in terms of site updates. But yeah, I guess I can... kind of plug stuff a little bit here.

Basically all of this is made possible by our supporters. You can sign up for a membership or donate at privacyguides.org, or you can even pick up some really cool swag at shop.privacyguides.org. I recently got some from the store and I will say I've got one of the, I'm wearing one of the hoodies right now and it's really high quality. It's actually probably one of the best hoodies that I own. So I'm not trying to shill too hard, but it definitely is. High quality.

So definitely if you're considering that, definitely check it out. Privacy Guides is a nonprofit which researches and shares privacy related information and facilitates a community online on our forum and matrix where people can ask questions and get advice about staying private online and preserving their digital rights. Now let's talk about the latest developments in California around age verification laws and Linux.

Yeah, let's see here. All right, so California, for those who don't know, where do we begin? So California has been doing all kinds of there's been a number of states here in the US actually, that have been implementing a wide variety of age verification. Okay, so age verification laws in any form in the US are unfortunately, I think, officially, more common than not, I think more states have passed age verification laws of some kind than have not.

But that said, some states have gone a little bit, well, I don't know if I'd say it's overboard or not. I mean, it's definitely age verification laws of any kind are overboard. I'm just... You'll see what I mean. Anyways, some states have gone above and beyond and decided that they need to add this to the operating system level. And this has been wildly unpopular for a lot of reasons.

And usually, a big reason with a lot of these laws of any kind, usually one major reason that people have issues with them is they're overly broad, which... I could get into a whole thing about whether or not laws are made to be brought on purpose and whether that's good or bad. Uh, I digress. But, uh, California specifically was one of the ones who said that like, you know, we're, we're gonna, every operating system has to age verify.

And because California is one of the biggest States in the U S uh, the open source community was kind of like, all right, hold on. Because again, this is like the way it was originally written is I think it would even require like things like firmware to, to update and, or not update, but to, to age verify. And, Yeah, it was pretty crazy, but I guess the long story short is thankfully there was enough pushback from the community that lawmakers are now adding an amendment. What's it called?

Assembly Bill one eight five six A.B. eighteen fifty six. currently moving through the California legislature ahead of committee reviews in June, would amend the state's earlier age assurance law by excluding software distributing under licenses that allow users to copy, redistribute, and modify the software. And the article says here that in practice, this would probably exempt most mainstream Linux operating systems like Debian, Fedora, Ubuntu, Arch, and Mint.

But they do point out that things like SteamOS, for example, would probably still fall under the law because Steam is based on Arch, but I think it is. I know the Steam Deck is based on Arch, and I think that is SteamOS, but I could be wrong. But because it is a variation put out by Steam, there are some changes to the licensing. So yeah, yeah. I don't know. I mean, I'm going to be honest.

My opinion on this one, I don't think this is a win because I don't think these laws should be there in the first place. It's really weird because I know... I will be fully honest. I used to think if age verification is going to happen, this is probably the least invasive way to do it. And I still think that may be true, but I still think that overall, these laws in general are trying to solve the problem the wrong way.

And I'm sure a lot of you guys would agree with me in the sense that I think the focus should be... Not on blaming the parents, but empowering the parents. Like, I've told this story before. My sister, she had her first child. And granted, he's still a toddler. Like, when he has a device, it's because they, like, you know, okay, you can... You can watch YouTube for... What do they used to watch it? Hay Bears? It's... I mean, that was back when he was, like, an infant.

But it's literally just, like, dancing shapes on screen. Anyways, like, it's stuff that it's, like... It'll keep him busy, but it's, like, for, you know, like, they don't babysit him with the screen. And the reason I mention that is, you know, when I asked her, I'm like, hey, did you know that your iPhone has parental controls? And she's like, no, I didn't. And granted, you know, he's not old enough to need those parental controls yet because he doesn't even have his own device.

But... I think it would be better to focus on making sure that parents are aware of these. And we've had some conversations on this podcast before, because I know Jordan has mentioned that every time you set up an iPhone, it asks you for your age. And I don't know if that's standard everywhere now. Maybe that's something Apple just does now, or maybe that's because you live in a country that has age verification laws. But I don't know. Getting back on topic, I don't think this is a win.

I think we should be focusing more on those kind of solutions because I think it's twofold. I think first of all, it's kind of selfish. It kind of says like, well, we don't care about the Windows people. We don't care about the Mac people. They don't deserve privacy, which I think is a very messed up attitude to have because privacy is a human right. And that's like saying like, oh, well, this person's not a farmer, so they don't deserve food. And I really disagree with that take.

And I also worry about what if, you know, I could see the argument of like, okay, well, what if this pushes people toward Linux? first of all, not everyone can use Linux. There are people in perfectly valid situations that can't do that, or at least can't daily drive it. And second, like, okay, what happens if we push enough people towards Linux?

Then now the government decides actually Linux has enough users that this now needs to be regulated too, which personally I could totally see happening. So, um, I think this is a short-term win, but I don't think it's a long-term win. And I think it leaves a lot of people up a Creek. Um, but that is my, my personal take. I don't know. Am I, am I missing something here, Jordan?

um i mean yeah i think we're we've kind of like i don't know what's the what's the way of saying it like beating a dead horse something like that uh we've we've talked about this like a lot like the the you know we're going to be against any form of age verification and like oh wow they made it so linux doesn't have it it's like It can be changed at any point. I don't think this is particularly great from that aspect as well.

I think also the issue with this is they haven't really backed down on age verification. They're just basically excluding very specific stuff that was the most controversial. I think we should be pushing these politicians to think like, oh, so why? Why? Why are you exempting certain operating systems? Aren't all the children just going to switch to Linux and then start using that instead and then bypass it? It doesn't really make that much sense to me.

I think you either... put age verification on everything and it's like dystopian and like absolutely awful to use and it locks down the entire internet or you don't like there's not really a middle ground like this i think it doesn't really make that much sense to make a specific exemption for linux uh I also don't think these politicians actually think that far ahead. They just think, oh, this will sound really good to my voters. This will sound really good to my constituents.

That's great, but how are you actually going to apply this? How is it actually going to be implemented? And I feel like that's also an issue that I've seen. Like, I guess I'm going to open about this, but I'm not from the US. I'm from Australia and we've had some really bad age verification stuff. I think we're one of the first countries to have that. I think it might have been the UK first. And then we did social media bans as well. So it's like, you know, it's... It's...

It's really... it's really just the way that I'm seeing platforms actually move to implement these changes is it's not really working. Like I don't think they thought that far ahead. They never thought like, Oh, like how are we actually going to implement these changes to actually do this?

And you know, didn't think about it from like a privacy perspective like there's definitely some people in our team that i've talked to that you know they hold the opinion that maybe there could be a way to do this in a privacy respecting way maybe there is a way to verify someone's age privately um which you know i respect that like if if that's the opinion that you hold but i think also the The fact is that a lot of times when we see this stuff, they always, they never do that.

They never make it the most private and secure possible. They always go the easy route, which is people uploading their IDs and people, you know, being linked to their accounts through their ID, like, you know, I'd love to live in a society where that is the priority, but that is just not the priority for these companies and it's not the priority for these politicians either. So anyway, trying to at least conclude my thoughts here a little bit.

I think asking people their age on setup, like Nate said, like that was something I noticed on not just, not just iPhones and Apple devices, but also I noticed it when I was setting up a Google pixel as well. It asks you during the setup, like what, what age group are you? But it doesn't really seem to really push you on that. It's like, oh yeah, I'm, I'm above and you just press continue.

Like it's, it doesn't really see like this, this thing that they're asking is, it doesn't seem like a very robust system in the first place. It just seems like another thing that is going to leak people's privacy and it's going to be kind of hard to implement. So yeah, I guess Nate kind of said like, oh, is this a positive thing? I mean, maybe a little bit, but like maybe it's good for the people that are using Linux in California.

But like we kind of already thought that that would be the case, right? I don't think... I don't think you're going to get a whole bunch of these Linux developers who can barely even agree on what the best desktop environment is to how to implement age verification. I just don't see that ever happening. And I think people in the Linux community are even more stubborn about this sort of stuff, like implementing specific stuff like that.

Some people completely avoid systemd because of all of that debacle.

People will avoid using Wayland because they don't like that debacle it's like people are already very opinionated I don't think people are going to be rushing to implement age verification on their Linux distro like it's just maybe on the more corporate focused distros that might be the case but I think a lot of these community ones are just not going to comply anyway so I was like less of a concern I think SteamOS definitely could be one of those that it does comply but especially

because they are accessing you know allowing access to games that are restricted. So yeah, that's kind of my thoughts. Do you have anything else you wanted to add as well, Nate?

yeah i uh i definitely agree what you said about like the the community is already so fragmented like i remember system d added an optional field for age and everyone lost their minds and i'm not saying i'm not i don't have an opinion either way for the record but like just even the comment section in our videos like the people got so angry and one dude like forced system d and removed that field and Yeah, very opinionated. But yeah, no, I agree with a lot of the things you said.

You mentioned that, yeah, I do believe there is, in theory, and I don't even mean like if you squint in theory, there are so many ways that we could do age verification in a privacy-respecting way, like everything done on device, encrypted, this, that, the other, all this sends is a yes or no flag. But we don't. You're absolutely right.

We never do it that way because... it's cheaper it's easier you can double dip in the data i guarantee you some companies will do that if this stuff comes around um like that's not even a matter of if it's a matter of when so it could be done in a privacy respecting way but it it won't it never will um one thing i did want to mention is uh at the beginning you said that like this could change later one thing i will give california I don't know if credit's the right word,

but apparently from what I understand, it's really hard to change laws in California because I remember when they came out with the, what is it, the CCPA, their privacy law, EFF was actually against it. And I remember them saying on one of their podcasts that the reason they were against it is because laws are so hard to change in California. Like normally they would be like, well, okay, cool. This is a good baseline and we'll work to improve it.

But again, because laws are so hard to change in California, for some reason, it's a California specific thing. It's so hard to change existing laws that they were just kind of like, no, we need to push for better from the start because we might never be able to change this or not be able to change this for a very long time.

