Hello, and welcome to Live like the World Is Dying, your podcast for what feels like the end times. Still saying feels like. And I'm very fortunate to be joined today by Eva Galperin, who is director of cybersecurity at the Electronic Frontier Foundation. How are you doing today?

I'm doing all right. Thank you for having me.

Good. Yeah. I'm excited to get into this. We're going to talk about the little spy that we all carry around in our pockets. But first we have to hear this lovely jingle from another show on the Channel Zero Network, Anarchist Podcast. Here's a jingle. Sometimes. Yeah, okay, you're dancing. I was going to sing it, but I'm always. We're dancing, people. This is an audio medium, so I'm sure people can appreciate that. All right, we're back. I guess I should start by, like, expressing the generalized anxiety I've heard from so many of my friends in the last 12 months regarding cell phones in particular. Right. People who had not been particularly concerned about, like, state or corporate surveillance for many decades are now, for what are probably pretty obvious reasons for anyone living in the US Very concerned about it. So I thought we could talk about. To start off with, we could talk about some very basic best practices for people who are concerned with privacy and specifically concerned with the privacy of their data and their everyday comings and goings with respect to their mobile phones.

Sure. So a lot of. A lot of my time when I am running around talking to people about digital privacy and security is divided up into two kinds of conversation. First, one is me trying to convince people that this is actually very simple and approachable and it's not scary. And then the second is me going, actually, it is very complicated and tricky to get right. So I spend a lot of time saying, figuring out what you want to protect and who you want to protect it from is something that we should all be doing. We could just walk through the steps. It's not that scary. Here, hold my hand. And then the next bit is, usually you have no idea where your data is or where it's going or who has it, and therefore how to protect yourself. So I am sure your audience is used to the idea of holding two truths and in their minds at once. And so these are the two truths that we are going to embrace right now. So before you even think about what the appropriate way to sort of lock your stuff down might be, the first thing that we recommend that you do is you start with a threat model. This is a term that we have stolen not from the military, but from software design. And the whole idea behind a threat model is that you break your problem down into a series of questions. And those questions are, what do I want to protect? Who do I want to protect it from? What are the capabilities of the attacker that I'm protecting my assets from? How much trouble am I willing to go through in order to protect these assets? And what are the possible consequences if I fail? So we start with those. And again, this seems very straightforward until you realize that you have no idea where your data lives, what your data looks like, or who might have access to it. The good news is that with a little bit of technical know how you, you can do the most, the most basic things in order to deal with that data. But definitely the first thing that you need to do is you need to think about just like, what do you want to protect? Who do you want to protect it from? Because the kind of mitigations that you want to take. If you are an activist, if you are interested in politics, if you are a person who does direct action, if you are a person who goes to, goes to clandestine meetings or has reading groups. Reading groups are very dangerous, as we all know. Then you want, on one hand, you want to be able to prevent governments and law enforcement from knowing where you are or what you're talking about or where you are associating with. But the other, the flip side of activism is that you need to be able to talk to people. You need to be able to talk to people. You need to be able to get your message out. Activism is not done in a vacuum, or indeed on a mountaintop, in a shack where you've just thrown all of your devices into the sea, which is located next to this mountain in this very geographically strange scenario. So we're going to talk a little bit about what that looks like. And for most people, the trade offs are all in very different places. So the things that you need to do in order to make sure that no one ever has any information about who you are or what you are doing are very different from the things that you, that would make it possible for you to do the stuff that you do every day, especially if that stuff includes activism or talking to people about politics or going places or getting a message out about places where people should be in order to do something which I understand your listeners might also be interested in. Yeah, so everything is trade offs. So usually I start with extremely basic digital hygiene because we can get into all of the stuff about how you need to become James Bond. But before you become James Bond. You need to wash your hands and take and eat your vegetables. And that's just extremely basic stuff along the lines of securing your accounts. Just secure your accounts. And the way that you secure your accounts is you make sure that every single one of your accounts has a different unique password, that that password is strong. The thing that makes a password strong is that it has many characters. It doesn't matter if those characters are special characters or if those characters are numbers or letters or, you know, asterisks or whatever. This actually doesn't matter. What matters is the length of the password. Longer password is better. And then you might ask yourself, so now I have like 100 unique, very, very long passwords. How am I going to keep track of them all? What you do is you get a password manager. So that is an app that all of your passwords live in. You make sure that your password manager password is also very long, but also that it is a password that you will not forget because you don't want to get locked out of your password manager. And the way that EFF usually recommends doing this sort of building a long password that's easy to remember is using a book or a dictionary. You just randomly generate five or six words and, and string them together because it is easier to remember five or six words than it is to remember 50 random characters. Imagine, if you will, trying to type in 50 random characters every time you want to enter your password manager. This is bad. Some things you might want to keep in mind when you're looking for a password manager include whether or not the company has a history of security problems. LastPass, for example, has a history of security problems, which is the reason I don't usually recommend it as a password manager. But if I had to make some recommendations, I would probably go with for a paid option, 1Password and oh God, who has a good unpaid option? So what I usually recommend as a paid option is 1Password. And as a free option, I recommend bit Warden.

