WEBVTT 00:00:02.728 --> 00:00:03.309 Hi, folks, 00:00:03.448 --> 00:00:04.589 we got a lot to talk about. 00:00:05.089 --> 00:00:07.312 Claude's source code was leaked. 00:00:07.873 --> 00:00:10.355 LinkedIn scrapes your browser extensions. 00:00:10.795 --> 00:00:13.057 There's a horribly insecure messenger app 00:00:13.077 --> 00:00:14.619 going around and more. 00:00:15.099 --> 00:00:17.001 All this and more coming up this week 00:00:17.242 --> 00:00:19.344 in on this week in privacy number forty 00:00:19.405 --> 00:00:19.684 seven. 00:00:19.765 --> 00:00:20.545 So stay tuned. 00:00:43.231 --> 00:00:45.073 Welcome back to This Week in Privacy, 00:00:45.173 --> 00:00:47.054 our weekly series where we discuss the 00:00:47.094 --> 00:00:48.835 latest updates with what we're working on 00:00:48.875 --> 00:00:50.835 in the PrivacyGuides community and this 00:00:50.856 --> 00:00:52.777 week's top stories in data privacy and 00:00:52.877 --> 00:00:53.618 cybersecurity. 00:00:54.177 --> 00:00:54.658 I am Nate, 00:00:54.957 --> 00:00:57.079 and joining me again this week is Jonah. 00:00:57.259 --> 00:00:58.060 How was your week, Jonah? 00:00:58.759 --> 00:01:00.920 You know, my week has been pretty good, 00:01:00.981 --> 00:01:02.061 thanks for asking. 00:01:02.101 --> 00:01:04.623 Besides misspeaking during the intro 00:01:04.662 --> 00:01:05.364 there. 00:01:05.384 --> 00:01:06.084 Can't complain. 00:01:06.144 --> 00:01:09.225 A lot of these things happen, right? 00:01:09.585 --> 00:01:10.385 Yes, yes. 00:01:12.298 --> 00:01:12.837 All righty. 00:01:13.197 --> 00:01:13.519 Yeah. 00:01:14.198 --> 00:01:14.739 I guess with that, 00:01:14.799 --> 00:01:17.439 we'll jump right into our headline story 00:01:17.459 --> 00:01:17.980 this week. 00:01:18.281 --> 00:01:21.141 And you guys have probably heard about 00:01:21.182 --> 00:01:21.742 this one. 00:01:22.822 --> 00:01:25.024 So there's an AI called Claude, 00:01:25.603 --> 00:01:26.825 Claude Code specifically, 00:01:26.844 --> 00:01:28.025 because there's a few different kinds of 00:01:28.064 --> 00:01:28.444 Claude. 00:01:31.173 --> 00:01:33.054 I'm not a heavy AI user myself, 00:01:33.114 --> 00:01:36.117 so I've heard that Claude is one of 00:01:36.137 --> 00:01:38.558 the better ones in terms of the results 00:01:38.578 --> 00:01:40.299 it puts out are mostly accurate. 00:01:40.319 --> 00:01:41.941 It puts out mostly good code. 00:01:42.340 --> 00:01:44.022 That's just what I've heard. 00:01:44.042 --> 00:01:45.003 You could do a lot worse than that 00:01:45.082 --> 00:01:45.183 one, 00:01:45.242 --> 00:01:47.564 but we're not going to talk about that. 00:01:47.625 --> 00:01:48.745 We're here to talk about the fact that 00:01:48.784 --> 00:01:51.546 Claude code had its source code leaked 00:01:52.487 --> 00:01:54.188 thanks to some human error. 00:01:55.891 --> 00:01:56.531 To clarify, 00:01:57.132 --> 00:01:59.492 this is the source code for the app 00:01:59.533 --> 00:02:01.713 itself, the Cloud Code CLI, 00:02:03.075 --> 00:02:05.495 not like the models or anything like that. 00:02:05.516 --> 00:02:06.475 But it still gives us a little bit 00:02:06.495 --> 00:02:09.997 of insight into what's going on under the 00:02:10.056 --> 00:02:10.497 hood. 00:02:11.518 --> 00:02:11.698 And... 00:02:13.311 --> 00:02:14.312 I guess I'll go over it a little 00:02:14.352 --> 00:02:15.853 bit, but I'm also mostly going to, 00:02:16.332 --> 00:02:17.794 I mean, we're a privacy podcast, right? 00:02:17.813 --> 00:02:18.835 So we're going to focus mostly on the 00:02:18.854 --> 00:02:19.855 privacy and security stuff. 00:02:20.395 --> 00:02:21.717 But just to kind of give you a 00:02:21.736 --> 00:02:22.616 little bit of a recap. 00:02:22.637 --> 00:02:25.558 So this happened because when they 00:02:25.618 --> 00:02:27.320 published the newest version of the NPM 00:02:27.341 --> 00:02:29.701 package, there was a source map file, 00:02:30.643 --> 00:02:31.362 which I'll be honest, 00:02:31.383 --> 00:02:33.025 that's technical stuff that goes over my 00:02:33.044 --> 00:02:33.205 head. 00:02:33.245 --> 00:02:36.106 But basically it allowed clever people who 00:02:36.167 --> 00:02:36.606 noticed it 00:02:37.048 --> 00:02:38.229 to access the source code. 00:02:38.250 --> 00:02:38.670 Like we said, 00:02:38.711 --> 00:02:41.096 it was almost two thousand TypeScript 00:02:41.135 --> 00:02:42.939 files and more than five hundred and 00:02:42.960 --> 00:02:44.462 twelve thousand lines of code. 00:02:44.502 --> 00:02:45.844 I saw somebody else round up to five 00:02:45.865 --> 00:02:46.926 hundred and thirteen thousand. 00:02:46.987 --> 00:02:48.030 So, yeah. 00:02:49.695 --> 00:02:50.175 I mean, 00:02:50.195 --> 00:02:51.896 it's one of those once the cat's out 00:02:51.917 --> 00:02:52.777 of the bag things, right? 00:02:52.798 --> 00:02:54.019 Or once the horse has left the barn. 00:02:54.598 --> 00:02:58.100 Because everybody quickly went and 00:02:58.121 --> 00:02:58.921 downloaded this, 00:02:58.942 --> 00:03:01.983 and there's other repos are springing up, 00:03:02.003 --> 00:03:03.243 which we'll talk about that in a second. 00:03:04.164 --> 00:03:05.686 Anthropic tried to get some of them taken 00:03:05.705 --> 00:03:07.387 down with a DMCA takedown, 00:03:07.426 --> 00:03:08.608 a copyright thing, basically. 00:03:09.854 --> 00:03:11.276 unrelated we're not going to talk about it 00:03:11.317 --> 00:03:12.979 but you know there was a whole uh 00:03:13.721 --> 00:03:16.425 like github interpreted that dmca 00:03:16.485 --> 00:03:18.367 according to the the official story github 00:03:18.388 --> 00:03:19.990 interpreted that dmca a little harshly and 00:03:20.009 --> 00:03:21.893 took down even things that were not 00:03:21.913 --> 00:03:23.655 supposed to be taken down but yeah it's 00:03:23.735 --> 00:03:24.917 it's been a whole thing um 00:03:25.677 --> 00:03:28.860 So I've also seen some pretty polarizing 00:03:29.001 --> 00:03:30.322 takes here because I think it was this 00:03:30.361 --> 00:03:30.622 article. 00:03:30.662 --> 00:03:30.921 Yeah, 00:03:31.262 --> 00:03:33.283 this article said that its sophistication 00:03:33.304 --> 00:03:35.044 is, quote, both inspiring and humbling, 00:03:35.085 --> 00:03:36.246 according to some people who looked at the 00:03:36.286 --> 00:03:36.546 code. 00:03:37.046 --> 00:03:38.307 I saw some people on Mastodon look at 00:03:38.328 --> 00:03:39.549 the code and say that it was pretty 00:03:39.568 --> 00:03:41.790 sloppy and kind of shocking that it was 00:03:41.830 --> 00:03:42.251 so bad. 00:03:42.311 --> 00:03:43.252 But I mean, to be fair, 00:03:43.692 --> 00:03:45.312 Mastodon tends to be a pretty anti-AI 00:03:45.353 --> 00:03:45.674 crowd. 00:03:45.693 --> 00:03:46.854 So I don't know who's telling the truth 00:03:46.875 --> 00:03:47.254 there, but. 00:03:47.967 --> 00:03:48.187 Yeah. 00:03:49.769 --> 00:03:51.031 So, and then real quick, 00:03:51.070 --> 00:03:54.313 before I jump into an analysis part, 00:03:54.955 --> 00:03:56.256 we have like a follow-up to this story 00:03:56.276 --> 00:03:56.977 that's related that says, 00:03:56.997 --> 00:03:58.938 Clawed code leak used to push InfoStealer 00:03:58.979 --> 00:03:59.780 malware on GitHub. 00:04:00.540 --> 00:04:02.362 And this one comes from Bleeping Computer. 00:04:02.423 --> 00:04:04.746 Basically, once the leak was out there, 00:04:05.486 --> 00:04:06.627 a lot of people started... 00:04:07.468 --> 00:04:09.591 putting up their own GitHub repos where 00:04:09.610 --> 00:04:11.133 they would advertise that this was cloud 00:04:11.173 --> 00:04:14.697 code with all the paywalled stuff removed, 00:04:14.736 --> 00:04:15.157 basically. 00:04:15.176 --> 00:04:16.759 So free premium cloud code. 00:04:17.338 --> 00:04:19.040 And they would game the SEO to make 00:04:19.060 --> 00:04:20.562 sure that it would show up in the 00:04:20.603 --> 00:04:20.882 front. 00:04:20.942 --> 00:04:22.225 If y'all are watching the video, 00:04:22.245 --> 00:04:22.985 you can see here, 00:04:23.886 --> 00:04:25.548 this one outlined in red is like the 00:04:25.608 --> 00:04:26.968 third result from the top on Google. 00:04:26.990 --> 00:04:28.591 And this is one of the malicious ones 00:04:28.610 --> 00:04:29.632 that the article focused on. 00:04:30.817 --> 00:04:33.098 And yeah, turns out, shocker, 00:04:33.259 --> 00:04:35.240 it includes an InfoStealer malware. 00:04:36.000 --> 00:04:36.781 I'm going to go out on a limb. 00:04:36.802 --> 00:04:37.663 The article didn't say this, 00:04:37.682 --> 00:04:38.502 but I'm going to go out on a 00:04:38.523 --> 00:04:40.084 limb and say that it did work once 00:04:40.105 --> 00:04:40.745 you fired it up. 00:04:41.365 --> 00:04:43.067 Because usually that's how it is, right? 00:04:43.107 --> 00:04:43.487 It works, 00:04:43.526 --> 00:04:44.687 so you don't think anything's wrong. 00:04:45.168 --> 00:04:46.048 But when you install it, 00:04:46.108 --> 00:04:47.870 it's actually got that InfoStealer in 00:04:47.891 --> 00:04:48.050 there. 00:04:48.071 --> 00:04:49.271 And they said that there were multiple 00:04:49.372 --> 00:04:50.312 repos like this. 00:04:50.632 --> 00:04:50.793 So... 00:04:52.014 --> 00:04:54.495 yeah so um cyber security takeaways from 00:04:54.516 --> 00:04:57.098 this the we're covering this as a headline 00:04:57.117 --> 00:04:58.559 story partially because this is a really 00:04:58.598 --> 00:05:00.860 big story going around right but there's 00:05:00.940 --> 00:05:02.802 there's a couple reminders here um one of 00:05:02.822 --> 00:05:05.225 them is as far as the uh the 00:05:05.264 --> 00:05:06.865 repo thing goes you know we we always 00:05:06.886 --> 00:05:08.346 talk about making sure you get things from 00:05:08.367 --> 00:05:10.970 an official source and um not not to 00:05:10.990 --> 00:05:11.949 go too far out of my way to 00:05:11.990 --> 00:05:13.451 pick on google here not like they don't 00:05:13.471 --> 00:05:15.153 deserve it but uh you know we've been 00:05:15.173 --> 00:05:16.814 covering a lot this whole google side 00:05:16.834 --> 00:05:18.235 loading story and you know google 00:05:19.059 --> 00:05:21.540 is trying to act like, oh, 00:05:21.560 --> 00:05:22.821 this is all for security, right? 00:05:23.680 --> 00:05:25.141 It's dangerous to get apps from a 00:05:25.182 --> 00:05:25.982 third-party store, 00:05:26.081 --> 00:05:27.802 even though the Play Store has plenty of 00:05:27.822 --> 00:05:28.502 malware on its own. 00:05:28.963 --> 00:05:29.963 But even so, 00:05:31.625 --> 00:05:32.725 the point being is get things from a 00:05:32.764 --> 00:05:33.505 trusted source. 00:05:35.346 --> 00:05:37.226 Signal, for example, does have an APK, 00:05:37.247 --> 00:05:38.108 but it's kind of hard to find. 00:05:38.168 --> 00:05:39.208 But it is okay to get it from 00:05:39.228 --> 00:05:40.369 the Play Store because that's a trusted 00:05:40.408 --> 00:05:40.689 source. 00:05:41.329 --> 00:05:41.509 Um, 00:05:41.528 --> 00:05:42.910 there's also other places that you could 00:05:42.930 --> 00:05:44.290 get the APK directly. 00:05:44.670 --> 00:05:45.951 There's third party app stores like F 00:05:45.971 --> 00:05:46.230 droid, 00:05:46.250 --> 00:05:48.091 which I know have some concerns about 00:05:48.110 --> 00:05:48.230 them. 00:05:48.271 --> 00:05:49.451 But the point being is like, 00:05:49.471 --> 00:05:51.692 this is when I go to download something, 00:05:51.812 --> 00:05:53.093 typically what I do is I go straight 00:05:53.112 --> 00:05:54.733 to the developer's website and I go, okay, 00:05:54.773 --> 00:05:55.853 what are their official channels? 00:05:56.254 --> 00:05:57.514 And then they'll say, you know, it's, 00:05:57.653 --> 00:05:58.314 it's on the play store. 00:05:58.334 --> 00:05:59.115 It's on F droid. 00:05:59.454 --> 00:06:01.055 It's on GitHub directly. 00:06:01.136 --> 00:06:02.196 And then I'll look at the list and 00:06:02.235 --> 00:06:03.435 decide which one I want to use. 00:06:03.855 --> 00:06:05.536 It's not so much the channel it's making 00:06:05.576 --> 00:06:06.976 sure it's, it's official. 00:06:07.677 --> 00:06:07.817 Um, 00:06:08.697 --> 00:06:11.978 So maybe don't try to get free Claude 00:06:12.019 --> 00:06:13.519 doing that. 00:06:13.600 --> 00:06:14.060 And then, yeah, 00:06:14.100 --> 00:06:17.161 just the other takeaway I had was the 00:06:17.201 --> 00:06:18.300 whole source code leak thing. 00:06:19.721 --> 00:06:21.422 Anthropic was really quick to own up that 00:06:21.461 --> 00:06:22.723 it was a human error. 00:06:22.762 --> 00:06:25.062 They said here, what was it? 00:06:25.103 --> 00:06:25.423 Yeah, 00:06:25.744 --> 00:06:27.403 this was a release packaging issue caused 00:06:27.423 --> 00:06:29.125 by human error, not a security breach. 00:06:31.045 --> 00:06:31.444 Yeah, 00:06:31.524 --> 00:06:32.745 not like AI doesn't do this kind of 00:06:32.766 --> 00:06:33.365 stuff all the time. 00:06:33.505 --> 00:06:34.446 But, you know, 00:06:34.526 --> 00:06:35.947 it's just remembering that there is... 00:06:38.072 --> 00:06:39.553 remembering the human element in 00:06:39.613 --> 00:06:39.934 everything. 00:06:39.954 --> 00:06:40.115 You know, 00:06:40.134 --> 00:06:42.658 if you listen to any social engineering 00:06:42.677 --> 00:06:42.958 people, 00:06:42.997 --> 00:06:44.100 they're always quick to point out that 00:06:44.139 --> 00:06:45.822 humans tend to be the weakest link in 00:06:45.901 --> 00:06:46.442 any system. 00:06:46.562 --> 00:06:46.762 You know, 00:06:46.822 --> 00:06:48.004 I could spend a lot of time trying 00:06:48.045 --> 00:06:48.204 to, 00:06:48.865 --> 00:06:49.846 if I'm trying to get into a building, 00:06:49.906 --> 00:06:50.088 right? 00:06:50.168 --> 00:06:51.149 I could spend a lot of time trying 00:06:51.168 --> 00:06:52.630 to hack the door code or the card 00:06:52.670 --> 00:06:53.271 readers or whatever, 00:06:53.831 --> 00:06:55.112 Or I could come up with a really 00:06:55.132 --> 00:06:56.574 convincing story for why I need to be 00:06:56.593 --> 00:06:56.814 there, 00:06:57.194 --> 00:06:58.555 usually involving a high-vis vest and a 00:06:58.576 --> 00:06:59.677 clipboard, in my opinion. 00:07:00.197 --> 00:07:01.197 But yeah, 00:07:01.458 --> 00:07:04.319 so I think those are kind of the 00:07:04.339 --> 00:07:06.942 more technical things that I took away. 00:07:07.362 --> 00:07:07.622 Jonah, 00:07:07.642 --> 00:07:09.704 was there anything specific about this 00:07:09.725 --> 00:07:11.966 story that jumped out to you from your 00:07:12.045 --> 00:07:12.666 expertise? 00:07:13.334 --> 00:07:14.795 yeah there were a couple things that i 00:07:14.855 --> 00:07:17.137 noticed and i was trying to find a 00:07:17.218 --> 00:07:19.300 tweet that i saw from somebody else but 00:07:19.360 --> 00:07:22.803 i couldn't pull it up here um but 00:07:22.824 --> 00:07:24.786 i'll talk about some stuff going back to 00:07:24.805 --> 00:07:26.487 what you said about mastodon i do think 00:07:26.528 --> 00:07:27.788 it's interesting um 00:07:28.569 --> 00:07:31.690 like the supposed quality or sloppiness of 00:07:31.730 --> 00:07:32.190 the code, 00:07:32.670 --> 00:07:34.732 because I believe Anthropic has said for a 00:07:34.791 --> 00:07:36.353 while that all of their code base is 00:07:36.432 --> 00:07:38.713 now AI-generated by all of their 00:07:38.733 --> 00:07:39.233 developers. 00:07:39.713 --> 00:07:42.495 That does, I think, 00:07:43.074 --> 00:07:45.355 at least bring into question whether you 00:07:45.375 --> 00:07:48.036 can DMCA or copyright any of this code 00:07:48.136 --> 00:07:48.497 at all. 00:07:49.297 --> 00:07:50.536 Maybe you can't because it's all 00:07:50.617 --> 00:07:51.358 AI-generated, 00:07:51.398 --> 00:07:53.598 which AI companies have been pretty firm 00:07:53.658 --> 00:07:55.178 about saying, you know, this is not... 00:07:56.744 --> 00:07:58.785 like a copyright concern at all. 00:07:59.286 --> 00:08:00.687 So it's kind of a taste of their 00:08:00.726 --> 00:08:02.127 own medicine there that all of this is 00:08:02.206 --> 00:08:02.827 out, I think. 00:08:05.129 --> 00:08:07.151 The main thing that I think we see 00:08:07.310 --> 00:08:10.091 in this source code, 00:08:10.192 --> 00:08:11.132 because like you said, 00:08:11.153 --> 00:08:12.153 the models aren't leaked, 00:08:12.233 --> 00:08:14.735 but there is a lot of information about 00:08:14.834 --> 00:08:15.035 the 00:08:16.076 --> 00:08:19.040 system prompts that Claude uses for a lot 00:08:19.079 --> 00:08:19.880 of different tasks, 00:08:21.903 --> 00:08:23.925 which definitely gives a lot of insight 00:08:23.985 --> 00:08:28.451 into how Claude works and how like, 00:08:29.391 --> 00:08:31.194 it like to to their competitors, 00:08:31.233 --> 00:08:33.056 I think it gives a lot of insight, 00:08:33.115 --> 00:08:34.658 like how you could make a similar product 00:08:34.697 --> 00:08:35.099 and also 00:08:35.519 --> 00:08:37.200 to people who are trying to do prompt 00:08:37.240 --> 00:08:38.700 injections to bypass some of the 00:08:38.740 --> 00:08:41.081 restrictions in placing cloud code, 00:08:41.360 --> 00:08:43.221 you can more easily see how they're 00:08:43.241 --> 00:08:45.121 implemented and get around them. 00:08:45.201 --> 00:08:46.342 So I don't know how people are going 00:08:46.363 --> 00:08:47.503 to end up using that, 00:08:47.523 --> 00:08:48.703 but I think that there is a lot 00:08:48.744 --> 00:08:54.166 of opportunity for people to do something 00:08:54.206 --> 00:08:54.566 with it. 00:08:55.186 --> 00:08:57.547 All of the AI stuff, I mean, 00:08:57.567 --> 00:08:59.106 we've talked about it on the show before, 00:08:59.527 --> 00:08:59.767 not... 00:09:01.871 --> 00:09:04.554 the most interesting to me from a security 00:09:04.595 --> 00:09:05.596 or privacy standpoint, 00:09:05.615 --> 00:09:08.698 because like cloud code and all of these 00:09:08.820 --> 00:09:09.299 AI models, 00:09:09.320 --> 00:09:11.863 they're going to run fully in the cloud. 00:09:11.883 --> 00:09:13.203 So they get all of this information. 00:09:13.325 --> 00:09:15.287 I think it is sort of dangerous to 00:09:15.307 --> 00:09:16.427 be using and relying on, 00:09:16.467 --> 00:09:18.210 especially for sensitive information. 00:09:18.250 --> 00:09:20.451 And that hasn't changed from any of this. 00:09:23.096 --> 00:09:24.616 But yeah, it's interesting stuff. 00:09:24.937 --> 00:09:26.477 The tweet that I was trying to pull 00:09:26.597 --> 00:09:31.558 up talked about how Claude and how 00:09:31.678 --> 00:09:36.480 Anthropic is using their AI to contribute 00:09:36.840 --> 00:09:38.759 security patches to a lot of different 00:09:38.840 --> 00:09:39.720 open source projects. 00:09:40.541 --> 00:09:42.061 And they've been doing that out in the 00:09:42.201 --> 00:09:42.520 open. 00:09:43.660 --> 00:09:44.000 Certainly, 00:09:44.201 --> 00:09:45.942 I've seen a lot of security 00:09:45.981 --> 00:09:47.261 vulnerabilities submitted to 00:09:47.861 --> 00:09:49.942 GitHub from Anthropic. 00:09:49.982 --> 00:09:51.923 I think one of the latest Mastodon 00:09:51.943 --> 00:09:55.346 security vulnerabilities in patches was 00:09:55.405 --> 00:09:56.846 submitted by Anthropic. 00:09:56.907 --> 00:09:59.548 So I believe I've seen contributions to 00:09:59.587 --> 00:10:01.168 that and to Firefox and a lot of 00:10:01.249 --> 00:10:03.309 other open source projects from them. 00:10:05.691 --> 00:10:06.130 Unfortunately, 00:10:06.150 --> 00:10:07.331 I just cannot find this source, 00:10:07.371 --> 00:10:08.451 but maybe I'll be able to pull it 00:10:08.511 --> 00:10:09.292 up later. 00:10:09.852 --> 00:10:13.053 But I saw some information about internal 00:10:13.094 --> 00:10:15.815 tools that Anthropic is using where the 00:10:15.855 --> 00:10:16.654 system prompt is like, 00:10:16.695 --> 00:10:18.475 create these security vulnerability 00:10:18.515 --> 00:10:22.096 patches without giving any indication that 00:10:22.256 --> 00:10:23.736 AI or cloud code is used at all. 00:10:25.317 --> 00:10:28.958 So it's very specifically told not to 00:10:29.058 --> 00:10:31.179 attribute anything to cloud or Anthropic. 00:10:31.820 --> 00:10:32.519 It's told... 00:10:34.471 --> 00:10:34.671 you know, 00:10:34.730 --> 00:10:36.533 not to include comments that might 00:10:36.572 --> 00:10:38.575 indicate it's AI, et cetera. 00:10:38.595 --> 00:10:41.317 So I think that that's really interesting 00:10:41.357 --> 00:10:42.018 that they are, 00:10:42.938 --> 00:10:44.279 I don't know what cases they're using 00:10:44.320 --> 00:10:45.321 those tools in. 00:10:46.221 --> 00:10:47.663 I would have to find out more information 00:10:47.682 --> 00:10:48.024 about that, 00:10:48.043 --> 00:10:51.427 but I think it's interesting that they are 00:10:51.466 --> 00:10:51.927 doing that. 00:10:53.200 --> 00:10:53.320 Yeah, 00:10:53.340 --> 00:10:54.341 it looks like you pulled up on the 00:10:54.461 --> 00:10:56.562 screen some of the instructions that I 00:10:56.583 --> 00:10:56.663 saw. 00:10:56.683 --> 00:10:56.764 Yeah, 00:10:56.783 --> 00:10:58.306 I found it on another article from Ars 00:10:58.326 --> 00:10:58.706 Technica. 00:10:58.745 --> 00:10:59.586 Yeah, 00:10:59.606 --> 00:11:00.969 I don't know where the original thing is. 00:11:01.028 --> 00:11:01.668 But yeah, 00:11:01.750 --> 00:11:04.393 basically they were saying there's an 00:11:04.452 --> 00:11:05.614 undercover mode. 00:11:05.634 --> 00:11:07.076 So as you can see there... 00:11:09.106 --> 00:11:10.687 they're basically telling Claude that 00:11:10.707 --> 00:11:12.708 they're operating undercover in a public 00:11:12.769 --> 00:11:13.929 open source repository. 00:11:14.009 --> 00:11:16.932 So they can't contain any Anthropic 00:11:17.251 --> 00:11:18.653 related information. 00:11:20.394 --> 00:11:22.335 I can imagine that's probably used because 00:11:22.375 --> 00:11:25.917 a lot of open source projects are very 00:11:26.037 --> 00:11:29.578 anti-AI contributions and anti-AI pull 00:11:29.599 --> 00:11:31.879 requests and just automatically close 00:11:31.899 --> 00:11:33.600 anything that's AI generated. 