It Could Happen Here - Which Messaging App is Truly Secure?
Episode Date: October 25, 2023Robert sits down with Cooper Quinton and Caroline Sinders from the Tech Policy Press to discuss encrypted messaging apps, and which are really secure.See omnystudio.com/listener for privacy informatio...n.
Transcript
Discussion (0)
You should probably keep your lights on for Nocturnal Tales from the Shadowbride.
Join me, Danny Trejo, and step into the flames of fright.
An anthology podcast of modern-day horror stories inspired by the most terrifying legends and lore of Latin America.
Listen to Nocturnal on the iHeartRadio app,
Apple Podcasts,
or wherever you get your podcasts.
The 2025 iHeart Podcast Awards are coming.
This is the chance to nominate your podcast
for the industry's biggest award.
Submit your podcast for nomination now
at iHeart.com slash podcast awards.
But hurry, submissions close on December 8th.
Hey, you've been doing all that talking.
It's time to get rewarded for it.
Submit your podcast today at iHeart.com slash podcast awards.
That's iHeart.com slash podcast awards. Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season digging into tech's elite and how they've turned Silicon Valley into a playground for billionaires.
From the chaotic world of generative AI to the destruction of Google search, Better Offline is your unvarnished and at times unhinged look at the underbelly of tech brought to you by an industry veteran with nothing to lose.
Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts from.
CallZone Media.
Welcome back to It Could Happen Here.
I am Robert Evans, and this is a podcast about things falling apart.
Sometimes it's about how to make things not fall apart, and other times it's more about
enduring it. Today is more on the endurance side of things. And we're talking about a subject that
we get a lot of requests about here. We've discussed this a year or so ago with one of
our guests, the great Carl Casarda. We're talking about like security culture and particularly the aspect of security culture that involves digital devices and how to communicate
with your friends, affinity groups, whomever via your phone, essentially, or your computer.
This is a thing where there's a huge amount of disinformation as to like which apps are safe.
What does it actually mean to say that an app is encrypted? How far does encryption get you? What sort of like cultural things come alongside
the actual like physical reality of the security of the device in order to kind of make a
comprehensive security profile? We're going to be talking about all that today and hopefully giving
you some good advice on what you can trust because I am the furthest thing in the world from a technical expert. We have two actual experts with us today.
Carolyn Senders and Cooper Quinton have both recently published a paper alongside several
other authors, Lalo Wagner, Tim Bernard, Ami Mehta, and Justin Hendricks, called What is
Secure? An Analysis of Popular Messaging Apps. And it's
basically going over what is the actual level of security with a number of things like Telegram,
you know, Telegram's private messaging system, Facebook Messenger, Apple Message, or iMessage,
I guess it's called, and obviously Signal. And kind of as a spoiler, Signal is your best bet,
but that also isn't where you should end, right?
I think we want to also talk about kind of like why and to what extent that's the case.
But anyway, I'm going to turn things over to Carolyn and Cooper now, because I have talked enough about this.
Hey, guys, welcome to the show.
Hey, Robert. Thanks so much for having us on.
Yeah.
Thank you so much. Big fan of the podcast. So always lovely, really lovely to be here.
Yeah.
Thank you so much.
Yeah, it's really lovely to have you both. Again, listeners, if you want to take a look at this,
their paper, if you just Google what is secure and analysis of popular messaging apps,
you'll find the Tech Policy Press has a summary of it that's pretty quick. The full paper is 86 pages or so.
I also recommend reading that.
But if you wanted to give this, you know, the summary a skim before you continue, that
might help.
But I kind of wanted to start by asking you guys, what is it that makes Signal a good
option for people, right?
Because I think most folks, you describe it as sort of security folklore, right?
The stuff that you hear about security from your friends.
And if you're not a technical person, you kind of just like trust what the folks around you are saying.
And that was sort of how I got into Signal. Right.
I'm not a technical person, but people I knew and trusted who were were like, this is your best option.
Yeah. Thank you so much. That's such a good question.
And I think Cooper and I probably have similar but also very different answers to it.
Cooper, I can go first if you want.
One of the things I love about Signal is it's just really easy to use.
It's end-to-end encrypted.
It's a messaging app.
There's not a lot of stuff on it, but you can do a lot with it.
So you can do video calls.
You can send actually pretty large files like PDFs.
You can have drag and drop stuff.
It's like such a low threshold for use for users, because it is a messaging app, but it does so many
different kinds of things. But then related to that, it's also actually quite minimal. And so
the paper, which everyone should read, and we'll probably get into this later, different apps like Telegram or Facebook's Messenger app,
for example, have this thing we've been calling feature bloat. They are messaging services that
actually feel a bit more like social networks if you look at the amount of stuff that's on there.
And by stuff, I don't just mean like stickers. I mean, if you look at there's all these sort of
specific and strange settings you can use to have all different kinds of messages and all different kinds of privacy settings.
And while privacy settings are really, really great, because Telegram and Facebook Messenger are not encrypted by default, actually some of those settings can make you feel more secure when you're not.
So kind of the beauty of Signal is that out of the box, it's incredibly secure. It's in encrypted. They're not holding any data about you. I believe the only only day
they hold is like when you like when a phone number or a profile has downloaded Signal,
like when you've when you've signed up. But again, it's it's incredibly easy to use. And another
thing is, you know, if this was a few years ago, we've been looking at wire,
for example, one of the nice things about signal and this might be controversial to
some designers is that it does follow modern design patterns and standards.
So if you're using like an iOS or Android version, like there are buttons and places
where you expect them to be.
Signal is not perfectly designed, but it is quite usable.
Yeah. So for me, that's kind of what I think makes it it is quite usable. Yeah.
So for me, that's kind of what I think makes it really wonderful.
Yeah.
It's definitely, as much as I love it, it's my standard messaging app.
I do every now and then run into the thing where my friends will call me through Signal,
which is great if you need a call to be secure, but it's not nearly as good.
It drops a lot more often than a regular phone call.
And I'm like, we're just trying to meet at the movie theater.
It's okay.
If the NSA knows, right.
Like I've, I've definitely had that with friends where I'm like, I'm like, yeah, I'm like,
we're just calling to, to, to talk about like your dog.
It's probably fine.
The FBI can have this stuff.
Yeah.
Please send, please send, please send dog send please send dog pics uh through all messaging apps
you know but on that note it's uh writing writing usable software that is also secure
is really hard right and like as a like as cryptographer i'm not a cryptographer but like
as somebody cryptographer adjacent we got that wrong for a long time.
