Apple's Lockdown Mode Blocked the FBI?

Welcome back to This Week in Privacy,

our weekly series where we discuss the

latest updates with what we're working on

within the Privacy Guides community and

this week's top stories in the data

privacy and cybersecurity space,

including how lockdown mode thwarted

forensics tools,

Windows reconsidering their AI tools,

and more.

I am Nate,

and joining me this week is Jordan.

How are you doing, Jordan?

I'm good, thanks.

Happy to be here again,

returning on the podcast.

It's good to be back.

Yeah, it's been a minute.

Glad to have you back.

It's exciting.

Yes, a very exciting week this week.

Indeed.

Real quick, for those who don't know,

Privacy Guides is a nonprofit which

researches and shares privacy-related

information and facilitates a community on

our forum and matrix where people can ask

questions and get advice about staying

private online and preserving their

digital rights.

This week,

we are jumping straight into the news and

we're jumping straight in with a story

about how the FBI could not get into

a Washington Post reporter's phone because

of lockdown mode.

Um, so this story is admittedly not super,

super detailed.

Um, I mean,

I guess it's about as detailed as one

would expect, but, uh, let's see, where's,

oh, my screen popped off the stage.

Sorry about that.

Y'all let me go ahead and add that

back real quick.

Uh, shoot.

Hold on.

I think I'm hitting the wrong button

twice.

Yeah.

Okay.

There we go.

Got it.

Okay.

So this story comes from four Oh four

media.

Let me scroll up to the top here.

And, um,

You know, the title, like I said,

the title really says it all.

So the FBI did have a warrant.

That's a nice change of pace here.

The FBI had a warrant and they went

to a Washington Post reporter's home and

seized a bunch of devices.

And specifically,

they say that when they plugged in the

iPhone to their forensics tool to try and

extract information, they couldn't.

There's some interesting stuff here that

we talked about behind the scenes this

week and we were trying to figure out.

They said there was a notification on the

device's home screen that specifically

said it's in lockdown mode.

And those of us here at Privacy Guides

that have iPhones,

we were kind of playing around with it

and turning on lockdown mode and plugging

it in and trying to like,

can we recreate this?

Because I've never heard of that.

And as far as I know,

none of us were able to recreate that.

So we think this may have been a...

This may be or I think this may

be like something specific to that tool.

Like maybe when you plug this thing into

the forensics tool, it pops up and like,

oh, lockdown mode is enabled or something.

But yeah.

And then here's like a little screenshot

for video viewers.

Here's a little screenshot of the warrant

that or the court record that says that

they were unable to get it.

So.

I guess just to kind of round out

this story,

there is kind of some bad news,

which is that they were still able to

get the information because they had the

reporter access her MacBook.

And specifically...

This is interesting.

They told her to use Touch ID.

They asked her for a Touch ID or

a password, which, for the record,

I have it on good authority from a

lawyer.

You don't ever have to hand over your

password.

That is a violation of, I believe,

the First and Fifth Amendment here in the

U.S.,

But Touch ID, they can do.

They can make you unlock the device or

enter biometrics.

You just never have to specifically hand

over your password.

She said that she does not use biometrics,

but investigators told her to try anyways.

And they say when she applied her index

finger to the fingerprint reader,

the laptop unlocked.

And then they were able to, excuse me,

it says they have not yet obtained a

full image.

But they did take photos and audio

recordings of conversations stored in

Signal.

So a lot of lessons to learn here.

And I do wonder,

not to be a judge or anything,

but that's really not going to go over

well that she's like, oh,

I don't use biometrics.

They're like, we'll do it anyways.

And then it worked.

So, you know,

is that going to be like,

who's that New York mayor that was like,

oh, I lost my phone.

And it's like, yeah, sure you did, buddy.

Anyways.

So this is a man.

There's so many things to take away from

this story.

First of all, I guess to address the

I don't want to say elephant in the

room, but to address the headline,

these stories are useful because iPhone is

closed source, right?

And I think it's really cool to get

this kind of insight and confirmation that

things like lockdown mode do work and they

do provide that benefit that we're

trusting them to provide.

And

I know that in a perfect world we

would use something open source,

but I don't know.

The point I'm getting at is regardless,

it's still good to know that these things

work,

and it's good to have this kind of

third-party confirmation,

even if it's kind of unfortunate that it

has to come that way.

And the other thing that really jumped out

at me is,

like I said at the end there,

they were still able to access Signal

because her device was unlocked.

And I think that's a really important

thing to talk about because a lot of

the time we see this –

abused in the news or twisted in the

news where they're like, oh, my God,

they access this person's signal.

And it's like, well, yeah,

if the device is unlocked,

of course they did.

So these tools,

all tools have limitations, right?

There is no perfect tool out there.

But it's important that we take it.

First of all,

it's important that we know that.

So if you send anything, you know,

I've said in the past on other recordings

that anything you put in a digital format,

you should be prepared for the possibility

that

It may end up in a data breach

or something like that.

So keep that in mind.

But also,

it's important to enable things like

disappearing messages to keep in mind that

there's only so much we can do from

the endpoint itself.

So I think those were kind of my

takeaways from this story.

Jordan,

did you have an opportunity to read this

story?

And did you have any thoughts on it?

Yes, definitely.

Uh, it's good coverage there from, uh,

from you just there.

But I think that, uh,

one thing that was quite interesting about

this story is, um, the, uh,

four or four media article kind of goes

into, uh, some,

some more detail about the reason why,

like,

I think we should talk a little bit

about why lockdown mode is kind of able

to thought these sort of, uh,

police forensic tools, um,

And one of the most important things that

the lockdown mode actually does is it

disables the device connections.

So if you connect your iPhone or iPad

to a computer,

the device needs to be unlocked.

So without lockdown mode enabled,

sometimes it can actually automatically

connect to a computer without explicit

approval.

So...

that can allow mobile forensic tools like

GreyKey and Cellebrite,

which is like the common police forensic

tools to basically be able to extract

information from the device.

And we've seen this as well with Graphene

OS,

they have a similar setting in the

settings where you can control the USB

connection and allow, you know,

change the options that are required if

you connect the device to another

computer, right?

And as you can see on the screen,

Nate's brought this up here.

It's the Apple support page about like the

specifics of lockdown mode.

And another thing that these forensic

tools do is they often utilize

vulnerabilities in, you know,

software and hardware and with lockdown

mode enabled it kind of protects you in

on both fronts right because it stops the

device connections which can sometimes be

uh exploited with vulnerabilities and also

it disables a lot of these you know

quality of life features but ones that are

often used in exploits and vulnerabilities

such as like you know complex web browsing

uh

um like tools are disabled in this case

it says certain complex web technologies

are blocked which might cause some

websites to load more slowly or operate uh

correctly so you know as well as you

know some it disables some of the apple

services as well so i think this is

quite an interesting story to see that uh

lockdown mode actually did provide quite a

benefit to someone,

especially in like quite a vulnerable

position.

It's good to always see that this tool

that Apple has put out is actually helping

journalists in the field.

But it is another thing that's kind of

a bit of an unfortunate thing with this

case that

Nate kind of talked about was that they

were kind of able to bypass the entire

process because she had her MacBook with a

Touch ID.

And I think it'd be really good if

you could, Nate,

if you could elaborate a little bit.

You said there was laws around the First

and Fifth Amendment.

Could you maybe go into what exactly that

means and why Touch ID can kind of

bypass that?

Yeah.

Yeah.

Real quick.

Thank you for mentioning graphene because

officially privacy guides are our top

recommendation for a phone will always be

a graphene phone because it really does

have the best privacy, the best security.

But there's lots of reasons people may

want to use an iPhone.

Like there are some countries where pixels

are not available and things like that.

But yeah,

graphene has some very granular controls

over the USB port.

uh, port, but yeah, the,

so the first and fifth amendment here in

the U S, um, the first,

the first ten, I believe it is.

It's been a while since I was in

school.

Um,

the first ten amendments in the U S

constitution are called the bill of

rights.

And they were,

I think the first ten that like existed

when the country,

when the U S was founded.

And, uh,

The first specifically is – I mean a

lot of them have multiple parts,

but the first mostly pertains to freedom

of speech.

The government is not allowed to infringe

on your freedom of speech or your freedom

of expression,

your freedom to lobby the government for

complaints, things like that.

