Did Signal's Founder Create the Most Private AI?

Hello, everybody.

Welcome back to This Week in Privacy.

This is our weekly series where we discuss

the latest updates with what we're working

on in the Privacy Guides community and

this week's top stories in the data

privacy and cybersecurity space.

The stories this week include Moxie

Marlinspike's new AI chatbot,

a new privacy services alliance,

a new advanced Linux malware, and more.

I'm Jonah,

and with me this week is Nate.

How are you doing, Nate?

I'm good.

How are you?

I'm doing great.

Thank you.

For those of you who are just tuning

in for the first time or might not

know,

Privacy Guides is a nonprofit which

researches and shares privacy-related

information,

and we facilitate a community on our forum

and matrix where people can ask questions

and discuss

get advice about staying private online

and preserving your digital rights.

So we always kick off the show with

what we've been working on at Privacy

Guides this week,

and I'll hand it over to Nate to

share a bit about what he's been doing

on the video side of things.

Awesome.

Yeah,

so there's been some exciting

developments.

For those of you who didn't know,

we have a new video now out to

the public.

It's loosely based on Em's written article

that privacy is like broccoli.

So if you haven't checked that out yet,

please go check it out.

Very proud of everyone at the team.

It's obviously, it's not just me,

Jordan edited and everybody helped double

check the writing and everything.

So yeah,

we're continuing to work on our video

courses, the smartphone security guide,

and I believe there's still some work

going on.

Well,

there's definitely some work going on on

the threat modeling course.

And I also,

Just came in.

I yesterday recorded a new video about,

I should know what this was.

I just recorded it when I'm drawing the

blanks.

Private browsing.

That was it.

Yeah.

Yesterday I just recorded a new video

about private browsing and that will be

coming out very soon as well.

we have uh yeah we've got a lot

going on behind the scenes it's hard to

keep track of all of this um i

can share some other updates on our end

um most notably if you missed it last

week um we had some personnel changes um

our wonderful intern kevin is no longer

working with us his internship ended um so

he's moving on to other projects but um

it was a great experience working with him

i'm super glad uh that we got the

chance to do that and i hope to

see kevin um

hopefully stick around on the forum and do

some volunteer,

maybe some one-off projects with us in the

future.

But of course, that's up to him.

We'll see how that goes.

But I just wanted to, again,

thank Kevin for all of his work and

explain a bit about what the show is

going to look like going forward.

Of course,

it's going to be mainly Nate and I

or...

hosting this show.

Jordan may be hosting some episodes as

well, like they used to.

But that'll be kind of the roundup for

this week in privacy going forward.

Besides that,

we published several news articles this

week at privacyguides.org slash news.

There were Instagram password resets in

the news, RCS potentially in the iOS,

which I believe we're going to talk about

later in the show.

Threema,

which is a pretty popular end-to-end

encrypted messaging app,

was recently acquired by another private

capital firm.

There's some vulnerabilities in AI agentic

browsers.

There's news about Windscribe and their

partnership with some other privacy

services,

which is another topic that we're going to

cover in more detail here in the show.

And an article on the WhisperPair

Bluetooth vulnerability.

So definitely a lot of cool stuff coming

out there.

Freya has been working really hard getting

timely news briefs and news updates out on

our site for people who are interested in

that sort of thing.

So if you want to keep up to

date with that,

definitely give the privacyguides.org

slash news site a follow or follow it

on various social media platforms or the

news category on our forum,

which is where all of these articles are

posted.

I also want to highlight an article that

I wrote a year ago.

I know with a lot of political news

going on in the world,

I think it's just always a good time

to maybe give a reminder of this.

We do have an article on smartphone

security and keeping your smartphone safe

if you are attending any events.

In person like protests or activities like

that if you're an activist or you're a

journalist who needs to be sure that your

baseline security for your smartphone is

up to speed definitely give this article

or read, we will.

I'll have a link to this in the

show notes when we send this out later.

But yeah,

just since the article is a bit old,

I wanted to resurface it here.

I think off the top of my head,

that's all of the major updates we've been

working on at Privacy Guides.

It's been a pretty busy few weeks for

me.

We've been working on a lot of things

behind the scenes.

And if you're a regular member on our

forum,

you may have seen some of the notes

from meetings that we've had,

and we have some future stuff that we

have to work out.

still in the works.

But I think that's kind of everything for

now.

Nate,

if you don't have anything else to add

in terms of Privacy Guides updates,

I think I'll hand this over to you

to share some of our news stories,

maybe our first one.

yeah all right so we uh our our

headline story this week is about moxie

marlin spike's new ai chat bot this has

been kind of making waves for those of

you who don't know who moxie marlin spike

is you probably at least know uh his

work which is the signal messenger uh

moxie created signal he passed off the

reins to the current president uh

Well,

I don't know if he picked her necessarily,

but he passed off the reins.

And now who has taken over is Meredith

Whitaker, who, yeah.

Anyways,

she's doing a great job with Signal.

But he moved on, what was that,

about a year?

No, more than a year ago.

My sense of time is all messed up.

But he's been kind of laying low,

actually.

At least I feel like.

I certainly haven't heard his name in

quite a while.

And now it's popped up with this new

chatbot called Conferr.

And I believe the link for that is

confer.to if any of you want to check

it out.

But it's very minimal right now.

And what really sets this one apart is

this might be, to my knowledge,

the first really private AI chatbot on the

user side.

And we're going to dig into that in

a little bit.

But...

You know, things like,

which this article here does unfortunately

incorrectly say at the end,

things like Lumo, things,

as far as I know,

things even like Braves Leo,

I could be wrong about that one,

but they don't really protect the user.

They're basically like a no log VPN for

LLMs.

They promise they won't keep your logs,

but technically they can access them.

Um, if there was a situation like, uh,

you know, famously years ago,

proton was forced by law to monitor a

certain account and record the IP

addresses.

Cause they were trying to figure out who

was behind that account.

Not they proton, the,

the authorities were trying to figure it

out.

And, um, you know,

eventually they were able to do that.

So this, uh,

this is kind of in the,

this is the first time that they're trying

to create something more like signal

where, uh,

That's not even possible.

It's all encrypted from start to finish

for real.

And yeah, it's, I mean, it's, okay.

So if you go to the confer.to website

and you click on the blog,

you can dig in there and there is

some like really

There's some really technical details.

I don't think there's any code or

anything.

I mean, the thing's open source,

so you can go look at the code

if you're that technical.

This Ars Technica article, I think,

does a pretty good job of dumbing it

down.

And basically,

it really relies on what are called

trusted execution environments.

This goes way over my head,

and I'm sure Jonah can probably break it

down a little bit simpler.

But basically, the way they describe it,

they say it prevents even server

administrators from peeking at or

tampering with conversations.

And they talk about how it's designed

where you can access it from different

devices,

and it can synchronize just like Signal.

And I don't know.

It's really cool stuff.

Before I jump into the next part of

this thought, Jonah,

is there anything you want to add?

Yeah, so I don't know.

I'm probably less excited about this

Confer stuff than other people I've seen

in the community.

All of this private AI stuff has been

trending quite a bit lately,

and they especially rely on these trusted

execution environments.

TEE's Confer is now different,

but we've seen

For example,

if anyone wants to look into this later,

we've talked a lot about Maple AI on

the forum,

which uses a similar technology to kind of

validate the security of how these AI

models are being run in theory.

And basically what these trusted execution

environments are,

are

features that are built into the CPUs of

servers that these models are running on,

where they can run a certain set of

code and it can be validated by the

hardware that the code hasn't been changed

or modified in theory.

So if an AI service, for example,

like Confer is releasing an open source

model and they're saying this code is

what's running on here,

the hardware should, in theory,

ensure that they're not swapping out that

code behind the scenes and it might

protect you.

The problem with TEE is that there are

quite a few limitations,

and it wasn't really designed to protect

against the operator of the server from

potentially being a physical attacker

here.

And so we've seen security experts like

Matthew Green, for example,

on

on Twitter caution against the use,

or not against the use,

but against relying too much on TEEs for

the security of AI models because they

can't provide the same type of guarantees

that full end-to-end encryption can

provide.

