The West Is Trying To Destroy The Internet

Welcome back to This Week in Privacy, our weekly series where we cover the latest updates with what we're working on within the PrivacyGuides community, and this week's top stories in the data privacy and cybersecurity space. PrivacyGuides is a nonprofit.

which researches and shares privacy-led information and facilities a community on our forum and matrix where people can ask questions and get advice about staying private online and preserving their digital rights. Before we dive into this week's show,

Here's a brief rundown of how the show will be laid out. We'll start by covering site updates. Then we'll discuss the top stories in data privacy and cybersecurity. Next, we'll explore some trending posts in the Privacy Guides forum. Finally, we'll answer a few of your questions. If you have a session for us, please leave us a comment in the forum thread or the YouTube chat as always. So, Nate, let's kick off with what we're working on in PressetGuides this week. Alrighty.

Yeah, so we've got a lot of exciting updates this week. First off, a shout out to Kevin. Kevin wrote an excellent article about the RAM shortage and what's causing that, what your options are. unfortunately is one of those things that's not really directly privacy related, but it has kind of trickled down to the privacy community because, you know, we all buy phones, computers and things of that nature. So definitely check that out. Even if you don't plan on buying anything anytime soon.

I still think it's worth checking out because this is probably going to last a while, unfortunately. We have a new Privacy Shorts channel. So we're taking all our shorts. We're moving them to a dedicated channel. It's at Privacy Guides Shorts on YouTube. And that is for shorts, clips, all the short form videos. So that way, if you don't care about shorts and clips, then.

You know, it's not going to clutter up your feed. But if you do, you now have a nice dedicated channel that you can go check out. So definitely make sure that you follow that. We will have one more big video out by the end of the year. I feel like we've said what it's about, but I can never remember if I have or haven't. I would say it's a back to the basics video about how to get started in privacy and reach your goals.

in a sustainable way. Uh, so we'll say that. And I think the big news that a lot of you guys probably saw is we released a video interview with Taylor Lorenz, who is a journalist and we talked about, um,

some upcoming legislation here in the US about privacy online and identity verification and all that kind of stuff. So that is what has gone on this week. Yeah. And Nate, I... when i saw the video this past weekend i was actually surprised and shocked but something that i didn't remember was taylor runs did uh kind of like did a call like public like call for like you know any available journalists media specialists

podcasters to actually speak with her. And I'm really glad that we were able to get this around so quickly, like on the weekend too. So the huge shout out to you and Jordan for working on that, you know, like on a Saturday. So I guess. Based on your conversation with Lorenz, I was just wondering though, what do you learn specifically from your conversation with her? Do you feel like the situation in the US right now in terms of age verification laws and censorship is worse than it appears?

real quick shout out to Jonah as well because he was part of working the weekend with us on that video so it was a team effort for sure man that's really tough to say because You know, sometimes things are not as bad as they seem because sometimes it's just like a really vocal minority making a big deal out of nothing. But unfortunately, I don't think that's the case here because, you know.

Taylor pointed out multiple times in the video that this is a bipartisan effort. This is not like the Republicans are doing this. The Democrats are doing this. This one fringe person in that particular party is doing this. Like sometimes we see that this is a bipartisan thing. It's something that both politicians on both sides of the aisle here in the U.S. seem really bullish on, especially repealing Section 230. They seem to think this is like...

this really awesome idea that's going to solve all our problems, and they're all about it. And I worry that when they get so excited about something like that, I think it's going to take a lot of public backlash for them to pull back on it. unfortunately so yeah if you're in the u.s and you haven't contacted your politicians yet i think you really should because i think better safe than sorry at least

Yeah, I agree. It seems weird, because I know that, at least from the past, it seems like this is a very bipartisan, but also a very big tech... friendly initiative as well like we see though however with like you know how so many big tech platforms are trying to like give accountability to um smartphone manufacturers such as you know apple and google and i'm just like surprised to see okay right now in the u.s seems like they're preparing for it to happen they just don't know

who to give the most liability to should it be the platforms the websites or should it be apple and google because they're the ones who control the smartphones the world you know um so my second question to you is actually it's like since you know you're getting a lot more insight on all the

individual bills from your conversation with lawrence i was just wondering though do you think the bills will actually pass enough at our level um and is there anything we can do to actually stop it per se um do you feel like beyond contacting representatives, for example. How can we learn more to stop these bills? Man, I mean, do I think they'll pass? I think they will if nobody stops them. i don't know um how should i uh taylor made the the argument

This may have been in one of her podcast episodes, or maybe it was one of her guests that she interviewed that made this argument. But somebody I heard recently made the argument that the UK Online Safety Act passed because it didn't get enough attention in the UK and there wasn't enough pushback in the UK.

I don't know how accurate that is. Obviously, I'm not from the UK, so I can't say how much it was discussed there. But I think if we don't speak up, I think obviously they'll just take that as consent and be like, all right, let's do this. What can we do to stop them? I mean, yeah, like I mentioned contacting your politicians. One of our forum members did mention that they went to that badinternetbills.com website, and they felt like it was a little bit...

unnecessarily partisan. So they went ahead and changed the message that it sent to their politicians, which I think is great because you can do that. That's why it gives you the option to like, hey, here's the message we're going to send. And if you kind of want to tweak it a little bit and like maybe make it a little more personal or maybe change some of the work.

The important thing is that you contact them and say, I don't approve of this. But if you are maybe not a US citizen, I think education is a big thing we can do too. Here in America, I feel like we're still in a – it's still culturally dicey to talk about politics, especially nowadays because politics is very divisive. But unfortunately, I think it is kind of – And I mean, you know, there's that stereotype of like the holidays are coming up and while the holidays are here, but.

there's that stereotype of the holidays are here and you don't really want to like, uh, like, you know, you always have that one crazy uncle who believes the opposite of whatever you believe. But I think this is really the time to find that common ground and, um, to find that like, cause I, I,

I've had a lot of success with that with people of, even if they're on the opposite side of the aisle, of finding something we agree on and then building from that. Like, okay, we agree with the Section 230 thing, for example. Not to go off on a rant on this, but like section 230 is about, the idea is currently platforms are not completely, but largely not responsible. If I go onto Twitter and I post a tweet that says something.

I'm not going to use an example because I don't want to get us in trouble on YouTube. But if I post something completely insane, right now Twitter is not responsible for that, but I am. And to me, that would be a good starting point. That makes sense, right? I should be responsible as the person who made that tweet.

So let's build from that. That means that section 230 does not need to be repealed. Does it need an update? I don't know, maybe. But, you know, I think to find that common ground and start building from there. And where I'm going with that is to kind of raise awareness with your friends and family. Find that common ground that you guys agree on.

and say, these are why these laws are bad. And this is why they're not the right solution. Do we need a solution? Maybe we can have that discussion, but this is certainly not it. And it's going to have too many bad effects.

Yeah, other than contacting your politicians, just spreading the word, having those conversations, trying to have them in a civil manner where you guys come at it as like, it's not me versus you, it's us versus this problem and trying to find that common ground and just generally spreading awareness too.

uh friends and family especially again if you're not in the us but you know people in the us make sure they know about this and uh what they can do that's what guys for your information um the bills are currently being um discussed in congress right now there's quite a lot so we don't blame you for not necessarily remembering them but you just want to keep a note on it like there's a quite a few um right now the most important one is probably costa or keep

uh the cosa act um there's the screens act and there's also the apps core accountability act or asa just remember those three bills and then when you do like discuss it with your friends and family members on the holiday dining table uh just make sure if you share a few news articles, and maybe share some news about countries from all around the world which have already implemented age verification. And just have that wonderful pivot across the Atlantic Ocean into the UK. We see an example.

of which there isn't particularly much holiday spirit right now. And in which the UK is back in a drawing bird trying to make things even worse with the recently passed Online Safety Act. um so just for our context right here i just want to emphasize that a lot of people do not like the online safety act at least 500 000 signatures on a recall petition has been signed and it's kind of like bothering parliament right now and they're being forced to

kind of like debated over and over again, at least like as of this week. And it appears that instead of using it to actually recall it, apparently, I think they're using it to implement even worse things into the bill and potentially expand the scope of the bill even further. And this past week, there are...

Preditionally three articles. They had a coalesce into one right now the first one Apparently some MPs got really pissed off that they're currently still talking about only said they act They're not targeting VPNs apparently in the latest debate. So On this article by TechRadar, there's a quote I just want to share with you very quickly. The onus should be on the VPN company to comply with the law. Scary, right? I'm just going to read this right now.

MPs are considering whether VPN providers should be forced to implement age verification measures to prevent children from bypassing the Online Safety Act. In a debate scheduled to discuss public opposition to the legislation, MPEs used the opportunity to argue for strict rules of VPN use instead. Many Brits have turned to the...

best VPN apps since a little marketing here, since mandatory age verification was admitted in July. While evidence ditches the majority of these are adults looking to protect their online privacy, lawmakers are instead concerned about children using the software to dodge restrictions designed to protect them. Peter Fortune, a Conservative MP for Bromley and Beacon Hill, asked the house.

Does the minister agree that for the online safety act to be successful, the use of VPNs has to be examined further?

agreed that VPN companies should be responsible for preventing children from evading checks. Why are VPNs not in scope of the legislation to ensure that they're compliant with the age verification measures, he asked. And unfortunately, just... I want to emphasize that the current government, specifically the UK's Minister for Digital Government and Data, Ian Murray, reassured that the government has already acted and will act against VPN providers not complying.

Right now, they're just monitoring VPN usage, just collecting data, writing their fancy reports, you know. But we don't actually know whether or not VPN providers in the UK must actually implement age verification restrictions, which is...

incredibly scary. And this follows another bill by the UK House of Lords, which is the upper house of their parliament, which seeks to ban VPNs entirely for children and which, you know, Windscribe, which is a... canadian vpn company called the dumbest fix possible now we obviously have quite a few articles in this like

uk drama right now but i was just wondering nate do you have any like first thoughts on this do you agree with the real script ceo banning vpns with children being a dumb mistake uh yeah i do uh there's a lot of reasons i mean For one, this is kind of nitpicky, but like a blanket ban of VPNs would apply to not just commercial VPNs like Proton and Mulvad, but it would also apply to like, you know, connecting for work. Like at my last job, we were issued work computers.

And we were usually out on site. We weren't usually in the office. So a lot of the time to do anything like change our passwords or there was some other stuff too, but certain things we had to connect to the work of VPN to do that since we weren't on site. Things like that, which are extremely common in the commercial space, would definitely run afoul of that. I think it's also, I don't know, like...

I feel like we've discussed this before. I've definitely heard this argument made a lot lately, but like banning VPNs like China does that. Russia did that recently. Like, I don't know if it's really the smartest idea to be. lumping ourselves in us being like the Western quote unquote free democratic countries. Is it really a good idea to be following the move of all these like, uh, authoritarian regimes that are notorious for, for doing this kind of stuff. So yeah.

I don't know. And there's also, real quick, there's also the argument that we hear all the time, which I agree with, that if we make these tools illegal, people are just going to go to other tools that are not protecting their safety. And this is a perfect example. They say, OK, VPNs have to start. I think there was a quote in here about VPNs should be age gating their users.

Well, underage users are just going to go to other VPNs that aren't doing that. And right now, people are already flocking to free VPNs, which usually turn out to be scams that are selling your data or worse. So yeah, I think this is going to...

It objectively will make people less safe by pushing them towards less safe options. I just don't know what to do, firstly. Because I remember when I was, you know... in secondary school um i recall using free pins constantly just to start prevent like restrictions that my school had on vpn usage and as you may know it that's not particularly smart of me like 10 years ago it's it's so sad to see like

free vpn users being almost normalized in the uk and if any sense it's kind of like okay there's these like very well established like you know providers mulvad proton uh any other recommendations we have like i vpn yes forgot about that one but those three providers will not sell your data but they're more likely to comply with the age verification requirement or exit the uk market completely which is probably devastating for

vast majority of adults, for example, generally do use the protected privacy and not have to comply with these horrendous education mandates. So it seems like people don't really understand that when you're making public policy. you have to acknowledge the circumvention will happen right and while these lawmakers be like okay we get it people won't

will be circumvented with the VPN and so forth. By banning VPNs, you're just pushing people to use more unsafe options that will not comply with a lot of first place. So it's kind of like this matter. If people want to protect their privacy, why not just let people protect their privacy in the first place? I'm sorry. Could you repeat that? I was double checking part of the article.

oh yeah no i was just like i guess i was going more of like a bit of a rant here you know it's like it's frustrating to me you know it's like okay like people are going to circumvent it anyways why make it harder for them you're just gonna put them more in risk you know I think it's a lot of problems that lawmakers have nowadays, you know?

Yeah, it's definitely one of the podcasts I listen to. One of the hosts regularly makes the joke that should people who don't understand email be in charge of making laws regarding email? And I feel like that's really what a lot of these tech laws come down to is, you know, and not to be rude, because I think some politicians are really trying. They are.

trying they just don't understand this technology so they don't understand that oh well let's just ban vpns that'll solve the problem and it's it's almost like a you know the classic story of a lot of invasive species is you know you introduce one invasive species to solve a problem

And then all of a sudden that thing is now running rampant. So you need to, you know, introduce another one to tame that one. And it's just, yeah, it's a constant band-aids is what I'm getting at. It's like they, they constantly just layer band-aids on top of each other.