And then the Fifth Amendment is the one

that protects against self-incrimination.

So for example,

if any of you have ever watched a

cop show that's set here in the US,

which I'm sure is most of them,

the Fifth Amendment is the one that when

people say, I plead the Fifth,

I'm not going to talk.

What's the word?

I invoke my right against

self-incrimination, whatever.

There's a million ways to put it.

But

basically the reason that this passwords

and stuff like that fall under this is

because first of all,

they can't force you to give up your

password because that one,

and that's the one I'm not sure of,

but I feel like I read this somewhere

that would fall under free speech.

Like they're kind of forcing you what to

say,

but it definitely falls under the fifth

amendment because you have a right,

whether you're guilty or innocent,

you have a right to not give,

incriminate yourself um that's kind of the

way the u.s justice system the u.s justice

system is supposed to work is it's

supposed to be that and i don't want

to get too far off topic but on

paper the way it's supposed to work is

that the defense is supposed to prove that

you are not guilty no matter what and

the prosecution is supposed to find the

truth whether that's you're guilty or

you're not um which is a subtle but

distinct thing anyways so yeah there's

this protection against

Admitting and confessing if you don't want

to.

I mean, obviously, if you want to confess,

you can confess.

Nobody's going to stop you.

But yeah,

so it falls under that because giving up

your passwords could incriminate you.

And therefore,

you are not required to do it.

But like you said, there's workarounds.

Biometrics...

I want to say is a gray area.

I could be wrong about that because, well,

real quick,

let me say I know for sure that

you can be ordered to unlock a device,

whether that's putting in the password and

then handing it over,

scanning your fingerprint, whatever.

That is something the court can force you

to do.

Biometrics,

I've heard conflicting reports,

and a lot of these – we talked

about this last year with the person who

was charged for wiping their phone,

which was also a four-oh-four story.

Phones and biometrics and things are

really in a gray area right now legally

in the US because some courts have ruled

that you need a warrant to search phones,

and other courts have ruled, no,

you don't.

And they're kind of at odds,

and we're kind of waiting for the Supreme

Court to weigh in and settle the matter

once and for all.

And yeah,

biometrics kind of fall under that

category of even if you do need a

warrant or whatever,

it would still be something that they can

force you to unlock the device because it

doesn't really fall under those those same

purviews of like against

self-incrimination and stuff.

It's.

Yeah,

it's a fun gray area right now in

the US.

Right, yeah.

It is kind of, it's definitely tricky,

especially for me as someone who's outside

the US seeing what's going on.

It is kind of hard to follow some

discussions around it.

So it's good that you kind of explained

the situation.

But I think another important thing about

this story that you kind of touched on

a little bit when you were doing the

initial coverage here was that when they

were able to unlock the device,

the MacBook in this case,

there was actually a signal application on

the MacBook and they were able to take

evidence from that signal application on

that MacBook.

And I think that's like a really important

thing that we need to discuss because I

think people need to be careful about

using Signal desktop applications because

of this instance, right?

Desktop computers have less security

protections than a mobile device.

And in this case, it's...

less of a security issue,

more of just like an unfortunate

circumstance where someone had biometrics

enabled, but it does kind of show that,

you know,

your security is only as secure as your

weakest link, right?

As soon as you have one link that

breaks your entire signal history is going

to be available to whoever's trying to

attack the device.

So I thought that was quite an interesting

part of the story actually.

Yeah, definitely.

It's... Yeah, and it's...

You're definitely a hundred percent right.

Like I heard...

I forget who it was,

but somebody on Firewall's Don't Stop

Dragons was talking about...

Phones are almost like,

from a security perspective,

it's almost like we took all the lessons

that we learned from computers and

integrated them into smartphones.

So smartphones are, for example,

smartphones rarely have their updates mess

up.

I'm going to take a fun little pot

shot at Windows here.

When I bought my first Windows eight

computer...

brand new fresh out of the box i

opened it i booted it up and it

failed to install and had to reboot and

it got it on the second try but

uh i've never seen anything like that

happen with a phone right like phones

almost never don't update and they have

significantly better security all around

um you know they they have better

sandboxing and all kinds of stuff i'm not

really an expert on phones but i know

they're significantly more secure but even

so yeah i think i think the

I think it just kind of goes back

to not just the security,

because there's so many aspects of it.

That certainly is a good point,

that desktop devices are generally less

secure,

but also just being mindful of

you know, backups, right?

Like backups are a good thing to have,

especially in the privacy community.

We're really big fans of not using the

cloud, generally speaking.

And it's like, okay, that's great.

But what happens if, you know,

there's a house fire or you're, you know,

there's a flood or anything.

What happens if you get robbed?

You know,

especially like I need to buy a new

one.

I used to have a little external portable

hard drive that was my backup drive.

And the first thing I did was encrypt

it because I knew I'm like,

if somebody breaks in,

they can grab that right off the desk

and go.

Like there's no friction to stealing that

at all.

So yeah, just keeping in mind every,

again, all the end points.

And we talk about that,

I think in the privacy community,

we think about that a lot in terms

of,

the far end,

like I see a lot of people who

criticize encrypted email because they're

like, oh,

most people don't use encrypted email.

So, you know,

it might be encrypted while it's in your

inbox,

but it's still unencrypted in their inbox.

And which is a valid but different

argument.

But the point is, like,

we don't always think about it in the

context of, OK,

but now there's a second copy of your

data on your end of things sitting on

that external hard drive on the desk or

sitting on that computer desk.

you know,

synced up through Signal or whatever

that's less secure.

Or, you know,

some people run a NAS and they use,

what is it,

like SyncThing to sync their data.

And it's like, okay,

now you've got this constantly running,

twenty-four-seven device sitting in the

corner that's syncing all your calendar,

your contacts, your data.

So, yeah, it's really important to,

when you do that threat modeling and you

start building your

your security posture,

I guess we'll call it.

It's important to have that moment where

you stop and think about every step of

the chain.

You know,

what happens if this gets compromised?

If this threat happens, break-in, flood,

you know, it's, yeah.

I mean,

it's really important to think about that

whole picture and not just think like,

okay, I'm using Signal, I'm good.

Yeah, definitely.

Your security needs to be like...

very,

your plan needs to be very clear and

multi-layered.

But I think another thing that's also kind

of important in this story is the person

that had the iPhone seized,

it was actually only an iPhone XIII,

which isn't, you know,

one of the latest generations of iPhones

that has more of those hardware security

features like the iPhone XII,

which has

mte memory tagging enforcement so it's

interesting that even an iphone with

lockdown mode enabled was able to block

these sort of forensic tools um which i

think kind of shows the power of this

of lockdown mode itself actually um

because you would expect an older device

is probably more likely to be exploited

because of its age, right?

Through hardware vulnerabilities and stuff

like that.

And because it doesn't have that updated

hardware, it's kind of surprising.

So that was another thing that was quite

surprising to me in this story.

Yeah, I think I missed that part.

Thank you for bringing that up.

I did see people mention that.

Now that you mentioned it,

I saw people talking about an iPhone XIII

with lockdown mode, but for some reason,

my brain didn't make the connection.

Obviously,

we're always going to encourage people to

do the best they can and use the

latest devices and the best security

measures,

but I think that also I would like

to use that as an opportunity to remind

people that

there's a lot of factors that go into

security.

Cause I know there's some people that

maybe can't afford like a brand new device

or, uh, you know,

for a lot of reasons,

like environmentalism,

like I don't want to throw out this

perfectly good iPhone.

Um,

I don't know if the iPhone is still

getting updates, but I assume so if,

if lockdown would work, but, uh, you know,

my point being like,

I'm one of those people,

like I have a pixel six a,

and I plan on using it probably until

next year when it stops getting updates.

And you know, it's,

when that happens,

I want to get the latest pixel so

I can get all these nice hardware

features.

But I think that's just what I'm getting

at is that's,

that's part of threat modeling as well is

like, will this meet my needs?

Will it is, is this,

am I doing enough to protect myself?

And I think sometimes we can feel like

we always have to do more because privacy,

there's always more to do in privacy.

There's, there's always new, new tools,

new ways to improve your privacy and,

unfortunately, new threats popping up.