Okay, yeah, yeah, I've heard of those ones. Yes, yes.

So that's where we are now. So you want to use a password manager, you want to install the password manager on all of your devices, and then the next thing you want to do is you want to make sure that all of your accounts are using two factor authentication. Two Factor authentication can take many forms, but generally what this means it is a two factor authentication is any situation in which simply having your username and password is not enough to log you into a system. You also need a code which is time limited and is sent directly to one of your devices. So this might come as an sms, as a text message, or you might get the message on an app like Authenticator, or you might need a physical dongle that you plug into your device which provides you with the ability to log into the account. And those come from companies like duosec and Yubikey. So those are all different ways of getting your second factor for two fa. Two Factor Authentication the strongest methods of Two Factor Authentication are usually either like you need to have a physical object such as a Duo key or a Yubikey, or somebody needs to send a message to your Authenticator app. This is generally considered to be stronger than having the code sent to you via email or sms because there are more ways in which email or SMS can be compromised. However, there are circumstances under which having a physical key is is not actually an advantage. For example, if you are in a domestic abuse situation in which you live with your abuser. So if your abuser has access, physical access to your device, especially when you are not around, and they can coerce you to hand over the password, and possibly they can also find your physical key, then they could get into your device. This is also a concern, for example, if you are planning on crossing a border or encountering law enforcement. Those are situations under which you do not want to be carrying the device for your second factor. So the strongest factor always depends on sort of the circumstances that you imagine you're trying to protect your account against. But this is just your basic account hygiene. Frequently when you log into an account for the first time using Two Factor Authentication, one of the things that the account will ask you is do you want to require Two Factor Authentication every time or should we just shrug and go, hey, we recognize this device? Yes, you should use Two Factor Authentication every single time, because that is a tremendous benefit. But the trade off is that it is very annoying. It takes you extra time. Sometimes the SMS doesn't come in, sometimes the email doesn't come in. There are all kinds of potential problems. So that's the trade off. It is a trade off I'm willing to make because I care a lot about the security of my accounts. But I have to acknowledge that that's not necessarily the case for everybody. So beyond the security of your accounts, there are some other things you might want to think about. You might want to think about payment information. If, for example, you are paying a service like a mail service like Proton, or you are paying for your Password Manager, like 1Password, you have to keep in Mind that whoever you are paying using, say, a credit card has all of your payment and credit card information. And so if an, if an attacker shows up and either breaches that database or shows up with a warrant or a subpoena for this information, the company may hand that information over. And that's something you might want to think about because there was recently a situation with ProtonMail in which someone paid for a, for a ProtonMail account and then ProtonMail handed over the payment information related to that account in response to a local court order. And a lot of people were very surprised because Proton makes a very big deal about how they protect, how they protect your information. But what they mean is the contents of your communications. They don't mean your credit card data in response to, to a valid court order that they're getting from law enforcement. And this is one of those reasons, again, that threat modeling is so hard, because these are often things that people don't think about. Some other things you might want to think about is the difference between sort of security and anonymity. There are situations under which you don't want the things that you are saying to be linked to your identity or to be linked to your name. And it is really important to take the time and really make sure that all of those things are cordoned off from your real identity. And some of the ways that you might want to do that is by using separate devices and separate accounts and being extremely thoughtful about anything that you pay for with these identities that you are using that you want linked to who you are or what you are doing. So that's compartmentalization, as I'm sure most of your listeners are familiar with it. A lot of the time when we talk about digital privacy and security, there's a lot of emphasis on just the security of the contents of your communications. When somebody says that something is encrypted, usually what they mean is that the contents of the communication is encrypted. And that's fine. You want to spend a lot of time looking for end to end encrypted communications that are end to end encrypted every single time. That's cool. But what this protects you against is someone who does a man in the middle attack. So