This Week in Privacy

Did Apple Add A Keylogger to the App Store?

88 min
Jul 10, 20267 days ago
Listen to Episode
Summary

This Week in Privacy #61 covers Apple's unencrypted keylogger in the iOS App Store tied to user accounts, a compromised Signal tip line at The Intercept exposing whistleblowers, a Florida cop using license plate readers to stalk a woman, ICE investigating online critics as threats, and the EU's mandatory driver monitoring cameras in new vehicles.

Insights
  • Apple's privacy marketing contradicts its actual data collection practices, undermining trust in the company's privacy-first positioning despite being relatively better than competitors
  • Signal usernames are being misused as permanent identifiers by organizations unfamiliar with the technology, creating security risks for whistleblowers and journalists
  • Surveillance tools designed for legitimate purposes (license plate readers, driver monitoring) lack adequate technical safeguards and rely entirely on policy-based oversight that frequently fails
  • Privacy regulations like GDPR and EU safety mandates can paradoxically enable surveillance when implementation details and enforcement mechanisms are left undefined
  • Windows' global device identifier enables law enforcement tracking but highlights broader OS-level telemetry issues affecting all proprietary operating systems
Trends
Expansion of surveillance justifications from safety/security to targeted advertising and behavioral monitoringGrowing gap between privacy regulations and actual implementation standards, creating compliance theater without meaningful protectionIncreased government use of commercial surveillance infrastructure (license plate readers, facial recognition) against citizens exercising free speechShift toward mandatory hardware-based monitoring (cameras in vehicles, phones) as default rather than optional featuresErosion of distinction between law enforcement and intelligence agency authorities in domestic surveillance operationsPrivacy-focused organizations facing pressure from both government overreach and corporate data exploitation simultaneouslyWhistleblower infrastructure becoming increasingly compromised through technical misconfigurations rather than sophisticated attacksBiometric and behavioral data collection becoming normalized through safety/efficiency arguments despite privacy implications
Companies
Apple
Criticized for adding unencrypted keylogger to iOS App Store that records all taps and searches tied to user accounts...
The Intercept
Lost control of Signal tip line username, allowing impersonators to solicit whistleblowers, raising concerns about jo...
Signal
Username feature misused by organizations as permanent identifiers despite Signal's guidance that usernames are tempo...
Flock Safety
Automated license plate reader system used by Florida police officer to stalk woman, highlighting surveillance tool a...
Microsoft
Windows global device identifier enabled law enforcement to track and arrest ransomware gang member, raising OS-level...
Google
Compared unfavorably to Apple on privacy despite both companies collecting significant user data through different me...
Facebook
Mentioned as company that could benefit from Chat Control 1.0 legal protections to scan messages without explicit use...
Discord
Identified as platform that could leverage Chat Control 1.0 to scan user messages under guise of child safety compliance
WhatsApp
Experiencing issues with username rollout in India similar to Signal's username recycling problems affecting user sec...
Tesla
Referenced as early adopter of in-cabin cameras, now becoming standard requirement for all EU vehicles starting July ...
Waymo
Self-driving car service mentioned as alternative to driver monitoring, though reliability concerns noted in real-wor...
Molly
Encrypted messaging app mentioned with concerns about potential discontinuation due to failing tests on GitHub
Session
Encrypted messenger highlighted as unaffected by Chat Control 1.0 since it uses end-to-end encryption
Obtainium
Alternative app store recommended for GrapheneOS users to avoid Apple App Store surveillance and data collection
GrapheneOS
Privacy-focused Android fork recommended as alternative to iOS to avoid App Store keylogging and surveillance
People
Jordan
Co-host discussing privacy issues and moderating episode discussions on surveillance and data collection
Nate
Co-host providing technical analysis and critical commentary on surveillance systems and privacy violations
Freya
Consistently publishing weekly data breach roundups and privacy-related news articles for the community
Jonah
Tested Loop app to demonstrate how much data apps can collect about devices and user behavior
MISC
Discovered Apple's keylogger in App Store, documented keystroke timing and data transmission details via tweets
Glenn Greenwald
Co-founder of The Intercept, journalism outlet whose Signal tip line was compromised and lost to impersonators
Lamar Roman
Arrested for using license plate readers to stalk woman he met on TV set, demonstrating surveillance tool abuse
Paige Lynn Gagne
Confronted by ICE agents at polling station for Instagram post crediting news outlet that identified ICE agent
Patrick Breyer
Extensively covering Chat Control developments and providing updates on EU surveillance legislation via Mastodon
Quotes
"Apple's whole ad campaign is 'iPhone, that's privacy' and then they're going around and doing this and getting into targeted advertising"
Nate~8:00
"A combination of apps can define a person. It really doesn't take much data to figure something out about a person"
Jordan~15:00
"We still tell people, please use GrapheneOS or try to de-Google, try to de-Apple. We're not saying you should use Apple"
Nate~7:00
"Why would they do this? Why? And unencrypted, no less, and tied to your ID. They can't even say it's privacy respecting"
Nate~18:00
"This is a free speech issue, this is a First Amendment issue. You have a First Amendment right to criticize the government"
Jordan~95:00
"Every time they teleport they die. It's weird because you're transferring your consciousness, but is it really you?"
Nate~130:00
Full Transcript
Did Apple put a key logger in the iOS app store? A cop abused police surveillance tools to stalk a woman, and ICE is tracking online critics. Hello to any ICE agents watching. All this and more coming up on This Week in Privacy number 61, so stay tuned. Welcome back to This Week in Privacy, our weekly series where we discuss the latest news and updates with what we've been working on within the Privacy Guides community. And this week's top stories in data privacy and cybersecurity. I'm Jordan and with me this week is Nate. How are you, Nate? I'm good. Been a busy week, but a good week. How are you? Yeah, same. Busy. Busy and good. Busy and good. But let's dive into this first story here. And this one comes from OS News. Apple adds keylogger to iOS App Store for targeted advertising, tied to your account and unencrypted. A week or so ago, Apple announced a bunch of features for the App Store on iOS. And I do want to preface this. This article did come out earlier last month, but it passed our radar and we did want to cover this because we do think this is kind of an important issue to cover. So basically, it turns out that this update actually includes a key logger or a tap logger in the App Store, which records every single tap you make, every single letter you enter, and a lot of other information. All of this information is unencrypted and sent to Apple. so basically Apple is adding a bunch of uh analytics to the app store and the main reason why we think this is such a concern is that basically everything you search is tied back to your Apple account so think of you know sensitive apps you might have installed on your device that might show somebody something about you that you don't want to know for example um so dating apps, think of like, you know, other citizenship-based apps, you know, all these sort of things that can show a lot about you. That's sort of data that's being tied back to your Apple account and search history in the app. And one other thing is, you know, people always accidentally copy and paste stuff. Like you could accidentally copy and paste your password into the app store and now that's associated with your Apple ID and stored unencrypted. So, you know, that's where we start to see issues with this sort of behavior from Apple. And, you know, we're very critical of Apple here. Like we don't, we definitely aren't letting Apple off on this. So it's, it is a lot of, you know, a lot of a concern for us. So that's why we wanted to cover this. Do you have anything any thoughts you wanted to add name um no i mean yeah this is a pretty straightforward story um like you said it's a almost a month old at this point but it's one of those like wait hold up this is really big and so we want to make sure people know about this but um yeah it's um real quick i'll show it here we also have i'm pretty sure it's linked in the newsletter if not i will go at it um but we also have the actual tweets from misc the cyber security researcher who found this and he said they can even calculate your typing speed so here's he has a screenshot of him searching for tim cook and it's like literally letter by letter and it shows a time stamp os version uh i guess what tab he was on so yeah you could calculate like somebody's typing experiment um copy and pasted an entire 1000 character text which he said was sent to apple before even pushing enter which is completely insane um but yeah it's just it's it's frustrating because you know apple's whole which yeah you're right like let me backtrack and say that um I think sometimes Apple is the lesser evil between Google and Apple. I know some people will argue that, but in terms of privacy, like I think by default, Apple is probably a little bit more private than Google in my opinion. And I think a lot of people mistake that for us being like, that means you should use Apple. And it's like, no, we still tell people, please use graphene or like, you know, try, try to try to de Google, try to de Apple. Um, but even so it's like, you know, it's, it's so disappointing that like they have this whole ad campaign that, you know, iPhone, that's privacy. And then they're going around and doing this and it's, they're getting into targeted advertising, it seems, which for now I think is limited to the app store, but you know, who knows where it'll be in a few years. And it's just, everything about this is so messed up. Like the fact that you can't turn it off, the fact that they haven't really been open about this. I mean, it's probably buried under like 20 pages of privacy policy or something, but yeah, it's, it's uh it's not great and um i guess just a kind of yeah a couple of the comments really nailed it like uh chubby wubby pr says a combination of apps can define a person like yeah absolutely one of them uh i'm not gonna say what any of them are obviously but uh