Right. Like before Signal, the you know, there were the sort of most used encryption methods were probably PGP email, which is a method for encrypting email and off the record chats.
And both of those, none of those ever got to the sort of level of user base that signal and and and certainly not
whatsapp have right and and that's largely because they were pretty much unusable like pgp almost
entirely unusable even by cryptography professionals right even by computer security
professionals like ourselves um otr chat total pain in the butt, right? Like just a real nightmare to use.
So like Signal, there are still some rough edges
and we talked about some of those in our paper.
But overall, I think that the big innovation they've had
is just remembering that what people want to do
on a chat app is not encrypt things.
What people want to do on a chat app
is they want to chat, right?
And the second that the security
sort of gets in the way of that,
people will stop using it
and go find something that's more usable.
And it seems like that's been Signal's
sort of guiding star.
And they've, you know,
doing the most secure thing that you can
while still being fun and usable to
actually just chat on, right?
And I think that that has served them quite well.
Yeah, I think it's so important.
I think one of the things that contributes to good overall security is setting yourself
up for success, which means setting yourself up for a system that can function
well if you're lazy, which is one of the nice things that, you know, with Signal, you don't
have to worry about like opting in and out and like selecting a bunch of stuff. It's pretty safe,
especially for a normal person's uses right out of the box, which is huge. And kind of in the same
line as that is the fact that because Signal doesn't store metadata, you're not relying upon them
being like committed, you know, anti-state actors or whatever, like because they don't
have access to the thing that, for example, Facebook will hand over to the cops if the
cops just like breathe in their direction.
Yeah, that's that's exactly right.
And that's that is that is the other really cool thing about Signal.
You know, we as Carolyn said, the only data that signal gives over in response to a subpoena is the time
that the phone number signed up for a signal account.
And the last time it connected to the signal server.
And the reason we know that is because signal publishes transparency reports
with the full text and full response of any subpoena that they get.
So like we can actually just see if in the responses that all they've given over is these two pieces
of information because that's all they have.
And they've done some pretty clever things to make that be the case.
Right.
And that's actually so different than how other companies are, I think, reporting on
either subpoenas or any kind of weight that law enforcement puts on
them. So for our report, I don't remember how much it's mentioned in the report, actually, but
we did go through and look at Apple, Meta, and I think Google, like in their own transparency
reports to try to get a sense of how that would stack up in comparison to signals.
I think in some cases it's saying like they received some kind of like notification, but like no,
nothing really clear or specific on like what what they received from law enforcement or government,
but rather just that they received one. And so that's also the really great thing about Signal is you are getting all of this information
that you're not getting from other companies or platforms.
Yeah, I wanted to kind of, in this same subject,
and going back to, I kind of opened this
by introducing the concept that y'all introduced me to.
I guess I was aware of this, but not the terminology,
security folklore. And I wanted to chat a little bit about kind I guess I was aware of this, but not the terminology, security folklore.
And I wanted to chat a little bit about kind of the most recent example of this, something
a lot of folks have probably been wondering about since we started talking about Signal,
which is that roughly a week before y'all and I sat down to talk about this, a kind of viral
info meme started coming through that was like, Signal has a zero-day exploit,
which is basically a hole that a hacker found in an app or program
that can expose you.
You have to turn off link previews, right?
Which is that when someone sends you a link to an article in Signal,
you get a little preview, not dissimilar to how you used to get.
Little link previews.
And I think, to be fair, just based on my very limited knowledge, that is when I think about
like what are potential holes in signal, I don't think it's unreasonable to be concerned
about that specific feature.
But that warning was not what it kind of seemed to be basic or not as accurate as I think
a lot of people took it as being.
I don't know.
I'll turn it over to you guys.
I think that's the next thing I want to talk about I'll turn it over to Cooper who had
yeah you had a you have a bit a lot of feels about that I have so many feelings about this I
I was working on this all weekend so this yeah so this copy pasta I'm calling this like the signal
copy pasta yeah um which is a term from you know 4chan
and other horrible internet
places but I feel like the cool zone
media audience is probably
internet enough yeah
I'm gonna guess a good half of the people
listening at least got that
message yeah yeah and it's
it's like first
of all this is not if you
if you had a zero-day-end signal,
which is an exploit for signal that has been unpatched,
that has not been patched by the vendor, so you can actively exploit it,
there are no people in the world who would choose to quietly leak this
over vague signal texts.
There are two types of people one uh you know people
like us that would bring this to signal immediately and get them to patch it to protect the you know
millions of high-risk users that use signal or two the type of people that would go sell this
exploit to some horrible company that would use it you know sell it to to Saudi Arabia or something
and use it to kill activists right like there is and there's no in between there's nobody that is going to
quietly leak this for you know just for fun with vague details right so so this this message set
up red flags immediately and like it it's because i really do not like link previews and in our
paper we discussed some of the issues that we have with
link previews um you know we think that they can they can leak some information about your chats to
the uh owner of the website right we think it's a kind of a large attack service it's not super
necessary would you mind explaining to actually the audience too like a little bit about what, what we found when looking at link previews.
Yeah.
So the way that link previews work is when you,
the way that they work on signal and on WhatsApp is that when you send a
link to somebody,
the signal app or WhatsApp goes and like fetches the webpage that,
that, you know, for that link, right. It goes and downloads,
you know, downloads the content of that link and gets a, there are some, there's some special HTML
tags that describe, you know, sort of what the page is about, what the title of the page is,
and like an image for the page. And it gets those tags and it puts them all together in this little
package and then sends that all as part of the signal message. So when you put a link in Signal, your phone actually goes out and gets
that webpage and it gets that webpage with what's called a user agent, which is like a piece of text
that's attached to the request that uniquely identifies it as being a request from Signal and from your IP address, right?
So when you put a link in, the owner of that website,
whoever has the logs for that website,
can know that somebody at your IP address is using Signal
and sending this link over Signal.
What our concern is, is that if that link is unique,
then anybody else who visits that link can be inferred to be somebody that you are talking with over signal.
Right.
interesting, a source of intelligence for website owners, especially for big websites that can easily generate unique links with like tracking parameters at the end of them,
right? Like when you share a Instagram post and then like at the end, it's like question
mark, IG, SHID equals, you know, a long string of numbers and letters, right. Or a Twitter
post where, you know, T equals a long string of letters and numbers, right? That makes a unique link. And then anybody who visits that same link
can be determined to be somebody that you were speaking with over signal.
