New Exploit Affects 220 Million iPhones

A brand new exploit impacting iPhones. The FBI has resumed buying location data and Google's update to installing third party apps. All this and more coming up on this week in privacy number forty five. So stay tuned. I don't.

Welcome back to This Week in Privacy, our weekly series where we discuss the latest updates with what we're working on within the Privacy Guides community and this week's top stories in the data privacy and cybersecurity space. I am Nate, and with me this week is Jordan. Jordan, it's been a while. How are you? I'm good. Just excited to be here and cover the latest news. Yeah, it's good to have you back.

Privacy Guides, for those who don't know, is a nonprofit which researches and shares privacy-related information and facilitates a community on our forum and matrix where people can ask questions and get advice about staying private online and preserving their digital rights. With that, we will launch into the biggest news in the privacy and security space from the past week.

And Jordan is going to tell us all about hundreds of millions of iPhones that can be hacked with a new tool found in the wild.

Yes, that's right. So basically there's a story here from Wired. A powerful iPhone hacking technique known as Dark Sword, one word, has been discovered in use by Russian hackers. It can take over devices running iOS that simply visit infected websites.

so uh reading into this story here iphone hacking techniques have sometimes been described almost like rare and elusive animals hackers have used them so stealthily and carefully against such a small number of hand-picked targets they're only rarely seen in the wild now a recent spat of espionage and cyber criminal campaigns have deployed those same phone takeovers tools Embedded infected websites to indiscriminately hack phones by the thousands.

You might have to take over here, Nate, because the article is paywalled for me. Oh no, that's unfortunate. Okay. Um, yeah. So, uh, basically this article came or this disclosure, I should say, came from Google as well as I verify and another firm called lookout. They revealed this on Wednesday and they said that this isn't really a, well, I guess it kind of is. Um, this isn't an exploit. How do I word this?

This is an exploit on iPhones, but also not, because they're actually infecting websites. And then the websites are the ones who are delivering this, again, not even payload. Further down on the article, it says that this is actually one of those those malwares that can be defeated with a reboot, when your device becomes infected, it's able to grab as much data as it possibly can.

And because it's not persistent, it's actually pretty hard to... for these cybersecurity companies to trace evidence of it. It's not like the typical Pegasus or those kind of more advanced malwares that we see where there's things that they can look for. I think it's actually right here. It uses fileless malware. Hold on. Okay, yeah.

Rather than install spyware that persists on users' phones, Dark Sword uses stealthier techniques that are more often seen in fileless malware that typically target Windows devices. They hijack the legitimate process on an iPhone's operating system to steal data. And then this is a quote from one of iVerify's people.

It says, instead of a spyware payload to brute force your way through the file system, which leaves tons of artifacts of exploitation that are pretty easy to detect, this just uses system processes the way they're meant to be used, and it leaves far fewer traces. Um, so yeah, the upside there is that it does not persist after reboot.

Uh, but instead it steals data from the phone within the first few minutes after it's hacked, which is called a smash and grab approach, or at least that's what this guy calls it. So it's very, um, it does the damage very quickly, I should say. And, uh, yeah, so I guess the, The pro and con here, and just in case anyone's wondering, because earlier this week or late last week, we also saw there was a malware called Karuna, which appears to be an iPhone, not state-sponsored. How do I explain it?

So for those who don't know, a lot of the time we see... We see companies, big companies that will spend millions of dollars to either find zero days or they will go to places like DEF CON and Black Hat and they will they will pay big money if people there say, you know, they do a presentation. They're like, hey, I found this this exploit. And it's interesting, and it's never been seen before.

They'll go up to those people and be like, hey, next time, give us a call, and we'll pay you to kind of keep it quiet. I believe it's Nicole Perlroth has a great book called This is the Way They Tell Me the World Ends that's all about the zero-day market and everything. So if you want to know more, definitely check that out. there was an employee of one of those firms who was accused of selling access to these tools to Russia. Uh, I believe he was convicted recently.

And then around the same time we saw this other malware or this other exploit called Karuna, which was making the rounds. This does not appear to be Karuna, but they do have evidence to believe that this came from one of those zero day resellers firms. Um, Which, you know what, yeah, I'll go ahead and touch on that now. So they talk about – and I know I've said this in the past. Like when Pegasus first came to light and everything, a lot of people were like, oh, no, how do I know I'm infected?

And we used to say like you're probably not because this is not something they're going to burn on any random person. They're going to use this on like lawyers and activists and political figures, journalists, dissidents. Um, the thing is this dark sword one, I verify as Cole argues that the fact that it was used so brazenly with no real attempt to prevent its discovery suggests that hacking techniques are now attainable on the black market.

Uh, attainable enough that hackers are willing to use them indiscriminately, even if the result is their exposure. He says, if one gets burned, I'll just go buy another one. Uh, they know that there's more where this came from. So, um, I still think the risk of falling to some of these malware is pretty low, but it does seem to be increasing, which... unfortunately is something we see historically. I mean, we see this all across technology, right?

Like when computers, computers alone, when computers first came out, it was like really expensive and only rich people had them. And now you can buy a Chromebook for a couple hundred bucks, which I understand is still relatively expensive for some people. But the point is the price came down and now it's something that's much more attainable to the average person. So that does appear to be what's happening with malware here.

Now, the last thing I want to touch on that was in the story, that many of you may have noticed. This only works on iOS, which is because Apple changed their naming scheme with the latest iOS. So this current iOS is iOS because it is it would be iOS if they hadn't renamed it. So this is the previous major version of iOS. However, Apple confirms that about a quarter of all their devices are still running iOS. That could be for any number of reasons.

Liquid Glass was really, really unpopular, so a lot of people did not like iOS. A lot of people choose not to update because they don't want the AI features, which I think might actually be in iOS I could be wrong there, but yeah. Apple, as another explanation, for some reason, Apple is really bad at automatic updates. We were talking about this in a group chat the other day, actually.

It's like every time I go to the app store on my iPhone, it's got like a bunch of apps that haven't updated, even though the update came out like three or four days ago. And you have to update those. There was a... Actually, if you're an Apple user, there was a background security update that just came out earlier this week that most people, it did not automatically install. So go check for that. It's just, yeah, Apple's, so that could be part of it.

And just for context, there are, I checked, according to one source, there's one point five billion iOS devices out there right now in active use. So a quarter of those is still like three hundred million, which is like the entire population of the U.S. So even though this is an older iOS device, it still affects hundreds of millions of people potentially. And if this has fallen into the hands of the average... What's the word I'm looking for? The average cyber criminal, then...

What I was saying earlier about they're only going to use this on dissidents and journalists, and unfortunately that does not seem to be the case. So it is really important to keep your stuff updated. It is... Yeah, I don't know. I think that's all I got to say is it is really important to keep your stuff updated.

And I see some people in the comments, personal pet peeve, I see some people in the comments sometimes that are like, well, I'm still on Android twelve because I don't want the AI stuff. And it's like, I respect that you don't want the AI stuff and I'm not telling you you should just embrace it. But at that point, maybe you should be looking into like alternative ROMs or moving to a more trusted OS because, yeah, sometimes these security updates really are important.

um i think that's kind of the the bare bones of the story and that's all i got did you have anything to add that i missed um i think it is important that we talk about specifically like what this attack actually looked like so if you don't know this is like sort of i guess uh i verify was saying this is like a watering hole attack so basically that means it's an attack strategy where basically an attacker will find websites that users commonly visit and then use those websites to distribute

malware. So in this case, it was The attack was against users running iOS, eighteen point four to eighteen point six point two. So just to be clear, the if you're fully up to date on iOS eighteen, you should be on, I think, iOS eighteen point seven point something. So this didn't affect like even if you're running iOS eighteen, it may not affect you. So just be aware of that.

And the attack itself was basically as far as iverify is stating here it was a you know an attack from russia and it was specifically um a used on government websites so ukrainian government websites um so that was any website ending with gov.ua so basically they were able to um compromise Ukrainian government's servers and basically put this malware out there onto these devices.

And especially because it was a government website, it was very, you know, no one from another country is going to be visiting that website. So it's a pretty effective way to infect a lot of people's devices. And I think, you know, staying up to date is important as well.

But I think, you know, I think a lot of people probably wouldn't have been affected by this if they were running lockdown mode, because it does sound like this is probably that would probably block the uh the exploit chain because in a lot of cases this this exploit itself was written in javascript and the exploit according to iverify it was uh it used six vulnerabilities across two exploit chains so um i think you know Staying up to date is important, but also minimizing your attack surface.

So in this case, not using all these third party, um, you know, JavaScript libraries, locking that down with lockdown mode, that's gonna definitely protect you in that case. Same thing with Android, right? You can, I know on Graphene OS, they, they use like MT on the browser and a bunch of other protections. So I think reducing the attack surface and just in time is also commonly exploited JavaScript.

Um, So I think disabling a lot of those things can help, but obviously, you know, updating your device is important, but I think, you know, it's usually the, uh, these things that like are there for like web convenience and are actually there to protect you. Like the. they use for rendering WebGL stuff, that that can be exploited. I think it's important to be aware of that and not to just trust every single website just because it's a government website, right?

Um, so I think there was another thing that they also said, um, basically because they didn't obfuscate the JavaScript, um, it basically was sitting on the website and a bunch of other groups were stealing the code to use as well. So, uh, apparently according to iVerify, um, a Chinese criminal group was also using this, um, Dark Sword and Karuna exploit, um, So yeah, just be on the lookout because people are definitely using this. So make sure you're updated.

Make sure you're using lockdown mode if you're thinking you might be a target of this. But it does seem like this is like a very large like they're trying to target a lot of people with this. It's not like a specifically, um, it's not specifically targeted towards a single individual. Um, so I'm sure that there's people in the military, in the Ukrainian military who probably visit those websites who unfortunately have been, um, compromised.

So it's, it's a wide, they're casting a wide net to, to, to get access to people's, um, devices. But I think, uh, I think the, the estimate that they've given on here was on the, on the, on the high side. I think I saw a couple of other websites saying it was closer to two hundred million devices affected. So I don't know. I think it's, yeah, just be on the lookout for that. I don't really have too much more to add. Do you have anything else you want to add here, Nate?