there's um miss had another tweet where he was talking about i guess there's an app in the app store in the apple app store that'll let you see what permission or like what apps are collecting about you i don't really know how to explain it but uh jonah tried it out and he shared it in the group chat and it was showing like what apps he has on his phone and like how many times certain things have been copied and it even guessed like you know you're probably this type of person like you're into these hobbies based on these apps and it was just like bro what like it was so crazy um so yeah like it really does not i think especially a lot of non-privacy people don't understand how shockingly few points of data it takes to figure something out about a person. And the example we use a lot of the time is location because it's like how many other people sleep at the same place eight hours a night and then work at the same place eight hours a day. But even then, you know, it's how many people have that same combination of apps, that same combination of interests. It really doesn't take much. And yeah, caller one said, I pasted my passwords into team chats by mistakes. Yeah. Anybody who has a YubiKey probably hit the YubiKey by accident and, you know, typed things into search engines and all kinds of stuff so super super disappointing um real quick uh saw this all gifted a privacy guides membership on youtube if anyone wants to grab that thank you so much so yeah um i don't know it's it's it's a really quick story but it's just one of those like it's it's almost hard for me to wrap my head around that it's like why why would they do this why and unencrypted no less and tied to your id it's they can't even say it's like oh we're doing this in a privacy respecting way it's it's really disappointing i think the other thing that's like kind of a problem with this is it's not really uh it's not really you don't have an alternative your your options are use apples uh i mean i guess if you live in the eu you do have some alternatives but um that's a very small percentage of the population in the world so if you happen to live in the European economic whatever, then that does, there is options, right? But like, you know, we don't recommend anything like that. We just recommend GrapheneOS for people to use instead because you won't have this problem with, you know, the app stores and Obtainium and all these things instead. So, yeah, it's unfortunate that Apple is, I don't know, just a lot of the stuff they do, they do good stuff and they also do really bad stuff. So it's kind of frustrating that they're, um, doing this. And we did try and look into this a bit more to see if this maybe was a bug or perhaps it was something that Apple overlooked that might've, you know, been unintentional. And as far as we could find, um, there's no concrete proof or anyone like MISC hasn't updated it saying that it's been fixed or if there was a change to how this works. There was a slight, I think they said there was possibly something to do with it, but it doesn't seem like it's fixed. So this is something that's going to be kind of staying. But they did say that the thing that Nate was talking about before, the app that he was discussing was called Loop. If you want to check that out, that's also an interesting app to see what sort of information apps can get about your device. Not recommended, of course, but just it is a fun app to see the amount of data that your phone can see about your apps. And Apple has been reducing the amount of things that apps can access, so it's good to see that. But yeah, that's the app just there, Loop. So definitely check it out if you're interested in seeing that sort of stuff. A lot of people I know are stuck on iPhones. So if you're stuck on an iPhone, just got to do it the best you can at the moment. And maybe just be really careful when you're searching stuff in the future because there's not much you can do to not get things associated with your account. But yeah, that's everything I had to cover on that one. How about we dive into the next one here? Yeah. Real quick before we do that, I just want to say on the topic of the EU app stores, I would be curious to hear from any EU residents, like, is it even any good? Because from the sound of it, you know, you mentioned like if you're in the EU, that could be an alternative. But it sounds like Apple has made it so difficult to get on the alternate app stores that it's just not even worth it for most people. So I would just be curious to know from anyone in the EU, is it like, yeah, it's kind of performative and it hasn't really changed anything or is it actually like, no, there's, there's some healthy option there. So I was just curious, but, um, yeah, on that note, we'll, uh, we'll hop into the next story here, which is about a third party website that has, uh, or it's a third party has breached the intercepts signal tip line and has been soliciting whistleblowers. Um, I apologize here. My screen stop sharing. So that's why I'm kind of struggling a little bit. And here we go. There we go. All right. So yeah. For those who don't know, the intercept is a, it's a journalism outlet. I believe it was co-founded by Glenn Greenwald. I think we looked into that earlier this week and probably some other people whose names I'm forgetting. This drop site apparently is actually like a spinoff. Some of the people who were involved with the intercept um after the intercept changed owners they moved on to this outlet so i have not heard of them before but that's pretty cool i guess um so a lot of news outlets will have ways for you to get in touch and report a tip for you to follow for them to follow up on really and um there's usually a lot of ways like some of them i think the new york times has secure drop so you can send like folder not folders but like files through uh like tor and a lot of them now have a signal and they usually the individual journalist will have signal, but also the actual organization will have a signal too. So the interesting thing here is the intercept used to have a signal account that was, uh, the intercept dot zero one, uh, because signal requires you to have that at least two digit at the end. And apparently sometime around, what did they say? It was like sometime between like May and June or something like that. long story short, they apparently lost control of that username because they posted. So for let's see here. It says here in the article that a screenshot from the intercepts become a source page says that in keeping with secure security, best practices, we have updated our signal tip line. If you want to contact the intercept, please get in touch with our reporters using the intercept underscore tips.01. Please do not use the intercept.01. And the thing that's interesting is that they have not, they haven't actually said what's going on in that. I mean, as you heard in the statement, right? They didn't say like, we lost control of that or anything like that. It's, so I'm sorry. I know I'm a little all over the place. So the story was also not super linear. linear so basically if you message that old uh the intercept dot oh one someone will respond to you and they're claiming that they work at the intercept and that they will go ahead and like take tips and pass them on to the appropriate person but nobody knows who they are and um there was also there's somebody on twitter who has a brand new account that's like three months old that's like trying to hit people up in like uh like comments to major stories you know like contact us at the intercept.01. And so they're like actively out there trying to fool people into messaging them, which is super, super scary. The thing I didn't know, it says in this article that, where did it go? Basically like signal usernames expire after a certain amount of activity or inactivity, excuse me. So I'm not sure. Yeah. It says the X account was open in February, 2026, indicating a location of Hong Kong and connecting to the platform via the Japan app store, although location data is easily manipulated using VPN. So that's a little scary. Um, yeah, right here, signal user IDs associated with accounts that are left dormant are eventually recycled and made available to new users. I don't know if that means like you have to have not received any messages recently, or you just like, maybe you changed your username and didn't reassign it. Like I I've not heard of that before and I did not know about that, but that is, um, that is definitely an interesting thing to make note of. Um, the intercepts lawyer told drop site that we have received no information that any source was compromised. And I'm sure they have not been looking for any information either, but yeah, I, this is just an interesting one. Cause it's, you know, it's privacy guides has like a signal account. Um, again, a lot of us behind the scenes have signal accounts. Some of us publish them publicly. So it's just kind of a reminder to always be, be careful. Try to verify people you're talking with. I mean, there's, I think Jordan probably has some additional takeaways, but yeah, this is just a really crazy story that especially there's such a high profile news outlet is first of all, just not really being fully honest with people. That's always disappointing. And then on top of it is just like lost control of this account. I really have so many questions, but unfortunately that's kind of all we have at this time. Did you have any, I mean, I feel like you had more, more thoughts on this story than I did. Yeah, no, that's, that's a great start. I think one thing that I think is really important here is Signal itself specifically told people, this is not a username. This is, let me share this. This is not like a social media username. Like this is specifically designed to basically work like a conversation starter. It's only a quick way to connect. It's not meant to be a fixed username like on a social media website. And I think these organizations are not following the practices that Signal even suggested in the first place, which is, I think, the problem here. Um, people, they're thinking that this is like a social media handle and it's not. Um, so I think this is kind of the bigger issue here is just the intercept not understanding how this technology works. I think they would have been better if they just shared a phone number, because at least with the phone number, it's probably like a VOIP number. It's probably public anyway. It's probably like a public tip line anyway. So it's like not really that different from sharing a username and it's not able to just be revoked or like, you know, have people accidentally message the wrong number. So I think this is kind of very sloppy, especially for like the Intercept, which as far as I'm aware, I was I thought that they were still under like the old management. I wasn't aware that they changed hands or anything like that. So that's definitely news to me. But I have seen