when we think about surveillance we need to think about what are we trying to optimize for because there are absolutely trade-offs a lot of the time you don't really know what's happening to the data on the back end Facebook is an advertising company they make their revenue because they create amazing profiles about people and then sell access to people's attention it's so funny how people talk about telegram if it's as if it's a private messaging app it's like calling Facebook a private messaging act so Brian Acton was uh the creator of WhatsApp sold it to to Facebook he was so dismayed with the direction that it was going in in terms of privacy that he left like hundreds of millions of dollars of vested options on the table China has completely hacked into all of our telecommunications networks choose a company that you trust and they say they're not logging use these other systems but be careful while you ride in them. Everyone it's David Bombal back with the amazing Naomi Brockwell, Naomi great to have you back on the channel. I it's so lovely to be back it's been too long. Way too long I was looking earlier it's like 2 years ago that's insane we
got to get you back more often. Well I think that privacy and surveillance move so fast I mean Tech in general moves so fast it's important for people to keep up with it and it's like a full-time job I should know because it's my full-time job but I do think that it's helpful just to check in with people and let them know what's going on um because yeah I want people to be empowered and know how to use their technology know how it works and make informed decisions. So in this video hopefully you're going to give us like your top tips for 2025 like maybe top 10 or whatever the number is top privacy tips but before before we do that you got to tell us about your channel because I want more people to go and sub to your channel so if everyone watching go and sub amazing channel Naomi tell us about your channel what you cover so that people know about it. So we empower people
in their technology we teach them about how all the surveillance in their devices works we teach them about privacy tools out there that can better protect them we want people to be able to navigate the online world safely and securely and with full autonomy and sovereignty uh so that they can feel free to express themselves and use the wonderful things that make the internet so wonderful so we have a uh research institute called Ludlow Institute it's a nonprofit and we just spend all of our time researching this stuff and then teaching you what we learned so I hope that it's it's valuable to to all of you. I think it's fantastic I mean just for everyone who's watching I've linked it below Naomi Brockwell TV fantastic channel we got to get you to a million subs. Tomorrow let's just do it tomorrow it's a great goal for 2025 right? Exactly so top tips for privacy and I mean we we'll just go on a journey here but perhaps you can give us some basic things and then some more advanced stuff I'm based in the UK as we were discussing earlier um Australia not that you there anymore is um also not well known for like looking after to people's privacy preps in the US is also not great so you know what can I do because the government is is like I don't know. It's getting scary and last year we saw that Australia just passed this bill talking about how they banning people under 16 from using social media and they have no idea how they're going to imp imp this yet but basically what this is going to necessitate is everyone in Australia having to provide a government issued ID in order to use social media and then once you have that infrastructure in place uh one it's going to be just a major target for anyone who wants to hack it uh just another piece of information that no one's going to be able to protect but on top of that once they have that infrastructure in place it's only a matter of time before they start adding more content to the list what are the other things you're not allowed to access if you're in Australia perhaps you're not allowed to access certain news sources or things from other countries you know what makes the internet so wonderful is that it connects people across the world uh instantaneously and it's beautiful you know I feel like sometimes I have more in common with people um you know who are internet users on the same sites as me over complete countries I've never even been to than people in my own town who are perhaps not using the same internet tools so I just love that connection that it's formed and I hate the idea that the trajectory we're going in is towards more and more control of this uh and it's always under the guise of we're protecting you from your own choices but I want people to protect themselves I want them to be empowered themselves to be informed about the tech and not be INF fantalis and told that they can't make their own decisions you know you can't wear your big boy pants yet um you know we all can we just need to learn how our Tech works and you know um decisions about whether people under 16 should be able to use social media should be a to parents ultimately and uh and individuals so yeah it I think that there are a lot of tools out there that can definitely help people who were really feeling the pinch who were starting to feel their freedoms curtailed uh and you know there are a lot of things that the government around the world you try to push us towards and there are ways to get around it and it's not illegal it's just that they make it really difficult to use the internet freely uh so it's just a matter of you know just learning how to do it and sometimes it can be difficult but I think ultimately um this wonderful internet uh tool that we have at our disposal it's worth it just being able to access it with with full freedom. I
really want to thank DeleteMe for sponsoring this video and helping protect me and my family from data brokers selling my personal information I cannot believe that data brokers still exist and can sell personal data about you to whoever they want to notice here us moves ahead with crackdown on data brokers selling to six countries of concern so an executive order has been issued preventing access to Americans bulk sensitive data and United States government related data by countries of concern including China Cuba Iran North Korea Russia and Venezuela but think about that they are banning the sale of your data to these countries if you're based in the US but your data is still being collected and may be sold to other people there's another article from the verge two data brokers banned from selling sensitive location data by the FTC precise location data from advertising IDs and mobile apps can be used for surveillance that according to the FDC puts millions of Americans at risk these data Brokers were showing personalized ads on mobile devices and then retaining tracking information identifying them your data is being collected put together