00:11:34.061 --> 00:11:35.481 So this is probably a way for them 00:11:35.562 --> 00:11:35.701 to 00:11:37.062 --> 00:11:39.583 um try and get around those restrictions 00:11:40.703 --> 00:11:43.164 whether that's a good idea for them to 00:11:43.184 --> 00:11:45.285 be doing or not i guess that's a 00:11:45.326 --> 00:11:48.346 debate but um it seems to be what 00:11:48.386 --> 00:11:50.148 they what they are doing and that's kind 00:11:50.187 --> 00:11:51.528 of confirmed with this so i thought that 00:11:51.548 --> 00:11:56.549 that was um fascinating yeah i agree i 00:11:56.951 --> 00:11:58.610 i feel very torn on that because on 00:11:58.630 --> 00:12:00.432 the one hand um 00:12:03.107 --> 00:12:04.389 there's probably an angle I'm missing 00:12:04.428 --> 00:12:04.609 here. 00:12:05.269 --> 00:12:05.889 On the one hand, 00:12:06.431 --> 00:12:07.611 I understand the idea of like, 00:12:07.652 --> 00:12:08.772 let's just assume they're doing that 00:12:08.792 --> 00:12:09.653 altruistically, right? 00:12:09.692 --> 00:12:10.874 Like we want to make these open source 00:12:10.913 --> 00:12:11.453 projects better. 00:12:11.494 --> 00:12:12.595 We want to make them more secure. 00:12:13.556 --> 00:12:13.775 You know, 00:12:13.855 --> 00:12:16.817 like I don't think at Privacy Guides, 00:12:16.837 --> 00:12:17.979 for example, correct me if I'm wrong, 00:12:18.278 --> 00:12:20.500 we don't typically go out and solicit 00:12:20.520 --> 00:12:21.282 people to like, hey, 00:12:21.302 --> 00:12:22.562 come check out our website and make sure 00:12:22.582 --> 00:12:23.763 all this information is accurate. 00:12:24.224 --> 00:12:26.144 But we totally welcome it if somebody does 00:12:26.184 --> 00:12:27.206 come up and they're like, hey, 00:12:27.265 --> 00:12:29.587 I found an inaccuracy and they report it. 00:12:30.207 --> 00:12:31.227 And I feel like that's kind of what 00:12:31.248 --> 00:12:32.609 they're doing is, you know, 00:12:32.668 --> 00:12:33.129 on the one hand, 00:12:33.149 --> 00:12:34.369 it's like it's still creating a more 00:12:34.408 --> 00:12:35.450 secure project, right? 00:12:35.490 --> 00:12:37.490 Assuming that the bug report is good. 00:12:37.551 --> 00:12:40.792 I know that's historically been a problem 00:12:40.812 --> 00:12:42.471 is a lot of AI slot bug reports 00:12:42.491 --> 00:12:44.732 that aren't really valid and they're not 00:12:44.773 --> 00:12:46.653 really bugs or whatever the case. 00:12:47.254 --> 00:12:48.774 And semi-related, 00:12:48.793 --> 00:12:50.195 but I did see an article earlier this 00:12:50.235 --> 00:12:50.394 week. 00:12:50.761 --> 00:12:52.342 that said that actually there's been a 00:12:52.423 --> 00:12:54.562 noticeable increase in quality on AI bug 00:12:54.602 --> 00:12:54.964 reports. 00:12:55.083 --> 00:12:57.104 So maybe they're starting to make some 00:12:57.144 --> 00:12:57.745 progress on that. 00:12:57.784 --> 00:12:59.325 But either way, point being, 00:12:59.605 --> 00:13:01.086 I understand the idea of the end result 00:13:01.125 --> 00:13:02.385 is the same and either way it makes 00:13:02.405 --> 00:13:03.366 the project more secure. 00:13:03.807 --> 00:13:05.466 But it also feels very disrespectful of 00:13:05.506 --> 00:13:09.729 like, if I don't want AI reporting it, 00:13:09.788 --> 00:13:10.729 why would you go out of your way 00:13:10.749 --> 00:13:11.690 to hide that? 00:13:12.549 --> 00:13:13.269 And I don't know, 00:13:13.350 --> 00:13:14.610 it's a really weird thing and I don't 00:13:14.630 --> 00:13:15.551 know how to feel about it. 00:13:15.890 --> 00:13:16.831 But I did see that too. 00:13:16.871 --> 00:13:17.851 That's really strange. 00:13:18.299 --> 00:13:20.282 yeah i would be really interested to see 00:13:20.322 --> 00:13:23.785 data on like all of the security related 00:13:23.865 --> 00:13:25.947 pull requests or vulnerability reports 00:13:25.988 --> 00:13:27.990 that anthropic specifically has reported 00:13:28.009 --> 00:13:29.611 because i feel like there's two different 00:13:29.652 --> 00:13:32.134 types of ai contributions to to these 00:13:32.174 --> 00:13:33.515 projects i think a lot of them are 00:13:33.535 --> 00:13:37.100 kind of slop contributions because a lot 00:13:37.200 --> 00:13:37.320 of 00:13:38.222 --> 00:13:39.465 a lot of people in the open source 00:13:39.485 --> 00:13:43.489 space or some students, for example, 00:13:43.528 --> 00:13:46.373 they want to pad their GitHub profiles 00:13:46.413 --> 00:13:47.693 because it looks more attractive to 00:13:47.714 --> 00:13:48.154 developers. 00:13:48.215 --> 00:13:50.597 I see that quite a bit where if 00:13:50.618 --> 00:13:52.239 you can get like a PR merge into 00:13:52.259 --> 00:13:52.919 a major project, 00:13:52.940 --> 00:13:53.461 it just kind of 00:13:54.437 --> 00:13:55.597 looks good for you. 00:13:55.717 --> 00:13:57.860 And so I think a lot of people 00:13:57.879 --> 00:14:00.240 are just spreading a wide net and just 00:14:00.542 --> 00:14:02.503 submitting a ton of AI slot pull requests 00:14:02.543 --> 00:14:03.823 and hoping that some of them get accepted, 00:14:03.844 --> 00:14:06.066 which is very annoying for open source 00:14:06.086 --> 00:14:06.625 maintainers. 00:14:07.466 --> 00:14:08.386 But on the other hand, 00:14:08.548 --> 00:14:10.129 if Anthropic themselves, 00:14:10.168 --> 00:14:11.950 if they have a legitimate interest in 00:14:11.990 --> 00:14:14.032 improving open source tools, 00:14:14.091 --> 00:14:16.192 which they probably do because a lot of 00:14:16.212 --> 00:14:18.414 these big companies do use these open 00:14:18.455 --> 00:14:20.475 source tools themselves for a lot of 00:14:20.495 --> 00:14:21.136 different reasons, 00:14:21.716 --> 00:14:22.837 I can imagine that 00:14:24.403 --> 00:14:27.065 like somebody being like an engineer at 00:14:27.125 --> 00:14:29.586 Anthropic being paid to use AI and submit 00:14:29.606 --> 00:14:33.669 these pull requests might be doing a 00:14:33.710 --> 00:14:35.610 better job in not just completely 00:14:35.650 --> 00:14:38.072 submitting slop but like using AI to find 00:14:38.113 --> 00:14:39.714 these vulnerabilities and write this code 00:14:39.754 --> 00:14:41.014 but checking it themselves before 00:14:41.054 --> 00:14:43.437 submitting it and writing like explainers 00:14:43.456 --> 00:14:44.837 because they're getting paid to do this 00:14:44.918 --> 00:14:46.778 unlike the people who are just you know 00:14:47.279 --> 00:14:48.520 rapid fire submitting 00:14:49.240 --> 00:14:51.042 vulnerability reports and PRs, right? 00:14:51.422 --> 00:14:52.643 I don't know if that's true or not, 00:14:52.682 --> 00:14:55.744 but I would imagine Anthropic would 00:14:55.783 --> 00:14:57.424 probably argue that that's true and would 00:14:57.465 --> 00:14:59.686 probably use that as the reason that 00:15:00.225 --> 00:15:01.027 they're doing this. 00:15:02.508 --> 00:15:03.028 And like I said, 00:15:03.087 --> 00:15:06.249 I have definitely seen AI companies report 00:15:06.288 --> 00:15:08.110 security vulnerabilities that were patched 00:15:08.169 --> 00:15:09.130 to open source projects, 00:15:09.150 --> 00:15:10.150 and some of them were major 00:15:10.191 --> 00:15:10.851 vulnerabilities. 00:15:10.932 --> 00:15:14.533 So there is some merit to the idea 00:15:14.552 --> 00:15:16.734 that AI can find these vulnerabilities 00:15:18.014 --> 00:15:19.716 more easily than, I mean, 00:15:19.816 --> 00:15:20.876 I don't know if it's more easily than 00:15:20.917 --> 00:15:22.317 people who are auditing the code, 00:15:22.378 --> 00:15:24.480 but it certainly is happening. 00:15:25.100 --> 00:15:27.741 So yeah, I mean, 00:15:27.942 --> 00:15:31.345 if all of the reports that Anthropic 00:15:31.365 --> 00:15:34.528 themselves are submitting are accurate and 00:15:34.567 --> 00:15:36.048 worthwhile to fix, 00:15:38.591 --> 00:15:40.011 I don't know if that's necessarily a 00:15:40.072 --> 00:15:40.432 problem. 00:15:40.552 --> 00:15:41.513 But of course, people are 00:15:42.802 --> 00:15:45.604 all along the spectrum of AI and AI 00:15:45.744 --> 00:15:47.865 contributions and AI code specifically. 00:15:47.965 --> 00:15:49.666 So yeah, 00:15:49.806 --> 00:15:51.687 I think that's going to be quite a 00:15:51.727 --> 00:15:54.668 debate in the open source community for a 00:15:54.729 --> 00:15:55.149 while, 00:15:55.269 --> 00:15:56.791 and I don't know how people are going 00:15:56.811 --> 00:16:00.153 to handle that. 00:16:00.192 --> 00:16:01.774 Yeah, I don't know either. 00:16:03.195 --> 00:16:04.576 It seems like one of the better uses 00:16:04.596 --> 00:16:05.635 of AI, in my opinion, 00:16:05.735 --> 00:16:10.119 as opposed to writing songs or putting out 00:16:10.379 --> 00:16:11.039 blog posts. 00:16:12.426 --> 00:16:13.905 It's still just, yeah. 00:16:14.187 --> 00:16:17.606 Like you said, what, what would be the, 00:16:17.648 --> 00:16:19.207 I wonder what the success ratio is, 00:16:19.268 --> 00:16:20.447 especially from Claude. 00:16:20.467 --> 00:16:21.629 And is there a human review? 00:16:21.749 --> 00:16:22.948 It doesn't sound like it from that, 00:16:23.068 --> 00:16:24.168 that snippet that I shared, 00:16:24.229 --> 00:16:25.710 but that's personally, 00:16:25.750 --> 00:16:26.509 that's where I fall. 00:16:26.529 --> 00:16:26.730 Like, 00:16:26.789 --> 00:16:28.630 I don't mind and I'm not a developer, 00:16:28.650 --> 00:16:30.230 so maybe I just don't understand how, 00:16:30.350 --> 00:16:31.650 how bad the problem is, but like, 00:16:32.131 --> 00:16:32.631 I would imagine, 00:16:32.751 --> 00:16:34.471 I don't mind if AI helps you find 00:16:34.491 --> 00:16:35.091 the vulnerability, 00:16:35.152 --> 00:16:36.472 as long as a human looks it over. 00:16:37.332 --> 00:16:40.315 um but yeah i'm sure there's a lot 00:16:40.336 --> 00:16:41.395 of people that are not doing that 00:16:41.535 --> 00:16:43.878 unfortunately so yeah i mean we've we've 00:16:43.898 --> 00:16:45.799 definitely talked about this in the 00:16:45.840 --> 00:16:47.921 privacy guys community and when we're 00:16:47.941 --> 00:16:49.361 talking about all these different tools 00:16:49.381 --> 00:16:52.043 that we recommend um people really want to 00:16:52.085 --> 00:16:55.027 see audits but they're extremely expensive 00:16:55.366 --> 00:16:58.509 and um if ai is not being used 00:16:58.528 --> 00:17:00.530 to like write new code but it's being 00:17:00.730 --> 00:17:02.331 used as like a second pair of eyes 00:17:02.392 --> 00:17:03.894 to take a look at all of this 00:17:03.913 --> 00:17:06.536 code that could be a good thing um 00:17:08.017 --> 00:17:08.277 You know, 00:17:08.616 --> 00:17:12.878 it is not going to be perfectly accurate, 00:17:12.959 --> 00:17:14.099 but if we're being honest, 00:17:14.140 --> 00:17:15.840 all of these security audits that projects 00:17:15.861 --> 00:17:17.862 are paying for are not completely accurate 00:17:17.882 --> 00:17:19.804 or totally thorough either. 00:17:20.604 --> 00:17:22.805 And they're certainly going to be cheaper 00:17:22.825 --> 00:17:26.247 to run AI than have a whole team 00:17:26.267 --> 00:17:28.228 of people auditing this code. 00:17:28.288 --> 00:17:31.790 So while I would imagine it's probably 00:17:31.810 --> 00:17:32.411 going to... 00:17:34.530 --> 00:17:37.393 be worse quality and probably have more 00:17:37.492 --> 00:17:39.574 false positives if you're using AI. 00:17:39.673 --> 00:17:43.557 I do think that doing it and revealing 00:17:43.596 --> 00:17:45.317 some of these vulnerabilities is probably 00:17:45.337 --> 00:17:47.038 better for a lot of open source code 00:17:47.058 --> 00:17:49.621 bases than not doing any sort of audits 00:17:49.701 --> 00:17:52.742 at all and just hoping that the maintainer 00:17:52.803 --> 00:17:53.824 catches all of these bugs. 00:17:53.884 --> 00:17:57.286 So I can definitely see a use case 00:17:57.306 --> 00:17:57.506 here. 00:17:57.625 --> 00:17:59.007 It's a tricky situation. 00:18:00.717 --> 00:18:01.357 Yeah, for sure. 00:18:01.978 --> 00:18:03.318 I know it's not really AI per se, 00:18:03.338 --> 00:18:05.580 but I know, and you probably do too. 00:18:05.641 --> 00:18:07.122 I get the emails from GitHub every once 00:18:07.142 --> 00:18:07.422 in a while. 00:18:07.442 --> 00:18:08.202 That's like, Hey, 00:18:08.723 --> 00:18:10.984 there's a thing that you use NPM or 00:18:11.005 --> 00:18:11.385 whatever, 00:18:11.526 --> 00:18:13.067 and there's like a vulnerability go ahead 00:18:13.086 --> 00:18:13.708 and upgrade. 00:18:14.428 --> 00:18:16.309 So yeah, I, I would be, uh, 00:18:16.329 --> 00:18:18.290 I don't know. 00:18:18.310 --> 00:18:18.811 I mean, mine's, 00:18:18.872 --> 00:18:20.073 mine's just a static website, 00:18:20.093 --> 00:18:21.334 so I can't imagine the damage would be 00:18:21.433 --> 00:18:22.434 too terrible, 00:18:22.474 --> 00:18:25.457 but still it's nice to get that proactive 00:18:25.737 --> 00:18:26.917 without having to go out and get a 00:18:26.958 --> 00:18:28.058 whole code audit thing. 00:18:28.098 --> 00:18:30.300 So useful stuff. 00:18:32.672 --> 00:18:36.535 But I don't have anything to add to 00:18:36.575 --> 00:18:38.296 that story unless you did. 00:18:38.777 --> 00:18:40.357 Did you want to tell us about this 00:18:40.397 --> 00:18:41.699 next story out of California? 00:18:42.659 --> 00:18:43.079 Yeah. 00:18:43.140 --> 00:18:45.681 So this one was reported by the Los 00:18:45.740 --> 00:18:46.602 Angeles Times. 00:18:47.142 --> 00:18:49.044 Their headline is California bill would 00:18:49.104 --> 00:18:51.645 require parent bloggers to delete content 00:18:51.726 --> 00:18:53.727 of minors on social media. 00:18:54.126 --> 00:18:54.887 Yeah. 00:18:57.026 --> 00:18:59.788 So they have a quote here from somebody 00:19:00.107 --> 00:19:01.088 directly impacted. 00:19:02.068 --> 00:19:02.490 It says, 00:19:02.589 --> 00:19:04.010 as the daughter of a social media 00:19:04.171 --> 00:19:04.770 influencer, 00:19:04.911 --> 00:19:06.792 Kami Barrett says she navigates life 00:19:06.813 --> 00:19:08.314 within a digital footprint she wished 00:19:08.334 --> 00:19:08.973 never existed. 00:19:09.374 --> 00:19:11.675 Everything my mom posted is still on 00:19:11.955 --> 00:19:13.257 social media, she said. 00:19:13.616 --> 00:19:15.238 Photos I wish never saw the light of 00:19:15.278 --> 00:19:17.118 day, private details about my health, 00:19:17.199 --> 00:19:18.980 even when I started my first menstrual 00:19:19.040 --> 00:19:19.361 cycle. 00:19:20.181 --> 00:19:22.162 She was saying this at a Wednesday news 00:19:22.201 --> 00:19:24.163 conference to advocate for Senate Bill, 00:19:25.803 --> 00:19:28.084 which would require social media platforms 00:19:28.104 --> 00:19:31.246 to offer a process for adults to request 00:19:31.286 --> 00:19:32.885 the removal of content that features 00:19:32.905 --> 00:19:35.047 themselves as minors and was created by a 00:19:35.086 --> 00:19:37.448 family member who received compensation 00:19:37.468 --> 00:19:40.048 for sharing material online. 00:19:42.609 --> 00:19:44.830 So yeah, this is an interesting story, 00:19:44.871 --> 00:19:46.691 and I guess it specifically relates to all 00:19:46.730 --> 00:19:49.873 of these family influencers that we see, 00:19:49.893 --> 00:19:51.393 which has definitely become more of a 00:19:51.452 --> 00:19:54.213 problem lately. 00:19:54.614 --> 00:19:55.634 Especially, I would imagine, 00:19:55.814 --> 00:19:57.375 in California. 00:19:59.895 --> 00:20:01.655 So it's interesting, 00:20:02.297 --> 00:20:04.217 but probably makes sense that this is only 00:20:04.257 --> 00:20:05.357 going to apply to... 00:20:07.542 --> 00:20:08.923 kind of public influencers, 00:20:09.044 --> 00:20:11.325 ones who are receiving money or 00:20:11.404 --> 00:20:13.184 sponsorships in exchange for all of this 00:20:13.205 --> 00:20:13.526 stuff. 00:20:14.625 --> 00:20:16.606 But it is only going to be available 00:20:16.666 --> 00:20:17.626 for adults. 00:20:17.646 --> 00:20:19.127 So there isn't really a process that 00:20:19.647 --> 00:20:21.469 prevents any of this stuff from being 00:20:21.588 --> 00:20:27.092 posted in the first place or anything like 00:20:27.132 --> 00:20:27.372 that. 00:20:27.412 --> 00:20:30.952 It's only a retroactive thing that 00:20:32.814 --> 00:20:34.694 adults can do about their childhood if 00:20:34.775 --> 00:20:37.576 they were a part of like a family 00:20:37.635 --> 00:20:43.578 influencer situation um does i i would say 00:20:43.598 --> 00:20:44.858 i don't know if that makes a lot 00:20:44.878 --> 00:20:46.400 of sense from my perspective because i 00:20:46.420 --> 00:20:48.221 think as we always say um 00:20:49.881 --> 00:20:51.540 anything that you post on the internet is 00:20:51.580 --> 00:20:53.162 sort of permanent all of this stuff is 00:20:53.182 --> 00:20:55.142 going to be archived and it could be 00:20:55.182 --> 00:20:56.801 potentially years before you're able to 00:20:56.823 --> 00:20:59.403 take any of this stuff down so uh 00:20:59.423 --> 00:21:01.462 children who are like uncomfortable with 00:21:01.523 --> 00:21:04.304 all of this going on um at the 00:21:04.324 --> 00:21:05.584 moment i don't think have a lot of 00:21:05.844 --> 00:21:10.805 protections um and i don't know um how 00:21:10.826 --> 00:21:12.066 that should be handled to be honest i 00:21:12.086 --> 00:21:13.425 know that that's been a debate that's been 00:21:13.445 --> 00:21:16.926 going on for quite a while how children 00:21:16.946 --> 00:21:17.326 should be 00:21:18.166 --> 00:21:20.611 um like compensated for that is that 00:21:20.631 --> 00:21:23.875 considered child labor um there's all 00:21:23.894 --> 00:21:26.278 sorts of laws especially in the 00:21:26.317 --> 00:21:29.201 entertainment industry and in hollywood 00:21:29.402 --> 00:21:32.886 and on the internet um that that come 00:21:32.906 --> 00:21:33.807 into play here so 00:21:35.309 --> 00:21:36.309 I don't know if this is going to 00:21:36.349 --> 00:21:39.030 really impact a lot of the people that 00:21:39.090 --> 00:21:41.730 we see in the privacy guides community who 00:21:41.750 --> 00:21:43.511 are trying to clean up their digital 00:21:43.551 --> 00:21:44.092 footprint, 00:21:44.172 --> 00:21:45.852 because I think a lot of people are 00:21:45.892 --> 00:21:49.133 more concerned about smaller scale 00:21:49.653 --> 00:21:51.472 situations than some of these commercial 00:21:51.492 --> 00:21:53.012 ventures that this bill is going to 00:21:53.053 --> 00:21:53.713 attack. 00:21:53.733 --> 00:21:56.413 But I do think it's a good idea 00:21:56.513 --> 00:22:00.194 for more privacy protections and some sort 00:22:00.255 --> 00:22:00.335 of 00:22:01.115 --> 00:22:03.415 process to get that data removed if you 00:22:03.435 --> 00:22:04.596 are an adult and you don't want that 00:22:04.615 --> 00:22:05.435 information out there. 00:22:05.516 --> 00:22:07.576 So it seems to be a good thing. 00:22:07.737 --> 00:22:10.777 I'm not sure how effective it'll be or 00:22:10.797 --> 00:22:11.917 if it goes far enough, 00:22:12.097 --> 00:22:14.657 but I think any protections and processes 00:22:14.678 --> 00:22:17.519 to protect your privacy are good at the 00:22:17.538 --> 00:22:18.038 end of the day. 00:22:19.638 --> 00:22:21.279 Was there anything you wanted to note in 00:22:21.299 --> 00:22:22.000 this article, Nate? 00:22:23.440 --> 00:22:25.381 No, I agree with you. 00:22:25.661 --> 00:22:26.121 It's funny. 00:22:28.101 --> 00:22:29.402 I think most people would agree I'm a 00:22:29.461 --> 00:22:29.902 lot more 00:22:31.152 --> 00:22:33.157 lenient with some privacy stuff than a lot 00:22:33.179 --> 00:22:34.241 of other privacy people are. 00:22:34.884 --> 00:22:36.167 But like kids are kind of one of 00:22:36.188 --> 00:22:37.853 the few things where I'm actually kind of 00:22:37.893 --> 00:22:38.134 like, 00:22:39.229 --> 00:22:39.989 like in a perfect world, 00:22:40.048 --> 00:22:41.128 I think it should be illegal to post 00:22:41.169 --> 00:22:42.470 pictures of your kids online at all. 00:22:42.769 --> 00:22:45.210 Um, or at very least publicly, like, 00:22:45.230 --> 00:22:45.390 you know, 00:22:45.410 --> 00:22:46.431 if you're going to post pictures of your 00:22:46.451 --> 00:22:46.691 kids, 00:22:46.730 --> 00:22:49.631 it has to be in like a closed 00:22:49.651 --> 00:22:50.692 group chat or like a, 00:22:50.711 --> 00:22:53.372 a friends only Facebook post again in a 00:22:53.432 --> 00:22:54.673 perfect world, there wouldn't be Facebook, 00:22:54.712 --> 00:22:55.712 but that's beside the point. 00:22:56.393 --> 00:22:57.752 Um, so like, yeah, this, I, 00:22:58.073 --> 00:22:58.712 and I agree with you. 00:22:58.732 --> 00:22:59.334 It's really sad. 00:22:59.394 --> 00:23:01.134 Cause like, even in this article, um, 00:23:01.213 --> 00:23:01.614 one of the, 00:23:02.653 --> 00:23:04.654 one of the people they talked to said 00:23:04.694 --> 00:23:05.154 that, um, 00:23:07.253 --> 00:23:08.555 I think it was that first girl, Barrett. 00:23:09.496 --> 00:23:10.316 Yeah, Kami Barrett. 00:23:10.355 --> 00:23:10.957 Further down, 00:23:11.477 --> 00:23:13.898 she says that she recalled being a target 00:23:13.919 --> 00:23:15.339 for predators and online bullying, 00:23:15.619 --> 00:23:16.961 said her mother was aware of the problems 00:23:17.020 --> 00:23:17.381 it created, 00:23:17.421 --> 00:23:18.842 but continued to share her daughter's life 00:23:18.882 --> 00:23:19.563 on social media. 00:23:19.843 --> 00:23:22.285 So, like, cool, thanks. 00:23:22.365 --> 00:23:24.826 Now that I'm twenty, twenty-five, thirty, 00:23:25.807 --> 00:23:26.907 I can ask you to take it down, 00:23:26.928 --> 00:23:28.429 but that doesn't help me when I'm ten, 00:23:28.588 --> 00:23:30.770 fifteen, sixteen, seventeen. 00:23:31.451 --> 00:23:32.332 You know, like you said, 00:23:32.372 --> 00:23:33.853 the damage is already done in so many 00:23:33.893 --> 00:23:34.472 ways, and... 00:23:36.874 --> 00:23:39.453 I mean, I guess, yeah, I don't know. 00:23:39.513 --> 00:23:40.335 It's just, it's crazy. 