dropside news quite a lot. They do really good coverage on a lot of foreign policy and, like, global news. So I do think they're pretty reputable. So this is definitely, I think, a pretty damning report, unfortunately. so um i hope that this um didn't expose anyone and this is sort of something we've looked into before as well like we've looked into these uh whistleblower tip line services and stuff um we've done like reviews on certain ones you know we suggest some so you know this is kind of especially when it comes to journalism and like you know getting tips from the public this is like extremely sensitive information so to have it like be compromised is pretty damn concerning and unfortunate that it happened um but yeah I don't really have too much more to add like I feel like this is sort of the main gist of things I think it's gist for the record um I think it might be different in Australian English. But yeah, it's, it's definitely, it's definitely, it's definitely an interesting story. And I think that, you know, I think people should be a bit more careful. Like you said, you suggested like, you know, check and verify first. And the problem is this, they were, they did because it was listed on their website as the official account and it was taken over by someone else so like was it really like it's hard sometimes you know especially when someone's not using like a feature correctly so yeah i will say i don't know how recently they changed it on their website um it says a june 30th social media post so yeah anybody before june 30th for sure would have been taking the appropriate steps but yeah definitely be uh always be suspicious when somebody reaches out to you first. Like I, I do that with everybody, even people I'm going to say no to, like when I get emails from companies that are like, Hey, we want to sponsor your video or whatever, which I'm not taking sponsors right now over at the new oil, but it's like, you know, I, I still like double check. I'm like, is this legit? Is this fishing? Is this, cause if it's legit, I want to be nice and turn them down. You never know about the future, but, um, yeah, it's, you gotta verify everything. Unfortunately, it's really really unfortunate um we had a couple comments uh vonnegut rosewater said wait the intercept screwed up a whistleblower identity a decade ago or so reality winner i think reality winner was not to blame her but it's she printed something off and then like folded it to put it in her pocket to get it out of the facility and i think that's how they caught her was like the fold i don't know if that was really the intercepts fault i'm not sure but i do know there have been some journalists that like um i know during the snowden era there were some that like didn't redact names fully and stuff and i mean they're they're human it's it which i know that's a crappy excuse when reality spent like 10 years in jail because she tried to you know give the american public information they deserve to have but uh i don't know i mean i feel like this is a little bit different is kind of where i'm going with that that's this is this is almost like a negligent like trying to sweep something under the rug. Which the same thing, you know, John last day mentioned, like we talked about this last week. WhatsApp is having issues with rolling out usernames in India, government accounts in India. It's like, again, that one's, I guess this is a little similar because there's somebody on Twitter that's like hitting people up and it's like, hey, come contact us to learn more about this story. Like we want to know more about this story. But yeah, it's definitely, yeah, I don't know. these, these username, usernames are such a double-edged sword because they are, they do protect your phone number and give you that little bit of privacy. But like Jordan just said, unlike a phone number, it's, you know, you never really know for sure who you, and even with a phone number, you know, you, you don't know for sure that that's the phone number, but it's harder to take control of a phone number per se. So, I mean, there's, you know, privacy in general, like there's pros and cons to everything, right? There is no like perfect privacy tool at all. So, yeah, I think, that's all I got on that one, unless there's anything else you wanted to add. No, yeah, let's dive into the next story here. So this story is kind of a wild one. There is footage of this even. So if you're interested, I don't know if we can show it actually. Maybe not. Let me see what I can do. Okay, cool. Footage shows cop stalking woman he met on a TV set after surveilling her with a license plate reader. So a Florida police officer met a woman on a TV set, surveilled her for weeks, stalked her, and nearly caused a head collision while chasing her to pull her over So this article here is from 404 Media and it like what was in the title A police officer was speeding at 70 miles per hour down a two highway running over a bridge in the Florida Keys He passes a dump truck in a no-passing zone, then immediately does it again, crossing over a double yellow line to pass another truck. He passes a third vehicle, nearly causing a head-on collision with a white pickup truck that veers away from him in the oncoming traffic. The cop keeps driving and he sees the SUV he's been in pursuit of. He flicks his sirens and lights on and pulls it over. So basically this cop, I hope no longer a cop, I hope, but this cop basically was using, we've kind of warned against this before, but automated license plate readers to basically track somebody in real time. So the cop Lamar Roman wasn't trying to pull over a suspected criminal. He was tracking and chasing a woman he met and harassed on the set of the Apple TV show Bad Monkey, which he had worked a security detail shift on a few weeks prior to pulling her over. So before that, he was, after meeting the woman, he catcalled and harassed her. for a full name and Instagram details, and then the cop illegally looked up her information on David, D-A-V-I-D, a Florida Department of Motor Vehicles database for law enforcement. Then he put her license plate details on a surveillance hot list, meaning he would get a notification in real time anytime she drove by an AI-powered license plate surveillance camera. so kind of disgusting I don't really want to read too much of what this cop actually had to say um he kind of tried to defend his actions which I guess is good but like it's pretty horrifying that this is even possible and that there's no sort of checks and balances in place for someone to just be like okay so like surely you need like a warrant or like surely you need like something like a some sort of court order or something you know the fact that this cop can just basically decide whenever to like suddenly start you know monitoring someone's car's location using license plate readers is kind of ridiculous um so anyway he was arrested and caught in march local news outlets reported and 404 media obtained video from the police cruiser and court records associated with the case to show exactly what happened. So I guess you can see on the screen with what's happening. And yeah, it's already, we already talked about this before, but like Flock automated license plate readers are being used for this all the time and being used as like a stalking device. And yeah, this is, this is really concerning stuff, especially because like, you know, this technology is quite powerful to track somebody and no one is, no one is, no one seems to be limiting the access to, to police officers. They're just basically allowed to do whatever they want. But yeah, I'll throw it to you, Nate. Like, do you have any more thoughts on this one? Oh, I'm full of thoughts on this one. Yeah. Oh man. I think I've calmed out. I was really tearing into this guy on Monday when we read this story, but I think I've calmed down by now and I just don't care anymore. Um, I, I think this kind of shows, like you were saying, this shows the inherent issues with, um, with like this idea of only the good guys. Like, I know this isn't like talking about a backdoor thing, but you know, they say that about like encryption backdoors. It's like, Oh, only the good guys will use it. And like, first of all, that's assuming good guys. And for the record, I am not going to sit here and try to get into like, whether all cops are bad or whatever. I'm not going to get into that, but there is absolutely no shortage of stories about cops using exactly stuff like this to like stock their exes, stock their not exes, like current romantic partners. Um, you know, their ex's new boyfriend, like, and even if we assume good faith, there's God, what, there's gotta be millions of cops in the U S right now. You're telling me none of them are bad people. And we don't really have a lot of things in place, stopping this kind of abuse. And, um, like, that's really what's scary about it to me is we don't have, like, there's no technical safeguards. It's all policy safeguards. And here's where systemically, I am going to criticize the cops a little bit. Systemically, the cops don't seem to like to hold themselves accountable. Um, New York, a couple of years ago passed a law, uh, New York city. And I think it was like a city ordinance that was basically like, okay, the cops have to, anytime they want to buy a new piece of surveillance equipment, they have to explain why they want it they have to explain um what they're going to do to mitigate any potential damages and there have to be like periodic audits and they have i mean okay it's been like a year or two since i checked but last i checked they have consistently dragged their feet turned their audits in late uh the audits they did turn in were like super super thin like literally like there's almost nothing in the audit like we did not even the bare minimum to get you off our back it's like they're being purposely difficult and malicious and it's like why why is this such a weird concept that there should be oversight like we're giving you people guns we're giving you people drones we're giving you people surveillance over the whole city and for some reason you think we're insane to be like maybe somebody should watch the watchers i don't know okay maybe i'm being a little too political but my point being it's like yeah people keep saying over here in the comments it's like why like i hope this guy got fired or like somebody said that somewhere it may have been you and it's like i hope so too but honestly i don't know i really don't know um i'm kind of surprised he got in trouble at all because this this stuff happens constantly and kind of getting back on the point it's just it's this surveillance system that we have built that you know they sit there and like oh we're only going to use it for violent crime we're going to use it for drug dealers and kidnappers and and you know this thing and that thing and it's like until you don't until somebody goes rogue and does this or until it