So, and also WhatsApp. And so, so for that reason, we, we, we think that signal and WhatsApp should
turn link previews off by default
because we think that that's an unnecessary information leak.
Signal and WhatsApp's pushback on that is that link previews are a core feature
that people demand.
And if they were to turn off link previews by default,
they're worried that people would leave the platform for less secure platforms like Telegram.
I mean, I don't want to tell them their business because I'm sure they have data on this, but I've never thought about link previews as being a thing that I needed.
being a thing that I needed. It's like, yeah, I think it's, I think it's one of those things. And, you know, we haven't necessarily done like extensive, um, general design research in this,
right? Like we haven't surveyed like 3000 people in the U S and we haven't had like a Pew
research survey across countries. It'd be like, what are your thoughts on link previews? But I would probably argue because it is included in so much of modern messaging apps
that we now assume it's like a core feature.
One thing I will give signal that I think is amazing that other apps don't do,
and this is true of WhatsApp, is pretty much every feature except for encryption,
there's something you can toggle or turn off, right?
So like Link Preview already was available
for people to turn off on Signal.
WhatsApp does not allow that.
And it seems like they're making no moves
to allow that feature to be optional to turn on or off.
But that is, I will say, one of the things
that's really lovely about Signal that is so different from modern design and modern, like big tech
platforms and just platforms in general is that those, a lot of features are optional. Whereas,
you know, WhatsApp and Meta's sort of stance on design is that a lot of things are not optional,
that those are things users would want. Why would we make foundational elements like link previews optional and you're just like sorry i'm like gesturing
wildly but like you know it's like well you don't know what people want and i mean what's the harm
in turning off some of some of these things right you know like maybe maybe people don't want to
receive gifts i don't know maybe they don't want to receive stickers why don't you like
let them have that option what's the harm that could happen yeah yeah yeah i couldn't agree more
yeah two things i want to say on that one is one is that uh and first we should acknowledge that
this it turns out that there was no zero day there was no vulnerability yeah this was absolutely just
something that that spread virally out of nowhere i'd be really interested to find out what the origin of this copypasta was,
but I haven't been able to, but it's...
I'm curious about that as well,
because I was in another group thread that was like,
we really need outside auditors to look at these.
And I was like, we have a whole report that we wrote
that didn't look at this.
Speaking of outside auditors,
I got to pause you guys just a second because it is time for an ad break.
So please spend your money and then come back to learn more.
Welcome.
I'm Danny Thrill.
Won't you join me at the fire and dare enter
Nocturnum, Tales from the Shadows
Presented by I Heart and Sonorum
An anthology of modern day horror stories
Inspired by the legends of Latin America
From ghastly encounters with shapeshifters
to bone-chilling brushes with supernatural creatures.
I know you.
Take a trip and experience the horrors
that have haunted Latin America since the beginning of time.
Listen to Nocturnal Tales from the Shadows.
As part of my Cultura podcast network.
Available on the iHeartRadio app.
Apple Podcasts.
Or wherever you get your podcasts.
I found out I was related to the guy that I was dating.
I don't feel emotions correctly.
I am talking to a felon right now. and I cannot decide if I like him or not.
Those were some callers from my call-in podcast, Therapy Gecko.
It's a show where I take real phone calls from anonymous strangers all over the world
as a fake gecko therapist and try to dig into their brains and learn a little bit about their lives.
I know that's a weird concept, but I promise it's pretty interesting if you give it a shot.
Matter of fact, here's a few more examples of the kinds of calls we get on this show. I live with my boyfriend and I found his piss jar in our apartment.
I collect my roommate's toenails and fingernails.
I have very overbearing parents.
Even at the age of 29,
they won't let me move out of their house.
So if you want an excuse to get out of your own head
and see what's going on in someone else's head,
search for Therapy Gecko on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
It's the one with the green guy on it.
Hey, I'm Jack B. Thomas,
the host of a brand new Black Effect original series, Black Lit, It's the one with the green guy on it. to protecting and celebrating our stories. Blacklit is for the page turners,
for those who listen to audiobooks
while commuting or running errands,
for those who find themselves seeking solace,
wisdom, and refuge between the chapters.
From thought-provoking novels to powerful poetry,
we'll explore the stories that shape our culture.
Together, we'll dissect classics and contemporary works
while uncovering the stories of the brilliant writers behind them.
Blacklit is here to amplify the voices of Black writers
and to bring their words to life.
Listen to Blacklit on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
Ah, and we're back. Okay about that cooper carolyn uh you you may continue um as you were the other thing i was i was gonna say the the idea that anybody would leave whatsapp because
they stopped having link previews is completely preposterous to me like it's clownish
it's fucking clownish has over two billion users they are the you know in a position
to set the standard for what people expect from a messaging app and so like they could do things
like turn on disappearing messages by default and change that culture they could do things like turn on disappearing messages by
default and change that culture.
They could do things like turn off link previews by default and change that
culture. Like they could do these things and you know, they would, you know,
they would not lose enough users to even notice or care about, right?
They are the only people in the position,
in the world in the position to decide what the culture should be.
And this is what they've decided the culture should be.
Totally.
I hate to break it to you,
but if WhatsApp just got rid of link previews,
I'm just throwing my whole phone into the garbage,
garbage can, getting rid of it,
just tossing it out the window.
Going back to a landline.
Yeah, I'm just going to yeet it into a river.
Be like, I don't need this anymore. Actually, I'm going back to carrier pigeons. That's how far back I'm going to go. I mean, that does kind of lead into the next
thing I wanted to talk about, which is sort of the other wing from the security folklore,
which is security nihilism. And yeah, this is kind of, you introduced this when talking about
sort of, if you do try to engage somewhat with the technology, or if you wind this is kind of, you introduce this when talking about sort of, if you do try
to engage somewhat with the technology, or if you wind up just kind of in the position
I think most lay people are, where maybe you have some friends who know more, or maybe
you have some friends who think they know more, and you get all these conflicting things
about like, this is safe.
No, it's not.
You can't trust Signal.
The feds could be running Signal, all this kind of stuff.
And to be fair, the feds have run security-based services before. It's not like, I don't believe that's happening with signal,
but it's not. I understand where paranoia like that can enter into people's calculus,
especially if you're not technically knowledgeable. And that can lead to this sort of state of
security nihilism, where you're just like, you can't communicate at all online.