00:23:40.515 --> 00:23:42.755 And it's one thing I thought was 00:23:42.775 --> 00:23:44.375 interesting is it says the legislation 00:23:44.454 --> 00:23:46.655 requires that social media platforms offer 00:23:46.695 --> 00:23:48.215 a process for adults to request the 00:23:48.715 --> 00:23:49.736 removal of content. 00:23:50.155 --> 00:23:52.176 And then basically from there, 00:23:52.376 --> 00:23:54.396 they pass it on to the parent and 00:23:54.416 --> 00:23:55.717 the parent has ten days to take it 00:23:55.757 --> 00:23:56.037 down. 00:23:56.156 --> 00:23:56.897 After ten days, 00:23:56.917 --> 00:23:58.218 they get a three thousand dollar a day 00:23:58.238 --> 00:23:58.657 fine. 00:23:59.218 --> 00:24:00.857 So I don't know. 00:24:00.917 --> 00:24:02.258 It's just it's really I'm with you. 00:24:02.298 --> 00:24:03.638 I feel like it doesn't go far enough 00:24:03.739 --> 00:24:04.259 and it doesn't. 00:24:05.935 --> 00:24:07.317 it's not proactive enough, 00:24:07.917 --> 00:24:08.759 but at the same time, I mean, 00:24:08.798 --> 00:24:09.900 I guess it's better than nothing. 00:24:10.119 --> 00:24:13.502 And I think that's, I don't know. 00:24:13.743 --> 00:24:13.884 It's. 00:24:14.586 --> 00:24:15.205 It frustrates me. 00:24:15.465 --> 00:24:16.826 I wish it would do more, 00:24:17.067 --> 00:24:18.948 but it's a story for sure. 00:24:19.307 --> 00:24:20.488 A couple of things to note about this 00:24:20.548 --> 00:24:20.989 story. 00:24:21.969 --> 00:24:23.089 This bill hasn't passed yet. 00:24:23.109 --> 00:24:23.990 It's just a proposal. 00:24:24.450 --> 00:24:26.810 But this the person in question in this 00:24:26.871 --> 00:24:28.872 article was talking about their support 00:24:28.912 --> 00:24:29.352 for it. 00:24:31.333 --> 00:24:34.993 The other thing I would note is similar 00:24:35.013 --> 00:24:36.634 laws do exist in a couple of other 00:24:36.674 --> 00:24:38.236 states, including here in Minnesota. 00:24:38.596 --> 00:24:40.215 There are some laws that 00:24:42.057 --> 00:24:46.740 here restrict um more highly how children 00:24:46.820 --> 00:24:49.262 can participate in like commercial content 00:24:49.303 --> 00:24:51.605 in the first place um so I think 00:24:51.625 --> 00:24:53.066 if you're under thirteen you can't 00:24:53.165 --> 00:24:56.449 actively uh participate in any of this 00:24:56.828 --> 00:24:58.971 content creation at all you can maybe be 00:24:59.050 --> 00:25:01.012 featured in it but you can't be um 00:25:02.028 --> 00:25:03.169 Like an active part in it, 00:25:03.189 --> 00:25:04.789 so I think that in Minnesota, 00:25:04.809 --> 00:25:06.431 at least a lot of those toy unboxing 00:25:06.471 --> 00:25:08.133 channels where people have their children 00:25:08.212 --> 00:25:09.733 unbox a bunch of toys and that kind 00:25:09.753 --> 00:25:11.015 of thing that's not allowed. 00:25:13.135 --> 00:25:16.077 teenagers here in Minnesota are allowed to 00:25:16.198 --> 00:25:16.778 participate, 00:25:16.798 --> 00:25:18.819 but there are laws in both of these 00:25:18.839 --> 00:25:20.582 situations around how that revenue is 00:25:20.642 --> 00:25:22.982 split between everyone involved, 00:25:23.403 --> 00:25:25.045 so there are some protections I think for 00:25:25.085 --> 00:25:26.986 people participating in these commercial 00:25:27.006 --> 00:25:27.426 ventures. 00:25:27.906 --> 00:25:30.249 But from a privacy perspective, 00:25:30.288 --> 00:25:33.530 I think they probably don't go far enough 00:25:34.570 --> 00:25:35.152 in any case. 00:25:36.192 --> 00:25:38.272 But it is interesting to see how this 00:25:38.292 --> 00:25:39.012 is being handled. 00:25:39.133 --> 00:25:41.013 It is a very, I think, 00:25:41.114 --> 00:25:44.836 new issue with the internet and everything 00:25:44.895 --> 00:25:48.116 that none of the existing laws were really 00:25:49.018 --> 00:25:53.579 equipped to handle around child labor and 00:25:53.799 --> 00:25:54.460 stuff like that. 00:25:54.519 --> 00:25:56.500 So it's good that this is at least 00:25:56.540 --> 00:25:57.340 getting attention, 00:25:57.540 --> 00:25:58.741 and we'll see how this plays out. 00:26:00.801 --> 00:26:00.981 Yeah, 00:26:01.061 --> 00:26:02.522 it does say in California they have a 00:26:02.563 --> 00:26:04.462 law that was signed two years ago that 00:26:04.502 --> 00:26:06.044 content creators that feature minors and 00:26:06.064 --> 00:26:07.483 at least thirty percent of the material 00:26:07.503 --> 00:26:08.904 have to place some of their earnings into 00:26:08.924 --> 00:26:10.545 a trust that children can access when they 00:26:10.565 --> 00:26:11.184 turn eighteen. 00:26:11.244 --> 00:26:12.645 So, yeah, like you said, 00:26:12.685 --> 00:26:14.665 there's there's some it's an issue that's 00:26:14.685 --> 00:26:16.047 starting to get attention for sure. 00:26:16.287 --> 00:26:16.426 But. 00:26:17.938 --> 00:26:19.057 Also, just on a personal note, 00:26:19.077 --> 00:26:20.398 they interviewed Alison Stoner, 00:26:20.419 --> 00:26:22.398 who they said was a former child actor 00:26:22.419 --> 00:26:23.719 who appeared in films like Step Up and 00:26:23.739 --> 00:26:24.500 Cheaper by the Dozen. 00:26:25.319 --> 00:26:27.000 They were also Isabella in Phineas and 00:26:27.039 --> 00:26:28.401 Ferb, and no mention of that. 00:26:28.820 --> 00:26:30.121 And I feel so offended because I love 00:26:30.141 --> 00:26:31.641 that show. 00:26:31.861 --> 00:26:33.182 I just had to call that out. 00:26:33.362 --> 00:26:36.602 Interesting. 00:26:36.622 --> 00:26:36.982 I had to. 00:26:39.234 --> 00:26:40.056 So in a little bit, 00:26:40.175 --> 00:26:41.876 we are going to talk about LinkedIn's 00:26:41.978 --> 00:26:43.018 browser scanning. 00:26:43.298 --> 00:26:44.460 So that should be fun. 00:26:44.579 --> 00:26:45.279 But first, 00:26:45.641 --> 00:26:46.801 we're going to go ahead and jump into 00:26:46.942 --> 00:26:49.163 site updates and talk a little bit about 00:26:49.203 --> 00:26:50.805 what's been going on at Privacy Guides 00:26:50.845 --> 00:26:51.326 this week. 00:26:52.906 --> 00:26:53.968 Just this afternoon, 00:26:54.147 --> 00:26:55.450 we dropped a new video. 00:26:55.650 --> 00:26:57.070 It is currently members only. 00:26:58.853 --> 00:27:00.394 So we usually leave those members only for 00:27:00.413 --> 00:27:00.834 about a week. 00:27:01.214 --> 00:27:02.615 This one is about encrypted email. 00:27:04.590 --> 00:27:05.711 This is another one of those like really 00:27:05.731 --> 00:27:07.413 beginner friendly videos that if you're a 00:27:07.432 --> 00:27:08.292 bit of a privacy veteran, 00:27:08.313 --> 00:27:09.173 you probably know this stuff, 00:27:09.232 --> 00:27:10.453 but hopefully it's something that you can 00:27:10.473 --> 00:27:11.555 share with your friends and family. 00:27:11.575 --> 00:27:13.875 It talks about why mainstream providers 00:27:13.915 --> 00:27:16.096 like Gmail and Yahoo aren't quite good 00:27:16.136 --> 00:27:18.818 enough and how encrypted email works and 00:27:19.499 --> 00:27:20.880 some of the different ones we recommend, 00:27:20.940 --> 00:27:22.099 pros and cons of each. 00:27:22.299 --> 00:27:23.300 So yeah, 00:27:23.361 --> 00:27:24.421 if you are not a member yet and 00:27:24.441 --> 00:27:25.201 you want to check that out, 00:27:25.241 --> 00:27:27.762 you can join on YouTube or you can 00:27:27.803 --> 00:27:30.084 go to privacyguides.org slash donate and 00:27:30.204 --> 00:27:31.565 that will take you to a link where 00:27:31.585 --> 00:27:32.885 you can sign up for a membership. 00:27:33.836 --> 00:27:37.402 But that's what we did this week in 00:27:37.422 --> 00:27:38.503 the video department. 00:27:39.365 --> 00:27:41.188 And I will turn it over to Jonah. 00:27:41.481 --> 00:27:42.102 Very cool. 00:27:43.042 --> 00:27:46.183 Yeah, another thing we did recently, 00:27:46.704 --> 00:27:48.685 Nate and I recorded this a few weeks 00:27:48.705 --> 00:27:50.066 ago, but it's finally live. 00:27:50.807 --> 00:27:54.468 We did a panel discussion on the Firewalls 00:27:54.548 --> 00:27:56.930 Don't Stop Dragons podcast. 00:27:57.269 --> 00:27:59.010 So episode four seventy four of that 00:27:59.070 --> 00:28:00.912 podcast is now out. 00:28:00.951 --> 00:28:02.211 It's called Privacy Guides Panel. 00:28:02.251 --> 00:28:03.313 Nate and I are on it and we 00:28:03.353 --> 00:28:05.534 talked about a ton of interesting stuff. 00:28:07.434 --> 00:28:09.675 So I would definitely recommend checking 00:28:09.715 --> 00:28:15.317 that episode out if you want to listen 00:28:15.337 --> 00:28:16.398 to those discussions. 00:28:16.719 --> 00:28:18.019 You can look at the table of contents 00:28:18.059 --> 00:28:18.140 here. 00:28:18.160 --> 00:28:19.660 It looks like Nate's showing that on the 00:28:19.700 --> 00:28:20.000 screen, 00:28:20.020 --> 00:28:22.442 but you can find the Firewalls Don't Stop 00:28:22.461 --> 00:28:24.021 Dragons website for more information. 00:28:24.343 --> 00:28:25.522 And if any of those topics sound 00:28:25.623 --> 00:28:26.923 interesting to you, 00:28:27.845 --> 00:28:28.944 Definitely check it out because it was a 00:28:28.984 --> 00:28:30.807 ton of fun for us to record. 00:28:30.846 --> 00:28:32.509 I think we talked about a lot of 00:28:33.108 --> 00:28:35.931 cool, interesting, informative stuff. 00:28:36.332 --> 00:28:39.674 So hopefully somebody finds it useful or 00:28:39.835 --> 00:28:43.738 at least finds it entertaining. 00:28:44.077 --> 00:28:45.299 In other news, 00:28:45.460 --> 00:28:47.520 we again published a bunch of news briefs 00:28:47.540 --> 00:28:49.202 that we're not covering here on this show, 00:28:49.222 --> 00:28:50.943 but you can find our articles at 00:28:51.003 --> 00:28:53.767 privacyguides.org slash news about them. 00:28:56.828 --> 00:29:00.074 We have stories on Mac OS, 00:29:01.134 --> 00:29:03.898 improving security in the terminal app. 00:29:04.737 --> 00:29:06.719 a grandmother who was wrongfully arrested 00:29:06.759 --> 00:29:09.220 because of facial recognition, iOS, 00:29:09.299 --> 00:29:11.121 twenty six point five beta, 00:29:11.261 --> 00:29:13.323 including end to end encryption for RCS 00:29:13.363 --> 00:29:14.884 messages, Walmart, 00:29:15.284 --> 00:29:16.964 digital price labels and more. 00:29:17.465 --> 00:29:18.365 So definitely check that out. 00:29:18.425 --> 00:29:18.625 Again, 00:29:18.665 --> 00:29:21.387 it's privacyguides.org slash news if you 00:29:21.407 --> 00:29:23.990 want to read those stories and let us 00:29:24.029 --> 00:29:25.851 know if you have any questions about them 00:29:26.010 --> 00:29:27.311 on the forum or anything else, 00:29:27.332 --> 00:29:28.252 because there's always a lot of 00:29:28.292 --> 00:29:29.534 discussions about these stories. 00:29:30.213 --> 00:29:32.914 over there as well everything that we do 00:29:32.954 --> 00:29:35.737 at privacyguides is made possible by our 00:29:35.777 --> 00:29:37.518 supporters you can sign up for a 00:29:37.577 --> 00:29:40.538 membership or donate at privacyguides.org 00:29:40.578 --> 00:29:42.740 donate or you can support us by picking 00:29:42.779 --> 00:29:45.602 up some swag like this water bottle for 00:29:45.642 --> 00:29:48.323 example at shop.privacyguides.org 00:29:48.923 --> 00:29:50.605 Privacy Guides is a nonprofit which 00:29:50.765 --> 00:29:52.867 researches and shares privacy-related 00:29:52.928 --> 00:29:53.548 information, 00:29:53.729 --> 00:29:55.770 and we facilitate a community on our forum 00:29:55.790 --> 00:29:57.712 in Matrix where people can ask questions 00:29:58.034 --> 00:29:59.655 and get advice about staying private 00:29:59.715 --> 00:30:02.038 online and preserving their digital 00:30:02.077 --> 00:30:02.439 rights. 00:30:03.460 --> 00:30:05.863 Now let's move on to our next story. 00:30:05.982 --> 00:30:08.625 This is about NextCloud and OnlyOffice. 00:30:10.682 --> 00:30:12.424 That is right. 00:30:12.944 --> 00:30:15.207 So, um, full disclosure, 00:30:15.346 --> 00:30:16.627 I am a next cloud user and a 00:30:16.667 --> 00:30:18.390 little bit of a next cloud fan boy. 00:30:18.490 --> 00:30:21.152 So, um, I'm bummed to hear this story, 00:30:21.211 --> 00:30:23.733 but only office has suspended their 00:30:23.894 --> 00:30:25.836 partnership with next cloud for forking 00:30:25.875 --> 00:30:27.518 its project without permission. 00:30:28.137 --> 00:30:30.119 And this comes on the heels of another 00:30:30.200 --> 00:30:30.661 announcement. 00:30:30.681 --> 00:30:32.362 So earlier this week, uh, 00:30:32.422 --> 00:30:34.544 next cloud IONOS and several other 00:30:34.624 --> 00:30:35.644 European tech companies 00:30:36.092 --> 00:30:38.173 came together and announced this new open 00:30:38.213 --> 00:30:40.156 source project called Euro Office, 00:30:40.596 --> 00:30:41.617 which they describe as, quote, 00:30:41.718 --> 00:30:43.559 a sovereign replacement for Microsoft with 00:30:43.601 --> 00:30:44.981 intuitive interface and strong 00:30:45.001 --> 00:30:46.683 compatibility backed by European open 00:30:46.723 --> 00:30:47.484 source community. 00:30:49.247 --> 00:30:52.130 Only Office has basically claimed that 00:30:52.250 --> 00:30:54.553 this is a fork of their code. 00:30:55.544 --> 00:30:57.885 And they say that this violates license 00:30:57.905 --> 00:31:01.907 agreements because they offer only office 00:31:01.968 --> 00:31:03.648 is source available or open source. 00:31:04.049 --> 00:31:06.230 And they use the AGPL version three. 00:31:06.791 --> 00:31:09.113 So specifically towards the end here, 00:31:09.232 --> 00:31:10.574 if you're watching on screen, 00:31:10.594 --> 00:31:11.615 you can see this, but towards the end, 00:31:11.654 --> 00:31:14.076 it says we require compliance with 00:31:14.195 --> 00:31:15.457 applicable licensing conditions, 00:31:15.517 --> 00:31:15.817 including, 00:31:15.857 --> 00:31:17.238 but not limited to the preservation of 00:31:17.338 --> 00:31:19.440 only office branding logo and all required 00:31:19.519 --> 00:31:21.181 attribution elements as defined in our 00:31:21.221 --> 00:31:22.461 licensing terms, which is, 00:31:23.342 --> 00:31:24.583 If this is a brand new project, 00:31:24.643 --> 00:31:25.202 it would, of course, 00:31:25.242 --> 00:31:26.323 have none of those things. 00:31:27.563 --> 00:31:30.864 So for those who do not use Nextcloud, 00:31:30.923 --> 00:31:33.164 you may or may not know that Nextcloud, 00:31:33.224 --> 00:31:34.384 one of the things that it comes with 00:31:34.404 --> 00:31:37.546 by default is an online document editor or 00:31:37.665 --> 00:31:38.326 Office editor. 00:31:38.866 --> 00:31:40.247 And there's a couple different ways to 00:31:40.267 --> 00:31:40.826 make this work. 00:31:40.846 --> 00:31:42.847 You can use Collabora online, 00:31:43.367 --> 00:31:44.708 or you can use only Office. 00:31:45.147 --> 00:31:46.628 And this has been... 00:31:47.748 --> 00:31:49.132 I think they said for eight years, 00:31:49.251 --> 00:31:51.076 only Office has partnered with NextCloud, 00:31:51.156 --> 00:31:53.082 and now they are terminating that. 00:31:53.221 --> 00:31:54.003 They do say... 00:31:55.884 --> 00:31:56.986 I think they said that no, yeah, 00:31:57.046 --> 00:31:58.626 no existing partners or clients will be 00:31:58.646 --> 00:31:59.146 affected. 00:31:59.288 --> 00:32:00.508 So basically if you've already got it 00:32:00.528 --> 00:32:01.568 installed, you're good to go. 00:32:02.309 --> 00:32:03.871 I don't know what that means for updates 00:32:03.891 --> 00:32:05.211 and stuff, but yeah, 00:32:05.571 --> 00:32:06.313 I guess we'll find out. 00:32:06.813 --> 00:32:08.374 They also, interestingly, um, 00:32:08.394 --> 00:32:09.214 just to throw it out there, 00:32:09.394 --> 00:32:10.556 only office said that in the past, 00:32:10.576 --> 00:32:11.536 and I'm quoting the article here, 00:32:11.876 --> 00:32:13.377 next cloud has behaved in a manner not 00:32:13.417 --> 00:32:14.398 expected from a partner, 00:32:14.499 --> 00:32:16.000 including trying to poach its employees 00:32:16.019 --> 00:32:17.401 and influencing customers against the 00:32:17.441 --> 00:32:17.800 company, 00:32:18.141 --> 00:32:19.461 but directly forking the project and 00:32:19.501 --> 00:32:21.243 repacking it was the straw that broke the 00:32:21.284 --> 00:32:22.523 camel's back. 00:32:22.944 --> 00:32:23.105 Um, 00:32:23.740 --> 00:32:25.342 Yeah, then kind of a statement here. 00:32:25.382 --> 00:32:26.864 They said partnership is built on trust 00:32:26.884 --> 00:32:28.384 and trust requires shared principles where 00:32:28.404 --> 00:32:29.747 those principles are no longer upheld. 00:32:29.787 --> 00:32:31.088 Continuing operation is no longer 00:32:31.128 --> 00:32:31.608 sustainable. 00:32:31.628 --> 00:32:32.210 For this reason, 00:32:32.569 --> 00:32:33.811 we made the decision to suspend our 00:32:33.852 --> 00:32:35.133 partnership cooperation. 00:32:37.903 --> 00:32:38.704 And then just kind of, I guess, 00:32:38.724 --> 00:32:40.185 a little bit more background towards the 00:32:40.306 --> 00:32:40.567 end. 00:32:41.027 --> 00:32:43.429 Lever Office has criticized OnlyOffice for 00:32:43.469 --> 00:32:45.070 being, quote unquote, fake open source. 00:32:45.550 --> 00:32:46.531 They say, for one reason, 00:32:46.632 --> 00:32:48.374 OnlyOffice defaults to Microsoft Office 00:32:48.394 --> 00:32:52.377 formats like DocX, XLSX, and PPTX, 00:32:52.417 --> 00:32:54.859 which is Word, Excel, and PowerPoint, 00:32:55.200 --> 00:32:57.122 rather than open standards like Open 00:32:57.162 --> 00:32:58.542 Document Format or ODF. 00:33:00.005 --> 00:33:01.487 And there's also, apparently, 00:33:02.429 --> 00:33:04.310 Nextcloud says they didn't just 00:33:04.330 --> 00:33:06.012 collaborate directly with OnlyOffice. 00:33:07.715 --> 00:33:08.236 Let me rephrase that. 00:33:08.557 --> 00:33:09.718 When asked why they didn't just 00:33:09.739 --> 00:33:10.720 collaborate with OnlyOffice, 00:33:10.740 --> 00:33:11.820 they said that there were a number of 00:33:11.861 --> 00:33:12.261 reasons, 00:33:12.362 --> 00:33:13.864 including that OnlyOffice is a Russian 00:33:13.903 --> 00:33:15.707 company that tends to obscure its origins. 00:33:17.028 --> 00:33:18.628 Developers often leave code comments in 00:33:18.669 --> 00:33:20.270 Russian and many users are hesitant to use 00:33:20.290 --> 00:33:21.511 software potentially linked to the Russian 00:33:21.531 --> 00:33:21.872 government. 00:33:22.231 --> 00:33:23.353 They also claim the only office 00:33:23.373 --> 00:33:24.513 discourages contributions, 00:33:24.614 --> 00:33:25.775 ignores pull requests and lacks 00:33:25.795 --> 00:33:27.517 transparency since commit messages 00:33:27.537 --> 00:33:29.038 frequently reference internal issue 00:33:29.077 --> 00:33:29.979 trackers only. 00:33:30.038 --> 00:33:32.861 So yeah, 00:33:34.603 --> 00:33:35.403 I don't know that I have a lot 00:33:35.442 --> 00:33:36.844 of thoughts on this one. 00:33:38.266 --> 00:33:39.246 Jonah, did you have any, 00:33:39.987 --> 00:33:42.068 like what do you know about this AGPL 00:33:42.288 --> 00:33:43.430 V three, for example? 00:33:44.934 --> 00:33:51.076 Yeah, so what's in question here is, well, 00:33:51.217 --> 00:33:52.856 only office says that they've added 00:33:52.896 --> 00:33:57.759 provisions to AGPL requiring certain 00:33:59.699 --> 00:34:02.440 attribution in forks of the project. 00:34:03.580 --> 00:34:05.500 So we could, 00:34:08.802 --> 00:34:09.922 if I could share my screen here, 00:34:09.942 --> 00:34:11.623 let's see. 00:34:11.722 --> 00:34:11.882 Huh. 00:34:13.094 --> 00:34:15.476 So they're talking about in their license 00:34:16.717 --> 00:34:17.157 two things. 00:34:17.177 --> 00:34:18.818 You have to retain the original product 00:34:18.858 --> 00:34:20.599 logo when you distribute the program. 00:34:21.121 --> 00:34:23.922 And they do not grant any rights under 00:34:23.983 --> 00:34:28.005 trademark law for the use of any only 00:34:28.045 --> 00:34:29.067 office trademarks. 00:34:29.728 --> 00:34:35.251 And the Euro Office Project Initiative 00:34:35.932 --> 00:34:39.916 basically removed these provisions saying 00:34:39.976 --> 00:34:40.295 that 00:34:41.456 --> 00:34:42.898 Basically, if I can find it here, 00:34:42.938 --> 00:34:50.382 section seven of the AGPL says that you... 00:34:50.802 --> 00:34:51.501 Which line is this? 00:34:52.663 --> 00:34:54.903 Says that you can remove any additional 00:34:56.005 --> 00:34:58.646 restrictions or any of these terms from 00:34:58.686 --> 00:35:00.507 that license on your own. 00:35:00.927 --> 00:35:02.847 And this is kind of the basis of 00:35:02.987 --> 00:35:06.010 Euro Office's claim that they can kind of 00:35:06.050 --> 00:35:07.030 change this license. 00:35:07.110 --> 00:35:08.510 And they say that they don't have to 00:35:08.630 --> 00:35:09.751 use their logo to... 00:35:11.244 --> 00:35:12.927 Give attribution to OnlyOffice. 00:35:13.606 --> 00:35:15.429 The AGPL is still going to require that 00:35:15.469 --> 00:35:18.231 they provide some attribution somehow, 00:35:18.550 --> 00:35:20.913 but according to the Euro Office project, 00:35:20.932 --> 00:35:22.353 they don't have to use the OnlyOffice 00:35:22.393 --> 00:35:22.815 trademark. 00:35:23.215 --> 00:35:24.635 I think this is kind of interesting 00:35:24.856 --> 00:35:28.619 because usually open source projects like 00:35:29.260 --> 00:35:30.661 OnlyOffice in this position, 00:35:32.141 --> 00:35:34.204 fight tooth and nail for forks to not 00:35:34.344 --> 00:35:35.826 use their branding at all. 00:35:35.865 --> 00:35:37.206 So the fact that they want them to 00:35:37.306 --> 00:35:39.208 use their logo is kind of strange because 00:35:39.228 --> 00:35:41.010 we've seen like Mozilla, for example, 00:35:41.731 --> 00:35:43.072 when there's any Firefox forks, 00:35:43.092 --> 00:35:44.295 they want to make sure that there's no 00:35:44.375 --> 00:35:46.856 Firefox branding whatsoever associated 00:35:46.876 --> 00:35:47.737 with that because they don't want it 00:35:47.777 --> 00:35:48.920 associated with their 00:35:49.585 --> 00:35:52.565 project um and related to this there's 00:35:52.646 --> 00:35:56.626 actually another case um around it a few 00:35:56.666 --> 00:35:58.867 years ago this started and then there was 00:35:58.887 --> 00:36:00.307 a i think the latest update on this 00:36:00.327 --> 00:36:05.429 was in um but a company called neo 00:36:05.530 --> 00:36:10.371 four j um started a lawsuit against uh 00:36:10.411 --> 00:36:12.532 another company purethink and 00:36:14.331 --> 00:36:15.992 about a very similar issue. 