That's simple math, whereas this is

a bit more policy based.

It's certainly a step better than,

you know,

them just saying they're not going to look

at it,

but not really doing anything about it.

But it's nowhere near the guarantees that

you're going to get from end to end

encryption.

And so it's tricky to say that any

of these are truly private because

While some AI models like Lumo,

for example, or this one or other ones,

they will use end-to-end encryption for

the storage of your chat logs.

They don't necessarily, well,

they don't at all use end-to-end

encryption on the chat as you're chatting

with it.

And they can theoretically read that chat

or log it.

at that time.

And there isn't really any way around this

because these AI servers,

they need access to your data in order

to run the AI query on it.

And so that's why

I think all of these cloud AI models,

they don't probably reach the level of

privacy that a lot of people are going

to want from AI,

especially for some of the things that

people are using this for.

I think we're going to maybe talk about

this in a bit,

but I know there's a ton of stories

about how AI is starting to be used

for health stuff and personal,

very sensitive information.

And these protections, in my opinion,

don't really go anywhere.

too far or far enough to protect that

data, unfortunately.

That's kind of how I would describe the

technical side of things.

I know there's a lot that we want

to talk about that isn't necessarily

technical,

but more just privacy concerns with AI in

general,

beyond the pure security of the system.

But yeah,

I definitely want to create the

distinction between TEEs,

like better being used,

In this case versus end-to-end encryption,

because end-to-end encryption,

it's a whole different ballgame,

and it's much better security,

and AI is not providing that in any

of these cases.

Cool, yeah,

and thank you for clarifying what I meant

when I said that most other, like Lumo,

is more like a no-logs VPN in the

sense that they can read your chats,

they just promise not to store them.

And they do store them in a way

where they can't read them,

but while you're having that chat,

they totally could.

And that's what this is supposed to do

differently.

But yeah, let's,

because I'm excited to get into this,

let's go ahead and talk about,

towards the end there,

you mentioned that this is all fine and

nice from a technical perspective,

potentially,

Um,

but this doesn't solve a lot of the

privacy concerns with AI and, um,

Man, this is really good.

So just to kind of give listeners a

tiny peek behind the curtain,

we have a weekly meeting,

a staff meeting at Privacy Guides.

And part of that discussion is always what

story do we think would make the best

headline story?

And when we talked about this,

our staff member, Em, had an amazing,

a lot to say, really.

She didn't just make a point and she

gave a really good talk.

I guess you could call it that.

But anyways,

she pointed out that something that we

never really talk about,

and I'm sure some of you guys have

thought about this,

but I personally have never thought about

this before.

And AI really,

at least in its current form,

can't be made private.

Like maybe it can from the end user,

but that doesn't count the data and how

the data is scraped.

And it's...

I think a lot of us know that

anything you put online you should treat

as,

you know, being public.

At least that's something I've always been

able to say,

or that's something I've always said in

the past is anything you post online,

be prepared for it to be breached or

anything like that.

But even so,

that doesn't make it right for these

companies to go around scraping all this

data without consent.

And I do want to acknowledge there are,

I know there's at least one AI that

they're trying to, or not, well,

I guess you could call it an AI,

a training set they're trying to create

that is drawn from

consenting users but at this time there's

really no mechanism like that i think uh

i think creative commons is currently in

talks to create a flag where basically you

can say oh yes i consent to let

ai train on this data but certainly chat

gpt anthropic uh whatever some of the

other ones are out there i don't think

any of them have ever respected that

because they existed before that was a

thing and we already know that there's so

many stories about like uh

Copyrighted material,

the Harry Potter books,

the New York Times is currently in a

lawsuit where there's so many stories

where we know that this is what's

happening.

They're training on data that is not

licensed for free use,

that is not consented to.

And yeah,

that's a trickier thing that I don't think

can be solved in a technical way.

Any thoughts on that one, Jonah?

Yeah,

there's so many concerns with the privacy,

and I totally agree with what Em had

brought up in our meeting and on Mastodon.

A lot of these things that are being

built right now,

they're being just used in very un-private

ways, and it requires harming privacy,

exactly like you said,

in order to build these things in the

first place.

And so it's very concerning what's going

on with AI here.

Yeah,

I think she summed it up pretty well.

So I'm not sure if I have anything

else to add beyond that off the top

of my head.

Sorry,

I was just looking at the chat here,

seeing if something was coming up.

So I was a bit distracted.

But yeah,

I think that's kind of where I'm at

with that.

Yeah,

we're trying something new on the back end

here, and there's a lot of moving parts.

Yeah, let us know.

Definitely, if you're watching,

leave a comment how the stream is going

in terms of quality.

Or if you're chatting on a different

platform,

let us know and we can see if

that shows up.

Because, yeah,

we have a bit of a different setup

than usual.

But, yeah, going back to AI, I mean,

it's...

I don't know.

I feel like there's not much to add

to that statement,

but it's to what Em said.

But it's such a – to me, again,

I thought it was really enlightening

because I've never thought of that before.

And it feels so – because I've seen

some people say,

particularly in the Mastodon post that Em

sent us where she kind of put all

these thoughts into words.

And someone argued,

like I said at the top, it's like,

well,

you post anything online and you know it's

going to be public.

And I think this kind of falls under

–

A long time ago,

I wrote a blog post where I made

the argument that there's a difference

between an expectation of privacy and an

expectation to be stalked.

And, you know,

I've been in situations where because I

have, you know,

very visible arm tattoos for those who've

never seen my arms before.

And I usually wear short sleeve shirts,

especially in the warmer months.

And I've had many times where, you know,

I've had like there was one time I

went to the store and as I was

leaving the store,

a friend texted me and was like, hey,

I just saw you at the store.

And I'm just like,

How did they know it was me?

And this was like during COVID.

So like everybody had a mask on.

I'm like,

how did they know it was me?

And then I'm like, oh, right.

Duh.

But and, you know,

I'm not mad about that.

Right.

But the difference is that friend didn't

then immediately like get in the car and

follow me around town as I ran errands

or went back home or whatever I did.

And it feels different when, you know,

you post something publicly and sure,

somebody might see it.

Somebody might get upset.

versus that might get scraped up.

That might get added to a data training

set.

I personally have, and many people do,

I have disappearing messages enabled on

Mastodon because I want them to go away.

And if they get caught up in a

data training set,

having a hard time talking tonight,

then they never go away.

They're there forever.

And it's just such an interesting

perspective that I never considered.

Because when we look at these new

technologies,

I think there's two kinds of problems.

There's technical problems and then

there's,

I don't know what I would call them,

but there's all the other problems.

And technical problems to me are things

like the energy usage.

And for the record,

I am not trying to downplay this,

but the energy usage of AI is really

bad for the environment, right?

That's a technical problem.

As we go, I think,

not to sound overly optimistic,

but I think we'll learn how to make

more energy-efficient data centers.

We'll learn how to maybe switch to

renewable energies, maybe someday,

eventually.

And all these things that can reduce the

environmental impact of AI.

But then there's the other things like...

what we were just talking about,

the fact that all this privacy data was

taken,

the fact that this is potentially putting

people out of work, you know,

these are much harder things to solve.

And maybe there is a solution if you

want to be an optimist,

but I think starting this discussion is

certainly part of that, you know,

finding that solution if nobody's talking

about that side of things, for sure,

because

I don't know if I said this,

but we usually think of privacy as the

end user, my prompts and that stuff,

the responses.

But I feel like we don't talk enough

about the training data in the sense of

the privacy invasion from it.

So yeah, it's really interesting stuff.

Absolutely.

And beyond just the training aspect of it,

I think...

like AI has definitely shown that privacy

has never really been more important in

protecting your data online because we

could talk about this other story that we

have.

This was reported by four or four media

talking about Grok's AI sexual abuse

material that it's generating on Twitter

right now or X.

And I think it also shows that like,

You have to be careful with the data

and images that you're posting online,

especially personal stuff,

because now people can basically use these

models.

They're getting better and better at

creating very photorealistic things,

and they can take innocuous images or just

selfies or any images of people and turn

it into stuff that you probably don't want

to see or don't want on the internet.

And certain people are going to be more

affected by this than others.