Yeah, it seems to me like, I really hope these people, if they do decide to implement a VPN ban, at least they make a difference between consumer-based VPNs and... you know actual enterprise vpns because at the end of the day a vpn is just a connection method you know it's how you connect with server remotely just like you know any other methods out there so it's kind of like okay i really hope they make that distinction or if not it'll just

devastate you know every single like industry out there in the uk but hopefully they're smart enough to do that right i don't know i don't i'm not confident right now like based on what i know about the house of lords Anyways, I think it's a really good pivot to the second story, just away from, I guess, the VPN ban, question mark, and more so into a potential proposal by the UK Home Office to, you know...

implement nudity blocking systems on you know apple and android phones so once again i'm just gonna like quickly read through this arse technica article right here um essentially like What we're seeing here is a report, right? And this report was initially covered by the Financial Times, written by the Home Office, which is the specific ministry in the UK that deals with interior security.

so for folks out there like focus on like the domestic law enforcement side i think this is where the report is being written by um and i'm trying to raise quota right now The UK government wants technology companies to block explicit images on phones and computers by default to protect children, with adults having to verify their age and access such content, the FT report said.

Ministers want the likes of Apple and Google to incorporate nudity detection algorithms into device operating systems to prevent users taking photos or sharing images of genitalia unless they're verified as adults. If the UK gets its way, operating systems like iOS and Android...

to prevent any nudity from being displayed on that screen unless the user has verified their auto through methods such as biometric tricks or official ID. Child sex offenders will be required to keep such blockchairs enabled, says Om Hamas, which has initially focused on, you know, mobile devices but their push could actually expand to desktops for crying out loud and apparently these same officials in a report said that microsoft can already scan for inappropriate content in microsoft teams

Which is absolutely absurd. I just want to, like, make it clear it's just because there is, like, some form of service to, like, scan, let's say, for legal content or nudity on... a dedicated messaging or communications app right such as you know whatsapp imessage microsoft team zoom like how much as we hate those type of things like at least we recognize that okay it's feasible at least to implement it

I'm not saying it's good. But to implement it on a device level, on smartphones and desktops, it's just, I feel like at that point, it's actually touching on a lot of other things as well, such as banning customized operating systems because they will refuse to do so by default.

um or they're trying to look for so much invasive procedures instead of actually doing their jobs and catching you know these you know these predators in the first place uh makes me feel kind of sick you know but yeah nate i was just wondering though like

Would you feel like if this is ever required to be installed on someone's phone though, do you feel like it could potentially be misused in some way? I know we kind of talked about chat control in the past and how it could potentially be misused. I was wondering though, would...

A very blanket nudity detection algorithm could be used for that. I mean, I feel like the answer is yes. I just can't think of how. We covered in the past... when apple was thinking about rolling out um man i forget what they called it but they wanted to do oh they they wanted to do like client-side scanning um for illicit content like c sam and um They ended up not doing it because one of the pushback was like, well, what happens when a government pressures you to like...

scan for people who were at a certain protest or something like that. And they ultimately decided at least the public facing version of the story. I don't know if there's like an unofficial one, but the public version of the story was that they ultimately decided they couldn't do it in a way where they couldn't.

ensure that that kind of abuse wouldn't happen. So they ultimately decided not to do it. And I feel like it's gotta be the same here. I think, yeah, I mean, this is a really... it's it's really weird story like to just blanket do that to everyone's phone to require everyone to age verify just to use their phone um i don't know apple i feel like apple especially has already put in a lot of protections like

If it is a minor account, then they have all these things are blurred by default. You can report something that makes you uncomfortable. I don't have any kids, so this is all kind of off the top of my head. I apologize if I'm oversimplifying some of these protections. And yeah, you have to opt into that by saying that it's a child's account, but at the same time, I don't know. This feels... To me, this feels very much like I'm not.

And I mean, I guess I am a little bit this this feels a little bit like the government trying to over parent and think for the users and think for people. And I think there's a line, you know, we are. big fans of things should be private by default. I was actually talking about Signal with somebody today who is currently using Signal. They are...

Well, yeah, basically they're in a situation where they're using signal for work and they were like, yeah, as soon as this job's done, I'm deleting signal. And I'm like, well, you shouldn't like you're already using it. Signal's great. And I kind of went off on this little rant where I was making the argument that I'm like, the only way signal could be more user friendly.

is if it came preloaded on your phone and ready to use. And you know this because you've been using it for months now, talking to me with no problem. And so that's the kind of privacy by default that it would be nice to see. Like iMessage obviously could be a lot better. We're not huge fans of iMessage necessarily, but iMessage is secure. It's end-to-end encrypted by default.

People don't have to think about it. They don't have to go in and turn it on. And so I understand that on the one hand, we want these things that protect people by default. You don't have to opt into a child's account, but also like this is taking a lot of agency away from adults and it's going one step further. It'd be one thing if they said, okay, we're going to by default.

all NSFW images are going to be blurred go into your settings to turn it off but now they're saying no you actually have to like age verify to turn this stuff off if I remember correctly you know it's yeah it's like it's insane because

i remember like at least reading through this article like what they're saying is not okay you can't send or receive like you know nudity right that's not what just what it is proposing supposedly that you can't even take pictures of it right so something in the camera app

most able to detect okay this is genitalia you can take a picture of your genitalia and i'm just actually very curious because i haven't read the full report yet is it will just block you from just accessing like you know about websites like or like websites that may consider like you know you know not safe for work because it seems to me like the extent of this blocking is incredibly invasive you know and so we recognize here that yes the strengths of defaults are very important

something like iMessage is encrypted by default therefore it's generally speaking more of a safety blanket towards like the vast majority of apple users for example even if it's not necessary as great a signal right

But I feel like this is even worse than chat control, you know, because it kind of expands it from beyond the messages into, okay, well, everything you do on your phone, if there's any single way possible to actually see an explicit image or you take it yourself, you can't even do that. So I think right now, what we're seeing is a totalitarian solution to say, okay, we'll protect everyone by default, right? But I don't really think about, okay.

how can these defaults actually harm people, for example? Just because you are, for example, an adult, but you don't want to give your data to the government, it means I can't even take pictures. of myself or like to see dude's access to content i want i think it's so like incredibly disgusting to see that okay parentification is the default here when in reality parentification should be based on individuals

Yeah. Somebody actually beat me to it and mentioned here in the live chat that this reminds me of the story on the topic of ways that this could go wrong. There was a story a few years ago in the New York Times about a guy who his child, like toddler age, preschool, summer, very, very young child. His son was developing some kind of rash around his genital area. And the guy talked to his doctor.

And this was like, I want to say this was during lockdown. So the doctor was like, tell you what, take some pictures of it, keep an eye on it, see if it gets bigger. And then, you know, if it gets worse, come in and see me. And so the dude started taking pictures of his kid.

And because it was an Android phone, it was auto sync to Google Drive. Google uploaded it or it automatically uploaded to Google. Google flagged it and shut down his account and sent everything to the cops. The cops, this is the part where the story gets even worse.

The cops investigated, found that everything was above board. This was a false, not really a false positive, but like there was some context missing, said no biggie. They even told Google like, hey, we investigated this guy. He's cleared. And Google said, no, we're still going to leave his account turned off.

and they wouldn't the cops actually had to send this dude the dude's contents of his google drive back to him because google wouldn't unfreeze like they wouldn't even give him his data they were just like no go kick rocks and the cops were just like man that's messed up like here's everything they sent us hope that helps and There's always going to be people who slip through the cracks of any given law. There's always going to be those niche situations that we can't foresee in advance.

But at the same time, it just, this seems like a, I've used this phrase before and I forget where I heard it. It's like using a machete when you need a scalpel. And it's, it's, to me, it's.

It's just the laziest possible solution. It's like you said, they're not going after, can we get better investigative techniques, which for the record, that would probably translate to surveillance software. But is there something we can give the cops that will make their job easier to find these people? Is there something we can do to strike?

strengthen the laws where it's easier to prosecute these people. It's like, no, let's just go to the phone. Let's just go to like the lowest level where it's the easiest possible solution. That's the least amount of work, even though it's going to screw over everybody. And, you know, 99% of people who are just.

law-abiding citizens and uh i didn't say this earlier but one thing that jumped out at me is they said child sex offenders would be required to keep such blockers enabled and it's like okay but is that like our current here in america it's like a pinky promise you know like when you move into a neighborhood you're supposed to register

And it's like, I wonder how many of them actually do that. I know I could be wrong, but I think here in America, they're actually supposed to like go around and knock on people's doors. But there's websites where you can look up and see how many registered offenders are in my area. Every time I do that, there's a lot of them, and I don't remember any of them ever knocking on my door. So I have to wonder how effective this stuff would actually be.

And I just want to mention real quick, Jonah said in the chat that privacy shouldn't only be for people who can figure out how to have it. And I think that was in response to my comment about like, if it was enabled by default and you could turn it off, like he's right. You know, it's, I'm kind of thinking of like, oh,

better way they could implement this that wasn't just like the worst possible solution. But even that's not a great solution because, again, it should be user-friendly and this is not. Yeah, I think like by default, they just want this.

to be owned by the state you know i i think there's a lot of malicious intent here you know because remember the home office wrote this report right you know i think for us america it's probably something like you know what if the fbi or the department of justice wrote the report on it right

So we've got to think about any potential motivations that might make them want to actually implement more of these trends into our phones. And I think there's another article here where I should discuss about... signal on WhatsApp, that is actually just as important. Here we're seeing a little more of a level of abstraction.

Now we're seeing like a independent reviewer of state threats legislation and reviewer of terrorism legislation named by the name of Jonathan Hall, KC.

He is affiliated with the UK's home office and he wrote an independent report, which is, you know, abstinently independent. But what he said she did was he labeled, you know, private by design apps, such as Signal and financially like... whatsapp as potential threats to the government and developers that actually create applications that seek to implement some form of end-to-end encryption or privacy by design as a formal hostile activity

And so this independent watchdog here in this report, he essentially said that these developers... of apps like Sino WhatsApp could fall under the legal definition of hostile activity simply because technology makes it more difficult for UK security intelligence agencies to monitor communications. He writes that it is a reasonable assumption that this would be in the interest of a foreign state.

Even if though the foreign state has never contemplated this potential advantage, the report also... notes that journalists carrying confidential information or material personally embarrassing to the Prime Minister on the eve of important treaty negotiations could face similar scrutiny.

While there remains to see how the story will influence future amendments, it comes at a time of increasing pressure from lawmakers against encryption. So I think right now, even though this guy is not officially related to the British government, I think it... directly confirmed a lot these eternal motivations here right there's probably an incident where prime minister starmer um got embarrassed by leaked story

maybe some journalists like had some dirt on him before, you know, some important negotiations. And he felt like, okay, the UK law firm should actually personally focus on, you know, looking into unencrypted communications, right? Like this is the thing though. It's like,

all these things like they hide behind the classic examples of okay we must prevent c-sam must prevent cybercrime when in actuality a lot of them just personally im buried by some of the things that you know maybe dig up by a free press you know And so it kind of sees how attacks on encryption, attacks on private by design apps are really just like...

attack on the free press in a lot of ways, you know? Because right now, we're trying to see the normalization of this behavior by the government and ostensibly independent watch law agencies, when in reality, like, all these, like... excuses about you know sex offenders and cyber crime is just an excuse for them to actually suppress on free speech and a free press at all

Yeah, I agree. The article specifically says the report notes that journalists carrying confidential information or material personally embarrassing to the prime minister on the eve of important treaty negotiations could face similar scrutiny. And it's like... What's that sarcastic, like, oh, you said the quiet part out loud. I mean, it's really hard to argue when they straight up say that, when they straight up say like, oh, well, we're also going to include people that make us look bad.

you know, that, that call us out on things. And that's again, man, like I, I hate to do the like comparison to repressive countries because it feels so like,

it feels like one of those things that people just do, you know, they just throw it out there. Like, you know, there's that stereotype of like, you're arguing with somebody you disagree with online, which is probably your first mistake. And, you know, they're like, oh, you're worse than Hitler. And it's like, oh, come on, really? That's the best you get. Like, we always have to go there.

And but at the same time, like, yeah, that is literally like what repressive countries do is if you post anything that contradicts the party line that makes politicians. I mean, there is a rapper in Spain. I'd have to go dig up who it is, but I remember I researched this very heavily for an unrelated project. There's a rapper in Spain who got sent to jail because he criticized the king of Spain. And literally his criticism was he made a rap song that was literally just a list of all the kings.

scandals like that's all he did like imagine if i made a song where all i did was list like uh you know all of trump's scandals and they sent me to jail like That's literally what happened. And this is the kind of thing they're saying. It's like, oh, we need to ban encryption because we need to know if people are going to make us look bad. And it's just... The UK is not okay right now, man. It's not okay, no.

