We LOST More of Our Privacy in 2023. A Bad Year: Year Review

➡️ The year 2023 saw significant instances of privacy intrusions, particularly by governments, using the narrative of public welfare. Surveillance was entrenched deepened with the renewal of the FISA law, increased mass surveillance in the EU, and the recognition by Apple and Google of long-term monitoring of phone notifications. Techniques like “client-side scanning” for Child Sexual Abuse Material (CSAM) disrupted end-to-end encryption and rose concerns about false positives and misuse. Meanwhile, laws like the UK’s Online Safety Act fueled privacy invasions, and advancements in AI technology saw invasive tools built into common devices. Surveillance over push notifications was revealed and location-based surveillance called “geofencing” was used in politically significant events like the January 6 Capitol riots.
➡ Google provides detailed user location tracking data, which is stored in its “sensor vault” and iPhones have tracking capabilities even when powered off. Additionally, the EU plans to create a root certificate granting each EU country the ability to issue fake certificates that can compromise web encryption. Meanwhile, the renewal of the FISA law allows for continued, unchecked mass surveillance of U.S. and foreign citizens, threatening privacy. However, there are potential privacy solutions available, like the use of a de-googled phone and BytesVPN service.

It. 2023 wasn’t a particularly good year for privacy, particularly with government intrusion to our lives. As always, the narrative has been convoluted in such a way that you actually think that things are being done for your own good worldwide. There were some successes, or at least a delay in adopting privacy invading laws, but not entirely our big its privacy loss occurred in the UK. This can impact us even if we’re not in the UK.

The EU at one point pushed off a dangerous bill that could have had major effects on privacy. However, they have a new move that will definitely increase mass surveillance with repercussions. Way past the EU, the courts were busy with the January 6 Capitol riots, but that exposed a kind of surveillance that we can now attach a name to. The mechanics of warrantless surveillance become all the more clear this December.

Once again, the FISA law was renewed and the justification for surveillance is again embedded in law without recourse to the normal person. And just as we thought that that was it for the year, we finally get acknowledgement from Apple and Google that surveillance of phone push notifications has been in place for a while. Let me explain to you what these antiprivacy changes are, and for the most part, they are the ones initiated by the state.

The best ammunition against these is to destroy the fake narratives pushed by lawmakers and to make sure those lawmakers do not get reelected. It’s not an easy battle, but our weapons are based on education, which I will try to provide to you. Stay right there. This year, there was an almost coordinated push by the US, Congress, the UK and EU lawmakers to battle the so called threat of CSAP, which are photos related to child abuse.

The reason this wording was specifically used is because our gut reaction is that we need to protect our kids. And I’m sure the focus groups measured the reaction of the average person to CSAM and without explaining the repercussions of what they’re selling, it was an easy thing to push. So let’s dive deep into this. Specifically, the claim is that each platform needs to be proactive in identifying child abuse photos and reporting these to law enforcement.

However, what is suspect is that it was almost completely coordinated with the EU, UK and US completely in sync with this messaging. The claim about CSAM is that it is something that cannot be observed on encrypted platforms. So the solution is to break end to end encryption and that will supposedly allow the policing of CSAM. Now, this is the most important part here. Supposedly, in order to protect kids from CSAM, they need to break end to end encryption.

Right? And the way to implement this is through a technique called client side scanning. This is something that Apple pushed in the prior year, in 2022, and they were left with a decision to set this aside for now because of the user backlash they encountered. Now, this triggered the various state players to push this solution by embedding it into law. Basically, each state was pushing that the responsibility for the presence of CSAM on their platforms belonged to the platforms, and if they took no action, they could be sued for the liability of having such content.

Many platforms include some form of end to end encryption, such as WhatsApp, iMessage signal, to name a few. This also exposes any cloud based feature like iCloud, Microsoft OneDrive, Google Drive, Google Photos, and so on, though these are more easily surveilled. These platforms would be forced by these laws to scan for content supposedly that could contain CSAM. Except here’s the main problem. Klein sized scanning is basically a sledgehammer approach to surveillance where only a tiny fraction of it would apply to CSAM, at least in the US.

