CalyxOS Is (Almost) Back But Is It Any Better?

the calyx os comeback the canvas chaos and google chrome's sneaky ai downloads all of this and more is coming up on episode 52 of this week in privacy so stay tuned Welcome back to This Week in Privacy, our weekly series where we discuss the latest updates with what we're working on within the Privacy Guys community and this week's top stories in data privacy and cybersecurity. I'm Nate, and with me this week, after several weeks of absence, is Jonah. How are you doing, Jonah? You know, I am doing great this week, and I'm always doing great to be back on the show here. It's always fun. How have you been doing, Nate? Pretty good. Pretty good. As you know, lots going on behind the scenes here. Lots of videos coming up. We'll talk about that later. But, yeah, I've just been keeping really busy working on everything we've got coming up. Absolutely. Well, let's get into it then. All righty. Yeah. So let me swap the tiles here. Oops. Our first story this week is about Calyx OS. So full disclosure, we do not recommend Calyx OS here at Privacy Guides as one of our recommended Android distros. But it is still popular nonetheless. They do have a heavy emphasis on open source, I would argue. And that's kind of their whole thing is a lot of the stock apps they swap for open source apps. And we'll talk about that a little later. But for those who may not be aware, Kalyx OS actually went on hiatus in August of last year, which is crazy to think about that it's been that long. But they went on hiatus. They assured everybody. They were like, hey, there's no signs of compromise or anything. But they had two major staff members leave. They had Nick Merrill, the founder, and I don't know how to pronounce his name, Chirio Desai, if I remember correctly. but he was like their their lead developer and both of them parted ways from the outside it seems very amicable there there was no accusations as far as I'm aware of from any of the team members towards anyone else but either way Kallix decided they're like hey we're going to use this opportunity to completely revamp our entire infrastructure we're going to rotate signing keys I believe they went and bought a hardware security module they really ramped up a lot of the behind-the-scenes infrastructure. But that is unfortunately kind of the end of the facts. And I'm going to go ahead and say I have a little bit of a soft spot for Calix. I just want to admit where my bias is, because they were kind of my first distro when I was getting into flashing custom Android ROMs. And I tried them out first, and I liked it. You know, Graphene obviously is way more private and secure, but it was pretty cool. It was very empowering to flash an Android for the first time. And, um, but, uh, yeah, so that they, uh, they originally said it'd be about four to six months, which if I did my math right, should be somewhere between December and February. And, uh, here we are in, uh, the beginning of May, early May, early mid May. And they said that, uh, this is their latest progress report. I believe it's number four. And they finally have a test build with Android 16. Um, Hey Nate, uh, you're coming across a little robotically to me. So I just wanted to ask people in the chat if that's happening to anyone else on the stream or not really quick. So leave a comment how the quality is. I might know what's causing that, but I'd have to step over to the other computer for just a second. Let me see here. Nope, that's not it. Well, yeah, let us know. It's just on my end. Yeah. Okay. We'll wait and see. Okay. So, yeah. So, Calyx said that they would go ahead and – it should have been ready sometime, like no later than February, but here we are. In this new note, they basically say the Android 16 build is ready. So, the version of Calyx that's based on Android 16, they say, is ready for community testing. So, it's not in public yet. This is in beta. And, you know, I mean, there's some interesting stuff here. Like, they say that it's based on Android 16 QPR 2, which I think is the most recent one, but don't quote me on that. It does support pixels 4 through 9, so it does not – I don't think the 10's out yet. I'm sorry, I don't keep up with a lot of hardware very well. It supports the Fairphone 4 and 5, and it supports a handful of Motorola's. That is one reason that Calix has historically been a little bit more popular is just because they do support more devices than Graphene, and they do still support locking the bootloader. So most apps should work okay. Not as good as Graphene because with Graphene you've got the Google Play services and stuff, but definitely, yeah, it supports more devices. And, yes, Jordan informs me that the Pixel 10 is out. So it doesn't quite support the Pixel 10 yet, but all their current devices. The Pixel F supports the Pixel 10 currently, but this is their device list from before they shut down, if I remember correctly. Because I think they supported the 9, didn't they? I believe so, and I think that's, I'm going to guess that's probably what their direction was. It's like, let's start with our current stable of devices that we already support, and then from there we'll expand. That's usually kind of how they do things. So, yeah, they do go on to say here that they've also updated some of their bundled apps. So they moved to F-Droid Basic instead of regular F-Droid. They still have Aurora Store. They moved up to Breezy Weather. They used to be on Geometric Weather, but that one was deprecated quite some time ago, actually. They still include Signal. They still include the Tor browser. The Tor VPN is, I believe, a new project from Tor that's designed to replace Orbot. So they're going to be including that. CoMaps will be replacing Organic Maps. And other than that, I think most of these are things that they've already supported before. So, and then they say there's some features that have gone away, things like the panic button for now. They say it requires a lot of updates to make it work. They say they're shipping Chromium with less features, which you can read about below. So, it's, yeah, it's definitely a very early beta, I mean, really. I know our staff member, Jordan, did attempt to test it out, but couldn't, I believe, couldn't get the flashing process to work. they kept running into an error, but I have seen some people just generally around the internet who have said that it has worked pretty well for them. But yeah, so I mean, that's kind of it as far as the facts of the story. This is a, I think this is kind of a bigger story that we wanted to cover, even though again, we don't really, we don't formally endorse Talex OS as like a recommended distro, but it is very, very popular in the community, and this has been an ongoing saga, and I think this is like the first big milestone in terms of like, oh, they've actually got something to show for now. You know what I mean? So, yeah, really interesting stuff. Do you have any thoughts you want to start with, Jonah? Because if not, I got some questions I can throw your way. All right. Yeah, a couple of things. It was interesting, I guess not really about the OS, but some of the apps that they included. um calyx oet or calyx vpn rather uh being excluded from the list is interesting because i think i mean that's been one of the big services that the calyx institute has been providing for for some time i didn't even notice that um and they include rise up vpn which is kind of like i mean they probably don't consider them like competitors because it's all non-profit and they're all just doing it for fun but i mean they're they operate in the same they They're pretty much operating the same service so that they would include that one and not the other. It's interesting. I don't know why the Calix VPN infrastructure and capacity is not where it was before or if they were having issues for some time. If anyone used Calix VPN, you could let us know what the experience is, but I just thought that was an interesting thing to highlight. I also can't remember if we talked about Tor VPN in a previous episode or somewhere. I was just talking to somebody. Not since I've been here. Maybe not then. I don't know where I was talking about it. But Tor VPN is an interesting one, too, because it uses the new Tor implementation. So instead of the one that was written in C, the original Tor backend service, now it's written in Rust. It's called RT. And that was the main reason that it's replacing Orbot. So it's not just a rebrand. There's some modernization going on. So if you're an Orbot user or a Tor VPN user, I think that that is going to make, I mean, that's going to be a lot nicer for sure. And hopefully more reliable and hopefully more secure. So I guess that's not really about Kalyxos either, but a couple of cool things about the apps that they're installing. What are you thinking about this release? No, that's cool about the VPN, because I didn't, I've, I'm subscribed to the Tor blog's RSS, so every once in a while I get notifications about Artie's development, but I don't really know much about it other than, like, it's a rebuild in Rust. So when you said, like, oh, this is basically a front end for Artie, I was like, oh, cool, so that's where they're going with this. Yeah, it's finally making it into Tor software. I don't know when it'll be in Tor browser or anything like that, but at least we're slowly seeing progress for sure. Nice. Yeah, I mean, overall, like I said, I admit that I have a soft spot for Kallix, so I'm really disappointed that this has been well past schedule, and I'm really disappointed by a lack of communication especially. You know, I mean, they've been relatively open in the sense that they have been publishing blog posts every other month, maybe. They've, you know, they went out of their way when they made the initial post and people started speculating, like, oh, is there some kind of compromise? They were like, no, no, no, there's no compromise. But really, that's been it. There hasn't been any explanation for, like, why are they so much further behind schedule than they expected? And like, I, um, I've had in, in the past, um, I've worked at other jobs where we have clients that I have to interface with. Right. And I remember one of my, uh, one of my bosses got really mad at me one time because I told the client, I'm like, Hey, we have to contact support from this company. And, uh, you know, it's kind of like slowing things down. And my boss was like, no, no, no, never tell them how the sausage is made. And I really disagreed with him on that because I'm like, if I was the client and you just keep telling me we're working on it, we're working on it, we're working on it, we're working on it, that's going to shake my faith in you. That's going to make me think like, dude, why is this taking so long? But when you tell me like, here's exactly what we're doing, like we had to get in touch with support, support has to research this, they're shipping us a new firmware, like blah, blah, blah, blah, blah, whatever the case, that's when I know like, oh, you're working on it. And also, this is a really complex problem that like, this is why I'm paying you is to handle these problems. So I say that to talk about this is like, I'm really disappointed that Calix has decided to take the first approach where they're just like, oh, we'll just, we'll just issue you little updates here and there, but we're not going to address the elephant in the room of why is this taking so long and why are we behind schedule? So that, um, that really does disappoint me personally. But, um, I, I was curious if you could, um, cause I know there's some technical reasons if you could just kind of fill in, uh, Jonah, if you wouldn't mind filling in, uh, uh, users on why we don't really recommend Calyx because I know it gets and it gets passed around or not passed around it gets um touted and advertised a lot in the privacy community as like an alternative to graphene and again despite my bias I I don't think that's really an accurate representation um so like what what makes a I don't necessarily want to like turn this into like talking crap about him but you know like why don't we recommend like why isn't that a really fair comparison in your opinion yeah for sure um before i get into that was do you know if micro g was on that list are they still using that i know they were using it before um but i just didn't see it in this post unless you yeah it's not in this list but i have to assume it's going to be there because otherwise i don't know okay how it's going to work maybe if jordan's listening and was able to test it out um they can let me know in the chat but um yeah there's there's a couple different reasons i mean i think the main thing comes down to the the changes that calyx os is making uh mainly come down to getting google software out of the main operating system so they replace google play services with micro g for example and they replace all of the standard apps um with these open source alternatives like they don't have the play store they bundle effort basic by default um but beyond that they don't do a lot of modifications. They've never been like super technical with like how the operating system works or additional features that can protect your security or privacy. Whereas on Graphene OS, for example, we see additional hardening features, additional like permissions that you can restrict apps with, additional sandboxing with Google Play and all of that stuff you don't really see with CalX OS. I think another big criticism with, I would say, MicroG in general is that well, it replaces all of the client software on your device and in theory makes it more compatible with the open source ethos. All of these MicroG services are generally still connecting to Google services at the end of the day. Graphene OS certainly would also have this problem in a lot of cases, especially if you use Sandbox Google Play. But if you don't do that, GrapheneOS by default removes, I believe, all connections to Google services, and they are really good about proxying any services that are required with Google-like connectivity checks, for example. They proxy through GrapheneOS servers by default, so you're not hitting Google servers directly, and you can typically turn all of that stuff off completely if you choose to. so those are some of the benefits in Graphene OS that we just don't see added in Calyx OS. Calyx OS is more of a stock Android experience with some bundled apps that are nicer than the alternatives but it's not really changing the Android paradigm in any way and I don't know in previous episodes and on other shows I've talked a lot about how Android is just not my favorite operating system in general because it's very tied to everything that Google is doing. I think Chromium kind of has the same issue, but Android especially and Graphene OS just goes a lot further in making that less of the case. I think it's unfortunate that even on Graphene OS, most people have to rely on Sandbox Google Play to get a decent experience on Android. But what can you do? at least with the sandbox Google Play and Graphene OS, you can install all of those as user-installed apps, basically, whereas even on Calyx OS, if you use MicroG, all of the MicroG apps have to be installed as system apps, which is a greater security risk than apps that have normal user-installed permissions. I think the other main thing that we would see with Graphene OS is just a much stronger commitment to updates, security updates, but also just updates in general. We saw, as you noted, the Pixel 10 is not even supported with Calyx OS yet. I don't know too much else about the current version of Android that this is using. I know all of this Calyx OS is still in beta. They're just getting up and running. But historically, they have been a bit behind normal Android releases and a bit behind Graphene OS, whereas Graphene OS very often releases updates very, very close, if not at the same time as major Android updates. And even now, Graphene OS has a partnership with an OEM that has access to these security updates that aren't publicly released yet, so they can issue those security releases before they're open source. Of course, if you don't want proprietary code on your device, you can disable those and wait for them to be publicly released, but that is a security option that I don't think CalixOS would even be able to offer as far as I know because Google restricts some of those security updates to certain approved parties, which is a shame. So, yeah, kind of a lot, but that's typically all of the reasons CalixOS didn't really make sense to me, probably still doesn't, but I guess we'll see how this is going because it seems like they'll be taking a... well at least a different approach than they've heard before yeah I agree with all of that I agree that it's um like they I think they do a couple small things to try and make it a little more privacy respecting like I think the advertising id is removed by default or something but I mean it's really nothing like compared to graphene it's definitely not even in the same ballpark and I think um I think really the only selling point in my opinion is that it's, it would be, I would argue it's an easier setup, because then with Graphene, you need to, like, go in and you need to install the play services, and, I mean, if you want to use those, which, like you said, it's, it's, some people could definitely get away without those, but for most, the average person, you're going to need those for, like, notifications