I actually want to comment on like, you know, like obviously we have a very interesting title headliner today, you know, the West is destroying the internet. And, you know, we started with the US, we started with the UK. And like the reason why we actually created this was like... Why are every single country out there trying to implement these laws? And it's such a disturbing trend to see it. And while the UK may be seen as a bit of an important contributor to this trend,

It's going to spread across the West. You know, we know it. You know, like the UK just let me say in the quiet part a lot for what all these politicians and those in power really want, which is to monitor our communications and not for you to not actually like, you know, actually keep them accountable. You know.

it's like it's insane to see like okay if i'm a politician i can do whatever i want to extend the meaning of what cybercrime is right i can go ahead and say hey that rapper you just literally just wrapped the entirety of the king scandals you are in violation of our libel laws you're going to jail

might not seem like a privacy issue at first until the government really wants to know what you think of the King scandals in your private chats. You see, like, you notice here, like, since laws against libel already exist in, like, every single country out there, we know that these tools will be repurposed against you eventually. So please, if you're in the chat right now, just make sure to read up more on these Asian African laws, not necessarily just in the UK or the US, but...

out in your own country and see, okay, what's actually going on right now? What can I do to stop it? Are the laws impacting me right now? And what can I do to actually build a movement to actually, you know, build a response towards these horrible hrification mandates? But yeah, Nate, I was just wondering though, before we move on to our next country in the West, do you have any final comments for the UK? No. i mean nothing you didn't already say just yeah it's it's it's kind of silly because

You know, encrypted communications, I was thinking while you were talking about, like, sure, technology changes, times change. It is important to update our laws and make sure they're staying current. But at the same time, how is... you and me having an encrypted chat on Signal where I say like, man, I really don't like the current administration. How is that any different than back in the analog days when you and me would get together at a bar?

and sit there over drinks and be like, man, I don't like the current administration. Like nothing has fundamentally changed. You know, the FBI didn't sit at every single bar table in every single conversation back then. And it's just, it's kind of, I feel like.

I guess the point I'm making is like, it is important to make sure laws are updated, but this is clearly like, it's not updating to make sure the laws stay current. It's just a needless attack on privacy because we've always had conversations the government couldn't access.

You know, it's, yeah, it's crazy. Yeah, it is crazy indeed, man. But hey, you know what? On the right side, though, if you're in the UK right now and you're having a conversation in a pub, would you want that conversation to be broadcast to the entire world? What difference between that and just texting someone on iMessage, you know, for crying out loud. But yeah, anyways, I think.

We did already mention that, you know, with our past article about, like, privacy by design. I think, Nate, like, I think it's a wonderful segment to actually talk about, you know, something that's happening in the U.S., actually. About something about samurai wallets?

I heard that it has been an ongoing story for quite some time. But yesterday, there was a bit of an escalation. I was trying to give us any insights on that. Sure. Real quick, before we jump into that, I do want to mention some people in the chat. A couple people, Nisuria and Resplendent606 said that while we were talking, they actually went ahead and sent letters to their politicians.

Well, Nasuria said, thank you for making the video about these laws and for raising awareness. And Resplendent said they went ahead and messaged a couple of their politicians. So thank you guys for taking action and being part of that. We really appreciate you guys.

Yeah, on that note, let's talk about Samurai Wallet. So this is a very complicated story. And I don't like being contrarian for the sake of it, but I do feel like there's a lot of nuance here that has been missing from a lot of the reporting that I've been seeing.

But let's go ahead and go back to the beginning. So for those who don't know, Samurai Wallet was a Bitcoin wallet. I actually used Samurai Wallet. I really liked Samurai Wallet. It came with a feature called Whirlpool, which was a Bitcoin mixer. And for those who don't know... Bitcoin is not actually anonymous. Mostly, not entirely, but...

Mostly because 99 times out of 100, the way people get Bitcoin is they go to an exchange like Coinbase or Crypto.com and they hand over their ID for KYC, which is Know Your Customer and Anti-Money Laundering Laws. Bitcoin can actually be very easily traced on the blockchain. So if I go to crypto.com and I buy a bunch of Bitcoin and I send a donation to privacy guides or something.

they can very easily trace that Bitcoin as it goes to privacy guides. And then if we spend it on a, I don't know, like a Mulvad subscription or something, like, I don't know. That was just the first thing that came to mind to people who accept Bitcoin. So there are mixers out there, like...

samurai wallets whirlpool that will go ahead and um i mean it literally does imagine throwing all your bitcoin in a washing machine where it tumbles around and now you just reach in and grab one and it breaks that link and it makes it harder to trace So, a couple years ago, if I remember correctly, it was relatively recent, the developers of Samurai Wallet were arrested. And they were arrested on claims of, oh my god, what was the exact claim?

Basically, the claim was that they were knowingly doing money laundering for criminals. And this is where things start to get a little bit complicated because so what ended up happening. What we know for sure happened is this case dragged out for a couple years, as it does. Legal cases tend to be very slow. And eventually the developers did take a plea deal.

And because of that plea deal, we don't have the same level of information as we would if it had actually gone to trial. So we have the Justice Department put out a couple of statements. And then actually recently one of the developers has been doing a lot of interviews and, uh, going, going public with their stories. Um, which somebody just mentioned in the chat, Naomi Brockwell's interview with, uh, Keone, I think his name is Keone, maybe Rodriguez.

That was the one I saw. I know he was also on the hated one. And there was another one that he did an interview with. So those are kind of all we know. Again, we don't have the actual court documents. We don't have the actual evidence. We just have both sides of the story. Yeah. So what happened here is they took the plea deal because, well, okay, here's where we start getting into different sides of the story. So according to the Justice Department, which...

Let me see if I can pull these up real quick. They claim, again, that these developers were knowingly basically marketing to criminals. It was in their slides when they were trying to get investors. that they said we would, our target audience is like the black market or the gray market. They claimed that these people went on Dread, which is like a, it's like a darknet version of Reddit.

And they were openly trying to get known cyber criminals to come use their service over some of the other things here. They say that they described Whirlpool as, quote, money laundering for Bitcoin, things of that nature. And if you go listen to these interviews with Keone, Keone, I swear I thought I heard his name pronounced as Keone, but somebody told me it was Keone, so I apologize if I'm getting it wrong. If you go and listen to him...

His version of the story, which I do believe to an extent for the record, is that it was all taken out of context. Like one of the tweets that they cited as evidence was when Russia was sanctioned. he tweeted and he was like, oh, welcome all Russian oligarchs to use our service or something like that. Something similar to that. And he pointed out in his interview with Naomi Brockwell, he's like, well, first of all, why would we have tweeted that in English if we were serious?

And second, how many Russian oligarchs are investing in Bitcoin to hide their money? Like they're buying investment properties in London, in Dubai. Like they're not using Whirlpool. They're not using Bitcoin. So yeah. I think this is a really complicated case to kind of bring it back to the current day. Keon is going to jail, actually reported to jail today, unfortunately. And I believe his co-developer is supposed to report in January.

And again, to agree with him in his interview with Naomi, it does sound like the judge really had it out for him. Like she didn't even let him have like one more holiday with his family. Well, he got Thanksgiving, but he didn't get Christmas. And according to him, this whole trial has put them $6 million in the hole. And then the judge added another $250,000 fine on top of that, which is just insult to injury.

Yeah, it's it's I mean, it's pretty heavy handed, but they they took the plea deal because and again, one of his really good points, he's like, we don't have infinite money to just go up against the US government, they can just keep doing this.

We're already $6 million in the hole. And then if we went to trial and lost, we would have to appeal, which would be millions of more dollars. And, you know, somebody like Amazon or Facebook, sure, they got lawyers all day. They make $6 million a minute. They don't care.

For an individual, that is a lot of money. So they felt that the, unfortunately, doing the prisoner's dilemma and the smart move, the smart move was to just go ahead and take the plea deal and get five years instead of 25 plus. And yeah, I definitely cannot blame them for that math. probably would have done the same thing to be completely honest. But yeah, I say it's a little bit, it's a little bit of a complicated case because I don't want to.

I don't necessarily want to sound like I'm victim blaming here. Like I'm being heartless because it really is tragic. Like I really do feel bad for the guy. I really did feel bad. Like he didn't kill anybody or anything like that, but. You know, it sounds like they really were going out and making some questionable marketing decisions at best. And, you know, it's... Yeah.

I don't know. It's really unfortunate. And I don't think the government's goal was to attack all these open source projects necessarily. I think it was certainly a plus for them. We are seeing the government go after some other mixers. Tornado Cash was one that we've talked about when we were discussing the story.

Yeah, I mean, those are kind of the story of my thoughts bringing us up to now. One thing that's worth mentioning is they are trying to get Trump, President Trump, to issue a pardon. And Trump did say that he's keeping an eye on the story.

And he kind of made a little offhand remark. He's like, I don't know. Do you think I should pardon him to the reporter who asked him about it? And so he said, I don't know anything about it, but we'll take a look. And he did pardon Ross Ulbricht earlier this year. Yeah, that was this year, I think.

So, um, it's, it's definitely a really a nuanced story for sure. A very unfortunate story. My heart really goes out to that dude. It's, it's unfortunate, but yeah. Yeah. I think that's kind of brings us to where we are. It's really sad to see this story come up, especially when, like I said, we don't want a victim blame, of course. Obviously, that would be horrible. But that kind of begs the question, though. How come services like Monero...

or tor how come they're not usually as affected by law enforcement is it the way that they're designed and became more resistant towards these type of you know like litigation attempts or is it just like the fact is don't actually advertise themselves directly to criminals like what's the What's the reason why they aren't a targeted, but something like Samurai was targeted by law enforcement? Well, I think there's a few reasons. To be honest, one I think is...

marketing. TOR specifically markets themselves towards activists and journalists and they're not geared towards, not to get too off topic, but I am a big fan of... What's his name? John Oliver. But he did an episode on Monero and I felt like he really did Monero dirty or he did an episode on cryptocurrency specifically. And I felt like he really did Monero dirty because he's like, oh, we know you're obviously catering to criminals. And I'm like, did we look at the same website, bro? But.

Yeah. But no, I think the bigger thing is like privacy by design, like Monero and Tor, they are designed specifically with privacy for everyone. you know and that kind of goes back to what i said like they're not there to you know it's money laundering for bitcoin it's like no it's everyone is private journalists activists people who just want to stay private online

And unfortunately, we do have bad people who will abuse those services. We know that. We have people who abuse Session and Signal. But when you're casting that net to make privacy for everyone... then that really makes it harder for the government to argue that you're doing something illegal.

There's also, I do want it to be noted, there's a little bit of decentralization to it as well. From what I understand, Whirlpool was a very heavily centralized service. There weren't multiple Whirlpool servers. it was like their thing that they were running. So it's a lot easier to pin it on them as opposed to something like Monero and Tor where there's nodes being run all over the world and it's harder to go out and arrest every single operator. Hmm.

Yeah, that definitely doesn't make sense, though, because it seems to me that, you know, with Samurai, they really wanted to be the WhatsApp shop for this type of material. And unfortunately, that brings a lot of liability.

liability issues that you know just two like you know men can't really like you know deal with you know like especially with six million dollars and a hole and all of that yeah that's insane it's horrible but i want to like actually like discuss kind of like a predecessor situation a bit you know with tornado cash which i would believe is the first major instance in which an open source project was targeted by law enforcement for um

facilitate money laundering. If I remember properly, TrinaCash was a cryptocurrency Tumblr for Ethereum, right? And I recall when I was reading up about it, right? The EFF lambasted this decision to blacklist them by the... by saying there was an attack on free speech, especially the right to publish open source code. And I'm just wondering, though, do you agree on whether publishing...

open source code is a marker of free speech. Do you feel like the people in Samurai are being punished for just simply publishing code freely for others to use? To clarify, samurai or tornado in your last question there? Samurai specifically, because it seems like the EFF used that analogy for tornado cache. And I was wondering if you believe that samurai is actually, it's also a freedom of speech issue as well.

I mean, I definitely think this, this is my personal opinion based on the information I have right now. I do feel like Samurai, like the judge was really heavy handed on them. I don't know. I don't think they deserved necessarily that much. But again, that's based on the information I have right now. I don't know if like in a few days I'm going to find out like, oh, they tried to hire it, man. Like, ooh, yikes. But yeah, it's weird because the EFF, one of their early landmark cases is that...

code is free speech. I believe it was centered around PGP, actually. The government tried to regulate PGP the same way that... that they would regulate any kind of arms like guns and missiles. And like, if, you know, if you sell a crate of missiles to, you know, I'm trying not to pick the most obvious country. We'll say France. I don't know why France, but we're going to sell a crate of missiles to France.

You know, the government has rules and regulations about how to do that deal. And they tried to do that with PGP, which for those who don't know is a pretty good privacy. And it's a type of encryption that... largely powers most encrypted email, like Proton, Tuda. Tuda uses a modified version of it. And a lot of messengers, too, also use the key exchange model.

It's very, very common and very powerful encryption. And the EFF took the government to court and said like, no, code is speech. And I think the example they used was like, if they printed the code in a book. Could you pull that book? Or if they printed it on like t-shirts, kind of like we have a shirt. I'm not wearing it today, but we have a shirt that has like Article 12 printed on it from the UN's Declaration of Human Rights.

And they ultimately got the court to agree with them and say like, yeah, somebody publishing code is the same as like writing a book or making a movie. Like it's free speech. It's an expression of self. And I think the tornado cash example kind of went.

a lot further than Samurai is because in the case of Samurai, and I could be wrong here, it's a lot of catching up to do. Like I said, this is a long court case and I may have forgotten some of the finer details, but in the case of Samurai, they went after the developers specifically. and attacked the developers and said, you committed conspiracy. In the case of TornadoCache, they actually sanctioned the code. And I think GitHub even pulled the code down for a while.