But you know, that's,

that's one of the reasons that we do

threat modeling is to try and make sure

that we are hitting those goals,

we are doing what we need to to

protect our data.

And

Yeah,

I guess what I'm getting at is as

long as you're fulfilling your threat

model,

it's okay to give yourself some grace if

you're not going as hardcore as you would

like to.

Keep going, keep trying to get there,

but as long as you are meeting your

threat model.

And that doesn't necessarily mean you have

to run out and buy the latest thing

because now it's got this new hardware

feature, but try to if you can.

Again, I want to reiterate that,

but this is why threat modeling works.

Exactly, yeah.

And on the topic of protecting your data,

let's head into this new story here.

And this is Notepad++ update feature

hijacked by Chinese state hackers for

months.

So Chinese state-sponsored threat actors

were likely behind the hijacking of

Notepad++ update traffic last year that

lasted for almost half a year.

The developer states in an official

announcement today.

So that's quoting from the bleeping

computer article here.

A statement from the hosting provider for

the update feature explains that the logs

indicate that the hacker compromised the

server with Notepad++ update application.

External security experts helping with the

investigation found that the attack

started in June of twenty twenty five.

So I guess for anyone who's not on

the

who doesn't use Windows,

Notepad++ is basically an advanced version

of Notepad that has a lot of the

features that you would expect in,

you know,

advanced note-taking applications like

syntax highlighting and such,

so it definitely builds upon the Notepad

like piece of software that's available in

windows.

It's basically like a fully featured

alternative to that.

And it's actually extremely popular.

So that's why it's extremely concerning

that the update feature has been hijacked

by Chinese state hackers.

And just quoting from the article again

here,

the attackers specifically targeted

notepad++ domains with the goal of

exploiting insufficient update

verification controls that existed in

older versions of notepad++.

So basically in December,

Notepad++ released version eight point

eight point nine,

which addressed a security weakness in its

Win GUP update tool after multiple

researchers reported the updater would

receive malicious packages instead of

legitimate ones.

And there was a great post on Mastodon

that I saw by security researcher Kevin

Beaumont,

where he warned that at least three

organizations were affected by these

update hijacks.

which were followed by hands-on

reconnaissance activity on the network.

So yeah,

this is kind of a pretty concerning story,

especially because it's such a popular

piece of software.

Like a lot of people on windows that

are editing text files will be using this

software.

So it is kind of concerning,

but just handing it off to you here,

Nate, what are your thoughts so far?

Yeah, I will admit,

I use Notepad++ on Windows.

So that was a fun headline to read.

I think I say this partially to make

myself feel better.

One thing to note in the article is

it does mention that this attack was very

targeted in that the attackers very likely

only targeted specific users of Notepad++.

so probably hopefully not me but they

could have just as easily targeted me

right um and actually real quick on that

note i think here at the bottom of

this article yeah um there's some links

they talk about this group called rapid

seven that did research on this and they

released an analysis a technical analysis

of the malware and they do include um

how to check and see if you were

compromised i i believe they concluded a

What is it?

Caches of specific files, basically,

that you can check and see if you

have the right file or a compromised file.

So if you are worried that you may

be impacted by this, first of all,

go ahead and update to the latest one

because hopefully that should fix it and

close off access.

But also you can double check that to

see.

But yeah, it's really not a good feeling.

And it's really unfortunate because...

Notepad++ kind of checks all the boxes

that we would normally advertise for a

good privacy tool, right?

I mean, it's open source.

As far as I know, it's offline.

I'm sure it pings for updates and stuff,

but it's not a cloud-based notepad.

It's...

It's very actively maintained.

The developer is very active.

But it just... This happened.

And it's really frustrating because I was

sitting here when I was reading this story

and I was taking notes for the show.

I was thinking to myself,

what's the lesson here?

Because normally the lesson is try to

stick to open source or try to make

sure you only get it from official

sources.

But when there's a supply chain attack

like this, they're really...

of just not what you can do i

guess so yeah i don't know this this

is a really unfortunate story i think my

takeaway is and i know i already said

this in the last story but just to

to remember that um

I mean,

nothing is unhackable and it's important

to be aware that anything you put in

a digital format.

And this is actually one of the things

I like about notepad is you don't even

have to save it.

Like I have literally like seven open

notes that I haven't saved for weeks and

I should really do something with them.

But you know,

that's one of the things is it'll like

hold onto those notes, um,

without having to save them.

And so even if you don't save it,

if it's any,

any kind of a digital format, it's,

it's at risk.

And I hate to say that cause that

feels like paranoia, but, um,

Yeah, that's kind of, I don't know,

is there any better lesson that you took

away from this one or?

Yeah,

I think this is kind of an unfortunate

circumstance, right?

But I think it does need to be

said that, you know,

open source tools are just as vulnerable

to being exploited by these sort of things

as closed source ones.

You know,

just because a tool is open source doesn't

technically mean that this wouldn't have

happened or this would have happened,

right?

So I think that's one thing to consider,

but I think when it comes to note

taking tools and such,

I think it's important to use tools that

have been independently verified, right?

So if a security researcher had done an

audit on this piece of software,

for example,

I think it would have been pretty obvious

that this was a mistake in the update

process, right?

Any security researcher that would have

had an eye over this,

would have noticed this.

So, you know, I think it's

unfortunate,

but I think there's things you can do

to make sure that the software you're

using isn't, uh,

doesn't contain easily exploitable stuff

like this.

So, you know, with privacy guides, we,

a lot of times we require independent

verification by security researchers, um,

or like a security firm,

such as like cure or other ones.

Um, so that is,

that is something you can do to try

and mitigate some of these concerns.

But in that case as well, it is,

you know,

Things get missed.

Not every single piece of software is

infallible.

And I think, yeah,

someone in the chat said,

JS said a secure OS could help a

lot.

Yeah, exactly.

So if you have an operating system that

has more control over the sandboxing of

applications, for example,

I'm sure Nate would like to talk about

cubes,

but there's all sorts of things you can

do on Mac OS and Windows even has

some sandboxing capabilities.

So I think that is another important thing

that people need to think about, right?

Having adequate security protections and

sandboxing and separating tasks into

separate areas can definitely reduce the

damage of an attack because in all

circumstances, it's possible.

Every piece of software can be exploited.

So trying to reduce the damage that can

happen is definitely a good step in the

right direction.

Yeah, I'm glad you mentioned audits,

because that did completely slip my mind,

because audits are really good.

And I do want to point out that

audits, and you did kind of mention this,

things can still slip through the cracks,

because audits are a snapshot of code at

a specific point in time.

So it's entirely possible that Notepad++

could have been audited in June,

or let's say May,

And then this happened like the following

month and there's really nothing to

protect against that.

But another thing,

another advantage of audits is that they

tend to show that an organization is

really serious about their security and

securing their supply chain and stuff like

that.

And, um,

Again,

I want to point out like audits are

also really expensive.

So just because a company doesn't get an

audit doesn't mean that they're not safe

or they're not taking it seriously,

especially if it's like a really hobbyist

project.

Like I think notepad plus plus,

if I remember correctly is donation only.

So they probably don't have thousands of

dollars to invite cure fifty three to come

in and look at their code.

But for those organizations that do have

that kind of money, like Proton, Moldad,

IVPN, I know there's plenty of others,

but

signal.

When they bring in auditors and have them

look at their code and they have that

kind of resource, it shows that, again,

like you said,

things can slip through the cracks,

but it's a really good sign because it

means that they probably have a culture of

security and it's less likely for bad

things to happen.

So yeah, I'm glad you brought that up.

Um, and yeah, I mean, if you want,

I will say cubes or, you know, there's,

there's plenty of other ways to do this,

but, uh, yeah, I,

I am using cubes right now in front

of me for those who didn't know.

And, um,

that is one of the things I like

about it is the compartmentalization of,

I literally have a cube for privacy

guides.

I have a cube for my personal stuff.

I have a cube for banking.

And, uh, if,

if one of my software was to become

in, um,

I don't know why my brain refused to

pick a word there.

If one software I use became compromised

and impacted,

it would limit the damage to that specific

cube, which is still suck,

but at least it would limit the damage,

right?

So yeah,

compartmentalization and secure OSs and

things like that really do go a long

way.

All righty.