No. Yeah, that like three hundred million number was just an estimate I came up with by doing the math of like one point five billion devices or whatever. So it may not be exact. That may be on the high side. But yeah, it's thank you for mentioning lockdown mode because I definitely forgot to mention that. They did say that lockdown mode would have defended against this. So Apple did. Like you said, they did push out an update to devices that are not able to update to iOS twenty six.

So if you're sitting here and you're just like, I can't update, dude, we'll make sure you get that update at least because that would be helpful. But yeah, also lockdown mode is helpful. Yeah, like you said, that's an important piece of context is whoever got a hold of this, which I think was Russia, like you said, they kind of left it out in the open.

So originally they were using it specifically on like Ukrainian news sites, Ukrainian government sites, like they were clearly targeting Ukrainians. But now that they just left it out there unsecured and anybody can go grab it and there's like comments in the code about what each module does and how to use it. So it's kind of like, They made it so easy now, and now it's out there in the wild, and who knows where it'll pop up. So yeah, that's unfortunate for sure. Definitely.

I guess we can move on to the next story here, if you want to take that.

Sure. So this next story is about the U.S. government buying location data. And I know this probably... This is and isn't a surprise. So back in twenty twenty three, the government put a pause on buying location data. I cannot remember if that was something that they were ordered to do by the White House or if they just stopped doing it for one reason or another. But they stopped doing it. And now I think confirm is a strong word here.

Here in the title, I believe, is that, yeah, director confirms he didn't confirm. So the question was. Basically, Ron Wyden, who I think not a controversial take. We like him for privacy at least. I'll be honest. I don't know any of his other policies, but he does really good work for privacy, and he's really on the ball for that.

He asked the FBI – or he asked Kash Patel if the FBI would commit to not buying Americans' location data, and Kash Patel said that the agency, quote, uses all tools available to do our mission. So he didn't directly say it, but he I mean, you know, come on when he refuses to admit it for sure. So this. This is a. Outside of the privacy space, because I think in the privacy space, we all universally recognize that this is an awful thing that needs to stop.

But even even in mainstream circles, this is a very controversial thing that the U.S. government does law enforcement because. Law enforcement is supposed to get a warrant whenever they want to search your data. And by going to these third-party vendors, they don't have to get a warrant.

But the article notes that, interestingly, this is – Well, okay, maybe this isn't a one-to-one, but the FBI claims it does not need a warrant to use this information for federal investigations, though the theory has not yet been tested in court. So the way that I read that is like maybe this whole – going to third party brokers, if that went to court and a judge said, no, you can't do that, then maybe that would become illegal, but it has not yet been to court.

Or maybe it is just totally legal. I know, I believe Wyden has in the past tried to introduce a bill. It was called like the fourth amendment is not for sale act or something, which would have outlawed this specifically, but of course it did not pass. And now I know the, I think section seven Oh two, if I remember correctly, which is, what allows the NSA to like bulk collect data, um, that I believe is up for renewal and, um, hopefully will not get renewed.

But then it says here at the end that Wyden and several other lawmakers have introduced a bipartisan act called the Government Surveillance Reform Act, which among other things would require a court authorized warrant before federal agencies can buy Americans information from data brokers, which personal opinion does not seem unreasonable. Like I don't think anybody's telling them not to do their job.

I think we're just telling you to go through the proper channels where there's oversight and there's accountability. But I don't know. They seem to disagree for some reason. The last thing I want to mention here – this has become a little bit of a personal crusade of mine. It says here for audio listeners, it says that U.S. Customs and Border Patrol control – Border Protection, excuse me.

U.S. Customs and Border Protection purchased a bunch of data sourced from real-time bidding or RTB services according to a document obtained by Foro Foro Media. So – For those who do not know about this, there's a lot of really good resources out there. EFF has an article. I mentioned before that Byron Tao has a book called Means of Control that dives in deep into this. But the way that ads on the internet work is you go to a website that has ads.

Let's say Reuters because as much as I like Reuters, their website is littered with ads. Most news websites are. So you go to a news website and – When there's that ad space, they basically open it up for bidding, just like any given auction. They're like, who wants this ad space? Who's willing to pay the most for it? And in order for those advertisers to decide how much they want to pay, they get your data.

They get a copy of your data so that they can decide, oh, this person is worth this much to me. And then they submit their bid and whoever wins, you see that ad. The thing is they don't have to bid to get your data, which in theory makes sense, right? Because if they get your data and they're like, oh, nevermind, I don't want to bid, but they still have that copy of your data. And so this is a proven thing.

There are companies out there who will enter the advertising ecosystem just to get a copy of your data and then turn around and sell it to people like the FBI. So where I'm going with this is if you are not using an ad blocker, That is, in my opinion, one of the currently most overlooked ways to protect your privacy. And obviously there's a million other ways, right? You need to switch to a secure messenger. You need to switch to a... private email.

Ideally, we should get off Windows and switch to Linux and stuff. And I know I have a Mac in front of me. It's specifically for streaming and editing, for the record. This is not my daily computer. But we should make all those steps. But to me, the lowest hanging fruit to start with is installing an ad blocker because that real-time bidding is happening everywhere, all the time, constantly. And like I said, they don't even need to bid.

They can just sit there and collect your data and then resell it to whoever they want. Um, so yeah, that is that story. That is my takeaway from that story. Um, Jordan, did you have any, any additional thoughts on that one? I mean, I guess like this is kind of surprising, but I guess not like with, with the prevalence of data brokers and stuff like that, it's not that surprising.

Like they said in the, Oh, they said in the article, um, there was like, you know, the FBI is going to use all tools at their disposal to do their job. So, um, it's kind of, you know, it makes sense that they would do that, but I guess it needs to be like Senator Ron Wyden was saying, like, it's not really consistent with the constitution. Like it's a little bit, they kind of bypassing a lot of the protections that people had with, you know, places having to require a warrant instead.

Um, It is, yeah, I don't really have too much to add here, really. This is sort of a very American story, so I can't really comment too much about it. Yeah, that's fair. Yeah, I mean, it's a pretty straightforward story, really. I don't have too much to add other than what I already said. But just before we continue, I just did see a couple of comments we should probably quickly mention here.

So there was someone who said, how do you find out what security updates have been loaded if you can't update to iOS twenty six? So I wouldn't update to iOS twenty six. If you're on iOS eighteen, just make sure you're on the latest version of iOS eighteen. Um, I would also check the background security improvements tab as well. Um, that will also have like, there was a, there was a background security improvement that was released. I don't know if that's for iOS, you have to look at that.

Um, but I would make sure you're on the latest version of iOS. You don't have to update to iOS. Um, I think the latest versions fix a lot of these issues. So. Yeah, I wouldn't be too worried as long as you're on the latest version. Someone also said, what is the timeline for the disclosure of these sorts of things? Is the idea it's better to announce it to help make people update? I think they've already released. Usually, they notify the company, in this case, Apple.

Apple releases a fix, the fix gets released, and then they disclose it to the public. And then that's basically where we're at right now. You need to update. to make sure you're not, there's no background improvements option to check. Uh, maybe that's an iOS twenty-six thing. I don't think so though. Um, I believe it's in... I don't have an iOS eighteen device to check exactly where it is. Um, but there is, there should be a setting there.

Um, but yeah, we're in the, we're in the point right now where we need to be updating. That's why iVerify came out with like this whole, um, press release, I guess, about the Dark Sword attacks and... Karuna stuff.

Um, so yeah, it's kind of, uh, unfortunate, but I think people should be, that's why we're trying to share it as like the main story here, because if you're running an older version of iOS, I kind of do wonder as well, if this would affect older devices, for instance, like I was and I was because I know there's some devices that are limited to like iOS or .

So it'd be interesting to see if they're also affected, but Yeah, I think this is one of those things where you need to be using, I think, I think lockdown mode doesn't really introduce that many problems now. Like a lot of websites have already fixed out. Um, oh, it's only iOS, that has background improvements. Okay. I thought it was a, I think they called it something else. They call it like rapid security responses or something.

um so maybe i don't know that is a good point i guess um looks like nate is back here hello hopefully i'm back um this is the first really warm day we've had of the year and i think my camera was overheating so um if it goes out again i apologize y'all but i think i found a solution for now that can get us through the episode awesome then uh why don't you take us into the next section of the show here yeah so um in a little bit we're

going to talk about google's updates to their third-party app installation procedures but first we're going to give some updates about what we've been working on at privacy guides this week so we'll start by talking about the videos our private messaging video is now available to the public so if you are not a paying member you can access that now paying members do get early access to these things but uh that is up our next video will be about encrypted email um which that is fully

recorded and the first round of editing is done so that is off to jordan to work their magic and they uh they do all the graphics the zoom and they basically just make it look a thousand times more awesome which we are super grateful for And we, a lot of you guys, if you tuned in last week, you saw that Jonah and I were at an event for South by Southwest, an unofficial event. And we had the awesome opportunity to record some of those talks.

And those should be out hopefully in the next coming days. They should be trickling out. There's only a few of them, but they were really insightful and really good. And we wanted to share those with you guys. So expect those in the near future. Awesome, yeah. I think there's also, yeah, Nate's kind of been piling on the videos for me to work on. So I've got quite a big backlog now, which is great. So definitely be on the lookout.

I think we're trying to have something come out next week For our members, hopefully that encrypted email video. That's the plan at least So definitely look out for that.

And there was also a couple of extra things we should have mentioned We had privacy guides news articles coming out So Freya is working on that every week and we have a couple of new articles that came out this week one was about Instagram ending end-to-end encryption on their DMS, which is kind of a very surprising i guess but also like facebook being facebook i guess um they just end up making their product worse uh i don't know instagram has notified its users that it will no longer support

end-to-end encryption after may eighth so if you use instagram i feel like not many people in our community are using instagram but it's good to know uh good to put the info out there but And there was also another one about, we were debating on talking about this one, but Pokemon Go players data was used to train visual positioning AI.

So there was a parent or spin-off company from Niantic which basically runs Pokemon Go and they used images from Pokemon Go to train its visual positioning system. So that is kind of scary too. Freya did a great write-up on that so definitely check that out as well. And there was also another thing, it's kind of another thing where we're keeping on the lookout, which is like the homomorphic encryption. Intel made an advance in that area.