There's no way to do it securely. And obviously there's no perfect, right? You never have it,
but you don't have a hundred percent with like talking in person to somebody, right?
There are individuals in prison right now who, you know, somebody they loved and trusted
ratted on them. There's no, no hundred percents in this world. But that doesn't mean nihilism is the right
response to like trying to figure out how to set up your communication standards with people, right?
Totally. I mean, I think the approach we take in, because throughout this report, we were also
teaching workshops to reproductive justice activists across the U.S. and states where abortion is banned. I'm from
Louisiana. I live half the year there. Abortion is banned there. And we were also working with
journalists in India. So a big, big thing for us was also teaching threat modeling and different
kinds of what Matt Mitchell, a security trainer and expert, calls digital hygiene. And so a lot
of this was recognizing
that there was certain practices we were picking up on, particularly with folks we were working
with. So like a lot of reproductive justice activists we were working with are new to
security. They're new to technology. They don't have a background in tech. And generally, you
know, the American South, the American Deep South is super overlooked in terms of tech policy,
South, the American deep South is super overlooked in terms of tech policy, in terms of just, I think,
a general focus when people are talking about tech or tech literacy or tech activism. And that is like leaving really massive gaps in knowledge for people. And so, you know, when we were working on
this security folklore and security nihilism were both actually very, almost like, I don't say like
a pendulum, but they were very connected. And so some of that was people hearing things like, oh, I should put
my phone in a microwave when I'm having a very sensitive conversation. Right. And so that's where
some of that security folklore is coming in. It is something that is technically safe, but it's
like not the thing you necessarily like totally need to do in that moment. And with security
nihilism, what it kind of came down to, and this is stuff we've seen with other groups, um, and,
and other circumstances, a great example are, are, you know, Palestinian activists and journalists,
let's say who are, you know, facing, facing the threat of all different kinds of governmental
censorship and surveillance of sort of saying like when there's this large threat sort of hanging on
us and there's also
physical surveillance and this is true for a lot of journalists in other countries like India as
well for example um you know like should everything go through signal or does it really matter like
does it really matter and this is also something again we saw with some some reproductive justice
activists as well where it's like if everything is being monitored, what's safe? Like, can I send stuff like can I even use Google? And part of this was, you know, by teaching privacy and security workshops, by teaching things like threat modeling, which is a framework for just assessing what are what are threats, like what are what are all the potential threats you could face and kind of mapping them from like the most minor to like the most major and what you can do about that.
That's a way to try to combat security nihilism.
But I think an approach Cooper and I are also really fond of is thinking of this like safer sex.
There's all different kinds of things you can do that are mitigations are actually incredibly helpful.
And we can't look at it as a binary of safe or not safe.
It's actually like much more of a gradient. But, you know, the folklore and the nihilism, I think, come from a very similar place, which is we're asking people, like society is kind of asking or demanding that people be experts in something that's really hard.
I am like a fairly technical person. And even there are some things that I find hard to sort of wrap my head around.
And I've been working in privacy and security for like quite a while.
And I think, you know, it's also really hard when you think about these apps as like a
brand new person.
It's like one of the things that popped up a lot in our research is like, why should
we trust Signal?
And that's actually a great question.
What about Signal in its interface and its design would cause you to trust it? Like some people were like, it's a nonprofit.
That's great. But I don't know what that means. I'm like, that's actually a fantastic question.
Like, what does that mean? Right? Like what, why should you trust this? You've heard through the
grapevine that you should. And I think these are kind of all the things that people are dealing
with. Cause if you sort of take a step back and just look at software or any different kind of software generally why should you trust that it's safe
and secure when there have been so many different kinds of leaks or breaches or things breaking
right yeah like so these are i think really really closely tied but i think a big thing for us is
trying to combat that security nihilism like whenever whenever we can like there
is things you can do i don't want to say like no matter how great the threat but i believe like no
matter how great the threat there is stuff there is stuff you can do no matter how great the threat
is there's stuff that you can do to make it more difficult and more expensive for that person to
attack you right like we all lock the doors to our house uh or you know for the most
part um uh or you know we all we all do things to to protect ourselves like that um that aren't
foolproof right somebody can always break a window to get into your house right so you can find other
ways to get into your house but locking the door makes it so that somebody has to do the noisy
thing of breaking a window right it it makes it so that you know somebody has to do the noisy thing of breaking a window, right? It makes it so that, you know, somebody
has to spend more time and effort and more risk of getting caught in getting into your house,
right? And that's, and that's like, we layer when you layer these protections, right? The idea,
you know, is that you're, you're, you're making it harder, you're making there be more friction,
right? To piercing your security.
Yeah, I think that's a really good point. And the concept of friction, you know, this is something
I've talked about, not that these are exactly the same things, but in the, although there's not
wildly different, when it comes to like how insurgents win insurgencies, right? It's not by
carrying out these sort of like great battlefield victories that sweep the enemy from the field.
It's it's by friction. Right. no, there's no like sweeping sudden,
like 90 minute three act, uh, win here. It's more a matter of the more difficult,
the more expensive you make it, the more you hold on to. Um, and the more all of us hold on to,
right. That's the other benefit is like, even if you're not, even if you are the most law abiding
person in the world, like myself, um, having these security measures in place means that you're kind of contributing to the overall immune system of a kind of community of people who don't want the NSA listening to this shit.
Yeah, exactly.
Exactly.
And the friction thing is also exactly what signal does, right? Like by the, the,
the threat model for signal is stopping the NSA or other global adversaries
from listening to all communications as they travel over the internet. Right.
And that's when you can, when you can do that, like when you can,
when you can listen to everybody's conversations as they travel over the
internet, it's really cheap to spy on anybody, right?
When you're encrypting that communication, then the NSA or whatever other global adversary has to go actually hack your phone, right?
They have to target you specifically.
They have to burn resources and burn weapons, right?
Zero days to get access to your phone.
And that's a lot more costly.
It's a lot more noisy.
It's a much higher risk of them getting caught.
So it's introduced a huge friction in that area.
And that's...
And one...
Go ahead.
Okay, no, go ahead, go ahead.