00:36:16.353 --> 00:36:19.313 Basically Neo-FourJ added a lot of clauses 00:36:19.353 --> 00:36:21.574 to their AGPL license, 00:36:22.114 --> 00:36:27.396 and Neo-FourJ said that because the AGPL 00:36:27.416 --> 00:36:32.077 says that you can remove certain passages 00:36:32.297 --> 00:36:34.056 or restrictions that were added onto the 00:36:34.097 --> 00:36:35.777 AGPL, that they were able to do that. 00:36:36.338 --> 00:36:39.300 And Peerthink actually lost this case. 00:36:39.460 --> 00:36:41.420 This twenty twenty five article is 00:36:41.780 --> 00:36:43.601 basically announcing an appeal that's 00:36:43.621 --> 00:36:44.161 taking place. 00:36:44.222 --> 00:36:45.422 I don't know if that's actually gone to 00:36:45.463 --> 00:36:46.043 court yet, 00:36:48.043 --> 00:36:49.405 but they 00:36:52.751 --> 00:36:53.030 So yeah, 00:36:53.050 --> 00:36:55.711 this article says that the AGPL allows 00:36:55.771 --> 00:36:57.652 added-on terms like the Commons clause 00:36:57.672 --> 00:36:59.733 that Neo-FourJ was using to be stripped 00:36:59.753 --> 00:37:01.213 from the license. 00:37:03.434 --> 00:37:05.954 And Neo-FourJ said that because they added 00:37:05.994 --> 00:37:06.074 it, 00:37:06.114 --> 00:37:07.235 you have to comply with all of the 00:37:07.255 --> 00:37:08.016 terms of the license. 00:37:08.036 --> 00:37:09.976 And the court basically agreed that any 00:37:10.155 --> 00:37:12.476 terms in the license have to be followed 00:37:13.697 --> 00:37:16.097 regardless of what the AGPL says. 00:37:16.657 --> 00:37:18.699 And then the Free Software Foundation and 00:37:18.778 --> 00:37:20.500 other organizations in the open source 00:37:20.519 --> 00:37:20.920 space 00:37:22.800 --> 00:37:24.161 said that that's not the case and that 00:37:24.181 --> 00:37:29.547 they did intend this tenant or this 00:37:29.706 --> 00:37:33.271 provision in the AGPL to work and for 00:37:33.311 --> 00:37:34.851 these restrictions to be removed because 00:37:34.871 --> 00:37:37.394 they believe that you can't really have 00:37:37.434 --> 00:37:39.336 restrictions on free and open source 00:37:39.536 --> 00:37:39.936 software, 00:37:39.976 --> 00:37:42.438 which is kind of the point of the 00:37:42.579 --> 00:37:43.280 AGPL. 00:37:44.802 --> 00:37:44.981 So 00:37:46.949 --> 00:37:48.431 It's a strange case. 00:37:48.451 --> 00:37:49.811 It's definitely in a gray area. 00:37:50.192 --> 00:37:52.514 And it really depends on how much 00:37:52.715 --> 00:37:55.097 OnlyOffice wants to fight this. 00:37:55.137 --> 00:37:58.240 But I think you could certainly argue in 00:37:58.280 --> 00:38:00.023 the Neo-FourJ case and probably in this 00:38:00.123 --> 00:38:02.264 OnlyOffice case that any of these 00:38:02.304 --> 00:38:04.106 restrictions that are being added onto the 00:38:04.206 --> 00:38:05.829 AGPL that have very... 00:38:07.230 --> 00:38:08.972 specific restrictions on how the software 00:38:08.992 --> 00:38:11.255 can be used probably make the software not 00:38:11.797 --> 00:38:14.221 open source um so at the end of 00:38:14.240 --> 00:38:15.722 the day you shouldn't be calling it an 00:38:15.784 --> 00:38:18.748 agpo licensed project if you really want 00:38:18.788 --> 00:38:20.030 these terms to be followed i think that 00:38:20.050 --> 00:38:22.213 they would have to call it something else 00:38:22.253 --> 00:38:22.434 and it 00:38:23.911 --> 00:38:25.291 wouldn't be, I mean, 00:38:25.331 --> 00:38:27.233 it would be at odds with the open 00:38:27.293 --> 00:38:28.592 source in the same way that a lot 00:38:28.612 --> 00:38:30.713 of these source available licenses that we 00:38:30.793 --> 00:38:31.954 see are. 00:38:32.494 --> 00:38:36.255 It's definitely a hot debate in the 00:38:36.275 --> 00:38:37.775 community in general. 00:38:38.295 --> 00:38:39.675 We've seen a lot of talk about like 00:38:39.715 --> 00:38:41.617 the FUDO license, for example. 00:38:43.277 --> 00:38:45.099 not being open source and they went with 00:38:45.139 --> 00:38:46.440 a different name because of that. 00:38:47.460 --> 00:38:49.181 But there's certainly other licenses that 00:38:49.222 --> 00:38:51.583 projects are trying to use and they still 00:38:51.623 --> 00:38:53.826 continue to claim to be open source when 00:38:53.865 --> 00:38:55.447 in reality they're source available. 00:38:55.867 --> 00:38:58.248 So I think that if only Office really 00:38:58.730 --> 00:39:00.992 wants to follow through on having these 00:39:01.032 --> 00:39:02.112 restrictions in place, 00:39:02.913 --> 00:39:04.494 I think that would be very at odds 00:39:04.574 --> 00:39:06.416 with their claims that they are an open 00:39:06.516 --> 00:39:06.916 source 00:39:07.597 --> 00:39:10.739 project um which would be a bit concerning 00:39:11.039 --> 00:39:13.041 because the entire idea of open source is 00:39:13.081 --> 00:39:15.282 that these forks should be able to exist 00:39:15.782 --> 00:39:17.565 and like you should be able to completely 00:39:17.625 --> 00:39:22.228 fork and create um this euro office that 00:39:22.289 --> 00:39:26.112 nextcloud is making um without any 00:39:26.891 --> 00:39:29.775 restrictions or preservation of OnlyOffice 00:39:30.195 --> 00:39:30.797 branding. 00:39:31.677 --> 00:39:33.179 That doesn't make a lot of sense for 00:39:33.199 --> 00:39:34.601 a fork to be doing. 00:39:35.141 --> 00:39:37.224 And so OnlyOffice is in a bit of 00:39:37.244 --> 00:39:39.586 a strange situation here. 00:39:41.168 --> 00:39:42.271 It's always the business 00:39:43.338 --> 00:39:46.041 pace against open source software in 00:39:46.081 --> 00:39:46.402 general. 00:39:46.422 --> 00:39:48.123 They don't want people taking their work. 00:39:48.422 --> 00:39:50.284 And OnlyOffice clearly believes that 00:39:50.324 --> 00:39:52.646 because they say that they've spent years 00:39:52.686 --> 00:39:54.728 building a fully functional production 00:39:54.768 --> 00:39:56.210 ready Office document editor. 00:39:56.670 --> 00:39:57.550 But at the same time, 00:39:57.570 --> 00:39:59.192 they marketed that as an open source 00:39:59.233 --> 00:39:59.652 project. 00:39:59.893 --> 00:40:02.695 And that is what people kind of expect 00:40:02.715 --> 00:40:04.077 from that. 00:40:04.137 --> 00:40:05.016 I would also note, 00:40:07.018 --> 00:40:09.041 Nextcloud kind of has a history of 00:40:10.579 --> 00:40:14.106 forking open source projects um in not a 00:40:14.126 --> 00:40:17.454 very collaborative way i mean their next 00:40:17.474 --> 00:40:19.336 cloud itself was forked from own cloud of 00:40:19.376 --> 00:40:22.402 course and that division was um 00:40:23.806 --> 00:40:25.427 I don't think super well received by 00:40:25.527 --> 00:40:26.447 OwnCloud themselves. 00:40:26.927 --> 00:40:30.009 So it's kind of a situation that they're 00:40:30.068 --> 00:40:30.369 used to. 00:40:30.409 --> 00:40:32.710 But I think a lot of people side 00:40:32.750 --> 00:40:34.831 with Nextcloud in that case. 00:40:34.871 --> 00:40:36.090 And I think that a lot of people 00:40:36.231 --> 00:40:39.793 are going to side with Nextcloud here as 00:40:39.873 --> 00:40:40.193 well. 00:40:40.532 --> 00:40:42.853 So it might just kind of be what 00:40:42.893 --> 00:40:43.215 it is. 00:40:47.771 --> 00:40:49.813 yeah and like kind of going back to 00:40:49.833 --> 00:40:52.856 what you were saying about um you 00:40:52.896 --> 00:40:54.476 mentioned that like a lot of companies 00:40:56.639 --> 00:40:58.380 they they put work into it and then 00:40:58.400 --> 00:41:00.342 they don't want people stealing that work 00:41:00.822 --> 00:41:01.884 it's one of those things where like in 00:41:01.923 --> 00:41:04.565 that case and i say this kind of 00:41:04.585 --> 00:41:05.827 spitefully but like then just don't be 00:41:05.887 --> 00:41:07.708 open source because i mean obviously in a 00:41:07.768 --> 00:41:09.190 perfect world i would prefer everything 00:41:09.269 --> 00:41:10.811 was or at very least be like you 00:41:10.831 --> 00:41:12.152 said like be transparent about being 00:41:12.213 --> 00:41:14.155 source available because um 00:41:15.224 --> 00:41:15.865 in a perfect world, 00:41:15.925 --> 00:41:17.186 I would love for everything to be at 00:41:17.226 --> 00:41:18.347 very least source available, 00:41:18.387 --> 00:41:20.208 because that's how we're able to verify 00:41:20.728 --> 00:41:22.030 that the code is doing what it's doing. 00:41:22.050 --> 00:41:24.112 And it helps build that trust at very 00:41:24.172 --> 00:41:25.492 least, I think, um, 00:41:25.552 --> 00:41:27.094 especially things that deal with security, 00:41:27.134 --> 00:41:29.596 like password managers should at very 00:41:29.635 --> 00:41:31.117 least have their cryptographic bits be 00:41:31.157 --> 00:41:33.177 source available, um, bare minimum, 00:41:33.398 --> 00:41:35.320 but cause security is something where like 00:41:35.400 --> 00:41:36.101 everyone benefits. 00:41:36.141 --> 00:41:36.360 Right. 00:41:36.420 --> 00:41:36.561 But 00:41:37.751 --> 00:41:38.092 To me, 00:41:38.112 --> 00:41:39.594 it's just such a crappy thing because 00:41:39.614 --> 00:41:40.534 that's the risk you take. 00:41:40.615 --> 00:41:42.998 And I've talked to a lot of projects 00:41:43.099 --> 00:41:44.740 that are not open source and I've asked 00:41:44.760 --> 00:41:45.021 them that. 00:41:45.041 --> 00:41:45.260 I'm like, 00:41:45.300 --> 00:41:46.782 why don't you guys have any open source 00:41:46.802 --> 00:41:47.423 clients or anything? 00:41:47.824 --> 00:41:49.005 And that's usually the number one reason 00:41:49.025 --> 00:41:49.726 they give is they're like, 00:41:49.766 --> 00:41:50.688 we're worried that people are going to 00:41:50.708 --> 00:41:52.190 take our stuff and steal it. 00:41:52.210 --> 00:41:53.612 We have no real way to control that. 00:41:55.014 --> 00:41:55.393 And then there's... 00:41:56.235 --> 00:41:57.195 to counter their argument. 00:41:57.215 --> 00:41:58.536 There are plenty of companies who seem to 00:41:58.556 --> 00:41:59.815 be doing just fine despite that. 00:42:00.277 --> 00:42:02.036 But yeah, so it's, I don't know. 00:42:02.077 --> 00:42:03.077 It's just me. 00:42:03.097 --> 00:42:03.958 I say this with a little bit of 00:42:03.978 --> 00:42:05.557 bitterness in my voice towards only 00:42:05.617 --> 00:42:05.878 office. 00:42:05.938 --> 00:42:07.259 It's like, then just don't be open source. 00:42:07.338 --> 00:42:10.199 Like it feels almost, um, 00:42:10.719 --> 00:42:12.041 it's going to be a really niche reference. 00:42:12.061 --> 00:42:13.240 And I don't think this is as much 00:42:13.260 --> 00:42:13.981 of an issue anymore, 00:42:14.402 --> 00:42:15.802 but back in like the early two thousands, 00:42:16.081 --> 00:42:17.822 um, there was a real, 00:42:17.842 --> 00:42:19.063 I don't know if you'd call it an 00:42:19.083 --> 00:42:19.483 issue or not. 00:42:19.523 --> 00:42:20.364 I guess it depends on how you feel 00:42:20.384 --> 00:42:22.724 about it, but a lot of bands would, 00:42:22.864 --> 00:42:23.005 um, 00:42:24.143 --> 00:42:25.824 would market themselves as Christian bands 00:42:25.885 --> 00:42:27.146 because the Christian market would be a 00:42:27.266 --> 00:42:28.527 lot easier to break into. 00:42:29.068 --> 00:42:30.329 And then once they hit a certain level 00:42:30.349 --> 00:42:30.909 of success, 00:42:30.989 --> 00:42:32.771 they would quote unquote go mainstream. 00:42:33.251 --> 00:42:34.152 And some of them would even like 00:42:34.192 --> 00:42:35.251 vehemently deny, like, no, 00:42:35.291 --> 00:42:36.233 we were never a Christian band. 00:42:36.253 --> 00:42:37.273 And it's like, well, 00:42:37.293 --> 00:42:39.034 we have interviews with you where you said 00:42:39.496 --> 00:42:41.137 that you were, so whatever, dude. 00:42:41.797 --> 00:42:42.458 But to me, 00:42:42.478 --> 00:42:43.338 it just feels the same way. 00:42:43.378 --> 00:42:43.579 It's like, 00:42:43.599 --> 00:42:44.780 you don't actually believe this stuff. 00:42:44.820 --> 00:42:46.121 It's just some kind of marketing gimmick. 00:42:46.760 --> 00:42:49.021 And in this case, the open source, 00:42:49.041 --> 00:42:49.882 I just feel like that, I mean, 00:42:50.021 --> 00:42:51.021 I guess in the Christian thing too, 00:42:51.442 --> 00:42:52.262 just feels kind of crappy. 00:42:52.302 --> 00:42:54.123 It's like, you know, 00:42:54.222 --> 00:42:55.623 don't say that you believe in this stuff 00:42:55.702 --> 00:42:58.364 just to get ahead in the competition, 00:42:58.423 --> 00:43:00.103 like commit to it or don't. 00:43:00.284 --> 00:43:01.103 So I don't know. 00:43:01.143 --> 00:43:06.425 That just, that really frustrates me. 00:43:06.445 --> 00:43:09.286 Quick thanks to at Sod This All for 00:43:09.326 --> 00:43:10.887 gifting a Privacy Guys membership. 00:43:10.907 --> 00:43:12.106 Thank you for your support. 00:43:15.023 --> 00:43:15.505 Oh, nice. 00:43:15.605 --> 00:43:16.204 I just saw that. 00:43:16.244 --> 00:43:16.585 Yeah. 00:43:16.945 --> 00:43:18.887 I had comments closed down so I could 00:43:19.007 --> 00:43:19.967 see the screen a little better. 00:43:20.047 --> 00:43:21.188 But yeah, thank you. 00:43:21.228 --> 00:43:21.648 That's super cool. 00:43:21.769 --> 00:43:24.030 All right. 00:43:24.110 --> 00:43:26.353 I think that'll take us into a LinkedIn 00:43:26.373 --> 00:43:28.375 story that Jonah actually alerted me to 00:43:28.394 --> 00:43:30.536 this story right before we started 00:43:30.577 --> 00:43:30.896 recording. 00:43:30.936 --> 00:43:32.197 This one's like hot off the presses. 00:43:33.135 --> 00:43:33.394 Yeah, 00:43:33.534 --> 00:43:36.157 I think this was reported just yesterday 00:43:36.197 --> 00:43:38.577 or today, if I remember correctly. 00:43:38.777 --> 00:43:42.139 I definitely saw it only yesterday, 00:43:42.179 --> 00:43:43.960 but maybe it's been talked about a bit 00:43:44.021 --> 00:43:45.161 for a while. 00:43:46.202 --> 00:43:49.083 But there's this report that LinkedIn is 00:43:49.184 --> 00:43:52.987 illegally or allegedly illegally searching 00:43:53.047 --> 00:43:53.927 your computer. 00:43:53.967 --> 00:43:55.568 They are scanning installed browser 00:43:55.608 --> 00:43:58.929 extensions without user permission. 00:44:00.362 --> 00:44:03.184 So this is reported by Apple Insider. 00:44:05.847 --> 00:44:09.389 And something is wrong with my computer. 00:44:09.449 --> 00:44:10.610 There we go. 00:44:10.630 --> 00:44:12.311 They say researchers have determined that 00:44:13.150 --> 00:44:15.413 Microsoft's LinkedIn is scanning browser 00:44:15.452 --> 00:44:17.074 plugins and other information without 00:44:17.114 --> 00:44:19.155 permission and building user profiles 00:44:19.235 --> 00:44:21.195 using data that the company did not get 00:44:21.436 --> 00:44:22.516 permission to take. 00:44:23.974 --> 00:44:26.175 A European advocacy group claims LinkedIn 00:44:26.195 --> 00:44:29.097 is probing browser extensions through its 00:44:29.137 --> 00:44:29.976 website code. 00:44:30.336 --> 00:44:34.159 Fairlinked EV published a BrowserGate 00:44:34.358 --> 00:44:37.000 report alleging LinkedIn detects installed 00:44:37.039 --> 00:44:38.860 browser extensions by probing for known 00:44:38.940 --> 00:44:40.400 identifiers through JavaScript. 00:44:40.760 --> 00:44:42.501 The group says the technique reveals 00:44:42.661 --> 00:44:45.063 personally identifiable information. 00:44:46.244 --> 00:44:47.565 And so this is a threat that we've 00:44:47.605 --> 00:44:49.226 talked about before, 00:44:49.666 --> 00:44:51.367 I think in a previous episode of this 00:44:51.407 --> 00:44:51.648 show, 00:44:51.668 --> 00:44:54.291 but definitely on the forum where the 00:44:54.331 --> 00:44:56.092 browser extensions that you install can 00:44:56.132 --> 00:44:59.295 definitely add to your browser fingerprint 00:44:59.394 --> 00:45:03.237 and can specifically identify you based on 00:45:03.297 --> 00:45:04.639 what extensions you have installed. 00:45:05.280 --> 00:45:08.380 And that's been a known threat for quite 00:45:08.400 --> 00:45:08.780 a while, 00:45:08.800 --> 00:45:09.902 but I think this is one of the 00:45:09.981 --> 00:45:13.262 first and maybe the largest examples of a 00:45:13.623 --> 00:45:16.583 real world situation where this is 00:45:16.623 --> 00:45:17.083 happening. 00:45:18.164 --> 00:45:21.865 And so if we look at this Fairlinked 00:45:23.766 --> 00:45:24.987 BrowserGate website, 00:45:25.646 --> 00:45:27.748 they point out a lot of different problems 00:45:27.847 --> 00:45:29.889 with these tools, 00:45:31.548 --> 00:45:32.369 namely that 00:45:34.590 --> 00:45:38.813 Microsoft is designated as a gatekeeper 00:45:38.954 --> 00:45:40.994 under the Digital Markets Act in the EU. 00:45:41.715 --> 00:45:44.016 So Microsoft Windows and Microsoft 00:45:44.137 --> 00:45:47.039 LinkedIn are both regulated products under 00:45:47.059 --> 00:45:50.621 the DMA, and they need to allow, 00:45:50.742 --> 00:45:52.083 as a result, free, effective, 00:45:52.123 --> 00:45:53.344 high-quality, continuous, 00:45:53.463 --> 00:45:55.425 real-time access to all data, 00:45:55.766 --> 00:45:57.706 including personal data that's generated 00:45:57.766 --> 00:45:59.708 through the use of these products, 00:46:00.228 --> 00:46:02.130 which LinkedIn is not doing because 00:46:02.150 --> 00:46:02.811 they're doing this 00:46:03.351 --> 00:46:04.070 in the background. 00:46:04.351 --> 00:46:07.693 They also point out that this search of 00:46:07.733 --> 00:46:09.655 all of your browser extensions can reveal 00:46:09.775 --> 00:46:13.777 a lot of different personal information, 00:46:13.996 --> 00:46:17.099 and they give some examples of extensions 00:46:17.378 --> 00:46:19.019 that could potentially reveal that. 00:46:19.260 --> 00:46:21.822 It could reveal your political opinions, 00:46:22.501 --> 00:46:23.161 for example, 00:46:23.862 --> 00:46:25.403 because there are extensions like 00:46:26.684 --> 00:46:28.847 anti-woke, anti-Zionist tag, 00:46:28.967 --> 00:46:31.329 no more Musk that you can install. 00:46:31.349 --> 00:46:32.632 I don't know what those extensions do, 00:46:32.672 --> 00:46:34.054 but obviously having them installed 00:46:34.594 --> 00:46:39.000 definitely shares a bit about what you 00:46:39.019 --> 00:46:39.420 believe. 00:46:39.880 --> 00:46:41.061 It could share some... 00:46:41.862 --> 00:46:43.563 Could reveal your religious beliefs 00:46:43.603 --> 00:46:45.905 because there are extensions like Porta AI 00:46:45.945 --> 00:46:49.567 which blur haram content or Dean Shield 00:46:49.586 --> 00:46:51.347 which blocks haram sites. 00:46:52.648 --> 00:46:55.289 It could reveal potential disabilities or 00:46:55.369 --> 00:46:57.150 neurodivergence through extensions you 00:46:57.170 --> 00:47:00.411 have installed like Simplify which aids 00:47:01.132 --> 00:47:02.693 neurodivergent users in browsing the 00:47:02.713 --> 00:47:03.012 internet. 00:47:05.554 --> 00:47:06.114 Certainly, 00:47:06.355 --> 00:47:09.717 LinkedIn could be getting your employment 00:47:09.777 --> 00:47:10.257 information. 00:47:10.277 --> 00:47:11.878 There's a lot of obvious ways to do 00:47:11.918 --> 00:47:12.079 that, 00:47:12.099 --> 00:47:15.561 but there are job search extensions that 00:47:15.581 --> 00:47:21.427 people use on LinkedIn where that could 00:47:21.467 --> 00:47:23.688 reveal information to LinkedIn or your 00:47:23.728 --> 00:47:24.369 current employer. 00:47:25.530 --> 00:47:28.130 And then it just reveals a lot of 00:47:28.650 --> 00:47:30.552 potential trade secrets because LinkedIn 00:47:30.632 --> 00:47:32.213 is this network where so many 00:47:32.632 --> 00:47:35.594 professionals are located and they share a 00:47:35.634 --> 00:47:38.034 ton of information about where they work 00:47:38.275 --> 00:47:39.876 and Microsoft would have access to all of 00:47:39.896 --> 00:47:41.637 that data and they would also have access 00:47:41.697 --> 00:47:43.878 to all of the extensions that these people 00:47:43.918 --> 00:47:44.757 have installed, 00:47:44.777 --> 00:47:48.860 some of which would be mandated by their 00:47:48.900 --> 00:47:49.360 companies. 00:47:49.500 --> 00:47:51.481 So like whether you use 00:47:54.159 --> 00:47:56.001 The examples that they give are Apollo, 00:47:56.101 --> 00:47:56.902 Zoom, Info. 00:47:56.963 --> 00:48:00.226 You could imagine other browser extensions 00:48:01.166 --> 00:48:03.048 of professional tools that would be 00:48:03.509 --> 00:48:04.730 installed by these companies. 00:48:08.693 --> 00:48:10.474 I don't know what tools companies use, 00:48:10.514 --> 00:48:11.076 to be honest. 00:48:11.836 --> 00:48:13.418 I know in the education space, 00:48:13.458 --> 00:48:14.918 we would use tools like GoGuardian, 00:48:14.960 --> 00:48:15.500 for example. 00:48:15.639 --> 00:48:16.000 And so... 00:48:16.840 --> 00:48:17.661 In that example, 00:48:17.842 --> 00:48:19.983 they could find out what we're using. 00:48:20.742 --> 00:48:22.244 But a similar case would apply to all 00:48:22.264 --> 00:48:24.344 of these organizations and their employees 00:48:24.364 --> 00:48:27.085 who use LinkedIn. 00:48:28.967 --> 00:48:29.766 They say, 00:48:29.887 --> 00:48:31.648 Fairlink says in their BrowserGate site 00:48:31.668 --> 00:48:33.289 that LinkedIn has not disclosed this 00:48:33.329 --> 00:48:35.230 practice in its privacy policy. 00:48:35.289 --> 00:48:37.150 There's no mention of extension scanning 00:48:37.530 --> 00:48:40.032 in any public-facing document that 00:48:40.452 --> 00:48:41.452 LinkedIn has published. 