I think it's a lot to do with these, you know, the ability to do server-side processing end-to-end encrypted. So the server processes the data, but it doesn't, isn't available for the server to access, which is kind of a problem we have with like AI at the moment. because it's kind of hard to run that on your device as well. Like, you know, you need a lot of RAM, you need a lot of CPU processing power. Mobile devices can't really do that.

So yeah, this is basically a trusted execution environment, which segregates the CPU using encryption. Definitely read into it. Freya did a great write up of that as well, explaining the whole system there. So if you're interested in that, check that out too. But yeah, if you want to stay up to date with that stuff, you can go to privacyguides.org forward slash news if you want to check out that.

Nate's also doing every week, he does a Data Breach Roundup, which is really useful if you want to make sure you stay on top of things and you aren't missing if you're in a breach. A lot of tools that detect if your credentials are in a data breach are usually pretty slow to determine that because they have to add the data set to scan it. So if you're wanting to keep on top of data breach stuff, definitely check that out. Nate does a great job on that. It's very comprehensive.

Let's see how many here. One, two, three, four, five, six, seven, eight. Yes. So eight ones this week. I basically write about any data breaches that come through my RSS feed that affect individuals. If it's like company had their source code stolen, I don't usually cover that stuff. But yeah, so it varies week to week. Sometimes there's like three, sometimes there's like twelve. So kind of a medium, a midweek, which is, I guess less data breaches is better. Let's normalize less data breaches.

But yeah, that's kind of what we've been working on this week.

I guess we can head into the next article here. Nick kind of mentioned it before. basically Google is making changes to, if you haven't heard already, there was this whole project with keep Android open.

And basically Google was trying to combat malware by basically restricting application installation on your device but it was usually apps outside the google play store so it would stop you from installing that and there's been a huge amount of backlash to this as well like we've uh we signed the open letter to google um with keep android open and if you notice that on our socials um you can share that with your friends and family get people talking about this because i think it's important that

you know, people are pushing against this because it's basically Google using their power as a monopoly here. Like they do have control over the Google Android ecosystem. It allows them to make these sort of wide reaching changes with really no one to stop them. Well, I guess we are, we are trying to stop them, but Clearly, we do have some power because this week there was a change. Actually, it was, I believe, today or yesterday. There was a change.

Google detailed a new twenty four hour process to we're not going to mention sideload here. We're going to we're going to say install unverified Android apps. because that's what it is. You're not sideloading, you're installing. So Google is planning big changes for Android in twenty twenty six aimed at combating malware across the entire device ecosystem. Starting in September, Google will begin restricting application installation with its developer verification program.

But not everyone is on board. Android ecosystem president Samir Samat tells us that the company has been listening to feedback. And the result is the newly unveiled advanced flow, which will allow power users to skip app verification. So I think one thing to mention, like right off the bat here, people will probably have, uh, they're probably thinking like, oh, does this affect my Graphene OS device?

Oh no, I'm not going to be able to install apps without going through the sideloading, uh, installation process that warns me I'm installing something. No, this is affecting Google Android devices. Um, so just to put that preface here, um, So basically, uh, as Nate's showing on the screen, there's now this new advanced flow for power users to install apps from unverified developers. So basically Google wants developers to register centrally with them, which often requires payment identification.

Not many people who create these, you know, independent free and open source apps want to verify through Google. It's the whole point, right? Um, Yeah. So there's a twenty five dollar fee. These independent developers, you know, I think a lot of independent developers aren't really up to paying the twenty five dollar fee. Like I've seen people who were kind of like, oh, I don't want to pay Apple's one hundred dollar a year thing to publish on the App Store.

Same thing in this point, like twenty five dollars. for someone in India might be a significant amount of money or in Turkey or, you know, a country where the currency is worth a lot less. So I think that also puts another barrier on people where, you know, they would be able to release apps without having to worry about that. But it does seem like Google has folded a little bit here.

Basically, The whole flow is that it makes sure no one is telling you to turn off, to allow you to install from unverified sources. Basically it'll say, yes, someone is guiding me. No one is instructing me. And then it starts a security delay of twenty four hours.

And once that delay has been passed, then it allows you to select which option you want to do, which is turn on temporarily, which will allow installing unregistered apps for seven days or turn on indefinitely, which will allow unregistered apps to be installed indefinitely. And it does give you a confirmation tick mark. You can select install anyway. I think this is.

really just uh we can kind of read uh keep android open did actually put a response to this so let's just have a look at what they said um but i think you can take that um nate if you want sure uh give me one second i'm pulling that up right now i had that tab open and then i closed it okay um so keep android open yeah they did they said this is not a solution um and they kind of highlighted some of the issues in this is the actual workflow.

I think this is actually copy and pasted from that article we were just showing you guys. But they say you have to enable developer mode, which there I think this is to kind of illustrate to people why this is a little ridiculous. And to me, this also was like the first thing that I was like, oh, but why? For those of you who've never enabled developer mode, you have to go into your settings.

You have to go to about phone and then you have to find software build number and you tap that seven times. Which, I mean, obviously it's tapping a screen. It's not that hard. But just the fact that you... Because once you enable developer mode, then you unlock a whole new menu of settings. And it's just kind of like, but why do we have to go in there to enable this? That is very onerous. And then they point out that they call these scare screens, confirming that you are not being coerced.

You know, there's another scare screen warning. And then, of course, the twenty-four hour waiting period, which... As Jordan noted, Google's argument for the twenty four hour waiting period is that. So I'm not trying to defend Google here, so follow me on this one. From what I understand. Sideloading malicious apps is a much bigger problem in other parts of the world outside America and Europe. Like I think they said it's going to roll out in. like Brazil. Yeah, here it is.

Brazil, Singapore, Indonesia, and Thailand. And that's because those are the areas where these types of scams are extremely common. And the way those scams will work is they'll call you with some kind of pretense about like, oh, your bank account's under attack or whatever. We need you to update to the latest app, but it's not in the app store yet. So we're going to have you sideload it and they walk you through the process.

So the idea is that if there's a most scams, um, as you guys probably know, most scams rely on urgency. They want you to just do it now so that your brain doesn't have time to kick in and go, wait a minute. Like, I don't know if, uh, well, some of the older members of the crowd might remember.

And I'm counting myself when I say that back in like, there was a scam going around that was like, Oh, I was on vacation in like, you know, um, was it like somewhere in Southeast Asia, not India, but like Not Thailand. I can't remember where it was. But anyways, I was on vacation in this part of the world and I lost my passport and I got arrested and I need you to wire me like two thousand dollars to buy a new passport.

And I remember I got that one from my mom and I just laughed and deleted it because I'm like, we don't have the money to be traveling like that. Like, I know this is a scam. There's no way. Um, and so, but a lot of the time, like when you get those, the idea is like, Oh, I need it quick. Or they're going to, you know, my, my hearing is tomorrow. Like the embassy is going to be closed this weekend.

Like they want you to not think and to just do it because once you start to think you're going to be like, wait a minute, why didn't they tell me they were going to Thailand? That seems like really big news. They would tell me.

Um, and again, there's like a million other variations, but the point is that's, that's the point of the force that that period of time where it stops and slows down but um yeah that that is still really honest because now like let's say i get a brand new phone right and i'm trying to set up this phone and you know being in privacy i do a lot of sideload excuse me installing i do a lot of app installing from non uh outside the play store and so now when i get that phone i

have to enable this and then wait a whole day before i can actually start setting up my phone which is Really not cool, especially if, I don't know, your phone blows up or something. Wouldn't know anything about that. But anyways, yeah, all that to say, like, I agree with them. I think this is really... On the one hand, I feel a little bit of sympathy for Google. Just a little bit. Because they do want to... You know, they pointed out here in the actual article, they said that... Where was it?

Yeah, in a lot of countries, there's chatter about if this isn't safer, then there may need to be regulatory action to lock down more of this stuff. And I don't think that it's well understood. This is a real security concern in a number of countries. And that came from Google's spokesperson, which, yeah, I mean, obviously he's trying to push his narrative, but I think he's right. I think this is a real security concern that Google's trying to solve.

However, I also don't have a lot of sympathy for Google because I feel like every month, at least once a month, usually more than once a month, I read an article from Bleeping Computer or Ars Technica that's like, oh, Google just removed an app from the Play Store that was malicious and it had like a million downloads or a couple million downloads. And it's like, I never read those stories from Apple. And again, Apple's got problems. I'm not trying to put them up on a pedestal.

But My point being is like, and they do happen with Apple, for the record. I've seen them. But those happen a couple times a year, tops. Whereas with Google, again, it's like almost every month, sometimes even more than that. So I find it kind of hypocritical that Google's like, oh, we need to fix this problem. But you're not necessarily guiding people towards a safer alternative. You haven't really made the Play Store safer, in my opinion. So it kind of weakens their argument. But yeah, yeah.

I don't know. I think if we want to give Google the benefit of the doubt, which I know a lot of people don't, I think they are trying to strike... I think now because there's pushback, they are trying to strike a balance. But I definitely understand that this does feel very heavy handed.

I'm not looking forward to the idea of like I'm getting a new phone and now I have to wait twenty four hours, which I mean, I guess I use custom operating systems that, you know, the classic like that won't affect me. But, you know, my wife still uses stock Android and she's not ready to make the jump to custom operating systems yet. But she does use like Neo store and some of those alternative systems.

um side loading excuse me uh those third-party app installation features and so it again it sucks that it's like she's gonna get a new phone and it's like hey first thing you do go in and turn this on because we gotta wait a whole freaking day for it to get out of the waiting period so yeah i don't i don't think this was the best solution they could have come up with and i i think they um I don't know.

I don't know what is the best solution, but yeah, I think this is really heavy handed and I would like to see something even less obnoxious than this personally. My big thing is the developer settings, but I know there's other issues as well. Yeah, I agree. I think this is...