by data brokers and then sold on the amount of information that these data brokers have about us is ridiculous I started using DeleteMe because of the recommendations of Rachel Tobac and others in the cyber security industry Rachel has done some amazing demonstrations where she cloned someone's voice spoofed their telephone number and pretended to be someone and tricked an assistant into giving passport information and other confidential information to her now you may think you would never be scammed but think about your mother your grandmother or someone else who's less technical than you there are so many examples of old people being scammed how much money were you scammed out of 11,300 their life savings being stolen because the attacker or scammer knows something about them and they can trick those vulnerable people into giving them money help protect your family help protect yourself by using delete me to go out there and remove your data from data brokers now you can do this yourself and go and manually remove your data but that means that you have to to put in a lot of work and constantly monitor that your data hasn't been put out there once again or sold online so I personally would use DeleteMe again because of recommendations of Rachel Tobac and others you can use my link below join http://joindeleteme.com/Bombal and get a 20% discount off your subscription don't let others control your data make sure that you get your data removed from data brokers. So okay you asked for tips so let's start off with private communication um another thing that was announced last year was that China has completely hacked into all of our telecommunications networks in the United States and I don't think this was surprising to anyone we we know that the governments are all in each other's critical infrastructure but I think what was surprising was soon after this announcement maybe like a month after this announcement the government started then saying hey you guys should protect yourself by using encrypted communications within the telephone Network and for anyone who understands how these Network work they have something called lawful access laws and these are Global right so every country in the world has some sort of a lawful access law which means that the communication Channel itself in the Telecommunications uh networks are not allowed to be encrypted and uh and that's why we use things like signal because we can encrypt packets and put them in the network but the actual Channel itself is not allowed to be encrypted and they've always said well that's for your protection we need to be able to access this to catch the bad guys and now they turned around and said whoops turns out you're more vulnerable because of this and China is listening to all of your conversations and maybe you should use encrypted communications within these networks so I think they're just saying something we all knew that private communication is really important and that encryption is really important so that's my number one tip for 2025 is encrypted communications use end to-end encryption uh services like Signal is one great example um but there are lots of services out there that you can use ultimately you don't want to be using SMS you don't want to be using social media DMs you want to be getting away from all of that and really just you know protecting your communication. So Signal are there any others? There are a lot of others uh the reason why I always go to Signal is because there sort of the gold standard the Signal protocol is the gold standard um there are lots of other alternatives some that are very interesting that are trying to decentralize these networks um a lot of them don't have things like perfect perfect forward secrecy which I think is a really important thing to have in a private communication tool so I don't necessarily recommend a lot of the others but are they better than SMS absolutely so much better what is a magnitude better so I think that like just choosing alternate uh alternate means of communication is going to really help you out and you're going to be doing a lot better than just going with the default SMS that a lot of us uh use today so I like Signal but you may have a preference for other apps that you like to use do you think are easy to use do you think provide uh good systems but I've also found that Network effect is very important and people get privacy fatigue if you try to move them over to the next best uh you know messaging platform I've moved people over to previous ones in the past in previous years and um you know maybe they get bought out by someone maybe they get sold or maybe the data gets hand over maybe it gets compromised so I kind of really like to just focus on what I think has the main staying power now because I don't want people to feel fatigued if I then move them on to the next thing that being said I'm contact on a huge number of these platforms because I'm willing to use them and I love using and trying out these platforms uh if you're just getting started or you're trying to convince others I would go for whatever has the biggest Network effect. yeah because I whenever I talk about Signal then I get a lot of push back
at why not Telegram what's your thoughts about Telegram I mean the CEO got arrested in France. oh Telegram isn't at all all it's not private at all I I it's so funny how people talk about telegram if it's as if it's a private messaging app and so many like you see the crypto community is using it and Gaming Community is using it and pretending they're having these private conversations so by default no peer-to-peer conversation no onetoone message is and encrypted it's all just protected by promises you know we promise we won't hand over your data that's not a robust privacy strategy it's not possible to enter any cryp the group Chats on there so every group you're a part of it's all just you know accessible to Telegram servers and if you look at the history of Telegram and what probably does like he his very char charismatic he talks a good game he talks about the importance of privacy but he hasn't walked the walk because he can't be there saying how much he values people's privacy and is there protecting it when he knows that he is the central Target and the central leverage point if any government wants this information and all he can do to protect it is just promised he'll never hand stuff over why not flip on and an encryption and uh and protect hundreds of millions of people with a flick of a switch so his actions just don't support his words um you know when even WhatsApp flipped on endtoend encryption and protected a billion users huge huge thing for privacy whereas telegram has decided to not flip that on uh which is very strange to me uh on top of that you know they were banned in Russia because you know Russian government wanted to get information on protesters and they said no then it was unbanned in Russia and then it was like banned in Iraq where