I was going to say, and I think the sort of comparison
to asymmetric warfare is exactly spot on because none of us are ever going to have the
money that that the nsa or masada has none of us are ever going to have the the total technical
acumen that the nsa or masada has right but like those that you know so we have to kind of fight a
you know in terms of corruption in terms of encryption a guerrilla war right and we have to
make things so expensive and so annoying for them that it's not worth it yeah totally and just to
sort of build on that one of the things i love about signal is while they're creating friction
for our adversaries it's actually so frictionless to use as a user and i think that's one of the
things i find just continually impressive about
the app. I don't want this to turn into like the, like we're all himbos for Signal, except we
probably are. But because like, that's one of the things as a researcher, like Kubernetes,
I just have to be like, we're not paid by Signal at all. Like, but this is in fact, like one of
the best things you can use. But again, one of the things I think is amazing is that it is so easy to use. And it really is designed for, and I'm using the term usability
as a, as a design term, meaning that it is, they're thinking about a common user, including
those with like lower digital literacy or those that are, have never used any
kind of, any kind of security tool. And so they're hitting a specific threshold of usability for
things to be understandable. And again, that's incredibly hard to do well. And they are, they
are doing it quite well. Like it's very, I would argue it's very easy and sort of seamless for
people to make a jump from WhatsApp or if you're on like Google or Android
using like Google messages sorry Google if you're on Android or an iPhone from like iMessages to
Google messages to Signal like it doesn't it might look slightly different might be a lot more blue
it might be a lot more black depending on how yours is constructed but for the most part
a lot of the features are kind of where you expect them to be. And it's not it's not at all difficult to get it up and running, which is not something, again, as Cooper said earlier, we could say about things like PGP.
Yeah. I wanted to kind of move on to talking about other apps and their security or lack of it.
start probably by talking about Telegram, because that's probably close to top of the list of things people use for secure communications that is not nearly as secure as they think. So yeah, I wanted
to kind of chat with you about like, why that is. And I, I specifically I wanted to talk one of the
things that is frustrating about Telegram is they kind of have, they have like a secret chat or private chat,
like they have a couple of different options that don't necessarily mean what they sound like they
mean to most people. Yeah. So that's actually one thing our report found. So private chat and secret
chat are in fact the same thing. They're just called slightly different things in the app,
which for, again, for those listening that don't the app, which for, for again, for,
for those listening that are, don't have a background in design, that's bad design.
That's actually not, that's not professional.
That's a, that is a mistake.
Um, there's no reason for a feature to have like two different names inside of, inside
of your software.
Um, and so I don't know if that's an oversight on their part. I'm assuming so.
But like those two things correlate to the same feature. And so they should actually be called
the same thing. But then even further, that being said, what does private mean to a user? What does
secret mean? You know, Facebook Messenger, they call their encrypted message secure, or no, they also call
it secret. Sorry, they also call it secret. But like, does that mean security? Does that mean
encrypted? And so that's like one of the one of the weird things where it's like, you know,
I think by using a very sort of like, normalized or culturally almost like emotional name,
like private, it makes something seem like it's actually
quite safe when in fact um it's not and there's a variety of reasons as why like telegram
is not not a very secure app that i will let uh cooper cooper talk about more yeah i would never
advise anybody to have a chat over telegram if they are uh concerned about the privacy of that chat so we were talking about
friction and the the fact that end-to-end encrypted chats are not the default in telegram
creates a friction for users to have an actually secure chat right you have to go remember to turn
it on and you can only turn it on turn it on individually per message it's not
like an overall feature on telegram or facebook messenger like you have to go select a specific
like the specific conversation per conversation which is and another thing our report gets into
is how also those chats don't look very different they They look almost identical to a normal chat. So for for low vision users or anyone with any kind of like disability, especially a vision related disability, it's almost impossible to it's like nearly impossible to recognize which chat you're using if you're looking at the chat logs.
If you're looking at the chat logs.
Yeah.
Outside of that, like if people, you know, in terms of like things that may not be options right now, I think basically everyone listening signal is a perfectly viable option, but it's
not impossible that, for example, you might wind up in a country where even if there's
not a specific law against it, there is a precedent established that if you have signal
on your phone, you know, it can be at least used as a
justification for charges that you were planning to do. Like in Atlanta, people are getting charges
because they had a lawyer's name written on their arm, right? And so the state's saying,
well, that's evidence that we're planning to commit a crime. That doesn't mean that
convictions will go through on that kind of thing, but it may be a reason why signal might not be an
option or say something comes out about it that makes it seem less secure. What are other
good or acceptable options? And I know when we're talking about this, these are often options that
require more input and work from the user in order to maximize their potential security. But I do
think it's good to like let people kind of know what else is out there. Yeah. So when signal isn't an option, WhatsApp is actually not a bad option. Um,
so WhatsApp, it is owned by meta, which is, uh, you know, which is, which is, uh, can, you know,
not, which is not ideal. Um, but WhatsApp actually uses the same encryption protocol as signal.
Uh, so like under the hood,
the way that the math works
to hide your messages from the NSA
is exactly the same, right?
And they've implemented it well.
There are a few more steps,
a few more precautions
that you need to take with WhatsApp,
like making sure that your chats aren't backed up
being the main one.
But WhatsApp is certainly good enough,
right? If you're, if you're, you know, chat networks aren't using signal, if you're in a
country where you can't use signal, right? Like WhatsApp has 2 billion users. I'm, you know,
it's, it's, you can use WhatsApp almost anywhere in the world. It's, and it's ubiquitous enough
that it's not going to mark you as, you know, somebody with something to hide. Right. And like, and I don't want to,
I don't want to discount WhatsApp, right.
Getting 2 billion people to have end to end encrypted messaging by default
overnight basically was a major coup like that.
That was world changing. Right. And like they,
they really do deserve applause for that.
Obviously, you know, I think partly because of their scale, partly because they're owned by Meta.
Right.
They haven't taken all of these same steps.
Like they do have more metadata on their servers than Signal does.
Right.
But if that's your option, that is a fine option.
Yeah. I think that's a,
that's really good to know, particularly since, uh, options are always more secure than not having any kind of a backup plan. Totally. And if people are like even slightly nervous about WhatsApp,
a great thing is they do have disappearing messages. The downside is like the fastest
disappearing message is only 24 hours, but that's something that again, you still have. Um, and I, that's like,
that is, that is an amazing feature. Yeah. And that, that kind of gets into also
what kind of stuff you can do in order to maximize the value of features like that.
Like for example, if you're coming back into the country or a country
and your phone gets confiscated
by customs or whatever,
because security services
have some sort of eye on you
for whatever reason.