Obviously, it's not ideal, but I think it's important to remember here a thing that the Keep Android Open team was saying here is this entire like the thing that we showed before that Nate had on the screen, it was the entire flow is delivered through Google Play services. So it's not actually part of the Android operating system. So the thing with Google Play services is that it kind of just automatically updates and applies changes to operating system without your consent.

This is useful for Google because they need to roll out fixes or introduce new features. But when it starts being about whether you can actually install apps from third party sources, I don't think we want Google to be the the arbiter um i think you know uh they state here the advanced flow has still not appeared in android beta dev preview or canary releases so basically this entire flow that they're displaying is basically just a blog post and some UI mockups.

So I think we should wait until we see how exactly this works until we actually get our hands on it. I don't think anyone should be accepting this. And I think there could be a better way to do this. I don't know what that solution would be, but I think, you know, as soon as you start placing restrictions on third-party developers, I think it's getting to the point of like, it's slightly anti-competitive.

I mean, a lot of these apps aren't trying to make money, but I think everyone should get a fair chance of being installed on someone's device. People should be allowed to choose what they want on their device. They shouldn't have to go through a twenty-four hour waiting period to install something on their device. We should be able to choose what we want on our device.

So, I don't know, I think just from a freedom perspective, Everyone should be in favor of people being allowed to install software on the device that they've paid for. Like Google is basically just becoming the arbiter of app installs on your device. It's like a very, I don't know, like people definitely wouldn't have accepted this like ten years ago, but I feel like we've gotten to a point now where like everything is so locked down. like restrictions on apps are becoming worse and worse.

So people are more likely to accept this slight compromise that Google's made here. But I think it's still not time personally. I mean, I know Nate said like he was he felt like it was a decent middle ground. I think it's okay, but I think we can definitely push Google for something a bit better. And hopefully we'll actually see an implementation of this before it actually gets released. Because I think right now we've only got like a hundred and sixty three days until it's locked down.

So we need to see a working prototype. We need to see at least something from Google to know that this is not kind of just a sham to make everyone stop talking about this and be like, Google has announced that they're going to fix it. You don't need to worry about it anymore, everybody. And then, you know, Google rolls out the original implementation. But yeah, someone says Play Store sucks and Yeah, I think Nate just said there was so much malware on the Play Store.

I don't think it's particularly useful that they're saying... Obviously, there's a larger percentage of malware used through these unverified apps, right? But I don't think the Play Store is also very safe because I've got grandparents, I've got older people in my life, and... They absolutely will install a torch app that requires your GPS location and your camera and your messaging history and your contacts and, you know, they weren't, they weren't bad at that.

And that's clearly like a data harvesting app, but Google play has no problem, uh, allowing that app to be, uh, installed on people's devices. You know, there's apps that like spam your phone with notifications and like ads that's perfectly fine to exist. Um, I think, yeah, every, every store is going to have, uh, Every store is gonna have malware and issues. I think even really curated ones are gonna have apps that have vulnerabilities as well.

And I'm sure something might sneak through eventually. It's not like there's definitely not a zero percent chance And I think, yeah, most people would prefer, most people probably don't even know that there's another way to install apps. Like most people would just assume that Google Play is like where you get your apps from. Like it's kind of a problem that Google's created because they want to be the number one place to get apps, right?

So yeah, anyway, sorry, I feel like I've been rambling a little bit, but hopefully that helped add some points to discuss here. I mean, I ramble plenty, so it's totally fair. Yeah. And I mean, just to kind of back up what you were saying, like, yeah, there's never going to be a perfectly vulnerability free store. I mean, like I said, it happens to iOS every now and then. It's just it happens a lot less on iOS.

And I feel like to Google's defense to what you were saying is they will remove apps as far as I know once they get found. But it's the fact that they got there on the first place. Like, why does this happen so much less on iPhone? And I have to assume it's a vetting thing because, you know, I mean, sure, there's a higher barrier to entry to put your apps on an iPhone in the first place. But at the same time, it's like, They still try to submit malicious apps there too.

Like there was a study a few years ago about how Apple has stopped like a quarter of a million malicious apps from ending up in the app store. To be fair, maybe Google's got like, we've stopped one million. Like I don't know what their stats are. But my point being is like, clearly Google could put more effort into this. And I just feel like it's really disingenuous to be like, we want to keep people safe. So we're going to push them into our store, which is only marginally safer, arguably.

And it's also like a... um, what do you call that? Like a survivor bias or a confirmation bias where it's like, okay, sure. We hear about all the maliciously third-party unverified apps that get installed, but at the same time, what about the, you know, I, at least fifty percent, probably more than that, of the apps on my phone are third-party unverified apps. They're, you know, NextCloud, they're, um, Trying to think what else I have on there. I don't know.

My brain's drawn a blank, but they're, they're all things that like signal, you know, they're, they're all things that I can obtain from outside the play store. So I prefer to do that because I don't want the Google analytics there. And it's like, those are never malicious. So those never get reported, but you know, it's yeah, I don't know, but it's crazy. And just to be clear, I didn't necessarily say I like this solution. It's just not as crappy as what it was. but yeah, it's still not great.

And one thing I think you mentioned earlier, but I kind of forgot to touch on as well is this whole, Google is not really giving satisfying answers to a lot of this stuff. Like, so you mentioned the twenty five dollar fee and how twenty five dollars is like a lot more to somebody in like India, for example. And he did say that like, oh, we're going to account for that. We're going to kind of balance it out. But it's like this. Who was it? The Samat person.

I forget what the role is, but they didn't really answer any questions like they did. at least this Ars Technica, they mentioned like, I don't know if they actually asked Google directly, but they did mention things like one of the concerns is that Google is now building this list of app developers if the developers choose to get verified, which already presents a host of privacy and security concerns. Like here in America, we had that whole like a, like that, what was that?

Ice spotter, ice block or something. We had that app where you could report sightings of people Immigration agents. And in some countries, that is super illegal. Even just peacefully putting some kind of protest app, super illegal. And so if that person chooses to verify, now Google has their information. They have their payment. They have their government ID. They know exactly who they are. And so Google...

Um, like actually right here, Google swears is not interested in the content of the apps and it won't be checking proactively when registers developer, uh, when developers register, excuse me, I can't talk tonight. Um, this is only about identity verification so that basically if they become a, if the developer distributes malware, they're unlikely to remain verified and they can get booted from the program.

Um, but then like, you know, when he's a, when this smart person, he's like, Oh, but this, uh, you know, we're not keeping a list of developers. Well then how are you going to verify if somebody is a repeat offender? Like your, your answers don't make sense here. And yeah. Um, I also just need to, to be snarky and point out, he says that, uh, Not everything is malware. It depends on the context.

So like a rootkit is malware, but a rootkit you download intentionally because you want to root access to your phone is not malware. Likewise, an alternative YouTube client that bypasses Google's ads and feature limits isn't causing the kind of harm that would lead to issues with verification. Anybody who uses things like NewPipe or FreeTube knows that those things break about once a month because Google does something on their end to block it.

And then they have to update and do the cat and mouse. So yeah, that was just kind of funny to hear them cite that. I don't think that came from Google, for the record. I think ours wrote that. But it's still kind of funny to hear them cite that as an example. And it's like, yeah, but Google still treats that stuff in a very hostile manner.

Yeah. Yeah. I think the other thing that you kind of mentioned it a little bit, like with the ice block thing, but I think there's plenty of countries that we've already seen this happen with where like, you know, having a centralized app store kind of allows governments to basically get apps removed or to like have apps not be allowed to install on devices.

Like I'm pretty sure the, the way that works, like in China, a lot of apps don't want to comply with a lot of the like legislation that they have. Like, Oh, you've got to, share a certain amount of data or you have to meet these like economic requirements or whatever. Um, and so they're actually just removed from the play store or for like censorship reasons. Like there's stuff that's being shared on those platforms that they don't want, um, people to access basically.

Um, so having the centralized, like we already saw this with like iOS devices, basically turns your phone into a Rick. Like you can't install the software that you want on it. Right. Um, But yeah, I think it's like it's like with Linux, right? You can kind of install software from a trusted repository and you can also add additional repositories. I think it should work similar on Android. Like you should have the option to have install stuff from additional places.

Maybe there's more of a warning about it, but I don't think having to go through developer settings and all this stuff is particularly great. I think it definitely also puts up a bit of a barrier, especially when you're like, showing all these warnings like, this is very un-recommended. What you're about to do could compromise your device. It's not gonna sit well with someone who doesn't understand the technical reasons why they're showing that.

Yes, a lot of cases it's it could be useful for someone to see that warning. But if it's like someone and they're like, oh, I want to be able to watch YouTube with without the ads, I'm going to download new pipe. And it's like this app could compromise your device. This is a highly this is a highly suspicious action you're about to take. Are you sure you want to do this? People are going to be like, oh, this is just malware. I'm just installing malware. It's not malware.

So I don't know, not really happy with this situation. I think we're going to keep pushing Google here to make a better decision. I just think they should go back on all of this and just go back to what it was before. Like you have to enable it, right? But it should still be an option for people. Um, I don't know if there's a better way. Maybe they have a way of scanning like the device to see if the permissions are suspicious or I don't know.

I can't really think of a better way that doesn't involve Google just like doing more invasive stuff on your device. But I mean, I think it should go back to how, like how it is on Linux. Like you can install additional repositories, you can install the applications you want on your device. And that is an increased risk of using a third party platform to install packages or like using a third party repository.

But that should be up to the user to determine if they want to take that risk, not Google, who's like making that decision for you. But yeah, that's pretty much all my thoughts on this one. Do you want to take the next story here, Nate?

Yeah, sure. So this will probably be a pretty quick one. I just thought it was really interesting because I am a nerd who really likes thought experiments. And the headline from this one, this comes from Slashdot. It says, should Banksy remain anonymous? And the original article comes from Reuters. And Reuters did this really deep dive um, really deep dive. Uh, I'll be honest. I didn't read it all cause it's so long, but I skimmed it.

And, uh, they tried to identify Banksy, which for anyone who doesn't know Banksy is a very, very famous, um, graffiti artist, I guess you would say. Uh, well, I mean, I would say artist in general, he's done a lot of like legit artwork as well, but he's also well known for doing graffiti work, um, all around the world, actually, not just he's from the UK, I believe, but, uh, Well, we're assuming he's from the UK. I believe that's where he's most active.