the Iraq government wanted to get on protesters and then it was unbanned in in Iraq and then you know he's arrested by by France if you were to ask me and if my my conspiracy theory hat is on outside of all the red flags and just the protocol itself it seems that if you are not turning on end to-end encryption by default it's because you want access to those messages perhaps because it's a powerful tool perhaps it's a powerful negotiating tool perhaps you're a power broker I I would I would not recommend anyone use telegram um but really just at a base level even if you're not looking at any external red red flags just the protocol itself it's not end to end encrypted uh if there any group chats and it's really hard to set up the uh secret messages you have to be online at the same time for someone to accept your messaged in order to make it secret no one even knows that that's something they have to turn on in order to make it private because everyone's been led to believe by this amazing marketing campaign that it's a private messaging app but it's it's it's like calling Facebook a private messaging app right actually Facebook is far more private than telegram because Facebook now has endtoend encryption by default for private messages so that's not even something that telegram can claim it's like calling Twitter a private messaging app it's not it's a social media app and yes they do offer enter and encryption if you want to turn it on but that's not what they are so I think it's very misleading for Telegram to call themselves a private messaging app that's really not what they are they're public group chats um and they call them private but what they mean is closed groups they're not private because Telegram gets access to the contents of these groups. That's very interesting so you mentioned WhatsApp so is is would you recommend WhatsApp or would you so the gold sand would maybe Signal right but would WhatsApp do? No there was a great document that was released I think it was in 2019 and so it's a while ago now but it gave us an insight into the kind of data that governments can collect from the private messaging apps so it looked it compared all of the messaging apps that build themselves as private and it was uh actually leaked by Rolling Stone like good old leaking documents now um but it showed you it was a from the FBI and it was a document that showed what information could be uh gotten from these apps so signal fared the best out of these and uh WhatsApp fed the worst in fact because of how WhatsApp handle I mean first of all let's let's zoom out it's good for people to kind of understand these mechanisms WhatsApp is owned by Facebook right yeah and Facebook is an advertising company they make their revenue because they create amazing profiles about people and then sell access to people's attention so why are they offering a free service in WhatsApp what do they get from it well they get your entire social graph they get the records of of habits and people you're calling the duration of these calls there's such tremendous Insight that they get from all this metadata so yes the contents are end to-end encrypted uh if you trust Facebook uh it is close source so it's hard to verify um but even even if we do trust Facebook and trust it's an encrypted um there's just such a tremendous amount of metadata that they're also collecting and it fed one of the worst in terms of the amount of data that can be extracted uh by the FBI uh on that service so or by anyone you know how much data WhatsApp is getting how much they're selling to advertisers it just gives you an insight into that that data collection and how it FS against other apps. Okay so even though it's
end to end encryption because of the metadata and all the other information Facebook has on you it's not recommended. Absolutely um and also be careful of updates uh I mean uh backups right a lot of these messaging apps they'll give you these options to automatically back up but for example if you are automatically backing up to iCloud and you haven't turned on end to end encryption for your iCloud account well guess what all of your messages are accessible you know to Apple and anyone who wants to get them uh and whoever Apple get grants access to so you really do have to be aware of backups but you also have to be aware of metadata we think metadata is not important but I probably don't need to get the access access to the content of your call if I can see that you know you're calling someone for three hours a day and uh you you know you're there's just so much information that can be garnered just from that metadata so it's it's important to keep in mind um that that's going on but like there are other messaging out I mean Wire is another good one I think that they're very good yeah I think that they're they're a great service some of these are paid apps um so again Network effect might not be as good but I also think you should be thinking in terms of what's sustainable if a a messaging platform has a business model that's a really good sign uh because you want it to stick around and you want to know that they're not monetizing in some other nefarious way they're not telling you about um there are you know nonprofits out there so they have a business model as well donation-based us that's how Signal was founded it was actually founded by a hilarious story bringing WhatsApp back into the picture so Brian Acton was uh the creator of WhatsApp sold it to to Facebook and then he was so dismayed with the direction that it was going in in terms of privacy that he left like hundreds of millions of dollars of vested options on the table that he would have received if he' just stuck around another couple of months so he was so incensed that he left all that money on the table and he took 50 million I think it was and went and founded the Signal foundation so he started a competitor um platform and Foundation to WhatsApp for private messaging so that was a that's just a nice story that I like to tell people like he was so upset with the privacy on WhatsApp that he uh didn't want to be part of it anymore. I want to come back to that but before I get there you mentioned iCloud and um Apple is a privacy company so what's what's iMessage like? So here's where we talk about threat models because I think that people are going to have different threat models some people really don't want their information like for whatever reason maybe they're a human rights worker maybe they are a lawyer representing a dissident maybe they are a protester activist in a hostile country uh you have to be really careful with your privacy uh in those places the average person maybe just doesn't want the government collecting their information because it's none of their business or they don't want corporations monetizing their data because it's just really not their their right to do so and so when we think about surveillance we need to think about like what are we trying to optimize for because