Before we move on to the next story,

we're going to pause here briefly to give

an update of what's been going on behind

the scenes at Privacy Guides.

Um, so yeah,

we're going to talk about Ram shortages

affecting the raspberry PI,

but first in case you guys didn't hear

our smartphone security course is now open

to the public or the first part of

it is.

So there's a,

there's three parts technically kind of

four,

cause we have like a little intro video.

And then from there,

it branches off into Android and iPhone,

and there's a beginner and intermediate

and an advanced level.

The beginner level is now open to the

public.

I will let Jordan talk about the

intermediate iOS video in a second.

But yeah, the beginner video focuses,

if you guys haven't seen it yet,

I do think it's on PureTube now.

I could be wrong about that,

but I'm pretty sure it is.

The beginner video focuses on things that

are really subtractive instead of additive

to make your phone more secure.

So things like removing apps you don't

use,

changing the settings and things like

that.

which I think should be doable for a

lot of people because even simple things

like downloading Signal or switching to

Brave or Firefox,

those are things that require people to

take action, right?

They require them to go download an app,

sign up for an account,

no matter how easy.

And I think some people...

I think it's a mental block that some

people have a hard time doing that.

And so the beginner level is things that

anybody can do anytime, right?

Like you're laying on the couch,

instead of doom scrolling,

start deleting apps and stuff like that.

So yeah,

I'm really excited that that's out to the

public now.

And I will turn it over to Jordan

real quick to give us some updates on

any upcoming videos if you'd like to,

or if you want to hold off on

that.

Yeah, thanks.

So I guess, yeah, like Nate said,

we've got the intermediate smartphone

security guides coming out soon,

and we've already got the Android version

done,

and the iOS one is pretty close as

well.

So I'm hoping possibly early next week we

can get that published for members.

And if you're a member,

you can get early access to videos,

just a reminder.

And that was sort of covering,

I guess I should say,

this whole smartphone security course has

been written by Nate and overall direction

by Nate here,

which I think he did a great job

with.

And I think it'll be really,

really useful to people.

We've already had the beginner ones

released to the public,

and we already had some really good

feedback on those videos.

And that's just the beginning.

So the intermediate ones dive more into

things that, you know,

are less to do with your device and

more to do with the services that you

use and the applications that you're

utilizing.

So for instance, you know,

moving to encrypted email providers

instead of using a plain text one like

Gmail.

I'm not going to give too much away

just because I don't want to spoil the

video.

But we also do go into some of

the things on Android,

such as alternative app stores.

So if you're interested in that sort of

thing,

you're not all the way into the advanced

area,

definitely look out for those videos next

week.

And we should have the advanced

series coming out shortly after that as

well because that's you know quite a bit

shorter than the intermediate ones and

Nate's kind of been on fire here he's

been like writing so many videos up and

sending the footage over to me so we've

also got another video in the works which

is the private messaging video which we're

working on there's also I guess we haven't

released have we released this yet

We're also working on a video about

private browsing.

I'm not sure if that's actually released

yet.

Is it, Nate?

That's a good question.

The wheels are turning.

I know because you've sent me the preview

versions,

but I don't know if we've published those

to members yet.

We're going to have to follow up on

that one.

I don't think we have.

All right, then.

I guess members, be ready for that.

That'll be coming out hopefully after the

stream if we can line everything up.

But that's also done.

So that was another video that Nate's

scripted and put together the footage and

recorded.

And that was another really interesting

video, I think,

which is going to be useful for people

to send to people that are stuck using

Chrome or that have misconceptions about

the private mode on Chrome because

it's called incognito mode,

but you're not really very incognito.

So I think that'll be an interesting video

for some people to send to their

relatives, family, friends, you know,

get people moving off Chrome.

I think it's one of the easiest things

you can get people to switch, you know,

instead of Chrome, use Firefox, you know,

instead of

using incognito mode,

you could use more bad browser instead.

And that's really a private way to browse

the internet.

So that's kind of what it's looking like.

We've got that look out for the private

messaging video.

That's what we'll be working on next week.

And yeah,

I guess I can throw it back to

you, Nate.

Is there any other things that we've been

working on this week?

I know we've got a few more news

articles coming out this weekend.

I, I tried really hard to,

Throughout the week,

I will collect news stories that I'm like,

oh,

this is important enough that I think we

should write a brief about it,

but it's not necessarily important enough

to put in the podcast.

And I keep telling myself every day,

I'm like, all right, just take, you know,

ten minutes, twenty minutes,

write up a little quick,

short thing about this.

And then for some reason,

by the time I get done with my

work for the day, I'm so tired.

So my point being, I end up, like,

stacking them all towards the end of the

week, and I really shouldn't do that.

But...

Yeah,

we do have a bunch of those coming

out, maybe half a dozen or so.

And some of those are from me,

some are from Freya,

who's one of our regular writers.

So I think that's about it.

Yeah, and just to real quick,

just to kind of address it,

some of these videos we're putting out

right now, I think are very entry level.

And I think they're really good for

sharing with your friends and family who

maybe are not as excited about privacy as

you are, or maybe...

I don't know.

I think most of you guys probably do

a really good job of like sharing the

stuff with your friends and family,

but I guess it's just something you can

share with people.

But the point I'm getting at is don't

worry.

We will still be doing plenty of like

really advanced, uh,

stuff in the future for, you know,

whatever your tech level is.

So if, if you're thinking like, man,

these are really entry level stuff,

it's honestly,

cause we kind of looked at our,

our library of content and went, Oh,

we haven't covered a lot of the really

basic stuff.

So that's kind of what we're doing.

And, um,

we're definitely going to get back into

other stuff as we go.

I think, um,

probably sooner than later here, actually,

probably after this next video,

I would imagine we'll maybe looking to do

in something a little bit more high level.

So

Yeah,

I think one other thing that I guess

we can touch on now,

which should be coming out at least I

would say in the next month or so,

we're working on another section of the

website.

So if anyone's...

I think people should kind of get hyped

for that.

There's been a lot of work behind the

scenes from Em who's been working a lot

on a separate section.

I don't think I'll go into too much

detail about it here because...

There's, you know,

it's still all being finalized,

but it's definitely being worked on.

And I think this is going to be

kind of a pretty big year for privacy

guides because we're expanding in so many

exciting ways.

So I'm really excited to see how that

pans out.

Yeah, definitely.

Em has been super,

super busy working on that.

And I...

I've seen the outlines of how that is

going to be structured,

but I haven't seen the...

What I'm trying to get at is I'm

excited to see it.

I think it's going to be awesome.

I know she's been working really hard on

it, and yeah, it's going to be great.

One more thing real quick before we jump

into the next story is JS left another

comment here about private browsing.

Said Brave has a pretty good strategy with

having ad block included.

Yeah, it's really...

Jonah and I touched on this in last

week's episode, but...

I think in my experience,

one of the best ways to try and

nudge people towards privacy tools is

rather than focusing on the privacy and

the security benefit,

treat that as like a bonus and focus

on how it makes their life easier.

Like I've had really good success with

getting people to try password managers

because I happen to be in the room

when they're trying to log into something

and they're like, oh my God,

what was my password for this website

again?

And I'm just like,

hey,

you want to know how to never forget

your password again?

And I run into those people six months

later and they're like, oh my God,

this is amazing.

How did I live without this?

So yeah, definitely.

I've gotten people to switch to Brave

doing that exact same thing.

I saw two people in a Discord room

I was in having a conversation where

they're like, oh my God,

the ads on this website are obnoxious.

I'm like, have you tried it in Brave?

And like, oh my God, Brave fixed it.

This is awesome.

So yeah,

that is one thing Brave has going for

it.

But I know there's probably ways to

recreate that in something like Firefox as

well.

So yeah, I just wanted to mention that.

Yeah,

it's kind of surprising to see what people

will put up with on the modern web,

like full-page ads,

auto-playing video ads.

Like, oh my goodness,

it's a wasteland out there.

Dude,

I had to turn it off on YouTube

the other day for something.

I can't remember what it was.

Oh, it was our intro video.

I wanted to make sure that the end

cards were, you know,

click here to go to Android,

click here to go to iOS.

Quick note for other Brave users.

And I wasn't seeing the end cards.

And I'm like,

did we not put end cards on there?

And so I turned off my Brave Shields.