You know, it's just like they they went the it says here on Wikipedia, the protocol itself was blacklisted, which is imagine if like the signal was signal protocol was blacklisted, like WhatsApp would stop working. Facebook's encrypted messages would stop working.

I think maybe iMessage or maybe they use their own protocol, but it's a, you know, it's, I mean, that's pretty heavy handed. So I mean, there's definitely a lot of similarities and I think they both started happening around the same time, but. yeah to my knowledge there are some key differences here yeah indeed like i think because usually what happens if you're a private company right and you're a limited liability company you're not when you get

sued or you do face criminal charges, most likely it usually faces the company, not necessarily individuals. So it's just fascinating to see what essentially are two people being punished for the code they published online. And yes, there's obviously a lot of nuance here. for example they apparently upgraded a server that makes a lot of these like you know transactions together and it causes a lot of like issues like okay you're advertising a service

And, but you don't have the same liability protections as a company would, you know? And it's just, it's just like a messy situation. And I definitely do feel like... All in all, though, if you do desire some means of privacy with your transactions without necessarily being unhooked for money laundering, perhaps don't rely on a mixing service traditionally. You definitely do want to look at a private buy design service.

would you say? It reduces a lot of the headache involved, how to worry about operating such a service. Maybe it's just best if something like Moneris normalized a lot more than Bitcoin or Ethereum. Yeah, for sure. Yeah, I mean, it's really well said. I mentioned earlier, it'd be nice if we lived in a world where everything was more private by design and people didn't have to go.

enable settings and download tools and this and that so trying to pick those tools that are from the ground up you don't have to make a whole lot of changes and they're just kind of ready to go out of the box as much as possible definitely is the better way to go Yeah. Yeah. It's just, I don't want to say, okay, like, listen, these services are obviously remote laundering. Right. But for something like Bitcoin, Ethereum, which are not private design for the record.

If you had to go through the effort of using a mixing service, a tumbling service, it's at that point it's kind of like well at that point like what are you trying to do here like it's like you're just wasting your time this point it's so easy to trace it and these services are just would just be on the hook by law enforcement you know like i feel like regardless of what you do with your money

at the end of the day it's probably best if for example you do use private design features that way less people will be harmed in the future i'd say because right now it's clear that you know with bitcoin if you're not being private design it just pushes a lot of liability up

the chain you know um but yeah i think like as someone who did doesn't really know a lot about crypto like i think like i learned quite a lot like just to catch up the case and realizing oh wow this is a whole other world out there you know like Know your customer laws, regulations, all that. It's just, wow, it's very extensive. And honestly, there isn't really a good solution for anyone involved, you know?

Yeah. And just to be clear, I do want to point out that like, you know, I think there were a lot of legitimate users of Samurai 2. And I mean, I don't know. I don't know if anyone can say because they claim that they didn't. keep any analytics on their users or log what their users were doing. And I do believe them. So it's hard to say like, no, like 90% of the users just thought it was really cool technology and used it. Like I mentioned, I used it. I had my money in Whirlpool forever.

you know just constantly getting mixed up so i you know and i honestly i haven't even spent most of the bitcoin i have because i just i don't know i just don't uh for some reason but There were plenty of people, I think, who were probably using it for totally legitimate things, but I think, yeah, the fact that...

It's mostly their marketing. They're going out of their way. I think there's a difference between people like Monero and Tor who say like, yes, unfortunately bad people are going to use our tools. that is an unfortunate side effect of any privacy tool. And then going out and finding those people and going, hey, you should use our tool to do your crimes because it's better than those guys and the tool you're currently using.

Yeah, I mean, that was definitely something I think we can all agree they should not have done. But yeah, I mean, any tool is going to have bad people using it, unfortunately. And I think that's a... Something that the government likes to lean on is like, oh, bad people are using it, but that's kind of unavoidable with anything. Bad people use all kinds of tools all the time. We've all heard those arguments, and they're absolutely true.

Yeah. So I just wanted to say that I don't want to be too hard on these guys and paint them with a bad brush of like, Oh, only criminals use this thing. Like, no, there were lots of just regular privacy enthusiasts. I'm sure who we're using it too. It's just unfortunate. Yeah, it's an unfortunate situation for everyone involved, I'd say. But yeah, I think that's enough. We can talk probably about this situation. I just want to add really quickly, though, is that...

At the end of the day, if you do decide to use a cryptocurrency, we really do recommend Monero on our website. Mixing... While it sounds fun on paper, it's such a cool concept, right? But at the end of the day, you do want to use private design features or else you will experience a lot of essential liability issues, as mentioned before.

Just to summarize it really quickly, definitely do a key to our recommendations. Just stay safe out there. Anyways, I'd like to use this as a chance to move on to our next country, which is Germany, or specifically a city in Germany called Berlin.

um you know like it's a capital city split between east and west during cold war right um you may have heard of something called the stasi which was the east german um interior security domestic security force uh they've quite well known for um infiltrating your homes and apartments and conducting a lot of state-sponsored gaslighting towards their political opponents, right? It seems we're seeing a minor return of the Stasi in a form of a...

huge expansion of Berlin police surveillance powers, actually. So we're going to look at this website, this blog, and claim the net here. And what we're seeing right now is... An almost unanimous decision by the governing CDU SPD coalition supported by some AFD votes to approve the General Security and Public Order Act, which, you know.

focus specifically on Berlin, right, and establish limits for police, but expand its surveillance powers to include three very concerning changes, which seems to me like a return of the stats in a lot of ways. One of the most controversial elements is the expansion of police powers under paragraph 26A and 26B. This allows investigators to hack into computers and smartphones under a banner of source telecommunications service, surveillance, and online searches.

What it essentially does is it allows police in Berlin to install state-developed spyware known as Trojans on personal devices and set messages before or after encryption. And for some reason, this spyware cannot be deployed remotely. such as throughout zero-day vulnerability. The law will essentially authorize the officers to secretly enter someone's home to gain access and install these programs directly on the hardware without the occupant's knowledge.

Now that Berlin had previously resisted such practices, it now joins other federal states that permit physical entry to install digital monitoring tools. Like right now, there's actually a lot of things as well. I'm just going to quickly summarize it. So, you know, obviously, besides the fact that it maintains a list of vulnerabilities that we use to actually, you know, put everyone at risk, right?

What they're doing is they're also like, you know, activating the more body camera footage, for example. What does that also expand cell tower queries along? people who essentially collect data from cell tower dumps from a chosen timeframe. And this act, this form of, you know, cell tower curious can actually identify the movements of thousands of individuals, including those who actually attended a protest.

i'll start promise a few more as well such as automatic lessons placed recognition biometric face and voice matching user public available information on the internet um more increased like osin surveillance for example it's It's absurd. I'm going to stop here because reading this article just makes you feel very very upset for like a lot of Berliners out here, but also confused as well because Apparently just a lot of the physical like entry points established in his blog

has been available for other state members as well. So it isn't just a new thing introduced in Berlin, but rather across many other German states and provinces, which for me, it sounds quite scary to know that. Yes, it is normal for the police to directly enter your room, enter your house, and install spyware on your hardware. And it really reminds me, okay, yes, the police have been... informally allowed to install spyware on your phone. If there's a warrant, maybe

They can send it to you, maybe they won't. It really depends on a lot of different rules, right? There's never been a formal rule in a lot of countries where, yes, you're allowed to use targeted spyware or not. Some countries ban it. Other countries promote it, but informally, right? So I feel like... bills like these seek to normalize a lot of these mercenary spyware firms and just empower them and normalize their usage on a regular basis, which should not be the case whatsoever.

Secondly though, one thing I'm also concerned about is hardware security. specifically in the lines of evil maid attacks, anti-interdiction methods as well. Because as you may know, there's been a lot of new developments about how almost every single...

device we have out there is actually vulnerable to evil-made attacks, specifically computers, you know? Like, Nate, you probably heard of something called Spectre Meltdown back in 2018, right? Which essentially affected almost every single computer out there. And that reminds me that, okay...

It is already a given that the police, at least in Germany, can enter your home without you knowing and install malware on your computer. Or maybe they'll use Celebrate to essentially install something on your phone.

Like, we don't own a method. This blog doesn't really discuss the details. But what I'm concerned about is, is there anything that people can do to actually protect themselves against it? Because, like, right now, at least on our website, like, yeah, we do have some limited information on what people can do, such as enabling full verified boot.

or using a specific operating system that does support it rather than just leaving it fully unlocked. I'm just wondering though, how can we actually protect ourselves from these unwarranted searches and seizures? If you live in a country that does so. So the answer is to carry a very big backpack and put every electronic device in your house, including your TV. Now, obviously I'm kidding. Yeah, I mean.

It's it's tough, man. It really is. Because like you said, there's there are certain things that can help. But I mean, especially when you're talking about a state sponsor, like this is literally a state sponsored adversary. And, you know, to be fair, when we're talking about police. There's varying levels, right? Like here in the U S the NYPD has more funding than a lot of militaries around the world versus, you know, the sheriff's department in Iowa, the.

you know, probably doesn't even have enough money for coffee and the sheriff buys the coffee for the office every month or something. So it's really, it depends on, there's a lot of like, it depends here when we talk about this kind of stuff. But yeah, I think. This is one of the reasons that we're really big fans of Graphene OS, for example. You can lock the bootloader, and that makes it more secure against various sorts of attacks.

I'm going to be fully honest. I'm not super familiar with a lot of hardware security and hardware stuff that's built in, but I do know that newer devices are constantly adding more security features like this to help protect against. um tampering at a deeper level so it i mean it sucks because i i think um especially a lot of us who like first of all we talked about the ram shortage up top like i think we all want to make our devices last as long as possible right now

But also, you know, some of us want to be like environmentally aware and not create electronic waste and stuff like that. But if you have a really high threat model, it is really important to get devices that are current that have a lot of those safety features built in.

Again, I can't speak to the efficacy of all of them because this is a little bit outside my realm of knowledge, but I know that there are things like the heads firmware. If you use certain Linux distros, it's kind of like a hardened version of core boot, if I remember correctly. And that is designed to protect against evil mate attacks and to alert you if, I don't know if it still does, but I remember once upon a time.

cubes would alert you if anything had changed on the lower levels of the the system so and i remember that because every time i would update my cubes machine like the the firmware every time i would boot up it would send me this big scary red message that's like oh you're you're uh hashes or whatever have changed. And this could indicate compromise. And the first few times it happened, I was like, oh my God, what? What happened? Hold on, wait. And then I remembered I ran an update and I'm like,

Oh, I bet it was that. And then I started to notice the pattern after a while. So yeah, there are certain softwares out there that can do that, but they're all not created equal. So definitely do your research on that.

If you're in doubt, ask in our forum. There's a lot of really smart people there that could probably answer your question on if this one's any good, what are any potential holes in it. But yeah. Yeah. In my article, I've actually written about... specifically if you're looking for a cubes os like you know machine right right now like yes heads former does support manual installation of course but it seems to me if you look through all the different like um i'd say supportive

supported motherboard configurations for heads firmware right now they only support two and all of them are from manufacturers like oems specifically purism which is we will talk about that later and it's specifically nova custom right we're based in the netherlands so if you're based in germany if you're one of the affected federal states or such as berlin for example

i'm not sure if they're a federal state it's just the city i i don't know i am not that this is regional parliament so i don't know i think they're a state yeah yeah well if you're affected by these you know, German like police surveillance measures, I probably recommend you make that, you know, Ryanair flight or, you know, that

drive to the Netherlands and see, hey, knock on the door on Nova Custom Focus here. Let's get this laptop out before the RAM shortage happens in 2026. You only have a few weeks left for RAM prices to increase. And right now, even by...

regular standards, like Nova Custom laptops are quite expensive, by the nature of being a customized niche OEM. So do keep that in mind though, that if you have a high threat model, Nova Custom is at least comparably right at your doorsteps and i'm sure they're willing to help you out with any like support they need um anyways yeah i think it's just concerning to see that yes there is suddenly an increased need to focus on physical security and anti-evil mitigation

um and unfortunately when you're going against like a state level actor it's just it's not a lot you can really do besides these measures you know because at the end of the day you can't really protect yourself against the adversary forever so maybe it's time to focus on other things as well such as advocacy and preventing these laws from happening in the first place.

yeah agreed um i do think not not to for the record we're not affiliated with nova custom in any way oh yeah we're not we're not affiliate links or anything but i did listen to an interview recently and i could be wrong but i seem to remember him saying like yeah if you want to make the trip to show up at our office

will hand you the device like because they do offer uh you mentioned the anti-interdiction which is where like they'll um one of the common things i think purism does this is the like they'll put clear nail polish on the screws so that if um

uh, if it gets unscrewed at any point during transit, you'll have an indicator that somebody tampered with it. Right. Um, so yeah, one, one thing they're like, yeah, but if you'd rather, you can just come to our office and we'll give it to you if you're in the Netherlands. But, um, Yeah, I just wanted to say, going back to the Samurai Wallet thing, it's hard to stand up to a government.