But I think that...

You know,

AI is creating a very dangerous

environment right now where any data that

you put out can potentially be misused or

blown far out of proportion,

far beyond what you originally intended

when you were maybe making a post.

And I think it's just, I don't know.

AI, I think,

has created a lot of terrible situations

all around in terms of privacy, for sure,

and in terms of safety on the internet.

And I don't really see a way that

it's ever going to be rectified.

There aren't a lot of great solutions

here.

And so it makes me very hesitant to

recommend or use AI in any

capacity because it's just creating it's

really creating a monster that we don't

really know how to how to control and

it's not a good idea I think for

people to become reliant on tools like

this and use it like in their everyday

lives for for all sorts of things because

you know, eventually, you know,

it's either going to create these

dangerous situations or it's going to have

to be reined in by these tech companies.

And then you're in a situation where,

you know,

tech companies are kind of censoring the

stuff that you can create online.

There's always a censorship problem,

I think,

with a lot of these centralized services

and big tech services where outsourcing

all of your control to these centralized

cloud providers instead of trying to do

everything yourself puts you in a very bad

situation.

We see it all the time in other

industries,

and it's something that I think we can

catch right away and try to avoid going

forward.

I don't know what the general vibe for

AI is among the general population right

now.

I don't think AI is a huge thing

for most people outside of the tech

sphere.

And I think most people are rejecting AI

right now, which is probably...

probably a good thing because it it just

seems to be creating a lot more harm

than good right now in so many different

ways yeah that's fair and to be clear

when i when i kind of um

when I kind of take a potentially

optimistic approach,

I'm not necessarily trying to be pro AI.

I'm just, I'm trying to be fair.

I'm trying to point out, cause you know,

one,

and this is definitely not a one-to-one,

this may even be a disingenuous

comparison, but,

One comparison I keep hearing people make

is newspapers.

When newspapers first went to mass print,

we had a huge problem with misinformation

and disinformation and what's now called

yellow journalism,

which is – we still see to an

extent the super sensational just making

things up out of thin air because it's

scandalous and it sells.

I think now we call it clickbait.

But we –

That was eventually something that we were

able to mostly figure out by creating

legislations and having these very strict

slander laws and things like that.

And to be fair, laws are retroactive,

right?

Like laws work after the fact,

after somebody has already been harmed.

So I'm not saying that's a perfect

solution,

but I think we can agree that in

the end,

newspapers ended up being better than they

were.

So that's kind of the lens I'm trying

to look at this through is like,

what are we looking at in terms of

some of these problems are technical

problems that can be solved,

but then others like you're right.

It's, it's,

I think going back to the whole training

data thing.

Okay.

We create,

let's say we created a system where people

have to opt in to have their training

data scraped up by AI and whatever that

looks like, whether it comes with a, like,

what's the word I'm looking for?

Compensation or whatever.

Would that be enough?

Because that's what makes AI so quote

unquote good or effective is that it just

has obnoxious amounts of training data.

And I would be surprised if enough people

opted in to really make AI as effective

as it is now.

And again, to be clear,

I'm not saying like, oh,

people should opt in.

Like, no,

it's your content that you're creating.

Do whatever you want with it.

But it's just,

it's kind of backing up what you were

saying, Jonah,

about if

we may be facing something that there may

be no way to use it privately.

And I think that is,

I agree with you.

I think that's really good that people are

opting not to use this,

but I do worry for people.

We had at least one person in the

forum who said that they're in a field

where it's becoming increasingly difficult

to navigate that field without having AI

on your resume because it's,

I don't even know what businesses are

using it for,

but apparently everybody wants you to be

able to learn AI,

whatever that even means.

I don't know.

And so I guess know how the prompts

work.

I really don't know.

But if you're in a field where you're

like, I don't like to use AI,

even if you just don't like it,

I don't see a use for it.

I don't see a value.

I've tinkered with AI in the early days

and-

There's a few things it does really well,

but overall,

I don't see how it became this trillion

dollar industry that's propping up the

entire US economy.

It's just not that, for me at least,

it doesn't do that much.

So if I were in one of those

fields where they're like, well,

how often do you use AI?

Hardly ever because it just doesn't – I

don't have a use for it.

It doesn't do anything for me.

And anyways, yeah,

my point being what I'm trying to get

to is it's unfortunate that some people

are in a position where they're now stuck

where they have to show that they know

how to use AI.

And I don't know.

It's like –

It's like phones,

like phones are not really private, right?

And it's hard to make them private.

And some people can afford to not have

a phone.

They can work in a field or they

can be self-employed where they don't have

a phone,

but not everybody has that luxury.

And it's really unfortunate people are

being put in that situation.

Yeah,

I think you bring up a really good

point,

especially with the whole like having to

maybe opt in or like consensually sharing

your data with AI.

This is something that really bothers me

about the current AI landscape, actually,

because I think these tech companies have

kind of created this situation where now

that they've created the problem and all

of these problems that AI causes.

now they're trying to sell you on various

solutions to try and take control of it

after the fact and it's like these these

problems wouldn't exist without all of the

ai that's being pushed on consumers from

these tech companies fairly irresponsibly

um i was just looking i mean we

were just taking a look at youtube studio

the other day and looking at um some

of their like likeness detection features

and how that's going to require me to

you know scan my face and send them

my id if i want to

you know,

monitor YouTube for people who are

potentially creating AI generated videos

of me, for example.

And this is not a position that I

think people should be putting in the

first place because it's just yet another

thing in a long string of events where

tech companies create these problems as an

excuse to try and get more and more

of your data.

And now I have to share even more

data with Google that they didn't

necessarily have before because of the AI

problems that they've created.

And I'm sure that this is going to

be commonplace

On other platforms, if it isn't already,

it'll be coming soon.

And I'm sure there's not going to be

a single way to opt out of it

everywhere across the internet because

there's just no coordination like that.

And there isn't really a great way to

do it privately.

And so by just accepting AI and kind

of normalizing all of this,

that's just kind of the society that we're

creating here.

We're just losing the ability to control

who has access to our data and who

benefits from it.

And unfortunately, at this point,

it seems pretty clear that the only people

who are really benefiting from having all

of our data is

these big tech companies.

So I don't know.

It's ridiculous, I think.

Yeah, for sure.

The normalization,

that's a huge problem with privacy, right?

As privacy advocates,

it's so normal to use these tools that

it sometimes can, I don't know, it's...

I'm sure a lot of us have been

in that situation where it's like, oh,

I don't have Facebook.

What do you mean you don't have Facebook?

And they like, I don't know.

Usually when I say that,

people are just like, whoa,

that sounds awesome.

And I'm like, yeah, just delete it.

It's not that hard.

But I also know some people have just

been met with like, you know,

they're isolated now because it's like,

oh, well, you're not on Facebook.

So I didn't send you an event invite

because apparently you don't exist

anymore.

So yeah,

when you use that word normalization,

that really jumped out at me.

That's such a problem with a lot of

these privacy invasive texts is they

become normalized.

I don't have any more thoughts to add

to that one.

Do you have anything to add before we

move on to our next story?

I think that kind of covers all the

stuff I was thinking about with AI.

So we can take a look at our

next post here.

This comes from the Windscribe blog,

actually.

The headline is,

Windscribe partners with Kaji, Notesnook,

Addy.io and ENTI to create a privacy

focused alliance.

And so basically,

what Windscribe has done is they've

partnered with all the services I've just

named to give people kind of exclusive

discounts or deals on all those services

if you're a Windscribe user.

And I know this is I don't remember

if we've talked about this in a previous

episode,

you can remind me but I know ENTI

has done a similar thing with other

services in the past.

And it looks like Windscribe is kind of

joining in

on that initiative.

So I think it's pretty cool what they're

doing.

I guess the question that we would

probably want to talk about is how do

we feel about these privacy alliances?

Do you have any opinions?

I have a couple of things to say

for sure,

but I can let you go first.

I got to be honest,

I think this is the first one I've

seen,

or at least the first one on this

scale, for sure.

I don't really have too much of an

issue with it personally.

I think the thing that disappoints me is

that a lot of these are like Addy.io,

Addy.io,

twenty five percent off the first year.