becomes government policy to weaponize that against nonviolent people. Like, I'm sorry, it's really hard to talk about this without being super political. But even I will say here in the US, you know, we've had a huge immigration crackdown. And even a lot of the conservatives I know are like, I'm not really in favor of this, because we're not going after the violent immigrants first, we're going after like, the random people in the Home Depot parking lot. And it's like, even a lot of the conservatives I know are like, could we maybe start with like the gang members? so it's this surveillance state is just not i mean it's it's the thing it's so frustrating that like as privacy people we've been saying this kind of stuff for years and we point out like this is a slippery slope this can go wrong so quickly and it's not until it goes wrong that people are just like oh maybe you weren't just being paranoid and crazy but okay yeah i think I've ranted quite enough on that one. Yeah. Somebody said facepalm. So true. Yeah. Yeah. This guy, if sorry, go ahead. No, go ahead. I was just going to say, yeah, if you, if you read the article, which this one is free to read, you just have to make an account, which you can sign up with simple login. Totally recommend. Yeah. At the very end, they keep asking him, like he keeps talking about how he does stuff and he knows he's not supposed to like somebody else in here said, like, there's supposed to be policies where when you do a search, you're supposed to say why, like why are you doing this search and uh in one of them he wrote like background investigation which 404 has covered that before like you can just put anything in there it really only matters if they pull it and ask why you did the search but yeah he keeps talking about how he keeps doing stuff and as soon as he looks her up in like one system he's like oh i shouldn't have done that that that was not smart anyways on to the next system to do it all over again and he just keeps doing it and keeps doing it and now that he's finally caught and they're interrogating him and they're just like why did you do it why did you keep going and he's just like i don't know and it's like what are you five like come on man yeah okay sorry yeah i think the the weird stuff in this story is like just not respecting this uh this woman's consent like she said oh you know uh i'm not really interested and uh i'll follow you back on Instagram. That's what the story said. And she was like, you know, trying to blow someone off. Like you got to take a message here. Like someone, if, you know, if someone's not interested, they're not interested. Like you can't just keep asking them over and over again. Um, it's not going to change the outcome. And, um, I think unfortunately it seems like the police force seems to attract a lot of people that don't understand how that works exactly. So, you know, this is kind of, it definitely is more of a systemic issue, but I think also police shouldn't even have access to these tools because, you know, it's creepy and it's also can be abused by some rogue person. So, you know, it's not really, I don't think there's really any evidence that these tools actually provide, you know, an increased level of protection, whatever that means to a community. Like it's, it's just one of these, I think, you know, I'm sure you can probably talk about this a bit more, but I feel like a lot of this flock stuff is like, you know, government lobbying and just like you know trying to get government contracts these companies um you know and they'll say oh this is going to increase this is going to decrease crime and like do all these amazing things and like they kind of just you know believe everything that they're saying um and they get installed everywhere so I think this is like a dual issue it's the issue with the automated license plate readers and also just like the police just having unfettered access to surveillance systems that's kind of bad as well um so yeah someone said then why women don't report abusive relationship issues or stalkers yeah like literally why would you report it to the police if they're just gonna stalk you instead like how do you know that the person you're reporting this to isn't just going to do something like this to you, right? It doesn't make you gain trust in the establishment of the police force. Like you're not going to trust them. So I think a lot of people are in that group. And I think especially now, like Nate said, with the immigration crackdown stuff, we'll talk about that a bit later. We've got a story about ICE as well later. But I think the crackdown of all of that And like, you know, all these tools being implemented to make that happen is definitely making people less trust the police, which is, you know, in some ways it's good because I don't think you should. But it's yeah, it's it's really unfortunate that this happened to this woman. And yeah, it's overall just kind of disgusting. so i hope that's this police officer gets taken to justice and loses his job and never works in the police force ever again because that is incredibly creepy yeah he's clearly proven he can't be trusted with this kind of power yeah and it's it's i'll i'll rag on him a little bit this is the kind of stuff i was saying earlier this week is like yeah he um he's a cop women love guys in uniform like he could have almost any girl and florida's a red state he could have almost any woman he wants but he's just so fixated on this one girl that it's like dude she's not that into you move on it's it's pathetic it's pathetic i'm just gonna say that but yeah this uh these are and actually real quick one privacy related thing that came to mind while you were talking is like we keep saying like you know it's this is what happens when like you build these surveillance systems and you have to trust the people using them and we talk about like insider threats and rogue people but we also saw back with um i'm gonna probably come back to it till the day i die but the whole volt typhoon thing it doesn't even always have to be a bad apple or an insider threat what happens when somebody hacks into this system and now this dude is able to like have real-time alerts every time she passes a flock camera i don't think they specifically said they were flock cameras but they probably are um you know they're they have these whole databases where he can pull everything about her you know he can pull her um what was it record detail signature vehicles current photo um and then looking up license plate numbers additional information about the woman and her vehicle from florida highway safety and motor vehicles it's just yeah like you can find everything about everybody and all it takes is you know that one person that hasn't had their coffee and clicks a phishing link or something and it's just nobody ever thinks about what goes wrong. We need people to be just a little bit more, what's the word I'm looking for? A little bit more negative. Like people like me always get when, you know, when I'm like, okay, what if this thing goes wrong? And it's like, you're being so negative right now. And it's like, yeah, sometimes that's a good question to ask though. So yeah, I digress. I think we've discussed that story plan. Oh, I will say on the flock thing i'm a i'm fully convinced that there are bribes going on because i know you've probably read some of these stories too there are towns where like the people will turn out like the meeting starts in the morning and the community will turn out and it'll go until like 10 p.m at night with everybody being like we do not want these cameras and the city will still approve them and i am fully convinced that somebody is getting bribed for that kind of crap to be happening. That's just my personal opinion. So yeah, I don't know. It's not, not great. But anyways, I digress. I think if there's a, if there's nothing more on that story, I think we'll dive into the site updates. So in a minute, we're going to talk about the EU and how they are requiring cameras in all new cars on the topic of surveillance that will definitely not be abused or hacked. But in the first or in, in the meantime, real quick, first, We're going to talk about some quick updates with what we've been working on this week at Privacy Guides, which, again, this is another one of those weeks where it's been a lot of behind-the-scenes stuff. And so there's not a lot of public-facing updates yet. But as usual, Freya has been very consistent and has been crushing it with the news articles. I'll throw those up here real quick. I've got my weekly data breach roundup, of course, which this week's unexpected entry, NextCloud. Did not see that coming. But, you know, Freya talked about there are some additional Apple privacy issues that have been patched, which Freya wrote about. There's a 15-year-old Linux kernel vulnerability that allows full system takeover. Google and the FBI shut down a malicious residential proxy network installed on millions of smart devices. Real quick, Darknet Diaries recently had an episode about those little piracy streaming boxes and how they're basically all just botnets. And that made me paranoid, and I didn't even have any of those. I wanted to go home and unplug the router. Phishing techniques to steal Microsoft accounts and all kinds of fun stuff. So definitely check that out if you have missed any of those stories. And I believe Jordan said that there were a few poll requests that I will let them cover because I think I missed those. Yes. So there's, as always, like we're trying our best to stay on top of keeping the website up to date. So if anyone sees any issues on the website, feel free to like submit a poll request and we can get that fixed. But yeah, we had two pull requests. Oh, three pull requests. Looks like there was one submitted yesterday as well. So yeah, we had some corrections on the website that were made, removing some older data broker websites, updating some of the information about MV2 support for Ublock Origin, fixing a typo um for the email one of the emails on the website um not really too much else to add though it's all like kind of maintenance stuff for the website um we are working on lots of stuff behind the scenes as always um so we can't really talk too much about that i'm not sure if we want to make that public yet but there's definitely some interesting changes coming to the site at some point in the future. But this week I've been working on a video about Bullrun NSA's Bullrun program. So Nate wrote that. That's nothing to do with me. He kind of wrote that and recorded that. So I've just been editing the footage so far and yeah, it's coming along really well. I think everyone's really going to enjoy it. Um, it's definitely kind of eyeopening. Yeah. It's, it's definitely going to be an interesting video. We've also got an interview with, uh, the Cape, uh, community, no, not community, consumer product manager, um, I believe, or head of