00:48:41.793 --> 00:48:43.273 And so on this BrowserGate website, 00:48:43.293 --> 00:48:45.693 which you can find at browsergate.eu, 00:48:47.094 --> 00:48:49.394 they list six thousand two hundred twenty 00:48:49.414 --> 00:48:52.416 two extensions that a hidden JavaScript 00:48:52.456 --> 00:48:56.336 program on LinkedIn will scan your browser 00:48:56.356 --> 00:48:56.597 for. 00:48:56.976 --> 00:48:59.577 I believe this only applies to Chrome 00:48:59.597 --> 00:49:00.077 browsers, 00:49:00.117 --> 00:49:02.998 but that's probably most people visiting 00:49:03.038 --> 00:49:04.179 LinkedIn, I would imagine. 00:49:06.018 --> 00:49:07.440 and you can't opt in or opt out 00:49:07.481 --> 00:49:09.403 of that and there's again no mention of 00:49:09.443 --> 00:49:11.206 any of this happening in any of their 00:49:11.246 --> 00:49:13.708 privacy policies um which is definitely 00:49:14.389 --> 00:49:16.793 very concerning um so 00:49:18.291 --> 00:49:21.873 It's kind of a mass breach of your 00:49:21.893 --> 00:49:22.675 personal data. 00:49:23.594 --> 00:49:25.757 They say that this is deceiving 00:49:25.896 --> 00:49:27.918 e-regulators, which is probably true. 00:49:28.018 --> 00:49:30.260 And so I think it's just interesting to 00:49:30.340 --> 00:49:33.324 note for sure that this definitely leads a 00:49:33.384 --> 00:49:35.184 lot of credence to the idea that your 00:49:35.204 --> 00:49:38.068 browser fingerprints are going to identify 00:49:38.108 --> 00:49:41.990 you and reveal a lot of information about 00:49:42.090 --> 00:49:42.891 you and what you do, 00:49:42.952 --> 00:49:44.932 especially when it's being done by a 00:49:44.992 --> 00:49:45.594 company like 00:49:45.873 --> 00:49:47.976 LinkedIn that has probably a lot of 00:49:48.056 --> 00:49:49.940 information about you if you use it. 00:49:49.960 --> 00:49:51.101 It has your real name. 00:49:51.521 --> 00:49:53.483 Some people ID verify on LinkedIn. 00:49:54.224 --> 00:49:56.949 They have your whole resume and being able 00:49:56.969 --> 00:49:58.972 to tie all of this digital data to 00:49:58.992 --> 00:49:59.733 those profiles. 00:50:01.152 --> 00:50:03.693 creates a very unique and very 00:50:03.733 --> 00:50:05.875 comprehensive profile of you when you use 00:50:05.894 --> 00:50:06.355 the service. 00:50:06.715 --> 00:50:09.117 So I think it is very concerning for 00:50:09.157 --> 00:50:09.376 sure. 00:50:09.396 --> 00:50:11.018 And it shows that the threats that we 00:50:11.077 --> 00:50:12.719 talk about when it comes to your privacy 00:50:12.938 --> 00:50:14.960 are in fact a real issue. 00:50:15.081 --> 00:50:18.943 And these companies are trying to get all 00:50:18.983 --> 00:50:20.284 of this data wherever they can. 00:50:24.132 --> 00:50:25.074 Yeah, for the record, 00:50:25.373 --> 00:50:27.856 I tried to show the browsergate.eu 00:50:27.896 --> 00:50:28.297 website. 00:50:28.336 --> 00:50:28.817 For some reason, 00:50:28.836 --> 00:50:31.139 it's not loading on the device. 00:50:31.360 --> 00:50:32.740 It worked fine earlier, 00:50:32.820 --> 00:50:35.083 but I guarantee it's DNS. 00:50:35.123 --> 00:50:36.143 It's always a DNS issue. 00:50:38.025 --> 00:50:39.686 But yeah, it's my first thought. 00:50:39.746 --> 00:50:41.009 OK, so my first thought, 00:50:41.088 --> 00:50:42.590 because I was recently educated, 00:50:44.110 --> 00:50:45.972 for general browser fingerprinting, 00:50:46.012 --> 00:50:46.733 like the day-to-day, 00:50:49.420 --> 00:50:51.443 Some browsers like Firefox, for example, 00:50:52.143 --> 00:50:55.465 they do actually try to obfuscate what 00:50:55.585 --> 00:50:56.947 extensions you have installed. 00:50:57.847 --> 00:51:00.530 And I guess just to back up a 00:51:00.550 --> 00:51:03.172 little further, I know that for, again, 00:51:03.211 --> 00:51:04.233 for general fingerprinting, 00:51:04.273 --> 00:51:05.614 it's not always a guarantee that having 00:51:05.653 --> 00:51:06.994 more extensions will make you more 00:51:07.014 --> 00:51:08.635 fingerprintable because it generally 00:51:08.655 --> 00:51:10.077 depends on what does the extension do and 00:51:10.117 --> 00:51:11.398 whether or not it modifies the page. 00:51:11.838 --> 00:51:13.519 But obviously this one is going out of 00:51:13.539 --> 00:51:15.061 its way to scan your extensions, right? 00:51:15.601 --> 00:51:16.503 So that's a little bit of a different 00:51:16.543 --> 00:51:16.802 story. 00:51:17.369 --> 00:51:18.909 which I would argue that general 00:51:18.949 --> 00:51:20.630 fingerprinting probably does that too. 00:51:21.230 --> 00:51:23.110 But going back to what I was saying 00:51:23.130 --> 00:51:23.769 about Firefox, 00:51:23.789 --> 00:51:27.831 I know Firefox basically tries to, 00:51:28.010 --> 00:51:29.092 and I'm probably going to get the fine 00:51:29.112 --> 00:51:30.472 details wrong on this, so I apologize, 00:51:30.831 --> 00:51:32.431 but they basically try to like randomize 00:51:32.632 --> 00:51:34.813 the ID that your extensions have to make 00:51:34.873 --> 00:51:36.092 it a little bit harder for you to 00:51:36.112 --> 00:51:36.793 be fingerprinted. 00:51:37.373 --> 00:51:38.034 Do you think that would, 00:51:39.034 --> 00:51:40.134 do you think that would stop something 00:51:40.173 --> 00:51:41.393 like this or slow it down? 00:51:41.434 --> 00:51:43.255 Or is it just going to be able 00:51:43.275 --> 00:51:44.175 to get past that anyways? 00:51:45.077 --> 00:51:49.423 um it could potentially but i mean yeah 00:51:49.925 --> 00:51:52.047 it depends on you know i'm not sure 00:51:52.068 --> 00:51:54.010 how these programs work randomizing it 00:51:54.030 --> 00:51:55.853 could work if you can't find the files 00:51:56.132 --> 00:51:58.295 in the first place um and that probably 00:51:58.396 --> 00:52:02.322 is a strong protection against it um but 00:52:04.351 --> 00:52:06.632 If those extensions modify the page 00:52:06.672 --> 00:52:08.472 itself, which a lot of extensions do, 00:52:08.492 --> 00:52:10.112 then that probably is still going to be 00:52:10.152 --> 00:52:10.693 detectable. 00:52:10.833 --> 00:52:13.353 And so that's only going to protect your 00:52:13.393 --> 00:52:15.534 privacy against certain extensions you 00:52:15.554 --> 00:52:17.855 have installed that make public resources 00:52:17.894 --> 00:52:21.617 available, but don't modify the page, 00:52:22.757 --> 00:52:25.858 which I don't think would be a ton 00:52:25.878 --> 00:52:26.797 of extensions, 00:52:28.679 --> 00:52:30.398 especially like password managers. 00:52:30.478 --> 00:52:31.619 I can imagine where... 00:52:33.034 --> 00:52:34.596 like if they edit the page itself to 00:52:34.675 --> 00:52:36.257 add like a pop up or like a 00:52:36.318 --> 00:52:37.798 drop down menu to logins, 00:52:37.878 --> 00:52:39.380 that's going to be impacted. 00:52:39.420 --> 00:52:42.483 So if you disabled all of that autofill 00:52:42.503 --> 00:52:44.605 stuff, and you kept the extension, 00:52:45.204 --> 00:52:47.726 and only like manually copied from it on 00:52:47.806 --> 00:52:49.768 certain pages, you know, 00:52:49.849 --> 00:52:51.030 it could potentially protect you in that 00:52:51.050 --> 00:52:51.490 situation. 00:52:51.510 --> 00:52:56.054 But I don't think most people are doing 00:52:56.094 --> 00:52:56.414 that. 00:52:56.875 --> 00:52:58.516 So I don't know how extensive that 00:52:58.556 --> 00:53:00.197 protection would really be. 00:53:01.650 --> 00:53:02.150 Which even then, 00:53:02.210 --> 00:53:04.012 my thought process is that kind of defeats 00:53:04.371 --> 00:53:06.253 one of the advantages of a password 00:53:06.273 --> 00:53:08.313 manager, which is if it doesn't autofill, 00:53:08.333 --> 00:53:09.614 that could be an indicator that you're on 00:53:09.635 --> 00:53:10.315 a phishing page. 00:53:10.376 --> 00:53:12.036 So if it never autofills, 00:53:12.077 --> 00:53:13.577 then you never have that moment of like, 00:53:13.617 --> 00:53:14.577 wait, am I on the right page? 00:53:14.597 --> 00:53:15.659 Yeah. 00:53:15.699 --> 00:53:16.259 Yeah. 00:53:16.398 --> 00:53:17.760 And then I guess my other thought, too, 00:53:17.840 --> 00:53:19.661 is just not really a question, 00:53:19.681 --> 00:53:20.222 but just a thought. 00:53:21.222 --> 00:53:23.804 You pointed out that this was tested on 00:53:23.864 --> 00:53:24.704 Chromium browsers, 00:53:24.764 --> 00:53:26.206 which is probably what most people are 00:53:26.226 --> 00:53:26.965 going to use anyways. 00:53:29.239 --> 00:53:31.159 I, at my last job, 00:53:31.219 --> 00:53:33.739 they gave us work computers that came with 00:53:33.780 --> 00:53:34.320 Microsoft. 00:53:35.119 --> 00:53:36.840 And I mean, 00:53:36.900 --> 00:53:38.081 ninety nine percent of what I did was 00:53:38.121 --> 00:53:39.340 logging into the company stuff anyway. 00:53:39.380 --> 00:53:40.481 So I just use Edge because that's what 00:53:40.521 --> 00:53:40.960 it came with. 00:53:41.501 --> 00:53:42.222 And at one point, 00:53:42.461 --> 00:53:43.442 I think at one point I did get 00:53:43.481 --> 00:53:45.422 Brave installed on it and then I was 00:53:45.461 --> 00:53:46.422 never able to do it again. 00:53:47.143 --> 00:53:48.762 But I think I did try Firefox because 00:53:48.782 --> 00:53:49.543 I was like, well, you know, 00:53:49.663 --> 00:53:51.443 it'll it's not Edge, right? 00:53:51.724 --> 00:53:52.923 It'll be a way bigger improvement in 00:53:52.943 --> 00:53:53.344 privacy. 00:53:54.103 --> 00:53:55.583 But I got really annoyed because 00:53:55.664 --> 00:53:57.045 everything in a corporate environment is 00:53:57.204 --> 00:53:58.105 optimized to work 00:53:59.047 --> 00:53:59.728 with Edge. 00:54:00.369 --> 00:54:02.088 And so it was just so much extra 00:54:02.128 --> 00:54:03.530 friction to use Firefox. 00:54:03.949 --> 00:54:05.309 So where I'm going with this is, yeah, 00:54:05.369 --> 00:54:06.831 like most corporate environments are 00:54:06.871 --> 00:54:09.211 probably going to be using either Chrome 00:54:09.351 --> 00:54:10.652 or Edge because everybody's familiar with 00:54:10.672 --> 00:54:10.952 Chrome. 00:54:11.012 --> 00:54:12.833 And where I was going with that is 00:54:12.932 --> 00:54:14.173 at my job, they said like, yeah, 00:54:14.213 --> 00:54:15.554 if you go to our little app store, 00:54:15.574 --> 00:54:16.833 you can download Chrome or whatever. 00:54:16.873 --> 00:54:17.375 We don't care. 00:54:17.474 --> 00:54:18.534 Use whatever browser you want. 00:54:18.974 --> 00:54:20.115 So most people are probably going to be 00:54:20.135 --> 00:54:20.896 using Chrome or Edge. 00:54:20.976 --> 00:54:22.235 Maybe some will be using Safari, 00:54:22.255 --> 00:54:23.597 which I think the article did say that 00:54:25.302 --> 00:54:25.541 Yeah, 00:54:25.561 --> 00:54:26.882 Safari users are less likely to be 00:54:26.902 --> 00:54:28.483 affected by the specific mechanism based 00:54:28.543 --> 00:54:30.224 on how extension detection typically works 00:54:30.244 --> 00:54:30.985 across browsers. 00:54:31.945 --> 00:54:33.146 Apple's browser model limits 00:54:33.387 --> 00:54:34.507 fingerprinting surfaces. 00:54:35.969 --> 00:54:38.371 But it kind of goes back to... 00:54:41.313 --> 00:54:43.393 It's unfortunate because not everything... 00:54:44.175 --> 00:54:44.434 Where am I? 00:54:44.675 --> 00:54:47.177 How am I trying to word this? 00:54:47.257 --> 00:54:48.777 It's important to try to compartmentalize 00:54:48.898 --> 00:54:50.338 your professional life and your personal 00:54:50.358 --> 00:54:50.818 life, right? 00:54:50.858 --> 00:54:51.420 Like never... 00:54:52.835 --> 00:54:54.577 Never do personal stuff on a work 00:54:54.597 --> 00:54:55.036 computer. 00:54:56.097 --> 00:54:57.277 For some reason, people do anyways, 00:54:57.297 --> 00:54:57.958 and I don't know why. 00:54:58.398 --> 00:54:58.938 But even then, 00:54:58.978 --> 00:55:00.539 LinkedIn is something that... 00:55:00.900 --> 00:55:02.061 You wouldn't get in trouble for doing that 00:55:02.081 --> 00:55:03.722 on a work computer, I would imagine, 00:55:04.442 --> 00:55:05.503 but it's also something you would do at 00:55:05.543 --> 00:55:06.103 home, right? 00:55:06.143 --> 00:55:08.385 LinkedIn is supposed to be something that 00:55:08.405 --> 00:55:10.885 follows you from job to job to job. 00:55:12.007 --> 00:55:13.847 It's not necessarily specific to that job. 00:55:14.188 --> 00:55:15.327 So it is something that I could see 00:55:15.367 --> 00:55:16.969 people checking on a home device, 00:55:17.610 --> 00:55:19.391 which is so frustrating because it's like 00:55:20.530 --> 00:55:21.231 you're trying to... 00:55:23.170 --> 00:55:23.411 I don't know. 00:55:23.451 --> 00:55:23.831 It's like, 00:55:23.891 --> 00:55:24.733 it's one of those things where like, 00:55:24.753 --> 00:55:26.034 you're not really necessarily doing 00:55:26.074 --> 00:55:27.257 anything wrong and you're still getting 00:55:27.297 --> 00:55:27.677 punished. 00:55:27.717 --> 00:55:29.099 And that's, that's super frustrating, 00:55:29.139 --> 00:55:31.884 but yeah, I guess I, 00:55:31.923 --> 00:55:33.005 I just wanted to point that out. 00:55:33.085 --> 00:55:35.728 It's, it's, yeah, I don't know for sure. 00:55:35.829 --> 00:55:37.692 I mean, a ton of people, I think, 00:55:37.992 --> 00:55:38.112 um, 00:55:40.478 --> 00:55:43.242 Their work laptop is their only computer 00:55:43.302 --> 00:55:44.943 in a lot of cases besides their phone. 00:55:45.023 --> 00:55:46.585 I think a lot of I know people 00:55:46.606 --> 00:55:47.407 in that situation. 00:55:48.748 --> 00:55:49.610 And yeah, 00:55:49.630 --> 00:55:51.472 definitely do not recommend doing that. 00:55:52.514 --> 00:55:54.876 You should get your own personal laptop 00:55:54.916 --> 00:55:55.737 and use that instead. 00:55:55.797 --> 00:55:56.858 But I know a lot of people do 00:55:56.878 --> 00:55:57.320 that anyways. 00:55:58.480 --> 00:55:59.860 Another thing that I wanted to share, 00:56:01.601 --> 00:56:02.322 not in the notes, 00:56:02.342 --> 00:56:04.864 but kind of related to this is browser 00:56:04.885 --> 00:56:07.326 extensions aren't the only ways that 00:56:07.365 --> 00:56:08.967 websites can potentially fingerprint you 00:56:09.067 --> 00:56:10.789 or like software you have installed on 00:56:10.829 --> 00:56:11.369 your computer. 00:56:11.409 --> 00:56:14.010 Sometimes the software itself on your 00:56:14.030 --> 00:56:15.572 computer can work against you. 00:56:16.652 --> 00:56:18.353 And so kind of recently, 00:56:18.434 --> 00:56:19.635 I think this has been going on for 00:56:19.655 --> 00:56:19.974 a while, 00:56:20.014 --> 00:56:22.717 but it's been picked up by some news 00:56:22.777 --> 00:56:23.297 sources. 00:56:26.277 --> 00:56:28.097 Basically, Adobe Creative Cloud, 00:56:28.137 --> 00:56:29.059 of course it's Adobe, 00:56:30.719 --> 00:56:32.862 is changing the host file on your 00:56:32.922 --> 00:56:33.402 computer, 00:56:35.163 --> 00:56:37.445 which allows websites to detect whether 00:56:37.485 --> 00:56:40.007 you have Adobe Creative Cloud installed. 00:56:40.427 --> 00:56:41.728 So this is posted to Reddit. 00:56:42.208 --> 00:56:42.648 Basically, 00:56:42.688 --> 00:56:45.391 Adobe is adding this line to your host 00:56:45.431 --> 00:56:45.771 file. 00:56:45.871 --> 00:56:48.452 And then when you visit the Adobe website, 00:56:49.092 --> 00:56:52.235 it tries loading an image from that exact 00:56:52.255 --> 00:56:52.635 domain. 00:56:52.894 --> 00:56:55.737 And if the image loads because of this 00:56:56.496 --> 00:56:58.597 line that they've added that points that 00:56:58.637 --> 00:56:59.918 domain to a specific IP, 00:57:00.239 --> 00:57:03.260 then they know that you have Creative 00:57:03.300 --> 00:57:03.940 Cloud installed. 00:57:04.021 --> 00:57:04.722 And that could, of course, 00:57:04.762 --> 00:57:06.983 be checked by any number of different 00:57:07.003 --> 00:57:08.804 websites to detect whether you have Adobe 00:57:08.844 --> 00:57:10.085 Creative Cloud installed. 00:57:10.244 --> 00:57:13.206 And so even if you don't have any 00:57:13.226 --> 00:57:13.987 browser extensions, 00:57:14.007 --> 00:57:15.947 there are other ways that software 00:57:16.668 --> 00:57:20.248 on your device itself can um increase your 00:57:20.268 --> 00:57:22.670 browser fingerprinting profile um 00:57:24.050 --> 00:57:25.650 regardless of what you do with the browser 00:57:25.710 --> 00:57:28.831 so that is something to definitely keep an 00:57:28.911 --> 00:57:30.351 eye out for because the only thing that 00:57:30.371 --> 00:57:31.811 would really protect you against this is 00:57:32.052 --> 00:57:34.472 either not letting creative cloud do this 00:57:34.512 --> 00:57:35.833 which i don't know if there's a mechanism 00:57:35.873 --> 00:57:36.853 to do that but it might be 00:57:37.914 --> 00:57:39.936 uh worth looking into or using a browser 00:57:39.976 --> 00:57:41.958 like tor browser which is going to bypass 00:57:42.117 --> 00:57:44.298 all of your local network stuff 00:57:44.318 --> 00:57:47.442 specifically but that's um challenging to 00:57:47.461 --> 00:57:48.422 do and not a lot of people are 00:57:48.443 --> 00:57:51.565 doing that for day-to-day use um and so 00:57:51.664 --> 00:57:54.206 software that does something like this um 00:57:54.628 --> 00:57:56.268 is a problem i don't know of any 00:57:56.309 --> 00:57:57.590 other software that's going to do this 00:57:57.650 --> 00:58:01.052 besides adobe but um 00:58:02.793 --> 00:58:03.474 Of course, again, 00:58:03.514 --> 00:58:06.994 of course it's Adobe doing that, but yeah, 00:58:07.014 --> 00:58:09.034 that is another attack vector unrelated to 00:58:09.074 --> 00:58:11.036 extensions that websites could be using 00:58:11.096 --> 00:58:14.117 that you'd also have to look out for. 00:58:14.137 --> 00:58:14.876 That's insane though. 00:58:14.976 --> 00:58:16.157 Editing the host file. 00:58:18.297 --> 00:58:19.639 I don't even like screwing with that. 00:58:19.679 --> 00:58:20.898 That's some deep level stuff. 00:58:22.500 --> 00:58:23.219 Oh my God. 00:58:23.559 --> 00:58:23.860 Wow. 00:58:24.079 --> 00:58:25.780 These companies are out of control, man. 00:58:26.300 --> 00:58:26.541 Yeah. 00:58:30.844 --> 00:58:31.505 My brain hurts. 00:58:31.905 --> 00:58:33.786 Just related to that, it's always DNS, 00:58:33.905 --> 00:58:34.405 right? 00:58:34.445 --> 00:58:35.766 DNS can be used against you. 00:58:35.827 --> 00:58:37.027 DNS is used for evil. 00:58:37.047 --> 00:58:39.007 Anyways, 00:58:39.027 --> 00:58:40.309 I think that's all I have to say. 00:58:40.329 --> 00:58:41.929 Do you want to talk about our next 00:58:41.949 --> 00:58:42.409 story here? 00:58:43.090 --> 00:58:43.469 Yeah. 00:58:44.291 --> 00:58:45.831 My brain is still hurting from the host 00:58:45.851 --> 00:58:47.172 file thing, so we'll just move on. 00:58:49.293 --> 00:58:50.652 So this next story, 00:58:51.213 --> 00:58:53.393 it helps if I share the actual screen. 00:58:53.454 --> 00:58:53.914 Here we go. 00:58:54.414 --> 00:58:56.315 So this next story comes from Four of 00:58:56.335 --> 00:58:56.916 War Media. 00:58:56.996 --> 00:58:57.275 It says, 00:58:57.295 --> 00:58:59.856 a secure chat app's encryption is so bad, 00:59:00.295 --> 00:59:01.896 It's quote unquote meaningless. 00:59:04.376 --> 00:59:04.836 I mean, okay, 00:59:04.856 --> 00:59:05.637 we'll go through it a little bit. 00:59:05.657 --> 00:59:08.318 So the app is called Teleguard and I've 00:59:08.358 --> 00:59:09.219 heard of it a little bit. 00:59:09.259 --> 00:59:10.478 It actually rang a bell when I read 00:59:10.539 --> 00:59:10.798 this. 00:59:12.500 --> 00:59:13.739 I really, I'm not going to lie. 00:59:13.820 --> 00:59:15.059 I really wanted a moment where I went 00:59:15.079 --> 00:59:19.240 and checked the DMs on the forum because 00:59:19.282 --> 00:59:20.981 we get a lot of projects and privacy 00:59:21.021 --> 00:59:22.161 guides that message us directly. 00:59:22.181 --> 00:59:23.003 And they're like, hey, 00:59:23.023 --> 00:59:23.983 you should recommend our product. 00:59:24.003 --> 00:59:24.762 And we always tell them like, 00:59:24.802 --> 00:59:25.782 go post on the forum. 00:59:25.802 --> 00:59:26.864 This is a community project. 00:59:26.903 --> 00:59:27.804 Let the community vet it. 00:59:28.565 --> 00:59:29.204 Um, so I, 00:59:29.244 --> 00:59:30.806 I went and checked and I thought like 00:59:30.846 --> 00:59:31.306 maybe I, 00:59:31.427 --> 00:59:32.807 I knew their name cause they messaged us, 00:59:32.847 --> 00:59:34.690 but, um, nothing like that, I guess. 00:59:34.750 --> 00:59:36.311 So I don't know where I've heard it 00:59:36.331 --> 00:59:37.211 from, but, um, 00:59:37.251 --> 00:59:38.492 it has been mentioned on the forum once 00:59:38.532 --> 00:59:38.873 or twice, 00:59:38.893 --> 00:59:40.494 but never really like heavily recommended 00:59:40.534 --> 00:59:41.014 or anything. 00:59:41.114 --> 00:59:42.076 Just, I don't know. 00:59:42.556 --> 00:59:42.916 But either way. 00:59:42.956 --> 00:59:43.177 Yeah. 00:59:43.237 --> 00:59:44.898 So this is an app that markets itself 00:59:44.918 --> 00:59:47.260 as a secure end to end encrypted messaging 00:59:47.280 --> 00:59:47.760 platform. 00:59:48.141 --> 00:59:49.541 It's been downloaded at least a million 00:59:49.581 --> 00:59:50.001 times. 00:59:50.663 --> 00:59:53.164 Um, but apparently this researcher, uh, 00:59:53.907 --> 00:59:55.268 found, it says there's no storage, 00:59:55.309 --> 00:59:59.030 highly encrypted, highly encrypted, um, 00:59:59.050 --> 01:00:00.231 kind of like military grade encryption, 01:00:00.291 --> 01:00:00.472 right? 01:00:01.012 --> 01:00:02.373 Anyways, um, Swiss made, 01:00:02.913 --> 01:00:04.594 and there's an anonymous researcher in 01:00:04.614 --> 01:00:06.014 March who contacted four Oh four. 01:00:06.175 --> 01:00:08.496 They said that the private encryption keys 01:00:08.876 --> 01:00:10.498 are sent to the company server upon 01:00:10.518 --> 01:00:11.378 account registration. 01:00:11.978 --> 01:00:13.099 And, um, 01:00:13.139 --> 01:00:14.380 Jonah can correct me if I'm wrong about 01:00:14.420 --> 01:00:15.300 any of this, cause I'm, 01:00:15.380 --> 01:00:16.942 I'm speaking a little bit outside my 01:00:16.981 --> 01:00:17.983 element here, but I think I'm, 01:00:18.182 --> 01:00:18.943 I'm right about this. 01:00:19.684 --> 01:00:21.625 Um, there are services like proton, 01:00:21.664 --> 01:00:23.686 for example, that, um, 01:00:24.487 --> 01:00:25.547 I don't know if I'd say the private 01:00:25.568 --> 01:00:26.628 key gets sent to the server, 01:00:26.969 --> 01:00:28.188 but they do have a way where like 01:00:28.228 --> 01:00:29.469 you can log in from any device and 01:00:29.489 --> 01:00:30.630 your email is decrypted. 