Um, so yeah, it's, I don't know, but, um, only other thing that came to mind while you were talking is i i do think this shows that pushback can help like um we we really got to get louis rossman on the channel one of these days to tell the story but uh there is a video um full disclosure i'm on the board but louis rossman last year spoke at eff austin and he told his origin story and uh part of it was basically like It's a great video, you should go watch it.

But to kind of summarize, my point is the first time he went and spoke with his local representative, he very politely was like, oh, I think this bill you're endorsing is wrong. And he explained why the bill was wrong.

and the senator or not senator i can't remember what it was he might have been a senator but basically he like he um he did take rossman's advice and he he sided with rossman but he pointed out he's like yeah of course i didn't know that he's like i'm like i don't know how any of this technology works and the only person who showed up to say anything was the lobbyist from the other side who told me all this crap i didn't know he was full of crap i don't know how any of this works and um

So that was when Lewis realized, he's like, oh, especially at the local level, at the state level, in the city level, a lot of the time, nobody shows up. Nobody says anything. So yeah, the whole Linux community came out pissed off about this, as they rightfully should, and the politicians rolled it back. But nobody did that for Microsoft. Nobody did that for Apple.

I'm surprised they didn't push back on this because there seems like none of these companies ever want to be the ones on the hook for the IDs. But anyways, my point being is like, I guarantee you if more people in general were pushing back on age verification, the politicians would back down. It doesn't always happen, but ninety percent of the time it happens. And yeah, so I don't know. I just wanted to point that out.

It's like Not to shill our own stuff too much, but you know, privacyguides.org slash activism. We have a whole activism section on how to push back on this stuff because if nobody does, like clearly the open source community pushed back and they were forced to change course. Yeah, who knows? And I do want to highlight real quick, Puring Pudding pointed out, does Android technically count as Linux? Great point.

I don't think so because it's been modified and now it's released under like a different license. So like Android in the sense of like stock Android that you get on your Google Pixel or your Samsung if you buy a Samsung for some reason. But, you know, I don't think that technically counts as Linux under the definition of this law. But yeah, it's... It just goes to show that this stuff is a lot more complicated than politicians realize. So, yeah, I think that's all I got. No, that's good points.

I think it's, yeah, it's important to get involved in your local community, like stuff like if you live in California, you need to make more noise. Cause I think if most people would be against this, I think, you know, maybe not, maybe not everybody, but I think a lot of people would probably be against this. It's already had so much backlash already, especially from people like Lewis Rossman and, you know, all these, all these types. So I guess that is one question.

Is there, is there someone that, that people can contact about this? Like, how does this, do you have to contact your representatives in California? Is there like a way to find where to talk to someone like that? I'm not really sure. Obviously, you know, maybe. There is, I did, let me go find it. I did a blog post a while back about, oh, it's hold on. It's actually pinned at the top. Yes, basically there are websites where you can look up who your representatives are.

Congress.gov, House.gov, and Senate.gov are all for state level – or state or federal level. I mean CommonCause.org and USA.gov. I think CommonCause especially.

I was on one the other day that went all the way down to like – like city judges and like these people didn't even have pictures the the role is so like quote unquote small um i think that was common cause um there's proposed laws there's like bill track there's gov track there's fast democracy there's legiscan um so in the u.s those are some resources um i think we might have a bill tracker on the activism section now i'm not entirely sure um because i know

we did just add a new section recently but Oh, no, that's the DPA directory. OK, my bad. I think that is something we do want to add in the future, though, hopefully. But yeah. I mean, yeah. I would start there at least to learn who you represented. Read the local news, honestly.

Like I have a couple of different local news stations saved and like in the morning when I'm still kind of waking up, which is probably not the best time to be checking the news, but like when I'm still kind of waking up, I'll sit on the couch and I'll skim the headlines and I will see things about like, oh, there's a data center in this town next door. Like there's a meeting coming up on Thursday to talk about the data center.

And I wanna start showing up to those things and be like, yeah, no, these are a bad idea and here's why. I know at least in my area, they've managed to get one data center temporarily paused because there was so much pushback, and I'm very proud for that. But it can make a difference. I saw this person in the chat here said, P P P P P P said in the chat, uh, get Lewis Rossman on the show. I think it's definitely possible. Uh, it's definitely possible. So it's, it's very possible.

Um, we do want to do an interview with him. I just, I don't know what to ask him because I feel like he's such an open book. It's hard for me to come up with questions. Um, but yeah, no, we, we definitely want to, it's, it's something we've been thinking about and talking about a lot. It's totally doable, but yeah. I don't know. Maybe we should just have him on the podcast one of these days. We should talk to him about it. That would be fun. I was about to say that. That'd be fun.

Yeah, there's also this other person here. So Terracotta Pie also said, every time I hear about age verification laws, it brings me pain. Yeah, we're kind of a little bit sick of it here. It's like every week there's like something new relating to this. Yeah, I don't know why governments right now are just like super obsessed with this suddenly.

It's like AI, except, I don't know, they're obsessed with like verifying people's identities it's kind of unfortunate but I do think you know kind of coming back a little bit to that lobbying thing I do think these these lobbying groups are you know probably kind of pushing for this a lot of this technology because when they implement all these age verification like systems it's all like kind of getting funneled back into these companies uh because you know that's a lot of customers

you're about to get a lot of customers if every single person on your platform needs their age verified so i can see why that might be a thing uh someone here said That'd be a good convo, yeah, to have Lewis Rossman on. Yeah, I definitely agree. That would be really cool. Yeah, and something else you said that I forgot to make a note about was when we talked about you set up a device and it asks you what's your age, what I would love to see is...

Because I think something that I've been trying to focus on a lot more is like in arguing with this – or when talking about this age verification stuff, especially with parents, is to point out that it takes away their – agency as parents it takes away their right to decide what sites they think are okay for their kids to visit and when they think their kids are old enough and i think i completely sympathize with parents who feel like maybe the internet is a little overwhelming and technology is

overwhelming these days i think that's um a perfectly legitimate way to feel but I think, again, going back to the example of my sister, how many of these devices will prompt you? Like, is this a child's phone? And how many of them? And I genuinely don't know. I haven't set up a new phone in ages. And, you know, since I mostly use custom operating systems, like maybe they're all, you know, they don't do this stuff, obviously. But yeah.

It would be nice to see a phone that like asks you, you know, OK, this person is like thirteen to fifteen and it shows you here are the parental controls available instead of. You know, I don't know if it does that, and I think that's what I would like to see is, you know, to raise awareness that there's already tools that, from what I understand, are pretty decent. And yeah. And also we need more of those tools on the privacy focused stuff.

Like I saw an article from proton earlier this week about how Chrome has built in parental controls and you can block specific websites and stuff. And I'm like, that's amazing. I bet you brave doesn't have that. Cause you have to sign into a Google account to do it.

But yeah, that's what I would like to see is just more stuff that's focused on empowering the parents to know what options are out there and how to exercise them rather than just trying to parent for the parents, which I don't think any parents really want to be honest. So. I don't know. Just a thought. Definitely. I guess here we could jump into this next topic. This one here comes...

They're just two kind of quick topics that I thought we should cover this week, which was something about F-Droid and another thing about the Tor project. So just quickly jumping into these two topics here.

This one here from F-Droid is... new financial support for fdroid thanks to floss fund so fdroid was recently uh was awarded fifty thousand dollars in funding from the floss fund and basically it's a fund that basically uh funds valuable open source projects um I think this is also super important for these projects because a lot of times hiring developers, developers are really expensive, especially if you need a good developer, that's easily over a hundred and fifty thousand dollars a year.

in employment costs to get someone employed for that. I think that's really cool. Basically reading more into this article here, some information about the Floss Fund. The Floss Fund aims to donate up to one million dollars annually to Floss projects worldwide with no strings attached with the purpose of empowering developers and maintainers through financial resources to sustain and grow critical open-source ecosystems.

Notable FOSS projects like Blender, FFmpeg, OpenStreetMap have gotten support in the past and now FDroid has too. The introduction of the funding, funding.json standard built on JSON allows projects to add funding details in the code base, making it easier for backers to navigate aid efforts. This streamlines donor support and quietly builds a stronger financial foundation across community-driven tech work. So basically, they kind of go through how they're going to use these funds.

Basically, what F-Rite is saying is they're going to move some key tasks forward, like supporting core operations, updating infrastructure, securing new features for better access to ad-free community-built software. Working on supporting a new format called funding.json, this is a standard way for app creators to share information about how people can donate money to support their projects.

And once that work's done, FDroid's server, the tooling we use to manage our app store, will be able to automatically collect donation information from app projects that have set up funding.json on their website. So basically, this is kind of like a move to allow developers to get funding that they need for their apps. It's kind of interesting. Basically, if your app is on F-Droid, you may qualify for the Floss Fund.

It's basically there to support existing and widely used open source projects on there. So I think, you know, this is going to be really good for developers that are you know, making apps that, like, a lot of people are downloading but, like, no one is supporting because, you know, I think a lot of people kind of take things for granted a little bit.

Like, behind every app that you're using, there's, like, a person developing that and, you know, it takes a lot of time to maintain things, keep things updating, keep things working properly. Yeah. So I think people should try and donate whenever they can. I think that's super important.

I guess to dive into the second story here from the tour project, there's this new coalition of privacy projects and this is led by the Tor Project and the Funding the Commons and basically it's a participatory funding campaign so if you go to internetfreedom.torproject.org Or you can go to that website through their onion link. It's basically a Web three native crowdfunding initiative. Basically, this is a way to accept contributions in Bitcoin, Ethereum, Zcash, Monero, Gollum and others.

Yeah, it basically can benefit ten non-profit projects working across privacy, censorship, circumvention, secure communications and public interest digital infrastructure. And basically there's an initial one hundred and fifteen thousand USD matching pool, which was supported by Cake Wallet, Zcash Community Grants, Logos and Octant.

So I think this is also one of these things where I think the Tor project, as well as a lot of other projects that are listed on this page, a lot of them were benefiting from, like, US government funding through, like, the Open Technology Fund as well. So, you know, that is currently being stripped down a lot by the current US government. So, you know, they've definitely seen a dip in funding.