and stuff, so with Graphene, you additionally have to go in and install that kind of stuff and get everything set up, but, yeah, at the end of the day, it's... That is another downside of Graphene, you know, you are stuck with the official play services clients. If you are the kind of person who prefers the micro-G approach, at least you have that option with Calyx. Whereas, despite them being sandboxed on Graphene OS, which is great, especially because you can restrict them to certain profiles, you're still running that proprietary Google code directly on your device, and some people just aren't going to like that. So that is something to consider for sure. Yeah, I agree. I think I had one other yeah so in your opinion on that note do you think there's any like redeeming qualities about this update? like me personally I'm glad to see them finally move to breezy weather because again Geometric has been abandoned for god I think years at this point like a good couple years so it's nice to see them finally move I like to see them get rid of scrambled eggs if like that is also abandoned where I think or at very least like not updated very often I wish they would just roll that into the camera app like Graphene does. But, yeah, I don't know. Do you think there's any redeeming qualities about this or anything that you think is a step forward, maybe? You know, to be honest, I'm not the biggest expert on Android apps, so it's kind of hard to say. Some of these apps certainly make sense to pre-install. Like, I'm glad they're pre-installing Signal, for example. Some of them, like the ones that you mentioned, don't make a lot of sense. I can't remember I saw DAVX5 I think that's the newer I think I'm thinking of a different app that was discontinued that's probably the newer one so never mind but yeah certainly having privacy respecting defaults is good like comaps or organic maps they had before it looks like they're switching to comaps now I mean it's greater visibility and I would say that this list of apps is probably useful to people. I mean, even if you end up using Graphene OS, this would be a good list of apps to maybe look at. And maybe you want to use some of these. You can install FDroid on Graphene OS too, certainly. And we have a lot of Android app recommendations on our site as well. But yeah, any visibility to all of these third-party apps that are providing good services is a good thing, I would say. Yeah, a user here says, nice to have you, Jonah. They said breezy weather is goaded, and that's an example. I agree. Like, I use breezy weather, and it's pretty rad. I like it a lot. Before we move on to the next story, assuming there's nothing to add to that, Sawd this all here said, you love the PG polos. So I just wanted to, I would be remiss if I didn't take a moment to point out that we do have a merch store, shop.privacyguides.org. We have this awesome, I know you probably can't read it from there, but this coffee cup, because I'm insane and I'm drinking coffee at 5 p.m., has Article 12 of the UN's Declaration of Human Rights, which is about privacy. I actually have some stickers here because I was going to ask Jonah a question about those later. Poster in the back, all kinds of cool stuff. Yeah, and certainly not all of our merch is like these polos with privacy guides loading. A lot of that is for the team members who want stuff for this video, but we also have a lot of merch, like with that poster design in the background of Nate's video right there, and a lot of other cool stuff. So if you are interested in those privacy designs, I would check it out, and we hope to add more stuff there soon. um another thing before we start talking about this canvas story i wanted to uh answer tg 1997's question really quickly here um we always have around 5 to 20 viewers uh a couple of reasons we're um very generously supported by many of our members we also get a lot of views on this show after the fact on especially various podcast apps. We get a lot of downloads there, but it's mainly the support of our members and people who want extra perks across our site and our form, which certainly has an active membership. The other reason for this discrepancy in views is that we stream on a lot of different platforms. So, like right now on StreamYard, I can see 149 people are watching and on youtube that's quite a bit less um so yeah as somebody else just pointed we we live stream on youtube we live stream on x we also live stream on twitter and we live stream on streamyard.com which is the which is the streaming service that we are like using to stream in the first place so it's kind of a native approach we share uh the streamyard stuff um on our form so So a lot of different options for people to choose from, not just YouTube. But yeah, we would love to get more viewership. So definitely subscribe if you like these shows and share the show with a friend or two if you think it's interesting. Because we would love for more people to hear about all of this stuff, of course. That's why we're doing it. Not to dig into it too much, but nice to have Jonah. says why, like, you only see six people. Because we're in the studio, we can see the full list of, like, it says here that we've got over 120 people on Twitter. What's that? It just combines them all into one number. Yeah. That's what I was looking at. But if we hover over it, it gives us a breakdown. So, yeah, there's six people on StreamYard right now, 22 on YouTube. We got one on Twitch. I didn't even know Blue Sky did live streaming. We can look into that, but it's really about what StreamYard supports. Yeah, Blue Sky doesn't do live streaming. if you want to share got it whoever said Blue Sky what you're referring to I know you can post a link to the live stream manually on Blue Sky and it will show up like around your profile picture we have to do that basically every time we stream manually and we can't even link to YouTube streams I think or StreamYard we have to link to like Twitch or something so it's just annoying to do on Blue Sky but maybe we'll use that feature in the future. I don't know what Blue Sky features really have for live streams. Yeah, we could look into it. Oh, here we go. Somebody said the new Calyx OS builds run great on the Pixel 6, 6a, and 6 Pro. So there we go. We have some boots on the ground from somebody who's tried it. Awesome. Good to know. All right. That's all I have to add on that. Take a look at our next story here. This was reported by Bleeping Computer. Headline is Canvas Login Portals Hacked in Mass Shiny Hunters Extortion Campaign. The Shiny Hunters Extortion Gang has breached education technology giant in structure again, this time exploiting a vulnerability to deface Canvas login portals for hundreds of colleges and universities. The defacements, which were visible for roughly 30 minutes before being taken offline, displayed a message from shiny hunters claiming responsibility for the earlier Instructure breach and threatening to leak stolen data if a ransom is not paid. The message warns that Instructure and schools have until May 12th to contact them to negotiate a ransom or students' data will be leaked. Moving down in this story here. I'm not seeing it in here, but I read in a different article that this vulnerability was related to a service that Instructure has with Canvas that allows teachers from any school to sign up and create courses, even if your school doesn't have a partnership with them. So I know that they've disabled that feature, basically. but what the vulnerability is exactly or I think what data has been leaked as far as I know is not necessarily clear yet but the hackers in question have claimed to have stolen 280 million student and staff records tied to 8809 schools universities and education platforms using the Canvas learning management system, according to this article. So it is quite a cyber attack, and it seems to be very widespread. I know, I think it's in this article too somewhere, but I just know Canvas is one of the, if not the largest learning management systems used by schools. So this is pretty extensive for sure. And I think what we're going to see out of this is, I mean, especially if this data is leaked, but also, I mean, even if it's not leaked, these people could just keep the data anyways or it could be leaked in the future, or they could just leak it anyways. I think there's really no way to guarantee for sure whether this data is going to make it out there or not, regardless of whether that ransom is paid. So I think this, I mean, this will certainly be a big problem for students, also staff, And maybe not even immediately, all of this data could be used in the future for various attacks. I can imagine phishing attacks and other sorts of attacks against all of these students and teachers to be very, I think they'll be very prevalent if all of this data gets out. So, yeah, that's pretty much the story. It's not great. And as Jordan W. has shaking my head with the centralization of everything on a single platform for learning, yeah, I mean, this is definitely the big problem with decentralization. It's certainly a double-edged sword, and it's the kind of thing that we see in the school systems with this, with a lot of different tech services. I know all of them have switched to like Google Workspace, for example, and none of these centralized services are immune. I know before the days of decentralized services, schools would typically use various platforms or open source platforms like Moodle. And there are downsides to that as well, because then you're relying on the school or the district's IT team to secure all of that, which can have varying levels of quality and knowledge depending on what kind of people they can hire. So that's certainly a problem as well, but certainly all of the centralization of data into a single database is also a huge concern. So yeah, you kind of lose either way you go, really. But obviously, this sort of attack has a much larger impact because this is going to affect schools all around the U.S. and maybe around the world. I don't know where Canvas is used. I know it's huge in the U.S. here, but I would imagine they sell to other countries as well. Yeah, I agree. And yeah, like you said, this is a big story, which is kind of why we're talking about it. So there's a lot of coverage out there. So there may be additional details in other articles. We tried our best to pick. Bleeping Computer is usually a pretty good source. And some of their articles are actually, like, really super technical. So I like going to them. They're one of the more reliable sources, in my opinion. Yeah, Jordan said it was massive in Australia, too. Yeah, I would imagine. It's in a lot of different countries. I mean, that's a huge company. Yeah, this article didn't really specify where they're – Which is unusual because usually they do say, like, oh, it's popular in, like, the U.S. and parts of Europe or something. Yeah. Yeah, I mean, and, I mean, this is the question, right? It's, like, nice to have Jonah said, what do you think should happen? Make it illegal to pay ransoms? Find companies for bad security? I mean, I think I fully admit that I'm not an expert on this kind of stuff in terms of, like, what should we do. But I do think that's a good start is, like, I think we need mandatory disclosure laws. because I remember there was a few years ago they raided, God, which ransomware gang was it? It was one of the big ones. Interpol shut them down and raided their servers, and we learned so much. Like, they had hit so many more companies than we knew about because most of them just paid the ransom and, like, made it go away. Made it go away. We learned that they, like you were saying, they never delete the data. Like, that was something we learned is when we pulled their servers. It's like, oh, look, here's everybody, including the people who paid the ransoms. They never deleted the data like they promised they would. They just hold on to it. So I don't think and, you know, when you when they do pay the ransom, that just encourages them to keep doing it. Right. If we make it not economical, they're going to stop doing it at some point. Eventually, they'll stop doing it. So it's really I think that's a good start. And yeah, I do. I mean, personal opinion, I think the problem with bad security is that it's really hard to define in a legal sense. Like, I think there's certain things that, like, 2FA, right? I mean, it's 2026, dude. No offense to any newbies watching this. I'm not trying to make you feel bad. But it's 2026. If you're not using 2FA, you need to reconsider. I'll just say it that way. You know, and I mean, ideally, yes, it would be nice if they had good passwords. But that's kind of an ongoing debate right now is, like, what defines a good password. There's a lot of nuance to that. But it's, I mean, that's, like, little things, like, if you have something that was patched, or, like, if you have a vulnerability from six months ago that the patch was already released, and you still haven't updated it, and it's a critical vulnerability, I think we can all agree that's negligent. Like, when you get closer to, like, a week lead time, like, I don't know, it's just, my point being, like, there's some nuance there, but I think there is a certain baseline we can establish. It's like, yeah, you guys were just basically being negligent at this point. And unfortunately, it's a I've said this before. It's like a lot of these a lot of these smaller are not smaller. A lot of departments don't get the funding they deserve because the bean counters just look at them and all they see is red. So like cybersecurity, for example, they're always like, oh, we're always spending money on technicians and software and this and that. And it's just spending money and spending money. They never make this money. We're just losing money on that. And it's like, yeah, because that's what's keeping you from losing more money when something like this happens. So, yeah. IT in general, it's always seen as like a cost center by businesses until you need them. The problem with IT in general is that I think the entire industry suffers from its own success because when everything is working properly, of course, you never notice it at all. Like it all just runs in the background. Exactly. yeah and then the last thing is like you said a centralization issue which that one's harder right because like that's kind of one of the hallmarks of the free market is people should be able to go to whatever company has the features they need and makes the best sales pitch and whoever they want to go with so the centralization thing i feel like it's tricky but i don't know maybe maybe there's some letters we can pull there too to try to encourage a little bit more competition i don't really know that that one's definitely above my pay grade but it's all just kind of a big um I don't know what the word I'm looking for is. It's all just kind of a big scoop of, like, a bunch of problems. But even fixing a few of them, I feel like, would probably go a long way, in my opinion. Yeah, Neville Matthew on YouTube points out the same thing with Epic electronic health record systems. All hospitals use them. That's a huge problem as well. I mean, the centralization that we were talking about, this is happening among pretty much all industries at this point. So we're definitely putting all of our data in single gigantic baskets, and I really don't think that's a good thing, which is why I always suggest decentralization as much as possible. But not all organizations are going to do that, and I think the unfortunate reality is that all of these organizations are going to choose the cheapest option. Yeah, I don't know if we pulled up this comment, but NextFJonah said, I'd rather use Google Workspace. Honestly, Google's locked into their security and their workspace privacy might not be terrible. I mean, with Google Workspace, especially with the schools, you never know what they're doing with this data. But according to their privacy policies, it's all above board for students. But no company is perfect at security, and it's very possible that Google could have a breach someday. I think there's problems with all centralized services, kind of inherently. So I wouldn't just rule out the possibility that Google will suffer some sort of security issue in the future. I think a much bigger issue with all these schools adopting Google Workspace for Education is just that it really normalizes all of the, I mean, the entire Google suite of a whole generation of students who are then going to demand that in the workspace and in their personal lives. People are just, like, using alternatives like Microsoft Word or Apple Pages or whatever software was typically used in schools. and now they just are used to Google Drive and used to Google Docs and then they will grow up and they'll continue using that or they'll use it in college or they'll say to their employers, like, you should switch to all these Google services. That's really the big Google play here. And there used to be more companies in the education space. I mean, for a very long time, Apple was huge in the education space and then they basically randomly gave up on supporting education customers, which is really dumb in my opinion. You could certainly argue Apple isn't much better. And I would love to see, we talked maybe a couple episodes ago about these governments who are adopting Linux systems among their own agencies. I would love to see something like that in schools too, where more of these