Same thing with NT,

twenty five percent off for the first

twelve months.

I think.

I don't know.

Maybe it's just me being cheap,

but I'm one of those people that if

I'm going to sign up for a discount,

I would like to continue to have that

discount.

But I mean,

at least they're being upfront about it.

But I don't know.

I think...

I don't have too many issues with it

because I think wind scribes, uh,

their logic makes sense.

You know, if,

if you read the blog posts that they

put out, they said, uh,

like why a privacy focused partnership

instead of just like building a suite in

house.

And their answer is basically

compartmentalization.

You know, if, if you compartmentalize,

then.

If any one of these services goes away

or becomes compromised or what have you,

then it's just that one service.

It's not across the board.

It's not your entire account.

And I think they make a really good

point there.

And also one thing they didn't say,

but one thing I've historically said that

I really believe that is that when you

try to do everything,

usually you end up doing everything kind

of poorly.

So I would definitely prefer like

Windscribe.

We're going to focus on our VPN and

we're going to make a really good VPN

and we're going to let NT handle the,

or NT handle the photo storage.

We're going to let Kagi or Kaji handle

the search and, you know,

which I've heard really good things about

Kaji.

I still haven't used it myself,

but I've used NT.

I'm very happy with it.

So yeah, it's,

it's kind of nice to see that, um,

that specialization there the only thing i

can think that might kind of not be

great is a lot of uh quote-unquote normie

users are really big fans of they want

the ecosystem right they want like that's

one of the amazing things about google

right is you get an email and it

says hey let's have lunch on the and

it automatically asks do you want to add

this to your calendar or it used to

ask i think now it just does it

but i don't use google anymore so i

have no idea um

And it adds it to your calendar.

And then when you send an email and

you add an attachment that's too big,

it's like, oh,

do you want to just one click,

add this to Google Drive and send it

that way?

And they make it so seamless and

everything works together.

And so that is kind of the argument

for things like Proton, for example.

If you don't use them, that's fine.

You don't have to.

But it's a really compelling alternative

for people who want that ecosystem.

And that's kind of the only thing I

could see getting in the way from my

perspective is some people may say like,

well,

why would I sign up for six different

services when I could

just go somewhere else and get it all

at once but yeah i think those are

kind of all my thoughts absolutely i i

totally agree well i'll go through a

couple of your points i think the the

first thing that you mentioned how some of

these discounts aren't lifetime plans i

think is really unfortunate because i do

think that the the the big draw for

for this um for a lot of people

would be to escape an ecosystem like like

proton um i i understand all your points

about the ecosystem and definitely a lot

of people are

into that sort of thing.

And I definitely use a lot of Proton

services myself personally,

but I also know a lot of people

who don't want to put all of their

eggs in one basket and they don't want

to use ProtonMail and ProtonDrive and

ProtonVPN, right?

And they would rather like trust

individually vetted individual services.

And I think there's also something to be

said about companies that really just

specialize on doing one thing and one

thing

really well,

like Haji with Search or NT with Photos,

for example.

I think all of these privacy services and

companies still exist in a pretty niche

market,

and I'm glad that more people are

becoming concerned about the security and

privacy of their data,

and they're switching to these services.

But there's, you know,

there's still a lot of growth to be

had in this sector.

And I think that prevents a lot of

companies from growing super big at the

moment.

Proton, I think,

is a is a good exception.

But I know Proton

people have a lot of complaints about how

Proton is slow to add new features or

they're not integrating all of their

products properly or that sort of thing.

And it's true.

And I think it's just really hard to

build like a full ecosystem right off the

bat.

And if you could have all of these

separate teams that are much more

streamlined,

they don't have to worry about integration

as much.

They can just focus on their own features.

Like Windscribe can just focus on trying

to be the best VPN they can be,

for example,

and they can leave

like cloud storage and search and photo

storage to these other companies.

You know,

I think that's really beneficial and would

help a lot of companies.

But if you're only giving away like trials

or limited time discounts,

it's

It's not going to be very compelling just

from a cost perspective, unfortunately.

I'm not sure if there's a super great

way for a coalition of these companies to

work together on something like that,

or if there's an opportunity for someone

to sell bundles.

Because at the end of the day,

especially with most modern payment

systems right now, you have to...

have like one central company that's in

charge of billing and that's obviously

going to give that company whoever it is

a lot of power over the other companies

in this in this coalition right and so

i'm sure there's probably some

cryptocurrency solution to this where

everything could be decentralized and

split up but not everyone is going to

pay in cryptocurrency um

But I would maybe want to see a

solution that's more integrated than this,

where it's not just like exclusive

discount codes,

but maybe it's a bundle where you could

sign up with any of these services and

get billed through the service of your

choice.

And that might decentralize it a bit,

but then you get access to all of

these other services for the lifetime of

the bundle.

And I think that that would be a

lot more compelling for a lot of people

who are switching from something like

Proton,

that kind of

includes many of the things that are being

sold here.

How that would work exactly, again,

I don't know.

But I think that that would be the

biggest draw for a bundle of privacy

products like this.

And it's kind of a shame that

They're not doing that right now,

but maybe they'll go in that direction.

For now at least,

I guess if you're a Windscribe user,

this is a pretty good opportunity to use

some of the services that we recommend.

We haven't recommended or evaluated all of

the services,

including Windscribe itself on privacy

guides.

I know there's a lot of discussions on

our form if people are interested in

learning about pretty much all of these.

But yeah, I think...

that would be the direction that I would

want to see something like this go in.

And we'll see if that happens.

Yeah.

And just to back up what you were

saying, I totally get the appeal of not,

like the compartmentalization is the

appeal for some people, right?

Like you were saying, like, sure,

there are a lot of people who want

the ecosystem,

but there's also a lot of people who

want whatever the best thing is.

You know,

if you think Mulvad is better than Proton

and you would rather use Mulvad and you

kind of,

mix and match.

I think that's great.

And I do agree with Windscribe that that

is certainly more secure from a

compartmentalization perspective.

But yeah, I'm with you.

I think really,

even if you want these disparate services,

it would be really cool if there was

some kind of... If it was...

I don't know.

This feels to me like...

this feels to me a lot like the

concept of a sister cities,

which I've never really understood.

It's like, Oh, we're gonna like,

I swear to God,

I've lived in places that like the sister

city is in like Russia.

And I'm like, how?

Like I'm in Texas.

How, what, what, what's going on?

And you know, it's,

it's really means nothing.

It's just some kind of like cooperation.

They're like, Oh,

maybe you should check this place out.

We've, you know, shook hands or whatever.

And

And, you know,

I don't mean to downplay this to that

extent,

but it feels very similar that it's kind

of like, well,

we just got together and agreed we all

like each other and we're really cool.

And they are really cool services.

Again, I want to stress that, but.

It would be nice to see something that's

a little bit more cohesive, I guess,

or benefits the user a little more other

than just some kind of like temporary,

which again,

I think some of them are like permanent,

right?

I think at least one of them was,

I'm trying to pull the page back up

here.

Notes Nook was a permanent discount.

As far as I'm seeing.

And I think there was one other one.

There's not any, well, Control D,

but that's also run by Windscribe, so.

oh okay okay that's the one i was

thinking of yeah fifty percent off control

d um so yeah it would be yeah

lifetime discount that's dope but yeah so

it would be cool to see something a

little bit more cohesive like that but i

don't know at the same time it's like

that could be a really cool i'm i'm

trying so hard to get a lot of

my family members to try ente because you

know most of them are just in google

photos apple photos whatever phone they're

using and

Yeah.

So maybe, I mean, if nothing else,

maybe this could be a nice like, hey,

here's twenty five percent off.

Give it a shot.

So totally.

I really like your sister cities analogy,

actually,

because that is kind of what what this

is.

I know.

I think all of those sister city things

are like with international cities and

there isn't much like true connection

between them.

And that is sort of what this feels

like at the moment.

Like it's a lot of disparate services

where you can get like, you know,

that there's cross promotional stuff going

on.

There's

limited time discounts,

but there isn't a true partnership or

working together on something extremely

cohesive.

It's just awareness.

Windscribe is probably for the most part

just making people aware of these services

more than providing an actual long-term

value for their users.