And I think this is... kind of important to develop a parallel system to allow these projects to keep getting funding. And I guess to talk about some of these projects.

So this includes SecureDrop, Open Archive, Onionshare, Ricochet Refresh, Onion Browser, Open Observatory of Network Interference, Passcouchet, I don't know that one, Unredacted, Digital Security Helpdesk, and I don't know that one that one must be uh one that's a bit more international um I haven't seen that one before but yeah that is that is really interesting so basically it's designed to ampli this this whole like funding model is basically meant to amplify the impact of small contributions

like they're basically those those organizations that were there they're basically uh boosting the impact of of that funding um so that is really interesting uh but yeah i don't know there's i don't really have too much to add here not really super familiar with a lot of these cryptocurrency things um so i don't know do you have any thoughts on either of these quick stories here nate Um, just a couple of quick thoughts.

Uh, one of them you, you kind of already touched on, but I really want to drive home is the F droid one is, um, you know, some, some developers I know like absolutely refuse to take funding. Like you block origin famously does not take any, any donations at all. Um, and I, I think that's fine, but I think also, um, I know in the, again, to reference it in the past as surveillance report, we had like less than one percent of our viewers were donating in any way.

And I mean, I think all we had was like a Patreon or something like that, but it was like literally less than one percent of viewers. And it's it's I know it's tricky, especially right now. Trust me, finances are keeping me up at night with the cost of everything. Thanks. But it's it's I know right now it's really tricky. But if anybody is in a position to support projects, any projects like it doesn't I don't know if they'll like me saying this, but it doesn't have to be us. It could be Signal.

It could be Tor. It could be whatever you get value out of. Or one thing that I recommend to a lot of people is cycle it. This month, give five bucks to Tor. Next month, give five bucks to Signal or whatever. I don't know why I keep fixating on those two, but you know what I mean? Sit down and think about what are the apps you use that you would be really devastated if they went away. There was actually an update this morning on Session.

It looks like Session... secured enough funding to basically keep going past their original shutdown date, but they're going to have to do it in a severely weakened state. Like they're basically only going to have enough money to pay for like one developer and basic infrastructure, if I remember correctly. I read that at like eight this morning and I hadn't had my coffee yet. it's, it's things like that are, you know, that's the risk of not funding these things.

And again, I understand I, I, not everyone has money and I, I completely sympathize with that. But if you do have money, even like five bucks, a couple of dollars, like if, um, you know, these, these are projects that have like thousands of users. And if everyone gave a dollar a month, like that would probably fund these developers full time. So yeah. Um, I think that's a really important thing. This is kind of my time. I'm going to kind of plug privacy guides here. We also need funding as well.

This whole project, to have Nate, to have me, to have Jonah working on this a lot, full-time working on this, it costs money, right? People need money to live, unfortunately, and... If it was a way to do this without having to do that and we could like, you know, dedicate all the funds to, you know, whatever, something bigger, it would be great. But, you know, people need money to survive and get a live.

So, you know, every donation that you make here is supporting people working full time on this project and trying to bring people the most joy. important information on this topic and build out resources like the app verifier database, like videos that we're putting out, all the articles that we have, like with Freya and Nate putting out articles.

activism section merchandise that we create like this is all stuff that you know we need to pay people for um unfortunately like that's just the reality right so uh you know if you do really like what we're doing and you want to see this continue that is one thing that i think you know even if it's like a very small amount of money, like I think any amount helps, especially any project.

And again, like Nate said, like you don't have to, please don't like donate if you're in a position that is not financially stable.

Like this is, you know, I feel like we're like at a really, really, really tough point in history at the moment where things are just like, really expensive and it's really tough so definitely don't feel obligated but if you are in a position where you can support things you know consider donating to us consider donating to these projects like you don't even have to donate to us just donate to something uh these projects uh they need support so uh and oh sod this all

just gifted a privacy guides membership so thank you so much um so this all does that a lot we appreciate your generosity Yeah, that is really kind. So congrats to someone who got that membership. Speaking of memberships, I guess, you'll be able to access a bonus section of the Naomi Brockwell interview if you did sign up for that. We did see there was two people who signed up for that again. Uh, they rejoined our membership program on YouTube. Uh, it was someone with a Korean name.

I'm not gonna, I don't know how to say that. So I can't really say that. And there was also someone as well named Thomas. So thank you to those people that rejoined to access some of that early access content. Um, it's definitely, uh, It's a cool perk that we're happy to give people. And we hope that you get some value from that. We're just trying to give back to people who do support us because we do really appreciate it. Yeah, W, sod this all. Yeah. Yeah. You've been very generous.

So thank you so much for gifting regularly as well. It's really, really appreciated. That is so kind.

um yeah i think uh if that's all we had on that there was one last story i wanted to sneak in real quick um just because i thought this was super super awesome and exciting and this will be real quick because we don't have too much to say about it but uh um researchers at eth zurich believe they have created perfect randomness for the first time so uh for those who don't know um i would argue nothing in life is perfectly random um Certainly almost nothing in the digital world.

Even like your password manager, when you tell it to generate a random password, it's not really that random. And the thing is with computers specifically, if you generate randomness, they have to have something that they're deriving that randomness from. So usually what they'll do is, for example, they'll do... let's say they'll take the time and they'll go all the way down to like the millisecond or like however far the clock can go.

They'll take the actual timestamp with the date and the time and everything. And that will be the, I don't know what the technical word is for it, but I'm gonna call it like the seed or the key. That'll be the seed that they feed into an algorithm and that algorithm generates a random thing based on the time. But it's technically not random because if you feed that exact same time into the algorithm, you're always gonna get the same response out.

It just seems random because theoretically, we're never gonna see that time again, right? So it's really good. And this article points out that in most applications, this is fine.

But in cryptography, especially very, very sensitive high-level stuff, this can be, a bit of an issue and for the record we're talking like really advanced advanced advanced like like state level zero day kind of stuff this is like really advanced but technically there is not perfect randomness and for the record this is also true of coin flips if you flip a coin a thousand times technically you will statistically have more of heads than tails or vice versa So anyways,

researchers at ETH Zurich basically say they figured it out with quantum physics. And there's a pretty good breakdown here in the article that I'm not going to go through. But basically, they made this like, thirty meter long tunnel and they had superconducting chips on either side. And they something about quantum entanglement. And they were basically it kind of goes over my head about how it works. But they are very positive that they have made actual true randomness.

And if you were to Jonah and I were talking about this earlier, and Jonah's like, how would you even test that? And I was like, well, you just flip a coin, basically. You tell it to pick between zero and one, and if it is perfectly random, if they do that, we'll say like a million times, which a computer can do very quickly and very easily. If you do that a million times, then you analyze it. You should have an almost perfect, if not totally perfect, like within a certain, I think it's like .

five percent is the accepted I took a statistics class once in college and I barely remember it anymore. But in theory, you should have that almost fifty-fifty split. It might not be exact because, again, it's random, there's chance in the universe, but it would be statistically insignificant, the difference between the two. Um, yeah. And the reason I wanted to share this is because if that's true, that's really, really exciting.

Uh, I am assuming that this research probably still needs to be peer reviewed and tested and everything, but ETH Zurich is very well known. They are very reputable. Um, I don't think they would just make something. They might be wrong for the record. They might go under peer review and they might find out like, Hey, you know, you overlook this or you didn't do this right. But I don't think they're just like trying to sell snake oil or make something up. Um, I think they genuinely believe this.

And if true, they pointed out here in this article, for those who are maybe listening on audio, it says, in the long term, this work could play a similar role in digital security as atomic clocks do for timekeeping. And atomic clocks, they're useful for, I mean, like GPS is the first application that comes to mind.

I know there's a bunch of others that I'm forgetting, but like atomic clocks are, extremely extremely extremely accurate clocks and they are crucial for a wide range of applications that power our modern world and so this could be a huge step forward in cryptography if that is true so yeah like I said kind of a short one I don't think we have too much to add but that is that is that story and if we hear anything exciting about it we'll keep you updated but I just thought that was super

cool and wanted to share Cool. Yeah, I don't really have too much to add on that one, but I just want to highlight, I think we might have missed it, but Sod the Sword just donated two pounds. So thank you very much again. That is very kind. But yeah, I don't really have anything to add on that one.

Should we maybe dive into some forum updates? Yeah, yeah. If there's nothing to add to the randomness story, then we'll check the forum. And after the forum, we'll actually be taking questions. The Q&A will start. So if you have not asked any questions yet in the chat, go ahead and drop those in the chat, and we'll get to those in just a minute. But for now, the community forum always has a lot of activity. But here's a few of this week's most interesting discussions.

And the first one we're going to talk about is actually a discussion about an article from Ars Technica that says websites have a new way to spy on visitors, analyzing their SSD activity. I'm going to share this article real quick for a second, just so viewers can see. So this is a side channel attack that in response to one of my frustrations earlier today, we actually know this can be done remotely. This does not require physical access, but it's basically a way to fingerprint your computer.

And the way it works is when you go to a website, there's something called the Origin Private File System, OPFS, which is an allocated storage space that's reserved for a specific site to run code needed to complete a given task. websites can create one with no interaction required by the visitor. So it's basically like a temporary little sandbox where a website can maybe download a cache or whatever it needs to do to function.

And basically, if the attacker is able to continuously measure the performance of the SSD, and especially the article says if you have multiple tabs open, it's almost like a it's almost like the way that fingerprinting works across the web, right? Like if you go to Google, hypothetically, let's pretend, if you go to just Google, Google doesn't really know who you are.

But if you go to like five other websites that all have Google Analytics, Google can track you across all those different websites. And it's kind of basically the same thing, but it's working via that OPFS on your SSD. And they do note that there are some limitations. So first of all, the OPS file must be extremely large, likely a gigabyte or more. I don't know how big the OPFS is on average. To me, that doesn't sound that big, but maybe it is.

That requirement means the attack at scale would inevitably be detected by many users. They also say the file must be stored on the same SSD the visitor is using, which I think for most people is probably true. I think most of us don't have multiple SSDs.