someone at like the ISP or somebody on your network or somebody who shows up with a warrant or a subpoena to the ISP or to the platform that you're using, but it does not protect you from someone looking over your shoulder or the person that you're talking to taking a screenshot all the end to end encryption in the world is not going to protect the contents of your communications. If when you are planning to bomb Yemen, you add the editor from the Atlantic to your group chat and this doesn't mean that signal doesn't work. Which brings me around to the next topic. Signal is actually the best end to end, always encrypted, every single time method of real time communication, but it's not necessarily going to be foolproof. Signal is very good at what it does, but it is not magic. And you should also think very hard about who else is in your chat. For example, if you have, if your chat is hundreds of people, some of which are not properly vetted, some of which are not trustworthy, then yeah, you're going to see a lot of, you're going to see a lot of screenshots, you're going to see people getting rolled up and handing over the contents of communications or describing them to governments and law enforcement in ways you don't necessarily want. So that's something you might want to think about. And then usually the next set of questions that I get, you can tell I've done this a lot. Usually the next set of questions that I get are around attending protests, setting up social media accounts and crossing borders. And those are also situations in which everything is very, well, it depends on what you are worried about. But some of the most common concerns that people have are, are, you know, being, if, if you are attending a protest. Being identified as having attended the protest is sometimes a concern, not always there. There is definitely a class of protest where the whole point of the protest is for ordinary people to show up with no masks and no, no secrecy whatsoever. The whole point is that there is, you know, there is popular protest, but there are also protests where maybe you don't want your identity to be linked to what you are doing. And if that's the case, obviously you will want to dress in a way that is nondescript, that covers up any aspect of yourself that might be used to identify you, such as hair, piercings, tattoos, notable clothing. That's how you get black block. Not to mention that really easy to pick out your clothes in the morning, three things on the floor, all black done. So you want to dress in a way that is nondescript. But what should you be doing with your digital devices? This depends on what you need a digital device for at the event that you're going to. If you are using the device just for taking pictures, maybe you might want to leave your phone at home. You want to take like a digital camera with you if you need to be able to communicate with other people who are at the protest or with people who are not at the protest to let them know what is going on. You might want to take a phone with you that is not linked to your identity or that is largely disposable. Another reason why you might want to take a phone that is largely disposable to a protest is if you get arrested or if the protest turns violent. There is a significant chance that your phone will be seized and possibly examined, but also possibly just broken. And so I try not to bring a phone to a protest that I will be sad if I never see it again. And I try not to bring a phone to a protest where I envision this sort of thing happening if I am concerned about the contents of the phone. So those are some other things to keep in mind. And then finally, we have learned some interesting things about what law enforcement is doing tracking phones at protests. Right now there's a lot of talk about IMSI catchers and about the, you know, the government spying on people's communications during protests. EFF actually created a device to test for this that we call Ray Hunter, which is really cool. But let me tell you, we have not yet found a single instance of the police deploying IMSI catchers at a protest in the year 2026 in the United States. We don't think that that is what they're doing. That doesn't mean they're not spying on you. The way that they're spying on you is by using real time bidding for the location data from your phone, using stuff like Tangles. And so one of the things that you might want to be very careful about is making sure that your phone, once you are at the protest, you might want to just dispose of the phone before you go anywhere that could be associated with your identity. So that's another thing you might want to consider. There are of course also situations where maybe you want to turn off the location function on your phone. Maybe you want to just use airplane mode, maybe you want to turn your phone all the way off. There's a lot of misunderstanding about what kind of information is available about your phone when your phone is powered off. Yeah, as far as I have been able to tell from some phones, sometimes the, the information which is available about the phone is, has to do with the last cell phone tower that it pinged. So if you turn, if you turn your phone all the way off, that information may be available. But if you then Take your phone somewhere else. It is not going to gather up any. Any new information about the location of nearby cell phone towers. It will not be pinging cell phone towers when. When it moves.