But Reuters did this deep, deep dive to try and figure out who Banksy was because there's been a lot of I mean, of course, there's been a lot of speculation over the years. And there's also just been a lot of there's been a couple of like, we're pretty sure it's this guy. It might be this guy. But they set out to like for sure figure out who he is. And spoiler alert, I think they did. And I kind of don't like that personally. I think it took some of the magic out of it.

But I liked this headline of should Banksy remain anonymous? And I thought that was something interesting to think about because there's a few different angles here. One of them is a legal liability. This dude is technically a graffiti artist, although... I don't think it's here in the Slashdot summary, but in the actual Reuters article, they mentioned how he does kind of seem to get a pass because he is so well-known. And to be fair, his art probably brings a lot of tourists and stuff.

So even though he's technically doing illegal things, other graffiti artists have noticed. It's like, if I did that, I would absolutely go to jail. But the police don't even seem interested in figuring out who he is anymore. They're just like, yeah, whatever. He made some art. Let's clean it up and move on. But... They also talked about his lawyer when Reuters reached out to them and said like, hey, we want a statement for this piece.

He urged us not to publish this report, saying doing so would violate the artist's privacy, interfere with his art, and put him in danger. And they pointed out again that what he's doing is technically illegal and the police could come after him and it could stifle free speech.

So yeah, it was just – it was really interesting to – um i mean i i have a feeling our our whole audience is going to say like yes he should remain anonymous or maybe not maybe you're one of those like hardline lawful good people that's like yeah it doesn't matter if he's not doing any real damage i mean he's costing some people some paint on their building but other than that he's not doing any real damage let him do his thing but it was just really interesting to see this um

this again huge deep investigation on the front page of reuters that uh kind of challenged like I don't know. It was just really interesting. I don't think I have much more to add than that, to be totally honest. But to... To kind of like, where is that line? I think that's kind of where my mind went. It's like, where is that line of like, again, yes, he's doing something illegal. He should not be allowed to do that, but also like free speech and free expression. And it's not just the UK.

He protests things all over the world. Like he's drawn on the walls in Palestine, separating Israel from Palestine. Most recently he was in Ukraine, which is what sparked this investigation. So it's not all like him saying, living in a repressive regime, criticizing his government. Well, I don't know. Some of the stuff I've seen come out of the UK lately has me really worried. Maybe he is living in a repressive regime, but it's not all that.

It's also him going to other places around the world just to make all kinds of statements, all kinds of political statements, I guess. But, you know, just kind of the hippie stuff, you know, like, why can't we all just get along kind of political statements? But it's yeah. Like I said, I really don't have too much to add to that one. It's just it's just an interesting story that I thought was a good discussion about, I guess about public interest, right?

Because we think about that a lot too, about famous people and how much privacy versus transparency do they deserve depending on their roles. And I don't know. I like thought experiments. I think that's what prompted me to want to talk about this one. I don't know if you have any thoughts on this. I think when it comes to art, I think this is, you know, there's plenty of artists that do this sort of stuff, like not just Banksy.

Um, and you know, obviously people, the government is not going to be super happy if you're like defacing a public building or like there's a, there's, I think defacing is, is certainly up in the air, right?

Like I think in a lot of cases, uh, it's very much like, you know, trying to make a message, trying to make a pub, make a message publicly, people publicly aware of an issue, for instance, like, uh, I don't know if it's, we've had a lot of like street art just like pop, pop up in Sydney, Australia, like, and it was never, you know, it was never publicly sanctioned.

It's just a lot of it's to do with like know street art um criticizing the government criticizing like social justice issues um i think you know it's not really hurting anybody so i think you know maybe i'm it's it's it's showing an art artist's vision i think in a lot of cases when there's like graffiti uh it actually brings people, like Nate said, it's like a tourism thing, especially when it's like a famous artist. There's plenty of places where there's like graffiti in places.

Um, and people come there just cause they want to take pictures. Um, it doesn't have to be any famous artists. Right. Um, but I think, you know, it's part of the community. It's part of like, it's just, it's kind of an expression of people in that who live in that place. Um, so I dunno, I think it's, I don't think Banksy's identity should be like revealed obviously. Cause I think, you know, people should be able to choose whether they, share that information or not. Um, I think it just applies.

It doesn't really, I think someone could definitely make the argument that because he was technically committing crimes or like not crimes, I guess maybe like a, I don't know what you would classify graffiti as like vandalism, I guess maybe, but yeah, some kind of misdemeanor, I think. Yeah. So I think, you know, It's up to the community to determine whether it's acceptable or not, I guess.

I think you know there's definitely a difference between like a lot of people just do like tagging stuff or they like put their name on something that's not really art that's just like vandalism but I think if it's actually something that's trying to display a message I think it's a little bit different um like social commentary and stuff I think is definitely more acceptable but I think you know legitimate actual street art is definitely on a different different level,

but I think it's definitely, I think one of these things where it's down, it's down to someone's beliefs, um, as a person, like it's not really a very clear cut thing. I don't think, um, whether it's a clear cut, obvious answer, but I think in this community, it's like, you know, I think people should be for protecting artists, privacy, protecting anyone's privacy if they don't want to have their identity revealed.

But, yeah i think yeah i don't really have too much more to add do you have any thoughts no yeah um i mean yeah i was really disappointed to see that they went ahead and published his name anyways or who they believe it is um And it's, I'm with you on the one hand, because like, to me, it's like, I don't think his message is controversial.

You know, I could see the argument of like, well, let's say I own a business and he graffitis the side of that business with a message that I don't agree with. Like, okay, I hear that, but he's not in my opinion. I mean, I don't see anything controversial about any of the stuff he's posted. I mean, for the record, I don't follow him super closely. So I don't know if somebody is going to go dig up and be like, oh, go look up this painting.

This was like super political and somebody may not agree with that one. on the wall in Palestine was like it was like it was forced or not forced perspective but you know it was like it was a lifelike painting of like a hole in the wall and it was like this beautiful beach on the other side and you know it's art so it's open to interpretation but the way I took away from that was like this could be paradise if we could find a solution here. And he wasn't trying to say what the solution is.

He was just trying to say like, be human, be kind to each other and figure out a solution. And it's like, I don't think that's a particularly controversial take personally, but yeah. So, I mean, it's, it's, I don't know. I think there's much worse crimes in the world, but yeah, it was just, I don't know. He's, he's so, yeah. I was disappointed to see the Reuters went ahead and published it, but yeah.

It's interesting to think about because I think about that a lot as a quote unquote semi-public figure is like, how much transparency do I owe people versus how much privacy do I get to have as an individual? And it's, I don't know. Yeah, life is full of nuance. Definitely.

All right, so in a moment, we're going to start taking viewer questions. So I know there have already been some questions, but if you guys are holding on to any more, definitely go ahead and start leaving those in the chat or in the forum thread. But for now, speaking of the forums, we're going to check in on our community forum because there's always a lot of activity. This week has been no exception, been very busy week. So here's a few of the most interesting discussions happening.

And the first one we're going to talk about is there's a community discussion about Firefox's new features. So for those who don't know, Firefox, I believe it's one forty nine is coming out here pretty soon. And it's got a few pretty big changes. Some of them are very. Cosmetic welcome cosmetic, for the record, like I just found out. I feel dumb. But I just found out two or three weeks ago that in Brave, you can do split tabs.

So it's kind of like tiling a window, which I just realized I should totally be doing here, but I'm not. The split tab thing, I mean. It's kind of like tiling a window, except it's the same window, and it's just the tabs are side by side. which is probably a little bit of a niche use case, but it's really cool for me. It's really nifty and I like it. Firefox is going to be adding that, but then there's also some more serious things. Like there's a sanitizer API, which...

I'm forgetting off the top of my head exactly what that does. I think that's supposed to help protect against cross-scripting attacks, but don't quote me. It's definitely a security update. And noticeably, this one is new. Apparently, they've announced the sanitizer API before. But Firefox is going to include a VPN. I believe from what I've heard, they did not really say for sure in their blog post, but it will be free for up to fifty gigs a month.

And to start with, it's going to roll out in France, Germany, the UK and the US. We'll see about the UK if they start requiring ID for VPNs. But that's a different discussion. And yeah, I think I've heard rumors that it's going to be in-house. I know last time they did this, it was a white label of Mulvad. And I actually stand corrected because I've always said that like, I don't see the point of the in-browser VPN because I want more than just my browser to be protected.

And from what I'm told, that is not how this is going to work. It is actually going to like protect your whole device. It's just going to give you a lot more granularity in the browser. That's what I've heard. But yeah, Yeah, what do we think about this? I think I'll go ahead and say that I'm notoriously critical of Mozilla, but I'm happy to see them putting good features into Firefox. I mean, at least it's not an AI feature that nobody asked for, right?

So yeah, I think this is potentially a good step forward. I will be interested to see how that VPN works potentially, but yeah. Uh, I think you did, unfortunately, unfortunately, Nate, to, to ruin your parade of anti AI. They unfortunately did include, uh, there's an update in this, in this update, they're including smart window, which was previously called AI window, which is basically. Oh yeah. That, okay. I missed that. I was just reading the summary here in the thread.

Yeah. So unfortunately that is coming in this update. I think they realized calling it AI window was probably a bit too on the nose. So they've changed the name to smart window this time, I think. We did talk about this a little bit internally about this privacy, this free inbuilt VPN. I think the thing I was specifically talking about was Mozilla VPN. So this is a different thing. This is, I guess, Firefox VPN. which is different to Mozilla VPN.

Mozilla VPN, one of the cool things about Mozilla VPN, like Nate kind of talked about, was it would cover your whole device and then when you use Firefox, it would integrate with the desktop client and it would allow you to select different locations for where your browser would exit based on the website.

so you know obviously you wouldn't want to like access your bank's website and also be coming from like turkey because that would like cause your bank to like you know lock down they're not gonna they're not gonna like that um so that allowed you to have different end points coming out there um i think that is also very useful because you know A lot of times VPNs are blocked. Like on Reddit, you'll frequently find it's blocked. On YouTube, it'll ask you to sign in.