Usually if a computer has multiple slots, you have like one SSD and a hard drive, but they also say that the best way to prevent this attack is simply to close tabs as soon as you're done which I'll comment on that in a second and What else was it? More savvy users can monitor the creation and size of the OPS files allocated by unknown websites. And they did say that the researchers did propose ways for browser makers to shut down the side channels. So we'll see if any of them roll that out.

And here it is. The last thing they said that they performed the full attack on an M two Mac on Linux. They showed that the underlying primitive works, but didn't run the full attack and they did not test windows. So it's not as bad on Linux, but it does still work. I'm just going to go out on a limb and say it probably works great on Windows. But yeah. Did you get a chance to read this article by any chance, Jordan? Do you have any thoughts on this one? I did see some interesting takes.

Like we are kind of focusing a little bit here on the forum, but I did see some interesting people. People had some interesting thoughts on our community forum, which I guess I'm not going to highlight directly because we want to respect everyone's privacy there. Don't want to keep your information stored in this video forever. That would be kind of awful. But I will just kind of highlight some things that people were saying.

Someone was saying that someone said laughs maniacally from inside a disposable virtual machine. I mean, that's definitely one way to protect against this, I guess.

Maybe not everyone is doing that, but I think, you know, if using cubes OS, that's, definitely a plus for cubes OS I think also another thing with this is I feel like it's a little bit dependent on like your internet connection speed as well like one gigabyte file um is kind of big I think you know your if your internet connection is like you know four G or five G it's probably not gonna be uh downloaded particularly fast, especially if you have like slow internet connection,

like a hundred megabits per second or fifty megabits per second. It's going to be quite a it's going to take quite a while. But I also think a lot of browsers actually kind of have protections against this, especially the ones that we recommend. For example, like one common issue, I'm going to say issue in quotes, but it's not really an issue.

It's just something that we notice is With StreamYard, the software we use to do these live streams, a lot of times we'll have a local recording as well as this recording of on YouTube and stuff. And basically that is done through saving data into your browser storage API. And, you know, if you're using stuff like Brave or Firefox with all the settings cranked up, a lot of times it complains about not enough storage being allowed, right?

So I think, you know, This could potentially protect a little bit against this. I think having something that just has absolutely no limits on anything like Google Chrome or like, you know, these browsers that don't really care about this sort of stuff, they kind of just allow anything. It's definitely going to cause more issues, I would say, and allow this to happen. There's also some people saying you can enable specific settings in Firefox.

I think this person was saying dom.fs.enabled to false protects against this. And also I think one gigabyte straight into your browser, people are saying that that would crash a lot of websites for people. But yeah, I think this is definitely a concern for the average person who's just using Chrome. And I think that's definitely a valid thing to talk about. Also, someone was saying that, you know, they recommend closing tabs as soon as you're done with them. I think that is a little bit naive.

I don't know how you use your browser, but generally, if you're like researching a topic, you have tabs, a lot of tabs open because you're browsing and stuff and looking at things. So I think anyone doing like serious research research in their browser is going to have more than one tab open. It's a little bit ridiculous to suggest that. I think people will just have tab, like I'm looking at my screen right now, I've probably got like like, you know, we've got to have things open.

I think that's not the best advice. I think the better advice here would just be to use these browsers that have actually sane defaults when it comes to these APIs. And I think it also is good to assume Any API that a browser has can be exploited to fingerprint you. We kept seeing this with audio signatures through the audio API. We saw this with WebGL. It's basically any API can be used to track you. I would just assume that any API is going to be used to track you.

And I think disabling them is generally the better way to go. I do wonder how this would work in Tor browser or Molvad browser, but that's not something that I have time to test personally. Did you have any extra thoughts, Nate? Yeah, no, um, I think the, uh, I'm with you for the record.

Like, yeah, especially when I'm researching for a video, I've got like a dozen tabs open, but I also know it's kind of a meme that a lot of people, uh, especially a lot of mainstream users just do infinitely leave their tabs open. And it's like, it's literally a meme. I've seen jokes about it, about like, it's okay to close your, your tabs. Now you're never going to reopen them or like, um, I don't know that I've ever dated someone who didn't have, like, ten million Chrome tabs open or anything.

Even, not to throw under the bus, even my wife, every once in a blue moon, I'll, like, borrow her phone for a second for whatever reason, you know, with telling her. And, like, I'll open Brave, and I'm just like, oh, God, do not close Brave. You'll lose all her tabs, and she'll be so pissed. So, but, yeah, I think... I don't know. That's probably just something I think people should do in general is just close their browsers once in a while because I think you need to do that for it to update.

Um, no, the, the other, something interesting I wanted to point out is, um, somebody said, uh, here it is. They said, I enjoy the validation of blocking JavaScript by default. Um, because the, the article, I kind of brushed over it cause I was trying to keep the article portion, uh, short, but they mentioned that this is basically made possible by JavaScript and they use JavaScript to measure the IO interactions and stuff like that.

And so it's kind of a double-edged sword because I, this is my personal conspiracy theory. I don't know how true this is. I think the vast majority of fingerprinting is enabled by JavaScript because you go to a website and it loads JavaScript and that's what measures how big is the screen. There's other ways to do it for the record. I know there is, but for some reason, companies don't do it.

They measure how big is the screen and they measure all the other things that they use to fingerprint you. And I strongly suspect that blocking JavaScript probably blocks a lot of those, but then there's also a really good argument to be made for like standing out because there's not a lot of people out there blocking JavaScript, going to these websites. So it's almost like a double-edged sword. Like, I don't know what the trade-off is to be totally honest.

Again, I don't have any proof of any of this. This is just my, my theory is like, would that be a case of like, yeah, but you'll block of the tracking. So it's worth it to do it anyways, or I don't really know, but. it is interesting for sure. And it's, it's something I think about a lot, to be honest, because there was a phase I went through where I was using you block origin to like block JavaScript by default and then slowly enable it on websites I used regularly.

And honestly, it was actually, it was pretty awesome. Um, it was great, but it's, it's crazy how much JavaScript you can block and the website still works perfectly, but. Yeah, it's not without risks, I think. So it's just interesting. Interesting discussion. But yeah, I wanted to share this one because I've seen this article pop up a lot. A lot of people have been talking about it. So good to see what other people think.

I think it's also like I feel like we should kind of push back on like a lot of this technology is like developed by Google because they control the Chromium project a lot. So, you know, I mean, it exists in Firefox too, but like a lot of this stuff is usually pushed by companies that don't really have most interest in protecting your privacy.

So, you know, their concern is going to be functionality first, privacy second, and privacy Who would have thought that it's this technology that they added for functionality purposes can also be used to track people. It's like, anyway, you know, it is what it is, I guess. But I think more people using these privacy respecting browsers is going to reduce the identification of that, right? Like it's going to reduce the individuality of people not using that specific API. Yeah fair enough.

Okay, so someone here is, it's P P P P P said, Brave has tab groups. You can group together, open tabs, close the browser, reopen the browser and all, and then open the tab group again to get all your tabs back. And on Firefox, I'm sure you can do this. Just bookmark all the current tabs temporarily to reopen again after closing the browser. I got to go though. Bye. Yeah. Thanks for sticking around and thanks for leaving the comment here.

I guess I feel like Nate, you're, You're definitely a brave enjoyer, so maybe you can comment a little bit more on this. Enjoyer. Wow. Such a strong word. I have mixed feelings on all the browsers. That's a discussion for another day, but I don't know. No, it's, I mean, I don't really have that issue because yeah, I do like, if it is a site that I think I'm going to need again, I will note it down somewhere. I'll like note to self and signal or I'll put it.

Usually I'm like doing research on a script. So I'll like, I'll literally just throw the link in the script and just be like, cool. Now it's there tomorrow when I go to work on this. But yeah, I'm more thinking of, again, the typical mainstream user. It's just the way they use the browser. I don't understand it. I've never understood it. I've never been this kind of person. They just leave it running continuously. A lot of people never shut down their computers, too.

Or if they do, again, they have... Cause that is a setting in a lot of browsers too. It's like, oh, reopen my tabs when I open the browser. But it's just, it's something people do for some reason. I don't personally understand it. Like they won't use bookmarks. They won't use any kind of bookmarking system, which I know for the record, instead of note to selfing on signal, I could just bookmark the tab, right? like you were saying, but for some reason they don't.

They just constantly, like they just open another tab and keep going and open another tab. And once they find a site, they're like, I'm going to want that later. Open another tab, open another. And I literally, I've run into people that literally have like dozens of tabs that they've accumulated over the years or the months. And it's like, I don't know. It blows my mind.

Cause I'm, I'm, I've always been a little bit of a minimalist and I like keeping things neat and clean and it does come back to bite me sometimes you know when I'm like, Oh, what was that website and I don't have history enabled and I don't have any of that stuff and I have to go looking for it again but like, I don't know some people just don't use that kind of stuff like they don't rely on the history they don't rely on bookmarks they just open another tab and move on as if

they've opened a fresh browser. And the next thing you know, they've literally got well over fifty tabs and they're definitely not going to bookmark those. It's just it's it's weird. I don't know. See, there's Anon. I use both and I have multiple tabs open on mobile and desktop. So see, Anon is one of the people I'm talking about. Yeah, I didn't get that.

I always do like, at least on my personal devices, I always do like always like close every tab like exiting everything clearing all the data but I don't know for work I definitely don't though I just have everything just logged in all the time because I've got like a million websites I need to be logged into like for all the stuff that we do here it's like I've got so many logins um so I mean I think you have to obviously like weigh up the the benefits, right?

Someone else said here, Trojan X-Ninety-Nine, Brave versus Firefox, which you suggest, by the way. I'm a Brave user. I mean, we recommend both privacy guides. I think it's really just down to, like, personal preference in a lot of cases. Like, if you need something that has better compatibility, I'd say Brave is usually the better choice.

But if you care about, you know, the Chromium monopoly, if you want to if that's something you care about, I know that there's a lot of controversy around both Firefox and Brave. Like Firefox has made some really silly decisions in the past, same as Brave. Um, you know, their leadership has also made really silly decisions as well. People get, you know, have specific irks with each product.