education providers adopt open source software like Linux. but we're not really seeing that right now. And even when Apple was in the game, there was at least some competition here, which is always a good thing. You always want to see competition, and right now Google kind of has a stranglehold on the entire education industry, which is not great. Maybe Apple will make a comeback with the MacBook Neo, but their software game has a very long way to go before they get back into a serious IT world, unfortunately. Yeah I was going to say I agree with the idea of like I complained about that Not my last job but the job before that We were a very small company like less than 10 people total And we used Google We used Gmail we used Google Drive we used Google Sheets Google everything And then I moved to the bigger company that was like super super corporate And all of a sudden everything was Microsoft And I remember just being like God I would give anything to go back to Google because Microsoft UI is just everything about Microsoft is terrible full stop I don care It bad So, but I really appreciate what you're saying about like, yeah, but then you train people into that way of thinking and that's what they're going to want. And, um, but, uh, yeah. And another thing you said is just real quick. I'm, I've been saying for a long time and I know I'm not the only one that like, it blows my mind that public money can be spent on private things. So like, I usually say that in the context of policing and surveillance systems, but yeah, like Microsoft licenses for public offices. And it's like, dude, just switch to Linux. Like, and that's a new contract there too, right? Like, somebody has to write this software for Linux so they can manage the lakes or whatever. Like, great, that's a new contract. We just made new jobs. So, I don't know. Yeah, it's crazy. Yeah, the whole tech ecosystem in general, once you get into, like, proprietary stuff, is not great because we've really transitioned to, like, full subscription services. I used to work at a school district and towards the end of that Google changed their education pricing I think it was around like when the pandemic was happening and there was a huge push for remote learning but they were basically like okay all of these features that all these schools want now we're going to be charging something a month and it was still a lot cheaper than like Google Workspace for businesses but it just goes to show that like all of this free stuff can't really never does last forever, even for schools and nonprofits. Google's whole plan is not just to lock students into this Google ecosystem, but also to lock schools and districts into having to do whatever Google says, basically, because now they're kind of stuck with all of the software and all their Chromebooks, and Google can kind of charge whatever they want if they want to, and it's very unlikely that any of them will switch at this point, which is a shame. Yeah, very good point. I think that's all we have on that story. In a minute, we're going to talk about Microsoft Edge and passwords. And boy, that's a wild one. But first, we're going to talk about what we've been working on this week at Privacy Guide. So like I mentioned at the beginning, it's been, you know, we kind of go through ups and downs, right? Like we kind of go through periods where we're releasing a bunch of stuff. And then we go through periods where It seems like we're a little bit more quiet, but that's because it's just we're always working behind the scenes. I mean, we're always working, but sometimes there's just a lot happens at once. And I think the last few weeks have been like that. So, for example, I'm going to share this little tab here. We have just released today a new video about how to run a Signal proxy. So and we talk about this in the video, for the record. But, you know, there are alternatives to Signal. But censorship is on the rise and Signal is around the world, for the record. and Signal is an extremely popular messenger. So you could try to get your friends and family to switch to something like SimpleX or Briar, or you could look into Signal proxies as a way to help around with that. So yeah, if you're a member, that's already available on YouTube. If you are a Privacy Guides member, like you went to privacyguides.org slash donate, you're a member. It's also, I believe, available on Peertube. And we share that link directly in the member section of the forum, or I believe you also get it in your inbox. so those are options there and then that'll be coming out to the public next week we usually release those about a week early for members and then we have an awesome interview coming soon hopefully next week depends how much editing we have to do but I don't want to say too much it's just really exciting it was a great interview I had a lot of fun and it will include a bonus section again for paying members so yeah excited to share that and actually on the topic of memberships I keep forgetting to tell you guys that we're actually now posting the show notes for the show in the members only section um so throughout the week you guys can see what stories we're considering discussing and stuff like that so definitely uh check that out if you're interested and i'll turn it over to jonah to talk about what else we've been doing we definitely got a lot of requests for that because people wanted to ask questions about the stories we would talk about on the show but um i know this show time isn't ideal for everyone. It's pretty late in the EU right now, so I know a lot of people skip it and watch it later. So hopefully that helps out some people with getting your questions answered during the Q&A that we have at the end of the show. In other Privacy Guides news, the biggest thing that we launched today, or not today, this week, is a new DPA directory. So this is a tool that we have in our activism section, which you can find at privacyguides.org slash activism, or you can click the activism tab at the top of our website. And the DPA directory is basically a tool that will help you find the main consumer privacy law in your area or region or country that describes what privacy rights you have as a consumer and the authority that's mandated to enforce the law, which is very important because you should know where to report these privacy violations and what privacy violations may even be occurring. I think for a lot of countries, there are more protections than you might think. Of course, in a lot of countries, I would definitely say the protections could go quite a bit further, but anything helps. And reporting privacy violations by companies that you interact with not only has a benefit for you personally, but it has a huge benefit for your entire community because it causes these companies to make changes that will ultimately improve the privacy for anyone who are using these products or services. so definitely check it out find your region on there at the top of the directory we have buttons where you can click by continent basically and then you can find whatever country if your country isn't listed either we couldn't find anything we were able to do it for a lot of countries but certainly not all of them we hope to continue updating this with more information as we can and as we get it, if your country isn't listed or some of the information you want to update or what have you, definitely submit a PR or even open a topic on the form sharing what information you want us to add or change and we can get that updated. Or just let us know what country you want us to update and we can look into it as well. whatever works for all of you uh we definitely want to keep this updated and get as much information out as possible so you can share uh what information you would find most helpful here and hopefully we can continue to build more legal resources than other resources like this in our activism section going forward so we'll continue to keep you updated with that um thank you carrie from Firewalls Don't Stop Dragons for the compliment. I totally agree. It is another fantastic resource. It's one of the final resources that our former staff member, Em, worked on with us, and it came out really great. So I hope people find it very valuable. That was the main update that came out with our May release of all the changes on our website. I believe all of the other changes were pretty minor. We just updated some information that was outdated and changed some logos So not a lot of huge changes besides that But, you know, we're always changing the site, making sure everything stays up to date So hopefully we'll see more changes in the future I know we have 26 pull requests open right now So a lot of updates that we're hoping to get made as soon as we can review them uh this is episode 52 of the show which means that we've been doing this every week for a full year um which is fantastic uh it's it's been a lot of work uh to get this oh great they'd celebrating if it works i think it's possible i have a whole bag of them i'll find another one i had to buy these for a video one time it was like five bucks so now i don't know what to do with them but another one but but yeah um hiring nate to get these done has been a real game changer for this entire show because we can really uh do this more reliably um and yeah we we plan to continue doing this every week for the foreseeable future uh news briefs are another big thing that we do uh almost every day pretty much freio works very hard on those but we have other people on the team publishing does as well. I know Nate writes some of them on occasion. And this week we had updates on copy fail, chat GPT, advanced account security, Fedora releasing sealed bootable container images, which is super cool. Definitely look into that if you're using Fedora. It's good for security. RCS end-to-end encryption in iOS 26.5, which I actually downloaded on my phone, but I haven't been able to use it too much yet, so hopefully it improves a bit soon. Disneyland, California, facial recognition, the FCC banning a data broker from selling location data, ProtonMail launching post-quantum encryption, which I believe we are going to talk about later on in this stream, if that's of interest to you, certainly of interest to me. Chrome for Android, including Approximate Location, which is a new web standard that will hopefully make sharing a location of websites a bit more private, and two more major Linux vulnerabilities in the same class as CopyShale. So a lot of news briefs. We can't talk about all of the news on this show specifically, but we try and keep all of the news briefs updated with the biggest stuff that we can't discuss. So if any of those things sound interesting to you, you can find that under the news tab at privacyguides.org and we'll continue updating that and updating our form with all of the news stories we can find. All of the stuff that we do at Privacy Guides here, again, like I said earlier, it's all supported by our generous members and other one-time donors. You can sign up for a membership or donate at privacyguides.org slash donate. Or if you want to support us by picking up some swag at shop.privacyguides.org, that is great as well. Privacy Guides here is a nonprofit, and we research and share privacy-related information, and we facilitate the community on our forum and other platforms to share advice, ask questions, get updated on the news with other people who are in this privacy activist space. So it's a great place, especially our forum, to get advice about staying private online and preserving your digital rights. I think that's my spiel. We can move on to talking about how Chrome has been downloading some AI stuff to your device without telling you. Maybe not you specifically. You're probably not using Google Chrome, but Google Chrome users, you know. Yeah, hopefully if you're watching the show, you know that Chrome is basically spyware, and that's not much of an exaggeration, unfortunately. Warn a friend about it. What's that? Be sure to warn a friend about it. Yeah, no kidding. Pass that on. Friends don't let friends use Chrome, but seriously. Um, so yeah, the, the latest, uh, um, try not to curse the latest tomfoolery from Google Chrome is that they have been quietly pushing a four gigabyte AI model to your device without asking. Correct me if I'm wrong, but I actually did some digging into this, and I was trying to put the 4 gigabytes number into context. And if I did my research right, that is about, what is that, about 800 to 1,000 songs, depending on, you know, how big the file is, how long the songs are and stuff. What is it? It's like a similar amount of photos, but the one that got me is that's about 4 to 6 hours of high quality, not like 4K, I think, but like high quality video footage, which is longer than the extended edition of Return of the Kings. And that just, that, that was, uh, that was my favorite thing I learned from researching this. So anyways, um, yeah, so Chrome has been pushing this AI model onto your device. It's Gemini Nano. Um, the, the article, I don't think explicitly says it's on desktop, but it seems to imply that it's on desktop because it says that, uh, right here, it says deleting the folder doesn't offer lasting relief. Chrome will simply redownload it. On Windows 11, the folder is here. It has also been confirmed on Apple Silicon and Ubuntu machines. So I think it's specifically on desktop. The weird thing is, from what I can tell, this does not seem to be... Because, like, a lot of Apple and Google are trying to do more, especially on mobile phones, they're trying to do a lot of AI processing on device. and I think for most of them that has more to do with like performance than privacy, but of course never miss a good PR opportunity. So they're like, oh, it's also really private. And it's like, eh. So I think they try to do things on device. But from what I can tell, if I remember this correctly, yeah, it says here, the downloads carry a notable irony. Chrome's most visible AI feature, the AI mode integrated into the address bar and Google search, runs on Google servers rather than the locally stored weights. The 40 gig folder is only used for writing assistance and a handful of other accessible or a handful of other features accessible several menus deep. So it's not even like the most commonly used things that they would put on. It's such a weird, weird choice. I don't know. Yeah. So going back here again, if you uninstall it, it just reinstalls itself. I do appreciate this article. Uninstalling Chrome entirely is the most effective way to remove it. However, for those who wish to continue using it, you can disable it by going into the Chrome flags. and finding an item called Enables Optimization Guide on Device on Android and selecting Disabled. So apparently that basically just tells it that your device can't handle it, whether that's true or not. So yeah, and then it looks like somebody is already accusing Google of violating European privacy regulations, and I unironically wish them the best because I want to see these companies sued every single... You know, we've mocked many, many times how when these companies get sued, it's always like, oh, they got sued for $4 million. And it's like, bro, who's in charge of Google? Sergey Brin? Did he move on? I don't know. Whoever. The guy in charge of Google, it's like his shoes probably cost $4 million. Like, that's nothing. They don't care. But my hope is that if we keep doing this, maybe it'll be like death by a thousand cuts. Like, if we just sue them every single time it happens, maybe eventually it'll start to add up. I don't know, man. I'm trying to be an optimist. I realize I'm probably delusional, but, yeah, so, I mean, I think we kind of hit our main points going into it, but, well, let me start by saying, I don't know, I guess I'll really just jump to it and say, like, we don't recommend Chrome, you know, it's, I mean, in addition to just doing crap like this all the time that's incredibly hostile to users, that's incredibly unfair to users, that's really, really sneaky. I think it's so funny how they always try to roll these things out. They're like, oh, but this is good for users. And it's like, well, then why'd you hide it? Why didn't you tell us how awesome this new feature is? But in addition to all this stuff, you know, Chrome is like over the years, it's really become a resource hog. Like everyone I know says that it takes up tons of space. It eats up your RAM. I don't know how true that stuff is because I haven't used Chrome in several years, but that's what I hear. So I think I'll have to bounce over to the Privacy Guide's website. I know that Brave is a big one we recommend. Um, Firefox is pretty good, but it does require some, uh, some tweaking to really get the most out of it for sure. Uh, and I, you know, browsers are one of those things that I know everybody kind of has their, their favorite browser, right? Like some people prefer, um, yeah, I mean, here, I'll put you on screen while I'm looking this up, but you know, some people prefer their, uh, like LibraWolf or Moldat, which Moldat's a really good one. Actually here, I've got the, uh, the page here. I'll bounce this up real quick. Moldat's a really good one that we do recommend. And I think for a lot of the power users in the crowd, Bolvad will be fine. But there are, like, I remember when Bolvad came out, I asked some of my friends and family, like, hey, can you test this out for me for, like, a week? Because I want to know if this is a good browser