I think that's an interesting thing with Mozilla VPN. But I think like Nate said, this is a separate thing. This isn't the same thing. It's kind of confusing. They've got two products. This is only for your browser. As far as we're aware, they haven't said that it's going to be your entire device because they say this is a proxy. So as far as we are aware, that is only going to be through the browser itself, as far as we know. So I would say that's what we should think that this is first.

Um, I don't think this is, you know, an amazing. because I think we have such good free privacy, like full VPNs you can use now. Like you can use ProtonVPN free. Like they have quite good speeds. It's free. I think Proton's doing a great job by offering that for free to people. I think people should use that if they don't have another way to protect their privacy.

But I think especially with the low cost of VPNs at this point, like more that is five euros a month, like that is a pretty cheap price for a lot of people. But I think, you know, price is also it's a trying time. You know, people are trying to save money.

So I think, you know, fifty gigabytes of data is definitely pretty uh pretty generous i would say it's like that's gonna take you quite a long way um especially monthly i feel like i don't even use i use like only a couple of gigabytes a month on my phone so i mean if that's i mean i mean i know there's people that use like hundreds of gigabytes on their phone every month i don't know how you do that exactly but um I think fifty gigabytes is a lot maybe I'm like I think it might just be

because our internet is really slow here but it's kind of hard to download that much stuff but fifty gigabytes and it's it's kind of frustrating Firefox and Mozilla in general do this all the time like they only release their products in specific regions Like in this case, they're saying the US, France, Germany, and the UK to start. That's where they're releasing this free Firefox VPN. And it's the same thing with Mozilla Monitor, which I think is defunct now, and Mozilla VPN and Mozilla Relay.

It's like their email aliasing thing. It was only available in certain countries. I was always kind of like interested in trying it.

never was available in australia so i think they should probably look at you know i don't really understand the reason why they're only releasing this in certain locations but um i think especially in locations where i feel like they don't need the privacy as much like what about countries that are like you know under siege by like authoritarian governments maybe we should focus on those first to get this technology to but um It's still an interesting thing.

I didn't really read any of the comments. Was there anything you were thinking that people mentioned that we haven't really talked about yet? I don't think so. There was kind of a discussion right off the bat about whether they meant, um, like there was a confusion of, um, When they said to start, did they mean to start? And that might change? Or did they mean the countries might change? But I think everybody kind of agreed that it's like, no, it's probably the country.

But yeah, there was a lot of discussion about is it like what I was saying, is this going to be an in-house thing or is this going to be a, like a white label of Mulvad was some people here are saying this might be like competition against opera, which I I'm with you. Like personally, I don't, I do think the proton last time I tried one of them, the proton free servers tend to be a little bit slow, but I also know since then they've kind of added a few more. So hopefully that's helped.

But that said, I do think, I'm not opposed to them adding this as like a compete with opera thing, especially if they can keep the cost low for them. And this isn't going to be one of those things that, you know, in a year, they're just like, oh, we killed this off because it's really expensive. But I don't know. I mean, I know there's the whole smart window thing, which I don't know. To me, that reminds me of like Brave's Leo.

Like Brave has like a little pop out mode where you can just talk to Leo directly and have a conversation with it, have a conversation in the sense of like, I'm not asking it to paraphrase this page or whatever. But they also have like a little sidebar where you can ask questions about the page you're on. And they say that this will be completely optional.

So I don't know, to me, that's just competing with brave, which, again, I don't know, it's just, it's good to see the mostly focusing on the browser again, and not buying like ad companies or fake review plugins or Yeah, so Yeah, I think one interesting thing you said, oh, this is like, I feel like Brave also has like a VPN built in Vivaldi. Oh, they do. I forgot about that. So I think it's more of a, I think they're going more to try and challenge Vivaldi here and Opera.

But Brave also has, it's a paid thing, but it's still technically built in, I guess. I guess they're just trying to be like feature compliant. competing against, you know, this stuff.

so yeah i don't know uh i think it's also one other thing that uh firefox has actually rolled out in like the latest release they do have the ai block switch now so like if you've got that enabled you're not going to get any of this ai stuff so i wouldn't worry about that i would make sure you have that ticked if you use firefox because you don't want to get this in the next update um So yeah, I don't know, this is, it's good to see Firefox actually doing something this time.

Like I feel like we were sitting at like no changes being made every year.

There was like absolutely barely any changes to Firefox for like, I feel like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like, like,

like, like, like, like, like, like, like, like, like, like, like, like, like, like, like I don't think it's going in the direction I would like. I don't think many people agree that it's going in the direction they want. And I guess with all this AI stuff, I think it's pretty tricky to avoid at this point. Every company is basically rolling this stuff out.

At least Firefox is making it easy to opt out, but I just, it kind of frustrates me that all the, all the donation money and all this money from Google to be the main search engine is just being dumped into like AI and like privacy preserving analytics. Um, it's not really stuff that is gonna, I don't think it's gonna bring people into the browser, but I think if they actually made some big changes and listen to what community people actually wanted from the browser, I think they could.

you know, there's plenty of projects that are doing interesting things. Like I think one of the most interesting ones was arc browser. Like they were doing quite a lot of interesting, you know, different things that no other browser was doing.

Like, I think it'd be interesting to see Mozilla just actually try something new, like not just like copy what other people are doing, like actually try and make something, uh, little bit revolutionary a little bit different um to actually give people a reason to use it because right now it's like firefox just kind of is bad especially on some websites like you're just gonna be have a worse experience like people don't test for firefox now um like even this website we're using streamyard

to do this right now i can't use firefox to do this. So, you know, it's, if you can't do basic stuff with your browser, I think that's going to push people away from doing, from using it as well. But yeah, I think that's kind of my thoughts on this. Somewhat positive, I guess, but yeah. Yeah, I agree. I mean, for me, it's unfortunate that Mozilla is constantly playing catch-up to everyone else. Like, again, the split view. Brave has that.

I don't know how long they've had it, because I just discovered it, but Brave has that. And even their AI stuff, it's like... Like, everyone else... The AI ship... I mean, I feel comfortable saying this, because this isn't like a, you know, hustle podcast or whatever, but, like, I feel like at this point, if you're just now jumping on the AI bandwagon, it's gone. Like... It's gone. Why are you there?

And so it's, you know, it's like, I don't understand why they're, and they're doing it in such a poor way too. Like I remember being really disappointed when I looked into their AI features, not because I wanted to use them, but just because I wanted to understand them and they don't even do anything. It's like, oh, here's a tab where you can talk with chat GPT. Your privacy policy, like their privacy policy is literally like go see open AI's privacy policy.

And it's like, so what's the difference with this? and just going to chatgpt.com. What use is this? And it's like, oh, well, it's integrated in there. I don't care about that. If I cared about that, I'd be using ChatGPT's browser. I don't understand why it needs to... to do that. I don't know. It's just, it's weird to me that like they're constantly playing catch up and yeah, it would be nice to see them because they have such a passionate, active community. I know they do.

And I'm sure people have plenty of ideas about how they can improve it, but it's, it's, it's, yeah, it is nice to see them investing in something that isn't AI for, even if they have the little smart window thing, but yeah, The split view, the tab notes, which I don't know how that's going to help, but the sanitizer API, the VPN. I agree with you. It's not enough, but it's nice to see them starting to get back into it. And hopefully, I'm hoping the momentum will pick up for sure.

Yeah, I think we had a question here. We have, well, not a question. I guess someone was just saying, uh, without manifest V two extensions, I find the internet to be pretty bad. Um, I agree. I think, you know, you block origin, I think is kind of a needed tool at this point. Uh, you block origin light is it doesn't work as well and it doesn't block a lot of things that you need, right?

Like, you know, you would hope that, uh, you know, websites don't have a million pop-ups and like cookie banners and paywalls and all this sort of stuff. But it's kind of the modern internet at this point. Um, you need to, you need to, you need to use an ad blocker unless you want to go completely, you know, off the rails, I think.

So if, if Mozilla is like the last bastion of MV two extensions, then, uh, I think that is definitely a thing that separates them from Chrome, but, You know, that's not going to be enough to keep people there because plenty of people are still using Chrome and they're still using you block origin lights. Um, it's good enough for them. It's not perfect, but it's definitely good enough. Um, so. people kept saying that we're going to leave Chrome.

If, if Chrome doesn't, uh, if Chrome doesn't use, um, doesn't allow MV two, I'm going to leave Chrome. And then everyone just stayed on Chrome. Like, like, I think people might not realize that a lot of people don't actually use extensions. They don't even know what they are. They just use their web browser like normally. Um, so yeah, I dunno. Um, It's, yeah, I don't think Firefox is in a very good position at the moment, unfortunately.

I do got to point out, I disagree that most people don't use extensions because I feel like every time I look at somebody's Chrome browser, they've got like ten extensions and it's always like grammarly. And then like what's funny is it's always like six different ad blockers. It's always like ad block plus, plus ghostery, plus privacy badger.

It's more... I almost get the impression that like people don't understand extensions and they don't understand which ones, like what they do and how they work. And they're just like, Oh, you know, the more I throw on there, the better it gets. Right. And it's like, no, you need to be intentional with which ones you use because you're giving them a lot of permission, but yeah.

Yeah. Which, which just kind of goes back to what you're saying though, is like, people don't understand like manifest V two versus V three and they don't really like, they don't understand like, okay, now I've got ad block plus or whichever one, but it doesn't work as well as it used to because Google has hindered it and they don't understand why. And which is still unfortunate, but yeah. So, I mean, if we, if we like take into account the amount of people that use, uh, Chrome, right.

And we look at like, you know, ad block plus or you block origin. Um, there's not that many people using them. If you, if you consider the actual, like amount of people using Google Chrome. Um, sure. The percentage. Yeah. uBlock Origin Lite is like, sixteen million. That's pretty small, like if you compare it to the amount of people.

I mean, it could be like a sample thing, like I've personally seen people that use Chrome and they didn't have any extensions, and I've also seen people with a bunch of them, so It's kind of hard to determine what this is through like anecdotal things. But I think if we look at the numbers, we can get some idea, at least at least like these ad blocking ones. I mean, we could look at like other extensions that people are using and installing, probably, you know, some really weird stuff.