01:00:30.690 --> 01:00:30.909 Right. 01:00:31.730 --> 01:00:33.431 But they also store that in such a 01:00:33.471 --> 01:00:35.072 way where they don't really get the key 01:00:35.112 --> 01:00:35.751 itself. 01:00:35.771 --> 01:00:37.532 Um, I, again, 01:00:37.592 --> 01:00:38.713 I could have the details wrong here, 01:00:38.753 --> 01:00:39.452 but my point being like, 01:00:39.552 --> 01:00:42.054 I think there is a way to store 01:00:42.094 --> 01:00:42.893 private keys, 01:00:43.934 --> 01:00:45.394 but they weren't doing it this way. 01:00:45.474 --> 01:00:46.574 They weren't doing it in a way where 01:00:46.594 --> 01:00:46.815 it's like, 01:00:46.856 --> 01:00:48.115 we don't have access to your private key. 01:00:48.155 --> 01:00:50.637 Like, no, they just had your private keys. 01:00:50.896 --> 01:00:51.056 Um, 01:00:52.355 --> 01:00:53.576 So yeah, they also... 01:00:54.677 --> 01:00:55.679 I think it's further down. 01:00:56.239 --> 01:00:57.960 They go through every single issue they 01:00:58.001 --> 01:00:58.222 found, 01:00:58.262 --> 01:01:00.224 which is basically like your private key 01:01:00.244 --> 01:01:02.126 was derived from your user ID. 01:01:02.326 --> 01:01:04.668 So anybody who had your user ID could 01:01:04.708 --> 01:01:06.550 plug it into this API and decrypt your 01:01:06.570 --> 01:01:09.393 messages, which is anybody you message. 01:01:09.875 --> 01:01:11.896 Or a lot of people will post their... 01:01:12.958 --> 01:01:13.918 Well, Signal, for example, 01:01:13.938 --> 01:01:14.980 but a lot of people will post their 01:01:15.019 --> 01:01:16.240 username publicly because they're like, 01:01:16.280 --> 01:01:17.563 hey, anybody who wants to contact me, 01:01:17.603 --> 01:01:18.023 go ahead. 01:01:19.023 --> 01:01:20.746 They said further down that metadata was 01:01:20.786 --> 01:01:21.827 stored in plain text. 01:01:21.967 --> 01:01:25.030 So basically every single mistake you 01:01:25.050 --> 01:01:28.432 could possibly imagine a company doing or 01:01:28.452 --> 01:01:29.253 a messenger doing, 01:01:29.313 --> 01:01:30.375 it seems like they were doing. 01:01:30.514 --> 01:01:32.657 And oh, man, hold on. 01:01:32.737 --> 01:01:33.597 I do have to find... 01:01:36.041 --> 01:01:36.260 Yeah. 01:01:36.601 --> 01:01:38.722 So the CEO, after publication, 01:01:38.782 --> 01:01:40.922 the CEO contacted four Oh four via 01:01:40.983 --> 01:01:41.422 LinkedIn, 01:01:42.123 --> 01:01:43.983 hopefully from a company computer in a 01:01:44.003 --> 01:01:46.005 direct message and said, quote, this, 01:01:46.304 --> 01:01:47.525 the information is incorrect. 01:01:47.626 --> 01:01:48.266 Exclamation point. 01:01:48.326 --> 01:01:49.507 The person who gave you the technical 01:01:49.726 --> 01:01:51.246 information that has completely misled 01:01:51.266 --> 01:01:51.407 you. 01:01:51.668 --> 01:01:52.807 That person is not competent. 01:01:52.967 --> 01:01:53.708 Exclamation point. 01:01:54.208 --> 01:01:54.289 Uh, 01:01:54.309 --> 01:01:55.909 the CEO did not provide any evidence for 01:01:55.949 --> 01:01:57.269 this or point to any specifics. 01:01:57.929 --> 01:01:59.271 Um, very. 01:01:59.931 --> 01:02:00.130 Yeah. 01:02:00.271 --> 01:02:00.871 I don't know. 01:02:00.891 --> 01:02:01.931 I always like when people do that kind 01:02:01.972 --> 01:02:02.492 of stuff. 01:02:02.532 --> 01:02:03.112 Very professional. 01:02:04.273 --> 01:02:04.333 Um, 01:02:04.972 --> 01:02:05.911 So is my making fun of them, 01:02:05.952 --> 01:02:06.333 but whatever. 01:02:07.972 --> 01:02:08.974 So yeah, I personally, 01:02:09.094 --> 01:02:10.534 I wanted to share this story because I 01:02:10.554 --> 01:02:12.034 feel like in the privacy community in 01:02:12.094 --> 01:02:12.474 general, 01:02:13.175 --> 01:02:17.637 I see a lot of people who I 01:02:17.657 --> 01:02:17.878 think... 01:02:18.829 --> 01:02:20.449 we get excited about new projects. 01:02:21.311 --> 01:02:22.371 I think there's two kinds of privacy 01:02:22.391 --> 01:02:22.592 people. 01:02:22.652 --> 01:02:23.672 I think there's the people who get excited 01:02:23.693 --> 01:02:24.793 about new projects and the people who are 01:02:24.833 --> 01:02:25.974 suspicious of anything new. 01:02:27.056 --> 01:02:28.177 But I see a lot of people who 01:02:28.197 --> 01:02:30.259 get excited about new projects and they're 01:02:30.298 --> 01:02:31.380 constantly like, oh, 01:02:31.400 --> 01:02:32.681 there's this new messenger I just heard 01:02:32.721 --> 01:02:32.900 about. 01:02:32.940 --> 01:02:33.742 I'm excited to try it. 01:02:33.782 --> 01:02:34.603 What does everybody think? 01:02:34.922 --> 01:02:35.483 And first of all, 01:02:35.503 --> 01:02:37.144 I think that's really awesome when you go 01:02:37.184 --> 01:02:38.385 to other members of the community. 01:02:38.585 --> 01:02:39.206 What do people think? 01:02:39.887 --> 01:02:41.907 And because I have seen one of the 01:02:41.967 --> 01:02:44.090 messages that I mentioned when I was 01:02:44.110 --> 01:02:45.030 trying to figure out where I've heard of 01:02:45.050 --> 01:02:45.710 this app before. 01:02:46.751 --> 01:02:47.891 I went to the privacy guides forum and 01:02:47.972 --> 01:02:49.213 one person was asking like, hey, 01:02:49.233 --> 01:02:50.152 what does everybody think of this? 01:02:50.594 --> 01:02:51.634 And a lot of people were like, oh, 01:02:51.653 --> 01:02:52.574 it's proprietary. 01:02:52.655 --> 01:02:53.655 Like this seems weird. 01:02:53.715 --> 01:02:54.516 This seems weird. 01:02:54.835 --> 01:02:56.197 There's a lot of red flags here. 01:02:57.057 --> 01:02:58.297 I don't think anybody did like an actual 01:02:58.378 --> 01:03:00.039 technical analysis like this person did. 01:03:00.099 --> 01:03:01.119 But, you know, 01:03:01.159 --> 01:03:02.501 it's good to get that kind of feedback 01:03:02.561 --> 01:03:03.702 from other people. 01:03:03.762 --> 01:03:04.922 Like I'm very open about the fact that 01:03:05.003 --> 01:03:07.384 I don't really know a lot of code. 01:03:07.583 --> 01:03:08.085 I did take a... 01:03:09.208 --> 01:03:10.710 There's a little app that kind of gamifies 01:03:10.730 --> 01:03:12.309 learning code, kind of like Duolingo does. 01:03:12.389 --> 01:03:13.731 And allegedly it taught me Python, 01:03:13.751 --> 01:03:15.010 but I wouldn't trust me to code anything 01:03:15.030 --> 01:03:15.931 in Python if I were you. 01:03:16.592 --> 01:03:17.952 I can now look at Python and recognize 01:03:17.972 --> 01:03:18.913 it as Python, basically. 01:03:19.353 --> 01:03:21.054 So that said, like, 01:03:21.153 --> 01:03:22.233 I think it's really good to, 01:03:23.114 --> 01:03:24.414 in my case, you know, like, hey, 01:03:24.554 --> 01:03:25.876 I don't know enough about code to 01:03:25.956 --> 01:03:26.496 understand this. 01:03:26.536 --> 01:03:28.217 Can anybody else weigh in on this? 01:03:29.356 --> 01:03:30.217 That's a really good thing. 01:03:30.257 --> 01:03:32.679 But I think it's just this... 01:03:34.777 --> 01:03:36.038 be a little bit cautious, right? 01:03:36.458 --> 01:03:37.898 There's a fine line because on the one 01:03:37.918 --> 01:03:39.460 hand, if we never trust anything new, 01:03:39.980 --> 01:03:42.380 we would never have any mass adoption of 01:03:42.400 --> 01:03:44.300 all these great tools like Proton, Intuda, 01:03:44.820 --> 01:03:45.902 Signal, SimpleX. 01:03:46.521 --> 01:03:47.942 All these really good tools would never 01:03:47.981 --> 01:03:50.322 get out of the small phase because nobody 01:03:50.342 --> 01:03:51.043 would ever trust them. 01:03:51.483 --> 01:03:52.244 But at the same time, 01:03:52.284 --> 01:03:54.443 we have seen so many apps that shut 01:03:54.463 --> 01:03:55.385 down, sold. 01:03:56.105 --> 01:03:56.724 Every once in a while, 01:03:56.744 --> 01:03:57.945 it does turn out to be a honeypot. 01:03:58.184 --> 01:04:01.547 And so there's a very fine line between 01:04:01.567 --> 01:04:02.166 these things. 01:04:02.347 --> 01:04:02.887 And- 01:04:03.567 --> 01:04:04.751 Yeah, I would also ask, 01:04:04.791 --> 01:04:06.197 especially with chat messengers, 01:04:07.300 --> 01:04:08.485 one of my personal beefs is I feel 01:04:08.505 --> 01:04:08.927 like there's 01:04:09.918 --> 01:04:11.557 an obnoxious amount of messengers. 01:04:11.757 --> 01:04:13.478 And one of the questions I always ask 01:04:13.498 --> 01:04:15.039 with any new product, not just messengers, 01:04:15.059 --> 01:04:16.759 but any new product is what are you 01:04:16.838 --> 01:04:17.179 solving? 01:04:17.458 --> 01:04:19.039 Like people send me links all the time 01:04:19.059 --> 01:04:20.420 and they're like, this looks really cool. 01:04:20.460 --> 01:04:21.599 And I'm like, okay, what is it doing? 01:04:22.079 --> 01:04:22.780 What is it solving? 01:04:22.840 --> 01:04:24.360 What problem is this solving that, 01:04:25.240 --> 01:04:26.320 you know, whether it's a search engine, 01:04:26.340 --> 01:04:28.041 an email provider, whatever, 01:04:28.101 --> 01:04:30.121 like what is it doing that this existing 01:04:30.282 --> 01:04:31.382 tool doesn't already do? 01:04:31.742 --> 01:04:32.943 And I'd say about half the time people 01:04:32.963 --> 01:04:33.802 are like, oh, I don't know. 01:04:33.943 --> 01:04:34.143 I just, 01:04:34.282 --> 01:04:35.262 I saw it and thought it was cool. 01:04:37.081 --> 01:04:38.463 it's gotta be solving a problem for me 01:04:38.503 --> 01:04:40.782 personally, but yeah. 01:04:40.822 --> 01:04:42.583 So, um, I don't know. 01:04:42.623 --> 01:04:43.724 Did you have any thoughts on this? 01:04:43.804 --> 01:04:44.045 I know, 01:04:44.144 --> 01:04:46.846 I think this one may have gone below 01:04:46.865 --> 01:04:47.726 your radar a little bit, 01:04:47.766 --> 01:04:48.746 but did you have any thoughts about it? 01:04:49.347 --> 01:04:49.746 Yeah. 01:04:50.067 --> 01:04:51.487 Um, yeah, 01:04:51.507 --> 01:04:53.047 I think that's all a good takeaway. 01:04:53.327 --> 01:04:53.447 Um, 01:04:53.487 --> 01:04:55.648 thankfully the only thing I would say is 01:04:55.708 --> 01:04:57.570 in the case of teleguards specifically, 01:04:57.949 --> 01:04:59.010 um, 01:04:59.030 --> 01:05:00.570 thankfully we've known about some of the 01:05:00.610 --> 01:05:01.652 issues with it for a while. 01:05:01.751 --> 01:05:02.771 I know that they note at the end 01:05:02.811 --> 01:05:04.072 of this article, um, 01:05:05.313 --> 01:05:08.396 TeleGuard handed over information to the 01:05:08.536 --> 01:05:11.958 FBI in around, 01:05:11.978 --> 01:05:13.320 according to the Washington Post. 01:05:14.780 --> 01:05:17.643 That article was shared on our forum and 01:05:17.684 --> 01:05:19.405 in all of the posts where TeleGuard is 01:05:19.644 --> 01:05:21.226 brought up or in the thread about 01:05:21.266 --> 01:05:22.086 TeleGuard itself. 01:05:24.289 --> 01:05:25.590 People have known for a while that they 01:05:25.610 --> 01:05:27.791 can provide information like the push 01:05:27.831 --> 01:05:31.494 notification tokens and other information 01:05:31.534 --> 01:05:32.775 and hopefully are avoiding that. 01:05:32.856 --> 01:05:34.717 But yeah, 01:05:34.878 --> 01:05:38.061 it's definitely a good thing to keep in 01:05:38.101 --> 01:05:39.181 mind because there is a balance, 01:05:39.202 --> 01:05:39.641 like you said. 01:05:39.681 --> 01:05:43.085 We do need to have more products in 01:05:43.144 --> 01:05:43.865 this space, 01:05:44.326 --> 01:05:47.489 but knowing whether they work well is... 01:05:49.032 --> 01:05:49.653 kind of tricky. 01:05:50.556 --> 01:05:52.121 And it's always good to keep an eye 01:05:52.141 --> 01:05:54.067 on this stuff because they certainly do 01:05:54.106 --> 01:05:55.552 not always work the way that they 01:05:56.605 --> 01:05:59.346 market themselves for sure. 01:05:59.746 --> 01:06:01.367 I wasn't aware until I just read this 01:06:01.427 --> 01:06:03.047 article that it was made by Swiss cows. 01:06:03.108 --> 01:06:04.909 I've heard a lot of, well, 01:06:04.949 --> 01:06:05.648 not a lot, 01:06:05.708 --> 01:06:08.110 but I've heard their search engine brought 01:06:08.210 --> 01:06:09.170 up a few times. 01:06:09.251 --> 01:06:10.391 I know that they also have a file 01:06:10.431 --> 01:06:11.130 storage service, 01:06:11.150 --> 01:06:12.831 which is as far as I know, 01:06:12.851 --> 01:06:15.072 just based on next cloud and uses like 01:06:15.092 --> 01:06:16.534 the next cloud end to end encryption, 01:06:16.554 --> 01:06:17.994 which isn't the best. 01:06:19.094 --> 01:06:20.394 So they kind of just seem to be 01:06:20.496 --> 01:06:20.835 one of the, 01:06:21.795 --> 01:06:26.360 one of those companies where um they're 01:06:26.380 --> 01:06:28.101 just putting stuff out there probably with 01:06:28.201 --> 01:06:32.164 open source tools without really um adding 01:06:32.204 --> 01:06:34.485 too much or changing it i don't know 01:06:34.585 --> 01:06:37.869 if telegard is its own homebrew product i 01:06:37.889 --> 01:06:39.309 would imagine it is because i don't know 01:06:39.349 --> 01:06:41.010 of any like open source stuff that would 01:06:41.050 --> 01:06:42.072 be um 01:06:43.891 --> 01:06:45.931 that would have this poor encryption, 01:06:46.391 --> 01:06:48.331 at least the people who are like forking 01:06:48.992 --> 01:06:50.172 element, for example, 01:06:51.612 --> 01:06:54.333 are getting a reasonably decent encryption 01:06:54.413 --> 01:06:55.092 implementation, 01:06:55.132 --> 01:06:57.293 whereas I don't know what's going on with 01:06:57.333 --> 01:06:57.813 teleguard. 01:07:00.114 --> 01:07:01.135 But yeah, 01:07:02.175 --> 01:07:03.795 I think I think in this specific case, 01:07:03.815 --> 01:07:05.394 people already know not to use it. 01:07:05.976 --> 01:07:09.376 And otherwise, 01:07:09.635 --> 01:07:10.717 with with stuff not like this, 01:07:10.757 --> 01:07:12.556 it's it's everything you said for sure. 01:07:15.802 --> 01:07:17.943 Yeah, I looked into Swiss cows briefly, 01:07:18.143 --> 01:07:19.443 I think the only thing it has going 01:07:19.463 --> 01:07:20.764 for it is it says, 01:07:21.244 --> 01:07:22.085 like the search engine. 01:07:22.585 --> 01:07:26.007 It says that it will censor adult content, 01:07:26.128 --> 01:07:28.068 which I think could be useful if you 01:07:28.108 --> 01:07:29.250 have really young kids, 01:07:30.309 --> 01:07:31.710 just as like one of those layers of 01:07:31.751 --> 01:07:32.532 defense, you know, 01:07:32.552 --> 01:07:33.972 maybe set that as the default search 01:07:34.032 --> 01:07:36.094 engine on the family computer and 01:07:36.974 --> 01:07:38.596 But then we get into the whole topic 01:07:38.635 --> 01:07:38.876 of like, 01:07:38.896 --> 01:07:40.538 at what point is it appropriate to kind 01:07:40.577 --> 01:07:41.938 of transition your kids off that? 01:07:42.018 --> 01:07:43.380 But I don't know. 01:07:43.460 --> 01:07:44.641 I remember when I looked into it, 01:07:44.661 --> 01:07:45.802 that was kind of the only advantage I 01:07:45.844 --> 01:07:46.784 saw was like, okay, 01:07:47.224 --> 01:07:48.326 I could see this if I had young 01:07:48.365 --> 01:07:49.567 kids and I just wanted it as one 01:07:49.606 --> 01:07:51.028 more layer of defense of like, 01:07:51.467 --> 01:07:52.768 I don't want them to accidentally find 01:07:52.788 --> 01:07:53.889 their way onto something bad. 01:07:53.989 --> 01:07:55.088 But yeah, of course, 01:07:55.128 --> 01:07:57.650 for for immediate does note that Teleguard 01:07:57.829 --> 01:08:01.871 has a reputation of being linked to cam 01:08:01.911 --> 01:08:05.431 models and child abusers at the end of 01:08:05.452 --> 01:08:05.992 this article. 01:08:06.012 --> 01:08:08.851 So how much I would trust their approach 01:08:08.871 --> 01:08:09.652 to child safety, 01:08:09.693 --> 01:08:11.632 it probably would not be that far. 01:08:11.813 --> 01:08:14.034 But yeah, in general, 01:08:14.054 --> 01:08:16.453 it's probably a good idea for companies to 01:08:16.493 --> 01:08:18.135 be a bit more thoughtful about all of 01:08:18.154 --> 01:08:18.635 that stuff. 01:08:20.310 --> 01:08:20.989 Yeah, that's fair. 01:08:21.270 --> 01:08:22.470 I, I don't know. 01:08:22.570 --> 01:08:23.431 I trust four Oh four, 01:08:23.471 --> 01:08:24.112 but I'm not going to lie. 01:08:24.131 --> 01:08:24.912 When I read that part, 01:08:24.953 --> 01:08:26.154 my brain kind of went to like, 01:08:27.854 --> 01:08:29.815 I wonder how much Teleguard does get used 01:08:29.855 --> 01:08:30.496 for that stuff. 01:08:30.877 --> 01:08:31.197 I don't know. 01:08:32.480 --> 01:08:32.720 Yeah, 01:08:32.761 --> 01:08:34.662 maybe if you turn a blind eye to 01:08:34.682 --> 01:08:34.783 it. 01:08:34.823 --> 01:08:37.465 I don't know how much they market it, 01:08:37.564 --> 01:08:42.529 but I know that Kik had this reputation. 01:08:42.828 --> 01:08:44.010 Maybe it still does, I don't know. 01:08:45.251 --> 01:08:46.412 It does with me, that's for sure. 01:08:46.832 --> 01:08:47.493 Yeah, 01:08:47.533 --> 01:08:48.934 I've definitely heard this about various 01:08:49.533 --> 01:08:52.155 messaging apps to the point where it seems 01:08:52.216 --> 01:08:52.716 to be... 01:08:53.216 --> 01:08:54.917 If you have that reputation and it 01:08:55.219 --> 01:08:55.679 remains, 01:08:55.719 --> 01:08:57.539 it seems to be kind of intentional, 01:08:57.579 --> 01:08:58.720 and if it's on the radar... 01:08:59.921 --> 01:09:01.462 Of these officers saying that they're 01:09:01.502 --> 01:09:02.783 notorious for it, 01:09:03.805 --> 01:09:04.985 that is a bit of a red flag. 01:09:05.445 --> 01:09:07.006 Of course, with law enforcement, 01:09:07.027 --> 01:09:08.408 it can always go either way because a 01:09:08.707 --> 01:09:10.930 lot of law enforcement officers will say 01:09:11.430 --> 01:09:12.930 Drive Fina OS, for example, 01:09:12.990 --> 01:09:15.171 is notorious for being used by criminals 01:09:15.231 --> 01:09:17.694 when in reality it's just a security tool. 01:09:19.314 --> 01:09:21.936 But seeing as how this chat app doesn't 01:09:21.957 --> 01:09:24.137 seem to provide adequate security, 01:09:26.560 --> 01:09:27.980 I don't think it's the same sort of 01:09:28.020 --> 01:09:28.621 situation. 01:09:30.481 --> 01:09:30.721 Yeah. 01:09:30.841 --> 01:09:31.943 Which not to get off topic, 01:09:31.962 --> 01:09:33.042 but I know I've said in the past, 01:09:33.103 --> 01:09:33.323 like, 01:09:33.563 --> 01:09:34.724 cause there was that story about a year 01:09:34.764 --> 01:09:37.444 or two ago about, um, apparently in Spain, 01:09:37.543 --> 01:09:40.005 just having a pixel phone automatically 01:09:40.024 --> 01:09:40.824 makes you suspicious, 01:09:40.864 --> 01:09:42.645 like maybe not legally, but in practice, 01:09:42.706 --> 01:09:45.506 it makes you suspicious because the only 01:09:45.546 --> 01:09:48.408 people in Spain that have pixels are drug 01:09:48.427 --> 01:09:49.568 dealers using graphene. 01:09:50.387 --> 01:09:52.408 Um, and so it's the, 01:09:52.488 --> 01:09:54.069 my argument when we covered that story 01:09:54.289 --> 01:09:55.210 back then was like, 01:09:55.729 --> 01:09:57.430 this is why we need to normalize tools, 01:09:57.610 --> 01:09:58.430 uh, privacy tools, 01:09:58.470 --> 01:09:58.871 because 01:09:59.460 --> 01:10:01.619 if the only people using Signal are, 01:10:02.740 --> 01:10:03.780 not that they're doing anything wrong, 01:10:03.820 --> 01:10:04.140 of course, 01:10:04.180 --> 01:10:06.541 but like dissidents and drug dealers, 01:10:06.680 --> 01:10:08.181 then like it becomes like, oh, 01:10:08.601 --> 01:10:09.282 you're on Signal, 01:10:09.322 --> 01:10:10.462 you have something to hide, which, 01:10:10.481 --> 01:10:10.742 you know, 01:10:10.822 --> 01:10:12.143 in some countries being a dissident is 01:10:12.162 --> 01:10:12.542 illegal. 01:10:12.582 --> 01:10:14.382 So my point is I'm not trying to 01:10:14.422 --> 01:10:15.682 morally group them into the same thing, 01:10:15.703 --> 01:10:16.182 but my point, 01:10:16.724 --> 01:10:18.104 it becomes something suspicious. 01:10:18.144 --> 01:10:20.283 Whereas like if my stepdad is using 01:10:20.323 --> 01:10:22.364 Signal, probably does not know what it is. 01:10:22.564 --> 01:10:23.545 I had to download it and put it 01:10:23.564 --> 01:10:24.524 on his phone and set it up for 01:10:24.545 --> 01:10:25.744 him and get him in the family chat. 01:10:26.024 --> 01:10:27.145 He didn't even know it could do video 01:10:27.326 --> 01:10:28.345 or voice calls. 01:10:29.006 --> 01:10:29.947 I tried to call him on it one 01:10:29.987 --> 01:10:31.046 time and he didn't pick up. 01:10:31.067 --> 01:10:32.167 So I called him on the regular phone 01:10:32.186 --> 01:10:32.507 and he's like, 01:10:33.007 --> 01:10:34.028 did you just try to call me on 01:10:34.087 --> 01:10:34.387 signal? 01:10:34.408 --> 01:10:35.448 I'm like, yeah, it does voice calls. 01:10:35.469 --> 01:10:37.569 He's like, oh, I didn't know that. 01:10:37.630 --> 01:10:37.750 So, 01:10:38.050 --> 01:10:39.791 but my point being like when everybody's 01:10:39.890 --> 01:10:40.190 using it, 01:10:40.251 --> 01:10:41.470 then it takes away from that stigma 01:10:41.511 --> 01:10:42.692 because they can't point to it and be 01:10:42.712 --> 01:10:43.171 like, oh, 01:10:43.572 --> 01:10:44.932 only bad people are using signal. 01:10:45.493 --> 01:10:45.853 Really? 01:10:46.453 --> 01:10:46.814 Really? 01:10:47.373 --> 01:10:48.413 My seventy year old stepdad, 01:10:48.434 --> 01:10:49.494 you think is running drugs from the 01:10:49.515 --> 01:10:49.774 border? 01:10:50.414 --> 01:10:51.416 Come on. 01:10:51.456 --> 01:10:53.417 So anyways, yeah, 01:10:53.476 --> 01:10:54.737 I just I know that's a little off 01:10:54.777 --> 01:10:55.077 topic, 01:10:55.136 --> 01:10:56.377 but I always feel the need to say 01:10:56.398 --> 01:10:56.518 that. 01:10:59.286 --> 01:11:03.059 So I think that'll take us into forum 01:11:03.118 --> 01:11:05.787 updates if I remember correctly. 