Okay. That's what it makes. So, like, sends all that information or like you're saying the phone retains, like, information on the last cell phone tower that it spoke to.

Yes.

Okay.

And also, if you are the police and you can go to nearby cell phone towers and ask for the dumps of the cell phone towers, they will have the. They will have a record of your phone trying to reach that cell tower at that time.

So if you turned it off at home, it would have the cell phone tower nearest your home as you.

Yes. Which doesn't allow them to really narrow it down to your house, but it does. It does narrow down the neighborhood. Yeah, it really does narrow down the geographic location. That can be a problem. So one of the things that sort of. That ICE was really excited about was the possibility of tracking anti ICE demonstrators back to their homes after the protests.

Yes.

So that's something that we should probably think about generally. I think that for the kind of protesting that we are seeing these days, it is probably a good idea to bring a phone with nothing on it that you wouldn't mind having the police see. And also, I would not bring a phone that I would ever count on seeing again, either because the police have seized it or because it's just been knocked out of your hand and broken.

Yeah.

So those are some other things to keep in mind. And then there's, you know, you're just basic protest etiquette, which is don't take photos of fellow protesters showing their face or any identifying marks without. Without permission. Just like, show up and be cool.

Yeah. It can be easy for this concern to have too much of a chilling effect. Right. Like, there are a lot of these protests which are large and very kind of diverse in their political makeup. And like, you don't want people to be too afraid to go, but like you said, like, taking some sensible precautions. Makes sense.

Yeah. And again, it all depends on the kind of protests that you're going to. There are, you know, walk in the park, bring a sign, take your kids protests.

Yeah.

And then there's Battle of Seattle protests.

Yeah. Different vibes.

You're going to want to prepare differently for those.

Yeah.

As a rule, if you're packing a gas mask, you. You should also probably not be packing a phone that you will be upset if it is seized by the police.

That's a good. Yeah, that's a good rule. So I wonder then, like, let's talk about phones a bit. Right. People are very concerned with the phone stuff and for very, for very good reasons. Right. Like you say, like people protesting in ICE have been visited at home. People are seeing, I'm sure people have seen that, like even in the instance where government agencies don't have a warrant, they can sometimes buy data.

Yes. They are in fact buying this from the same data brokers that they're getting from, that they're using to track people who are at the protest back to their homes.

Yeah. And allegedly that's what Iran did to target some United States facilities. Apparently in the Middle east they purchase commercial data. So they're like. I guess what I'm getting at is like the surveillance capitalism and the state surveillance. The Venn diagram overlaps here. It's not two separate things.

Absolutely.

Yeah. So what do we, how do we reasonably limit the amount of that information that we're giving away with our telephone? Do we need to return to flip phone or I guess what are our tiers of options? I should say is a better question.