But it doesn't seem like it's super common. But that's just going off the numbers, I guess. It's not really... No, to back up what you're saying, one source says that Chrome has almost four billion users, three point nine eight billion users worldwide based on an estimate. So, yeah, like sixteen million people is not much. I don't know what the math is on that one. I'm not even going to try, but it's not much. Yeah, I mean, it's probably not the greatest way to determine it, right?

People, it could be multiple installs by one person. It could be counted by like, you know, you've installed uBlock Origin a couple of times on a couple of your devices. It could be even less than sixteen million people, unfortunately. It doesn't exactly paint a very good picture because, yeah, it sounds like most people don't care. MV two to MV three gives people more security protections, I guess. But it does. It's kind of an issue comes at a cost, comes at a cost. Yeah, exactly. Um, okay.

So yeah, we could move on to the next, uh, forum thread here. Um, cause we have talked about Firefox and Mozilla quite a bit. I feel like it's an easy topic to just kind of talk about for a long time because there's just so many issues for sure. Um, but this next one was. Someone started a thread. It was actually a very recent thread, only sixteen hours ago. So favorite underrated hobby for staying productive.

I'm looking for hobbies that aren't just fun, but also help clear your mind or improve skills in subtle ways. Anything offbeat that people swear by? I feel like this is definitely an off topic section of the forum. I think this could be interesting to read some of these things here. I feel like Nate added this. So I feel like you have something you want to say about this. Do you? Yeah, I do. I wanted to add this one because I don't know about you guys. Okay, so a quick tangent off topic.

When I used to work with Henry in Surveillance Report, he was very open about the fact that he's like, I do privacy all day. So when I'm not working, I don't really listen to privacy podcasts or read privacy books. I need to detox from it. And now that I am also doing privacy full time, I... I haven't gone quite to that extent, but I get where he's coming. I mean, I understood it before, but now I'm living it. And, um, so I, I think it's just really important to, I don't want to say touch grass.

Cause that's a very like disparaging term, but it's, it's just really important. I think for all of us to like take a breather, especially privacy, like it can be so depressing sometimes. Cause unfortunately I feel like we do take more, more losses than wins. A lot of the time, you know, we don't, um, we don't get to, uh, I wouldn't say we don't get to.

We see a lot more bad news regularly about Instagram rolling back and encrypted DMs and Android trying to crack down on third-party installations and this, that, and the other. And so it's very... it can be a little depressing sometimes because we only get the good news like chat control was defeated. We only get that stuff every so often. So I really like this idea of what are your hobbies just in general? I like these people talking about things they do.

One person here said they read, which is pretty... not really offbeat but you know reading is is a really good thing and they said like they read a lot of fiction too like it's not all tech and privacy stuff they read a lot of non-fiction fiction um one person did mention self-hosting which is a good way to learn more about tech and privacy uh to your comment one person did say i didn't realize we had an off-topic section of the forum where we're allowed to talk about things

unrelated um so yeah definitely we do have that and then um Somebody said they do chess. One of my favorites, they said, not sure it would qualify as offbeat, but I enjoy dribbling watercolors on potato slices, letting them dry out and then taking photos of them. You blow up the images and they kind of resemble an aged artsy fartsy painting. one day I'll print and put these up for sale. And somebody replied, they're like, I'm going to go on a limb and say it qualifies as offbeat.

But, you know, it's a... And for the record, I thought that one was super cool. I want to see those too. Those sound awesome. But yeah, it's just, I guess, kind of a reminder for all of us to find something enjoyable that helps you unwind because this stuff can be a lot sometimes for all of us. I don't think you have to work in it full time, but it is really good to remember that there's... Privacy should be a means to an end, in my opinion.

Privacy should be what enables you to take control of your online life and your data and build the life that you want. And that includes going out and doing other stuff sometimes. So, yeah. I don't know if I have any underrated or productive... Also that, I just want to throw that out there. Personally, I'm a really big fan of like being productive and self-improvement and stuff like that.

So obviously not everything has to be, like when I'm playing video games, that's not always productive, right? But it's fun and it relaxes you. So, yeah.

Yeah, I think it's good to remember, you know, not everything you do has to be productive i think being unproductive a little bit you know and doing things that aren't actually you're not going anywhere like you're just doing something for the sake of it it's like kind of the point of being human right like we're not here just to produce and and make things and uh and make money and work you know i think people need to also take time and be and do things like you know nature like gaming

and all these other hobbies that people have put here um But I think, you know, taking time to be unproductive can help you be more productive. I think taking a break, taking rest is kind of important. And, you know, I guess I'll throw in a couple of extra ones. I do think exercise is pretty important. It's pretty good for your health as well. It's productive, I guess, because you are becoming healthier.

I think people should... if you're able, uh, exercise regularly, you know, it's an important thing. I think it doesn't really achieve any particular goal. It just is, you know, it can be any sort of exercise is important. Um, yeah, I mean, I think it's, there's plenty of different, uh, things you can do. I enjoy photography, like in my free time, stuff like that. I think art stuff is also important, gets your brain going.

Um, but I do think it is important to not make everything in your life about securing your privacy and like about this one topic. Cause that's, uh, that's one way you're going to get burnt out. That's actually a section on the activism section we recently launched. Um, so definitely check that out. Um, but I think, you know, it's, Yeah, it's an interesting thread. Maybe go over there and drop your favorite thing you like doing.

I think it's nice to have these off topic forum threads sometimes because I feel like every thread is just like so draining. Like there's just every day, there's just a new story of like, the absolute worst thing happening. Um, and sometimes it's good to disconnect a little bit. Maybe that means not actually going on the privacy guides forum for a day, you know, taking a break. Um, it's definitely helpful. Um, and yeah, I think it would be more productive if you take more breaks.

Um, everyone needs days off. Yeah. A hundred percent. Um, yeah, I mean, I don't really have much more to add. Do you have anything?

I don't think so. I was going to say we could probably move into viewer questions now, which I think we've kind of been answering them as we went in the live chat, right? Have we missed any that we haven't covered yet? Um, I think there was just people kind of sort of making comments here. Not really any questions per se. We did kind of talk about a lot of stuff, uh, that was already covered in a lot of these points. Like someone mentioned.

Ninety-nine percent of what these browser AI things can be replicated in a browser. Um, and browsers are less permission heavy. So like using an AI app is kind of useless. Yeah, I agree. They need a light version of the iPhone. Maybe. Oh, no, no, no. They're talking about a uBlock Origin light. There's the uBlock Origin light for iPhone, which I think actually we did add back to the website. I think we talk about it on our iOS section, if I remember correctly. I think you're right.

Yeah. Um, and ad guard, I think those are the two recommendations still, cuz ad guard does, uh, it does still protect web apps and things. So that is a good point. Sorry. I missed that. I kind of misunderstood that comment. Um, but yeah, was there any comments from members on our forum thread this week? So, yeah, I, I think I passed it. Um, Yeah, we did have not too many.

I know one question we got was about... I don't know if this person's watching right now, but somebody asked us, is it possible to provide a list of news articles that the stream will go over in advance? Just to give you guys a little peek behind the scene, the short answer is no. Because what happens is, and I think I may have said this before, is throughout the week, we kind of collect articles that we may want to talk about. And we try to keep it to four to six articles on average.

And so... we kind of wait until friday and that's when we go over like okay what are the main things we really really want to talk about and what are the things that we can um drop off to you know uh like the news feed or the news section um thankfully we do have the news section where even if we don't cover an article here we might still write about it there so uh and sometimes we do both but Yeah. Uh, a lot of the time, like we're not, uh, we're, we're still like Friday afternoon.

Um, us time we're, we're still like putting this stuff together. So unfortunately that's not really doable in advance. And to also add to that as well, sometimes we're like, you know, it's Thursday morning and we're like still trying to work out what the highlight story is because sometimes there's just not that much going on. Like, you know, we can't really release the newsletter if we don't even know what the highlight story is going to be.

Um, so we're sorry that that's, that it's kind of frustrating, I guess. Um, but you know, we've been like, Nate's been doing a great job with like, we published the newsletter as soon as the live stream starts. Like if you check your inbox, like it'll be there. Um, so I would, if you're worried, if you want to know what we're talking about on the live stream, then that'll be the best place to see that. Um, I did drop a link in the forum thread there.

Um, but if you do want to sign up it's just privacyguides.org forward slash live stream and if you press the donate button in the bottom right and you select free on that so you don't have to pay money to join the newsletter or anything you'll get the update notifications for the live stream and that includes all the links and also like some small summaries of the stories as well so if you want to follow along while we're talking on the live stream you can get that to your inbox.

It also goes live onto the website eventually, but let's see, is it on there right now? Yeah, it looks like it is. It should be, yeah, because when I publish it, I choose publish and email, so it should go to both the website and the... So yeah, if you prefer to use RSS for some reason, you can subscribe to that section and that'll pop up in your RSS feed as soon as we publish it. Looks like we got a comment from Cannabida.

Do you recommend any books that are not explicitly about privacy, but privacy adjacent? That is a very good question. I know the answer is yes, but I'm struggling to remember what they are because I know there's been a few books that I've read and I'm like, I kind of want to add this over on the new oil as a recommended book, but it's not really privacy related per se. And now I'm trying to remember what they were. I feel like in shitification, uh, by Cory doctor is a good one.

Like that's, I just bought that one the other day. I'm waiting for it to ship. Nice. Yeah. That's a, that's a definite, that's like one that's it's not technically about privacy. It's just like, you know, adjacent big tech being awful kind of explaining that whole process. Um, Hmm. Ooh, Andy Greenberg, who I think actually wrote one of the articles we covered today, or maybe one of the ones we were considering. But he's a writer for Wired, and he's written quite a few.

Like, Sandworm is really good, and that's about Russia's state hacking group. He's written Tracers in the Dark, which is... Um, it's divided into four sections and the last section is about finding people who host CSAM websites on the dark web. So just fair warning. That was a tough read. Um, the first three parts are great. That last part was a little rough to get through. Um, yeah, he's written a couple of books that I wouldn't say are like directly privacy related.