But I think awareness of other privacy

companies is certainly a good thing.

So I'm not going to knock it for

that,

but I don't think

in its current iteration,

this is going to create a great

alternative for someone coming from

something like Proton, for example.

But yeah,

if you were going to try out some

or all of these services anyways,

especially because you can pick and

choose,

it's not like some bundles where you have

to register for everything and then you

might not even want to use some of

these things.

You know, it's not that serious.

So yeah,

I think it's a cool opportunity for them.

I always like to see privacy companies

work together on this sort of thing rather

than you know constantly compete with each

other especially in at times when it

doesn't make any sense to be competing

with each other at all um so so

yeah i think it's i think it's cool

yeah for sure um man you said one

last thing i wanted to touch on but

got away from me so all right yeah

I think I would just ask you,

maybe we didn't cover this.

Do you have any thoughts about like any

of these companies in particular?

How many of these have you used?

Because I know not all of these are

even recommended on our site, for example.

But I know they've been talked about a

lot on the forum.

Well, actually, real quick,

my thought just came back to me.

I was going to say,

you said this is kind of Windscribe just

like kind of bringing awareness of these

companies.

To their defense,

that can be used because, you know,

back when I was on Surveillance Reporter,

we took a sponsor and our first sponsor

was JMP Chat, the voiceover IP.

And I thought for sure that I was

like, oh, everybody knows JMP Chat.

And I was floored how many people left

comments like, oh,

I've never heard of this before.

This is really cool.

And I'm like,

Really?

And I don't mean that in a bad

way.

Like, really?

But I was like, really?

That many people have never heard of this.

So I'm sure even Windscribe probably has

tons of people that are like, oh,

I've never heard of Kaji.

I've never heard of Addy.

So...

But in answer to your question,

I use Entei.

I'm kind of in this weird space where

I'm like halfway between Entei and

Nextcloud,

and I'm not sure which one I want

to commit to, to be totally honest.

I like Nextcloud, but I'm debated.

The encryption in Nextcloud is still not

great,

so it's like I could have all my

photos end-to-end encrypted,

but then they don't integrate,

but then how much do I use the

integration?

So anyways...

I've used Addy IO in the past.

I've tinkered with Kaji a little bit.

I haven't really like used it personally.

I've used it to test it out,

but I've never used it in like my

day-to-day use to see how it would

integrate my workflow.

And I've looked into Notesnook.

One of these days,

I actually want to do a video about

privacy respecting alternatives to things

like Notion,

which Notion is already not terrible,

but there's so many open source,

like Obsidian, Notesnook.

There's one called AnyType, I think it is.

So yeah, Notesnook,

I looked into it a little bit as

a potential note alternative,

but I haven't actually used it myself.

How about you?

Do you have any experience with any of

these?

Um, yeah, I, I'm,

I'm also on the boat of maybe switching

to Entei.

Um,

but I haven't really like fully committed

to any of these photo backup platforms

myself yet.

Um,

otherwise I don't really use a lot of

these.

I do need to get better at, um,

note taking and maybe notes look would be

a good solution, but maybe that'll be my,

my new year's resolution this year and

I'll have to report back on what I

ended up doing.

Makes sense.

Yeah.

I've, I've been pretty happy with, um,

Addy, like all the ones I've used.

It's not like I didn't stop using them

for some, like, Oh,

they had this big problem, but, uh,

I don't know how many of them would

qualify to be listed on,

on privacy guides.

I know we have some really strict

standards, but for me, it was just,

I found other things that integrated with

my needs better or, you know,

my workflow or they were a little bit

cheaper or something, but.

Yeah, like I said before,

for better or for worse,

I'm kind of in the Proton ecosystem right

now.

And I'm thinking about changing it,

but I haven't yet.

So that's kind of where I'm at.

Fair enough.

I will admit I'm one of those people

that's constantly like,

I'll have a workflow that works.

Like let's say Nextcloud, right?

Let's say I'm all in on Nextcloud.

And then I'll have that moment where I'm

like,

but it's not really end-to-end encrypted.

So what if I did replace the notes

and then I go back to this system

where everything's like,

I've got my notes here and I've got

my photos here and I've got this here

and this here.

And then I'm like, yeah,

but I really miss next class.

I'm constantly trying different things and

going back and forth and it's awful.

I don't know why I'm like this.

All right.

Okay.

If that's all we have on that topic,

first of all,

I've been asked to let you guys know,

as a reminder,

that you can get this bottle on

shop.privacyguides.org.

Our next story,

we are going to talk about messaging a

little bit.

We're going to talk a little bit about

RCS and iMessage later,

but first we're going to talk about

Threema, which is an encrypted messenger.

It is not recommended by privacy guides.

I think historically,

I think they've added forward secrecy now,

but in the past they were missing it.

And I think there's a few,

maybe a few other shortcomings,

but it's not the worst messenger in my

opinion.

And yeah,

Well, for now,

it's not the worst messenger because they

have just been acquired by a venture

capital firm.

And this is called what is it?

I'm probably going to mispronounce this

comatose capital or comatose.

Maybe I'm not sure,

but I believe they are a German company.

I somebody mentioned in the the group chat

that this is actually not the first time

three months been acquired by a company

like this.

So

I think it was about five years ago.

They were acquired by another private

equity company.

So this is just a second private equity

acquisition,

but it has been kind of the case

for a while that they were owned by

this.

They weren't their own company.

Which on the one hand,

I could see that as an argument for

maybe this won't really affect the quality

of the product at all because they've

already kind of...

Although I don't want to take shots at

Threema because I think anybody who's

trying to make privacy and security...

is doing a good thing,

but I do have to be honest that

they are severely lacking on a lot of

basic features that other messengers

already have.

Um,

So yeah,

it's not the most feature rich platform

and it costs money for those who didn't

know.

It's five dollars one time for the

individual.

Like a lot of companies,

they have like an individual arm and they

have like a business to business arm.

I think the B to B one is

like a subscription.

But if you're just an individual user,

it's five bucks one time.

And that's a hard sell when I could

go download Signal, SimpleX, Session,

pretty much any of them.

So yeah, that's awesome.

It's already a hard sell to get people

to using it.

And like I said,

it is missing a few of the more

advanced securities features that we've

come to expect out of things like Signal,

like perfect forward secrecy.

But yeah, I mean...

I don't know.

Do you want to talk about why?

The price was always the thing that was

holding back Threema, I think,

from gaining widespread recognition or

recommendations in our community and on

our site.

I think even one of our criteria right

now, which are, of course,

always subject to change of people if the

community feels otherwise,

but I think we settled on we only

recommend free messengers because I think

while a lot of people...

in our community are willing to pay for

more private and more secure services with

something like a messenger or social

network or something along those lines it

really there there is a network effect and

the reality is you are going to want

to communicate with people who don't care

about privacy and security and aren't

going to pay for for a messenger like

this and so it was a very niche

um use case where where three would make

sense compared to something like signal

Or especially Simplex,

which doesn't even require a phone number.

But even in Signal's case,

I think most people have phone numbers and

most people expect that's a way to text

people on your phone.

And so slotting in Signal to replace those

messages makes a lot of sense for people.

It was definitely argued to me in the

past that Threema makes sense for people

who don't have phone numbers.

To acquire a phone number to use Signal,

for example,

probably costs more than the five dollars

that Threema costs.

You could argue that Threema is actually

cheaper than Signal from that perspective.

But I think the reality is most people

do have phone numbers and most people are

looking for free messengers.

And especially with the introduction of

completely free ones like SimpleX,

it was just challenging to recommend.

With a messenger specifically,

if we want to improve privacy in the

space overall,

we need to be promoting services that...

Everyone can use,

and you can get your entire network on

because that improves the baseline

security and privacy for everyone.

Whereas with Threema,

if it's only people who are willing to

pay for it,

you're only going to get people who

already care about privacy.

It's a bit like preaching to the choir,

I think.

I've never used Threema for this reason.

I think there's easier ways to reach me.

I think you've mentioned that you use

Threema in the past.

I don't know if you want to share

a bit about your experience with that.

Yeah, I mean,

I don't have much to share because I

haven't used it a lot.