there are absolutely trade-offs a lot of the time and uh when it comes to Apple I would say that Apple is a really great company for most people because they're not an advertising company the same way that Google is an advertising company they treat your data a lot better than Google does uh but if you're someone like me and I'm kind of a privacy extremist Apple takes too much information for my liking so you know I do use some Apple products and when I do I take great pains to lock them down even further like Michael Bazzell has a great book where he talks about setting up a like a Mac from start and all the settings that you should adjust you know just like blocking out a lot of telemetry that Mac is that Apple is collecting themselves so I think if um if I were to set my grandmother up with something and I want her to be more private and more secure I would not put her on Android I would put her on iOS I would not put her on Windows I would put her on a Mac but if someone comes to me and says you know Naomi I am uh I'm writing this article I'm an investigative journalist and uh I want it to be as private as possible I don't want this information leaking I would choose other options I would choose a GrapheneOS device uh for them and honestly I would choose I would choose GrapheneOS for everyone it's not hard to set up it's a wonderful uh operating system they do a fantastic job it kind of operates just like Android except you don't have the Google in it so you're not sending everything you do to Google uh centralized servers I I just I feel amazing on my Graphene phone I've got I'm got right here actually so I've got my little um little Graphene device and it it it's wonderful I I Adore it so it really just depends where you come down a lot of people don't want the inconvenience of having to install you know flash a new operating system on their phone so Apple might be a better option for them um you know someone might not want to learn any sort of command line or deal with Linux or driver issues or anything you know so Apple might be a good idea if you are more worried about privacy there are better options than going with Apple for sure. Okay so messaging
Signal would be the best choice um otherwise like someone like let you say a grandmother or someone who's technically challenged then maybe Apple is is is okay choice but for the people who are really privacy conscious uh signal and then look at Graphene on a phone so that's your recommended phone cuz I wanted to ask you that. Absolutely okay yeah Graphene is amazing so the reason I like Graphene first of all it has to be on a pixel device and people think it's ironic because pixel is yeah and um but the reason why the Graphene team chose pixel as the de only device that Graphene is supported on is because you can flash alternative operating systems on all kinds of android devices right but you lose all of the security um uh protections when you do that so you can have like verified boot all these things when you're using Android but as soon as you flash an alternative OS you lose those things pixel is the only device that meets their security requirements because you can have verified boot even with flashing an alternative operating system uh on top of that um pixel devices are great they have this Titan M2 Chip in it which stops brute forcing attacks so if someone gets access to your device basically there's this uh delay mechanism in there so that if someone's trying to guess your PIN after while it just gets so long the periods in between that that people just can't brute force it there are different profiles on there that you can set to just shut down when you exit them so maybe you have like 2FA or something on a secondary profile when you open up your phone for the first time so if I just booted my phone and I type in my my pin even if I then lock my phone afterwards because it's been booted and because I previously have typed in my pin that pin is potentially accessible in Ram by someone who's a sophisticated adversary right so if someone steals my phone and I've already booted up for the first time and logged in they could potentially get everything on my device however these secondary profiles and when I say secondary I mean you can have up to 40 different profiles on your Graphene phone if you want I wouldn't recommend it like maybe four might be the max but um what happens is every time I exit out of one of those secondary profiles it's treated as a hard reboot which means that if I'm carrying around my phone and using it all throughout the day and messaging people and taking pictures writing notes and whatever it doesn't matter if someone gets my phone they can't access anything in those secondary pro um profiles there's no password stored in that ram it's that like this hard reset every time I exit out of it so the security pro precaution of that is great um you know I really don't have to fear losing my device leaving it in a taxi and someone um you know getting access to what's on there you know if I have a backup at home then I having that running around in the wild doesn't bother me so it's uh and they have a lot of things like granular controls they have things called Contact Scopes I mean how many apps have you downloaded that have said can I get access to your contacts yeah and we don't give it a second thought but if we were to give it a second thought we'd realize that this private information isn't ours to give away we've just granted some unknown developer access to like a thousand of our friends and family members their birth dates their home addresses their phone numbers notes in there you know where they work that sort of information obviously is monetized it's sold it's sold to these people search websites it's sold to countless other you know data brokers and other services so we really should think about that but there are some apps that when you go to downloader it demands you know you cannot download us unless you give us access your contacts what contact Scopes does on Graphene is it basically creates this fake contacts profile that's empty um or you can you can literally say well I only wanted to get access to David Bombal's you know uh contact information that's the only contact I want it to do so it will allow you to create these Scopes where you can like granular decide what information they're getting maybe you don't want them to get phone numbers but you want to allow them email addresses you know you can basically have more control over what these apps get and I think that's what privacy is all about it's not about hiding or like you know secrecy or all of that it's just about choice it's just about reclaiming our right to get to decide who gets our information and then really um exercising that choice I think is really important. The two big ones that I wrote down here because I'm sure people ask what about banking apps and what about notifications do they work. So there some apps can be problematic and that is because there