Cause again, they're about like cyber crime and state hackers, but they're very interesting and they're, they're adjacent for sure. yeah i mean this i feel like you have quite a few different options to pick uh maybe you might have to i reckon if you go to like corey doctor's stuff he probably has like a bunch of books that are semi-related to this whole thing right i think He's a good person to look at. But I don't know. Yeah, I can't really think of too many.

I know there's like quite a few books about like sort of the AI stuff that's going on now. I saw those like one on my timeline the other day, The AI Con. That's also an interesting one. I can't really think of too many other non privacy related books. I can think of a lot of privacy related books, but just not like somewhat outside that.

I haven't read it, but on the topic of AI, I've heard a lot of good things about if anyone builds it, we all die, which is about the quest to build AGI, artificial general intelligence. So I haven't read it, but I've heard a lot of good things. Yeah. I can't really think of too much here, too much more. But yeah, was there any other things you were thinking on the forum thread here?

The last thing I wanted to mention that you did, we mentioned it in the site updates, but somebody asked us to go over the homomorphic encryption story from Fria and just kind of explain it. Please go over the story. For more people to understand it simply put, I think it's important to know and follow. So homomorphic encryption, and this is grossly oversimplified, but it's basically a way, and it's a real thing. It's not just theoretical.

It's a way to process data on a remote server in a way where it's still encrypted and the server can't see your data. So hypothetically, like right now, let's use Google and Proton as an example, right? Google... and I might have this wrong, but correct. Well, this part, I know I'm right. Google, you put your stuff on their server, you interact with it, but Google can see it. Proton, a lot of it has to be decrypted in your browser. So it tends to be a little bit slower because of that delay.

Homomorphic encryption would be a way where it can still stay on the server and you can work with it in real time, but it would still be private. And I think it's designed more for... Oh, man, I can't think off the top of my head. But I know it's not designed for things like Proton, where it's like, oh, you can take that little performance hit. It's got very specific use cases. But the big problem is, and I don't know if this is an exaggeration or not, but...

Freya wrote here that it's thousands of times slower than processing the data normally. And I don't think that is an exaggeration. So literally, just to give a tiny bit more context, Proton mentioned this when they talked about Lumo. And they were trying to figure out how they wanted to make Lumo private. And they mentioned that they had entertained the idea of homomorphic encryption, except it would literally take about ten minutes to get an answer back from your prompt.

So like you type in your prompt, you go make coffee. Don't even just get a new cup, just make a whole new pot of coffee. And then you come back and hopefully your prompt will be ready for you. So it's not really feasible. It's not practical for most applications, but Intel released this new chip that they're calling Hercules. And it across seven key operations, Hercules was one thousand to five thousand times as fast. So it's still not quite there.

Freya does talk about some of the challenges that are still facing homomorphic encryption here. But it is definitely really cool that we've seen such a major jump on this technology. Because if they can get it up to a more usable speed, that really would be a game changer. I don't want to compare it to nuclear fission or cold fusion or whatever it is because that's one of those things that it's like, oh, at this point, some people aren't even sure it's possible because it's so far away.

But it is one of those holy grail kind of things that it's like, man, if we could do this, it would solve a lot of potential privacy problems. Although I do feel compelled to point out that at that point, the challenge would be getting companies to use it as we're seeing meta rollback and to end encryption.

So there's already a lot of solutions that people just don't feel like using, but it would be nice to have this in our toolkit too, because again, there are specific use cases for it where I think people would readily use it. It's just not where we need it to be right now. So yeah. I think, you know, I've got to be the AI hater on the podcast.

So I'm going to say, you know, if you do read the link, if you look at the link that Freya linked with this chip that they're working on, it does still mention, like, when they use this homomorphic encryption, it basically... significantly increases the amount of memory that's used. And I don't know if you're aware of the global RAM shortage, the global computer component shortage. I feel like we don't need to make it any worse by doing this, by doing this homomorphic encryption thing.

I think, you know, I would push, you know, I don't recommend that you use these AI tools. I mean, if you have to though, if you absolutely have to, there's local options, but I think one interesting thing that this sort of homomorphic encryption thing or I guess it's like trusted computing, I guess. Is that sort of, I feel like this is a similar thing. Um, but yeah, Freya mentions that in the article. Okay. Right.

Yeah. So basically the, there was a VPN service that was doing this through Intel's SGX system to protect, basically it would be an additional layer because when you trust a VPN service, you basically have to trust that they're not gonna log your traffic or they're gonna, you know, because there has to there has to be processing that's done to actually facilitate the connection between you and the VPN server. So that can't be encrypted.

But there was this VPN company that was saying that's what they were doing. They were using like an Intel SGX like secure enclave system. So like basically no one would be able to get access to it. It would be in like a trusted platform thing. It's also interesting because I feel like Apple was also pushing this sort of thing. They're like doing their private cloud compute system. hello, Apple, where is it? It's like, this seems like a similar technology thing.

Like it seems like a very similar thing, except, you know, they're not using Intel, they're using Apple Silicon instead, which I think gives them an edge really, because they're not relying on a third party company like Intel. Like, you know, if you, they can do everything in house, like firmware's in house, the Silicon's made in house. I still think that they use fabricators still, but they're like a, what do you call that? I don't know. They don't fabricate the silicon themselves.

They outsource it, I believe. But yeah, it kind of puts them in a better position to do that. But that still hasn't really appeared. I don't know what's going on with the private cloud compute thing. I think it's an interesting topic to keep an eye on.

But I think, you know, like Freya was saying, the constraints of this are too... are too high like it's it doesn't it can't do enough but maybe this could be used as you know this technology could be used in a specific application like a vpn where it doesn't need as much processing power i'm not sure but i think it's definitely an area that you know privacy advocates should keep an eye on because this is technology that could be used in a positive way, hopefully not for AI,

but if it's used for AI, I mean, I hope it offers some sort of extra privacy protection. Um, I think one concern a lot of people have is their prompts being used for training data. If it wasn't in a secure SGX, like, or I guess, what are they calling this one? They're calling it the, the trusted execution environment. fully homomorphic encryption chip in a trusted security environment or whatever Nate said. Yeah, like, yeah, I don't know.

That would be better than people just giving their data straight to open AI. But I feel like the interest of these big companies is not in protecting people's privacy. They like to slurp up your data for training. Um, so I'm not sure this can maybe become more popular on like a niche product like proton, but I don't think open AI or Google Gemini is gonna sacrifice their speed, their processing power just for, you know, protecting their people's private, the user's privacy. I don't think.

Yeah, I mean, not to be overly optimistic, but I think the thing that makes me excited about this kind of stuff is that it's another step forward, right? Like, yeah, it's still not ready in this state. It's still too slow, and there's... What did they say at the end here? Uh... For FHE to take off, there needs to be support at all levels. And then there's a company that focuses more on the software side of things.

There's another company that's looking to move away from the limits of traditional computers and utilize photonics, computing with light to speed up FHE even more. So there's still a lot to be done and different people trying to tackle it. I think... What I like about it is just the fact that it is a step forward because FHE, yeah, I mean, it's, I think we both kind of said the same thing that like, there's no guarantee that companies will use this.

And Freya did even specifically mention like AI, you know, maybe they said it could be the case that in a few years, it'll be the norm to make a fully end-to-end encrypted query to Google or ask chat GPT for dinner ideas in a fully end-to-end encrypted manner. But even if we get to a point where it's like, yeah, the resource usage is minimal, the speeds are minimal, this is totally economically feasible, will it still be economically feasible for the company who collects all your data?

Which at that point, I think, this is kind of a different discussion, but I think some... I think there has been a rise in people caring about privacy. You can tell in the marketing. Everybody's always trying to like, oh, we care about your privacy with this product, even if they don't. They say they do. We give you the option to opt out. We don't train on your prompts.

Companies say that stuff, which to me tells me that there are people who are concerned about this stuff and maybe don't know as much as they should. Maybe don't understand what the company's lying when they say that or how to tell if the company's lying. But the point is, I think there will be some people who like, you know, for all the crap we give Apple, I could totally see Apple if this became, again, economically feasible, Apple being like, yeah, let's do this.

And it's like, Now that Apple's doing it, Google's got to keep up or somebody's got to keep up. So they'll always try to find a way, just to be clear, they'll always try to find a way to do the bare minimum. So even if Apple or anybody, if anybody were to roll this out, there will be other companies who are like, yeah, we encrypt your stuff at rest and we say that it's encrypted. We already see that right now, right? We see that with Apple.

like companies saying, oh, we secure your stuff with military grade encryption, which means nothing. And it's just a marketing thing while they're doing the bare minimum. It's like, yeah, you use passwords and TLS. Nobody's impressed. But I don't know. My point being is it's definitely a different set of obstacles to get over, but it's still nice to see that this is taking steps forward, um, and even becoming an option in the first place, because that's really the first step, right?

Is this has to be usable so that people can use it. And then hopefully from there it'll become adopted. But at that point we're speculating and my crystal ball is currently in the shop. So I cannot predict the future. Yeah, but yeah, that's pretty much all I had to comment on that one. I mean, hopefully that is a useful discussion for you to understand it a bit better. I hope we explained it well enough and at least cut through some of the hype because definitely is a little bit hyped, I think.

But yeah. Yeah, definitely. It's a complicated topic. So we like severely dumbed it down, but hopefully that did help.

But I think that's everything we had for this week. So thank you guys for watching. All the updates from this week in privacy will be shared on the blog every week that we just talked about. So go ahead and sign up for the newsletter or subscribe with your favorite RSS reader if you want to stay tuned. If you are an audio listener, we have this podcast available on audio platforms, all podcasting platforms and RSS as well. And the video itself will be synced to PeerTube, so stay tuned for that.

Privacy Guides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, then you can make a donation on our website, privacyguides.org. To make a donation, click the red heart icon located in the top right corner of the page.

You can contribute using standard fiat currency via debit or credit card, or you can donate anonymously using Monero or your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the This Week in Privacy livestream Q&A. You'll also get a cool badge on your profile in the Privacy Guides forum and the warm, fuzzy feeling of supporting independent media. Thank you all so much for watching, and we will be back next week.

See you next week.