01:11:06.500 --> 01:11:08.282 Yeah, well, in a minute, everyone, 01:11:08.341 --> 01:11:09.662 we're going to start taking viewer 01:11:09.722 --> 01:11:10.143 questions. 01:11:10.182 --> 01:11:10.502 Of course, 01:11:10.523 --> 01:11:11.764 you can always leave them in the chat 01:11:11.823 --> 01:11:12.284 anytime. 01:11:12.625 --> 01:11:13.845 But if you've been holding on to any 01:11:13.886 --> 01:11:15.506 questions about any of these stories that 01:11:15.527 --> 01:11:18.248 we've talked about so far, go ahead, 01:11:18.288 --> 01:11:20.490 start leaving them now here in the chat 01:11:20.551 --> 01:11:24.054 or in the forum thread for this live 01:11:24.073 --> 01:11:25.694 stream. 01:11:25.755 --> 01:11:26.636 Otherwise, yeah, 01:11:26.735 --> 01:11:27.997 let's check it on the community forum. 01:11:28.176 --> 01:11:29.837 There's always a lot of activity on the 01:11:29.858 --> 01:11:30.599 forum every week, 01:11:30.618 --> 01:11:31.520 so you should always check it out. 01:11:31.600 --> 01:11:34.082 But here's a couple discussions that we 01:11:34.141 --> 01:11:34.202 had 01:11:34.841 --> 01:11:36.722 wanted to highlight from this week. 01:11:37.162 --> 01:11:40.804 The first one is here about Russia's 01:11:41.163 --> 01:11:42.043 internet blocks. 01:11:42.203 --> 01:11:48.865 Let me get this pulled up. 01:11:48.886 --> 01:11:50.525 This was just a discussion on a New 01:11:50.565 --> 01:11:54.186 York Times piece which talked about 01:11:54.306 --> 01:11:57.028 Russian internet restrictions and how 01:11:57.068 --> 01:11:58.408 Russians are evading them. 01:11:58.448 --> 01:11:59.747 So it's a bit of a cat and 01:11:59.787 --> 01:12:00.969 mouse game there. 01:12:05.765 --> 01:12:09.487 So the person who posted this said, 01:12:09.747 --> 01:12:11.347 as some background, since early March, 01:12:11.448 --> 01:12:12.068 Moscow and St. 01:12:12.108 --> 01:12:13.868 Petersburg have experienced widespread 01:12:13.929 --> 01:12:15.210 mobile internet blackouts, 01:12:15.270 --> 01:12:16.130 not just blocked apps, 01:12:16.189 --> 01:12:18.110 but full mobile data shutdowns. 01:12:18.631 --> 01:12:20.353 Telegram is reportedly being blocked 01:12:20.453 --> 01:12:21.853 entirely starting in April. 01:12:21.893 --> 01:12:24.175 The government regulators now have the 01:12:24.215 --> 01:12:26.315 authority to disconnect Russia from the 01:12:26.355 --> 01:12:28.077 global internet entirely. 01:12:28.176 --> 01:12:29.978 And some regions of Russia are on 01:12:29.997 --> 01:12:30.337 lockdown. 01:12:30.537 --> 01:12:32.599 whitelist mode meaning everything on the 01:12:32.658 --> 01:12:34.701 internet is blocked except state-approved 01:12:34.720 --> 01:12:37.422 services like yandex and government 01:12:37.743 --> 01:12:42.426 portals um so yeah this version was 01:12:42.506 --> 01:12:44.146 interested in whether or not there's a way 01:12:44.186 --> 01:12:47.109 around this government censorship um which 01:12:47.149 --> 01:12:49.451 could expand to europe and north america 01:12:50.796 --> 01:12:52.657 The whitelisting situation, 01:12:54.617 --> 01:12:56.358 that is pretty tricky because that's going 01:12:56.377 --> 01:12:59.259 to block even the ability to use Tor 01:12:59.899 --> 01:13:02.220 bridges, for example. 01:13:02.920 --> 01:13:06.501 I know that Tor bridges are probably the 01:13:06.541 --> 01:13:08.261 best way to get around censorship, 01:13:08.801 --> 01:13:10.002 but if you're in a full whitelist 01:13:10.042 --> 01:13:12.082 situation, that may not work. 01:13:12.983 --> 01:13:13.643 At the end of the day, 01:13:13.903 --> 01:13:15.463 if your internet service provider isn't 01:13:15.484 --> 01:13:18.585 going to allow you to make any sort 01:13:18.625 --> 01:13:19.305 of connections, 01:13:22.520 --> 01:13:24.201 There isn't much you can do about that 01:13:24.661 --> 01:13:26.442 besides find an entirely alternative 01:13:26.502 --> 01:13:26.902 network. 01:13:26.962 --> 01:13:30.524 So people in this thread note that Russian 01:13:30.564 --> 01:13:32.985 citizens have started using Meshtastic to 01:13:33.006 --> 01:13:33.605 communicate, 01:13:34.386 --> 01:13:35.947 which is a decentralized network that 01:13:36.087 --> 01:13:37.547 doesn't use the internet at all. 01:13:37.627 --> 01:13:41.210 It uses LoRa radios, 01:13:42.490 --> 01:13:43.792 which are small devices that you can 01:13:43.832 --> 01:13:45.292 connect to your phone to communicate, 01:13:45.332 --> 01:13:47.993 but they have very limited range, 01:13:48.094 --> 01:13:50.475 although you can set up a mesh with 01:13:50.494 --> 01:13:50.694 them. 01:13:54.194 --> 01:13:56.797 There's probably other solutions, 01:13:56.818 --> 01:13:57.920 but I think, yeah, 01:13:59.801 --> 01:14:01.524 there's probably not too much you could do 01:14:01.543 --> 01:14:05.630 from a technical perspective here that I 01:14:05.649 --> 01:14:06.189 can think of. 01:14:06.751 --> 01:14:08.372 Was there anything in this form that you 01:14:08.412 --> 01:14:09.774 wanted to highlight specifically? 01:14:11.960 --> 01:14:12.340 No, 01:14:13.380 --> 01:14:16.280 it was really just kind of the Russian 01:14:16.341 --> 01:14:17.462 internet blocks in general. 01:14:17.622 --> 01:14:18.822 I know when those, well, 01:14:20.863 --> 01:14:22.502 when the war in Ukraine first started, 01:14:22.823 --> 01:14:25.083 I know Russia started cracking down on 01:14:25.104 --> 01:14:25.823 VPNs. 01:14:26.064 --> 01:14:28.704 And at the time I was with Surveillance 01:14:28.725 --> 01:14:30.046 Report and Henry really made a good point 01:14:30.065 --> 01:14:32.166 about how this is one of the drawbacks 01:14:32.286 --> 01:14:34.226 of a centralized app store. 01:14:34.327 --> 01:14:35.567 And at the time we were talking about 01:14:35.646 --> 01:14:35.926 Apple, 01:14:35.966 --> 01:14:37.167 but now it seems like we're starting to 01:14:37.188 --> 01:14:38.087 talk about Android too. 01:14:39.167 --> 01:14:40.088 Um, because, you know, 01:14:40.368 --> 01:14:42.470 with Android and sideloading, uh, 01:14:42.750 --> 01:14:43.951 which I know people don't like that term, 01:14:43.970 --> 01:14:44.270 but you know, 01:14:44.390 --> 01:14:45.952 Android and installing third-party 01:14:45.971 --> 01:14:47.072 installs, whatever you want to call it. 01:14:47.591 --> 01:14:49.092 It's, um, 01:14:49.153 --> 01:14:50.453 it's kind of hard for Android to be 01:14:50.493 --> 01:14:50.734 like, well, 01:14:50.774 --> 01:14:52.734 we blocked VPN installs because they can't 01:14:52.755 --> 01:14:54.775 block VPN installs and Tor installs. 01:14:55.155 --> 01:14:56.356 Whereas Apple, you know, when, 01:14:56.516 --> 01:14:58.158 when Russia came to Apple and was like, 01:14:58.198 --> 01:14:58.398 Hey, 01:14:58.438 --> 01:15:00.519 remove proton VPN and Nord VPN and all 01:15:00.538 --> 01:15:02.539 these VPNs, they had no choice, 01:15:02.560 --> 01:15:04.041 but to be like, all right, we'll do. 01:15:04.220 --> 01:15:06.582 Cause you know that everything's so 01:15:06.641 --> 01:15:08.002 centralized and locked down, but. 01:15:08.823 --> 01:15:11.783 Yeah, with a total internet blackout, 01:15:11.804 --> 01:15:13.944 the thing that comes to mind is years 01:15:13.984 --> 01:15:17.546 ago, again, back on surveillance report. 01:15:17.667 --> 01:15:22.509 So I interviewed John Todd, 01:15:22.729 --> 01:15:24.670 who was the president of Quad Nine, 01:15:24.850 --> 01:15:25.150 I think. 01:15:26.810 --> 01:15:27.572 He's from Quad Nine. 01:15:27.612 --> 01:15:28.511 I think he was the president at the 01:15:28.532 --> 01:15:28.692 time. 01:15:28.712 --> 01:15:29.653 I'm not sure if he's still there. 01:15:29.733 --> 01:15:31.573 But it was interesting because we talked 01:15:31.594 --> 01:15:31.894 about, 01:15:31.913 --> 01:15:35.255 or it briefly came up about censorship 01:15:35.295 --> 01:15:35.695 resistance. 01:15:35.735 --> 01:15:36.876 And something he said that always stuck 01:15:36.895 --> 01:15:38.556 with me is he's not a fan of, 01:15:40.292 --> 01:15:42.993 DNS over HTTPS specifically for stuff like 01:15:43.054 --> 01:15:48.615 this because if if the government starts 01:15:48.655 --> 01:15:51.896 doing mass blocking at a DNS level and 01:15:51.936 --> 01:15:54.118 you use something like DOH it makes your 01:15:54.158 --> 01:15:57.380 traffic just blend in and eventually it 01:15:57.420 --> 01:15:58.060 kind of like 01:16:01.497 --> 01:16:03.219 I'm not trying to use language that is 01:16:03.259 --> 01:16:04.399 sympathetic to a government for the 01:16:04.420 --> 01:16:04.680 record, 01:16:04.739 --> 01:16:06.180 but it kind of backs them into a 01:16:06.240 --> 01:16:08.002 corner where they just decide to shut off 01:16:08.021 --> 01:16:09.444 the internet entirely because they can't 01:16:09.463 --> 01:16:11.845 figure out what traffic is going around 01:16:11.885 --> 01:16:12.466 the censorship. 01:16:12.525 --> 01:16:14.747 And I guess he was really ahead of 01:16:14.787 --> 01:16:16.288 his time with that prediction because 01:16:16.849 --> 01:16:17.989 that's basically what we're looking at 01:16:18.010 --> 01:16:18.329 right now. 01:16:18.390 --> 01:16:18.770 So yes, 01:16:18.850 --> 01:16:21.072 it's a really tricky thing because how 01:16:21.112 --> 01:16:22.733 would you, you know, and especially, 01:16:22.752 --> 01:16:24.173 I don't know, 01:16:24.234 --> 01:16:25.636 I feel like completely disconnecting from 01:16:25.655 --> 01:16:26.936 the global internet is a completely 01:16:26.957 --> 01:16:28.358 different beast that I don't even know how 01:16:28.377 --> 01:16:29.137 we would handle that. 01:16:29.158 --> 01:16:30.118 And I guess at that point it's, 01:16:32.016 --> 01:16:32.176 I mean, 01:16:32.216 --> 01:16:33.216 it's what are you trying to do? 01:16:33.256 --> 01:16:34.457 If you're just trying to talk to people 01:16:34.578 --> 01:16:36.318 locally, then yeah. 01:16:36.337 --> 01:16:37.719 Things like Meshtastic, I think, 01:16:39.698 --> 01:16:40.699 I really want to get into that, 01:16:40.739 --> 01:16:43.180 but it looks like it would require a 01:16:43.220 --> 01:16:44.640 little bit of skill just to kind of 01:16:45.341 --> 01:16:46.561 first time dive in, you know, 01:16:46.601 --> 01:16:48.822 to figure out the hardware and figure out 01:16:48.862 --> 01:16:51.542 the install and the apps and the, 01:16:51.783 --> 01:16:52.963 it feels like a bit of a commitment, 01:16:53.043 --> 01:16:54.823 but if there's maybe a way to make 01:16:54.863 --> 01:16:55.663 those things a little bit more 01:16:55.764 --> 01:16:56.805 user-friendly or... 01:16:59.377 --> 01:16:59.756 I don't know. 01:16:59.817 --> 01:17:00.658 Yeah, 01:17:00.917 --> 01:17:02.417 it's a good question because there's 01:17:02.778 --> 01:17:04.158 different things you would need in that 01:17:04.179 --> 01:17:04.878 situation, right? 01:17:05.679 --> 01:17:06.939 I would need to be able to communicate 01:17:06.960 --> 01:17:08.961 with my family here in the country, 01:17:09.320 --> 01:17:09.940 hypothetically. 01:17:10.541 --> 01:17:13.042 But then I would also need to be 01:17:13.061 --> 01:17:14.983 able to communicate with the wider 01:17:15.042 --> 01:17:16.423 internet and get information, 01:17:16.543 --> 01:17:18.625 which here in the US, unfortunately, 01:17:18.645 --> 01:17:19.824 we are kind of the wider internet. 01:17:19.885 --> 01:17:20.886 But in another country, 01:17:20.926 --> 01:17:21.626 that wouldn't be the case. 01:17:21.666 --> 01:17:22.746 Or I mean, Proton even. 01:17:22.786 --> 01:17:24.087 I wouldn't be able to check my ProtonMail, 01:17:24.127 --> 01:17:24.266 so... 01:17:24.827 --> 01:17:25.046 Yeah. 01:17:25.067 --> 01:17:25.948 I don't know. 01:17:26.007 --> 01:17:26.228 It's crazy. 01:17:26.247 --> 01:17:27.128 And even Meshtastic, 01:17:27.850 --> 01:17:30.452 that puts people in a dangerous situation. 01:17:30.492 --> 01:17:32.193 And there's always the possibility that 01:17:33.293 --> 01:17:35.475 Russia could, I mean, 01:17:35.515 --> 01:17:36.676 both ban the use of it, 01:17:36.716 --> 01:17:38.658 but also ban the import of Meshtastic 01:17:38.698 --> 01:17:39.099 hardware. 01:17:40.239 --> 01:17:41.440 I doubt any of it is being made 01:17:41.621 --> 01:17:43.362 domestically in Russia. 01:17:44.724 --> 01:17:47.426 And if anything is or could be, 01:17:47.786 --> 01:17:49.087 the Russian government could stop that. 01:17:49.747 --> 01:17:50.007 Yeah. 01:17:50.935 --> 01:17:52.237 and also just using it, 01:17:52.337 --> 01:17:53.677 or any sort of radio service, 01:17:53.877 --> 01:17:56.640 you can be trivially tracked. 01:17:56.680 --> 01:17:57.840 It does have a short range, 01:17:58.140 --> 01:17:59.320 so it depends where you are, 01:17:59.341 --> 01:18:01.582 but if people go around from the 01:18:01.622 --> 01:18:03.003 government and try to track people down 01:18:03.024 --> 01:18:06.305 who are using Matchtastic in the future, 01:18:06.326 --> 01:18:07.466 they would pretty much be able to find 01:18:07.506 --> 01:18:07.886 out who's 01:18:08.707 --> 01:18:10.728 using it um so there so there are 01:18:10.768 --> 01:18:13.248 concerns there i mean we even talked about 01:18:13.269 --> 01:18:15.170 in a previous episode um i think it 01:18:15.210 --> 01:18:17.690 was in belarus if i remember correctly um 01:18:18.190 --> 01:18:20.572 ham radio enthusiasts were being accused 01:18:20.671 --> 01:18:23.552 of like um being espionage agents 01:18:23.653 --> 01:18:25.493 basically um for 01:18:26.434 --> 01:18:28.694 for using their own like radio waves to 01:18:28.734 --> 01:18:30.296 communicate rather than like these 01:18:30.315 --> 01:18:31.216 government sanctioned things. 01:18:31.976 --> 01:18:34.359 So it does like any of this amateur 01:18:34.378 --> 01:18:36.300 radio stuff does put you in a dangerous 01:18:36.319 --> 01:18:37.661 position in a country like this. 01:18:38.801 --> 01:18:40.322 And especially if it becomes too 01:18:40.382 --> 01:18:41.023 widespread, 01:18:41.502 --> 01:18:43.423 it's very easy to imagine that Russia 01:18:43.444 --> 01:18:45.485 would take a similar position to the 01:18:45.546 --> 01:18:47.667 Internet in general and just blanket ban 01:18:47.707 --> 01:18:49.247 it because they don't really need it. 01:18:51.288 --> 01:18:52.989 The other reason this can't really be 01:18:53.069 --> 01:18:55.310 solved from like a technical perspective 01:18:55.572 --> 01:18:55.771 is 01:18:57.056 --> 01:18:57.497 Um, like, 01:18:57.518 --> 01:18:59.418 I don't think it's something that another 01:18:59.458 --> 01:19:01.640 country like the United States or someone 01:19:01.701 --> 01:19:04.122 else could kind of reach in and try 01:19:04.162 --> 01:19:06.243 to solve for Russian citizens. 01:19:06.404 --> 01:19:08.444 Like immediately what might come to mind 01:19:08.706 --> 01:19:10.846 is something like Starlink, for example, 01:19:10.907 --> 01:19:12.769 providing direct access to the internet, 01:19:12.788 --> 01:19:14.270 bypassing, you know, 01:19:14.369 --> 01:19:17.212 anything going on in Russia. 01:19:17.351 --> 01:19:18.533 But Starlink, 01:19:18.832 --> 01:19:21.694 like when that technology is in place, 01:19:21.835 --> 01:19:24.277 we see it used for, um, 01:19:25.563 --> 01:19:27.644 a lot of different things that the United 01:19:27.684 --> 01:19:29.505 States and companies like SpaceX 01:19:29.524 --> 01:19:31.365 definitely do not want to promote or 01:19:31.405 --> 01:19:31.765 support. 01:19:31.826 --> 01:19:35.228 We saw in the war with Ukraine, 01:19:35.247 --> 01:19:35.967 for example, 01:19:36.047 --> 01:19:38.369 Russian frontline troops were using 01:19:38.470 --> 01:19:41.371 Starlink extensively to communicate on the 01:19:41.390 --> 01:19:41.952 battlefield. 01:19:41.992 --> 01:19:44.292 That's actually the reason SpaceX 01:19:45.359 --> 01:19:47.661 does not operate in that region at all 01:19:47.720 --> 01:19:48.801 and hasn't for many years. 01:19:49.042 --> 01:19:51.305 And bringing it back for Russian citizens 01:19:51.345 --> 01:19:54.287 to get around something like this would 01:19:54.306 --> 01:19:56.609 just enable that usage of it again, 01:19:58.251 --> 01:19:59.652 which they definitely don't want to do. 01:20:00.092 --> 01:20:04.036 So it puts Russians in not a great 01:20:04.076 --> 01:20:07.819 situation and really the only solution. 01:20:08.668 --> 01:20:09.909 like we say for a lot of these 01:20:09.949 --> 01:20:12.332 very widespread privacy issues, 01:20:12.972 --> 01:20:15.295 whether it's age verification in Western 01:20:15.335 --> 01:20:19.457 countries or mass censorship in other 01:20:19.497 --> 01:20:21.078 countries, like in this case, 01:20:21.979 --> 01:20:24.381 it's more of a social issue that you 01:20:24.442 --> 01:20:26.724 have to resolve within your own country. 01:20:26.743 --> 01:20:28.926 And hopefully people can fight back 01:20:28.966 --> 01:20:29.827 against this there. 01:20:32.132 --> 01:20:32.673 Because, I mean, 01:20:33.054 --> 01:20:34.614 this should not be unacceptable. 01:20:34.875 --> 01:20:37.056 I mean, this should not be acceptable, 01:20:37.898 --> 01:20:38.679 if you know what I mean. 01:20:38.698 --> 01:20:40.780 So, yeah. 01:20:41.381 --> 01:20:41.640 Yeah, 01:20:41.740 --> 01:20:43.962 it's definitely something tricky that I 01:20:44.002 --> 01:20:46.685 don't know if we're qualified to solve. 01:20:46.725 --> 01:20:49.507 But I guess if there's any takeaways on 01:20:49.528 --> 01:20:49.828 this one, 01:20:49.868 --> 01:20:54.212 it would just be kind of a... 01:20:54.231 --> 01:20:55.774 I'm pretty open about having a mild 01:20:55.854 --> 01:20:57.234 interest in disaster prep. 01:20:57.414 --> 01:20:59.457 And sometimes that gets categorized as 01:21:00.167 --> 01:21:02.248 wrongly it gets characterized as like you 01:21:02.269 --> 01:21:03.748 know worrying about the end of the world 01:21:04.088 --> 01:21:06.029 um which i don't care about that but 01:21:06.050 --> 01:21:08.590 you know just little things like floods uh 01:21:08.609 --> 01:21:10.490 hurricanes tornadoes earthquakes and 01:21:11.230 --> 01:21:12.671 unfortunately we are in an incredibly 01:21:12.712 --> 01:21:14.091 digital world so you have to think about 01:21:14.212 --> 01:21:17.972 outages and cyber attacks and so um i 01:21:17.993 --> 01:21:19.453 guess yeah if nothing else this is just 01:21:19.474 --> 01:21:20.474 kind of a thought experiment of 01:21:21.912 --> 01:21:23.613 if you're listening and you're in a 01:21:23.632 --> 01:21:24.833 situation where you don't have to worry 01:21:24.854 --> 01:21:25.435 about this yet, 01:21:26.154 --> 01:21:27.195 just think about it a little bit. 01:21:27.235 --> 01:21:28.497 Like don't lose any sleep over it, 01:21:28.537 --> 01:21:29.177 but you know, what, 01:21:29.238 --> 01:21:30.618 what would I do in that situation? 01:21:30.679 --> 01:21:32.060 And just kind of give that some thought, 01:21:32.100 --> 01:21:32.359 I guess. 01:21:36.493 --> 01:21:39.073 The other forum post we were going to 01:21:39.094 --> 01:21:39.914 look at, this one, 01:21:40.395 --> 01:21:41.676 there's probably not too much to say on 01:21:41.695 --> 01:21:42.895 this one, but there's a new video, 01:21:43.617 --> 01:21:46.137 a YouTuber, this got shared on our forum, 01:21:46.639 --> 01:21:48.078 that said, if you ran this debloater, 01:21:48.139 --> 01:21:49.680 reinstall your system immediately. 01:21:49.880 --> 01:21:51.742 And this is specifically, 01:21:52.622 --> 01:21:54.382 so for the Windows users out there, 01:21:54.462 --> 01:21:58.324 you know that there's a lot of scripts 01:21:58.706 --> 01:22:00.907 that promise to do all kinds of different 01:22:00.947 --> 01:22:02.007 things to your system. 01:22:02.967 --> 01:22:03.548 Um, 01:22:03.569 --> 01:22:04.649 there's a lot of ones that are popular 01:22:04.670 --> 01:22:06.372 in the privacy community that promise to 01:22:06.412 --> 01:22:07.832 remove a lot of telemetry and stuff. 01:22:08.273 --> 01:22:10.274 There's also some that claim to optimize 01:22:10.314 --> 01:22:12.197 the graphics and the performance and this, 01:22:12.216 --> 01:22:12.837 that, and the other, 01:22:13.439 --> 01:22:16.782 there's even entire windows ISOs that, um, 01:22:18.331 --> 01:22:19.431 I want to say it was called Atlas 01:22:19.492 --> 01:22:19.731 OS. 01:22:19.752 --> 01:22:20.532 And if I've got that wrong, 01:22:20.612 --> 01:22:21.653 I apologize to those guys. 01:22:21.693 --> 01:22:23.953 But there was one that advertised itself 01:22:23.993 --> 01:22:25.435 as like a gaming distro. 01:22:25.515 --> 01:22:26.716 And it's basically like you install 01:22:26.735 --> 01:22:28.716 Windows from scratch using this customized 01:22:28.856 --> 01:22:31.898 ISO and it comes pre-optimized for gaming. 01:22:32.399 --> 01:22:35.940 But the downside is it turns off Windows 01:22:35.961 --> 01:22:36.301 Defender. 01:22:37.690 --> 01:22:38.530 which I don't know why you would do 01:22:38.551 --> 01:22:38.711 that. 01:22:39.992 --> 01:22:41.493 So yeah, I'll be honest, 01:22:41.512 --> 01:22:42.733 I didn't watch this specific video, 01:22:42.773 --> 01:22:46.274 but basically it was not trustworthy. 01:22:46.414 --> 01:22:47.855 I think it may have even come with 01:22:47.956 --> 01:22:48.676 actual malware, 01:22:48.695 --> 01:22:49.577 but don't quote me on that. 01:22:50.096 --> 01:22:54.038 And so this whole thread is basically 01:22:54.078 --> 01:22:55.439 talking about these deep loaders and 01:22:55.479 --> 01:22:55.800 stuff. 01:22:56.039 --> 01:22:58.161 And I think the official position of 01:22:58.180 --> 01:22:59.822 Privacy Guides is that we don't recommend 01:22:59.841 --> 01:23:00.542 them because they are... 01:23:02.557 --> 01:23:03.037 They're tricky. 01:23:03.078 --> 01:23:04.579 I know there's some that are open source 01:23:04.819 --> 01:23:06.881 or source available, I should say. 01:23:07.042 --> 01:23:08.524 And if you know code and you're 01:23:08.564 --> 01:23:10.145 comfortable doing it, then sure, 01:23:10.185 --> 01:23:11.528 you could look through it and make sure 01:23:11.728 --> 01:23:13.149 that you verify what it's doing. 