If you've got, you know,
thumbprint login or face login,
they're going to get
into that phone, right?
And your 24 hour delete thing
may not have gotten
taken care of everything.
If you've got like a complicated eight-digit password and no biometrics enabled, maybe
depending on where you are and whatnot, that'll keep your phone locked long enough for those
messages to get deleted, right?
Like it's all about kind of maximizing the chances that something like that helps.
Yeah, exactly.
We definitely recommend that people turn on disappearing messages.
I think that that's just a good sensible default to have. Also definitely recommend that if you're
going to be in a situation where you think you're going to be, you know, there's a higher likelihood
of you interacting with law enforcement. If you're crossing a border, if you're going to a protest,
turn off the biometric unlock on your phone. Certainly. Especially in the U S there's
the, the, the case law isn't settled, but there's a lot of state courts that have decided that
police can force you to unlock your phone with your biometrics and that that's totally fine.
So this, you know, in the, in the U S context, it's a good idea in any context. I think it's
a good idea if you're at heightened risk to turn off biometric unlocks.
I mean, one thing we're also a big fan of is figuring out too like and this is again where threat
modeling is so key is like is this a circumstance where you need your phone um or another thing that
you know you can always do if you are nervous about traveling across the border is you can
delete signal and reinstall it and everything is gone. You can delete WhatsApp temporarily
while you're crossing a border. So it's not on your phone. You know, there are things like that
you can do if you feel comfortable wiping your phone, that's something also you can do. You know,
these are all, again, these are, these are, these are different things. And I think this is one of
the things our, our report, I don't remember how too much we get into it, but something that at least we've been thinking about.
Cooper and I run a little lab called Complication.
And one of the things we've been thinking about there is just also how do we instill sort of like better holistic practices where we understand that a phone is just one component of our safety.
And so like secure messaging, encrypted messaging just one component of our safety um and so like secure messaging encrypted messaging is one component of that safe safety so like what are other things
we can do um and some of that can be you know wiping your phone if traveling if that makes
sense for you or if that's something that makes you feel safer or removing certain apps and then
you know reinstalling them reinstalling them later.
Yeah.
Yeah.
And it, and it really is holistic, right?
Like a thing that,
a thing that people need to keep in mind is that, you know,
disappearing messages can't stop an untrustworthy conversation partner.
Right. Like I, if, if, if my conversation partner is untrustworthy,
they can take screenshots of
the messages right they can you know go they can go snitch to law enforcement about what i've told
them right uh um encrypted messaging disappearing messages these are not panaceas right you still
have to you still have to keep all of your other uh aspects of of security as well right true so don't don't entirely rely
on these technologies to save you right you have to also trust the people you're working with and
build these layers of security up it's true i mean cooper you could leak all of my secrets right now
on this podcast and you've chosen not to what a gentleman and that is And that is the other thing, right? Where when it comes to like what is secure, one thing to remember is that Signal, for all the good things about it, nothing, nothing at all about that app stops the recipient of a message from you from taking a screen grab or just handing their phone over to to their friendly local federal agent.
Right.
Which is always, you know, we don't want to be,
I'm not trying to be a security nihilist here.
I think, you know, there's no replacing communication
over phones in many situations.
But if you are, for example, going to be transferring
a bunch of Plan B pills in an area where that is prosecutable, that probably shouldn't go on your phone in
that language, right?
Perhaps, you know, you could come up with a clever code word or whatever, but don't,
don't, you know, security is, like you said, holistic.
You know, you should not be looking at it as just like, well, the app is secure, so
that's enough.
I mean, one thing I also want people to of think about too, because that's a really great
point, Robert, is like, we do all different kinds of things every day in our lives that could,
you know, endanger us. Like, I think a lot of the work I do is I work a lot with people facing all
different kinds of online harassment. So like falling in love, for example, is a dangerous
thing to do. You could have your heart broken or that person could hurt you.
Learning how to trust people, you know, crossing the street, deciding to jaywalk.
Right. All different things we do sort of every day actually can expose us to harm.
And so one thing I think for people listening to keep in mind is that's the same when we have conversations.
mind is that's the same when we have conversations. And I think a way to avoid nihilism is just to remember that, that every day we are sort of going out there and actually being incredibly
brave just by living our everyday lives, by deciding to be in community and have friendships
and have relationships. And in my case, I love jaywalking and no one around me does. And that's why that's my choice. And I have not yet gotten hit by
a car jaywalking. I think it's good to look at this the same way. There's a concept that the
military has sort of developed when talking about how not to die when you're in a gunfight or
something. It's called the survivability onion, right? And I think it's extremely useful, both if you're talking about like, well, I'm going
to a protest and there will be violence there.
You know, should I wear armor, et cetera?
But it's also just really it's really useful with any kind of security.
And and the onion, it's envisioned as an onion because like the largest outside chunk of
it is don't be seen.
Don't be acquired, which means somebody actually getting you in their head sights.
Don't be hit, which means being behind cover or something.
And then the very internal part of it is like,
have some sort of armor in case you are shot.
But if the armor is useful,
the majority of the onion has already failed, right?
If encryption is useful,
that is not a dissimilar sort of situation, right?
So there's a degree of canniness is super helpful in thinking about, like, what is visible about me if I'm doing something that I have to be extra concerned about the state seeing?
What is visible about me from the outside?
Totally.
I mean, I think that's an amazing thing to think about.
Like, where where are you sending a text message?
Are you in a place in which like someone can lean over?
Like, I'm the nosiest motherfucker and all the time I'm constantly like like looking around being like, what's that person watching on an airplane?
Or like if someone is sitting next to me scrolling.
So like you wouldn't want to like send a sensitive text message like next to me because I'd be like, that's that's interesting fodder.
Let's come to Texas to Cooper later.
You know, and so I think it's important to think about that.
Like who's around you?
Is this is like how are you describing something?
Do you know the person you're messaging?
If you're in a group message, do you know everybody there?
Like, do you trust all of them? Um, you know, and if you're ever
nervous, there are, this is, I guess the upside also to in-person conversations. You can have,
you know, a phone call or an in-person conversation with someone, right. Um, if you're really not sure
or you don't feel comfortable even sending something over a signal, that might be the
time to be like, Hey, do you want to meet up and get a coffee? And then, you know,
try to find a discreet place to have, have a conversation.
Yeah.
Yeah. I do want to roll to ads real quick. One second.