I guess I had some optional thing turned

on that got rid of the end cards.

But while the Brave Shield was off,

there was literally like a one minute

pre-roll ad to start the video.

There was an ad on the side.

There was an ad below that.

There was an ad at the bottom of

the video.

I'm just like, oh my God,

how do people put up with this?

It's so bad.

Oh yeah.

So definitely,

I don't know how people live like that.

Speaking of bad things,

there is being an ongoing RAM crisis.

And I don't know if you've seen that,

but one of our previous team members,

Kevin,

he wrote an article about the whole RAM

crisis that's going on.

And unfortunately,

that has now started to affect Raspberry

Pi.

So Raspberry Pis have received another

price hike in the last two months.

And basically, the more RAM the board has,

the more its price is increasing.

So just quoting from this article here

from Ars Technica,

the ongoing AI-fueled shortages of memory

and storage chips has hit RAM kits and

SSDs for PC builders the fastest and

hardest,

meaning it's likely that for other

products that use these chips,

we'll be seeing price hikes for the entire

rest of the year, if not longer.

And the latest price hike news comes

courtesy of Raspberry Pi CEO

Eben Upton, sorry if I said that wrong,

who announced today that the company would

be raising prices on most of its single

board computers for the second time in two

months.

Prices are going up for all Raspberry Pi

four and Raspberry Pi five boards with two

gigabytes of or more of LPDDR four RAM,

including the compute module four and five

and the Raspberry Pi five hundred computer

inside a keyboard.

And the two gigabyte boards pricing will

go up by ten dollars.

Four gigabyte boards will go up by fifteen

dollars.

Eight gigabyte boards will go up by thirty

and sixteen gigabyte boards will increase

by a whopping sixty dollars.

So I'm kind of happy about this in

a very selfish way.

I actually bought a Raspberry Pi like two

months ago before the price hike.

So I'm kind of happy that I decided

to finally replace mine.

But what do you what do you think

about this?

Yeah,

I happen to have a couple of Raspberry

Pis sitting around at home that I'm

actually not using,

and I'm trying to figure out what to

do with them.

And pardon my technical difficulties while

I try to get my screen share back

up here.

But yeah, it's... I don't know.

It's really a bummer because the whole

selling point of the Raspberry Pi is that

they're so cheap, right?

And personal opinion, I think that's a...

I think that's slightly misleading to say

that they're so cheap because they do...

They're very cheap if you just want the

board.

But if you want the case that goes

over it and stuff like that,

I think it becomes a very different story

at that point.

I think the price does start to go

up significantly.

And maybe it's me because I have cats.

And I'm like,

the cat hair will get everywhere.

It will absolutely get all over the board

and everything.

But either way, they're very inexpensive.

And there's certainly...

In my opinion,

I don't think they make for good full

computers.

It's not like, oh,

I got this thirty dollar computer.

They're still definitely.

They're still definitely.

They're made for very specific tasks,

is what I'm trying to say.

They're really popular,

and this is why we're covering them.

They're really popular in the privacy

community for running like a single and

single member Mastodon instance or like a

simple next cloud instance or DNS,

you know,

to block ads and stuff at home.

Um,

ads and trackers and all kinds of stuff.

And so this to me.

Sorry, I know I'm rambling a little bit,

but this to me touches on a larger

issue that I've been trying to figure out

how to put into words and address for

several years now,

which is the idea of privacy as a

privilege.

Because it is really unfortunate when you

have to pay for privacy.

Like kind of going back to phones, right?

We talk about something like Graphene OS.

And Graphene OS is only available on a

Pixel,

which is a several hundred dollar phone.

which is still cheaper than an iPhone.

But it's not a cheap phone.

And again, certain areas can't get pixels.

And so it's almost like you have to

be privileged enough to have the money and

live in the right area to get a

graphene phone.

And that's really unfortunate.

But at the same time,

things like Raspberry Pis,

things like VPN servers,

those things cost money.

And you can't

You can't pay the rent for your office

by, I don't know, telling the landlord,

how do you signal, right?

That's just not how the world works.

So the point I'm getting at is it's

really unfortunate to see this price go up

on these very reasonably priced tools that

are designed to help,

or maybe they're not designed to,

but they're very good for helping people

reclaim control of their data.

And it's really unfortunate to see that

that barrier to entry go up,

even if it's only a little bit.

But at the same time, it's like,

I don't know, some things just cost money.

And that's an unfortunate reality of

especially this situation right now.

So, yeah.

I think this is just another good reason

to really dislike AI.

This is the reason why all of this

stuff is becoming more expensive.

There's all these AI CEOs, tech companies,

they're buying up all the RAM,

they're buying up all the SSDs for running

AI models because they need all that

memory to train and to run all these

models, right?

It's not...

And I think we've kind of seen this

for a while with Raspberry Pi.

It's kind of been a continuing drama with

Raspberry Pi.

They keep kind of,

I don't know if you've noticed,

but over the last couple of generations of

Raspberry Pi,

it's like they've been pushing the price

up and up and up.

And it's got to a point where,

you know, I was looking at,

like I had an original Raspberry Pi from

like, like a Model B.

And it finally died this year after.

Fourteen years of dedicated service.

So I had to replace it.

Right.

And there was nothing that was really the

same price as what I'd paid for that

original Raspberry Pi.

I think I only paid like twenty five

dollars for that original Raspberry Pi.

So I guess I could have bought like

a Raspberry Pi like mini one.

But, you know, I think it's.

Still,

I think it's a problem with affordability,

right?

And I think Raspberry Pi has kind of

been becoming more and more unaffordable

as time goes on.

And I'm not sure if the pricing is

justifiable, in my opinion.

I think there's plenty of alternative

options to Raspberry Pi.

Unfortunately, it does come with,

you know,

downsides such as software support not

being as good and, you know,

just general community support not being

as good.

But I think, you know,

There's definitely, you know,

bargains to be found like JS in the

chat said, I bought a mini PC,

sixteen gigabytes of RAM and one hundred

Intel CPU for one hundred and sixty USD.

Exactly.

You know, I think that's oh, yeah.

So they increased the price of that

because of the RAM shortage.

I think also another another thing with

with these buying new is kind of not

always the best way to go.

Right.

there's plenty of used options for,

you know,

you don't need a Raspberry Pi to run

a couple of small services.

You could always get like a refurbished

business computer,

like a Dell Optiplex or, you know,

these old retired business computers that

they're selling for like absolutely

nothing.

Like you can basically get them for free.

They may not be as power efficient,

but you're still getting the,

ability to run those low powered services.

So I think there is always an option.

But I do think when it comes to

the thing you said about privacy being a

privilege,

I think it's definitely a matter of

perspective.

I think

people can still do quite a lot for

their privacy.

Like a lot of privacy tools are free,

like ProtonMail, Tudor, that's all free.

Like you don't actually need to pay.

Like you can still get away with having

a free account.

And I think it's important to have these

free options, right?

Where, you know,

freemium model is really good in that

circumstance, right?

Like with Bitwarden,

you can have a syncing vault with security

and it's free for the most part.

You miss out on some small features,

but you're getting a lot of those features

that are the most important for free.

And I think, you know,

it is kind of unfortunate that there's

things like hardware where it's a little

bit more tricky with like, you know,

like Nate said, there's Google pixels.

They cost quite a lot of money depending

on what country you're in.

And they can also kind of, uh,

have you know problems with international

uh shipping you know not every country has

has pixels available um it's not a

globally available uh device but you know

I think a lot of people can also

get a really good level of privacy just

by, you know, deep loading their phone,

switching the usage on their device, or,

you know,

instead maybe going for an iPhone,

which is available in a lot of locations.

So I think people don't have, you know,

zero options.

But I do think if you do want

that highest level of security and

privacy,

you definitely are going to need to shell

out some money for the hardware.

But I think when it comes to software,

we have a lot of good free options.

There's a bunch of examples like the Tor

browser.

You can browse anonymously for free.

It doesn't cost money.

But a lot of that is supported by

Tor network operators who do this for the

love of the game.

They're not...

in this to make money.

They're doing it to promote the free

internet,

to allow people to access information.

So I think we do have a lot

of privacy tools that are accessible to a

lot of people.

But there's also that gap that I think

needs to be filled when it comes to

hardware,

because we don't really have very many

affordable hardware options.