I can recommend to the average non-technical person. One person couldn't download it because their antivirus kept flagging it, which I still need to talk to them about why you shouldn't pay for third-party antivirus. And then the other person was able to download it just fine, but they were like, hey, and they weren't mad at me for the record, but they just told me, they're like, hey, FYI, literally none of my streaming services work. Like Netflix, Hulu, Disney, like none of them work with all that. So it's a great option. It's just, you know, the average person may struggle to do some like day-to-day things. Firefox, like I said, is pretty great. There's just some settings you need to change, add UBlock Origin, Brave. I think for people coming from Chrome, Brave is probably going to be the best replacement since it's based on Chrome. So, yeah. And then, you know, people are obviously leaving things here in the comments, like Helium and Xen. You know, those are fine, I guess, if you want to use those. They're not our official recommendations, but they're probably way better than Chrome, I think. So, yeah, I think I've been talking plenty. I'll turn it over to you for a minute. So, any thoughts on this? It was funny that you mentioned how many songs there are, because I think 4 gigabytes was the amount of storage that the original iPod had in 2001, and that classic tagline, a thousand songs in your pocket. Now we're just kind of wasting that storage space on random AI models that it sounds like are going to be barely used in Google Chrome since most of this is still going through their servers. So it just kind of goes to show how much tech has changed in the last 25 years and how, not really for the better, I think all of this software is just becoming very bloated for very little gain. And I think at the end of this article, someone pointed out that pushing four gigabytes of data to the millions or billions of devices that have Google Chrome installed on them results in just a huge amount of data being transferred over the Internet like all of these software updates do, which is, you know, I mean, that's kind of normal. we get software updates all the time so it's not that crazy but that's still a huge amount of data um there's there's always a cost to that sort of thing not just financially but in terms of uh co2 environmentally um all of this ai is just speeding up all of those issues um in many different ways so yeah technology is just crazy yeah four gigabytes times the amount of chrome users absolutely um it's it's exactly like uh carrie just said in the chat as well when these stories pop up you just got to stop using google chrome um and i think all of these browser solutions are going to be better we obviously the general consensus among privacy guides team members and also people in the community on the forum is that brave and firefox tend to be the best choices for a lot of people but as other people have mentioned uh and like nate just said there are other options that are coming up and becoming very popular. I've been using Zen Browser for some time personally, and I like it a lot. I know a lot of people are starting to use Helium Browser lately, which definitely has some good things going for it. I would also throw in Brave Origin as a great Google Chrome alternative in addition to Brave, just because it has a bit less of the bloatware, like the VPN stuff that Brave does or the cryptocurrency-related stuff. That obviously costs money for some people, but what I would say to that is if you don't want to pay the $60, you should be on Linux anyways where Brave Origin is free. So, you know, you always have that option. Linux is a great operating system to switch to, and you can start using that. A big benefit of Brave Origin versus these other platforms is mainly just having the backing of a much larger company behind it. And Brave has been very timely with security updates and other Chrome updates for a very long time, whereas a lot of these other alternatives are somewhat hit or miss with those updates. And just like with Graphene OS, like we were talking about before, staying up to date with those updates is super important from a security perspective. So I would typically probably recommend Brave Origin to most people who are looking for the cleanest Chromium experience these days. But yeah, there are certainly a lot of options with their own pros and cons. And if you want to know any of the specifics of that, I would always recommend checking out our form or asking your questions there. I mean, with a lot of these browsers, I know there's already discussion threads about them where you can find out the pros and cons and why they're not necessarily recommended on the site yet, but can still be good in certain use cases. So, the first generation iPod had a minimum of 5 gigabytes, and I don't know if this is going to make you feel old, but it made me feel old. The connection was FireWire. yeah that was a that was an interesting time i will say for everything i just said about technology going in a bad direction in some ways i will say switching everything to usbc is one of the biggest improvements that's ever been made honestly having one universal connector is just so nice so much nicer if anyone remembers what it was before totally agree um Yeah, it's, I do want to point out, I just want to drive home something you said, which is that I think there's something to be said. Like, Privacy Guys kind of operates under the idea, or under the philosophy, I should say, of, like, recommending the best product, right? Like, I think kind of going back to our headline story, I would argue that, and maybe this is open for debate because of what you mentioned about, like, Micro-G running at an elevated privilege level. But I would argue that something like Calyx is going to be a little bit better for your privacy, assuming it's fully updated and everything. But it would be a little bit better for your privacy than, like, stock Chrome or stock Android, right? Yeah. But obviously, we don't recommend that because Graphene is even better, and it's really not that much harder. so we recommend Graphene instead. So where I'm going with that is I think a lot of the time I think you know this is something I've harped on before is a lot of the time I think we in the privacy community kind of undersell how much we've learned and how tech savvy we are. Even people on the like I consider myself not very tech savvy compared to a lot of other people that are like developers and programmers and hackers and like but even I like I know how to self host Nextcloud. I know how to self host Jellyfin. Like I know how to mess with the settings on my router. I flashed my router, like all these kinds of things that the average person I think doesn't really know how to do it. And so I think, um, sometimes it can be really empowering to take those baby steps. And I think sometimes those baby steps are going to be, um, I think some of them are going to be like, even if you never go further than this, it's still better. And so I'm, I'm kind of talking to the audience here where, you know, some people get mad that you say things like you in general, that we say things like, um, you know, like switch to brave and some people are like oh but brave has all these problems which is fair but also like if somebody switches to brave and they're just like oh this isn't so bad this is just like chrome well i hear that firefox is better what if i check that out what about the small bad browser what about that might be the gate that opens them up to check out the gateway the gateway drug that opens them up to check out other browsers and maybe eventually they will end up at something way better and way more secure but even if they never go further than that like it's still better than using Chrome, in my opinion. So yeah, I just I guess I just kind of want to defend that. Not not that you were not doing that, but just to the audience, I want to point out that like, I think these these can still be useful baby steps along the journey to get people because something like Brave is going to be again, I think I said this already, it's going to be like the most familiar for people who are coming from Chrome. And then once they realize like, oh, that was really easy, that was simple. Maybe I'll check out Firefox. Maybe I'll check out these other ones. So you It could potentially become a journey for some people. Absolutely. I think our general philosophy, at least mine, but I think the general philosophy among the team is that our recommendations on the site are geared towards being the best option with the least amount of downsides for literally pretty much any use case or threat model, as much as we can. Obviously, there's still going to be upsides and downsides to each of these, but um like compared to calyx or even lineage os it's it's our opinion that graphing os offers the most benefits with the least amount of downside to the most people um if we're talking about calyx os or lineage os um those both have some merits uh certainly uh like like jordan just mentioned in the chat here um there's wider device support with both calyx os but especially lineage os and that helps people get into this de-googled ecosystem um which which is always i think great from a privacy perspective but at the same time the the downsides of using calyx os or lineage os are potentially very high especially from a security perspective and people can really uh shoot themselves in the foot i think if they don't know what they're doing whereas with something like brave uh not my favorite browser but the the downsides are pretty minimal and it's very easy to recommend to most people. And I think it probably goes without saying, we don't explicitly have it on our site yet, but we should probably just update it because Brave Origin is the same. But I think Brave Origin is even better because it's just the exact same thing as Brave, but less, which is typically good from a security perspective. You want to keep things as minimal as possible. And also just from a user experience perspective. But if we talk about other browsers like Helium or like Zen Browser or even LibreWolf. Like there are a lot of upsides for a lot of people, but there are also a lot of downsides which make it very hard to recommend to a general audience who might not look into all of this stuff further than what we put on the site. I think that's a common misconception that people have with the privacyguides.org resources is that people think that if it's not listed there, that means there's some problem with it. But typically, if something is omitted, it's not like an anti-recommendation in a lot of cases. And this is a reason why I think our forum has become even more popular than our main website at this point. It's because we can have these more in-depth discussions if people are interested in that. So that's kind of the case with everything we don't recommend on the site. There are in-depth forum discussions where you can learn about these tools, but also learn about the potential downsides, which I think people should at least know before they use them. So, yeah, I think that's kind of where we're at with the recommendations in general. Yeah, for sure. It's a that is one nice thing about the forum because there's so much information and so much to consider that, you know, for some people may not be relevant and for others may be relevant. Like I know and we'll get to the forum in a minute, but I know on the forum there's been an ongoing discussion about only office and how only office like allegedly has some ties to Russia. And like the licensing is kind of weird. And, you know, some people are like, maybe we shouldn't list only office. And me personally, I'm over here going, I don't care. Like none of that is part of my threat model. Not interested. but I completely respect that there are people who are like, no, that's very alarming. And I don't want to be using only office at my, you know, my politically motivated nonprofit. Right. So, um, I think it's really cool that you can go to the forum and get that kind of like in depth. Cause I, you know, if you make a website too wordy, people aren't going to read it. Ask me how I know. So it's really cool that people have that supplementary resource they can go to to not, not to show the forum too much, but you know, I, I like that about it. So there's no there's no way to show the form too much. I can show it all day, any day, and it'll never be enough. You can check out the form. Fair enough. Nice to have Jonah just said in the chat, is there no privacy respecting streaming option? Yeah, unfortunately, StreamYard is not super great either. We mainly offer it as a solution because, I mean, it's a service that we're using. So you're kind of getting it directly. And it's also better than literally all the other options, but streaming is a pretty difficult system to get up and running because you have to imagine, I mean, even if we're self-hosting it, every single viewer is going to use a certain amount of bandwidth, so you just have to multiply that by every single user who's watching it simultaneously. uh the problem that we have is more to do with um i mean we just can't have a great experience we've got a lot of chats this week and we wouldn't be able to integrate chats uh with with streamyard if we were hosting a stream ourselves and um yeah like you just pointed out uh unlike youtube um there's really no filtering going on with streamyard which is so that's the main reason we offer this stream art option um for most people i would say like if people i mean i can see why you'd want to watch it live but if you're not going to interact with the chat or anything um the the most private option is probably just downloading the podcast to your app because then it's just a download um and you can watch that anytime without being tracked after that so usually that ends up being the most private solution um but all of this chat being integrated into one place is super nice, and that's why we are streaming on these platforms and not anything better, unfortunately. It's just more challenging, I think, than you would imagine. Yeah, for sure. And I also want to mention that the nice thing about StreamYard is, like we were talking about at the beginning, we can broadcast to multiple channels at once. So that's kind of, I think, one of the main reasons we use it. I'm sure there's probably other reasons behind the scenes that I'm not aware of. But it's that that unfortunately also kind of limits us to what they're able to support, because, I mean, there might be some kind of like third party script that can mirror it appear to, for example. But then, like Jonah was saying, we can't see the comments there. And it's just it's you know, it's like you were saying a minute ago or we were saying a minute ago about switching to services and recommending services. It's like we kind of have to balance like what's technically possible with what's going to give us the most. I don't want to say return, but you know, like we only have so much time and technical energy that we can spend in places and we need to make sure we're maximizing it. So, yeah, absolutely. It will be on PeerTube. It will be on on what you would call it on a podcast, like you were saying. So we do our best to try and offer people private alternatives, but it can be rough. I think there was something else I saw that I wanted to mention. Oh, yeah. somebody stopped by and just said thanks for everything you're doing so thank you just wanted to shout that out yeah thanks for all your support I mean even like just from an algorithmic perspective one of the main goals both with this stream and with our YouTube channel in general is to reach new audiences who wouldn't be interested in the in the type of content that we would publish on privacyguys.org for example so any sort of engagement on YouTube especially is helpful for us even though we're asking you to use Google, which is not great. But in terms of reaching people who have never seen any of this before, it's super helpful. And anything that we can do to improve that and maybe help other people get this information that they otherwise wouldn't is super good. Because it's exactly what Nate was saying earlier, not just about software being a good entry point. But I'm hoping that a lot of the videos that we're publishing is a good entry point where people will then feel inspired to check out the privacyguides.org site or check out our form when they otherwise wouldn't have any awareness of it at all. So that's a big goal for everything that we're doing on YouTube and our videos in general. I think the last thing on that note what Carrie said about our conversation a minute ago is I was pointing out that for some people when they start software it could be their entry point to move on to other things if something's too complicated or onerous especially as a first foray into privacy you can derail people so yeah kind of similar to this whole streaming thing if we tell people like oh you can only find us on Peertube and by the way there's like 100 million instances and just you know trying to be user-friendly to everybody in that sense so lots to think about but anywho um yeah let's move on to our next story here uh this was reported by uh the proton blog looks like in their business section but uh they wrote about microsoft edge keeping all saved passwords on your device unencrypted uh so if you save passwords in microsoft edge this article says there's a security risk you should