are certain apps that require you to have like a verified Google device and if it sees that it's been tampered with you're tampered with having a new operating system uh it will say this is not secure enough for our app and I presume that's a liability issue on their end um perhaps the bank doesn't want to be liable if you're putting this on an a secure device I haven't had an issue with any apps on my device but I have heard there are some banking apps that will not work and for that I have a secondary device that I use them because when it comes down to it I actually don't need to carry around a banking app with me everywhere I go I don't think most people do. And it can get stolen yeah. It's handy to have um to to use if we need it but we generally don't need it when we're going to the grocery store um you know we don't need to make a wire transfer while we're in line at the checkout or try our clothes or visiting our grandparents and so I think we can start to be more judicious about like if we need an app for something do we need it on the device that's very personal and goes with us everywhere where we go and sees everything that we see and knows who we're connected with usually not I think that the device we carry around with us can probably have far fewer apps I have hardly any apps on my phone at all it really is just a communication tool um for emergencies I don't have any social media on there I just don't need those companies to know what I'm doing that being said if you're using Graphene and you wanted to have all those apps it's going to be far more private than using Android or Apple because they do this amazing sandboxing with the apps where uh they just the the apps just aren't getting access to as much information and you can again granularly control how much information they get access to perhaps I shut off all Network permissions entirely from my calculator app well that seems reasonable my calculator doesn't need the internet but I could just turn that on when I want to regrant access and so it's just a great system for being able to choose at an app level what I want them to have access to. Do you get notifications. Yeah something that Android has is Google Play services and to understand what Google Play services is it's this infrastructure that is there for a number of reasons and there's some bad byproducts on it so we'll talk about what it's meant for to start off with it's meant to basically save you on battery um by creating this centralized infrastructure that more efficiently handles things like notifications so instead of like doing all these different requests to all the different servers it provides this more efficient mechanism within Google Play services and then the apps just talk to Google Play services uh and what that means is that instead of apps handling these things on their own Google Play services is handling that now I don't have Google Play services on my um my main profile I uh I don't want it I don't want it talking to all of my apps one of the byproducts of this system is that Google's just getting a ton of data about everything you do on an Android phone because it's all going through this centralized mechanism and that is just being sent off to Google servers so um like signal for example they handle their own notifications push notifications unless it notices that you have Google place Services there on the device in which case it will then default to that so I don't have Google Play services uh where my signal profile is so signal handles it by itself and it's fine um I actually don't really like notifications in the first place so I have those turned on CU I don't need a distraction machine you know following me around around if I want to call someone I will call it if I want to check my phone I'll check it and you do you know the statistics like apparently people on average will unlock their phone every 10 minutes like over a 100 times a day right so knowing that it's just going to be 10 minutes before I see a missed call or a message actually that's fine for me to do it on my own terms I don't need it inter to interrupt me mid-sentence or or whatever um now that being said with Google Play services I do have it installed on uh one of my profiles because there are certain apps that require it but what graphine does is they use something called sandboxed Google Play services usually Google Play services has incredible access they're just like tentacles seeping into your Android device and getting access to everything what graphine does is says we're going to treat you like any other app we're going to sandbox you so you have this little area where you're allowed to operate and you're not actually allowed to put your tend anywhere else and that's great because I can put Google Play services on this other profile and these apps can use it and uh and the this and Google isn't getting any extra information from that so I found that uh Uber works better with Google Play services so if you're someone who use ride sharing apps uh you can you can install Google Play services fine and uh and you can have your apps work uh completely fine with that um same with some VoIP providers if you want not ifications to come through and the vo provider doesn't have their own internal mechanism for this you can use Google Play services just to install it on another profile and then you're going to get those real time notifications because phones are the big problem I think for a lot of people right so number one top of the tier is top devic is uh is graphine then iOS then Android right yeah absolutely yeah Android is uh just collec it's insane how much information they're collecting but Apple and Google they both will bypass your VPN for their own internal system so if you're someone who has a VPN always on you have that kill switch and you're like well I'm protecting my IP address and private actually Apple and Google will both just decide to bypass it uh for their own internal functioning and they will say well these are essential things so we can't have a go through of VPN because we you know they're essential and for um mean operating and all this and really that does decrease your privacy a huge amount and when you have your internet gateway and your VPN on the same device the OS can literally just decide to bypass uh one to get to the internet and uh and so I I really love graphine in that it's not bypassing my VPN I think that's a a good thing to um to have on a phone that's really interesting so are you saying that Android and iOS bypass your VPN with a kill switch at everything for their stuff so they just simply bypass it all yep so there's a research team called MK and they've been doing some great Research into this um and they just analyze the packets that are being sent across the internet on their devices and I they have a long list of the different activities that Apple will bypass your VPN for um and uh a lot of them are not even things that you you'd think are are