Because Google Pixels,

they're starting at like,

five hundred bucks.

And it's kind of hard to shell out

that much money.

A lot of people don't have that much

expendable income to just drop on a phone.

That's why a lot of people,

they go with carrier plans,

like they pay their phone off every month.

So I think we do need to be

thinking about the accessibility of things

and

It'll be good if there was another phone

option that was similar security to a

Google Pixel that, you know,

would allow people to do the same thing,

but with a much more affordable price.

But right now we don't really seem to

have that.

So, yeah, I don't really have,

I feel like I've been talking about this

for a while,

but do you have anything you want to

add to that, Nate?

No, that's fine.

I mean, I ramble plenty.

No, and yeah,

just to back up what you said,

you're absolutely right.

There is so much in privacy that can

be done for free or cheap,

like Signal and encrypted email.

But it's just, yeah,

it's unfortunate that once you start

getting to those higher,

and those things do so much.

How am I trying to word this?

It's the whole like, what is it?

The Pareto principle, like, that,

you know, I think, like,

switching browsers,

switching communication methods,

blocking ads, all that kind of stuff,

probably gets you, like,

There are a handful of, I would argue,

very reputable free VPNs,

but they're also horribly slow and very

limited on their capabilities.

Like you were saying,

it's unfortunate that once you start

getting to those higher levels of

really...

I guess perfecting for lack of a better

word, like perfecting your privacy.

Cause obviously privacy is a journey.

We'll never really get there.

There's no such thing as perfect privacy,

but once you start really doing those

advanced things,

like you mentioned switching to a graphene

phone,

like there's significant barriers and it's

just, it's very unfortunate I feel like.

But yeah.

I don't know.

Yeah.

I think,

I think you kind of summed up all

my, my thoughts on this one.

It is,

It's unfortunate, and yeah,

it's another reason to be mad at AI,

because yeah, this is... Oh my god, yeah.

I'm so mad.

Everything's so expensive right now,

and...

You know,

you and I were talking before the

recording about maybe, yes,

the rain cloud, perfect.

We were talking before the recording that

maybe I might need to get a new

computer and my wife,

she's been having some issues with her

Pop!

OS laptop, which it's not system.

It's literally like a different ThinkPad

that has Pop!

OS on it.

And thankfully we found some stuff online

that we could install and it helps with

the power management.

And so that can has been kicked down

the road, but yeah,

now is not a good time to need

new computers.

So frustrating.

Yeah.

I'm truly sorry to anyone who needs to

buy an SSD or RAM right now.

I still need to buy a backup drive.

Yeah.

I do wonder if hard drives are affected.

That would be interesting.

I was going to say,

I think hard drives are significantly less

affected, if at all.

So it's probably not that big a deal.

But yeah, that's frustrating.

Okay.

We do have one more story real quick,

and I think I got my screen share

fixed here.

And this is about Microsoft and their use

of AI.

Is it going to work?

Oh, hold on one moment.

Yeah,

so this is actually potentially some good

news,

which is that Microsoft is apparently,

allegedly reconsidering how much AI they

are cramming into Windows.

So for those who are fortunate enough not

to have to deal with Windows Eleven,

Microsoft,

on the topic of AI and raising prices

and everything,

Microsoft is part of the problem because

they have been cramming AI aggressively

into everything you could possibly

imagine.

Like,

I'm going to get really niche with my

references here,

but if you guys have ever seen the

show The IT Crowd, which if you haven't,

you should because it's hilarious,

but

In the first season of The IT Crowd,

and I didn't notice this until I rewatched

it years later,

there's EFF stickers literally everywhere.

And I found out later that's because Cory

Doctorow was one of the advisors on that

show.

And he was, I believe,

a board member at EFF at the time.

So he just stuck stickers everywhere.

And then in season two,

there's significantly less stickers

because I think even the EFF told him

to chill out.

So that's basically what Microsoft has

been doing with AI is anything you can

think of, they're slapping AI on it.

And...

This has not gone over well at all,

at all, at all, at all,

because numerous studies are coming out

showing that most people at best do not

care about AI.

Most people either hate it or they're

completely indifferent.

There are very few people that are excited

about AI.

And Microsoft is finally getting that

memo.

Oh, man.

Where do we even begin?

Apparently,

Copilot is integrated into Notepad for

some reason on the topic of why people

use Notepad++ earlier.

It's in Paint,

which I guess that one I kind of

understand a little bit better for

generative AI, but...

I don't know.

If I want a powerful image editor,

I'll probably go with Photoshop or

something.

I don't know.

I'm getting off topic.

But anyways,

I'm just pointing out how deeply they've

shoved AI into everything.

Most notably,

many of the privacy veterans will remember

Recall,

which is one of the most horrifying

privacy invasions of the last several

years, probably.

I said one of, for the record.

It's definitely not the worst,

but it's up there.

Which,

real quick for those who don't know,

it's literally an AI that takes a shot

of your screen, a screenshot,

every couple of minutes or couple of

seconds.

And the idea is that you're supposed to

be able to type into your computer, like,

oh,

what was that website that had the green

shoes that I was looking at or whatever?

And it would go through and it would

be like, oh,

that was this link on Amazon.

The problem is it was so poorly thought

out that it didn't redact social security

numbers, passwords.

It did redact Netflix though.

So we know where Microsoft's priorities

were.

Anyways, anyways, all this hatred aside,

real quick,

just to round off that saga for anyone

who wasn't there,

there was so much pushback that Microsoft

did actually delay it a whole year to

try and fix it.

And by fix,

I'm going to put that in heavy quotations

because it

They made it less obviously terrible,

but it was still pretty bad.

But anyways, according to...

So this article is pretty light on

details.

I do want to acknowledge that upfront.

But this comes from Windows Central and

they have unnamed sources that work at

Microsoft who basically said Microsoft is

reconsidering a lot of things.

Unfortunately,

I don't think most of it's going away

from the way this article's word.

They said they have paused work on any

additional co-pilot buttons for inbox apps

for now.

I do believe there are a few things

that they're still going to go ahead with,

like semantic search, agentic workspace,

Windows machine learning,

and Windows AI APIs.

Microsoft believes that these

under-the-hood AI efforts are still

important for app developers and users,

even though nobody wants an agentic AI

workstation, but whatever.

There is, I can't find it now,

but I think they did say there are

a few things that they're just dropping

entirely.

Oh, sorry.

Okay, so they didn't, here it is.

They didn't commit to it,

but Notepad and Paint,

the ones I mentioned earlier,

they said that those are under review.

So those might get pulled entirely.

What's very also likely is they said that

the company is basically trying to

rethink things uh what they used a

phrasing about copilot that i thought was

or not copilot recall uh recall in its

current implementation has failed though i

understand the company is exploring ways

to evolve the concept rather than scrap it

entirely possibly dropping the recall name

in the process though this is unconfirmed

uh personal opinion they can evolve it

right into the recycle bin where it

belongs but anyways yeah it's it's

So it's,

it's really unclear what direction this is

going to take,

but it is good that they're finally

listening.

And, uh, this is coming,

the article notes,

this is coming on the heels of Microsoft

admitting that windows is horribly broken

right now.

Uh,

it's been in my headlines in my newsfeed

a lot lately and usually not for good

reasons.

And they did commit to trying to quote

unquote, fix windows this year.

Although again,

they didn't really say what that entails.

This is probably part of that.

Um,

I will say that in my opinion,

I think their AI implementation is so bad

that really anything is fixing it at this

point.

Anything they can do to make it less

terrible,

whether that's making it less obnoxious,

whether that's getting rid of it

completely,

whether that's hopefully making recall

less of a privacy nightmare.

I think the very least they should do

is make it optional.

They're probably not going to do that

because this is Microsoft.

I guess I'll just say that.

I don't really have high hopes that this

is going to be revolutionary,

but I am hoping that they can make

it less terrible.

I really think...

I don't want to say that's the only

direction they can go in because this is

Microsoft.

They can definitely find ways to surprise

us,

but I definitely don't have hopes for them

to actually make this good in any way.

I just hope they'll find a way to

make it

Not so bad.

I think those are kind of my thoughts

on this one.

Do you have anything you want to add

to this, Jordan?