consumer, sorry. Um, who's basically did an interview with Jonah. I'm still trying to get that done. Just need some final changes on that before we can put it out. But apart from that, it's ready to go. So definitely look out for that. Next week, I think the bull run video will be done. So definitely look out for that as well. But yeah, not too much else on my side of things, but hopefully everyone is having a great end to that week. Yeah. I'm excited for the bull run one. I think, uh, I think that's going to be a good one. People are going to really enjoy. Cause it's a, I don't know me personally, I'm a, I'm very fascinated by like how we got here. I didn't grow up in the hacker culture of like early days of like bulletin boards and IRC. So a lot of this stuff is just news to me that I'm like, wait, that happened or like, Oh, that's why this is the way it is. So personally, I love those kind of older stories myself. But yeah, so all this is made possible by our supporters. You can sign up for a membership or donate at privacyguides.org slash donate or pick up some swag at shop.privacyguides.org. I've always got my little water bottle here, which is awesome and very convenient to carry around. Privacy Guys is a nonprofit which researches and shares privacy related information and facilitates a community on our forum and matrix where people can ask questions and get advice about staying private online and preserving their digital rights. And now we are going to talk about ICE and how ICE is monitoring online critics. All righty. Yeah. We move some stuff around here. Ah, uh-oh, Apple. Ah. I'm still getting the hang of using a Mac. I'm a little too heavy-handed for it. Okay, here we go. So, yeah, this story is pretty unfortunate because – let me just read the first couple paragraphs here. So voting was already underway when the ICE agents arrived at a polling station in Syracuse, New York during the state's primaries in June. The agents were there to see – I'm probably going to pronounce this wrong – Paige Lynn Gagne, a poll worker who says there were concerns about an Instagram post she had supposedly made in January, quote-unquote, doxing an ICE agent. The only post she could find was one she had made crediting the Minnesota Star Tribune for identifying the ICE agent who shot and killed Renee Good during the federal incursion in Minneapolis this winter, calling for his indictment. The agents at the poll site asked Gonia to sign a warning notice that said it was unlawful to threaten, assault, kidnap, and or murder federal officers or their immediate family members in an effort to impede a federal officer's work. The forum also requested that she remove her post and or discontinue her behavior. And she said, my signature would have been an admission of guilt, so I refused to sign it. ICE did not respond to a request for comment. So it's, uh, again, this is one of those things where like, we're not trying to be political here. We would be reporting on the story no matter who's in office. And it's really unfortunate that like, first of all, I'm going to get on my soapbox for a second, which I don't think anybody will mind. Um, I don't understand. Actually, let me, let me backtrack and rant just a little bit. So when the U S government talked about banning Tik TOK, if you read the proposed ban, it was the most insane thing in the world because they couldn't just say, let's ban TikTok because code is free speech and that's illegal. So instead, they basically had to say, we're going to ban any app that does this. The problem is TikTok does the same thing that Facebook and Snapchat and Twitter and Instagram and Amazon and all these other big tech apps do. So if they just said, we're going to ban any app that does this, they would have had to ban all those too. So they had to jump through so many hoops to be like, if it does this and this, and is owned by a foreign adversary country and blah, blah, blah, blah, blah, blah, blah, blah, blah, just to like carve out this ridiculous loophole because it's just, God forbid, we actually do anything privacy respecting in this country. And to continue on that train of thought, um, I think it was section 702, uh, a couple of years ago when the topic of, are we going to renew section 702 came up? Um, no, no, no, it was, sorry it was requiring warrants It was requiring uh the NSA and people like that to get a warrant to look at to to track um American Americans data Sorry I stuttering a little bit My brain is moving faster than my mouth So um Congress voted against that Of course, no, we can't make them get a warrant. And one of the senators or house of representatives, whatever, when they asked him, it's like, well, why'd you vote against it? He's like, well, right now, anybody in China or Russia or Iran can jump on Google and jump on one of these people search sites. And for 10 bucks or 50 bucks, they can get the data on any American out there. And if we make our guys go get a warrant, that puts them at a disadvantage. And I remember screaming at my computer because I'm like, why don't you just pass a privacy law that makes this not a thing in the first place? And then you don't have to worry about having an unfair advantage. And so that's what this feels like to me is it says down here that like – where did it go? Basically, they're trying to like rework the definition of doxing because typically there is a very specific legal definition of doxing that covers like – no, that's like a subpoena thing. But anyways, they're trying to like expand the definition of doxing so that it includes like filming law enforcement agents while they're out in public doing their jobs, which is weird because they'll always say that you have no expectation of privacy in public. And it's just it's like, I don't know, to me, it's like they will do anything to avoid passing an actual privacy law. like it's oh man i forgot how i got on that but yeah it's just it's it's so ridiculous but i don't know i don't i don't understand how saying that somebody should um should you know have to have a trial is like threatening to assault or kidnap them but yeah it's it's really unfortunate i mean it's i mean this is so clear-cut to me like this is a free speech issue this is a first amendment issue uh what's really weird is they say that this is this is being conducted by ice's office of professional responsibility which is supposed to be for internal investigations. They're supposed to be investigating ICE and what ICE is up to. It says here they're supposed to act as an internal watchdog responsible for inspecting detention facilities, investigating allegations of employee or contractor misconduct and processing security checks. They also protect against external threats by managing badge access to buildings and maintaining the agency's network security. But instead, since between January of 2025 and march of 2026 they have investigated 131 cases involving incidents of doxing and threats towards ice employees uh which wired was only able to find one instance that turned into an actual like criminal lawsuit where this man was originally allegedly um harassing an ice agent that lived in his building which to be fair yeah that sounds like harassment possibly um where did they say that uh there's a thing about here about how the number of actual like inspections that the opr is done that they're supposed to be doing has dropped dramatically oh real quick here we go uh agency officials have tried to expand the definition of doxing which generally means publishing specific information such as an individual's home address to including taking photos and videos of ice employees while they are performing their official duties which free speech experts say is lawful activity um i'll see if i can find it here but yeah they uh they oh yeah right here. Um, an analysis by the project on government oversight found that in 2025, the agency published only 102 detention facility inspection reports on its website compared to 162 reports in 2024 and 192 in 2023. So, uh, instead of policing their own, they are looking out and trying to complain that somebody said mean things about them on Instagram. So I don't know. Yeah. I don't, I don't really know if I have any way of not being super biased and political with this story. It's just, it's ridiculous. Like you can't, you can't go arrest somebody because you don't like that. They said mean things about you. That's, that's not how America works. That's how authoritarian regimes work. So yeah. I think it's kind of surprising like how this happened. Um, apparently the, the article itself links to, uh, the Instagram post itself. and basically all this person did was like repeat what a news article said like I don't really know like that seems within reason that seems within like the First Amendment, that doesn't seem like something that's like you know wrong to do, so it genuinely feels like this story is just some ICE agents getting their feelings hurt and then pulling up to this person's um property and just trying to bully her like that actually just that that is like kind of what this feels like they're just trying to intimidate her um so i think it's a little bit ridiculous um especially because you know there's she was just reporting what a news outlet was saying um so it's not super it's not like it was super private information and these are I believe ice agents are public employees like they are they are public they're publicly funded like you should know who this person is right like there should be transparency about who where your taxpayer is dollars are going and who these people are right like I thought the the whole thing in the US is you know if you if a police officer comes up to you they have to identify themselves like who the hell are you like you know like it's the same thing with like an ICE agent right like how do you know who this person is um they're working for the government they they're a public employee like they need to I don't think it's wrong to um want to identify someone especially if they're doing something so atrocious as you know I believe this story was talking about someone who was murdered by an ICE agent, I believe, in broad daylight. So, you know, that's kind of serious and something that should be reported on. And especially if it's public taxpayer money going towards that, you would kind of want to know who this person is. So, I mean, yeah, I hope that this doesn't continue because, yeah, like Neha was saying, this is like stuff that you hear about, like you know that happens in like russia or china um not america so it's kind of frustrating that this is where we're at at this point um yeah i don't really have too much more to add but um those are kind of my thoughts um on it yeah i mean all my thoughts are sarcastic but also accurate like again i i think it's so funny that yeah they're trying to sit here and being like oh you can't film them while they're in public doing their job, even if you're across the street out of the