essential like it's things to do with the app store or things to do with you know your podcast app or you know it's it's crazy to me that a company that is building itself as a privacy company is doing this I felt kind of um betrayed and heartbroken when I discovered that this was going on and Google is doing the same thing but I didn't expect any more of Google and one thing I will say of Apple is that even though um they could do better with privacy I I think it's egregious that they're collecting so much data about users I really do like that they are pushing the Privacy conversation a lot of people wouldn't even see privacy as a valuable thing were it not for these amazing marketing campaigns from telling people hey surveillance is going on our tools will help keep you private so I do think that they're helping and they're um positive just for my personal life I've just decided to U minimize uh apple and opt for things like graphine instead so you mentioned VPN do you have a preferred VPN or you or doesn't it really matter it does matter tremendously uh there are so many scams in the app stores and you should be really careful of them because a lot of vpns either they are outright nefarious in that they are just you know collecting your keystrokes collecting your mouse movements I had one friend um you know Jonathan Tomac and he reverse engineered some of these VPN plugins that you get extensions and found that yeah some of them were literally collecting Mouse movements how fast just scrolling through pages just all this data so you need to be careful with the VPN that you choose um there are a lot of other companies that I would say are in a gray area the fact is that these VPN companies are very difficult to audit and they tend to be all owned by conglomerates and uh when I say that I mean like your five favorite vpns are probably all owned by the same company and um and so when one has one privacy policy but another in their conglomerate has another that is red flags to me because you don't really know what's happening to the data on the back end uh whether it's all being mixed together you know how it's being treated and it's very difficult to get that information and on top top of that you've got a lot of vpns that are owned by companies that also own a lot of magazines that promote privacy products so if you go to your favorite online you know uh news Outlet that's called tech review Wizards the best ever um it's and they're recommending XYZ VPN it's the greatest and it turns out that they actually own XYZ VPN so a lot of these independent reviews of VPN are um just fake and and created by these companies and then if you look even further these umbrella companies a lot of them are tied to advertising companies as well so the VPN realm is pretty crazy it's like this rabbit hole and it's just it doesn't mean that all the vpn's out there can't be trusted it means that it's very difficult to figure out what's good and what's not and because of that I stay very heavily uh towards the products that have a really good reputation so that means that some really great people have worked there maybe I know team members there um maybe they just have an incredible reputation Compu security communities and so I I think mulad has probably one of the best reputations out there for vpns they accept cash as well if you wanted to pay anonymously they accept different cryptocurrencies um so if you wanted to do that you can I like proton bpn as well I think they're a great product Suite that is providing some really good alternatives to the Google Suite uh so I like to use their products not just their VPN but I like their uh Drive I like their mail service I like their calendar it's super easy to import their calendar there's literally one button you click that says import my entire history of all of my Gmail uh appointments from the last decade and all future appointments and with a click of a button you could just import all of that into a new calendar and it's ENT and encrypted so no one is getting access to that data going forward so I think that they offer a really good Suite as well that's great I mean it's yeah the one I always um that I recommend and a lot of people in the cyber space recommend is proton but it's good to know others um you mentioned operating system so we've covered phones I think but like desktop you said Mac OS is better than Windows but Linux is the preferred I take it is that right and yeah and it depends uh which Linux distribution so there are companies that will offer Linux distributions and they will collect Telemetry from you as well ubun is that right yeah I mean but you can turn a lot of that stuff off Linux could be a really big learning curve for people and a lot of people are scared to get in there I remember the first time I got a Linux computer and um there were different things that just didn't work and I realized I kind of needed to have this base level of command line in order to be able to reinstall because I was using a um a gooy to interact with everything and I didn't realize that you know some of these processes weren't actually being stopped through this this um graphical user interface so it can be a learning curve I would say start small and just start with the very basic understanding of you know how to use command line it's actually not as scary as I initially thought um if you do want to go with a different computer uh that is going to have more compatibility then Mac can be good if you lock things down so some of the things you want to lock down like for example you might um you're probably going to turn off everything um uh related to Telemetry that you can you're probably going to install little snitch to stop that extra Telemetry going out uh and to monitor any external connections that your computer's trying to make you're going to even change the time protocol Apple by default will sync your time on your computer using their internal servers I don't need them to have that uh data so I could just you change that setting and uh go directly to the time protocol itself and sync my computer that way um there are lots of different settings that you can you can tweak and again I think Michael basil has the best outline of what to do I see his book in the the background of your video there um wonderful book yep yeah yeah exactly yeah great book um highly recommend that people if they are going for even if they're going for a Windows device he goes through Linux Windows Mac OS and explains all of them different settings you can tweak so regardless of your setup I think it's just a great book to go through and um and beef up your privacy which Linux distri distribution would you recommend if any well I've tried out mint and pop OS um so both are considered very easy to use when it comes to Linux um I know when you talk about Linux suddenly you have 75 million people at you in the comments you shouting at you for their D and actually I yeah I actually love that um whenever I