It depends. For some things, for extremely sensitive communications, I would recommend keeping them off of your devices, having person to person meetings, not with no devices in the room, but for a lot of things. Meantime, you want to just somehow live your life and also be able to communicate with people and have meaningful interactions with other human beings. So I'm not recommending that we switch to a life of flip phones. What I am recommending is first off that people look at how much information data brokers have about them and that they take action to limit that information. So in the state of California we have this thing called the Delete Act. And as part of the Delete Act, California had to put up a portal where you give it all of the information about you and then it requires all of the data brokers to delete the information that they have about you from their databases. This has not yet actually happened. The portal is live, people are using it and people are making requests. But the data brokers are not required to start deleting that data until August. So we do not yet know how well this program is working. And I would not count on that right now. What you can sort of count on are data deletion services. The two data deletion services that came out on top when Consumer Reports did a test of the services were easy opt outs, which is cheap, and optery, which is expensive. So make your own choices. And what they do is they have Ways of they reach out to the data brokers on your behalf and ask them to take down the information. And there are a bunch of laws that require them to honor these requests, which sometimes data brokers follow. So, yes, I recommend getting a data deletion service. And if you are in the state of California taking advantage of the delete act once, though I would not count on it deleting anything before August at the very latest. And God only knows what will happen between now and August. Yeah, different world indeed. So, yeah, limit data broker stuff. You want to also limit just what can be seen about you as you browse the web. Because we do browse the web on our phones. So do we have a mobile version? No, we don't yet have a mobile version of Privacy Badger. But when you're like on your computer, one of the ways in which to limit what web browsers can see about you and therefore sell to data brokers is by downloading the web extension Privacy Badger, which eats cookies. Just one of the ways in which they track what you are doing from one website to another. We are currently working on a mobile version of this. So it's coming. We know this is a problem.

Yeah.

SSD has like an entire section on just like tighter privacy settings for your. For your phone.

Some phones offer like a rolled up package now, right. Like on an Apple phone you can, you can have lockdown mode if you have a phone of a newer generation. Are those things that like, you'd recommend?

It depends. There's a lot of misunderstanding about exactly what lockdown mode is and what it protects you from. Yeah. So what lockdown mode does for an iPhone, not for an Android, because Google also has a thing called lockdown mode that actually does something completely different. Perfect. Presumably just to annoy me. So what lockdown Mode does in iOS is it limits some functionality of your phone. And in exchange for that, what it does is it has removed the attack surface that a lot of the most sophisticated remote exploits use in order to compromise devices. And so this protects you from very, very expensive, largely undetectable surveillance malware made by companies like NSO Group. So you know, stuff like Pegasus and Predator.

Okay, yeah.

So if you are concerned about those, then turn on lockdown mode. There has not been a single instance of an iPhone being compromised by state level surveillance malware where the person has had lockdown mode enabled. In fact, the most recent toolkit that we have seen checks to see whether or not you have lockdown mode enabled. And if it does, it simply turns around. It's like, no, they don't even bother to try.

Oh, wow. Okay.

Yes. And I can think of no greater endorsement of lockdown mode.

Yeah, that's pretty great.

But in the same way, that signal is not magical and will not protect you from all kinds of things that are not part of the threat model. There are all kinds of ways to get things off of a phone. And even in lockdown mode, including, you know, just like, sneakily, you know, adding another. Another profile to, you know, somebody else's account or adding your device to somebody else's account. There are. There are all kinds of ways that you could do it, especially if you have physical access to the phone as well as the username and password. So that's something that you often see in cases where someone has been detained by the police or in domestic abuse situations.

Yeah, yeah, yeah. Let's talk about that phone password quickly. Because a lot of people find it very convenient to have the thing where the phone sees your face and it unlocks. Can you just explain the security trade off that's happening there?

Yes. So it is really convenient to be able to look at your phone and unlock your phone. Most people have this turned on and they like it. There are some circumstances under which you might want to turn that off, specifically circumstances under which someone else might get their hands on your phone and try to compel you to unlock it. And in the case of law enforcement in the United States, the law has a much stronger protection for the contents of your brain than for your face. And so it is much more difficult for police to compel you to hand over a password, which is a number or a word or something along those lines than it is for them to compel you to stay still while they aim the camera at your face. Because one of those is, you know, compelling the content, the contents of your mind, which has very, very strong Fourth Amendment protections, whereas your face is just sitting there.