know about. According to a new disclosure, whenever you open Edge, the browser immediately loads all saved passwords into memory in readable form, not just the password for the website you're logging into. That means credentials for every account saved in Edge could be exposed if malware, a compromised admin account, or another attacker gains access to your device or user session. This is a really interesting story to me because, as I believe it's pointed it up in this article um this isn't typical for chromium-based browsers in general if you look at google chrome they will only uh release the password in the memory when you're using autofill and then they delete it after and your your passwords could be at risk um yeah if you just leave microsoft edge open like like it's showing on the screen there um which is probably happening most of the time for people because you always use your browser. But, I mean, even if you open it for a second, malware can potentially get all of that information at any time, which is not great. Microsoft kind of defends this with a similar excuse to what Signal has said in the past about their desktop client, which is basically if this is something that's going to compromise your data, you probably already have malware on your device device that can get access to all of this data and that's certainly true I mean you probably have in in such a case you might have bigger problems to worry about than just this alone there are a lot of ways that Malvert can exfiltrate your data without your knowledge so yeah you just don't want to have Malware on your computer, obviously. But at the same time, and again, when Signal Desktop had some issue with information being available to other programs on your device, we also said this, like, there are technologies that Edge could be using that would improve the situation beyond this. And for them to do this means that they've explicitly changed some aspect of Chrome because again stock chromium doesn't have this behavior so it's just an edge specific problem uh if you're using edge in windows which is uh not great i actually don't know if this article says um whether this occurs if you're using edge on another operating system like mac os or i think there a linux version of edge isn there i don remember somebody tell me but there is yeah But I don know why you would be using Edge on any of those platforms So it probably not a huge issue even if this is the case in other ones But, you know, on Windows especially, Windows is still super popular. And Edge, Microsoft really tries to force it to be your default as much as possible. So, I mean, I would imagine this would affect a lot of users. But at the same time, only making this available to local users or local software like malware, it's not the worst thing in the world. It just seems completely unnecessary. So I don't, yeah, that's what I would have to say about the Edge stuff. Did you have any other takeaways from this article, Nate? I think just the yeah I mean it's unfortunately it is unique to Edge which kind of weakens the argument of like move away from that because I don't know a lot of people that do use Edge but I think my big thing is it reminded me of you know of course Proton is going to take this opportunity to show their products and they say use a password manager but I kind of agree with them on this one I think there's a lot of reasons to use a third party password manager. One of them is their, their browser agnostic, right? Like, you know, we were just talking a minute ago about maybe somebody starts off using Brave and then eventually uses other browsers. Like if they have a third party password manager, that makes it a lot easier for them to switch, switch browsers. Cause that's one less thing they have to worry about switching. There are also, I believe, correct me if I'm wrong, but I know there is malware that is capable of stealing data that's stored in the browser, like passwords, history, credit card numbers. And I think that it does not work anywhere near as well if at all on third-party password managers because the way that they're like segmented away so yeah but i think a lot of other browsers are also segmenting it away in a similar manner i mean obviously in most browsers except it's optional in firefox i believe you can do this but you typically don't need like a master password to unlock your passwords or anything so there are certainly ways to to get into that locally um as this article points out like on the disk they're using standard encryption but what's happening is all of the passwords are always being loaded into readable memory or RAM as soon as you launch the browser so since the browser is open most of the time the fact that it's encrypted on the disk is probably not super relevant Um, but yeah, another, oh, can't talk today. Another thing I wanted to point out that, uh, I just remembered was, I mean, Microsoft, this has happened before. There was a similar issue with, um, Microsoft recall where like they just let anybody access all of, all of that recall data, all of your screenshots, um, any, any malware on your device could access all of that without any protections in place uh and that's that just seems to be microsoft's mo when it comes to developing software these days they they don't seem to take into account any sort of local attacks unfortunately uh carrie just pointed out even though signal originally said that plain text messages while the app was running wasn't a problem didn't they didn't they eventually fix that and yes they they did so and this is the case where I wouldn't be surprised if Microsoft fixes it as well just because again this is non-standard behavior I have no idea why Microsoft would choose to do this I don't know what feature that they thought this would enable I don't know how they I have no idea how they use this or why it would be necessary for them to change But now that it's getting attention, they might do it. Of course, on the other hand, Microsoft isn't a company super well-known for security, unlike Signal. So I also wouldn't be surprised if they don't fix it. I guess we'll just see what happens there. Microsoft, not well-known for security. That's blasphemy. Yeah, Signal kind of dragged their feet with fixing that. They, like, kicked and screamed about it, but they did eventually. So, yeah. Yeah, I mean, I guess that's all I got. That was my big takeaway is to use a password manager, and that kind of eliminates the problem. And also, we don't recommend Edge anyways. But, yeah, definitely. Hopefully, they will fix it. Because I know I mentioned before at my last job, I used Edge on the work computers. Because, first of all, they issued us those computers. And we were so deep in the Microsoft system that everything just integrated better with Edge. And like, if I use any other browser, it added so much more friction, which I didn't have a desk job anyway. So it's like the less time I spent on my computer, the better. If I was spending a lot of time on my computer, something was wrong because we were like searching for manuals or trying to get a hold of somebody or like tech support or like. So, yeah, I just use Edge because, again, we're a computer. I didn't have anything personal on there. That's their problem if it gets breached. but it was, you know what I mean by that is it's their problem because they're the ones deciding that we want to use all this insecure crap but anyways, so yeah, I mean it's very popular in corporate environments and they should probably fix that I think I guess that's kind of all we got now on those stories so we're going to start taking viewer questions here in just a moment so the chat's been really active which has been super, super awesome. But if for some reason you've been holding on to questions and you haven't dropped them in the chat, go ahead and do so. But for now, we're going to check in on the community forum. And I mentioned that, you know, there's a pretty active week. I mean, it's always really active, but there were a lot of good discussions this week. And ironically, we're actually going to talk about Proton again for a minute here because Proton now supports post-quantum encryption. and I think it was last week that Jordan and I talked about this a little bit because somebody asked about it in the chat but I thought this could be a good opportunity to talk about post-quantum encryption specifically and what it is and all this kind of stuff so definitely correct me if I'm wrong here but I think without turning this into a deeply technical video that hurts my brain basically quantum computers are like the next generation of computers you guys probably know this stuff but just in case and basically they're exponentially more powerful than current computers aka classical computers and it matters I mean it's a good thing in a lot of ways because they're way more powerful they're way faster they can do a lot more computational work but it also has a lot of implications for cyber security and concerns about being able to crack certain forms of encryption, even without a zero day or a vulnerability, like they're just so powerful that they can do. Because here's where I'm starting to get a little out of my element. Because modern cryptography basically relies on the idea that like the numbers and mathematical equations we're using to create this encryption are so astronomically high that no computer could realistically do these kind of computations at scale without knowing the password and the key. And quantum computers kind of laugh at that and say, hold my beer. So, so yeah, we're seeing a lot of, we're seeing a lot of companies both in and out of privacy are really kind of starting to roll out post-quantum encryption. Signal is one in privacy. Tudor's one. Proton's one now. And outside of privacy, we've seen Apple. I mean, arguable privacy on that one. We've seen Apple, we've seen Cloudflare. I'm sure there's a lot of others that I'm forgetting. I think Google is messing with it a little bit too. So, yeah, I think was that a pretty good summary so far? Yeah, I believe so. I mean, okay. The quantum computers, I guess it is sort of the next generation of computing. Not in the sense that it's going to replace any of our current computers right now, though, because quantum computers are never going to be good at certain things. It's very niche. But certainly breaking encryption, some encryption schemes, is one of the things that they can do. Not currently, because they're extremely not powerful, but maybe in the next 10-15 years, it's a very real possibility. And post-quantum encryption today is super important, in my opinion, because there are definitely a lot of scenarios where all of this data could be stored and decrypted later by any number of parties. I would imagine governments are probably working on collecting as much internet traffic as they possibly can without really knowing what to do with that traffic yet. But we know, like for many years now, the NSA, for example, has built that huge data center in Utah, basically just to store a huge amount of data. So for some people and for some threat models, I think this is a real concern. When quantum computers would get into the hands of normal people, like normal attackers, it's hard to say if that'll happen, if ever, but certainly within the realms of governments and probably within the realms of huge companies that you might be concerned about to get quantum computers in 10, 15, 20 years or whatever. We do have a full video on post-quantum encryption on our YouTube channel that I would definitely recommend checking out because there's a bit more nuance to all of this, but I think it's a good explainer. Yeah, I was just logging into Roton right now to see if I had access to this. And this is a big problem that I have with Proton that annoys me a lot. That even though I have a visionary subscription that they say will get you access to all the features when they come out, they never give me access to features first. It's always like randomly after a lot of other people get them. So the blog posts that say they're rolling out gradually. You probably won't see it in your account yet, but maybe some of you will. unfortunately, I don't see it. But what can you do? I can complain about Proton all the time, and they probably won't change this or improve it for me, but maybe they will. If anyone from Proton is listening, you should do things better for visionary subscribers. I know it's a very niche problem. This is like first world problems to have because most people are not going to be on a visionary subscription. But yeah, if you do have access to this, let me know how it goes. I believe it's optional. You have to upgrade to it, but that does make a bit of sense because, I mean, Proton can't do it for you because they can't decrypt your data in order to re-encrypt it. I would imagine at some point maybe Proton could do it automatically when you sign in, but they're obviously not doing that now. And it's probably a good thing that they're not doing it now because it would be very hard to do that automatically in a way that perfectly protects your data, I would imagine. So, yeah, it's an optional feature, but definitely upgrade to it when the feature becomes available to you, because I think it's important to get going now. And again, in our video about it, we explain more of the reasons why it's important to get started with it sooner rather than later. Yeah, there's the video. Yeah, sorry, I just found it and pulled it up. But, yeah, so for any audio listeners, it says the threat that makes encryption useless. That's the title of the video from October of 2025. So definitely check that out. And, yeah, I – real quick, on the topic of Proton and not having that switch, I think they paused it because I think a lot of users were reporting issues that it was like breaking Proton Drive or something like that. So I think that's why you don't have it. I think they paused it while they're trying to figure that issue out. Interesting. Okay. but uh yeah one thing i wanted to address here is uh jordan said it feels a little bit like ai hype um yes and no because i agree with you i've heard a lot of experts talk on this this topic on like various podcasts and stuff and i've heard a lot of them say that like it's probably not coming anytime soon like there's always certain technologies that are like in the next five years right like the the running joke is cold fusion um for decades scientists have been Like, no, no, no, like, like we're right on the edge of cracking it. Like in five years, we're all going to be using cold fusion. And they've been saying that since like the eighties, probably even earlier than that. So it's kind of become like a running gag. Like, oh yeah, it's always like five years away. And a lot of people are saying that about like AGI, artificial general intelligence, which is like the actual, the stuff you see in sci-fi movies. And it's like, you know, of course Altman and everybody's out here trying to hype up their stock prices. Like, yeah, man, we were going to roll out next year. It's like, uh, yeah, that and cold fusion too. Sure thing, buddy. this one I've heard people be a little bit less pessimistic in the sense that they're like well it's probably not five years away maybe ten years away I mean it's probably possible it's just like they're definitely overhyping how close it is but I think you may have said this is like I do still think it's a good thing that we're getting ahead of it because you mentioned the harvest now decrypt later where like the NSA which quick little piece of trivia for anybody who looks at my online presences, it's a selfie of me outside of a building. That is the NSA's data center in Utah. I've done that twice now. I am absolutely on a list. There's not a doubt in my mind. So yeah, I think the whole point of the NSA's data center is just to collect as much information as possible so they have it later when they, quote unquote, want slash need it. So yeah, I think it's really cool that they are getting ahead of this, but I'm with you. I think I'll probably turn this on whenever they roll the feature back out and whenever I stop seeing people say that it borked their ProtonDrive. Not that I use ProtonDrive a whole lot, but still. It's good stuff to have, I think, personally. I think somebody else said something, too. Yeah, I'll look at this question from Tara Calapai on YouTube, and I'll actually share a thread that I saw on X about this from Matthew Green, if I can get this pulled up. I'll sum it up so you don't have to read the whole thing. Matthew Green, if you don't know, he teaches cryptography at Johns Hopkins, and he's a big expert in the cryptography space. And basically what he says about the whole quantum computing thing and why it's probably not a huge issue now is that there isn't really a lot of reason to invest in quantum computing for businesses. Unlike normal computers back in the day, they had very, like, traditional computers had very clear business impact. Like, this is going to improve businesses in so many ways, like, as soon as they were developed. No matter how slow they were, there were huge practical applications for regular computers to get those developed and make them even better as fast as possible that don't really exist for quantum computers right now. There's just not a lot of reason that businesses would need them in the first place. So that slows down investments into it and that slows down development overall. The other point that he made, and I think this