I think I've only run into like one

or two other people who use it.

And honestly, even those people,

like after a couple months of chatting on

and off,

and they're not people I chat with every

day.

It's, you know,

people who are in the privacy community

who are basically like, oh, I have three,

I'll help you test it out.

And, you know, those semi articles like,

couple of times a month or something.

And,

and then after like four to six months,

they're just like, yeah,

I'm just gonna like go all in on

signal because that's where most of the

people I talk to are.

So I'm going to stop using this.

And, um, and like I said,

it's already missing so many things that,

you know, signal.

it has just like emoji reactions.

Like you're very limited to the emoji

reactions you can use on Threema.

I think they do have polls now,

but I think they're very limited polls.

It's just, I don't know.

It's just,

it's not as good of an experience.

And again, I hate to say that.

Cause I think, you know,

anybody who's trying to further privacy

and security, I think that's great,

but it's just,

it hasn't really been the best experience.

And going back to the payment thing,

I agree with you.

Like people are just so, and again,

I see the argument from both sides,

because on the one hand,

we shouldn't be conditioned to expect

things for free, right?

If it's free, you are the product,

which isn't totally true,

but it's a great shorthand.

And when we have so many free services,

nine out of ten times,

they're selling our data or they're doing

something like that,

something shady to monetize.

But on the other hand,

And it's good also that Threema has like

a business model, right?

Like you pay for the product the same

you would as anything else.

But at the same time,

that is such a hard sell to like

try and get, you know,

I always use my family as an example,

but to try and get my sister to

like, hey,

you should switch to Threema when,

you know, you have to pay for it.

It's missing a lot of features.

It's,

not the prettiest UI.

And this is coming from me.

I'm the kind of person that normally

doesn't even care what the UI looks like.

I have cubes right in front of me

right now, which is true.

So it's just a really hard sell,

unfortunately.

I agree with you though.

I think if I were to make the

shots,

I would tell Threema that they should make

their individual facing arm totally free

and they should just focus on monetizing

their business to business side

And that's how you should do their

business model.

You know,

there's like we see Telegram and now we

see Signal kind of venturing into

monetizing certain features of these

platforms where you can provide a very

good base service for free,

but then optional stuff,

especially for power users,

which are probably the core demographic of

what Threema is serving right now with

their five dollar pricing.

I think people will pay for those

features,

but they're not necessary for everyone.

And I think

for any messenger to take off your

experience,

I think really

validates the point I was making.

I think the background behind our criteria

that the messengers that we recommend on

our site have to be free basically comes

down to any of these paid messengers,

I don't really see them taking off as

more than a neat tool for a hobbyist

who's into security to mess around with.

But it's not going to get the kind

of mass appeal that you need from certain

products.

It's fine if

If, you know,

NT charges more than Google Photos,

for example,

because these aren't social platforms.

I can protect all of my data.

If other people aren't protecting their

data,

I think that's unfortunate and that should

be fixed.

So there's that,

but it's not going to affect me, right?

But with a messenger,

like the only thing I'm doing is

communicating with other people and they

might not care about security and privacy

as much as myself.

But I want to...

It benefits me when those types of people

can use these platforms and they simply

won't find pretty much any price worth it

for something that other companies can

provide for free.

So I would agree.

I would just hope for a different

monetization model.

I think there's there's room here.

I don't know if they'll do that.

Threema, like at this point,

they kind of seem a lot like Wire,

which used to be pretty widely recommended

in the privacy community, as you know.

But then they really pivoted after they

were acquired to be very business to

business focused.

And I can imagine Threema kind of

following that same direction where they

just focus on their business product and

kind of drop the consumer side of things.

Which would be a bit unfortunate,

but also I don't know how much three

month is currently adding to the landscape

at the moment,

so it is what it is,

I think there's a couple different

directions that they could go in and we'll

see if they do any of that or

if comment is capital.

is the type of private equity firm that

strips their acquisitions for parts and

completely shuts everything down.

You never know with these private equity

things.

That's usually what they do, yeah.

So yeah, if you're a Threema user,

I would be concerned by this acquisition.

But if you're not a Threema user,

which I would imagine a lot of people

are not,

I don't think there's going to be a

lot of impact in the privacy space from

this news.

Oh, gosh.

They own Petco.

Petco GmbH.

Okay.

Well,

that is not a good sign for Trio.

I would say, yeah.

GmbH, that's Germany, isn't it?

Or is that Switzerland?

I think GmbH is Germany.

I think there's a couple of different

countries in the EU that use that one.

Use that, yeah.

I couldn't tell you off the top of

my head.

Oh, nevermind.

They don't own them anymore.

They sold their majority stake in.

Okay.

Sorry.

I'm just poking around their website now.

Yeah.

Yeah.

Um,

I think I kind of came into the

privacy scene on the tail end of wire,

but I remember that too.

Wire used to be.

it used to be pretty solid.

It was,

it was much more polished than three

months and it was free and it didn't

require any, any private information,

but yeah,

they went all in on business to business.

I think maybe you can still download wire,

but they certainly don't make it easy.

And, um,

Yeah, it's unfortunate.

That was kind of the other big thing

I wanted to mention was, like you said,

venture capital firms – or private equity

firms, sorry.

Their whole – there's a podcast called

Stuff You Should Know that I love,

and late last year they did an episode

about private equity,

and it –

covered all of that.

Like that's usually,

that's their whole job basically is they

buy a company,

they make it run super efficient and by

efficient, we mean we fire everybody,

we triple the workload.

We, you know, it's, it's honestly,

it's like a corporate pump and dump scam.

I don't even know how they get away

with it,

but that's what a lot of them do.

So hopefully Threema can survive this.

Um, but I, I, I will say they've,

they've done a few really interesting

marketing stunts in the past that I think

have, uh,

done good things to raise awareness to

privacy.

Like

I still see sometimes they have a,

you can still access it actually.

They have a website where you can upload

a picture and it'll blur it and then

it'll put a banner on it that says

hashtag normalize privacy or regain

privacy.

That's what it is.

And that was part of an awareness campaign

they did a couple years ago.

And I think they also did something in

Europe where they rented an ice cream

truck.

I could be remembering the details of this

wrong,

but they rented an ice cream truck and

they were giving people free ice cream.

But in return,

you had to hand over personal data.

They would ask people for their phone

number or whatever and their date of

birth.

And it was funny watching people with the

ice cream cone and they're like, why?

No, no, here, have it back.

I don't know.

And they're like, yeah, exactly.

It's insane.

So why are we doing this with other

services?

So yeah, I do agree.

Overall,

they haven't really made a huge dent,

but I really appreciate the innovative

marketing stunts like that they used to

do.

I think those were super fun.

That is funny.

I didn't hear that story,

but I think we don't have to get

too much into this,

but it's really interesting how people

definitely treat the online space

differently than real life.

If people were asked for that on a

website,

no problem entering that information.

Your browser would probably autofill it

for you.

But when you ask this in real life,

people suddenly realize what's happening

here.

I don't know.

why people make that distinction in their

mind.

But that's a really funny way to kind

of realize that.

Yeah, really, really true.

Really quick before we move on to the

next story,

I'll address one comment that we got in

the YouTube chat here.

That was about this story before we move

on.

They asked about Jammy and if we've used

it.

That's not something that we've really

looked into too much on our website.

And I think...

like whenever i've looked into jammy in

the past that's more of like a video

conferencing service i know it has instant

messaging built in but i don't know how

usable it is in my mind it's sort

of like a a free software skype

alternative i think a lot of people um

will probably use something like signal

and either signal video calls or or jitsi

video calls instead of jammy that's

usually what i see recommended but if

Uh, if you have any additional questions,

do you want to share more about like

what you would use jammy for?

And if it makes sense for you,

I would encourage, um,

the user who asked this to, uh,

post on the forum about it and maybe

get some more, more opinions.

Yeah, I agree.

Not to spend too long on it,

but Jemmy is a name that I've seen

pop up from time to time repeatedly.

And I feel like it's hard because it's

not super popular.

I feel like for me as a not

very technical,

like I don't know any code,

I feel like it's really hard for me

to kind of get a good...