I think you kind of have to look at the evidence, look at what, what you think about each product and make a decision for yourself. Um, Personally, I'm more of a Firefox fan. I've just always used Firefox. Like, since, like, for ten years, more than ten years, I've been using Firefox. So it's, like, what I prefer. But I think it's the same thing with, like, Chrome, Chromium-based browsers. Like, if you've always used Chrome, I feel like Brave would be a pretty easy switch.

Like, everything's just going to work the exact same and you're just going to get more privacy protection. So I think that's... It's definitely, I feel like Brave is definitely a bit more user-friendly and things are just set up by default. And that is one benefit that Brave has because I feel like with Firefox, you have to change quite a few settings to get it to a similar level. But again, it's definitely a personal preference thing. I don't think there's really...

There's benefits and downsides of each, so you kind of have to just make up your opinion. Someone here said vanadium. I mean, I don't know. I think vanadium is... good from a security perspective, but I think you can't really compare it to Brave or Molvad browser or Firefox. It's not really in the same league. I think the Graphene OS developers know a lot about security. I'm a hundred percent certain that Vanadium is probably one of the most secure browsers, if not the most.

um because you know they they utilize all this hardware security based features and stuff like that um but i think when it comes to privacy there's there's people that have been doing things like that for a lot longer like the tour project and uh i think generally they're gonna be the gold standard when it comes to that but i think Your Vanadium is just miles better than Google Chrome, and it's not making a bunch of connections.

I think the main thing is, like we were talking about earlier, it's going to leak information about your system. It's going to make you more fingerprintable because it doesn't have those protections that Brave and Firefox have, which I'm sure that the GrapheneOS people are probably working on that. I'm sure that they're trying to improve it.

I know they added some basic ad blocking capabilities, but I still think when you compare that to what Brave has, they're not really comparable in my opinion. Maybe that's a hot take, but... Well, and also the thing that I never hear anybody point out is Vanadium is graphene only. So it's like, cool, what are you going to use on your desktop? What are iPhone people supposed to use?

other Android. And I know the obvious answer there is switch to graphene, but like, okay, when we have sympathy for people who maybe live in an area where they don't sell pixels or, you know, they, for whatever reason, like it just, it, it excludes a lot of people, but I mean, if you want to use it, go for it. I don't, I don't have anything against Vanadium, but it's, It's not always feasible for everyone, I would argue. Someone here said Firefox is more secure than Brave. I don't think so.

I think Chromium has better sandboxing capabilities and... like it's just a more mature product, obviously, because, you know, it's basically the entire world basically runs on Chromium. So, you know, it kind of makes sense that it would be ahead in that aspect. But it does have better security protections than Firefox, especially on mobile as well. So yeah, just trying to offer some balance here. I don't think it does have the same level of security. I don't think Firefox is insecure.

I just think that Chromium has more protections than Firefox. Yeah, I just want to back that up. I agree with you because I think for the average person, the security difference between the two is pretty negligible. I think that gets bandied around a lot. Like, oh, Chrome Sandbox is better. Chrome Sandbox is better. And it's like, okay, but now we're arguing about the performance difference between a Ferrari and a Maserati. I'm not a car guy, so maybe that was a bad example.

But there's a certain point where it's like, does it really matter for the average person? Like, okay, sure. Maybe if you're like, a journalist or an activist, then yes, you need like the most secure thing possible. But I think again, for the average person with an average threat model, I don't think it makes a difference. I think kind of going back to what you were saying, it's like, I almost view browsers as like, which one fits your philosophy better?

Like, yeah, brave is ready to go out of the box. It's very user-friendly. It has more compatibility.

And for a lot of people, that's what they want is they want something that like is the same experience across all their devices and um which i don't think firefox can say yet it's got a built-in ad blocker they don't need to fuss with it they don't need to mess with a lot of things uh again i've said this in previous episodes in my experience most quote-unquote normies just ignore all the crypto stuff like they don't even notice it they don't even care Um, they don't even disable it again.

They just don't even notice it. It's, it's so weird. It drives me crazy, but they don't seem to see it. But at the same time, like, you know, if, if you disagree with the Chrome monopoly, if you disagree with Brandon Ike, all of these kinds of things, then yeah, Firefox is great. You just have to be willing to roll up your sleeves and do a little bit of tinkering to, to get it up to the same level.

So yeah, there's, I don't think there's really any right or wrong answers in the privacy or in the browser space. I think it's really about like what matches your threat model and your values personally. So. There's definitely some wrong answers, like Chrome or N. Okay, okay, fair, fair. But yeah. I guess I meant more like in the whole like Chrome or Brave versus Firefox debate or like some of the forks of Firefox, which even then there are some wrong answers there, I would argue.

But overall, I think a lot of the privacy browsers, like, because especially people you ask them, you know, some people are like, I use Waterfox. And it's like, personally, I wouldn't.

just because i don't see the point of using a fork of a fork of a fork of a fork i know i'm being a little dramatic when i say that but you know it's like but then when you talk to them it's like why do you use it they list like oh because it's you know the search engine does have ai and like this that and the other and it's like those are pretty good reasons like it's just it's so much personal preference and again as long as it fits your threat model and it's giving you the

protection you need i i feel like it's it's kind of personal preference so yeah i don't know Didn't get too tribalistic. You can use both of them at the same time, by the way, everybody. You don't need to use just one. Not me, who had both of them open today on my computer. Real quick, before we move on to the other forum post, somebody here said, I use Trivalent on desktop. I hadn't heard of this one before.

Apparently, it's a Chromium fork inspired by Vanadium that is designed to be used on desktop, specifically with SecureBlue, ideally. But that's pretty cool. I might look into that a little more. I don't think I'm going to switch to it, but I had not heard of this before, and I'm curious about it. Yeah, if people are interested in that, we did do a video on SecureBlue, and we did talk a little bit about Trivalent in that video.

Maybe check that out if that's something that sounds interesting to you. I think the issue with Trivalent is it relies on a little bit of like stuff that is built into the operating system. So it's not currently very available on other Linux distros apart from secure blue, but you know, we recommend secure blue. So I would try that. Um, obviously I feel like that's another thing. Linux distro is a very personal preference. Probably not everyone is going to like secure blue.

So again, another issue there, but I think, I don't think it's wrong to use trivalent or anything like that. Um, another person here said, uh, It's nyalexnj, what about DuckDuckGo browser? Bad slash good, brave user here. I think the main issue with DuckDuckGo browser is that it's It doesn't really offer anything else that existing options already have. I think it's better than Chrome. It's better than all of these ones that are collecting a bunch of your data.

If you have to use it, then I would say it's fine. But again, I think Brave is going to offer better protections. Firefox is going to offer better protections. uh it as far as i know it doesn't do anything particularly unique it's just a browser it's a chromium based browser made by DuckDuckGo it has all the tracking that chrome has stripped out uh it's fine. Like there's a lot of options in the privacy space where it's like, it's fine. Like Vivaldi, it's like, it's fine.

Like it's, you could do better. Like it's not Chrome. It's not collecting a lot of information about you. But you know, when it comes down to a lot of these very nerdy privacy protections that we talk about, like fingerprinting resistance and like all these tracking technologies that are on the web, you're going to be better off with something that is specifically designed with a lot of those protections built in by default. Yeah, I don't have much else to add to that.

But we did have, actually, this is related, now that I think about it, in a way. We had one other forum post that I kind of wanted to shed some light on, which is, it says, best alternative search engine option that actually works. So if you guys didn't hear, which you might not have if you're not a Google user, which we don't encourage the use of Google Search, Google is basically going to be fully integrating AI into their search engine.

And it's a little unclear exactly what that means, but the general consensus is basically that like, I don't know. This almost sounds hard to believe. And maybe I'm misunderstanding this, but it's almost like Google is going to stop searching you or serving you results. And instead the whole page is just going to be AI summary.

And there will be, you know, of course I don't, it's weird that Google has defenders these days, but the defenders like to point out that like, Oh, but you can still like click this tab and navigate back to the results or whatever.

But basically now when you go to Google search and you're like, I don't know, recipe for cheesecake, it's not going to serve up the AI summary and then two hundred and fifty ads and then a bunch of like SEO optimized like here's the best homemade recipe for cheesecake and real quick rant. You click on it and then it's like two thousand words of backstory. And it's like, dude, I just want a recipe. Shut up. So anyways, now when you go recipe for cheesecake, it's just going to go.

Here's the best recipe for cheesecake and start spitting out a bunch of stuff that will probably include glue and rocks based on past AI summaries. So as a result, this person is asking, because I have not noticed this personally, but a lot of people do complain that when you move away from Google, a lot of people complain about the search results. And I think...

Personal opinion, I think a lot of that is driven by the fact that Google search results are so quote unquote good because they're tracking you and they know what you're looking for. So like, for example, just now we were talking about Trivalent and I was like, oh, I haven't heard of that. And so I went and pulled up another tab and looked it up. And the first like three things that came up were like something about healthcare or something. I don't even remember.

But I remember just thinking like, oh, that's not what I was looking for. Like maybe I need to... Maybe I need to type in trivalent browser. And then as I was scrolling, I found it. So I was like, oh, okay, cool. There it is. But Google, in theory, if I were a regular Google user and I typed in trivalent, that would probably be the first thing that pops up because Google is stalking me and knows that, oh, he's probably talking about a browser. So I don't know.

But I think that's just something worth noting for people who are maybe frustrated with some of the other results when they leave Google is you have to... I've written about this in the past and I should probably revisit this topic is like, there's almost like two things can be real. I know that's, that's a hard thing that sometimes people struggle with, but like, I think there's a balance of like open source developers should do their best to build the best product possible.

But I also think that companies aren't entirely wrong when they say that surveillance does make a more personalized product. And therefore I think we have to like temper expectations within reason. But when we move to some of these things, we have to accept that like, yeah, the search results may not be as good quote unquote, because they're not stalking you and they can't read your mind and they don't know that you're looking for a browser and not something else.