ties more into, well, I guess, yeah, I guess your question, whether there's a concern about whether these could already be in use. I think it's fairly unlikely, just because these companies really don't have access to super powerful quantum computers. And if they did, I mean, there would probably be big announcements. The other point that Matthew Green points out in this thread, though, is that we don't really know exactly what the government's capabilities are. There's different trains of thought on this. Some people would think that the government and their technical capabilities has really fallen behind the academic and tech community and that big tech is really pushing all of these improvements and what's available to big tech now might just be the best in the world. But some people think, you know, the government could be like 30 years or 50 years ahead of what's publicly known right now and they could have access to all of these quantum computer computer resources and could be using them to break encryption at the moment. So it depends on what you think about the government, but we likely wouldn't know because, as he points out, if the government has access to this capability, they would try and keep this as secret as they possibly can, which has always been the case when governments have new encryption schemes or whatever. You can think about, like, the Enigma machine back in World War II. the the british once they once they cracked it they went to extraordinary lengths to to hide the fact that they could now break this encryption scheme that that the germans were using because having that power and keeping it to yourself and not sharing it is super important and if they had quantum computing resources that would be like a huge massive advantage to every government and they would be definitely trying to keep that as secret as they possibly can um And so this whole thread was basically in response to a lot of crypto people and Bitcoin people are like, well, we're going to know when quantum computers are powerful because somebody will use it to hack Bitcoin, basically. And the point of this thread is that it's not really the case that that would happen. I mean, in the grand scheme of things, there's a lot of money in Bitcoin, but it's not like to the government or to somebody else who would want these quantum computing resources. the whole Bitcoin market value is probably a drop in the bucket for them, and they would be much more incentivized to not do something like that and to keep it secret instead. So, yeah, that's basically the whole thing I would say. We don't know for sure. But I would say it's fairly universally accepted that's probably going to be a problem, you know, within the next, I mean, even conservatively, probably 30 to 50 years, because there is progress being made on all of that. Neville Matthew on YouTube asked, I'm assuming there's a considerable amount of compute power to crack these encryptions by quantum computers. I don't, okay, I don't understand what you mean exactly. I assume you're asking whether a considerable amount of compute power is required. And the answer is yes, you need like a massive amount. Like quantum computers are nowhere even close to being near to what you would need to have any sort of practical application and to crack encryption. So we're a very long ways off in the quantum computing power, as far as we know, like I just said, doesn't exist yet. so I think that answers it either way right now there is not a considerable amount of quantum computing power at least among these tech companies and the academics who are publishing this stuff and yes you would need far far more than what we have now to do anything practical with it but you know progress is always being made my only thought is what you said about Governments aren't interested in the market cap of Bitcoin. Asterisk does not apply to North Korea. Yeah, that's certainly true. I don't think North Korea is on the bleeding edge of quantum computing, but, you know, you never know what's going on over there. Yeah, no kidding. I just, I never miss a good chance to take a pot shot at that guy. We did have one other forum thread here that was interesting. It's about IVPN has revamped. I'm actually going to share their blog post here, not the forum thread, but the blog post from IVPN. Let me swap it around here a little bit. IVPN has revamped their plans. So for those of you who don't know, I want to say about two years ago, I want to say it was the end of 2024, IVPN purchased Safing, which is the company that makes Portmaster and SPN, which is a pretty awesome I think Kerry Parker once described it as a reverse firewall it's kind of like on Mac we have things like Lulu and Little Snitch and Portmaster is probably like the best Windows version of that I know there's also things like Simple Wall for example but Portmaster is really slick it's really good it comes with good defaults out of the box I think I mentioned in previous episodes that whenever my wife gets a new computer she asks me to like set it up and do all the privacy stuff, and that's one of the things I do is put Portmaster on there. Admittedly, it does not work very well with other VPNs. It's kind of designed to be used either by itself or with SPN, which is kind of their version of a VPN. It's not really a VPN per se. It's kind of like a multi-hop VPN. It's interesting. They do some interesting stuff with SPN. I like it a lot. But, yeah, so IVPN acquired Safing, and they basically said that they were going to roll port master into iVPN. And there was going to be not a required functionality, like you could still use them separately if you want to, but there was going to be interoperability. And they also announced that they were working on some other stuff like an email aliasing feature and a DNS. And that all appears to be coming to fruition now. So there are three plans for iVPN. There's standard, plus, and pro, which are $60, $80, and $100 a year, respectively. And basically the changes are the standard VPN is now including multi-hop and a five-device limit, which I kind of wish they'd have – oops, wrong way. Still getting used to Macs. I kind of wish they would have – oh, okay, here we go. So for the standard plan, it was two devices and did not include multi-hop. The plus plan will also include the new email, aliasing, and DNS that I mentioned, and the Pro plan will offer a 10-device limit and access to all additional services, including Portmaster Pro, which for the moment is only available on Windows and Linux, unfortunately. And they said that there are no price changes on existing Pro and standard plans. Pro is now the Pro suite. So, yeah, I think if I'm reading this correctly, basically prices haven't changed. You're just getting more bang for your buck regardless of which plan you're on because, again, like even the lowest plan, now you've got more devices, now you've got multi-hop, which is super cool. Multi-hop is, I would argue, not necessary in every situation because there is a considerable hit to speed, but there are times when it absolutely makes sense. Yeah, SS Pro went from 7 to 10, and you have access to all these different Portmaster Pro, MailX, and ModDNS. So, yeah, I like iVPN. I think they're really cool. I know I cannot find it to save my life. I should probably try again because it's been a while. But I swear, back when I was on surveillance report, there was a period of time, like a six-month window, I think, where we were covering VPN vulnerabilities. And I swear to God, every single one of them was like, oh, it affects this VPN, this VPN, like Nord, Surfshark, Proton, but does not affect IVPN. And they were like, I swear to God, there were like four or five of those in a row where like they would find vulnerabilities. And there was something about the way IVPN was running their architecture that it didn't impact them. And I always thought that was I always thought that really spoke to their security. So they are one of the VPNs we recommend. We also recommend Movad. We also recommend Proton. They're all really great choices. They all have pros and cons. IVPN has a few cool features that I really like. But yeah, I think that's kind of these new exciting changes. Jonah, did you have any thoughts about IVPN's new direction? I was just taking a look at the forum thread here I don't want to like volunteer him to answer a ton of questions necessarily but I will say Victor from IVPN is on our forum and is pretty active at least in IVPN related threads and I thought he was answering some questions about the changes in this forum thread so if you want to check that out if you have any questions he might have already shared some stuff. I totally agree that the device limit changes are very welcome. Two was very limiting for sure, especially as Jordan just said in the chat. To me, it never made a lot of sense because I think a lot of services were offering more than that for quite some time. And also, there are workarounds for it. Like on your home devices, you could use iVPN on your router to kind of connect as many devices as you want. But then you can only do that at home. You can't do it for a lot of remote devices. Obviously, you got to distinguish your pricing plans somehow. But, yeah, I think it still makes sense for them to increase it at least a little bit. otherwise yeah it seems to be a good value as far as I know they had all three plans before right there's not a new one I don't remember what the difference was between them I'm going to go dig it up on the web archive I'll just go back like a week or something because i don't remember how you got access to um male exit mod dns before um no no those are new i think those didn't exist before but that's being added to the plan they existed before today though i thought like male x was announced a while ago i believe it was it was announced a while ago but i think it was in like closed beta because i remember they actually i feel bad about this um they actually sent me an invite to test it out and i got it like i made an account i got into it and then i like i was like okay now i need to find something i can sign up with and i just kind of forgot to go back oops like oh no it looks like a week ago it looks like there were only two plans that's what i was okay so what were the two plans so there was ivpn standard that says all protocols two devices and anti-tracker and that was 60 a year and then there's pro that's all protocols, seven devices, anti-tracker and multi-hop, and that's the $100 a year. So, it looks like they added the plus plan, and then upped the device limit. That's what I thought happened because I did not remember 3 before. the changes are welcome. I definitely think if iVPN is going to add more services like um like maalux and my dns it is great that they added an intermediate plus plan instead of um just increasing the price of the standard plan you always want to see a bit more delineation especially with features that probably not everyone needs some people are going to ibpn just because they only want a vpn and nothing else and um it's nice that you can still get the standard plan that they had before with the increased device limit um for the same price um and it's also nice that you can get these additional features uh in the meantime or as an intermediate plan i don't i haven't used a port master in quite some time um so i'm not sure whether i would say it's worth the extra money but maybe maybe it is anyone a lot of people on our form uh seem to use portmaster and and like it so um definitely worth checking out at least i should check it out again although i i see they still don't support mac os which is what i told them i kind of wanted from from the beginning when they when safe thing launched portmaster um and seems like that has never changed so i couldn't use it on all of my devices then only my Linux devices, which is kind of unfortunate for me. But I guess if you use Linux, you wouldn't have that problem. And they also, I was just going to say, on their old pricing plans, they advertised like the two and three year plans with an additional discount. It looks like they do still have those. They just don't show it on the pricing plan anymore. So if I try to buy a plan, you can see those additional tiers. And that seems like a good option if you want even more of a discount than they already provide. Nate, you're muted. Okay. Yeah, I'm going to have to test out MailX for sure, because I think I'm always – I'm very happy with SimpleLogin and Addy, but I think it's one – it's kind of like email, right? Like, Tuda and Proton and Mailbox are all good, but it would be nice to have a little bit more competition instead of encrypted messenger number 557 million. And I feel that way about, like, aliasing services, too. It would be nice to have a little bit more. Because, I mean, there are things like Firefox Relay, for example, but they're very limited in what they can do compared to something like SimpleLogin or Addy. So I'm really curious to check that out. But I was just going to say, yeah, I, um, up until last year, cause, uh, when, when we moved, we really scaled down a lot of our, our stuff to kind of save money. And, uh, um, I used to have SPN and it, it's definitely come a long way. When I first started using it, it had a lot of like, um, disconnects, I guess you could say. Like there were a lot of times that things wouldn't load and I would have to like, like disconnect and connect again to get it to like reestablish the connection. they really fixed that stability I liked it I never really noticed any issues with it other than again it would still do that every once in a while but nowhere near as bad as it used to I think the the big issue that I have with it is again the fact that it does not work well with third party VPNs which I don't know if that's maybe something about the architecture and the way that it's worked the way that it works because like like again I put it on my wife's computer because she doesn't usually use a VPN she doesn't really care for them but on my computer it's either basically you have to use spn you have to use the router level vpn which i don't like to do because there's certain things that i trust and i want to send outside the tunnel like tor or signal or i just can't use portmaster and unfortunately that's where i'm at right now so yeah yeah i don't know and i mean i like it yeah really clean ui the spn is a nice nice benefit i was just looking at um the portmaster pricing because there's another point i want to make after this but i will say um portmaster pro is is a bit more than i thought it was um it's already eight euros a month to pay for independently so ibpn's pricing if you want portmaster pro um which includes access to spn which is um like i mean it's it's a vpn service that Safing offers. Safing being owned by iVPN now, obviously, with some additional benefits beyond a VPN. So if that is something you want access to, and then you also want any of these other iVPN features, the plan change actually seems like a great deal, because I don't think any of them... I mean, none of the plans came with Portmaster before, for sure, so it is kind of a step towards something like Proton Unlimited, for example, that gives you access to all of these things. But on the other hand, what I dislike about some of these services is that ModDNS, MailX, you can't pay for separately, which I think is kind of unfortunate, because even with SimpleLogin right now, if you don't want a Proton subscription, or you use Proton, but you don't need all the additional features of Unlimited, and you just want SimpleLogin, you can still buy those products independently. And typically, if you use all of them, bundling ends up being a lot cheaper, but I would love to see some tier of MailX that you could use independently of all the IVPN stuff, especially because you don't get it on the IVPN base plan. So that does make it fairly expensive for people, as opposed to SimpleLogin, which is $36 a year just for access to SimpleLogin. but that probably continues to make more sense than paying $80 to IVPN if that's the only service you need. So it'd be nice if that was independent. But beyond that, the bundles do seem like a good value for people who are using it. And especially, I mean, if you're using IVPN standard already, and you're using something like SimpleLogit for $36, you basically get a new ALS service for only a $20 difference for a year plan instead of the $36. So yeah, bundling it could make sense. I see a lot of different opinions about bundling stuff in general, like on the form. I don't know if my camera just disconnected. That's weird. Yeah. Did your camera overheat? We still hear you though. I don't know. Figure this out. You can go back to talking more stuff. Yeah, no, I was going to say, I know what you mean. Like, bundling is, I mean, you really hit the nail on the head. Like, on the one hand, it's cool to have a whole bundle like Proton Unlimited or like this IVPN Plus or ProSuite, and it's really cool, but only if you're actually going to use all those things. If you're just like, no, I just want MailX for whatever reason, or I want ModDNS for whatever reason, it probably doesn't make sense to pay $80 a year. but yeah it would be nice to see them offer that more modular thing I think my concern is my only reservation is I worry about companies trying to do everything at once one thing I really admire about Mulvad is they do have a Mulvad browser but for the most part they only do a VPN and that's all they do and they