01:23:13.210 --> 01:23:14.751 But it's definitely very... 01:23:15.112 --> 01:23:15.993 A lot of these deep loaders, 01:23:16.012 --> 01:23:17.314 you're giving them a lot of power over 01:23:17.333 --> 01:23:18.055 your Windows system. 01:23:18.354 --> 01:23:18.515 And... 01:23:20.077 --> 01:23:20.858 If you're going to use one, 01:23:20.917 --> 01:23:22.298 you have to be like come off of 01:23:22.338 --> 01:23:23.899 a mountain and found a religion positive 01:23:23.920 --> 01:23:26.981 that this thing is trustworthy because it 01:23:27.021 --> 01:23:28.363 would not take much for it to do 01:23:28.422 --> 01:23:29.182 something malicious, 01:23:29.243 --> 01:23:31.184 whether that's planning malware, 01:23:31.264 --> 01:23:33.886 crypto mining, stealing data, whatever. 01:23:33.945 --> 01:23:34.086 So, yeah. 01:23:34.105 --> 01:23:36.408 Absolutely. 01:23:36.488 --> 01:23:37.268 I think I just wanted to take a 01:23:37.307 --> 01:23:38.548 moment to mention that. 01:23:39.369 --> 01:23:41.631 And it's worth noting this tool in 01:23:41.650 --> 01:23:43.452 question is open source as well. 01:23:44.033 --> 01:23:44.632 As far as I know, 01:23:44.653 --> 01:23:45.894 it doesn't come with malware, 01:23:45.934 --> 01:23:46.994 but it basically acts... 01:23:48.307 --> 01:23:49.748 the way that malware would. 01:23:50.409 --> 01:23:52.131 There's a pinned comment on this video 01:23:52.612 --> 01:23:53.912 saying there's a few inaccurate 01:23:53.932 --> 01:23:54.974 statements, but overall, 01:23:57.416 --> 01:24:00.158 the conclusion of the video is that this 01:24:00.179 --> 01:24:01.319 is all implemented poorly. 01:24:01.659 --> 01:24:02.900 I do think this is a classic case 01:24:02.940 --> 01:24:03.320 of like, 01:24:05.109 --> 01:24:06.689 somebody putting something out there 01:24:06.729 --> 01:24:08.431 without really fully understanding what it 01:24:08.452 --> 01:24:08.631 does. 01:24:08.652 --> 01:24:11.595 I don't want to say whether it is 01:24:11.635 --> 01:24:11.875 or not, 01:24:11.895 --> 01:24:13.296 but I think we're just going to see 01:24:14.256 --> 01:24:16.179 this happening more often as more people 01:24:16.198 --> 01:24:18.740 try to AI code tools to solve all 01:24:18.761 --> 01:24:19.881 of their problems without really 01:24:19.921 --> 01:24:21.423 understanding what they are. 01:24:22.364 --> 01:24:23.765 Whether or not that's the case in this 01:24:24.106 --> 01:24:24.686 situation, 01:24:24.747 --> 01:24:26.248 it's definitely something to look out for 01:24:26.288 --> 01:24:29.471 when you're running any sort of scripts 01:24:29.492 --> 01:24:31.113 that you don't fully understand. 01:24:31.154 --> 01:24:32.855 I think that is absolutely the most 01:24:32.916 --> 01:24:33.917 important takeaway here, 01:24:34.277 --> 01:24:37.060 that you cannot run any of these deep 01:24:37.100 --> 01:24:39.342 loading scripts unless you know exactly 01:24:39.363 --> 01:24:40.463 what they do and you see how they're 01:24:40.503 --> 01:24:40.863 doing it, 01:24:40.904 --> 01:24:43.226 because at which point you could probably 01:24:43.266 --> 01:24:44.108 do it yourself, by the way. 01:24:44.547 --> 01:24:48.789 But yeah, all of these scripts like this, 01:24:49.729 --> 01:24:52.591 they affect the system so substantially. 01:24:55.011 --> 01:24:58.853 And Windows is already such a not secure 01:24:58.872 --> 01:25:00.613 and not private platform in the first 01:25:00.654 --> 01:25:01.934 place that it doesn't really make a lot 01:25:01.953 --> 01:25:03.555 of sense to me to try and improve 01:25:03.614 --> 01:25:05.695 it, especially to this degree, 01:25:06.895 --> 01:25:07.716 unfortunately. 01:25:07.895 --> 01:25:09.077 There isn't really a ton... 01:25:11.243 --> 01:25:12.423 that you can do at the end of 01:25:12.444 --> 01:25:14.286 the day to improve your privacy on Windows 01:25:14.326 --> 01:25:16.287 because the operating system itself is 01:25:16.328 --> 01:25:18.890 going to be constantly fighting against 01:25:18.930 --> 01:25:19.150 you. 01:25:21.033 --> 01:25:23.255 So that's unfortunate. 01:25:24.476 --> 01:25:26.658 It's cool to see more videos from this 01:25:26.958 --> 01:25:27.640 YouTuber. 01:25:28.119 --> 01:25:29.402 I first... 01:25:31.158 --> 01:25:33.640 heard about this person who made this 01:25:33.659 --> 01:25:35.282 video calling the other YouTuber who made 01:25:35.322 --> 01:25:37.484 the script out because they made a video 01:25:37.644 --> 01:25:40.065 about Freely around the same time that I 01:25:40.105 --> 01:25:41.226 published a video about Freely. 01:25:41.287 --> 01:25:43.868 So they came up in my feed. 01:25:44.048 --> 01:25:46.912 And I think we had some overlapping 01:25:46.952 --> 01:25:47.431 complaints. 01:25:48.453 --> 01:25:49.314 I haven't watched the rest of their 01:25:49.333 --> 01:25:49.694 videos, 01:25:49.854 --> 01:25:51.796 but I think anybody who is creating 01:25:51.876 --> 01:25:53.377 content in the privacy space 01:25:54.670 --> 01:25:55.530 That's always a good thing. 01:25:56.853 --> 01:25:59.655 And so if they continue to be brought 01:25:59.716 --> 01:26:02.979 up and they continue to post more useful 01:26:03.000 --> 01:26:03.640 content like this, 01:26:05.101 --> 01:26:09.006 I think that's fantastic. 01:26:09.067 --> 01:26:10.228 Yeah, I think about that a lot. 01:26:10.347 --> 01:26:10.608 There's... 01:26:13.180 --> 01:26:14.199 I think there's still plenty of room in 01:26:14.220 --> 01:26:15.640 the privacy space for more voices, 01:26:15.680 --> 01:26:16.020 for sure. 01:26:17.320 --> 01:26:17.921 Yeah, real quick, 01:26:17.940 --> 01:26:19.542 looking through his description on his 01:26:19.561 --> 01:26:21.582 video, you're right. 01:26:21.641 --> 01:26:23.101 It doesn't look like it installs malware, 01:26:23.141 --> 01:26:24.542 but it disables crucial security 01:26:24.582 --> 01:26:26.182 components and makes your system severely 01:26:26.243 --> 01:26:27.222 vulnerable to malware. 01:26:27.283 --> 01:26:29.764 So it also makes your system much more 01:26:29.844 --> 01:26:31.104 unstable and prone to corruption and 01:26:31.123 --> 01:26:31.423 breaking. 01:26:31.524 --> 01:26:32.864 I recommend that anyone who ran this tool 01:26:32.925 --> 01:26:34.444 immediately reinstall a fresh copy of 01:26:34.465 --> 01:26:34.744 Windows. 01:26:34.784 --> 01:26:38.326 So yeah, they're dangerous things. 01:26:39.046 --> 01:26:40.226 You've got to make sure they're trusted if 01:26:40.247 --> 01:26:40.966 you're going to use them at all. 01:26:42.252 --> 01:26:44.052 I also totally hear your argument of like, 01:26:44.073 --> 01:26:47.354 it's already so like such a lost cause 01:26:47.373 --> 01:26:48.494 that it may be safer for a lot 01:26:48.515 --> 01:26:49.975 of people to just not even try and 01:26:49.994 --> 01:26:51.695 just stick to like the, 01:26:51.716 --> 01:26:53.435 the toggles and the settings and stuff. 01:26:53.456 --> 01:26:53.917 So, yeah. 01:26:53.976 --> 01:26:54.777 Yeah. 01:26:56.653 --> 01:26:56.953 Well, 01:26:57.654 --> 01:27:00.095 we've been going for about an hour and 01:27:00.136 --> 01:27:00.876 a half here. 01:27:02.337 --> 01:27:04.257 We'll probably give a last call for any 01:27:04.338 --> 01:27:06.880 questions or comments that people want to 01:27:06.920 --> 01:27:07.761 leave on the forum. 01:27:07.801 --> 01:27:08.862 I don't think we had any on our 01:27:08.902 --> 01:27:10.863 forum post today, 01:27:11.663 --> 01:27:13.145 and I'm not sure if I've seen any 01:27:13.265 --> 01:27:14.466 in the chat here. 01:27:15.686 --> 01:27:17.668 I know there's a bit of a delay 01:27:17.708 --> 01:27:19.109 on this live stream between when I'm 01:27:19.149 --> 01:27:21.432 saying this and when you'll hear it, 01:27:21.493 --> 01:27:23.134 so we'll give people a couple of minutes 01:27:23.274 --> 01:27:24.515 if you want to add anything else. 01:27:24.576 --> 01:27:25.055 Otherwise, 01:27:26.537 --> 01:27:28.500 we'll probably begin to wrap things up. 01:27:28.619 --> 01:27:31.162 So this is your final morning, 01:27:31.302 --> 01:27:34.265 anyone who's watching and wants to chime 01:27:34.286 --> 01:27:35.247 in on any of these stories. 01:27:36.872 --> 01:27:38.154 It's always my favorite part of a live 01:27:38.173 --> 01:27:39.735 stream is knowing that delays there. 01:27:39.996 --> 01:27:41.497 So you say stuff like that, like, Hey, 01:27:41.518 --> 01:27:42.479 we're going to open the floor. 01:27:42.920 --> 01:27:44.242 And now I have to fill time for 01:27:44.282 --> 01:27:45.764 a couple minutes and give people time to 01:27:45.804 --> 01:27:47.426 hear it and write their questions. 01:27:48.648 --> 01:27:51.692 Uh, it just feels so awkward, but, um, 01:27:52.579 --> 01:27:52.760 Yeah, 01:27:52.779 --> 01:27:55.323 apparently we don't have any questions in 01:27:55.363 --> 01:27:56.283 the forum here. 01:27:57.163 --> 01:27:59.947 Got one question from Hogan in the chat 01:27:59.987 --> 01:28:00.146 here. 01:28:00.346 --> 01:28:01.768 There's been a couple of supply chain 01:28:01.787 --> 01:28:02.569 attacks recently. 01:28:02.668 --> 01:28:04.211 The current best practice is to always 01:28:04.270 --> 01:28:04.890 update your apps, 01:28:04.930 --> 01:28:07.353 but this opens you up to those attacks. 01:28:07.394 --> 01:28:08.975 Does it still make sense to keep apps 01:28:09.055 --> 01:28:11.037 updated as recent as possible? 01:28:12.152 --> 01:28:14.332 Definitely depends on the app. 01:28:14.474 --> 01:28:17.916 I know you have definitely seen this more 01:28:17.956 --> 01:28:20.476 prominently in apps that are built with 01:28:20.617 --> 01:28:23.158 NPM, probably a lot of web-based apps. 01:28:23.698 --> 01:28:24.578 But in general, 01:28:24.679 --> 01:28:28.081 I do think it's probably the safer option 01:28:28.121 --> 01:28:33.864 to keep your apps up to date versus 01:28:34.225 --> 01:28:35.926 not updating them because 01:28:38.122 --> 01:28:40.144 Typically, 01:28:40.243 --> 01:28:42.604 all of these updates are going to... Well, 01:28:42.623 --> 01:28:43.283 not all of them, 01:28:43.484 --> 01:28:44.685 because some of them just add features. 01:28:44.725 --> 01:28:46.265 But most updates that you see are going 01:28:46.284 --> 01:28:48.305 to be patching known vulnerabilities or 01:28:48.345 --> 01:28:50.707 vulnerabilities that you already see in 01:28:50.747 --> 01:28:51.287 the wild. 01:28:52.006 --> 01:28:54.167 And so the potential of a new update 01:28:54.188 --> 01:28:55.967 having a zero-day vulnerability that 01:28:55.988 --> 01:28:58.149 hasn't been discovered yet is probably a 01:28:58.208 --> 01:29:02.270 lot lower than the potential of using code 01:29:02.310 --> 01:29:02.470 that 01:29:03.587 --> 01:29:05.927 almost certainly has known vulnerabilities 01:29:05.948 --> 01:29:07.769 that can be exploited. 01:29:08.488 --> 01:29:09.590 So yeah, 01:29:09.710 --> 01:29:12.730 I would definitely recommend keeping apps 01:29:12.770 --> 01:29:13.212 up to date. 01:29:13.532 --> 01:29:15.012 And especially the lower level you go, 01:29:15.052 --> 01:29:16.193 the more important it is. 01:29:16.212 --> 01:29:17.654 Keeping your operating system up to date 01:29:17.713 --> 01:29:18.453 is super important. 01:29:18.993 --> 01:29:21.296 As we saw, I don't know if... 01:29:22.756 --> 01:29:24.117 when we talked about this on the show, 01:29:24.176 --> 01:29:28.220 but recently iOS had a bunch of updates 01:29:28.279 --> 01:29:32.162 for zero-day vulnerabilities in Safari and 01:29:32.242 --> 01:29:33.882 some other security vulnerabilities which 01:29:33.943 --> 01:29:37.685 were not patched at all in the previous 01:29:37.706 --> 01:29:38.706 version of iOS. 01:29:39.447 --> 01:29:41.328 You had to be on iOS to receive 01:29:41.368 --> 01:29:42.548 some of these security updates. 01:29:43.509 --> 01:29:46.170 And so it's examples like that where even 01:29:46.711 --> 01:29:47.831 a company like Apple, 01:29:47.871 --> 01:29:52.012 which is relatively well known to provide 01:29:52.052 --> 01:29:53.993 security patches to older versions of 01:29:54.014 --> 01:29:54.953 their operating system, 01:29:55.094 --> 01:29:59.775 they almost are never doing that super 01:29:59.815 --> 01:30:00.476 consistently. 01:30:00.596 --> 01:30:01.636 And in that case, they weren't. 01:30:02.056 --> 01:30:03.158 And so it's always, I think, 01:30:03.177 --> 01:30:05.019 a danger to not be fully up to 01:30:05.038 --> 01:30:05.238 date. 01:30:06.722 --> 01:30:08.704 It's interesting, kind of related to this, 01:30:08.784 --> 01:30:11.466 I just installed an app on my phone 01:30:11.506 --> 01:30:13.228 and during the setup process it said you 01:30:13.247 --> 01:30:15.509 should disable automatic OS updates 01:30:15.569 --> 01:30:17.609 because they don't validate how it works. 01:30:17.630 --> 01:30:20.292 And I was like, that's terrible advice. 01:30:21.332 --> 01:30:23.493 That was a medical device related app. 01:30:23.573 --> 01:30:27.497 So I think they were saying that because 01:30:27.516 --> 01:30:30.738 they have to validate how OS updates work, 01:30:30.779 --> 01:30:32.340 but it's like that kind of puts all 01:30:32.359 --> 01:30:34.161 of the users of this device in danger. 01:30:34.841 --> 01:30:35.301 So that's... 01:30:36.953 --> 01:30:38.953 yeah sometimes you will definitely see 01:30:39.014 --> 01:30:41.255 software and advice that are at odds with 01:30:41.314 --> 01:30:46.735 security advice but generally um yeah keep 01:30:46.756 --> 01:30:50.435 your stuff up to date yeah i agree 01:30:50.536 --> 01:30:54.716 i think um i hope that i would 01:30:54.737 --> 01:30:57.216 be interested to see an actual study on 01:30:57.797 --> 01:31:00.018 how many like supply chain attacks versus 01:31:00.057 --> 01:31:02.957 how many um like known vulnerability or 01:31:02.978 --> 01:31:05.219 zero days are being patched um i'd be 01:31:05.238 --> 01:31:06.158 willing to bet that 01:31:07.266 --> 01:31:10.630 the supply chain attacks are more rare 01:31:10.671 --> 01:31:11.671 just by raw numbers. 01:31:11.771 --> 01:31:12.412 And, you know, something, 01:31:13.913 --> 01:31:15.916 something I struggle with a lot in all 01:31:15.996 --> 01:31:18.318 areas of life is I forget what the 01:31:18.337 --> 01:31:19.560 name of it is, but, um, 01:31:20.747 --> 01:31:22.448 It's a logical fallacy because news is 01:31:22.488 --> 01:31:24.951 news because it's out of the ordinary, 01:31:25.011 --> 01:31:25.591 right? 01:31:26.431 --> 01:31:27.993 Even the example I like to use is 01:31:28.012 --> 01:31:28.734 traffic accidents. 01:31:28.953 --> 01:31:31.376 Nobody ever goes on... Tonight at five, 01:31:31.756 --> 01:31:33.578 man gets home from office safely without 01:31:33.637 --> 01:31:34.018 incident. 01:31:34.757 --> 01:31:35.599 Nobody talks about that. 01:31:35.939 --> 01:31:37.180 And even traffic, 01:31:37.439 --> 01:31:38.981 accidents are so common that we don't even 01:31:39.021 --> 01:31:40.382 really talk about the accidents that much. 01:31:40.403 --> 01:31:41.663 It's usually just like, hey, 01:31:41.684 --> 01:31:43.364 traffic's bad because there's an accident. 01:31:43.465 --> 01:31:44.305 It's more about the traffic. 01:31:44.365 --> 01:31:44.506 But 01:31:45.667 --> 01:31:48.350 News is news because it's unusual. 01:31:48.390 --> 01:31:50.993 So when we see all these supply chain 01:31:51.012 --> 01:31:53.275 attacks, it's because, I'm guessing, 01:31:53.336 --> 01:31:56.819 they're still the exception instead of the 01:31:56.859 --> 01:31:57.180 norm. 01:31:57.261 --> 01:31:59.583 But that said, I hope... 01:32:01.177 --> 01:32:02.099 kind of a dark way to look at 01:32:02.139 --> 01:32:02.519 it, but I, 01:32:02.658 --> 01:32:04.979 I hope we're seeing enough of them that, 01:32:05.301 --> 01:32:05.640 um, 01:32:05.680 --> 01:32:06.981 companies are starting to wake up and 01:32:07.021 --> 01:32:08.722 realize the importance of securing their 01:32:08.743 --> 01:32:10.243 supply chain, whatever that may look like. 01:32:11.064 --> 01:32:11.484 Um, 01:32:11.623 --> 01:32:13.045 and hopefully we will start to see those 01:32:13.085 --> 01:32:15.606 go down because if they do become too 01:32:15.627 --> 01:32:15.987 common, 01:32:16.087 --> 01:32:17.387 it becomes a problem for the companies 01:32:17.408 --> 01:32:17.627 too. 01:32:17.648 --> 01:32:18.087 Cause think about it. 01:32:18.108 --> 01:32:18.448 That's money. 01:32:18.469 --> 01:32:21.109 They have to spend a, um, regain control, 01:32:21.170 --> 01:32:22.070 kick out the person, 01:32:22.150 --> 01:32:24.051 try to push out the good code to 01:32:24.091 --> 01:32:25.113 fix the bad code. 01:32:25.752 --> 01:32:27.333 Um, the reputational damage, 01:32:27.373 --> 01:32:28.335 like all of that stuff. 01:32:28.375 --> 01:32:28.555 So, 01:32:29.588 --> 01:32:30.408 It affects them too. 01:32:30.550 --> 01:32:31.510 I don't know if we're at that point 01:32:31.529 --> 01:32:33.270 yet, but... Absolutely. 01:32:33.411 --> 01:32:33.631 I mean, 01:32:33.671 --> 01:32:36.252 to take it to the most extreme example, 01:32:36.332 --> 01:32:36.572 right? 01:32:36.931 --> 01:32:37.192 Like, 01:32:37.893 --> 01:32:40.974 you never would ever see a news article 01:32:41.014 --> 01:32:43.895 today about a new vulnerability in Windows 01:32:44.055 --> 01:32:45.275 XP or something like that. 01:32:45.315 --> 01:32:46.756 But everyone knows you can't be using 01:32:46.796 --> 01:32:51.337 Windows XP on the open internet because 01:32:51.377 --> 01:32:54.139 it's just so insanely vulnerable to all of 01:32:54.158 --> 01:32:54.699 these attacks. 01:32:54.779 --> 01:32:55.500 But, like... 01:32:57.612 --> 01:32:59.073 We already know you shouldn't be using it. 01:32:59.113 --> 01:33:00.474 So if a new attack is discovered, 01:33:00.515 --> 01:33:01.916 that's not going to make the news. 01:33:01.956 --> 01:33:03.296 And that's going to be the case for, 01:33:03.337 --> 01:33:03.556 I think, 01:33:03.596 --> 01:33:05.658 a lot of apps that you don't keep 01:33:05.698 --> 01:33:07.921 up to date, which is why, in general, 01:33:07.961 --> 01:33:09.881 I would still say the updates are super 01:33:09.902 --> 01:33:10.443 important. 01:33:15.306 --> 01:33:16.847 Yep. 01:33:16.948 --> 01:33:18.809 All right. 01:33:18.868 --> 01:33:20.551 I guess that's all we got this week. 01:33:27.070 --> 01:33:27.832 Okay. 01:33:28.393 --> 01:33:28.573 All right. 01:33:30.115 --> 01:33:32.679 Well, I think, yeah, we can, I'll just, 01:33:33.140 --> 01:33:35.462 I'm going to give the form thread one 01:33:35.483 --> 01:33:36.545 more check unless you just did, 01:33:37.024 --> 01:33:38.027 but it looks like there's nothing else. 01:33:38.046 --> 01:33:38.146 Yeah, 01:33:38.167 --> 01:33:39.509 I've got it open on another window here. 01:33:39.828 --> 01:33:40.050 Cool. 01:33:40.551 --> 01:33:43.972 Okay, well, thanks everyone for tuning in. 01:33:44.993 --> 01:33:45.634 Like usual, 01:33:45.734 --> 01:33:47.114 all of the updates from This Week in 01:33:47.135 --> 01:33:47.715 Privacy, 01:33:48.034 --> 01:33:50.136 we share them on the blog and in 01:33:50.176 --> 01:33:51.657 our email newsletter every week, 01:33:51.716 --> 01:33:53.497 so you can sign up for that newsletter 01:33:53.938 --> 01:33:55.877 or subscribe with your favorite RSS reader 01:33:55.957 --> 01:33:56.738 if you want to stay 01:33:57.298 --> 01:33:58.939 tuned about new episodes, 01:33:59.020 --> 01:34:01.703 and also all of the sources for this 01:34:01.762 --> 01:34:02.243 episode. 01:34:02.262 --> 01:34:03.283 That's where we post them all, 01:34:03.304 --> 01:34:04.345 so if you want links to all the 01:34:04.385 --> 01:34:06.706 articles we talked about, check that out. 01:34:07.127 --> 01:34:08.568 For people who prefer audio, 01:34:09.127 --> 01:34:11.890 we have a podcast available on all podcast 01:34:11.911 --> 01:34:12.770 platforms in RSS, 01:34:12.791 --> 01:34:14.552 so you can use your own podcast reader. 01:34:15.913 --> 01:34:18.376 The recording for this video is also going 01:34:18.416 --> 01:34:20.817 to be synced to PeerTube like usual, 01:34:20.858 --> 01:34:22.458 so you can watch it outside of YouTube. 01:34:24.011 --> 01:34:25.112 Here at Privacy Guides, 01:34:25.631 --> 01:34:28.713 we are an impartial nonprofit organization 01:34:28.913 --> 01:34:30.434 that is focused on building a strong 01:34:30.573 --> 01:34:33.496 privacy advocacy community and delivering 01:34:33.515 --> 01:34:35.296 the best digital privacy and consumer 01:34:35.337 --> 01:34:37.198 technology rights advice on the internet. 01:34:37.713 --> 01:34:39.073 If you want to support our mission, 01:34:39.354 --> 01:34:40.935 you can make a donation on our website 01:34:41.114 --> 01:34:43.314 at privacyguides.org. 01:34:43.335 --> 01:34:44.176 To make a donation, 01:34:44.515 --> 01:34:46.615 you can click the red heart icon located 01:34:46.676 --> 01:34:48.636 in the top right corner of our website, 01:34:49.277 --> 01:34:51.997 or go to privacyguides.org slash donate. 01:34:52.457 --> 01:34:54.578 You can contribute using standard fiat 01:34:54.618 --> 01:34:56.399 currency via debit or credit card, 01:34:56.578 --> 01:34:59.238 or opt to donate anonymously using Monero 01:34:59.420 --> 01:35:00.859 or with your favorite cryptocurrency. 01:35:01.359 --> 01:35:03.041 Becoming a paid member of Privacy Guides 01:35:03.081 --> 01:35:05.322 will unlock exclusive perks like early 01:35:05.421 --> 01:35:07.222 access to video content, 01:35:07.542 --> 01:35:10.944 early access to the show notes for this 01:35:10.963 --> 01:35:11.364 show, 01:35:11.925 --> 01:35:13.905 and priority during the This Week in 01:35:13.926 --> 01:35:15.827 Privacy livestream Q&A. 01:35:16.087 --> 01:35:17.908 You'll also get a cool badge on your 01:35:17.948 --> 01:35:20.689 profile on the forum and the warm, 01:35:20.708 --> 01:35:23.050 fuzzy feeling of supporting independent 01:35:23.069 --> 01:35:23.369 media. 01:35:24.390 --> 01:35:25.890 Thank you all again for watching, 01:35:26.190 --> 01:35:27.192 and we will see you next week.