talk about Linux uh I always get just a wealth of information from the community so it can be overwhelming if you're just starting out but honestly if you have questions ask the internet and there will be people there who are so eager to help because honestly the idea of Linux and the reason why so like it has such an incredible Community around it well first of all like everything in our lives runs L Linux behind the scenes right um like even uh yeah like all your iot it's all running Linux like it there's just all the infrastructure in our lives is running Linux so already we know it's a powerful tool but I think people just love the freedom of it and they love that it can be easily forked and you can tweak it and you can customize it so that it works for you so that your Tech is not someone else's Choice the data collection is not someone else's Choice it's yours um and I think that granular control is really empowering to people so I um like had s to that Community for knowing so much about all of this and for helping others and for sharing their knowledge I I just think it's great browser I know which one you use but what do you recommend uh I like Brave browser but there are others like molad came out with a browser and uh it's also very good so I think a good resource is privacy tests.org and it looks at a number of different criteria for third party tracking and cookies and all of these things and it gives either like a tick or a cross in terms of how well it does and I think Brave out of the box is one of the best browsers for privacy if you just want it to work and you don't want to have to go in and customize your settings it's going to be fantastic it's going to do things to stop bounce tracking it's going to you know create a new Sandbox environment for every site that you visit it automatically disables third party cookies by default Chrome has been saying they're going to do that for years yeah right every other browser already has and then every year it's like the excuse of oh what's their excuse this year you know what's Chrome going to say the reason that they pushed off they're turning off third party cookies uh but they never do it they just keep pushing it kicking the can down the road um but yeah I think that that m is is really good Brave is really good I would go to privacy tests.org if
you're trying out a new browser and you want to see how it fars uh in comparison to some of these other ones um is just a a really good tool do I need to use to you can use tour uh depending on what you want to do on the internet I think tour is an incredible tool that more people who use it the more private it becomes because privacy loves company and so if you're one person hiding in an anonymity set of one you're not really hiding if you're one person hiding in an anonymity set of a million suddenly your actions are just normalized and I think that's great so any privacy tools that you can opt into I think is is um is awesome uh tour is really is such an interesting tool because there are different tradeoffs for it right um um if I am using the internet like first of all the the exit node is not encrypted right it's uh it's always unencrypted and so I don't have the same guarantees as perhaps like a VPN that is encrypting that tunnel all the way through um but tour is the best for privacy because you are literally wrapping your packet in layers of encryption and no single entity that deals with with the packet knows both Who You Are what you're looking at on the internet and I think that's really powerful just disassociating our real world identity from the things that we're doing I think um if you want to use toy it's is going to be slower for you um but it's an amazing tool and uh if you even want to try it like if you're not in a rush and you don't mind it being slightly slower um if you can weave it into your life you are helping other people be more private simply by using this tool I know that sounds really weird but you're liter really making a huge difference for the people who really do need it those human right rights workers those dissidents those protesters so um so yeah see like try it out um and also you can access all of these unindexed parts of the internet we call it the dark web um but that sounds very like nefarious a lot of these things are just not indexed you know I know friends who have set up tour websites one of my friends actually just messaged me he spent last night setting up a new Tour website for his uh his platform um because some people just want to be able to access normal websites like podcasting sites uh with that extra layer of anonymity and I think that's completely valid no one has to justify wanting privacy in their life and it's great that we have options out there that allow it problem with t right is that when you go to some websites they just block you right so that's where Brave is a good backup I suppose Brave is a great backup and also has tour integrated I would say if you're going to use tour the tour browser is going to be the best bet it's just hands down it's going to be the most integrated um and the the the best tool for using it but I love that brave does has that in integration because I literally click on a single switch and I can turn on tour and it's just super easy got to ask your search engine um I'm assuming it's not going to be Google I love Google um no it's not Google I haven't used Google for years at this stage I I use brave because it's the default in the brave browser and maybe like two years ago it wasn't good at all because there are different kinds of uh search engines there are meta search engines and then there are these pure search engines so if you are a meta search engine you're really just wrapping someone else's search results up in your own facade and and setting it out there are a lot of search engines that do that they're just giving Google search results and wrapping it up in is helpful they're you know adding proxies they're making it more private um I didn't want Google search results because I want to have other indexing system I wanted to support a market share of other people entering the game so brave is a full search engine in that they have their own spiders that are crawling the web and indexing sites themselves so you can imagine when they first started out it wasn't great because they're indexing from scratch and Google has had a really long head start on them but at this stage I love it I do not have any issue finding what I need to find on Brave search engine there are other tools that you know you can use as well so um all kinds of pre of uh search engines actually like Emoji can uh pre-search and start page start page is like a a private frontend for Google search results if you want that there are all kinds of tools you can use it's so easy to swat swi swi put my teeth back in uh switch out your browser and your search engine for other tools it's probably one of the lowest hanging fruits that you can do in your privacy