don't really seem interested in doing anything else and that's great they do have some public DNS servers you can use but it's not like this, you know, this mod DNS, sand load DNS service with block list combinations and configurable rules. Like, MoVAD is just like, here's our DNS. You can use it if you want or you cannot. We don't care. But there it is. And I really respect that kind of, like, specialization, whereas you look at things like Proton that, rightfully so, get a lot of criticism for the fact that it's like, yeah, that's cool. You have 500 tools, but, like, they don't work for crap on Linux 90% of the time. you know the feature parody across operating systems is just trash like you know there's features that people have been asking for since I got into privacy 10 years ago that you still haven't rolled out and so I just I worry I hope that they aren't going to bite off more than they can chew is what I'm getting at so it is really cool to see them add more and especially like as much as I love IVP and I gotta be honest like I think between Mulvan and Proton I have kind of been struggling to figure out like what their their niches and what their selling point. Like, again, I think they have really good security and I don't think they're bad. Like, I don't think we shouldn't list them or anything. And there's, there's a couple of neat features they have. Like they have this feature on, I think it's Android only where you can set up a trusted network. So like, let's say your home network, you have a VPN on the router, right? You can tell your, your IPN app that like, Hey, when you connect to this wifi turn off because there's no point in having two VPNs. I mean, I know some people want that, but for the average person. It's like, I don't need that kind of speed slowdown. But then when you disconnect from that network, turn back on. And so it automatically, like you never have to manage your VPN. And I think that's a really, really cool feature. But yeah, other than like little things like that, I'm like, yeah, what are they really, because like Mulvad's thing is like hardcore privacy, hardcore anonymity, and Proton's obviously got the suite and they promised they work with streaming services and stuff like that. So I guess what I'm getting at is it is nice to kind of see them starting to like carve out a niche again and start to have like these competitive features again and i think that's really cool and yeah i saw that comment too damn almost two hours stream yeah this is normal man where you been no it was crazy was the other week we went for like three and a half or four hours that was wild we got a lot of stuff to talk about every week Exactly Got a lot to say man And then yeah somebody else said ProtonDry for Linux Yeah. Yeah, exactly. I wish. Is ProtonDry supported by R clone yet? I feel like I saw something about that. Oh, I don't know. That's above my skill level. Oh, yeah, it is. So technically there is a way to use it. But, yeah, ProtonDrive sadly doesn't have, like, an official API, so they kind of just did the best they can, but Proton can kind of change it any time. I think it doesn't work, really, which is interesting. Their website says that they believe it works. I don't know what has, but maybe something has changed. Like I said, Proton can kind of change all of that at any time. So, not a great solution. I would definitely rather ProtonDrive just release a Linux client, but Linux support doesn't seem to be a huge priority for Proton in general across any of their stuff. I think that's one of the many problems I have with Proton, but what can you do? Yeah, I agree. Just to the IVPN really quick. I was trying to look through their site and find out more about these plans, and if anyone from IVPN watches this, I literally signed up and then tried to change my plan one time and it says too many requests, try again later. So I don't know what's going on with your site, but the rate limiting might need a bit of work. Rate limiting plans. I've never heard of that. That's interesting. Yeah, I don't know what's going on there. But yeah, overall, I think it's cool. Definitely some concerns. But, yeah. I think that's all I got for forums. You ready to move on to the Q&A? Yeah. We'll have to look through the chat here, see if we miss anything. I saw on the forum thread, we basically just got one question in advance this week. Expert 4870 asked, if we could add XMR chat as an option for stream donations. And the answer is yes, I would love to do that, but I keep forgetting to do that. But also, I'm not sure if we can show Super Chats on the screen with XMR Chat in the way that you've seen it on other streams. Just because we're not using OBS, unfortunately, so I don't think we can show those banners in StreamYard here. but we could definitely do it and manually type it like we currently type the banners like the one you see on the screen right now so yeah if I remember to set that up we can definitely test it out um hold on so it uh I don't know if it will relay chats but if you go to their front page, it says how to use XMR chat. It does have instructions for StreamYard. It looks like it has to go through Twitch, though. Interesting. Oh, because it'll send the message into Twitch chat, and then we could do it like all the other comments we've been doing. So I guess we could. Potentially. Yeah. I mean, we'd have to look into that more. I don't know if that's exactly what they mean, but yeah, that could potentially be an option. Okay. Yeah. All right, let's see if I have any other questions here. Cool. That's all we had in the forum this week, and I think we've been trying to answer questions as we go, so hopefully there's not too many. Sorry, I'm looking through some of the names here on some of the other creators on XMR chat. Not a FBI honeypot. That's a good one. Thanks for letting us know. Cool. Let's see here. I could get lost in that. I do that sometimes. I just scroll through pages and pages of usernames and stuff. I like seeing what other people come up with. It's very fun. I feel like I have heard of not an FBI honeypot I think they subscribe to our channel I think I've seen a lot of comments from them on our videos actually that's interesting that you put that out hi if you're watching I like your username it was funny here we just got a question from Cannabitter any thoughts on sessions shutting down I mean I have thoughts on that one I'm really sad about it I think he was actually one of the first people I interviewed back when Surveillance Port used to do more interviews on the channel. And I don't know. Maybe he was first. I can't remember if he was first or John Todd was first. But I don't know. He's always been really accessible and a really cool guy. And I'm disappointed. I'm disappointed for a lot of reasons. I'm disappointed because I think even though Session was never an official recommendation from Privacy Guys or at least hasn't been for a long time. but I think it still served okay but I think it still served a useful space right like for people who didn't want like a phone number for people who didn't want or who wanted the decentralization and you have to remember this was before SimpleX so now SimpleX kind of fills that niche from a security standpoint a little bit better but I think that at the time they served a really valuable niche I'm also just really disappointed because I know they like just moved their entire community to Switzerland as a response to some like pressure from Australian law enforcement. And I don't know. And they just announced they were trying to roll out Perfect Forward Secrecy, which I think would have – I mean I don't want to speak for anybody here, like speculate too much, but I think could have potentially put them back on privacy guides. Like we talked about that as a headline story. That was actually one of the first podcasts I did with you guys. so I don't know I think it I know every day that goes by is less and less likely but I really hope something good will come out of it because I do think they're they're really showing a lot of potential and I do think they potentially serve a useful niche and I I don't know I I hope they don't shut down but I know it's getting increasingly likely as the the days go on those are my thoughts Yeah, I think to me it seems definitely pretty unlikely that they would reach their goal of funding, unfortunately. It just goes to show, I think, how expensive running a proper messaging service is. You know, people always say something like Signal, for example, is massively overfunded and like what could they possibly be using all of this money for? But in most cases, like, I mean, this kind of thing barely breaks even at best in the best case scenarios, usually. A couple problems with it is just how expensive it is to run reliable stuff. But also, Mozilla also has this problem where they say you have to pay a lot of money to get really good developers behind this stuff. because the opportunity cost to work at a place that pays you much less is just so high because very good software developers can command huge salaries, like $150,000, $200,000 or more. And you basically have to pay that to be competitive even if you don't have enough money. I think, yeah, you have the FAQ up. I don't know what my camera is doing. This computer is not my favorite so far. It continues to have problems. Anyways, yeah, looking at that FAQ, like I said, I don't think it's likely that they will get it, unfortunately. And they even say, compared to their competitors, they operate extremely efficiently. but I mean that's just more proof that it's just really hard to do something like this and I think that a lot of their excuses um or a lot of their reasoning for why these problems are more more believable than than Mozilla's I know Mozilla used that justification to like pay their CEO like millions of dollars wastefully because they also were running Mozilla into the ground with insane decisions so it definitely wasn't worth it in that case but um yeah in this case like the people who were developing session um just need more money than they were taking in and there's not too much you can do about that i think it was hard um because i think a lot of people didn't like session as much when they switched away from the signal protocol i think that made it more difficult for people to trust them especially because session was relatively new and running rolling your own protocol is usually not a great idea um especially if you can't trust them like necessarily to do it properly because you don't know what their experience is so i think that was an issue with session um and then the lack of certain security features like perfect forward secrecy i think was a challenge for people as well um carrie said he's bummed because it's fundamentally different than signal uh i agree session was a weird app because it is decentralized but it's not as decentralized as something like simplex which is a decentralization model that makes a lot more sense to me in my head if I think about like how it should work. Sessions was strange and I don't know if it still is. I haven't looked into Session in the last year or so but I know for a very long time and this may still be the case you needed to be in their cryptocurrency ecosystem and you needed to have like a significant holding of their token in order to run a node at all. So it wasn't decentralized in the same way that SimpleX or the same way that like the Tor network are where it can be like totally volunteer run. There would be really no way for someone like me, for example, to contribute to the network in any meaningful way, which I think hinders the decentralization aspect a bit. I've always said and I would continue to say like the obvious replacement for Session for most people is probably SimpleX but I know that gets in hot water lately because they've taken on VC funding um which is not a great trend that we've seen SimpleX and Bitwarden and other open source companies begin to go in lately so a lot of problems with uh all of these apps a lot of a lot of upsides and in downsides. Six Scorpio just asked, speaking of Mozilla, are we interested in covering Thunder Mail Pro? I believe at least some of our team members did get access to the beta, and we are hoping to do something on it. Absolutely. Seems like an interesting service, but don't know too much about it yet. Yeah, I think that conversation just came up today, so it's a conversation we need to have. I would love to it's not me by the way but yeah I would love to cover it for sure and see if I don't know maybe that person can answer my questions sufficiently to the point where or maybe they want to host the video I don't know but we'll have that conversation for sure I'd be down to do it Kerry just said that's the staking you need and yeah I'm looking at the website now there is still a staking requirement you need 25,000 of whatever this Sesh coin is. I don't know how much that is worth, but I think it's not. I think it's somewhat significant, unfortunately. So they have a thousand nodes, which is a pretty substantial network, actually. I'm not sure who runs those, but the whole cryptocurrency aspect of it didn't make, still doesn't make a lot of sense to me. Yeah, a lot of people really criticized that. People had a lot of criticisms. Some of them, I think, were more valid than others. Like, I think you mentioned their whole, like, the reason it costs so much to stake is because they were trying to avoid what's called a civil attack, which is where, for listeners, it's basically like, that's an argument people make about Tor, right? It's like, well, what if the U.S. government just rents a bunch of VPSs and runs like a million Tor nodes, and now they own so much of the network that they can easily correlate traffic? And so that's what Session was trying to avoid, is every time somebody spun up a node, the price increased so that it would become financially unfeasible for a government to do that. And I think you could argue that that was the wrong approach. I think that's totally fine. But I think that logic made sense. Yeah, I mean... But then there's other things that people criticize that I'm like, that's just a dumb thing to care about. So, I don't know. The obvious counterpoint, I think, is that... if you're worried about somebody with the resources of the government running a ton of nodes on the Tor network, that has a significant cost, and they could also just spend that on session tokens. So I think it actually makes it, in my opinion, probably more likely that very well-funded adversaries could perform a civil attack on the session network. Whereas with Tor, there's always going to be like that's very possible and we've seen very large uh families of tornos operated before but also we know that a ton of volunteers are are running this and there are always going to be a lot of people who are just contributing to it uh for the sake of doing so whereas that isn't really possible here i'm really curious how much um how much a session token actually is or where you can buy it right now it looks like it's worth zero they've probably pulled the plug on it in lieu of their in light of their impending shutdown but it looks like right in the last year it looks like it peaked at about 25 cents or 21 cents so it was never a particularly expensive token it was so yeah i guess i mean even at like their lowest point before the announcement was around four cents. But if you need $25,000, you're still talking about $1,000 minimum investment. That would be hard for people, I think most independent server operators, to justify unless you really liked Session. Yeah, that's true. And for most of the time, if I'm looking at this graph, it was a lot more than four cents. So it would have been, it peaked at like 21 cents, which is, I don't know, how much would that be? That'd be like over $5,000 that you would have to just stake forever. And it obviously wouldn't have turned out to be good financially either because now it seems like you're just going to lose that. Nate, you're muted again. god dang it I just said very unfortunate so yeah canterbutter just adds how big is the privacy guides team staff wise it's me and Nate and Jordan right now so it's three the whole team varies what are we at 11 people but you can always go to the form I'll just show this really quick if you go to the form and on the left hand sidebar if you hit the more menu there's a team members option and then you can see how many people are listed on there so depending on how you count it some people are more active than others is the only reason I say that so but certainly a good number of people volunteering cool I think that's probably it for questions as far as I see for now anything else anyone? last call last call oh yeah look at that if you go to the website and you click on team members under the about section it lists everybody Yes, there are ways to find out. But currently in terms of staff, just us three. And honestly, mainly video stuff. We do pay for other things, like on a contract basis. So like, Freya gets paid on a per article basis for the news stuff. If other people contribute news briefs, they would get paid as well. And we do one-off projects. So we're working on some stuff with individual contributors. if we think it's a valuable use of our resources, but we can only really do so much. Just in case anyone's wondering, I don't get paid per article. So you'll see when I put out like a whole bunch of articles, it's not because I'm trying to make more money. It's because