And, um, But anyways, yeah, so definitely check this out, because we do have, real quick, I'll share it, and then I'll turn it over to you, Jordan, because I know I'm talking a lot. I'm sorry. But we do, oh, where'd it go? Oh, I forgot to add the tab. That would help. There we go. We do have a page about search engines, and our top recommendations are DuckDuckGo, StartPage, and Brave, as well as a shout out for, I believe it's pronounced Searching.

which is a fork of search, which I believe was abandoned or discontinued or something. So those are our official recommendations. But definitely check out this forum post if you're also looking to get off Google, because I mean, I see everything in here. I see... What's this one? Obligatory link to the page I just shared. Someone else has been brave as good for me except images, which I totally agree on that one. Someone else said Kagi. Another person said Kagi.

Someone said the no AI version of DuckDuckGo. Shared a couple links to some other projects that have been promoted on the forum. So, yeah, it's... Yeah, I mean, there's a lot of things being discussed here. Somebody said Yandex. I'm going to push back on that one personally. But yeah, lots and lots of votes there. If you're thinking, if you're like, oh, I've tried Brave and it didn't work, and I tried DuckDuckGo, try some of these because maybe they are pretty good.

So yeah, that's all I got on that one. Yeah, I think it is kind of, I honestly feel like I need a, I don't know, maybe my experience is not like that mirrored by other people's experiences, but I feel like Google search is so bad now. Like if you try and search something, it'll be like AI slop overview. And then it'll be like, an ad, another ad, another ad, and then like maybe something related to what you're searching and then a shopping list.

And it's like, you have to scroll like five times and then like, there's not even, sometimes it's not even something relevant to what you're looking up. Um, I think, I don't know. I feel like, yeah, I feel like Google is kind of crap now. Um, maybe some of that's due to the AI, AI slop stuff that every, every single, um, search engine is integrating. I feel like also the AI overviews are, I don't know, making it, they're trying to keep people from clicking on a link.

They're trying to keep people in the search index. instead of visiting a website. And I think it's actually, from what I've heard, it actually is impacting website owners because instead of actually some person visiting the website, an AI overview is just scraping it and then giving the answer to someone and they're not clicking onto websites. So Google is kind of taking away from websites traffic in that aspect and every other search engine that does this.

And unfortunately, basically all the ones we recommend do this by default. So Brave Search has an AI overview. DuckDuckGo has an AI overview. It's really stop page. Actually, I don't know if stop page does. Let's see. I will say, while you're looking that up, again, in the thread, a lot of people were pointing out, I think it's noai.duckduckgo.com will give you a DuckDuckGo without the AI summary. So I think Kagi was another one that people recommended.

For those who don't know, Kagi is a paid option. But I believe that the... words for a minute there. The AI summary is optional. I think it does have an AI summary, but since you have to log in to do a search anyways, because you need to use an account, you can turn it off in your account and it'll just stay off. Yeah. Kaji, Kaji, Kagi, Kaji. I don't know how you say it. I don't know if the name is confusing, but you know what I'm trying to say. Apparently it's a Japanese name.

Okay. That might be why. I'm just a... I'm just an annoying Australian. I don't know how to say anything outside of my country. But anyway, what I'm trying to say is the AI overview... It looks like Startpage doesn't have that. So maybe that's something to look at. I personally... I don't know. I always find start pages kind of slow. They don't have servers everywhere. Also, there's been some scandals with them in the past as well. Let's see what someone said here. Oh, nice.

Thanks for that noai.duckduckgo website. Yeah, yeah. That is quite a nice one to do. I think I might replace my current one with that because, oh my goodness, I'm getting so sick of this silly AI overview thing. Oh my goodness.

i think also yeah like i said it's kind of taking away from website owners when you don't visit their website uh i mean we're all using ad blockers here so it's probably not helping but like i feel like them getting insight and like traffic is also important it it it affects the search index as well um with how websites are accessed And I would also push back against people saying like, you know, I use AI instead of a search engine.

Like, let's let's try not to do that because I think, you know, that's bad. The the issue with these AI chat platforms is they're kind of a black box in terms of where the data is going. A lot of these websites, like I know OpenAI, Gemini, all these websites, by default, they're using your data to improve their models.

And when you put this information in there, it's not very easy to get it out so once the data's been trained into a model it's kind of impossible to get it removed which is like another issue that we're facing right like let's say you were a minor celebrity for a little while and you wanted to kind of start a new life as someone else right um basically you get everything removed on the internet about yourself and But then this AI model that scraped it at some point,

if you ask the AI model about it, even though the information doesn't exist in search engines anymore and on the internet, it still knows about it. So, you know, I think that's a concern that is pretty massive with these AI models. And also, I think it's... Not always very accurate, but I think everyone already kind of knows that. That's kind of obvious at this point, but yeah.

That's what I was going to point out is like, yeah, it's still, to this day, I still, I do use AI quite a bit for research just because it's easier to ask it complex questions. But I use Braves Leo, which cites all of its sources and I double check every, and it'll cite in the thing. It won't just be like, here's a paragraph and here's the five places I took it from. It'll be like, here's a paragraph, but this sentence came from this source and this sentence came from this source.

And so I will double check every single source and be like, okay, did it actually say that? Or did you make things up? And it's definitely getting a lot better, but I'd still say at least about ten percent of the time I click on the source and I'm like, I don't see that anywhere. Where did you get that from? Actually, I posted a screenshot the other day where just for fun, I told Leo, I was like, tell me about the new oil, the privacy project.

And it completely with full confidence made up a name that I've never gone by. I think it based it off like my GitHub username or something. I don't even remember what it was, but it was, it was just weird. It was like, where did you get that from? And so, yeah, it's just. I knew it. Your name was John oil. I knew it. No, it said it was like, it said it was like a, like Travis no Nate or something. And I'm like, okay, not, not the worst name, but how'd you get that out of it?

Cause my, my GitHub username is TNO Nate. Cause at the time I made it, apparently Nate B was already taken, which is usually what I use, but. Yeah, it was just like, okay, not sure where you got that one from, especially when there's a million posts online of people calling me Nate and me calling myself Nate, but whatever. Okay. But yeah, real quick to go back to one more thing you said about even if you take the data down, it can still be in the training data. We covered a story about that.

There was an adult actress who pays for the data removal services and everything, and somehow AI got her real name and address and told it to somebody on Twitter completely unprompted. So yeah, it's... Not good stuff. Not good stuff. Yeah, even data breaches could be scraped because we all deal with this. Anyone that runs a website has seen... They'll look at their traffic logs and they'll see a million requests every day and it's like, what? Why? Why?

From China or some random country that's probably not going to be viewing the website legitimately, right? Yeah. If it's an English website, then why would there be so many people from China accessing it? Or some other country? I don't know. Make up whatever you want. But yeah, it's causing websites a lot of issues. And also login pages. I don't know if I still do since I switched hosting providers, but I used to get a lot of requests for the new oil.org slash cpanel.

like people trying to find the cPanel login to my website. And it's just like, oh, OK. Thank god that page doesn't exist. But yeah, it's crazy. One thing real quick. Somebody said, put the video in Apple Podcasts, please. I think we're planning to, actually. The podcast app we use sent out an email a couple of weeks ago that said that video podcasts are in beta. So I think we're waiting for access to that. And that is something we definitely want to play around with.

We're very interested in that. But we just don't have access to it yet. I think that was kind of all we had for forum stuff.

So I know we've been answering questions as people go, but might be officially time for the Q&A now. And somebody actually just asked here, you're talking about AI. Have you tried to self-host your own private AI? Yes and no. I don't know if this counts as self-hosting. I've used Jan AI and GPT for all, and they are pretty good. I do like them. I just... The vast majority of things that I use AI for are based on having web access, like current web access.

Like if I'm doing research, I want it to ping the latest news stories and have the latest information. You know, it's not, I don't typically use it for things like write a blog post or even like proofread this blog post or like help me brainstorm ideas. Like I use it for that stuff sometimes, especially if I'm having writer's block and I just like, dude, I just need to get out of this. Like, please help. But I don't typically use it for stuff like that. I mostly use it for researching stuff.

And in that case, I can't have an AI model that's like, you know, oh, my latest information is from September of twenty twenty five. And it's like, OK, that's great. But this thing had a data breach in April and I kind of need you to know that. Or, you know, again, I'm looking for this specific thing that happened that I want to reference as an example. And that happened two months ago. And so I kind of I really like Leo and Lumo for having Leo's better than Lumo with this, in my opinion.

But maybe it's because I don't pay for Lumo. I like them for having that that web access to be able to pull the latest. I mean, there are times that just to test it, I'll see like a headline of, you know, like, um, kind of political, but sorry, his first example that came up, you know, oh, the U S assassinated this like foreign general. And I'll like type it into the, the, you know, Hey, tell me the latest about this foreign general.

And it'll give me right up to the minute of like, you know, this happened today. And I'm just like, damn, that's really good. I just don't get that with the offline ones personally, but maybe it's because I'm not properly self-hosting and I'm just using an app. So that's been my experience.

yeah I think also I think I mean I've tried out like the gen AI thing a little bit and other other similar things just because I was kind of curious about this uh I'm not really very heavy AI user I'd say I use it like every once in a blue moon but like for something that like I can't find information on sometimes it's helpful for troubleshooting that sort of thing but I think the issue with a lot of these local systems is they require kind of a ridiculously powerful computer

to get the same level of quality because while there is like models that can run on most computers. If you don't have a hundred and twenty eight gigs of memory, a massive graphics card like a fifty ninety or something, you're going to be running a pretty small model which has issues, right? Like it's it doesn't have the same amount of information. It doesn't have the same amount of context. It can't understand what you're trying to ask it as well. the answers aren't going to be as high quality.

I think that's where the self-hosting thing kind of becomes a little bit unfeasible, especially because if you've been looking at PC prices at the moment, like you will know that this is like, it's inaccessible. Like even for the average person to build a computer right now, it is completely inaccessible. Like RAM prices are the highest they've ever been. Ever. So same with graphics cards, same with hard drives, SSDs, all this stuff.

I think self-hosting things is kind of a bit of a, well, no, self-hosting is fine, but self-hosting AI model stuff is not really that feasible. I would also try and question people on like, do you really need to be using an AI model? Like, I feel like we don't really need to be doing that, like, that much. I feel like it's, we're at a stage at least where this technology is optional. And I would sort of push people towards maybe try and work things out without it.