Certainly not unlimited resources. They are still, to some degree or another, still accountable to voters, even if it's in the sense of like, oh, my politician just spent $500 billion suing this. open source project I've never heard of when they could have been putting that money towards Rhodes. Why am I going to vote for them again? But compared to you, the government can drop $6 million to sue me. I am not.

you know i i don't have six thousand dollars like come on that's not a fair fight so yeah um it is really important to think about these kind of things in advance for sure yeah actually you point out something that's um like really intriguing as well because like in the blog itself it mentions that Apparently, it's the governing coalition of, well, it's formerly two opposing parties, right? The more conservative CDU and the more center-left SPD.

And they're supported by the Alternative for Dutchland, right? Which is the more, like, far-right party that's currently in the parliament. So I'm just wondering, wow, like, everyone supports this. No matter who you vote for, the government will screw you over no matter what. It's just a funny observation I noticed, though. If you're based in Germany, yeah, it's pretty tough out there. I'm sorry. It's just so crazy.

I was just going to say, it's so crazy. Cause like, I think you even noted in the article says to like Germany historically has had such good privacy laws because you mentioned the Stasi, like, you know, East Germany, West Germany. And all that kind of stuff, like there was so much paranoia that when the Berlin Wall fell, Germany decided like, we don't want to do that again. That was awful. We don't want to live in this crazy police state where like.

Parents can't trust their kids and friends can't trust their neighbors. It's just insane. We don't want to live in that world. And so it is mind blowing to see Germany institute these new laws where, you know, now it's like the police can break into your house and put malware on your phone. Like, I forget exactly what I said, but I think I posted that in the privacy guides chat when I read that. And I was like, what did I just read? Like, that's so insane. And, you know, just like they've got.

like kevin barely scratched the surface of everything that's in here you know uh they expand cell tower queries on every mobile phone connected during a time frame like america just outlawed geofence warrants and they just like put them in the express lane like They expanded automatic license plate recognition systems and just, man, like it blows my mind. I never thought I'd see Germany doing this of all people.

Yeah, let's do away with the myth that if you're based in an EU country, that you're automatically protected from a lot of these privacy issues. Yes, maybe be more protected from corporate surveillance from Google and Apple. If you worry about that, of course.

actually concerned about other aspects of their life it's definitely on a per country basis you know um so please do not stay like calm like just because germany you know someone voted against tag control a few months ago doesn't necessarily mean that there won't put something above your computer, for example. You're not safe no matter where you live from these laws. And the only thing they can really do to protect yourself is actually be aware of them in the first place.

In Germany, for example, there probably wasn't a lot of public knowledge of what this entails. So this is here to be solely being introduced state by state in Germany. Which is like, you know, reminds me of how age verification is spreading, like, you know, across the world, country to country, from each individual U.S. state to the federal level.

Definitely. It's so important to focus on state politics, all right? Because you never know what will happen until, of course, Allah slams you in the face and all of a sudden, oh, wait, the police can just break into my room like how 40 years ago the Stasi did.

you know, in Berlin. So it's kind of like, ah, the Stasi's back. Oh, no. And everyone hates them. But at the end of the day, you realize the Stasi was just law enforcement. They're police at the end of the day, right? Like, what's the real difference between the Stasi and, you know?

That's what you have today, which are, you know, modern day police officers that can access almost every information you have online, where you go based on cell phone towers. And of course, the ability to go into your room and mess with you a little bit, you know, like.

That's the statutory technique, you know? Deconstructing and gaslighting you by moving a chair. And now, what's the difference between that and just going to someone's random home and just bugging your desktop, you know? So, yeah, it's just... I'm sorry, Germany. It's so tough to see all this come back again. Learn your lesson.

I do want to add one thing there, maybe on a positive note, is the article did say at the very end that it's unclear if this is going to stand up to, what did they say? Whether it withstands constitutional review will determine how far Germany's commitment to individual privacy can bend in the name of security.

So in other words, there is still a chance that somebody could bring this up to the courts and say, hey, this is not constitutional. And I don't know anything about Germany's constitution, so I can't speak to that. But, you know, if any of our listeners are German and happen to know some lawyers like.

definitely bring this up and be like, Hey, is there a case here? Cause this is wild. So, yeah, I, I, I really, he's let us know because I don't think like, um, i'm pretty sure we do have bad people in germany like on our community so if you do have any shots please please do share like i'm on our community forum as well if you have any thoughts on what people potentially do in reaction to this maybe like we can sue them perhaps we can

take some short-term temporary protective measures against yourself you know secure devices um but yeah like please like if you have any thoughts on this please let us know because right now we're just two americans sitting across the ocean No idea what's going on in Germany right now. This was shocking for us. Maybe you already know, but it's for quite some time. But yeah, I think it's time to go back to our usual suspect in America.

firefox i feel like we talk about them so much like like yeah it's always something about ai you know yeah yeah mozilla's been busy on firefox and i i'm a little disappointed because up until now i feel like mozilla's been making

So Mozilla got a new CEO or their old CEO stepped down. They had an interim CEO and basically they said a bunch of stuff about like, we're going to recommit to Firefox. We're going to... focus on they shut down uh some of their other projects which some i know people were unhappy about like pocket i actually saw a lot of people were upset that that got shut down but um some other things that you know uh kind of in my opinion never really made sense like they had a

was it called fake spotter? It was like a, an extension that would detect fake reviews on a website, which, you know, Hey, I'm sure it's a cool extension, but like, why did Mozilla pick that one up? I don't know. That was weird. But anyways, they, um, they started, they said they were going to refocus on Firefox. And for a while I felt like they were.

They were adding a bunch of like privacy focused things and like kind of doing some cool stuff. And I'm like, okay, cool. Like I like where this is going. And then this happened. So this article comes from TechCrunch and the headline says Mozilla's new CEO says AI is coming to Firefox but will remain a choice. Yeah. So quoting parts of the article here, it says Mozilla has appointed Anthony Enzor.

Demio as its CEO. Before this appointment, Enzer Demio was general manager of Firefox and is now taking over from the interim CEO, Laura Chambers, who was in the role for the past couple of years. Enzer Demio previously held product roles at... Roofstock, Better, and Wayfair.

just to kind of give his credentials, I suppose. Mozilla will be investing in AI and will add AI features to Firefox, Enzer DeMeo said in a blog post announcing the appointment. And he said the company will make AI features optional within Firefox and its other product. I don't think that's really super news to people. I think Firefox has kind of been dabbling in AI for quite a while now, but yeah, I know they've had a...

I don't know exactly how they've been dabbling because I'll be honest, I don't use Firefox regularly, but I do know they've kind of been dipping their toes in the water. Well, they added perplexity as a default search engine, which is a weird choice.

But yeah, as one example. So I'm actually going to go ahead and quote the blog post here where he talked about this stuff specifically. He said, as Mozilla moves forward, we will focus on becoming the trusted software company. This is not a slogan. It is a direction that guides how we build and how we grow. And it means three things.

Every product we build must give people agency in how it works. Privacy, data use, and AI must be clear and understandable. Controls must be simple. AI must always be a choice, something that people can easily turn off. People should know why a feature works the way it does and what value they get from it. Second, our business model must align with...

trust. We will grow through transparent monetization that people recognize and value. Third, Firefox will grow from a browser into a broader ecosystem of trusted software. Firefox will remain our anchor. It will evolve into a modern AI browser and support a portfolio of new and trusted software additions. We will measure our So, yeah.

So historically, I personally have always been a very big critic of Mozilla, and I think I'm going to have to pick up that mantle and put that hat back on because I don't know. I don't think anybody's really going to be thrilled about this. I have personally defended things like ProtonLumo and BravesLeo because I do think, you know, when Proton released Lumo...

They made the comment that AI is coming whether we want it or not. And I think they make a really good argument that if we just dig our heels in and reject AI every single chance it gets, unfortunately... I don't, I really hate to be defeatist, but I think all that's going to do is people are going to be forced to use.

Cause there's some company, there's some jobs where like your company tells you, you have to use AI. And to be fair, they're going to tell you like, you have to use this specific AI. They're not going to let you use Lumo or Leo. But I think we run the risk of people not having any. less crappy ai choices and i want to stress less crappy um but that said i think personally i think leo and lumo

have actually kind of done something. Like I don't really understand what Mozilla is bringing to this. I feel like Mozilla is always like a day late and a dollar short with all these features and they're not really bringing anything new. They're just kind of catching up to everyone else. and doing things that everyone else has already done. And I don't know, I don't get it. And to nitpick, to be the Mozilla hater, I've got to point out that...

This is not how they've been operating. He says, you know, first principle, every product we build must give people agency. Privacy data use and AI must be clear and understandable. Controls should be simple. Something people can turn off. People should know why a feature works the way it does and what value it gets from it. Sorry, was it earlier this year or last year that they rolled out privacy-preserving advertising? And I put that in heavy quotes for any audio listeners.

Where it's like, you know, they didn't even ask. They just enabled it by default. And you had to go digging through the menu to go turn it off. And it's just... you know, it's, I don't know, maybe, maybe he's trying to say like under my leadership, we're going to turn a new leaf, but this is definitely not what Mozilla has been doing historically. I hope it is what they will do going forward, but yeah, I don't know.

I don't really see a reason. And also that third one, like Fry's Firefox will go from a browser into an ecosystem. Like, so you just killed all your products and now you're going to bring them all back. Is that, I don't know this. I don't like it. And I want to like Firefox. I really. really, really want to like Firefox. I want to make that clear. But I mean, you go to a website like browsertests.org or whatever it is, and like...

Firefox is missing so many basic features that so many other browsers have, like privacy preserving features that so many other browsers have implemented. And I don't understand why they can't start there. Like start with the basic stuff that everyone else is doing before they shove in all these features nobody asked for.

um i don't know that's yeah yeah i have a lot of complaints with firebox i'm sure you do i guess you're switching out that santa hat for the mozilla hating hat for now but but just to like emphasize as well it's like yeah it's like mozilla is so far behind like all of the browsers not just in terms of the whole ai features whatever but they're just so behind just making a modern browser with basic features i think they're like firefox i think they once like

released a blog post saying oh we've reintroduced it we're introducing profiles for the first time but it's really just a refinement of our of the system they already have with containers if i remember properly so it's kind of like at least with firefox right They're constantly behind.

there's so many security gaps available but we also want to support them because at the end of the day they're one of the few browsers out there that is completely independent of google uh specifically chromium right and as much as we love like you know security benefits that Chromium has, it's sad to see how something like Firefox has been mismanaged for the past 10 years, and now they're suddenly behind companies like Proton and Brave.

There's one other thing, too, that I'm really angry about. It's that this CEO of a nonprofit, mind you, talks about a business model when you're supposed to be doing something for the public good, right? So I know that we've talked about their financial crisis quite a lot, you know, with the recent antitrust case involving Google being allowed to essentially have their search engine as a default with other browsers, right?

They do this with Apple Safari. They also do that with Mozilla's Firefox. And a huge shock to many people was that this deal that Google has with Firefox is... essentially a plurality, if not a majority of their funding, at least like a few years ago. Right. And right now, like what we see is that Firefox is desperate because they know that this case will eventually.

lead to some form of divestment. We don't know if this deal will survive. It has so in the previous HRS case, but we don't know if this will be challenged again and again. So relying so much on Google, it has already been a financial disaster. for Firefox. And they're trying to diversify as much as possible. But I think we noticed from many products developed and, you know, just didn't work out, right? Mozilla VPN or Pocket. It's just clear that

they don't really know what to do. And they can't really find a sustainable business model beyond making these deals with big tech corporations. And while I applaud this new CEO, Azor Demio for trying to at least diversify and recognizing the issue. I also am suspect of his focus on AI because we know the AI right now, it's just, you can easily use it for free, right?

Will it actually be a sustainable business model for a nonprofit like Mozilla? Is it perhaps maybe time to focus on other things as well, such as, for example, expanding your grant-making, grant-finding process? Because a lot of nonprofits rely on grants, right? Obviously, you're allowed to sell a product. You're allowed to monetize your product. But there's so much flip-bopping on where this business model will go to the point where I'm like, you are a non-profit.

Focus on building a product that works for us and focus on the public good right now, okay? Because they're playing nonprofits with less resources than Mozilla has, and they're not as struggling as you are, you know? So very clearly, I think the problem is not necessarily a fundraising issue or a profits issue. I think it's an identity crisis, an identity issue. You will never make money, at least sustainably, if you don't even know what you are.

I was just wondering if I'm alone in this state. Do you feel like there is some bit of identity crisis with Firefox to prevent them from actually committing to something? Nothing that I can really remember. Uh, I do want to know Mozilla's structure is actually kind of weird. Cause you talked about how he's talking about, um, you know, business models and stuff, which for the record, I don't think it's a bad idea for people to have a.

a sustainable business model, a way of making money. This is going to be a very polarizing take, but... I think it's a challenge. Let me put it this way. I think it's a real challenge for people to rely solely on good faith donations. I think it was a... It was Opt Out Podcast with Seth for Privacy, one of his very early ones. He interviewed a guy who has – I forget his name, but he works for Citadel Dispatch or whatever. And he's like, I have this project where I take –

where I take sponsors and affiliates and stuff. And I have this other project where I only do donations. And he's like, this sponsored project gets 10 times as much funding. So first of all, if you... Want organizations to stick around open source tools and projects like please donate to them because funding is very tight. And I know that's a lot to ask right now in today's economy. But second, going back to what I was saying, Mozilla has.