Then I think Cooper had something to say and we'll, we'll continue,
but first products.
Welcome.
I'm Danny Trejo.
Won't you join me at the fire and dare enter?
Nocturnal Tales from the Shadows, presented by i I heart and Sonora an anthology of modern day
horror stories inspired by the legends of Latin America gasoline counters with
shapeshifters to bone-chilling brushes with supernatural creatures. I know you.
Take a trip and experience the horrors that have haunted Latin America
since the beginning of time.
Listen to Nocturnal Tales from the Shadows
as part of My Cultura podcast network,
available on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
I found out I was related to the guy that I was dating.
I don't feel emotions correctly.
I am talking to a felon right now, and I cannot decide if I like him or not.
Those were some callers from my call-in podcast, Therapy Gecko.
some callers from my call-in podcast, Therapy Gecko. It's a show where I take real phone calls from anonymous strangers all over the world as a fake gecko therapist and try to dig into their
brains and learn a little bit about their lives. I know that's a weird concept, but I promise it's
pretty interesting if you give it a shot. Matter of fact, here's a few more examples of the kinds
of calls we get on this show.
I live with my boyfriend and I found his piss jar in our apartment.
I collect my roommate's toenails and fingernails.
I have very overbearing parents.
Even at the age of 29, they won't let me move out of their house.
So if you want an excuse to get out of your own head and see what's going on in someone else's head,
own head and see what's going on in someone else's head, search for Therapy Gecko on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts. It's the one with the green guy
on it. Hey, I'm Jack Peace Thomas, the host of a brand new Black Effect original series,
Black Lit, the podcast for diving deep into the rich world of Black literature. I'm Jack Peace Thomas, and I'm inviting you to join me
in a vibrant community of literary enthusiasts
dedicated to protecting and celebrating our stories.
Black Lit is for the page turners,
for those who listen to audiobooks while commuting or running errands,
for those who find themselves seeking solace, wisdom,
and refuge between the chapters.
From thought-provoking novels to powerful poetry,
we'll explore the stories that shape our culture.
Together, we'll dissect classics and contemporary works
while uncovering the stories of the brilliant writers behind them.
Blacklit is here to amplify the voices of Black writers
and to bring their words to life.
Listen to Blacklit on the iHeartRadio app,
Apple Podcasts, or wherever you get your podcasts.
Ah, we're back.
Cooper, you look like you had something to add on that.
Nothing particularly serious,
just that I think that that's really good advice
from the military and absolutely justifies the 900 billion dollar
yeah i'm glad they put together a a fucking uh graphic uh i wonder how many billions of
dollars that did cost i could i could make a graphic for hundreds of millions of dollars
yeah yeah if anybody if anybody wants to fund us for hundreds of millions, we will do it for a year, hundreds of millions. We have so many good t-shirt
ideas and sticker ideas. Y'all like so many good ones, so many unhinged ones that the world needs
to see. Yeah. I, uh, I mean, I, I do, I guess just because of the amount of time I've spent
thinking about this stuff from my, my old job, there are a couple of concepts from military planning I think about in this context. And one
of them that I also think is relevant to what we're talking about with friction is the concept
of an Oda loop, right? Which is how do you win in combat against an opponent? And it's by disrupting
this thing called the Oda loop. And the Oda loop is how an adversary carries out actions in a conflict like this, right? And the steps you
have to go for are observe, orient, decide, and act. And if you can disrupt any stage of that,
you can stop them from taking actions, right? Which just stops them from being able to harm you.
It just stops them from being able to harm you.
And the good security is going to impact all three of those things, right?
It's going to stop them from being able to see you sometimes.
If they can see you, stuff like, you know, we were just talking earlier about link previews, right, and how that can kind of expose maybe who you're in communication with potentially.
Well, that could allow the state to orient themselves to you and to your friends, right?
And obviously, stuff like locking down your devices, not having unnecessarily info online
can stop them being able to decide what you're doing and how they should respond to that.
And I think that's also good if you're thinking, if you're not just somebody who is concerned
about your security like most people are, because it's good to have're thinking, if you're not just somebody who is concerned about your security, like most people are, because it's good to have some security. If you're actually dealing with
the state or a corporation as an adversary in some way, it can be useful to think about
your security culture in those terms. Yeah, absolutely. I think that's absolutely right.
It's, and I think that it's, you know, it points to like, we should, we should understand
what the, you know, mode of, of thinking of our adversaries is right.
Like we, you know, we should, if your adversary is the NSA, right.
Which is like probably actually not most people in the U S like for most U S activists, the
NSA is not actually your biggest adversary, right?
Like your biggest adversary is going to be local police right your biggest adversary is going to be
um you know the the you know somebody like your abusive partner right and you need to and this
is why threat modeling is important because you need to to really to really think about you know
think through like you know well okay wait am i actually worried about protecting myself from the nsa or am i more worried about uh uh you know the the racist police
officer that drives down my street every day right and yeah probably it's the latter and so you can
you can take a lot more useful actions right uh uh and and you know you can you can
you know break that oda loop for him once you know actually what it is, right?
Yeah.
If you're defending yourself against the NSA, you're going to leave yourself wide open to the actual threat.
Yeah, I think a great example, and I don't mean to be like, quote unquote, subtweeting somebody here, but I've known a couple of folks like this.
It's like if you're super paranoid, you're not putting anything online,
you're only talking with your close friends,
you use a dumb phone, you have burners,
but you also drive around with a shitload of weed
in your car in a state where that's illegal.
Well, it's like, well, your threat modeling
is not great in that situation, right?
Or like, I do all that,
but I carry an illegal handgun with me wherever I go.
It's like, well, that may be more of a threat than your phone.
My partner the other day was like, what if I got a dumb phone?
I was like, what if I divorced you?
Like, what if?
They were like, what do you mean?
And I was like, well, I'm going to be the one using all the maps for both of us.
Yeah.
And having to Google all the dumb shit you want to Google.
That doesn't make, I'm now your
weakest link, like go fuck yourself. Um, but also I was like, I'm absolutely not going to be your,
your, your Google maps, bitch. Like I'm not, I'm not doing that. But, um, but I mean, I think also,
do you know, to, to both y'all's points to get serious again for a second, I mean, you know,
like my threat model, for example, um, might be similar or slightly different, maybe slightly less serious than
Cooper's. But, you know, like some of the like the the the journalists in India we are working
with have quite a high threat model, right? Like the Indian police force are very much like the
NSA. They're very talented. They have a lot of money and tech at their disposal. And that might be different for some of the activists we're working with, let's say,
in like Louisiana or Texas. Right. But the difference is, is like we're still talking
about, I would argue, two brutal police forces that just have different means of disposal at
their hands. It's like the Louisiana police Louisiana police are groups you should totally be worried about.