I think you're lucky enough not to be

subjected to the nightmare that is

Windows,

but I don't know if you still have

any thoughts.

Yeah,

I've kind of avoided using Windows almost

completely.

I mean,

Mac OS isn't really that much better,

but Linux is definitely a good place to

be right now.

So I think that's, yeah,

I agree with everything you were saying.

You know,

it is kind of frustrating that like

Microsoft is working on stuff that

seemingly not that many people are

actually interested in.

Like, you know,

adding all these AI recall features and

co-pilot things.

I think, you know...

Microsoft is kind of realizing, yeah,

we're going to have to actually add

features to the operating system that our

users actually want.

You know,

like we don't just have to add silly

like AI integrations.

I really hope that, you know,

this is a sign that the AI bubble

is finally going to, you know,

explode because you know these companies

aren't getting the returns on their

investments they were looking for right

they're probably dumping a huge amount of

money into into developing these features

and kind of going all in on AI

because I know like I've seen the CEO

of Microsoft he was saying you know

they're going all in on agentic operating

systems and utilizing all these new you

know developing all these new AI

integrations and I think

it's finally good to see them realize

that, you know,

the majority of people are not really

interested in this and that they're going

to start scaling it back because yeah,

it's,

I guess we should also talk about this

from a privacy perspective.

You know, I think it goes without saying,

you know,

an agentic operating system and operating

system that is basically sharing a lot of

information about your system with,

you know,

a third party because in a lot of

cases, this processing isn't done locally.

You know,

a lot of the processing that is done

for these agentic systems is actually

being sent to a third party service.

And this is kind of terrible for a

lot of reasons because, you know,

information that you thought was private

and was local on your computer is then

basically being broadcast onto the

internet.

Like I know a really good, uh,

a really good thing to think about this,

right,

is let's say you're talking to someone on

Signal on a Windows computer,

and they've got some agentic operating

system features running at the same time,

that could be recording you,

that could be monitoring your call,

and it could be saving that or sending

it to a third party server,

which is breaking the privacy of Signal.

You're just adding a listener on the other

end.

You're just sending this information to a

third party server.

So I think at least some people that

care about their privacy have been saying

this,

but I think it's good that in general

people aren't that interested in this

because if this was to become more popular

and available on operating systems,

it would kind of be a nightmare.

It would kind of be a privacy nightmare

because then you don't really know what

you're sending to another person is

actually private or if it's being sent to

a third party server.

I'm just happy that Microsoft is realizing

that this is a bad idea.

Maybe it's not for the same reasons that

we care about, which is, you know,

it being a privacy nightmare and

destroying any sense of privacy that

people have.

But it's good either way.

I think we can take this win.

Yeah, for sure.

And that's...

That's something that's in the back of my

head, too, when I talk about, you know,

I said, like,

hopefully this will be optional and it'll

be, like, less terrible.

But even optionally, Microsoft is,

or Windows, I mean,

is such a notoriously leaky operating

system from a privacy perspective.

And I don't...

I think I posted it in a group

chat with my friends.

I don't think I posted it in the

Privacy Guides chat.

But a few weeks ago,

I may have mentioned it on here, actually.

A few weeks ago,

I realized that for some reason,

my Windows computer hadn't updated since

version, like, .

It was whatever version just stopped

getting support in November.

And so I was like, okay.

I need to sit down.

I need to figure this out because I

want to make sure I'm getting those

security updates.

And I had to jump through many,

many hoops.

I had to chase down all kinds of

issues.

Eventually, I did get it to update.

Everything went smooth.

But then because it was an update,

it's introduced all these new features.

And it was basically like a whole new

computer.

So I had to go through and I

had to use...

And for the record,

not all of these are equal.

So this is not like a broad endorsement,

but I have very specific third-party

scripts and tools that I trust to like

de-bloat some of this Microsoft stuff.

And I swear to God,

it was like an hour long process to

go through.

And I only have like three of them

that I use,

but to go through all three of them

and run them to get rid of the

telemetry, get rid of the AI,

get rid of this, get rid of that.

And it was such, and that was,

I'm not even talking about the whole

updating process.

I'm talking about just that part of going

through,

making sure all the settings that I want

turned off are off,

making sure that these scripts run,

checking the scripts and making sure I

know what they do and I'm okay with

it.

And just, it was so obnoxious.

And it's like,

it shouldn't be this ridiculous to use a

computer

without giving up all my privacy,

plus the kitchen sink,

plus the neighbor's kitchen sink,

like it's insane.

And so going back to what you were

saying about AI is that's my concern is

that even if they roll this out in

a form where it's optional,

does that only mean optional to the,

like on the end user facing, like what's,

what's the word I'm looking for?

Like,

where it seems optional.

But in the background,

it's still submitting data.

It's still collecting data.

And I'm sure it's less than if it

was running in agentic mode or if Recall

was taking those screenshots every three

minutes or whatever it is.

But it still just worries me that it's

like, yeah,

but this thing could still be running in

the background,

potentially introducing vulnerabilities,

potentially sending more data than it

should be back to Microsoft.

That's what worries me.

And it's such a shame

as somebody who grew up on windows,

like I'm not a windows fan boy by

any measure, but I mean, let's be real.

Like Macs are really expensive.

And I mean,

I guess now they're about the same because

Mac is the only one that can afford

to eat the price hike on Ram,

but you know,

historically Macs are really expensive and

they work great and they've got great

security,

but you are absolutely unarguably paying

for a brand name.

That is a fact.

And then Linux is free, but

historically doesn't always do the things

I need it to do.

I really do want to test some of

my production stuff and see how well it

works.

But I guess my point being is like,

Windows has always been such a relatively

affordable, customizable system.

And it's really frustrating to just see it

become worse and worse and worse in every

sense of the word,

from the UI to the privacy,

to the bloat, to the just,

it makes me sad.

Like I said,

I was never a Microsoft fan boy,

but it's just, it used to be better.

We used to be a society.

I digress.

I've ranted about that plenty.

If that's all we've got for now,

I think there are a couple of quick

stories that we wanted to highlight.

We're not going to talk about these

extensively because admittedly we had this

conversation earlier in the week.

Jonah and I have been covering all the

age verification stuff for literal weeks

and we have nothing new to add.

It's bad.

We're not in favor of it.

We think that there's

better ways to protect children online.

But we did want to let some of

our listeners know,

specifically in Spain and Greece,

if you are Spanish or I guess it's

Greek, isn't it?

I almost said Grecian for some reason.

But if you are Spanish or Greek,

these are

the latest countries who are now planning

to ban social media for children under

fifteen.

So yeah, like I said,

I don't think we really have anything to

add to that,

but if you do live in any of

those countries,

you should be aware of that.

Do you have anything you want to add

to that, Jordan?

Not particularly.

I mean,

I think both you and Jonah have talked

about this pretty extensively,

so I don't think we need to drag

this out,

but

It's frustrating that the start of this,

you know,

was with Australia's social media ban and

now other countries are following.

I think this is basically what we were

saying from the start, you know,

as soon as you normalize this in one

country,

every other country is going to start

following suit and

yeah,

it's kind of unfortunate that that is

exactly what is happening right now.

We warned you,

like we warned them that this is going

to happen and no one was taking it

seriously, but here we are.

So it is kind of frustrating.

Yeah.

It is kind of frustrating that, you know,

we've, we've been here, we've been, uh,

saying it from the start, but, uh,

now it's actually coming true.

So yeah, I think, you know,

do what you can in these countries,

make your contact, your representatives,

you know,

try and educate people in your life about

why this is bad.

Hopefully there can be some,

positives from this like you know it's it

sounds like these are both announcing a

ban they're not actually implemented yet

so there's still a chance for you to

have your voice heard so definitely try

and at least make some noise about it

because in a lot of cases uh if

a lot of people are against this then

you know it will end up being

uh a lot harder for them to pass

this with you know as many uh restrictions

but i guess the the thing to remember

about this is these are both you know

in spain um

I feel like they might have much stronger

data protection laws than that of like

Australia or the UK.

So it's interesting how they're going to

actually be able to implement this

without, you know,

because they're going to have to require

people to provide their ID or do some

sort of facial scanning.

It'll be interesting to see how they're

going to navigate that,

like regarding the data protection laws.