A non-profit section and a for-profit section, and it's really confusing. Somehow they both oversee Firefox, and I really have never fully understood how they're structured. what the funding liabilities are and stuff. I don't know. It's, it's really weird, but yeah, apparently for what it's worth, he is the CEO of the Mozilla corporation, which is the for-profit arm. So it kind of makes sense that he would be talking about, um,

you know, business models and revenue and stuff like that. But yeah, I do agree that like, they don't seem to know what they're doing. That's also the impression I get is that they don't really have a direction.

And I mean, sure, they've got the corporate speak of like, these are our values. And it's like, okay, but what does that mean in terms of making money? What does that mean in terms of developing Firefox? What does that mean in terms of features? And it really seems like they're just playing catch up. Like, it's almost like...

it's almost like the people that are jumping into Bitcoin now and they're like, oh, I'm going to become a millionaire. And it's like, no, that ship sailed. Like you might make some money. Sure. But.

you're not going to become a Bitcoin millionaire. Lightning doesn't strike twice. And I feel like they just keep like, oh, everybody's getting into AI. Let's go get into AI. And it's like, but that ship has sailed. If you're not already on the boat, you're on the shore, man. Like it's too late for that. So I don't know.

yeah indeed i also thank you for correcting me i guess that the structure also confused me as well i was like wait wait despite the mozilla corporation and there's mozilla it is confusing it must confuse me too but i think regardless i think my point still stands on the whole yeah we view mozilla as a non-profit even though there's a subsidiary as a company i guess this guy is the CEO of the company itself but it's kind of like oh lord

We don't even know if it's a non-profit or not. Which is the issue for Mozilla itself. It really needs to get that squared away, you know? Because would you rather be a non-profit that isn't making that much money but still is developing a decent product compared to...

a failing company that doesn't even know what he's trying to do to make money what's better i think the first one's better isn't it but unfortunately i feel it's more of the second unfortunately which is um i apologize for my mistake mischaracterizing mozilla um

with their dual structure and whatnot well i i could be wrong um but i heard from someone once that the reason that there's even a for-profit arm is it's because of their whole search deal with google which you're right last i checked was like 80 of their income So they are dependent on Google. And they basically Google. There's certain rules about who companies can donate money to and whether that counts as a tax deduction or a conflict of interest or whatever.

I think that's why they have such a confusing structure so they can take money from Google legally. Um, but yeah, it's, I do agree with you. It's still just, it's, I don't know. It's, it's so, yeah. I just, they, they need to figure out what their direction is and what they want to be. Cause Oh, I remember what I was going to say. There's, there is a such thing as like a, a socially motivated corporation or like a, a for good.

And I think there's actually a legal designation that comes with this. Don't quote me. I'm not a business expert, but I've seen it around where you're structured like a for-profit and you can make money and you can do all the tax write-offs and stuff. But...

you know your your mission is still like you your business has to be in line with your mission to make the world a better place whatever that looks like for you whether it's you know um giving shoes to disadvantaged people or whatever i'm just throwing random stuff out so like

I would have to imagine there has to be a way where Mozilla says like, we can be this for-profit company that can take Google's money, which for the record, I think they should be trying to wean off that. I'm not saying that's a good thing, but we can be sustainable while we work towards these other profit. goals, but at the same time still have those, those socially motivated ethos. And yeah, I feel like they just.

I feel like they just keep trying to say like, no, we want these good things, but they have no idea how to get in that direction. And it's so frustrating. I want to like Firefox. I really do. Yeah. Well, unfortunately, we're not business consultants. We're privacy guides. And right now, we're just telling you the facts straight up. And facts right now is saying that Mozilla really needs to turn itself around.

still have our hearts because i feel like part of our hearts is still with mozelle you know like i love firefox i love love using it but hey you know hello for the truth you know report the truth it's just like There's definitely a bit of a conflict going on right now. But we wish Mozilla the very best as a company and as a nonprofit. And yeah, and I think it's like, you know, regardless of what happens, let's hope to get it squared out.

betterment of the privacy community in general speaking fully agree right um i think we had some discussions going on at the forum Specifically, I see here we've highlighted there's a discussion about potentially removing ProtonVPN as one of our recommendations. Let's see here. Have you read up on this one?

i have yes two two of them actually there's actually multiple but um i just want to emphasize that we cannot share um the post directly on the screen so kind of relying on our summary and we can't identify anyone in these threats that have not officially consented to be recorded Essentially, there's quite a lot of discussion on whether ProtonVPN should be removed from our recommendations because of their wonky integration with Kill Switch on Mac OS and Linux.

This specific post I linked in our notes mostly details the fact that Killswitch on MacWiz doesn't particularly work when switching on a ProtonVPN server or on computer boot up. And for the record, we have... We have implemented a disclaimer saying Killswitch may not necessarily work perfectly on Mac, specifically Intel-based Macs. However, there's been a lot of increased discussion on actually whether ProtonVPN should be removed or not.

just because they don't particularly have a solid feature on macOS and Linux. And right now, a lot of discussion I've noticed is essentially, hey... This is actually impactful in real life, you know, because we'll just kill switch actually leak data to the internet or not and Right now it's a lot of it the conversation is mostly about whether or not Proton is actually developing standardized and feature-complete features on macOS and Linux compared to Windows, which is...

But to concede, it is a fair point. We want our recommendations to have future parity across all major operating systems, ideally. So I guess just my brief thoughts on this right now, it's like... Yes, the kill switch feature is important. And right now, like it is like a quarterstone of a lot of our VPN recommendations.

However, we probably need to wait a little more to discuss whether that is a necessary deal breaker for most people, given the fact that a lot of reasons why we do have recommendations is also based on trust in the company as well. And Proton, whether you like it or not, is...

somewhat trustworthy, very trustworthy. It depends on your level of trust for any sort of private corporation out there. But at least from my two cents, which is not representative of privacy guides, it's going to take a lot more conversation and community feedback before we... discuss either A, removing ProtonVPN or B, implementing a more vocal disclaimer and recommendation before someone installs it.

So keep in mind that we are actively reviewing the thread as we speak. And if there is anything that does pop up, I will make sure to either interact in the forum directly or just let you know officially, all right? So don't worry if we're not reacting too quickly to it. I think things like this require a lot of time. And a sad thing is, what if we remove PrototypeQ and then re-implement it again in a few months? Because they fixed this bug. It's just...

Things takes time, but we are definitely watching this thread and your thoughts are heard regardless if you agree with this decision or not to propose this idea in a form. Cool. But yeah, Nate, do you have any thoughts on ProtonVPN or do you want to go on to any questions? I mean, I don't know. It's a tough decision because I think...

I think there's a lot of really good points being made. I like Proton. I'm actually probably going to switch to ProtonVPN here next year when my Mulvad subscription runs out. I may not. We'll see. There's a lot of factors. going into that decision but um i do like it but i i think uh you know there's on our website like you said we do have the the the note about uh the kill switch but we also have you know as one of our minimum criteria uh it does say that it has to have a kill switch so

And Proton's development is, as much as I like Proton, it's not always ideal. Anyone who's ever used their Linux client can agree that some things don't get the attention and love that they need, for sure. I would like to see a good ProtonDrive Linux client someday. But yeah, I don't know. I think it's a...

And like you said, this is my personal opinion, not that of privacy guides, to be clear. But I wouldn't want to throw out the baby with the bathwater, as they say. I think ProtonVPN is a very good product for most people. yeah like you said maybe we just need to make that warning a little more prominent or uh i'm not entirely sure what the solution is there but uh definitely i mean that's that's why we have open discussions if you all have uh suggestions on what would be a good solution or

If everybody thinks that the solution is to remove it, definitely come in and put a good argument for why you think we should do that. So, yeah. Yeah, I think that pretty much summarizes all the discussion we have about that. Nate, I was just wondering, have you noticed any questions from our members in the YouTube chat? Yeah, we've had a pretty lively chat here this week.

I haven't seen, are these, sorry, I'm not like a YouTube expert. Is the little star a member or does that just mean they're very chatty? Yeah, I'll be honest with you. I am not familiar who is a member, but I guess we can start with them if you want. Okay. Yeah. So we'll we'll mix it up this week. We'll start with our YouTube chat and then we'll head over to members on the forum. Let's see here. So we did mention the people who.

We're active when we were talking about the, sorry, my cat was on the desk. When we were talking about the political stuff earlier at the top of the episode. Thank you guys for being active for sure. And messaging your politicians. And then let's see here. Sorry, I've been keeping an eye on the chat, but like I said, it's been pretty active this week. Jonah's been sharing some of the really good resources we have on Privacy Guides about cryptocurrency.

the forum post as well. So thank you for keeping an eye on that, Jonah. Let's see here. I did like a comment when we were talking about the samurai wallet story and i said code is free speech resplendent 606 said i believe code can be considered art as well which is is true you know i i mean

I don't know code well enough, but I know people who do know code have that opinion where they'll look at something and be like, oh, this is beautiful. This is well done. This is minimal. This is clean. And they're not just talking about the formatting. They're talking about the structure of the code and what it does.

So, I mean, yeah, I mean, anything well executed can definitely be art in that sense. Yeah, I agree. It's very artistic, I would say. I feel like, I'm just going to make one brief sentence about this, but like... I think knowing a lot of folks who do both program and also do art as well, it's just so amazing to see how these two meetings merge together. It's like a lot of my previous supervisors, some of the EFF affiliated organizations I've interned for in the past, it's like...

They're also artists. And one of them, I believe they like sent a mixtape to the NSA and it's encrypted. And that's the art itself, you know? And I'm like, oh, wow. That's awesome. Like, that's insane, you know? And I'm like, just...

But yeah, going off topic here, I just think it is definitely a form of art and it's definitely a form of free speech. That's awesome. I love it. Okay, yeah. So moving over to the... forum uh we did have some member questions here well we had jg who is uh one of our members he did want to he said uh please bring this to the attention of people

excuse me, please bring this to the people's attention about what Apple's been doing so they can act on it. And he shared a link to a lot of organizations have gotten together to write an open letter to the EU commission president. about Apple. And these organizations include Proton, Threema. Again, yeah. Let me see here. If I remember correctly, I think this is the DMA.

Yeah. So back in April 2025, the European Commission ruled that Apple's App Store policies are illegal under the Digital Markets Act. Six months later, Apple is still charging developers up to 20% commission on those transactions. So basically, yeah, they're trying to push the EU to crack down a little bit on Apple and actually comply with the DMA. So I'm not entirely sure if there's any action that...

Listeners can take, oh yes, you can read the full letter and check out the media coverage here. So yeah, I guess if you're in Europe or know people in Europe, definitely check this out and maybe share this story around. and let people know what's going on so they can get politically involved, pressure their politicians, that kind of stuff. Yeah, I agree. I think that's, once again, it kind of falls to our theme of trying to actually reach out to people and let them know that, you know.

things like this are happening and we should not be happening and i'd just like to quickly apologize to like uh jg for not including this in our this week's you know list of stories unfortunately a lot of things are happening across the world and just sorry if we didn't include your stories probably because Things are so so bad like we can't collect include every single privacy related story out there But I assure you that like I have read

what you posted before and i do think we should probably do something about um you know apple and make sure that they actually do comply with the digital markets act for sure so apologies again jg but who knows maybe in the future like uh we will try and incorporate a lot of these suggested stories out there because we do definitely read them. Depends on the week, of course. I'd like to go over these two questions by Joseph Nobrefazo.

uh from a i believe a miami uh technology club which is like i i remember like reading through this and i was like oh wow like i'm really glad to see like local organizations like show up in our community um i'll go over the first question quickly When did you decide you wanted to film yourself as part of your advocacy work? What thoughts went into that decision? What did you do before and after you started showing yourself to protect your privacy?

I guess let's start first. This is something that I actually stumbled into, personally speaking. But my background, I'm a college student. I'm currently studying for my master's in cybersecurity policy at Tufts. Before that, I was really focused a lot on client work. I initially worked with Cornell Tech's clinical and tech abuse, helping domestic violence victims deal with surveillance issues, especially from potential workplace harassment or from their ex-partners.

My background, obviously, was in political communications. I love writing. I was really interested in journalism. But I just happened to be really interested in technology as well. But I didn't know how to bring this together. So I would say a lot of my work since then has been involved with either electronic frontier...

foundation affiliated organizations like free on the press foundation and that's advanced technology oversight project um and now i'm working with privacy guides having a blast never thought i'll end up a podcast but hey i'm here and If everything involves showing my face or not, I think it's important to let it know that, listen, some sacrifices must be made. And while I may not be, you know...

the perfect guy to be in this podcast and to show my face compared to a lot of other people out there. I still think that it's necessary for it to happen. As if no one does it, then how could anyone know about it, you know? there sometimes has to be a public face to this and a lot of people do in fact listen to faces a lot more than just a mysterious voice somewhere you know so

I think humanization is a very important part of this. And I think, like, I also want to applaud, like, everyone at Pirates of Guides who did, like, take this step to actually help people inform themselves of how to keep themselves safe in this surveillance age. Yeah, cool. Um, for me, well, no, I'm laughing because for me, I just don't really think ahead. Um, story of my life. So I started showing my face when I started, uh, co-producing surveillance report with Henry from tech lore.