What's the word I'm looking for?

Get really good insight into how it

measures up to things like Signal or some

of these other alternatives.

So I would definitely like to know more

about it.

I'd like to know what is going on

under the hood that makes it better or

worse or what use case it's for.

I haven't found a lot of people using

it,

so I've never had a chance to really

test it myself.

But yeah, like I said,

it pops up from time to time.

So I would love to learn more about

it.

I just feel like I have a hard

time finding that information myself.

All right.

I believe...

Is it my turn to take the next

story or is it yours?

I can look at this.

Our next story is encrypted RCS.

Signs of that were spotted in the iOS

twenty six point three beta.

So the article that we have was actually

posted by Freya on our site as a

news brief reporting on a few different

sources.

Basically,

people have discovered in the iOS twenty

six point three beta some settings that

indicate carriers will be able to enable

end to end encryption for RCS messaging

and indicate that in iMessage.

So that's pretty exciting news for people

who have been following RCS support on iOS

for decades.

a while um because of course right now

it is all not encrypted and apple said

that they weren't committing to using the

same sort of encryption standard that

google is using right now in google

messages on android because it was

something that google developed on their

own instead of working with gsma to create

like a standardized encryption protocol

for all these platforms and services to

use but now um there is a new

standard it's called messaging layer

security or mls and that's

what RCS is going to be using in

the future.

And I guess that's what's being added to

iOS.

So the appearance of this stuff in the

iOS beta doesn't indicate that it's coming

in the iOS twenty six point three release

necessarily that could come with this code

still disabled, for example.

So we might not see encrypted RCS right

away,

but it is a sign that it is

actually coming at some point.

They're actively working on support for

it.

And I think that people who

are on iOS right now or who are

on Android and use Google Messages and

chat with people on iOS,

are going to be excited about this because

there's definitely a lot of benefit to

encrypting all of your messages.

RCS definitely is not the ideal messaging

platform for a lot of reasons.

There isn't a lot of production of your

metadata,

like who you're chatting with and that

sort of thing compared to something like

Signal, for example.

So we're still going to recommend a lot

of different,

more secure and more private messengers on

our site that we would recommend

you use.

But especially in the United States,

I don't know how much of how much

this is the case in other places.

I know a lot of other countries just

standardized on various messengers like

WhatsApp or whatever.

But texting is extremely common here.

And it's definitely used around the world.

And

It's easy for a lot of people,

and people just default to it.

And so improving, again,

kind of what I was talking about with

Threema earlier,

I think anything that improves the

baseline security of all of these people

who don't care about privacy and security

and who aren't seeking out private and

secure alternatives like Signal,

it's still a good thing.

It's a step in the right direction,

even though it's not the best you could

be doing.

A lot of people rely on this,

and it's going to benefit a lot of

people.

So hopefully...

This is a sign that this will come

in the final release sooner rather than

later.

But I guess time will tell when this

will actually come out.

So I don't have too much to add

to this, but just to clarify,

and you may or may not know this,

you said, and the article says here too,

that it's a carrier setting.

So does that mean the carriers would have

to choose to opt into this,

like Verizon and T-Mobile?

Most likely.

This is definitely the biggest bummer with

RCS.

RCS...

Right now,

it can be implemented in two ways,

you can kind of do everything yourself as

a carrier and add support for it and

interoperate with other carriers that are

using the universal profile,

but it is much like texting it's a

carrier based platform or.

The other thing you can do with our

CS which a lot of carriers do I

don't remember which ones in the US do

this,

but I think there's a list on Wikipedia

or somewhere that I could find,

but a lot of carriers.

don't run RCS and they purchase a service

from Google that does it for them.

And so the reality behind RCS right now

is that Google is actually running all of

the service behind it for I think the

majority of people,

but if not the majority,

definitely a lot of them.

And so it's basically just a centralized

Google Messenger right now that your

carrier is kind of promoting on your

phones.

So obviously, from a metadata perspective,

that gives Google a lot of data,

but also it is, yeah,

there's a lot of middlemen involved here.

It's not just like an over-the-top service

that these tech companies are working on

together.

It's integrating with the traditional

carrier platform.

And whether you're going to Google servers

or whether you're going to the carrier

servers,

that is something that the carrier has to

set up on their end, which is...

Yeah, I agree with your reaction.

A bummer.

Yeah.

Cause I,

I feel like it's going to be a

challenge to get carriers to go ahead and

roll this out.

Like,

I feel like if Apple did it or

even Google,

if they did it at the phone level,

it would just, they would do it,

but I feel like carriers have very little

incentive and.

Kind of going back to what you said

earlier at the beginning when you were

covering this,

I agree with you that we look at

something like iMessage and people who do

not care about privacy or security,

who use the I have nothing to hide

argument liberally,

these are the same people who are using

iMessage.

And they're getting end-to-end encryption

just talking to each other without even

knowing what it is or knowing that it's

enabled.

And so, yeah,

it would be really cool if RCS could

roll out

to the general public and be available for

everyone cross-platform.

But I guess the only thing I could

see maybe as incentive for the carriers is

I know that RCS also comes with a

lot of those quality of life features that

iMessage is known for,

like bigger attachments and reacting to

messages and stuff.

So maybe we'll get lucky and maybe

carriers will roll it out because of the

features and the privacy and the security

will just be an added bonus.

But

yeah um yeah at the moment i do

think there's a lot of pressure and i

think apple adding rcs better rcs support

is going to add even more pressure for

these carriers to support it because like

it i'm in one group chat with some

family members on rcs right now and it's

very nice to be able to see like

read receipts and and like

typing indicators and all the normal group

stuff that you don't get on SMS because

SMS is a terrible platform.

And so there have been some improvements

there.

And I think people will realize that,

especially if they're in chats with RCS

users,

and they will eventually demand carriers

do it,

especially in the US where like texting is

so common.

I don't know how it'll be

in places where people don't use SMS in

the first place.

Maybe there's less incentive to use RCS,

but I think at least for a good

amount of people,

there is pressure to support it,

which is all right.

Like I said, it's not my favorite,

but it increases the baseline,

especially if this gets included.

So I'm hopeful that we'll see wide

adoption.

Yeah, same here.

Um, I think actually I'm going to,

I'm going to keep on the Google and

Apple thing and I'm going to go to,

we have a story here about Google Gemini

is going to power Apple's AI features such

as Siri.

And yeah, so, oh man,

this is kind of a confusing story for

me because,

so Apple's been trying to roll out their

Apple Intelligence,

clever little bit of marketing there,

which is just on-device AI.

And-

Man,

I know we've talked about AI so much

already tonight, but again,

on the user end,

from what I've been understanding,

it seems relatively private.

A lot of it is going to be

done on device.

And I think Apple actually has a very

similar architecture to confer.

Jonah can definitely correct me if I'm

wrong,

but I think they have a very similar

architecture where they try to run

everything in these trusted modules and

they try really hard to make it as

private as possible.

And Apple has been running into a lot

of delays rolling out their Apple

intelligence thing.

And,

One of the few things I don't like

about TechCrunch is they're very sparse on

technical details here.

But basically,

they say that Apple and Google have signed

a deal where Google's Gemini is going to

power at least some of the AI features.

And the headline specifically says,

like Siri, for example.

This is not an exclusive deal,

according to this article.

So Apple may...

Um,

potentially this is me speculating Apple

might tap, uh, you know,

like Claude for something else or,

you know, whatever chat GP,

I think originally they did contract with

chat GPT.

So yeah, it's again,

it's very sparse on technical details as

far as privacy stuff goes.

It just says here in the article that,

uh,

Apple has focused on privacy with its AI

rollout with much of the process happening

on processing happening on device or

through tightly controlled infrastructure.

Apple says it will maintain these privacy

standards through its partnership with

Google.

That's kind of all they said.

So, yeah.

I don't know.

What do you think about this?

There's a lot going on here.

Okay.

So, yeah,

I know Apple says that they are going

to maintain their privacy standards.

which to their credit the things that

apple have has been working on lately to

my knowledge they were kind of the first

to go in this private compute direction

that um confer the ai company we just

talked about earlier in the show and that

maple ai and that other people are doing

i think google was i mean i think

apple was kind of the first to create

this and they kind of have a

big advantage compared to their

competitors in the sense that they can

build their own hardware and CPUs to make

the security more robust rather than just

relying on these off the shelf solutions

from Intel and AMD or Nvidia, for example.