So that'll be something interesting to

watch, I guess,

but definitely try and make your voice

heard about this issue.

Yeah,

I just want to add the slippery slope

is I kind of hate using the slippery

slope argument because it is not always

applied in good faith and it doesn't

always turn out to be true.

But in the case of tech,

I feel like it is true more often

than it's not.

Actually,

a really good example is facial

recognition.

There have been multiple articles and

stories written about how Facebook

invented their little Ray-Ban facial

recognition glasses years ago.

And even at Facebook, they were just like,

no, this is too much.

This is a line too far.

We're not going to do this.

This is creepy.

Until Clearview AI came along.

And once Clearview AI came along and made

facial recognition totally cool,

now they couldn't wait to jump on the

bandwagon.

So yeah,

I feel like with tech in particular,

the slippery slope is true more often than

it's not, which is so, so frustrating.

Absolutely.

With that, in a moment,

we're actually going to start taking

viewer questions.

So if you have been holding on to

any questions about the stories that we've

talked about,

go ahead and start leaving them on our

forum thread or in the comment section of

the livestream.

But first,

we're going to check in on our community

forum.

There's always a lot of activity,

and this week has been no exception.

But we're going to highlight just a couple

of interesting stories that we wanted to

discuss here.

One of them is DuckDuckGo did a poll

that shows that people are against AI.

I feel like I read this story when

it was first published.

But yeah, I mean,

the author of this post sums it up

pretty well here.

DuckDuckGo made a public poll to see what

people think about AI,

and ninety percent voted against.

And I believe this thread has largely just

been people

discussing their opinions about AI.

And I don't know,

we just got done talking about AI and

the RAM shortage and how that's affecting

everything.

Do you have any thoughts about AI, Jordan,

or do you want me to go first?

I mean, I think we can kind of,

you know,

I think we talked about a little bit

before,

but I think for a lot of people,

these...

you know,

AI companies are kind of having a pretty

negative impact on people,

like just at like a personal level, right?

Like they're building massive data

centers.

They're using a bunch of electricity,

which is driving up electricity prices.

It's driving up RAM prices.

Like this is nothing that's good for the

average person.

And all for, you know,

my cool little chat bot I can talk

to whenever I want.

Like, is that really,

is the benefit really worth the cost?

And I think,

for a lot of times people are saying,

you know, maybe not, you know,

this is not really that useful.

So I don't know,

it could just be a sort of

There could be a bias in the sample

here.

Like, for instance,

this could have been posted.

I did see it being posted on Mastodon,

which means, you know,

it's kind of people on Mastodon don't like

AI.

So that definitely could have skewed the

results a little bit.

But I think it's still an interesting

idea, right,

to see and to have a poll go

out like that.

It would have been interesting to see if,

you know,

where a lot of these votes were coming

from and how this was published,

because I think that could have had a

pretty big impact on the results of this

poll.

But I think, you know,

ninety percent is kind of conclusive,

I guess.

So, yeah,

I'm not really not really that surprised

by ninety percent being against it.

What about you?

Yeah, no,

I think that's a really good point,

the selection bias.

I will say,

ninety percent surprises me a little bit

because I know DuckDuckGo is one of those

companies that has integrated A.I.

a little bit.

I think they even have their own like

A.I.

proxy and.

I think it's.

Yeah, I mean,

I think that's a really interesting point

for sure, but.

I mean, my personal opinions,

I definitely like...

We mentioned this on a previous episode.

I like the point that Em made a

few weeks ago about AI in its current

form cannot be private because it scrapes

up so much user data from people who

probably didn't consent.

And I think... This is one of the...

This is one of the... Sorry,

I'm trying to put my thoughts in order.

This is a thing that I've said before

is...

I think there's certain things about AI

that are technical problems in the sense

that they can be solved.

Can be.

Will they?

I don't know, but they can be.

Things like the energy usage.

I think that in time,

I think AI will become more energy

efficient simply because the financial

incentive is there to make it cost less

money or maybe find more sustainable ways

to power that energy.

Um,

I wish they would open up more solar

farms instead of nuclear plants,

but I don't know.

I digress.

Um, but then I think there's,

there's the much harder problems that I'm

not sure if we'll ever be able to

tackle,

which are things like compensating the

people for the data collected,

the training sets, things of that nature.

And I think those are, yeah,

I think those are the things that are,

like I said,

going to be harder to solve if solvable

at all.

And, um, yeah, I think, um,

Not to be pedantic,

but I know there's also a really good

discussion to be made about the difference

between,

because AI is just such a blanket term

that we're applying to everything

nowadays.

And I think there's useful types of AI,

like machine learning that's being used

for medical research and stuff like that,

versus the generative AI that's drying up

an entire lake just to make everybody on

Facebook look like Studio Ghibli.

And yeah,

I think it's really unfortunate that,

I don't know.

It's just really unfortunate.

And also, as a creative type myself,

I'm really annoyed that AI is taking away

all the fun jobs,

like making music and writing stories and

making videos,

and instead of taking away the crap jobs

that nobody wants to do.

Yeah, it's...

It's really unfortunate.

I think it's one of those things that

could be good, but probably,

it definitely is not right now.

And I don't know if we'll ever address

those difficult questions for sure,

but that's really unfortunate.

Yeah,

I think one thing to think about when

it comes to this AI stuff is

I'm not really sure if it could be

done in an ethical way, right?

Because basically the whole, like,

I don't know if you saw,

there was like an article that I saw

about Sam Altman and he was saying if

there was a stop to the wholesale scraping

of the internet for AI training,

then these AI companies literally wouldn't

be able to exist because the data that's

required to train these models is

basically done by scraping the entire

network

entire internet right um so you know i

don't think that like i think people think

about like their personal privacy like i'm

sure i could use like an ai model

locally on my computer that wouldn't be

sending information to a third-party

company but the model itself was trained

off non-consensual like

scraping of people's information and,

and data.

And when you train that model,

you're basically, you know,

encapsulating an entire, you know,

section of the web into a model.

Right.

And that's kind of the antithesis of

privacy, right?

Because if you, let's say you,

you deleted an article that you wrote

about something that could have been

scraped and put inside this model and,

you know, you're basically, uh,

storing this information forever.

And, you know,

it's also storing and scraping a lot of

personal information as well.

So, you know, it's,

it's kind of problematic.

I think there's not really any good way

to do this.

Like I'm sure maybe this,

there's a possibility that someone's made

an AI model based on only

publicly available and consensual data,

but, um,

I'm sure it's not very good and as

useful as the ones that have scraped the

entire internet.

Right.

Um, so, you know,

I think I'm not even certain that,

you know,

if we were able to use completely

consensual data and also have, you know,

use renewable energy,

I think it's just kind of a waste

of electricity as well.

Like electricity is not infinite.

Like it has an impact on the grid,

um,

just delivering electricity to people is

producing carbon.

So I don't know.

I don't think that it's,

I guess maybe our opinions differ slightly

on this, but I think, yeah,

there's definitely, in my opinion,

not really any ethical way to do it

that respects everybody in the process.

That's just my opinion.

No,

and I kind of agree with you because

that was something that I said when I

first mentioned this is like maybe,

and that's why I say those like less

technical problems I think are harder to

solve because like you were saying,

maybe we could,

like I know Creative Commons is working on

a license that basically says, yes,

I'm okay with AI training on this data.

But what if so few people opt into

that,

that

it can't create a good AI model.

And so there is no ethical way to,

to do that.

And, you know, you mentioned the,

the idea of like,

or maybe I just heard you,

you say this, but like,

we can't even like really remove training

data.

You know, we can't,

like we could remove it from the next

iteration when they run the AI and update

it,

but we can't really reliably say that

like, oh,

I want this data removed from the model.

And because of that,

it kind of doesn't respect like the right

to be forgotten,

which to me is personally is a really

big deal to me because I think one

of the most harmful things about the

permanent digital record that we have

nowadays is that

people have almost lost their ability to

grow.

All the older listeners will be with me

on this one.

I grew up pre-internet,

not super pre-internet.

I think we got internet when I was

in my teens,

but it definitely wasn't like it is now.

Social media was not a thing until I

was in high school.

I think Facebook came out when I was

in college.

So I grew up in a world where

You say dumb things.

You do dumb things.

You get in trouble for that,

but then you grow,