And I actually remember the phone call. We were chatting, and he was kind of interviewing me, because he didn't really know who I was, I think, at the time, probably, which is fair, because my project was still super new.

Um, so he was kind of like feeling out like, you know, okay, what's, what's this guy like, what are his values and stuff? And he did mention, he's like, yeah, I always show my face. I'm not sure. He's like, maybe we could like, maybe if you wanted to wear like a mask or something. And I was just like, oh, I'll show my face. I don't really care. And I think I didn't really.

understand how big that project was going to get or because you all got to understand i am the kind of person that i've started multiple online projects like i've had um I've had websites for bands. I've been in multiple bands. I've, um, I think I even had like a website dedicated to an anime one time. I think it was bleach. Um, just before anybody asks. So, yeah. So, I mean, I've, I've.

done all these things online that like oh yeah we got like 50 visitors tops and then we just kind of got bored and stopped doing it so honestly when I started my own privacy work I didn't really expect it to take off And especially because originally my goal was just to make something for my immediate friends and family. I didn't say like, oh, I want to make this website and advertise it to people. I made it for my friends and family. And then I was like, well.

maybe other people can help it can get help out of it too. Cause I saw people asking about like, I don't know where to start. What are first steps? And I'm like, well, I made this for my friends and family, but if it helps you here, have it. And then the next thing I know, here I am. So for me, it was kind of just like, you know, I don't really think this is going to be a big deal anyways. I don't really care. But yeah, kind of like you said, I am.

I definitely don't blame people who don't want to show their face, like people like Jack Resider and the hated one. And like, hey, if you want to do that, I fully respect that. But I'm personally, I'm glad I did it because I do feel like it adds a layer of.

humanness and um and just kind of i think it's a little easier for people to connect with a face and be like oh there's a person like i actually do remember uh one of one of my readers longtime readers the first time i appeared on surveillance report he's like it's it's reassuring to know you're not just like some 12 year old

in his bedroom or something um but you know not that there's anything wrong with that for the record but you know he's he's like oh you actually like you have some life experience you kind of know what you're talking about in some of these situations so um yeah i mean

What did I do before and after to protect my privacy? The same things I'm still doing. For one, I'm very open about this. Nate is not my real name. I don't use my real name. I use data removal. I use easy opt-outs personally. I do have... the google results about you and optory both the free tier of optory to kind of fill in the gaps if i miss anything

If I have the time, I do check for any data removal stuff. But yeah, for the most part, it's mainly just compartmentalizing my life. I try to keep my privacy work very separate from my personal life. And yeah, I don't know. I think this works so far. Hopefully. For the record, I did not turn off any privacy-protecting measures like you did. Maybe I should have used my real name. I was given an option to do so, and I was like, cap works.

kevin but yeah the hindsight may i should have done that i didn't ever expect to be on a podcast anyways but hey you know what um my real name is in fact kevin this is not trying to throw anyone out who's trying to investigate me it's i actually assure you it's kevin it's not like

something else i don't know but doing like five layers of reverse psychology right now yeah maybe the fbi agent monitoring this podcast right now will get really confused is kevin really my real name we shall never know um also nate are you familiar with like how we do subtitles on your shorts like i think if i remember when i when i did like that as well the tick tock it was a very it was an automatic feature on tick tock i wasn't sure if that's what you use as well

So I use the automatic feature in DaVinci Resolve, which is my video editor. And I think it uses Whisper, which is open source, if I remember correctly. And it's honestly, it's really impressive. Like there's times I've watched it, especially with the first few times I used it. And I, I try to proof watch them all. I know a couple have slipped through the cracks here and I really apologize, but, um,

I try to proof watch them all. I try to make sure they're accurate and they're not like messing up a word. But the first time I used it, it got every single word right. It even capitalized like TikTok or because I think one of the first times I used it was a video talking about like the TikTok ban or something. I mean, it's really impressive. Like I said, I try to proofread it and make sure that it's correct, but that's kind of the only way that I know how to do it.

Yeah, because otherwise the auto-generated ones, I don't know why, especially on YouTube, they could use a better AI model. But for some reason, they're automatically generated subtitles.

really horrendous and they have no like punctuation and they get words wrong all the time and it's just really hard to read along with it and I say this as somebody without any kind of like reading disabilities or anything it's um yeah it's hard but i don't know if uh because jordan and i split video editing i don't know if jordan uses something different but that's what i use personally

Yeah, I think we can all definitely share our own techniques to you if you ever have any questions about that. I think we've definitely talked about how we do things. so like if there's like a question for example you have for some specific video on how we did things make sure to like comment enter and ask hey

Jordan, hey, Nate, how did you do this? And I'm sure we'll be more than happy to explain in detail if you have any other questions related to videos. I think it's a great time to move on to the next user. Privacy is consent. Privacy guides used to have a list of questions they would ask service providers to get additional first-hand information about the organization behind the service. There used to be quite a bit of emphasis on transparency of ownership and public accountability.

As more governments and governing bodies around the world become increasingly hostile to privacy-enhancing technologies, do you think a similar list of questions from privacy guides would favor products with a decentralized, multinational, pseudonymous, and directorial plural leadership? If not, how long do you think organizations like Proton from Switzerland and Graphene OS France could potentially last playing jurisdictional cat and mouse? Apologize for the...

twisted words. I sometimes have trouble reading things. Anyways, I think just to answer your question, for the record, both me and Nate, we weren't available during the PTIO days. I do remember subscribing to the subreddit.

four or five years ago but that's all i i really tell you about the process with mptio so i can't really confirm like whether or not like those questions were actively sent out um what i do say though is i kind of restate what we currently do in our forum which is um we rely heavily on community consensus right so if you were to have a proposal and and post it in a specific category on our website

For example, if you're a developer, you do something like a showcase, or if you are just have any suggestion, doing our guide suggestion or tool suggestion, so on and so forth. What you could do is if there's a lot of community, like push for it.

and a lot of people um in the staff do agree with it what happens is that we there's usually someone who would try to do like a github uh you know like pull request like create an issue and then like in that pull request um kind of like write a draft of what would appear on the website right and then people within their privacy community could be anyone could be a team member or someone just like on the forum i will eventually like

contribute to it over time until eventually i guess approved by either like jonah or some of the other like staff member as well um i can't recall who exactly is in this like final committee it's like jonah freddy and

i think is nick nick nick is part of it yeah well i think they're just definitely like i think there's like definitely like a lot of like management by like you know the core members of the price of guys staff as well so like uh keep that in mind as well as that we don't really have

specific questions we assert towards companies anymore that what they usually do is they come to our form itself and then eventually someone really likes them they'll write a pr for them if there's and we'll prove it if there's a lot community support and we have our suggestions as well so it's a bit of a mix and match of like a bunch of things as well so if i'm going to quickly answer your question no we don't have a list of questions you ask the questions um

And do I think whether these questions would actually like fair project with the centralized and multinational approach? Then again, I don't really know these questions. it depends on the questions being asked you know but if we do have this level of format it innately requires us to actually have companies begging to join our forum which i think will take like a few more years at least until we reach that level in our idea i'd say

If not, how long do I think organizations like Proton AG or Grapheno is playing jurisdictional cat and mouse? This is the thing, though. For starters, I want to make a correction. Graphene OS is not based in France. They're based in Canada. They just have a few servers here and there located in France that they recently relocated. Mostly... revolving their social media presence and their website. So they aren't necessarily based in France, but just to answer your question.

We don't know how long they'll last playing Jersey Cat the Mouse, but I'm sure that these companies or projects have contingency plans. And it's probably best to ask them directly if you want to know. certainly water the plants if they need to migrate. I'm sure Proton has drawn out a few plants in the past back when this one was really discussing their surveillance law. And I think one of the options was like, they would just simply distribute their servers across like Europe.

including iceland germany um maybe the netherlands i don't know um but it turns out like the headquarters though that's a more of a question you may have to ask pro time itself because we can't really speculate and it would be unfair for us to speculate what these like projects or companies are doing and same with graphene os if canada ever does something really bad folks

you know, that forces, you know, like that project to migrate somewhere. They have plans for it. And since Graphene has developers from all across the world, they're able to survive like one of the main developers being shut up in the war Ukraine.

If they can do that, I'm sure it can survive anything, I'd say. So I would say don't worry too much about jurisdiction. Just focus more so on, you know, I would say whether or not you can use a service or not, whether or not the service works best for you, I'd say. These projects have plans. We don't really know them, but let's trust them for now, I'd say. Yeah, I agree with you. I think in answer to the first question, would these questions favor...

projects with decentralized pseudonymistic directorial leadership. I don't think they would favor them necessarily because any questions that we would come up with. Uh, sorry, my cat is antsy. Uh, any questions that we would come up with, I think would be for the interest of transparency. You know, it wouldn't necessarily be like, I don't.

I think, for example, you know, Signal is not decentralized, right? And if you read Moxie Marlin Spikes, there's like an old blog post where he said why he doesn't like decentralization. And I think he makes some very valid arguments. that's not to say he's right. It's one of those things where there is no right or wrong. Like he's got some good arguments there that things like matrix clearly demonstrate are true, but then, you know,

signal has crashed from time to time when there's like too much traffic and they can't handle it. And a decentralized thing like Mastodon. you know the main mastodon service goes down and all the other smaller servers are like oh no well they'll come back whenever they come back the rest of us are still running so you know it's an um Point being, I don't think we favor any specific type of organization in that sense. I think it's more that we want to make sure that these organizations are...

operating in good faith. They're not like a shell company for the CIA. Their CEO also sits on the board of Palantir or something like that, which I know when you get to certain. projects that becomes a very gray area. So it's not so much about the structure as it is about just making sure that this is a good faith project that has people behind it that

can be trusted or at least can start like, let's say it's somebody who's brand new, who's, you know, fresh out of college, has no history. Well, at least we can say he doesn't work for the NSA as far as we know. So like. Let's see what happens. Let's see where he goes. You know, I think that's the point of those kinds of criteria. And yeah, I'm, I'm with Kevin on the second one too. Like it's, you can't predict the future. And so it's.

But there's a balance. Proton is starting to move their servers around because what if that law does go through in Switzerland? What if it doesn't? Okay, great, no problem. Then you moved your servers for nothing. But what if it does go through? And they can't just like... It's one thing for me as an individual. I have a Jellyfin server that is literally sitting in a mini PC in my living room right now. I can physically pick that thing up, walk it to another location.

and plug it back in. Proton can't do that. They can't just overnight, like, oh, okay, ship all our servers to Germany. That is a massive, massive undertaking. And so they kind of have to think ahead. plan for a worst case scenario but we can't really predict the future like how long could they last we don't know because some of these laws may not come to pass um some countries may never implement these laws some countries may implement them and then have a regime change

Literally, I shouldn't have used the word regime because that has a negative connotation, but they have a change of administration. They have a new president or prime minister come in who's like, this is unconstitutional and rolls everything back. I don't know. It's really hard to predict the future like that. It's good to think about these worst case scenarios. What if Proton goes away? What are you going to do instead? But yeah, it's hard to predict the future.

Maybe self-hosting is the only path forward, you know? Like, RAM prices and all that, who cares? You know, you can just move your server and move to another country, you know? Like, it doesn't matter, right? Like, move your Jillyfin server to, I don't know, some nice... Thailand or something. I don't know. Okay, counterpoint though. I'm just going to turn my apartment into a data center and then get a tax write-off for it. So I'll self-host and not have to pay rent.

You can also do it as well. You can take advantage of the Dutch-American Friendship Treaty. Do that. Start a small business as a contractor with privacy guides. And then use that to live in the Netherlands. And then just like... remotely work from there, you know? Maybe you should do that. Is this a thing? Hold on. I need to go renegotiate my contract. For the record, Jonah, if you're watching, this is not a serious conversation. We are joking.

we will not work illegally outside the country jonah's definitely watching he is he is um but yeah uh speaking of uh you and jonah apparently you missed a few questions uh from tropics 8997 uh he said you missed my two other questions last week because you thought jonah answered them all nate no problem though three questions sorry start with the first one is there any way to keep control of passwords and secrets while still being able to give up control of them to a trust

family member or friend when you die, such as you get hit by a bus tomorrow. Well, the first thing that pops into my head is stuff like Bitwarden has their family legacy thing. I think my wife and I are actually set up on that where if I get hit by a bus tomorrow, then... she can request access to my Bitwarden account. And if I don't deny that within seven days, she gets access.

Yeah, you could store, which we recommend using a password manager, and I think Bitwarden is one of the recommended ones. You could store your passwords and secrets in there. Otherwise, yeah, I think for more... unconventional things i i think you just have to have someone you really really trust like uh you know i i was very open a couple years ago my mom passed away and that actually did prompt a lot of discussions in our family

About, you know, what do we do if you pass away and how are people going to get access to your accounts and how's your stuff organized? And I do have a couple friends that trust me a lot and they're like, hey, if anything happens to me, here's my Bitwarden login. Like they actually gave me their login info. yeah I mean as far as technical controls I don't know I feel like something like a password legacy feature would hit up most of your concerns but for some of the more

again, out-of-the-box things that you can't put in a password manager, you might have to just find someone you really, really, really trust, I think. Yeah, trust is very important as well. I agree with that 800%. Also for starters as well, if you're technically competent enough to code something, you could code a dead man switch if that's more up your alley.