Something I want more clarity about when

it comes to how this will work is

like what exactly Google's involvement is.

I saw a lot of rumors that this

would happen leading up to this

announcement where people were basically

saying that Apple and Google came to

an agreement where like Apple would get

access to Gemini's models basically and

they could create their own models based

on that or add additional training data or

whatever and they could run everything

themselves on these private compute

servers that they have.

So it isn't like the current

implementation that Apple has right now

with ChatGPT where Siri will sometimes

offload your request to ChatGPT and just

send it over.

In theory,

if Apple is running all of this and

keeping it on their cloud and they're just

using these models that Google has created

and that's what their partnership is,

Keeping everything in one ecosystem and

not giving more data to Google, I think,

is an improvement for sure.

But all of this private AI stuff,

no matter how it's implemented,

has all of the problems that we talked

about earlier on in the show and the

problems with AI in general.

And I don't think that Apple's private

compute is going to be at a level

of privacy...

and security that I would be comfortable

with using for anything serious if I was

going to use AI at all.

And that's unfortunate because I think

that Apple is kind of doing the best

you really technically can do from the

security perspective if you want to get

back into the technical specifics of how

AI works.

But the best that's possible right now

with our current technology isn't

good enough in my opinion for people who

are serious about their privacy and

security and, um, any of this cloud stuff,

like I think it sets a very dangerous,

um,

path that we are going on with technology.

Because it seems like all of these tech

companies like Apple and especially like

ChatGPT or Google,

what they're trying to do is offload as

much as possible to the cloud.

And in doing so,

they're making normal hardware for people

more expensive.

We talked about this a few episodes ago,

and I know there was a news brief

about the RAM pricing,

which is

crazy right now because all of these data

centers are buying it up.

And what's really happening is people are

being priced out of the market where you

can own your local compute.

And that's a trend.

I was sharing this, I think,

in one of the group chats we have,

but it's a trend that we really see

in society at large for many years.

People were

priced out of the housing market.

I know that's a hot topic,

especially all around the world right now.

People are being priced out of even the

car market.

So many more people are leasing before or

people are just relying on things like

Uber or Lyft.

I know Tesla really wants to do this

with their robo taxis where people won't

own cars generally.

They will just rely on other people who

own cars to taxi them around.

I think that that is the direction that

tech companies want

everything to go in because they can

control all of it and they can create

this subscription model that you have to

pay for and local compute is kind of

going away and I think that's very scary

and dangerous because we're really they're

really forcing everyone in this position

where everyone's going to be locked in as

rent seekers on all of these platforms and

won't have any agency over

Over anything anything that's doing

computers all of these computers are just

going to be thin clients for the cloud,

which is extremely unfortunate it's not a

direction that I think people should

should tolerate.

And I guess i'm having a camera issue,

but whatever hopefully you can see me but

yeah that's my.

Concern with with all of this.

Yeah, no, I, I agree with you.

Cause even it's, it's this whole,

like everything on the cloud is even from

a practical perspective,

like I swear I'd have to go find

it,

but I swear I read a story several

years ago about somebody who rented a car

and they were in like Arizona.

And they couldn't start the car because

the car couldn't get cell signal to call

home and do whatever stupid checks it had

to do to like verify that they could

start the car.

And just things like that are just so

it's, it's a practical perspective.

You know,

what happens when the power goes out?

You know,

that's a very common scenario we've all

been in what happens i mean i guess

when the power's out you're not really

using computers but you know what i mean

or even your phone yeah what happens when

the power goes out and now the grid

is overloaded with everybody texting and

everybody checking twitter to be like oh

what's happening does anybody know why the

power is out and you can't do anything

because you have like you can't make that

connection to the the server for whatever

license you're supposed to have and it's

just it seems like such a

like I get it on the one hand,

right?

Like I love the cloud in the sense

of like, I, you know,

if my computer crashes,

I have a copy of my data or,

you know,

to not have to destroy my own CPU

doing this.

God,

I wish I could render videos in the

cloud and not have to destroy my GPU

to do it.

But, you know,

it comes with practical drawbacks of just

that, that,

resilience, you know,

what happens when AWS knocks out a third

of the internet traffic or cloud flare,

whoever.

And it's just, yeah.

I mean,

I feel like I've seen that multiple times

just in the last several months of like

some major outage and all my friends in

discord are just like, well,

I guess I'm just gonna like, you know,

take an extended lunch today or something.

Cause I can't do anything.

Cause the cloud's out.

My whole job is on the cloud and

Yeah,

it seems so very short-sighted in the name

of profits,

which I know is so hard to believe

that tech companies would do that.

But yeah, I don't like it either.

It's horrible.

I don't have much else to add to

that one.

Yeah, I think...

That's kind of all I have to say.

We did have one more discussion question

for that topic about did Google win kind

of this AI thing despite being ruled

against making anti-competitive deals in

court?

It's a really interesting case, I think,

this one.

And again,

I want to see more about this because

you know,

if Google is actually like controlling all

of the stuff that Apple is doing behind

the scenes, that would be very concerning,

especially from an antitrust standpoint.

But if it is a deal where Apple

just kind of building on their work,

but they're doing it themselves,

that's pretty typical of Apple across

their software and their hardware.

I mean,

most of like Apple's advances in hardware

come from like Samsung making better

screens and that sort of thing.

And if it's a situation like that with

Google,

It's probably not a huge anti-competitive

concern,

but if Gemini branding is going to be

prominently featured and stuff,

and Gemini is kind of buying their way

into being the AI company that people

think about, yeah,

it is a weird situation for Google to

be in.

So definitely something I hope antitrust

people keep an eye on,

but I don't think they have much teeth

at the moment against these big tech

companies.

Sadly true.

Just to add on to that,

I don't know much about a Google AI

antitrust lawsuit,

but it says here in the TechCrunch article

that Google and Apple specifically have

faced lawsuits.

In August,

a federal judge ruled that Google acted

illegally to maintain monopoly in online

search by paying companies like Apple to

present its search engine as the default.

So I don't know.

Yeah, this could...

Hmm.

I don't know.

Yeah.

I guess now that I think about it,

I could see a scenario like Europe saying,

Hey,

you have to offer other models or

something.

But like you said,

that may only be the case if Google

is maintaining everything.

If like you said, if Google's just like,

okay, here's a copy of our model,

go host it on your server and do

whatever, then I don't know.

I mean,

I would still argue that's Apple being

monopoly,

but governments seem to be a little bit

easier on that.

Yeah.

I mean, and it still has, um,

troubling implications, I think,

for the AI industry.

Because whoever trains these models,

they have a lot of control over what

the AI does.

And so they can definitely shift things to

show up in certain ways or prioritize

certain responses.

I don't know what these AI companies could

do,

but it does give Google a lot of

power either way.

Agreed.

All right.

Let's see.

I think this is our...

We have another news story before we move

on to forum updates here.

But this is from Ars Technica.

Never before seen Linux malware is far

more advanced than typical.

Void link includes an unusually broad and

advanced array of capabilities.

So basically this article from Ars

Tactica,

it kind of dives into this new Linux

malware that can infect Linux machines and

it has a lot of advanced capabilities that

attackers can use to perform various

things on your computer.

I feel like we've talked a bit about

malware on Linux in the past.

I think this is a trend that's only

going to continue,

especially as more people adopt Linux.

The reality is all of these malware

targets or malware developers are going to

target the platforms that most people use.

And so if we see more people adopt

something like the Steam Deck or more

people adopt Linux on desktop because

gaming is getting better or because they

want to escape...

all of the copilot nonsense in Microsoft

Windows or for whatever reason,

we will see Linux become more and more

of a target

just inherently, I think.

And so we're going to probably see more

articles like this.

But it does demonstrate what I think a

lot of people in the privacy and

especially the security community have

been saying about Linux and desktop Linux,

especially for a while,

which is that I think Linux does have

a good ways to go as far as

defending itself against