Yeah, yeah, they can. Yeah, certainly. Like, I know how it can be. Like, I'll give an example. I was in Minneapolis and in January of this year, and, like, it would have been very lovely to be able to unlock my phone with my face because I was wearing huge gloves. Instead, I decided to type in a long alphanumeric password with my nose every time I wanted to unlock it, which is inconvenient. But these are the trade offs we make.

Yes, but again, this might be a situation where you might want to take a phone with you that is largely disposable, and therefore it does not matter if they unlock it because you're not logged into anything significant. There's nothing on their there for them to find. Not everything has to be maximally locked down all the time.

Yeah, yeah, that makes sense. I think, yeah. Like a lot of colleagues, like I think most journalists I work with now will have work phones, at least a work phone and a personal phone in addition to maybe some other phones. But that does make things a lot easier than trying to make your device like super impenetrable, but also carrying around all these things that you don't particularly want to share with the world.

Yeah. One, one note for journalists who are taking their work phone with them to say protests. I'm not sure that I would recommend that because your work phone has all of your contacts on it, presumably your work phone is logged in to something with all of your drafts of things that you are writing, your communications with sources that you might want to protect and maybe that might not be a thing that you want to bring to a protest.

Yeah, yeah, I think you would, I think the work phone distance is the one that you would leave at the office or maybe not the office.

Oh, I should talk about disappearing messages.

Yes.

Yeah. So one of the things that you could do in your end, to end encrypted communications in order to protect them even further, is to set disappearing messages to a relatively short period of time. This does not mean that the person that you're talking to is unable to take screenshots or describe to people what your conversation was about, but it does limit the amount of time in which they can do so. And it means that if somebody else gets their hands on their phone, they will not have a full record of, of your communication going back to the time when you first started talking, which is potentially very sensitive. So that's one way to make sure that when someone has physical access to your phone, even after they have gotten into your phone, they still cannot see sensitive things.

Yeah. Unless apparently you have pop up notifications in a certain way that contains the content of the message.

There's a mode. Yeah, There's a mode you could set in iOS that will prevent. That will prevent the phone from doing this.

Yeah, I think that's important for people to understand because I've seen people thinking like, specifically because this came up in a court case recently. Right. That federal authorities in the US had obtained someone's messages through the push notification database. But like, as you say, that's not, that doesn't mean that signal is worthless. It just means that like if this is a concern for you, that you need to enable this mode in your.

You need to turn off notifications. That's really the most important thing. Yeah. Now would probably be a good time to mention that EFF has a digital security and privacy guide.

Yeah. Where can people find that?

You could find that at Surveillance Self defense, which is ssd.eff.org perfect.

Thank you. Is there anything else you think people, before we finish up here, people are overlooking or perhaps something that people are really concerned about that you feel shouldn't be as big of a concern as people are worried about?

I mean, I think some of the things that really drive me crazy are Signal as an op.

Oh, yeah. God, let's talk about the fucking. Signal is a CIA op.

Yeah, Signal is a CIA op. Tor an op. Pretty much anything that we know that works that is actually useful and that governments find difficult to get around for some strange reason. There are also rumors among leftists that they are ops and you should not use them. And in fact, you should use something much weaker and less secure. I'm sure that's not a conspiracy at all.

Yeah, it's remarkable how well they've stuck landing on that one and they continue to. Do you want to just. Can we just actually quickly explain the difference between Signal and Telegram? Because that conspiracy theory tends to direct people to Telegram, right?