I think it's pretty easy to do so. I think you just send an email automatically when you haven't responded and haven't clicked the button in, let's say, seven days or so. And that's pretty much a more custom, self-made feature. things if you have like content or password secrets that isn't necessarily protected by a traditional password manager such as for example your login to your pc right so

I think that's something to keep in mind as well. This is something you can easily do yourself. There are a lot of services to do online. You can just do it automatically for you. You can program it. It's pretty easy. But yeah, I'd say I agree with you 100%. The other things he mentioned, though, about keeping your legacy, when if you pass away. I just want to address real quick a couple comments in the live chat. One person said, can you not just write it in your will? You could.

But that assumes that you pay a lawyer to hold onto your will, because otherwise, if you just got your will in the closet, what stops somebody from going through that would be my argument. And Resplendent said, what about using keypass XC with sync thing? Yeah, but that doesn't have like a legacy feature. So they would still need to know how to get into your keypass in the first place, at which point, again, you're just trusting them not to.

Which, again, if you trust them that much, that's fine. Also, real quick, Lucas said, how would a company know if you're dead? That's the point. The person has to request access, and then it's on you. They send you an email that's like, hey, this person requested access, and you have to...

reject that you have to actively reject it otherwise in seven days or however many days it automatically gives them access because it assumes that you're dead it's i i fully accept it's probably not a perfect system there's probably ways to game it but i i mean I think it's the best I can come up with personally. Yeah, maybe like don't be in a coma, I guess. That's the best solution we have.

Same thing. If I'm in a coma, like my wife still needs to pay the rent and pay the bills and get into the bank account, which I mean, she has access to the bank account. She should have access to all this stuff, but you know what I mean? Like, yeah, it's functionally. It's the same thing I would argue.

Yeah, yeah, true, true. Yeah, I forgot about that completely. But yeah, let's go on to the second question by Tropics. If age verification laws pass all across the world tomorrow, what would you do? Ultimately, I'll be using it unless...

i'm already doing this with the incentivization of the internet i'm going back to analog devices really helps keep me sane such as reading more books and journaling um if they do pass unfortunately uh there's something called uh you know getting having a job and just accident it normally as required of as a university student and i feel like i don't know if something like linkedin ever like requires a certification mandate i think i'm gonna have to follow it unfortunately

But I feel like for other services that do require a gentrification button as important, such as Spotify, for example, or YouTube, I will definitely be circumventing that. Trust me. I do not care enough about YouTube or Spotify or whatever. warrant like giving my id you know it's it's annoying you know like i'd rather just like you know do some weird funky work around using a front end or something rather than just do that but yeah i guess this is my opinion though i just personally like

will need to use these services, unfortunately. But hey, you know what, Nate? Sometimes you can't avoid that. But the best solution is just not have these laws in the first place, right? Yeah, definitely. I don't know what I would do, honestly. I think it would depend on... I think my first instinct would be wait and see because I think most of the services I don't use...

I wouldn't really like need desperately. So I can kind of afford to wait and see what happens in the sense of like, you mentioned like I would be using workarounds. Okay, but what workarounds? Like what would we use? And I think it also depends like age verification. I think it's such a broad term. Like, what do we mean when we say age? Like, are we talking about like, okay, things that have more than 33% adult content or whatever, like the current.

oh, there's been so many of these crappy laws. I can't even remember which one that was. But one of them proposed that standard. That may have been state laws for porn. And so in those cases, do those count as... Like, is it just those websites? In which case, honestly, I can probably live without most of them as far as I know. So I, yeah, I'd probably just stop using those ones. Is it like the entire internet?

Well, then truthfully, I don't know how I'm going to find out what the workarounds are without something like YouTube. Does that apply to Signal? These are the things we talked about in the interview with Taylor Lorenz. I don't know. It really depends on how extreme it would be.

Signal, I'm fully enmeshed in. I don't know if I can find a way around it. Again, if I just stop using Signal, will that apply to SMS? Do I have to verify my age on my phone? It really depends. I'm overthinking this, I know.

Um, yeah, I think, uh, ideally what I would try to do is I would try to wait and see, I would try to like hang back, give it time for people to say, Oh, this is like for the word to get around. Like, Oh, this is a workaround. This is a workaround. And I would try to find those workarounds personally.

Cause yeah, I don't think the vast majority of services, I really just don't trust. I just don't, I don't trust them to implement this in a way that is safe and reasonable where they're not being overly invasive. So yeah. yeah i just i feel like at the end of the day um like with these services like it just depends entirely on you know

Do you really need this? Can we exclude it? Let's have some form of digital minimalism out there. And I think it's nice to see this user try to not necessarily use the internet all the time. And I think that's something that I do want to do or strive to be in the future.

and i honestly applaud you for i'm trying to do that uh yourself out of tropics um but yeah i think like this next question is more up your valley nate like as a self-host i just i think did they want to use stalwart i'm not familiar with that I'm not either, but the actual question, which unfortunately I don't, well, I don't think I have an answer. You say, is it possible to see the domains associated with that mail server? So like, I'm assuming stalwart is maybe like one of those.

helps you set it up on a VPS or maybe a VPS provider. So you say it's possible to see what mail server domain is using by checking the MX records, but I wonder if it's possible to build a profile of someone by checking a domain pointed to the mail server. So in other words, like...

if I understand this correctly, if I'm using, I don't know, Namecheap, if I'm using Namecheap for my mail, you can look up, you know, what is my email? Nate at privacyguides.org, I think. You can look that up and see, you know. who the email provider is, but can you look up Namecheap and see everybody who's using Namecheap as an email provider? My gut, I don't know, for the record.

But my gut tells me it's technologically possible, but I don't know if anybody's built a service that does that. And I also feel like that's probably not a very scalable service, if we're honest, because the vast majority of people are probably going to be using.

a major provider of some kind. So it's kind of like not really a one-to-one, but I made the argument one time in a blog post that a lot of people... are uncomfortable with the idea of like using a custom domain for email because they're like, oh, but what if I'm tracked via that domain?

And my argument is so many people are using Gmail that tracking at the domain level, I don't think makes sense. If we're talking automated, if we're talking like the NSA is going to sit down and look at every single data breach and go, oh, this one custom domain pops up in all these locations. It's probably the same person. Yes, that's different.

But if we're talking about automated scanning and stuff, I think so many people are using like Gmail, for example. I think they have like 80% of the email market share that it doesn't make sense to be like, oh, this person's using Gmail.

we're going to single out on that. They're going to look for that same email address, the entire address. So theoretically, if you have a custom domain with like simple login and you're using a different email everywhere, even though it's the same custom domain, I don't think you're going to be tracked.

Going back to this, if so many, like if everybody or like 80% of people are using the same handful of providers, I kind of don't see how effective that would be in terms of like, there'd just be too much noise to sift through, I feel like. Unless I'm misunderstanding this question. But again, I don't know for sure. That's just like logically, that's what my brain is kind of going. Yeah. As someone who has no experience of hosting emails, I do say like...

You know like if you do like mistrust any service Make sure to definitely like interact with the community that you know Have used something like Star Wars for example. Maybe they may know more exactly than you know us, but um

Honestly, though, feel free to ask this question on the forum itself. Maybe there are people in our community that have used that word and could actually help you learn whether or not, hey, this is actually a genuine threat model for me or not. Maybe that'll be more helpful for you. But yeah, like, Nate, I think, like, I want to quickly look through our YouTube chat for any other questions. I just wonder if anything that pops up to you.

No, I haven't seen any new ones popped in. We did, I mean, there were some comments when we were talking about the password manager thing, but we just, yeah, Lucas Traumann here did say, plan A, don't die, which, you know, I mean. yeah uh my my dark joke i like to make is i don't know man i read the news but um jokes aside yeah it's a it is important to think about that stuff so

And I guess we'll say this one real quick. You also said, if they're going to force me to use age verification, they should at least create a confirmation platform that doesn't share my personal information and makes the government take responsibility. Not to get too off topic, but this is...

This is an argument I make about this identity verification stuff is I would argue, and again, I'm not a tech expert in terms of code and stuff. So if I'm wrong, feel free to tell me why. But in my brain, I feel like it should be possible to create. a private identity verification. It should be possible to make an app that when you go to an adult website, for example, all it gives is a yes or no. Is this person over 18?

Yes. Let them in. No, don't let them in. Like it should be that. And for the record, I realized this is so not going to solve problems. This is the same thing as like. Oh, you need a credit card to verify your age. Okay, cool. The kid will just go steal their parents' credit card or whatever. Or I had a card when I was 16, so it really doesn't mean anything. But my point is I feel like there is a way.

that it is technologically possible to do it. And maybe all the data is stored on device. So there's no server leaking all of this crap. But... Companies don't do it because there's no incentive. Companies are not incentivized to make this app. They're incentivized to make the app where they control the data. There's vendor lock-in. They sell the data to advertisers out the door on the back because that's what they all do.

they get that extra side income by selling to targeted advertisers. And there's no privacy laws in the US, so therefore it doesn't matter. They can do whatever they want. And yeah, it's like- It's technologically possible, I think. And that's what frustrates me is with these age verification laws, or again, identity verification, is we could have a world where, again, I don't think it's going to solve every problem, but it's like, okay, fine. We can...

take steps to solve this problem in a privacy-preserving way, but that effort is not being made in any way, shape, or form. And it frustrates me. Yeah, and even if there's like a centralized, you know, like government, like, you know.

system of which, okay, just connect to the government, you know, like, you know, system to like, you know, conduct a jurisdiction. Do we really want to normalize that? Just to use access to basic services? Like, we don't want that, you know? And... even if we do have on-device verification i think a lot of us were really excited when like um i believe the us started like kind of like testing out and accepting like digital passports uh because you know it's like basically a way for these

potentially a proof of concept for on-device verification right but it's kind of like other countries already implemented very similar things but there's still so much fragmentation out there you know um so i'm just like worried

We're rushing out these laws, but we don't have a mature process for either on-device verification or a centralized gateway platform to actually handle this securely. And so what actually happens by default is... different identification identification companies such as some i forgot i can't remember like octo for example or um you probably know more than i do like they just like collect all your id cards and they just

you know, store it somewhere and just waiting for a breach to happen. So it's just right now, these companies already exist and they are already like using your IDs and storing them. And I'm just... It's just sad to see that we're just rushing out solutions to problems so actually having the ability to actually support them in a secure way. Yeah.

Yeah. And for the record, I want to address Jonah just said in the chat, he's like, this type of age verification is still not a good idea. I agree. I do want to make it clear. Like, I'm not saying like.

I want to see this. I'm just saying like, it's one of those things where it's like, if you're going to roll this out, you could at least make an argument for something that's more privacy preserving, but you know, it's, and I still wouldn't be in favor of it. I, like I said, there's still tons of holes in this. Like what's to stop.

a kid from taking my phone, especially me, I have literally like four phones next to me right now. So like what, if I had kids, what's to stop my kid from swiping one of the phones I don't use very often where I'm not going to notice this, like my iPhone, for example. You know, what's to stop like a kid from hacking? I don't know.

There's definitely ways to work around it. It's not really a foolproof thing, so I don't think it's the right solution. I'm just saying like, yeah, I agree. In theory, it's totally possible. It's just, yeah, it's ridiculous. I just feel like it's harder for no reason. Trying to jam through solutions that just ends up making me not be able to use my phone the way I want it to be. Whatever. So annoying.

they're just looking, they're looking for the easy button. They just want this easy. Like everybody just wants something easy. And I get that. Like it's human nature. We want a good guy in about, I think I said this last week.

We want a good guy and a bad guy. We want like a yes or no. We want these very simple, like, you know, the samurai wallet story we covered earlier. Like it's really easy to buy into that narrative of like, oh, these guys did nothing wrong and they're being totally screwed over. But.

it's it's a very nuanced thing unfortunately life very rarely has a black and white yes or no easy good guy bad guy like it's usually some kind of gray area in the middle so yeah yeah we can't really like decide that you know i think at the end of the day um i wish nuance was some more popular trend across the world but unfortunately that is not the case and when people are lazy at a job digital results and consequences start just harm us all you know but um

Yeah, there is something that is black and white, which is supporting privacy guides. Because I heard that right now it's 7.17, which is a record, I feel. Wow. Time flies, you know? So I think, you know...

I think we're probably going to end the show right now, given the time. Give Nate some time back. All the updates from this week in privacy, we shared here on the vlog every week. So subscribe with your favorite RSS reader if you want to stay tuned. However... where people prefer audio, we're going to be trying a podcast-style recording of these updates every week, live-streamed on our YouTube channel.

PrivacyGuys is an impartial, non-profit organization that's focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, then you can make a donation on our website at

www.privacyguides.org. To make a donation, click the red heart icon located on the top right corner of the page. You can contribute using standard fiat currency via debit or credit card, or opt in to donate anonymously using Monero. not a mixer, or with your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the This Week in Privacy livestream Q&A.

You also get a cool badge on your profile in your privacy guys forum and a warm, fuzzy feeling of supporting independent media. Thank you so much, guys. It's been a wonderful night, rather long night, but have a safe holidays and safe travels if you're going home. Bye bro.