Journey yeah the problem with brave is like exactly like you said I think a lot of people say Google results are better than brave but it's good to hear that it's got better oh absolutely better that that's great to hear so if you want Google without sorry if you wanted use Google results but you want privacy then perhaps start page right yeah and also within uh Brave what I like is that you can put on different goggles so there not someone who's going to filter results for you you can say well actually I only want results leaning to the left in the political Spectrum or I only want results leading to the right that can also be a really helpful investigatory tool sometimes I want to look at issues and I want to see what both sides how they're both framing it see if there's anything I've missed you know um so just doing search results with both of those things can be very interesting they also enable you to default to other search engines like if you don't find the results you want in Brave you can just click a button and then it'll include Google search results as well so uh but I actually never find that I need to do that uh maybe a couple of years ago I did but um definitely not recently um everything seem seems yeah there's really nothing that I haven't been able to find on there um and these days honestly like AI is is becoming the new search engine as well um I like brave because they have an integrated AI That's all completely private there's no logging there's a proxy that um strips out your IP address so that uh even if someone were collecting results it wouldn't be tied to your identity but on they're also not collecting any of your results not logging any of your information and it's a really cool Search tool so when I'm searching in Brave Leo will summarize the search results at the top so if I'm just looking for an answer to the question like how high is Mount Everest you know I could just type that in and then the AI will just summarize it at the top completely privately which is really lovely so just for everyone who's watching we want to make clear that there's Brave the search engine right and there's Brave the browser and that's why you're using those two there's two separate parts but now you've mentioned AI because that was on my list as well AI from a privacy point of view just seems an absolute disaster I all right right I have a hot take on that but before we get to the hot take I want to give some uh methods of using this because AI I think thinking of it only through this lens of it's the end of civilization is naive you know it's a tool that 10x is our productivity it's a tool that gives you access to resources you never had access to like I I've started subbing out my lawyer for you know AI tools saying hey can you write this contract and they do and saved $10,000 so I think that like we can't be sleeping on this technology at the end of the day technology is neutral it's how we use it as important now the problem is is that AI for the past decade because we didn't just get AI we've had powerful Compu machine learning and neural networks for a long time and governments data Brokers have been using it against us um and suddenly we've kind of democratized access to these tools and we have access to them now so just because it's been hijacked in the past for surveillance uses it doesn't make the tech bad it's neutral and we need to reclaim it and we need to be using this to empower ourselves and to use it to fight for our privacy so might not take it a moment um I'll get to how you can do that but if you're just starting out and you just want to know how to use these tools privately there are different platforms that will respect your privacy so I think that brave is one of the best AI tools for privacy they are integrated directly into the brave browser you can turn it on or off and there is no log of any of your results so there is and you don't even need to be signed in or anything in order to use the um the Leo Brave uh AI system and they also have this reverse proxy that I mentioned that strips out your IP address from all of your queries so instead of your queries going directly to the um whatever server is hosting the model it's going through a proxy stripping out your IP aggregating uh these search results and sending it back to you um even the way they handle payments if you wanted to upgrade is private so they have this token that isn't actually associated with your identity and uh and I like Brave as a company you know when they say that they're not logging um I uh I trust them enough to be able to put private search things uh into the search bar that I definitely would not give to chat GPT so you know if you're going to be using chat gbt I would say that in order to preserve your privacy be aware that you have a history of every single thing you have ever asked in one cadet's profile centralized on their databases so if anyone wants to get access to that in the future they will keep that in mind when you're searching for things because things can be taken out of context used against you if you've ever you know searched for like what's the definition of a terrorist or you know anything like can be completely innocuous but just understand that those things can be taken out of context and that is being stored in perpetuity so be aware of that um then there are some kind of interim ones that I say are in the middle of CH GPT and something like Braves uh Leo so Venice AI is um a private front end now the way they work is their front end um what what I like about them and what I think is really privacy preserving is there's no centralized company again collecting any information about you so let me break it apart so Venice has a frontend called Venice AI which is a really good user interface for accessing these models and Venice self does no logging on their platform so anything that you put in they're not keeping a record of that they're just a pass through they're not doing the computation they're not actually doing the processing of these queries what they're doing is they're plugging into a decentralized network um ultimately they'll be switching to something called the Morpheus Network which is decentralized compute currently they using something called uh I think they're using Akash and hyperbolic at the moment so think of these like an Airbnb for um compute uh people who have you sped gpus on their computer they can just rent them out to people and uh and process requests so when you go through the Venice front end nothing's being logged then it's being sent out to you know any number of these airbnbs for gpus and they're doing the compute you don't know the logging policy of the people doing the compute so I would be aware of that um but there is no centralized entity collecting your data it's not like one person on the back end is scooping everything up and associate it and building a profile on you so that's a really good uh privacy mechanism so I would say wh
2025-01-20 11:02