And use some of these, like Nate said, there's like Lumo, there's Leo, there's DuckDuckGo, I think has one. I only think of too many other ones, but there's all those ones that don't retain data and don't train on your data. So that could be a better idea if you only need it every so often. But I think generally... uh, I would avoid it if you can, cause there's a bunch of issues with it. Um, it's kind of making the world a terrible place at the moment. So yeah.

Yeah. Just to back up what you were saying about the computer, I have a decent enough, um, my windows computer has like a, a Ryzen seven, I don't remember what kind of graphics card it's decent. It's definitely not as good as I'd like it to be, but yeah, every time I fire up, this is another reason I don't really use GPT for all to be honest is like every time I fire it up, it sounds like it's taken off and it's about to explode on me. And it's also just super, super slow.

And it's like, okay, I could, I could get Leo to do this a lot faster. So yeah, But yeah, it's, um, I, I do try to use it as a bit of a last resort. You know, I try to do searches first. I try to figure it out first. I've got, when I talk about writer's block, I've got a bunch of tricks, you know, I've got, I know how to outline things and get up and go for a walk and stretch my legs. And, but you know, there's some times where it's just like, uh, I'm I'm lost. What do I do? So, but.

I see Sid did ask a while back when we were talking about search engines if we had any thoughts on Quant. I don't have any thoughts on them. I think they're kind of like the way you described DuckDuckGo. They don't really stand out, in my opinion. I think there's better options. But I don't think there's anything wrong with them, per se, as far as I know. Trying to look it up here. But kind of a... quiet night. I think we've been answering questions as we go.

Yeah, I think with Quant, I think it's... just doesn't have the same level of privacy that the other ones that we recommend have like there's just small things that other ones kind of edge it out uh I think there were some privacy concerns with it again though go check out the privacy guides forum like I'm I am almost certain that there is a topic about this about someone willing to get it out to the site yep here we go here's uh here's one uh so it does collect

according to the discussion here they They aren't open source. There's some information. They were initially actually listed on privacy guides, but it was removed. I had a feeling that was the case. So definitely check out that thread. See what people are saying about it. It could have changed. The situation could have changed. I would definitely recommend if you think that the situation might have improved, we're always open to getting things added on the site.

We're currently working on quite a lot of changes at the moment. We're removing apps, getting things updated again. So definitely check that out. And maybe it is something that we can reconsider. But as far as I'm aware, nothing has changed since it was removed. So yeah, maybe just stick with the current recommendations and that would probably be safest. It does have its own search index, if I understand my research correctly. So that's cool. But yeah, I'll be reading that thread later for sure.

I guess that's about it. It doesn't look like any new questions have come in. I don't know. Do you want to give it another minute, or do you think we should call it a show? For some reason, I'm not seeing some of the questions. Some of the comments are not coming through on StreamYard here, but I did see some people making comments that maybe we could touch on a little bit here. Easy browser for... Easy browser for boomers. I was thinking DuckDuckGo for mom.

I mean, yeah, I think it's pretty basic. It does all the same stuff. I don't think it's a bad option. I think, you know, We kind of always push people towards the best possible options. But I think if it works, I mean, I don't know. I personally haven't used it that much. I've just tested it out a couple of times to see what it did. But it seems pretty basic and pretty simple. It does everything on the tin. There's nothing too bad about it. I mean, I wouldn't be against doing that.

I think Brave's also a good option. Firefox is also a good option. Again, though, I feel like with Brave, it's a little bit annoying because they always add features and then it gets turned on by default. And it's like, I don't know. Same with Firefox. They do the same thing. It is kind of frustrating that, like, there's no way to be, like... Don't... Disable all new features by default. Like, if that was a feature, I'd be, like, so on board with that. But, yeah.

I think DuckDuckGo is not a bad option. But, again, there's, like... I think if you're getting someone off Chrome or Opera or these other really bad ones, I think anything is better than that. Even if it's not the best possible option. Definitely think about it like that. I think it's really tricky. On the one hand, what I would say is something I think we all forget in the community a lot. you can always change.

There is nothing stopping you from if you use Brave and then like you were saying, oh, it keeps pushing these features or I just found out I don't agree with the CEO or whatever. so switch, you didn't marry them. And even then divorces exist. Like, you know, you didn't, it's, it's, it's free, like switch to, to Firefox or whatever else.

Like you can, we can always change, but specifically when it comes to, um, you know, you're talking about like for family members, I think that gets a little trickier because I think there's, um, there's two obstacles there. One of them is like a mental block. Like I've, I've read so many stories usually on Reddit of people that are like, you know, Oh, I like, I went to my mom's house for Thanksgiving and I like switched her over to Chrome.

And then I just changed the logo to look like internet Explorer because she's still using internet Explorer. Yes. Internet Explorer, not edge. And you know, it's like, those are the kinds of things where it's like, okay, I mean, whatever works, like some people are just not tech savvy and they're not even going to notice the difference.

But then also like, so like where I'm going with that is like, I think there's some people where if you tell them like, you know, Hey, I switched your browser because you know, your old one hasn't been updated in ten years. They're going to freak out and they're going to be like, I don't know how this works, but if you would never told them, they'd never even notice. You know, it's like all in their head.

I think that's a challenge, but then I think there's also the fatigue of like, okay, say you switch them to Firefox and they're just like, I don't like this. Like genuinely, like, I don't like this. This isn't working. I don't understand the UI. And then, okay, well let's try brave. And it's like, well, I'm still a little confused and I'm not really sure. And it's like, it's, you don't want to keep switching people because they'll get exhausted.

Like a lot of people have, have cited that in the privacy community where like, you know, I got all my family on like wire and then wire went away or, you know, I got all my family on wicker, which I miss wicker. I thought wicker was awesome, but you know, they went away and, you know, and then I got everybody on session and session almost went away. And it's like, you hit a point where people are just like, I don't want to keep hopping, like just pick something and let's use it.

And so it's, um, it's definitely really, uh, I guess what I'm getting at is like, I have some sympathy because on the one hand I would say like, yeah, just try, try to put your family member on whatever the best option is, whether you believe that's brave or Firefox. And if they don't like it, they can switch, but they'll probably get tired of that if that keeps happening. And I do worry about the mental block of them, like just being afraid of an unfamiliar thing.

It's really tricky when you're trying to help other people like that. So I don't know. But yeah, I think at that point, you kind of have to take the harm reduction approach of, like you were saying, well, at least it's not Chrome. Almost anything's better than Chrome. So yeah. Exactly, yeah. I think it's... You've got to put things in perspective, I think, sometimes. Okay, so we've got some more questions here. What is your opinion about Nosta Protocol, a new VPN working on Nosta?

I think Nosta seems interesting, but, I mean, there's... We kind of push people more towards the Fediverse over NOSTA. I know that there is... I feel like NOSTA has more of a priority about censorship resistance and free speech, which is good if that's what you really are looking for. But I think we are kind of big... proponents of the Fediverse over Nostr. I'm not really sure of the technical limitations behind Nostr or anything like that.

Personally, I am kind of biased as well because I'm also on the Fediverse. I'm not on Nostr. I haven't really seen any benefits over Nostr. Like, I had no reason to switch. So, I don't know. I haven't seen that they're working on a new VPN system. But I think it's... Nostra does seem a lot more popular with a very specific niche community of people, mainly in the cryptocurrency space. So, I think...

If you're in the cryptocurrency space, maybe it would make more sense to be on Nosta because I'll just say I don't think the people in the Fediverse are going to like you posting about cryptocurrency and Web three stuff. It's just not really part of the community there, which is fine. I think it's just a different community. So, yeah. Do you have any thoughts on that or. Not really. I have never felt compelled to check out Noster.

And I don't really know anything about the technical workings of it. And yeah, I don't have anything to say. Alex asked about the Opera browser. I think that kind of falls in the same. I mean, please don't ask us about every single browser, guys. But Opera, to me, is another one of those, like, it doesn't really offer anything. Especially from a privacy perspective, it doesn't offer anything. Especially compared to something like Brave. Okay, especially with Opera.

I know I said especially a lot. I'm really sorry, guys. Opera is based on Chrome. So at that point, you may as well just go use Brave and get all the amazing privacy features that Opera does not have. And chances are that if you have an issue with Brave, it's probably the same issue you're going to have with Opera in the sense of like, well, I don't like the Chromium Monopoly. Opera is not going to fix that.

So it's kind of one of those things, in my opinion, where it's like, I don't see a point in opera personally. And even I'll, I'll go out on a limb and say this. I think I actually told someone about this earlier today, real quick. So opera GX is like this version of opera that's aimed at gamers. And it's like, Oh, you can like restrict how much Ram it uses and stuff like this and that personal opinion. And I'm not as tech savvy as I used to be. So maybe I'm wrong here.

I feel like it's all smoke and mirrors. I real quick, if I can tell a story. So I used to I used to be in the military and a lot of my friends were not a lot of my friends, but a couple of my friends were into like street racing. And so they would do things like remove the backseat of their car because that's just dead weight they don't need.

And I remember another one of my friends who was a mechanic would laugh at them when I told him that story because he's like, that's like, sure, technically you're getting rid of weight, but that is so negligible because there's other components in the engine that like this one little component weighs as much as the seats do.

But if you spend, you know, I mean, granted, it's going to cost you twice as much, but if you spend twice as much, you can get the carbon fiber version of that little component and That's going to shave off more weight. And if you keep doing that, you're ultimately going to shave off way more weight, way faster by getting these components instead of doing stupid things like taking out the backseat.

And if you're dedicated enough to take out the backseat, then you should probably just be forking over the money for these components. And it's like, that's kind of how I feel about things like Opera GX is like, Are you really getting enough of a performance boost by like limiting the RAM by one gig or whatever you can do? Wouldn't it be better to just invest in like better – okay, obviously now with AI and everything. Maybe you can't do that.

But before the AI boom jacked up the price of RAM, like wouldn't it be better just to like spend eighty bucks and buy more RAM or something like that? I don't know. So – I don't really see a point to it. I think if you have an issue with Brave, it probably applies to Opera and just isn't worth it. But thank you for coming to my TED Talk. Yeah, I think also the thing with Opera, I think, is it kind of changed hands, I think, in twenty twelve.