way. And it's like, but, but why aren't you the ones that are always saying like, oh, but we should put up a billion cameras because you're in public and you have no expectation of privacy. What about when I'm doing my job? You don't, you don't shut off your cameras because I'm in a work van. Like, come on, man. And yeah, it's the same. Cause isn't that also their argument too? It's like, well, you're not doing anything wrong. So what do you have to worry about? Right back at you. You're not breaking any laws, right? You're doing exactly what you're supposed to be doing allegedly. so why do you care if I'm filming you? Come on, man, get over it. Yeah, that is a big thing in the US. For the record, I haven't looked into it, but I know there's been allegations that ICE agents were showing up in plain clothes, not identifying themselves. There's definitely videos of them totally covering their face so you can't identify who they are, which again, they use facial recognition, but we can't use it on them. It's, yeah, sorry. I'm very sarcastic because I don't think anybody, no functional government should be working like this. I don't care who's in charge. um real uh relevant derek here said uh first amendment rights to criticize your government is pretty much the exact reason the first amendment exists yeah it's like the they talked to an aclu lawyer in here and that's exactly what they said is like you you have a first amendment right to criticize the government like i've been criticizing every president since obama like that's why the first amendment is there it's yeah uh sorry this this kind of stuff works me up it's just it's completely insane so yeah i think the other thing that was kind of interesting is they they were kind of pushing her to sign something like they were pushing a thing to admit guilt like she'd done something wrong like it goes without saying but i feel like people in our community are pretty smart but if some like government stooge comes to your house and asks you to sign something like probably don't talk to them don't talk to the police don't talk to whoever the heck these people are, it's better to talk to a lawyer. Don't talk to them, which I hope people understand that it's the most important thing when you're interacting with law enforcement, especially in the US. I think they can kind of just do whatever and get away with it and lie to you, all sorts of stuff. So definitely be careful. And yeah, you should be able to criticize anything that you want to do with the government especially so it's kind of surprising that yeah it feels like that was one thing that a lot of people were complaining wasn't the case before like was this was happening before but now it seems like they're just doing it as well so I mean that's fine I guess it's yeah I don't really have too much more to add on this but definitely concerning stuff people who are criticizing the government hopefully you don't get some government agents showing up at your house yeah um just to back up what you said like even the most pro police lawyer will say that yeah it's police are allowed to lie to you in the u.s it's don't like identify yourself that's about it like here's my id here's who i am but other than that yeah you are well within your rights to ask for a lawyer um it's uh yeah i digress um i think we can move on to our next story about europe all these stories are so frustrating to me today yes all cars in uh the eu now require could require i mean let's say it's i don't believe if it's in effect, but all cars sold in the EU now require a camera aimed at your face. It's still not clear where the data goes. The ADDW rules are designed to reduce road accidents by detecting distracted drivers, but gaps in the regulations have raised concerns over the privacy of driver data. So according to this, starting July 7th, 2026, every new car sold in the European Union must include a driver monitoring camera aimed at your face, glance at your phone, your kids in the back seat, or the radio for too long, and the car will flash a warning light and sound an alert. And basically what this article says is, automakers have known that this was coming for years. What they and EU regulators have never spelled out is what happens to the footage after the alert goes off. Now, I think this is definitely an interesting thing, right? Because I guess the argument that they're making is, you know, we should be able to record you at all times inside your car and monitor your attentiveness, I guess. Because, you know, it's for safety. It's for safety. It's always for safety or it's for something like that. So, you know, it's kind of not really clear what the implementation of this will look like. If this data will be stored on device and not like sent out anywhere or if this will be used for for example you know giving you fines even. But basically the the article warns that even real world testing suggests the distraction warnings can be overly sensitive and potentially distracting. So it does go down into more detail about like how this system works. Um, it says, look away from the road for more than 3.5 seconds at a highway speed or six seconds at slower speeds. And the car warns you with the combination of light, sound, or vibration, it switches on automatically above 20 kilometers per hour, and it cannot be permanently turned off. So I feel like this did get a bit popularized because I know Teslas have cameras inside the cabin, which I thought was really creepy. But apparently we're just going to add this to every car now because why not? It's kind of concerning, but, you know, I think a lot of people think that the EU is great for privacy and all that, but there's definitely still a lot of issues that they have, have, especially when we see stuff like chat control and also, you know, this mandatory driver detection stuff. Basically, the article says it uses it as an excuse, but EU funded research estimates driver distraction plays a role in five to 25% of car crashes and the broader package of safety rules this camera belongs to is projected to save more than 25,000 lives by 2038. Now, you know, we could force everyone to be surveilled constantly in their vehicles and, you know, save a couple of extra lives every year, but will that be an acceptable price to pay? I'm not sure if that's the case. But yeah, I can throw it over to you here, Nate. Do you have any extra thoughts on this one? Not really. I think just kind of like you said, the real question here is that it doesn't say what happens to the data. So it's supposed to work. They say, here, I'll quote the article. On the positive side, the regulations require the ADDW system to work on a closed loop without the use of biometric data. This means the data used to determine whether a driver is distracted must not leave the vehicle or be transmitted to the automobile manufacturer, its servers, or any third party. In essence, the data should be processed locally within the vehicle itself. However, there are still several concerns surrounding the implementation. The regulations do not impose any independent audit or assurance mechanism to ensure that the system installed in the automobiles actually operate on a closed loop, and there's little clarity over how the data is handled, what happens once the distraction decision is made by the system, how long the data is retained, or when it is deleted. Article 6.3 of the GSR states that the system should be designed in such a way that it does not continuously record or retain data other than what is necessary for its purpose. However, it fails to define what is considered necessary specifically for ADDW systems, nor does it specify the exact retention period. So yeah, that's kind of the issue is like in a perfect world, this all happens on device. But I mean, again, even like, let's, let's read good faith into this. How are they going to improve the system? How are they going to know if they get false positives? Like it would make sense that every time there is a flag for distracted driver, that it gets sent somewhere for someone to look at it and go, oh, that's, you know, that was a false positive. He wasn't distracted or whatever. And, um, you know, the article goes on to point out that here in the U S we've had issues with driver data being sold. Uh, John last name actually said that here insurance companies will charge higher a hundred percent. Yeah, absolutely. Like we've already had issues here in the U S where, uh, driving data gets sold to insurance companies to give you personalized rates, which are always wrong in garbage. I think I complained about that earlier this year actually, or maybe late last year, but, um, yeah, it's just, it's, I don't know. It's like you said, like, yeah, it's, it's all good that we want to save lives. And I don't think anybody's opposed to that. Like, I don't think either of us are sitting here just like, eh, sometimes you got to crack a few eggs to make an omelet. Right. Like we're not saying that, but it's just like, is there really no other way you could have done this? Like, I mean, honestly, so it's funny about 10 years ago when they first started piloting self-driving cars. um i remember they were interviewing people on the news it was like local news somewhere and they were asking people on the street like how do you feel about a self-driving car and this one lady was like i don't i don't know if i trust a robot to drive a car and i'm like i trust literally anything to drive better than a person people are horrible drivers and so it's like i don't understand why we're not investing in that more and for the record yes self-driving cars have come with a completely different set of concerns but it's like i don't know my point being it's like why why was the lesser evil sticking a camera inside the car i don't know that's just i feel like there's so many better ways they could try to solve this but you know they go for the the easy clean solution because that's what makes for a good soundbite when reelection time rolls around i guess so yeah so i think this is definitely one of these uh cases we've talked about cars a little bit in the past um a lot of cars are basically just a privacy nightmare. Like they collect ridiculous amounts of information, really sensitive information, like where you live, where your work is, where you visit commonly, you know, this is all data that's like extremely sensitive, especially if, you know, someone with the bad intentions had access to it. Um, so this is just like another thing that they're collecting. I'd be kind of surprised if you know they're not using this data like the article here says if footage or eye tracking data from a system like this were ever exposed in a data breach or shared without your knowledge it could reveal detailed patterns about your daily habits your location and who rides in your car with you that kind of exposure can feed into identity theft or phishing attacks built around information a scammer should never have had