They might not be able to hack your phone, but maybe eventually they could.
But there are obviously other things to worry about with them.
But, you know, in the context of like with some of the folks we were working with in the South,
like reproductive justice activists, some of the things are probably much
more serious in terms of your threat model would be like a nurse for someone who, let's say,
is miscarrying or has sought an abortion. And this is something Kate Burtosh from the Digital
Defense Fund, a friend of, you know, ours has talked about, where like the people that are
supposed to take care of you might be the ones that are actually your, your biggest threat, right? The ones that have heard you say something
or you've confided in, for example. And, and that is kind of a horrifying thing to think about,
but that is, that is a thing you have to threat model, right? Is, is it, can I trust this person?
How am I describing, you know, what's happening? Yeah. Yeah, absolutely. Well, did y'all
have anything else you wanted to make sure to get into in this conversation? There's so much more
in your, in the great paper you helped co-author, what is secure and analysis of popular messaging
apps on the tech policy press. But yeah, is there anything else y'all wanted to really make sure you
hit before we roll out? Yeah, please don't use Telegram for a variety of reasons, but also like it's very unclear how they respond to any law enforcement or government.
They don't say anything and it's kind of impossible to reach anyone that works there.
Please don't use Facebook Messenger other than maybe sending memes.
There's a lot of really gross surveillance capitalism inside of Facebook Messenger that the paper gets into,
but effectively Meta is building this weird,
sprawling infrastructure inside of Facebook Messenger
to try to link Facebook and Instagram.
And one of the things we noticed is that
if you've blocked someone on Instagram or muted them,
but you haven't blocked or muted them on Facebook,
that your stories, like all those stories
are still coming across in Messenger.
So you can still see content from someone because it's linking both of those, both of those profiles.
So, you know, you could see how we're taking like an online harassment lens, like why that's,
why that's really bad, why that's really harmful and could be potentially, you know,
upsetting and triggering for folks.
and could be potentially upsetting and triggering for folks.
Yeah, I'll add that I think the major thing I want people to think about is that encryption really does work and it works really well.
And we can see that because a lot of countries right now
are trying to pass laws that either weaken or ban encryption.
And in fact, the UK did just pass such a
law, the online safety bill in the UK. And so it's really important that we push back against
these laws and fight back against these laws whenever we can, right? And I'm not coming at
this as somebody who's a big believer in incrementalism and in working with governments, but I still think that it's really important to educate folks and push back against these laws and try to not let these pass because these will be really bad for all of us.
bad for all of us. Totally. And not to defend the online safety bill, because I would never do that. I'll go to my grave not speaking highly of it, only speaking critically. At least like
the pushback from encryption experts and encryption supporters like Merith Whitaker,
president of Signal, did lead to lawmakers in the UK, for example, admitting that there is no sort of feasible, safe way to build a backdoor.
Right. And that is, I think, also a win because because of so much pushback, because of so much research, because of so much criticism that security and privacy folks gave people that are pro encryption like that.
We you know, we were able to walk back that part. And I do think that's a big deal, even if there are
other issues with that bill, because I think it also sends a signal, pun intended, to other
governments as well. And I think that that's incredibly important. But yeah, I would also
say just use signal whenever you can. But yeah.
Yeah.
Well, all right, folks.
That is going to be it for us here at It Could Happen Here.
Yeah.
Thank you all for listening.
And thank you, Cooper and Carolyn, for coming on.
Thank you for having us.
Yeah.
Thank you for having us.
You can find us on social media for now, I guess, until it all lights on us. Yeah. Thank you for having us. You can find us on social media for now,
I guess,
until it all lights on fire.
Yeah.
Whichever one you want to trust.
Yeah.
I'm Cooper Q on most social medias,
blue sky,
mastodon,
shitter.
Yeah.
I'm Caroline senders.
My first name,
last name.
Our lab is convocation research and design Cord Labs on Twitter at the moment. Hopefully we'll be getting on Blue Sky very soon.
Back in the day on the old something awful forums, there was a thread in one of the debate forums about this very right wing site called Free Republic, which was like one of the earliest
reservoirs of what became Trumpism.
And the tagline for the thread just kind of watching these people was there is always
more and it is always worse.
And boy, goddamn, if that hasn't been a continually accurate statement about the whole the whole of social media right now.
Isn't it kind of amazing to watch someone just light 40 billion dollars on fire?
Yeah, it's like totally.
There is a beauty to it.
Yeah.
It's like the nihilist in me being like, wow.
Comrade Musk really, really taking some hits to capitalism here.
It could happen here is a production of Cool Zone Media.
For more podcasts from Cool Zone Media,
visit our website, coolzonemedia.com,
or check us out on the iHeartRadio app,
Apple Podcasts, or wherever you listen to podcasts.
You can find sources for It Could Happen Here
updated monthly at coolzonemedia.com slash sources.
Thanks for listening.
You should probably keep your lights on for Nocturnal Tales from the Shadow.
Join me, Danny Trails, and step into the flames of rife.
An anthology podcast of modern day horror stories
inspired by the most terrifying legends and lore of Latin America.
Listen to Nocturnal on the iHeartRadio app, Apple Podcasts, or wherever you get your podcasts.
The 2025 iHeart Podcast Awards are coming.
This is the chance to nominate your podcast for the industry's biggest award.
Submit your podcast for nomination now at iHeart.com slash podcast awards.
But hurry, submissions close on December 8th.
Hey, you've been doing all that talking.
It's time to get rewarded for it.
Submit your podcast today at iHeart.com slash podcast awards.
That's iHeart.com slash podcast awards.
Hi, I'm Ed Zitron, host of the Better Offline podcast, and we're kicking off our second season
digging into tech's elite and how they've turned Silicon Valley into a playground for billionaires.
From the chaotic world of generative AI to the destruction of Google search,
Better Offline is your unvarnished and at times unhinged look at the underbelly of tech,
brought to you by an industry veteran with nothing to lose.
Listen to Better Offline on the iHeartRadio app, Apple Podcasts, wherever else you get your podcasts from.