It was originally like a Norwegian company that was like focused very much on like customization and like having that they had their own browser engine at one point as well, which people were kind of obsessed with.

um and then they kind of got bought by like i believe it was like a chinese consortium or something uh and they kind of pivoted directions they were they were moving towards like chromium based uh instead of maintaining their own system um and kind of the developers that were really passionate about opera i think they moved to vivaldi so like But again, though, like Nate was saying,

like... Like, Vivaldi is fine. Like, it's not collecting your information like... chrome or edge or any of these like really big big tech browsers but again there's better options um and there's more comments about browsers here as well did you try zen browser how good is that i like the ui but i don't know about privacy i think it's just firefox so we recommend firefox make some changes adjust the settings i think it's It's just the same as Firefox in privacy perspective.

I think it's actually a little bit better because it has a lot of the Mozilla stuff stripped out, which does make connections without your consent. I'd say it's a little bit better by default, but again, you could be using like Moldad browser or Brave or something which has better protections, so... I know Jonah uses Zen and he speaks very highly of it for what it's worth. Oh, it's sponsored by Tuta. I'm on their website right now. I did not know that. So yeah, it's probably not a bad choice.

I don't think so. I think like when we talk about privacy, it's fine, but I think, yeah, it's missing some of those extra protections. I don't think they have as much of a focus on, on like fingerprinting protection and all this stuff like Brave and Morbad and Firefox have. Um, there was another comment here from Purring Pudding, general thoughts on Thunder Mail Pro. Um, I think I've been testing it out a little bit and I kind of put together some thoughts on the forum about it, which I found.

So I'm just going to read what I wrote. I got access to the closed beta. I've just been kind of putting together my thoughts about it for a while for some issues that I had with the service. So I'm just going to read what I wrote here. Servers are hosted on AWS, so Amazon Web Services in Germany though. So it is that they have Kind of a new thing that Amazon's been doing is they have European servers now, which I think is good.

I think it's still better than being hosted in the U.S., in my opinion. No two-factor authentication. They said they're working on it, though. It'll be out this year. No inbound PGP email encryption. It's on the roadmap for this year, but it will be released soon, TMR. No DNSSEC or Dane, which is basically a way to verify the authenticity of an email.

DMARC reports were being sent to Cloudflare, which is like, you know, it doesn't contain the message data, but it's like a lot of metadata, like IP addresses and sent and received addresses and all that sort of stuff. You don't want that going to a third-party company if you can avoid it. What else was there? They had the mta-sts setup, which basically it's a way of allowing email servers to know whether a server supports TLS encryption. Same thing with DNSSEC and DEAN.

It's like sort of how that works. It verifies the certificate to see whether the TLS certificate that you're connecting to is valid and stuff like that. So are they also using payments through Paddle, which Paddle isn't particularly privacy respecting. I would have expected them to do something self-hosted or something a bit different like Tudor and Proton are currently doing. Again, though, I think this product is not really aimed at the same audience as Proton and Tudor.

I think it's more of just like a product of a product of Thunderbird it's like if you use Thunderbird you like your email being hosted like outside of big tech you can sign up to them instead again it's better than Google it's better than Outlook it's better than Apple but I think this it's still very much a very early project and I'm kind of wanting to get in touch with their team a little bit to see more specifics about if they're going to address any of these concerns that I had.

Because I think it's only going to benefit users of this service in the long run. You can check out the thread. There's a thread on the forum on discuss.privacyguides.net. Thunderbird Pro and Thunder Mail announced. So check that out. There's more discussion there if you're interested. I also think it's very expensive.

It was... six dollars a month paid yearly USD so that was about a hundred a hundred Australian which is quite a lot compared to Proton who offers similar service for like half of that so it's a little bit of a tough sell There's also some additional services that it includes, such as Thunder Mail Send, which you can send files and then encrypt it to other people. There's also a calendar scheduling service included as well.

I think both of those are quite interesting in I think they definitely offer a unique service, but I don't think it's really something that we can recommend switching from Proton, at least at this stage. It definitely has the possibility of being really good, though, because one of the really cool things about this service is it's based on stalwart email server, which is one of these self-hosted email server software that we recommend.

It's written in Rust. They have a big focus on privacy and security.

They have a lot of... quick development they've really built this product up quite quickly and they've had a focus on privacy and security from the start which and just making it easy to self-host your own email server which I'm really a big fan of because I think the more people that are taking control of that data the better and if we can make it easier because originally like I can remember setting up email servers like five or ten years ago it was like not fun it was like kind of a

time-consuming process it was not very clear if you were setting it up with secure defaults and stalwart kind of automates that whole process for you so i don't know i think it has a potential to be quite good but i don't think it's going to compete with proton or tutor at least currently right now I think we had a quick one from Swiss kill Euro office. What are your thoughts? Do you have any thoughts? It's not even out yet. And not really. That's a fair point.

Yeah. I don't really have any thoughts. I don't do, I guess I do some online collaboration just because, you know, like these notes and writing the script and everything. But I honestly, like for myself, I just use LibreOffice and, It's not the prettiest UI, but it's definitely gotten a lot better, and it works. It has everything I need. Everything is more or less where I expect to find it. For online collaboration, again, we don't do too much of that.

It's mostly just updating the show notes and writing scripts every week or every other week or whatever. So yeah, I don't know. It's not too much of a concern to me, to be totally honest. Yeah, same. I use LibreOffice. LibreOffice Calc is kind of great, actually. I think it's, I would say it's like in some ways better than Microsoft's one. But some of the other ones like Writer and I don't know, definitely leave some things to be desired.

But I think, I don't know, I think it's better to have more options than not. It's kind of annoying, though, that that keeps, everything keeps forking over and over again. I'm pretty sure OpenOffice It's open office was like a fork of something else. And then now there's a fork of only office. Was it only office? Yeah, only office is a fork. Yeah, I think it's I think LibreOffice was first or maybe open office was first because I used to use the Apache open office one.

And then yeah, I think only office was a fork of something. And now Euro office is like a fork of only office. I don't know. It's it gets hard to keep track. Sorry, I didn't mean to cut you off. I didn't really have anything else to add. I was just, yeah, it is kind of confusing to keep track of things. Yeah, I think you're right. The only office is different to LibreOffice, like a separate project. But yeah, yeah, kind of weird, kind of confusing. I don't know. I like LibreOffice.

It works fine. It's fine. It's not that pretty, but it's fine. Yeah. The, the, the PowerPoint one presentation, that one leaves a little bit to be desired. I agree with you, but yeah, writers fine for me, but I also don't do a lot of writing.

Like ninety, ninety percent of the writing I do now is like in the browser, you know, like I'm writing a blog post and it's going to stay in the ghost drafts or again, like I'm writing the scripts and the show notes and those stay in next cloud, which I know is, is a fork of something. I think that one is only office. I can't remember, but it's a, I don't feel like I open Writer very often these days.

But I was going to say, for me, it's a case of like, I think, so there's this concept, for those who don't know, called Dunbar's number, which is, it's basically like, they say it's around a hundred and fifty people. There's only about a hundred and fifty people that you can have a meaningful connection with. And everybody else is kind of like background noise. And I know that sounds really harsh, but it's just the way humans are wired.

Like we're not wired to keep track of thousands of people and care deeply about their lives. And it doesn't mean you hate them or anything. It doesn't mean you're rude. It just means like if you run into one of those people who's not in your one fifty, you might forget to ask them, be like, oh, hey, how's how's your job going? How's that thing going? How's your friend that you were telling me about? Like you just it's just hard to keep track of people.

And I feel like it's the same way for causes. Like everybody has a certain number of like philosophical causes like the environment or privacy or, you know, digital sovereignty or whatever. And I think it's hard for people to care passionately about those things. Like, again, you know, even if you're not an environmentalist, you probably still turn the light off when you leave the room. Right. Or something like that. But, you know, you may not necessarily go to a protest or something.

And that's, that's how I feel about open source and licensing.

Like there's so many people that like, Oh, like, organic maps for example to be totally honest like comaps is a fork of organic maps because there was like some kind of like licensing thing or something or other I know there were other issues too but like that was a big part of it was like something about that and I'm sitting here like I just don't care and and like I'm glad that people do because that is important stuff that does have repercussions but like I just I have so

many other things already that I care about that when it's like oh there's this new like whatever office suite because the other one was AGPL instead of MIT or what you can tell I don't even know what I'm talking about right now and I'm like I just don't that's so above my level I don't care if it's good It's, you know, we, we talk about this with like signal, for example, like if it's good, if it's got features I like, if it looks good, if you make a good argument, I'll switch happily.

I don't mind, but it's just like, I'm not going to switch on that grounds because there's only so many things I can care about. And for me, like that kind of stuff is not one of them. So yeah, that's, that's kind of why I'm on LibreOffice because it's free and it works and it's intuitive and yeah, but I don't know.

definitely i think we are definitely hitting almost the two hour and thirty minute mark here i think we need to start closing out the stream but thank you to everybody who's been leaving questions and stuff um it's been it's been great um to chat with you all and thanks so much for again the donations that we had that was really nice um but yeah i think we're definitely gonna have to start closing out the stream here um just to respect everyone's time Agreed.

Yeah, I'm at a standing desk, so I'm getting a little tired.

So all the updates from This Week in Privacy will be shared on the blog every week. So sign up for the newsletter or subscribe with your favorite RSS reader if you want to stay tuned. For people who prefer audio, we also offer a podcast available on all podcast platforms and RSS.

And this video will also be synced to peer to privacy guides is an impartial nonprofit organization that is focused on building a strong privacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, then you can make a donation on our website, privacyguides.org. To make a donation, click the red heart icon in the top right corner of the page.

You can contribute using standard fiat currency via debit or credit card, or you can opt to donate anonymously using Monero or with your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the This Week in Privacy livestream Q&A. We also released some subscriber-only content recently that Jordan mentioned, and hopefully we will continue to do so in the future.

And you'll also get a cool badge on your profile in the Privacy Guides forum and the warm, fuzzy feeling of supporting independent media. So thank you all so much for staying with us, and we'll be back next week.