okay so like you know this this data is like it shouldn't exist, right? But these systems are, you know, forcing people to, forcing not people, but forcing corporations to implement this change, which I think will not be great from a privacy perspective and it will vary, very, the implementation will vary quite a lot, I think, between different car manufacturers. there's a comment here from swizzxkill funny that EU mandates that cars need to watch drivers and warn them but at the same time manufacturers are trying to push self-driving systems yeah I think self-driving is not as popular or common in the EU as far as I'm aware it's much more popular in like the US and in Asia specifically. I know China, they've got a massive self-driving market. Sorry. So, you know, it's interesting that we're trying to push both directions here. Like we're trying to warn drivers and we're also trying to make sure that they're not focusing on the road. Who knows what they're trying to do here? Possibly maybe this is to make more money off people data. I would not be surprised if, you know, all this data leaks at some point, if it does end up being, you know, broken or cracked or something like that. I think it also raises questions about the, like, secondhand cars, right? Because if someone's owned the car before you, there's probably a bunch of data collected by the system. So someone could, you know, know a bunch of information about you. It could also have issues for rentals as well, because, you know, a lot of times rentals are not resetting all the data on this, on the internal systems every time. They're just, you know, giving the car to the next person. Um, that's a whole bunch of data and biometric, um, information of a bunch of people that is now stored on that vehicle. Um, so yeah this is kind of just not amazing um i don't know like sometimes the eu does good stuff and sometimes the eu does bad stuff um i think this is definitely one of those times when the eu is doing bad stuff unfortunately yeah i don't have much to add to that to be totally honest crazy stuff all right all righty um yeah i think uh on that note let's move into the forum updates so in a minute we will have the uh the q a section so uh the chat's been pretty consistent here which is awesome we love seeing you guys hang out with us but if you've been holding on to any questions definitely uh go ahead and start leaving them in the chat or in the forum over at discuss.privacyguides.net which speaking of for now we're gonna go check in there's always a lot of activity and as always this week was pretty busy but here were a few of the week's most interesting discussions so first up we have this was a story that we don't have a lot of details on but I really wanted to to share this because it's interesting it's it's news um so there was a ransomware gang i think they've been broken up now called scattered spider and basically um at least one of the members has been arrested and the way they got him was something called the global device identifier in windows machines so basically when you install windows um it uh let me see if i can find where it is here Basically when you install Windows every install comes with a unique identifier And it's, I'm a little unclear exactly how this worked, to be totally honest. I'm still trying to unpack this myself. But basically, Microsoft was able to tie all of the information that this guy did on his machine back to that identifier. And that's how cops were able to find him. but it's um again it's really complicated and we we still don't fully have a lot of concrete details yet um like for example there's so here in this thread in in the privacy guides forum people are talking about is there any way around this is there any way to like disable this thing which i i always feel the need to point out especially um like we're already kind of like iffy about recommending any third-party deep loading scripts as it is but especially these like deeper deeper ones like i know there's ones that will remove uh the intel management engine if you have an intel pc but also sometimes that'll brick the pc so when we're talking about this like really deeper level stuff definitely uh tread lightly um i don't think we officially recommend any of them so i'm not going to say that we stand by any of the recommendations in this thread but you know people are talking about that and people are also speculating like well how much exactly was this guy using? Like, was he, um, did he have a Microsoft account where of course it's pinging Microsoft a hundred extra times a minute? I'm exaggerating, but you know, it's like, if you have a Microsoft account, it's going to submit a lot more data than just a regular local account, which Microsoft is increasingly making it harder and harder to use just a local account. Um, you know, they, there's some people saying, uh, was he using edge instead of a different browser? Um, so there's still, again, there's just a lot of uncertainty here. Um, but I'm definitely going to be pouring through this thread myself and clicking some of these links. There's a lot of articles here from different cyber news, digital trends that offer more information about this. Even if I don't install some of these scripts, I'm definitely going to check out some of these scripts and read the readmes and see what they say. Just to kind of understand a little better about what this identifier is and when it gets submitted, when it doesn't, what it comes with. But yeah, this is really troubling stuff. And I think the takeaway there is, you know, it's, we can never, open source is not a silver bullet. Like Linux is not perfect by a long mile, but it is much more transparent. You know, we wouldn't have found out about this global device identifier years after the fact in Linux, right? Like that's something that would have been in the code that somebody would have spotted it. So we have that transparency that we know about, we have a better idea of what it's doing. And also I think it's just a reminder that like windows is really hard to make meaningfully private. Like again, there's a lot of things you can do. You can change settings. You can use open source software instead of the proprietary garbage it comes with. Again, officially we don't recommend any of those third-party scripts, but I'll be honest, there's a couple that I personally trust that I'm not going to name here. I'm just saying like, my point is there are some things you can do to like make it a little bit better, but you never know when like, Oh cool. Now there's this thing that I don't think any of those scripts deal with that we didn't even know existed before. So sometimes you have no choice. Sometimes you have to use Windows. You have to use Mac. But definitely try to opt for Linux whenever you can. Dual booting if you're able to. It's just, yeah. I don't know. This story fascinates me. Maybe because I have a Windows computer. But this story is wild to me. Did you have a chance to look at this one at all, Jordan? Do you have any thoughts on this one? I know you're more of a Mac person when it comes to desktop. No, I do have a Windows system. But I do think the interesting thing about this is that the GDID, right, like this is the main thing that they're talking about in this article. As far as I'm aware, this sort of like generic device identifier thing is, you know, something that can be assigned based on hardware. It seems like that's the case. So if you've ever swapped out your motherboard or swapped out RAM, for instance, and you've noticed that your Windows has become unactivated, I believe that's because your generic device identifier has changed because your hardware has been modified too much. So I think the interesting thing with this is with each piece of hardware, there's, of course, serial numbers and identifiers for each piece of hardware. So I think that might be possibly linked to how this generic device identifier is used, is created. So it's interesting, but I think this is kind of a problem with all major operating systems that have telemetry and have data collection. I'm sure this is definitely the case with Apple because they collect, you know, the, what do they call them? They call them serial numbers, I believe, for each device. So it can be linked back to you and your identity. I think this is just basically the same thing again. You know, being able to identify someone based on their GDID. I think this is kind of a problem with all, basically like all proprietary operating systems that collect telemetry and such, they need like some sort of identifier to link back to. So, you know, this is, I feel like probably not too surprising that they have the ability to do this. Someone posted like a Twitter thread. basically the person that was arrested here, his operating system reported internet activity to Microsoft. It showed information about what he was doing and that allowed Microsoft to report that and eventually for him to be expedited and arrested. So this is obviously not an endorsement of hacking and committing fraud and all this. We're just saying this because this is data that I think most people would assume is private, but is not in this case. I'm not sure if that Twitter post is actually true or not. It's kind of just like some random person on Twitter saying that. But I think, you know, when you have these static identifiers like that, that is definitely much more of a chance for that to be possible. So it's definitely a concern that people should have. And I don't think it's something that like a deep loading script can suddenly magically remove either, unfortunately, because it is something that is so deeply embedded in the operating system. Yeah, it's definitely something I'm going to be keeping an eye on myself. Like I said, I'm going to go through this thread and click on some of the links and try to get a better understanding of what this is and how it works. So it's one thing I really like about the Privacy Guides Forum. There's really, really smart people here that I can benefit from their expertise. Indeed. I just want to highlight a comment here from John Lastname. The future is AI driving cars and public transport is safer and more efficient. Either way, we want it or not. Either we want it or not, sorry. Yeah, I mean, I agree. I think, you know, there's also privacy issues with public transport, unfortunately, because, you know, every public transport's got cameras everywhere on it. So, you know, there's issues with public transport, too, that I don't think is, you know, wrong to be concerned about. but I do think, you know, on public transport, there is like a legitimate, almost legitimate reason to have a camera, right? Because it's public and someone could vandalize it. Someone could do something silly with it. Um, that makes sense. But I think just having a camera inside of your private vehicle is not really, uh, justifiable in my opinion. Um, there's definitely ways that they could do it