Yes. There's a lot of Signal as an OP use Telegram, which drives me crazy. All right, so Telegram is a sort of combination of like messaging service and group messaging service, but also kind of like social media platform because you can subscribe to channels and they spend a lot of time. Specifically, the founder of Telegram, Pavel Durov, spends a lot of time insisting that your communications on Telegram are private and secure and encrypted, that they have never given information over to any government and that they are cool. And all the other encrypted messengers are ops. This is something he does all the time. It's not true. There is only one way in which to enable an end to end communication on Telegram, and it is if you communicate directly with only one other person and you turn secret messages on. And even then the quality of their encryption is kind of sketchy because they decided to roll their own instead of implementing a bunch of standards that everybody knows and understands and approves of, like signal and WhatsApp. Everything else is encrypted in the sense that your web traffic is encrypted when you go to a site that says HTTPs across the top of the the browser. So it's encrypted in the sense that a person who is someone else who is on the network cannot see the contents of your communications, but the ISP cannot see the contents of your communications, but the platform can. And the platform is Telegram. They can see it just fine and they can hand it over to anybody. And they say they haven't, but I don't know. Do you trust them? I don't. These are the same people who keep trying to mislead all of their users about how private and safe and secure everything is. It is also probably worth discussing the difference between Signal and WhatsApp.

Oh, yeah.

So a lot of messaging purists get very worked up every time that I recommend WhatsApp for anything, and I recommend WhatsApp for certain kinds of situations. Because if you have ever been outside of the United States, let me tell you.

Yeah, yeah.

There are places that run entirely on WhatsApp and you cannot avoid it. You know, WhatsApp has somewhere between 2 and 3 billion users.

Yeah, that's wild.

A significant portion of the world's population uses WhatsApp. So I think it is very important to understand both its benefits and its limitations. The primary benefit is that all of your messages are in fact end to end encrypted every single time, including group messages, which makes it better than Telegram. The downside is that the metadata is available to Meta, and metadata is everything about your communications that is not the contents of the communication. So your friends list who you're talking to when you're talking to them, what the size of the message was, where you were physically located. That is all information that meta has. And you can use that kind of data to draw some very powerful conclusions about who someone is and what they're talking about in a way that does not require you to get the contents of the communications. And that's something that you might want to be worried about in certain circumstances.

Yeah, yeah, that makes sense, I think. Yeah. You can't. I couldn't do my job if I didn't use WhatsApp. But there are times and places felt like that versus signal or just talking to people. I think that was really helpful. I think hopefully that gives people an approachable, not too scary things you can do to make yourself feel a little safer. Because we have to use our phones for so much now, it is very hard to live without one. And yet people are increasingly aware of all the information that their phone is gathering on them at all times.

And it is, it's very easy to become sort of paralyzed by all the scary information out there. And you can go in sort of one of one of two directions. I encounter people who are like well everything is very scary out there. So the government knows everything about everybody all the time anyway, so why should I take any precautions? Yes, I do not recommend yoloing it. Yeah, I think basic precautions are still a good idea for the same reason that I recommend you do things like lock your front door or perhaps close your curtains. Don't leave your bicycle on Folsom street in San Francisco in the middle of the day if you expect to see it in another 15 minutes. That's just a realistic understanding of the world that we live in. So I think that people should, should be careful but don't be so careful that you don't do the things that give your life meaning. Don't become so paranoid that you don't communicate, that you don't reach out to people and that you don't have.

Yeah, I think that's a really good place to end. Like I don't want people to feel afraid, especially right now of reaching out to people because it's a time when we all need each other very much.

This is a type 1 community is especially important.

Well, thank you very much for joining us and sharing that iba. If there's anywhere else you'd suggest people go? The surveillance self defence. Is there anything else you'd suggest people who are perhaps just learning about this check out so they can learn more without being overwhelmed?

If you are a journalist I recommend checking out the Freedom of the Press foundation and their website is at Freedom Press and they do sort of privacy and security trainings specifically for journalists and also do a lot of writing on their website about the specific kinds of problems that journalists have.

Yeah, they're great. I attended one of their trainings and it's really helpful for me. Highly recommend if anyone else is able to do so. Well thank you so much for your time. We really appreciate it and yeah, thank you for helping everyone understand something that can be very complicated and scary.

It's a pleasure.

I will start.