I'm just like, oh, cool. I have I have some thoughts on this. Yeah, because I know I kind of go up and down. Like sometimes I don't post anything and other times I put out like three or four articles a week. and usually it depends on the workload. So I try not to, I try to be very mindful of, not to give you guys a little peek behind the scenes, Jordan does most of the editing. So if I'm just constantly writing and filming, I will overwhelm Jordan really fast. So sometimes I hit a point where I'm like, okay, I think Jordan has a couple of videos to edit. I'm going to write some articles. TerracottaPie asked, is there a big need currently to have more people around Torno? to strengthen the anonymity of the Tor network? And the answer is always yes, there is. And that's the biggest benefit of running additional Tor nodes. I believe, I just wanted to pull up on their website to see if they still have this graph easy to find. In terms of, like, bandwidth, the Tor network typically has well more than enough collective bandwidth than they're actually using. But additional nodes will still speed it up by spreading out that load a bit. And the biggest reason is definitely to increase anonymity. To prevent those sybil attacks we were talking about, the more operators, the better in pretty much all cases. There's a huge need for exit nodes more than anything, but those have considerable risks involved. So I can't really recommend most people do that because you'll, I mean, your ISP can see any of your traffic and they'll be seeing a lot of random tour traffic that probably some of it is not going to be desirable for your ISP to see. So it could cause a problem, certainly. But other types of tour nodes are helpful, or I think a big help is running more bridges, especially like if you want to do this from a residential IP. unless you're in a country where TOR is like completely illegal then you probably shouldn't be running a bridge obviously but in in most countries uh like in most countries you can definitely run a relay that's a non-exit relay with no issues at all uh and if you run a bridge that's very helpful not just for anonymity but for strengthening the anti-censorship properties of the Tor network because if you run a bridge, your IP address is not published in the Tor directory, so it's harder for countries that are adversarial to Tor to block, and that allows a lot more people to access the Tor network than would otherwise be able to. And there are various ways that that traffic is obfuscated as well, which makes it more difficult to determine whether you're running a Tor relay in the first place So I think general purpose relays are usually more helpful, but if you can't do that, running a bridge or running like a snowflake bridge is probably the easiest way to do it. But there are other types of bridges as well. You can run a dedicated snowflake bridge on a server or your computer, but you can also do it as easily as installing an extension in your web browser without having to install any server related stuff. and then it just runs whenever your web browser is open. So if you don't want to do literally any server stuff at all, you can download the Snowflake extension and still contribute to the Tor network that way. So there's a lot of ways to contribute, and I think the Tor network would always appreciate more people doing that. I just wanted to offer my experience, because I ran a Tor node a while ago. It's been a minute since I've done it. Number one, yes, I'm with you. I think it would be awesome if we could get more U.S. exit nodes, strictly because it's not so much of an issue nowadays, but I know for a long time Tor was practically unusable to me because every website I went to would default to usually German because my exit node was in Germany, and I could, like, never get an exit node in an English-speaking country, and it was so frustrating. I realized, as I say, that I haven't had that issue in a while, so maybe they fixed that. But, yeah, exit nodes, there are certain ISPs. I don't think the Tor project keeps a list anymore, but there are certain, like, VPS providers who are friendly to exit nodes. You can reach out to them and ask. And I would say that to your ISP, too, because I was very surprised. For a while, my wife and I had Google Fiber, and I reached out to them, and I was like, hey, I want to run a Tor node. Like, not an exit node. I just want to run, like, a middle relay. and to my surprise they were like yeah go for it and i was like really google are you sure and like but uh i ran an exit node or not an exit node i ran a middle node out of my apartment for god probably close to a year and never had any issues at all but check with your isp because some of them do not allow that even if it's a middle node um i think by default your middle node once you've been online for a while and they consider you trustworthy you will be upgraded to a guard node, which is basically like an entry node. I think there's a way to opt out of that if you don't want to do it. But I think by default, those are the ones that tend to be less risky because everything's encrypted. So as long as your ISP is cool with it, that's fine. But yeah, exit nodes, what I've been told is it's kind of a double-edged sword because on the one hand, if it's coming out of a data center, like if you host a VPS, then there's a lot of websites that'll probably block it just by default. But on the other hand, like Jonah was saying, it can potentially be risky to run it out of your own home. I have a friend in law enforcement. He's told me it's usually not an issue that I'm not a lawyer for the record. Let me finish. He's told me that in his experience, it's not usually an issue. What'll happen is the cops will like get a flag that, you know, from the ISP, they'll go to investigate and the person's like, oh, I run an exit node. Here's my server sitting in the corner. I can show you. I'll pull whatever logs I have, but I probably don't have anything. And the cops just roll their eyes and go, well, that's frustrating. But again, we're not lawyers we don't know what will happen so yeah i would talk to a real lawyer i would try to get some expert opinion on that before gambling that's why i've never done it myself so um yeah what i i will say real quick one last thought on that what i tried to do in my last town that nobody ever got back to me this was also right when lockdown started which is probably why nobody got back to me i should probably try again in this new town try if you can to get in touch with like schools or libraries, like public institutions, because in a perfect world, that would be the best place to run it. Like if you can get your local university and be like, hey, this is a really great project for your students because it will teach them how to be sys admins. It'll give them hands-on experience with Linux and all that kind of stuff. It'll help strengthen the system. And they could run an exit node out of the university's IT department. And they have the legal team. They're equipped to deal with it. Public libraries, I think. It's hard to get a hold of somebody because these are really busy, usually underpaid people. But I forget where I got that piece of advice from. But if you can get a hold of somebody at like a public institution like that, that would probably be the best because then it's less likely to be blocked compared to a data center, but it's also less liability on you. But yeah, it's tricky. There's no easy solutions for an exit node. No. Talking with like law enforcement or the feds, another thing that I've heard is that traffic from Tor, for one reason or another, is not super big on their radar anymore. They're seeing a lot more traffic through. I talked about this a long time ago, I don't know. It was probably like half a year ago on one of these episodes. But they're seeing a lot more suspicious traffic coming out of residential proxies. So it's probably far more dangerous than running a Tor node to just buy some random Android box on Amazon and install that on your network. That's how most of that stuff happens, and they end up knocking down some grandma's door because they bought some cheap Android box on Amazon that's relaying some random traffic through there. There's a lot of, if you search up pretty much any of these residential proxy companies, there's a few of them, and they all claim that their IPs are above board, but pretty much every single company that is offering access to residential IPs or ways to get around VPN blocks are all getting those IPs and connections through very unethical means, whether that's dedicated Android boxes or, you know, malware browser extensions that get installed on people's computers or what have you. And that tends to be a bigger concern nowadays. So just something to think about. I think we did talk about that a few months ago. I forget what the context was, but I remember you talking about that. I guess maybe last question. Do you have any experience with I2P? You know, I just wanted to look. We used to list it on our site, and then we removed it. I don't remember if we added it back, so I wanted to look at privacy guys and see if it's still on there. While he's checking that, I personally, I think I tried to tinker around with it one time, and I found it very difficult to understand and use. And it's also, like, it's the same problem with, like, Tor, right, is a lot of people download the Tor browser, and their first thing is, like, okay, now what? Like, you know, there's no Google for Onion sites, right? So a lot of people have a hard time finding Onion services. Yeah. Yeah. So it was kind of the same thing for me. It's like, okay, now that I've downloaded it, now what? I guess the only difference is, and maybe this is the point in I2P's favor, I didn't really know if I even set it up right. Because, you know, with the Tor browser, you download it, you open it, it says you're connected, and you start surfing. And even if you never go to an Onion site, you know that you're using the Tor network. With I2P, I never really had that indicator. So I was like, I don't even know if I'm using it or not. And I think maybe it was user error for the record, because this was way back in my early days when I was first starting my privacy journey and I was screwing up a lot of things because I was kind of just throwing everything at the wall and seeing what would stick for me. But yeah, I personally found it at the time to be a little bit user unfriendly. And I don't know, I've just I've always I've never really bought into the the claims that Tor is like super compromised and can't be trusted. So like, is IDP better? Maybe. I don't know. That's above my head. I'm not really qualified to say. But personally, I don't have any issue with Tor that stops me from using it. So that's my experience. Yeah, I think what holds i2p back significantly is the lack of a user, like a general purpose accessible option. Tor is very useful for non-technical people. People, I mean, a lot of people probably imagine that, like, Tor isn't used that much except, like, in the privacy community. But that is not true. Like, in a lot of countries where there is extensive censorship, Tor sees a lot of use by a wide variety of people, whether that's, I mean, not even necessarily through the Tor browser on your computer a lot of the time, like the people who are more concerned about privacy and anonymity are, but like using it on your phone or using Tor VPN on your phone or whatever. Those are very valuable tools to journalists and to activists and other just people in these censored countries. And that really increases the usability of Tor a lot, which, first of all, means that there's more hidden services on Tor in the first place. But also, Tor has the option to have exit nodes, whereas I2P doesn't have that built in by default. it's possible to run an I2P service that acts as an exit node and some companies will do that but it's very rare for that to happen there's only a handful of like public exit nodes on I2P that I know of and so using it for that purpose for just browsing the web is pretty limited and And I think that's a big reason that I2P isn't very commonly used. We do have it on our site. Again, I do remember the discussion about this, and I can talk a bit about my experience. But when we looked into this, there are some benefits just from a technical perspective compared to Tor. I2P does a lot of interesting stuff that theoretically does improve the privacy, security, anonymity beyond what Tor is doing. So for accessing I2P sites, it's likely, it's certainly better than accessing clear net sites like through an exit note, but it's probably better than accessing Tor hidden services as well. but not to a super significant degree. And since the use case just isn't there as much, it's, I don't know, not a lot of benefits to using it over Tor, I would agree. We tried, I tried setting up some stuff with it like a year ago now, but we just never really saw any significant traffic. And it is, like Dave was saying, a lot harder to use. And when you set it up manually in a browser, like with a SOX 5 proxy, you lose out on a lot of the benefits that the Tor project provides in Tor browser as well. Because Tor is not only a network, but it's also a huge anti-fingerprinting project. All of the modifications that they're making to Firefox improve your anonymity a lot. and you're not really getting that on i2p uh i suppose you could probably use malved browser uh with a proxy um but i don't know how many people do that on i2p at the moment and uh you kind of need like a crowd of people to blend in with like tor browser has so unless a lot of people are doing that on i2p malved browser is not going to be a huge advantage but um i'm curious about then I should test out my web browser on I2P sometime. But yeah, hopefully some of that made sense. It's an interesting project, but it's just not a lot of use cases for it that I can think of. I think looking at the website here, privacy guides, unlike Tor, all I2P traffic is internal, which means regular Internet websites are not directly accessible. So that's probably what held me back is I connected to it. I'm like, okay, cool. Now what? Like, I have nowhere to go. I don't know any of these websites. So, yeah, I don't know. I agree with you. If it's only accessible for other stuff, I feel like that dramatically reduces. Because, like, I try to use Tor where I can. And that's the nice thing about Tor is, you know, I can still go to Tuda, Proton, most news websites, some are hit or miss, depending on the exit note that I'm on. But like I can still mostly use the Internet in a normal fashion compared to this, where it's like, imagine if you could only go to hidden services and it's just like, oh, cool. That's not really going to be useful for my day to day browsing personally. Another thing I will say about I2P, though, is that, well, we just talked about a lot of reasons that it's not super helpful for like web browsing traffic. A huge advantage that I2P does have over Tor is that you can really send any sort of traffic over it, and so it's far more flexible in that regard. You will see it used for, like, file sharing, for example, whereas running BitTorrent on Tor is highly recommended against and also isn't as usable, whereas on I2P, the network can support that type of operation much better. So if you have to share documents or other files through means like that, I2P could certainly have benefits that Tor doesn't have there. But, yeah, I2P is definitely, like, something you could use if you know the other people using it and you want to connect to each other through that and you want to build, like, your own network that goes through this anonymizing thing. But just for accessing public services, there aren't a lot of public things on there that would make it useful. But there are, so I just want to give them that. There are some benefits to it over Tor for sure. Cool. All right. Is that it for the week? you know I think that pretty much just about wraps it up doesn't it I think so nice and chatty in the comments this week I love it it really motivates us when you guys are interactive and we're trying to be more interactive with you guys as well throughout the episode so thank you so much for everybody who left a comment absolutely all the updates from this week in privacy will be shared on the blog every week. So if you are not signed up for the newsletter, you can do that. Again, I would like to remind people we send out the newsletter when we start streaming, so it also acts as a good reminder. You can also use your favorite RSS reader if you want. For people who prefer audio, we offer a podcast available on all podcast platforms and again on RSS. And I mentioned earlier, this video will be synced to PureTube. Privacy Guides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, then you can make a donation on our website, privacyguides.org. You could also click the red heart icon located in the top right corner of any page on the website. You can contribute using standard fiat currency via debit or credit card, or you can donate anonymously using Monero or your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the This Week in Privacy livestream Q&A. You'll also get a cool badge on your profile in the Privacy Guides forum and occasionally some early access content or special content with our next video coming up and the warm fuzzy feeling of supporting independent media. So thank you all so much for watching, and we will see you next week. Thank you.