better. I'm not really sure about the, okay, going kind of off topic, but I've seen so many videos. I don't know if you've experienced this, Nate, because like I feel like they're really common in the US, but like those Waymo self-driving cars, I've seen so many videos of people just being like stuck inside one, like in a really precarious situation and just not not being able to move, not being able to leave the vehicle. It doesn't seem really that they're all too reliable, unfortunately. So, you know, I'm not sure if we're quite so close to having that being a reality, but maybe after we invent teleporters or something, that would be great. Then we don't have to worry about driving everywhere. All right, hold up now. As a sci-fi fan, we have to have this discussion, though. if you teleport, is that you teleporting? Does your consciousness teleport? I don't know. Maybe it's not really you. If you teleport, I guess you're cloning yourself or something. That's what I think. We should have this discussion later. I love, I love the deep questions like that. I mean, deep. I don't know if we'll ever invent anything like that, but you know yeah i digress um all one said uh we're literally beta testers in real life pretty much yeah like you know it seems like governments are like do we have any evidence that this would help no let's try it anyway it's just like um yeah i don't know um i do think a lot of this is i'm not really sure with the eu because i feel like the eu is definitely a little bit more like there's less money possibly influencing it. I know there's definitely some pretty major issues in like the US with like super PACs and stuff like that, but like I'm not really sure how that works with the EU presidency. I'm not really sure if that's like an independent body or if that's like something that there is like, you know, lobbying. I'm not sure who would be in favor of that like you know car companies surely not because it just means more um you know more more stuff for them to do basically cost more money so i'm not sure they would be in in uh in favor of that i'm not really sure what um would be the case otherwise though wait a quick question from roll are we following updates with the molly app talks of the app stop working soon i have not heard that um if you have a uh if you have a link definitely send that our way because i i would be interested to know more about that i haven't heard anything about that yeah me too the test is failing on github interesting interesting okay we'll definitely look into that and we'll um if there's any news on that we'll post like an update on the forum or something if we see anything but right now it's not looking like there's any issues. I've been using it and it's working. So there's no sign that it's disappearing, about to disappear. I know they did get funding at least. So they do have resources at least. So I hope they continue. Dev working hard, but deadline soon. Okay. Yeah, we'll check it out. Thanks for bringing it to our attention. We'll make sure to check it. um john last name said you read you read my mind nate it is not you it's a clone 100 yeah yeah this is this is what i think about at night i'm a uh um i've never been and this is 100 true i've never been a weed person um and that's like the joke i like to make is like i don't i don't need weed i come up with really weird thoughts like that when i'm sober so wow yeah incredible anyways um i think we do have one more uh forum update here if we want to cover that real quick some bad news um do you want me to take this one or yeah so the eu presidency led an initiative to revive chat control 1.0 reinstated again until 2028 people's efforts still showed noticeable effect. So chat control, uh, we've, every time we talk about this, it's like, oh, they're going to try again. Um, and they keep trying again and they keep trying again and they really just want it to go through. Um, so this is really unfortunate news, but chat control one, which is different from chat control two, which, which we'll explain, um, chat control 1.0 is I believe non, um, mandatory, so like it only applies in specific cases where there's like over 18 content, I believe, but we'll get to that later. So this forum post here basically has been putting all the all the links to how to contact people. Chat control is passed at this point, which kind of sucks. I'm not really sure what this means for the companies that have private messaging services and stuff, because if this is the case, then there'll be a possibility that they'll have to scan messages for content, which would be quite bad. They linked in this post, they linked a bunch of information on how to find and contact your MEPs. You can do so at fightchatcontrol.eu. So if you do live in the EU, you can make some noise to your MEP and hopefully that will dissuade them from going further with this. I'm kind of surprised it even passed at all because as far as I'm aware, you need a majority for that to happen and they didn't seem to have a majority so I'm not really sure how that works um maybe someone from the EU can talk about it more because I don't really follow this I don't follow EU politics really um so I don't really have much to add on it um because I just don't live there so yeah um just to clarify I think like you said from what I understand chat control one is companies do not have to scan, but it gives them legal protection if they scan in the name of stopping crime or whatever. So right now encrypted messengers like Signal and Session and WhatsApp do not have to scan. It does not affect them. But now people like Discord and Facebook and all of them can start scanning and probably selling your data and monetizing your data and they can go, Oh, but we're doing it to comply and like, like look out for bad actors and you know, not like they weren't selling your chats before, but basically it gives them a little bit more protection. And for the record, I'm sure that like, I'm sure the law says that like, you're only supposed to be scanning for child abuse materials, but I'm sure they'll find loopholes anyway. So it'll just become that much harder to sue them for selling your chats. But yeah, that's, that's how I understand it. And I feel this is really unfortunate because I'm, I'm worried that this is kind of the slippery slope thing where it's like, this is, uh, like now that 1.0 is renewed and in place, it's like, Oh, now let's go back to the 2.0 discussion. And it's like, that's the one that's really like, Oh, yikes. No. So yeah, that's, that's my concern, but I digress. Yeah. It's definitely concerning stuff. Um, just definitely check out the thread here. Um, on the forum. That'll be linked, I believe, in the newsletter. So if you are subscribed to that, you'll see that. Have a look. The one person that started it did a really good job of keeping all the information in one post. Patrick Brea, as always, is posting updates on the situation. So maybe follow him on Macedon or Blue Sky, because he's basically the only person that I know in the parliament who's like well he's not in the EU parliament anymore but he was at some point um basically the only person covering this extensively and um talking about things as they're happening basically so if you want to get updates on that um definitely follow patrick breyer and fight chat control is also on mastodon um they do good coverage of what's happening too um i wish i add more to this. But yeah, I'm not from the EU. So if anyone wants to, they can check out that thread for more info. Yep. I don't think I have anything to add to that. Cool. I guess we can dive into some questions then. If that's what's happening, we can take some viewer questions. We'll start with questions on our forum from our paying members, and you can become a member by going to privacyguides.org and clicking the red heart icon in the top right corner of the page. So I guess we'll have a look and see if there's any questions on the forum thread this week. I'm just refreshing it now. It doesn't look like there has been any questions there but we did get you know quite a lot of chats from people around here. That was nice. I don't really have anything to add here. I mean, if we don't have any questions, I'm not really sure. Let's see if there's any in the chat here. I mean, we could always discuss whether or not your consciousness transfers during teleportation. All right, let's hear it then. Oh, I don't know. I would argue no. I don't think it does. maybe we'll need to maybe we'll need to skip out on the teleporting maybe we'll have to find some other way it's not i'm transferring it makes all those shows like star trek just that much more terrifying when you think about it from that perspective it's like every time they teleport they die yeah it's weird because i don't know if you've watched um star trek uh strange new worlds but uh there's an episode where someone keeps someone inside the pattern buffer in the teleporter for like months and it's like kind of wild yeah it's like you know that sounds like the premise for a sci-fi horror movie yeah uh so no it is interesting it's an interesting question um but it's completely off topic for this podcast so i know i was just stalling and hoping maybe some uh some people would leave some comments but okay yeah looks like no one's um looks like no one's asking anything. I guess just checking here. Okay. Yep. I'm not seeing anything. I guess we can start closing out the podcast then. I mean, it's sometimes just a quiet week and that might be the case this week. Yeah. All right. Well, all the updates from this week in privacy are shared on the blog every week, so sign up for the newsletter or subscribe with your favorite RSS reader if you want to stay tuned. And as an eternal reminder, I should probably write this into the script, actually, but we do send the newsletter out right as the stream starts, so it also doubles as a great reminder that, hey, the stream is starting. For people who prefer audio, we offer a podcast available on all podcast platforms, and again, RSS and this video will be synced to PeerTube. PrivacyGuides is an impartial nonprofit organization that is focused on building a strong privacy advocacy community and delivering the best digital privacy and consumer technology rights advice on the internet. If you want to support our mission, you can make a donation on our website, privacyguides.org slash donate. To make a donation, click the red heart icon located in the top right corner of the page. You can contribute using standard fiat currency via debit or credit card or opt to donate anonymously using Monero or with your favorite cryptocurrency. Becoming a paid member unlocks exclusive perks like early access to video content and priority during the live stream Q&A. You'll also get a cool badge on your profile in the forum and the warm fuzzy feeling of supporting independent media. So thank you all for watching and we'll be back next week. See you next week. Thank you.