So this whole thing was about creating an infrastructure that didn’t exist before I repeat the story because it showed the history of three letter agency thought processes. If you recall the 2015 terrorist shooting at San Bernardino, California, Apple was being forced by the FBI to aid in unlocking the phone of the terrorist. Apple refused to comply and I can understand why. If they provided a way to break into the iPhone, then no one would trust Apple and it would have been a major impact on their business.

Image but over the years following the 2015 incident, various CIA directors took to the press and stated that the solution to end to end encryption was to collect the data prior to encryption. This would then, in theory, solve the encryption problem as it relates to terrorists. But terrorists have not been common lately. Say new boogeyman was needed and that’s the child predators. The dangerous thing about this that you should be aware of is that Apple found a way to have the AI on the phone scan the content of the phone and have that reported to HQ without a human involved, at least initially.

This is the Apple implementation of client side scanning. Their argument is that no human is examining the photos, though the logic for determining the content in a photo is built into the phone AI chip itself. The problem, once again with this sledgehammer approach is that the AI can find any kind of content. It need not be connected to children whatsoever, or it could be parents taking pictures of their children and causing false positives.

But the reality is that client side scanning just requires specific instructions to the AI to search for any content. For example, it wouldn’t be too much of a stretch to assume that the AI could identify subversive content, at least as it relates to the government in power. Let me first tell you the status of these various bills as they progressed through the various chambers of lawmakers. The EU failed to pass a CSAM law.

The US has not yet successfully passed any of these laws. However, the bad news is that the UK did pass the Online Safety act, which basically embeds the responsibility for building client size scanning to each platform, even if only the UK puts this into law. The problem is that each platform has to build their own mechanisms for scanning content pre encryption. Apple already has this, so that is a big evil right there.

Many Apple fans actually believe in the Apple response that they put this project on hold. What Apple did not acknowledge is that the API or programming interface to scan for images was already put into an earlier version of iOS. Even earlier. And lately we’ve heard that this API was also added to macOS. So forget about CSAm now. The tools to do client side scanning are now part of every Apple device.

Some testers were able to intercept calls by the file manager to use some of these image scanning APIs. This was discussed heavily in a Louis Rossman video. Again, because of the UK law, likely each platform will need to build their own infrastructure too. So this is just the beginning of this. Watch out folks. If you hear CSAM then assume you’re being fooled. The state wants to break into an encryption.

Generally this is the only thing important to them and this technology already exists on Apple products and likely coming to other platforms near you. While CSAM and client size scanning are on the forefront of future actions, it was recently revealed and wired that our push notifications are being surveilled by law enforcement. The thing about push notifications is that in most cases these are completely unencrypted. So simply by knowing which device to track, it becomes easy for a state to review all push notifications to your device.

This was revealed in court record and brought to the public’s attention by Senator Ron Wyden. And as usual, when these actions take place, it is often accompanied by a gag order on the platform. So we would not know about this in other surveillance methods. Obviously we already know from Snowden that there are a bunch of surveillance methods like capturing email, texting and phone records. The point is that these are always stated as necessary for protection against terrorists, though it will be interesting to note that the use of these surveillance methods are not connected to terrorists or foreign persons.

One specific case used notifications in a January 6 Capitol riot case, and I have more to say about that later. So beyond notifications, the court record specifically for the January 6 Capitol riot cases showed that close to 1000 people have been charged in the Capitol riots based on location data acquired from Google. This is important to understand way beyond the Capitol riot cases. It’s just that the government was very eager to prosecute individuals found in a capitol building on January 6, though I do not recall where governments have identified people involved in riots and destruction of property in the various riots around the country.

So governments can use location data selectively depending on their political expediency or purpose. This method of identifying people’s locations based on the presence of their phone is called geofencing. You mark gps coordinates of the area you want to surveil and then determine a time span, and you can then ask Google and Apple to supply this information. I don’t have specific information on Apple’s response to geofencing since nothing is public that I’m aware, but Google has been providing the data on locations willingly and even gave the database of locations a name.

It is called the Google sensor vault. We know this because it is in the court records. I’ve discussed this in various videos and I won’t go into detail on this. In fact, I explained it again in last week’s video. But generally be aware that your location is constantly tracked on a phone. Twenty four seven and you cannot turn this off unless you have a degoogle phone. And worse, iPhones can be tracked even if you turn the phone off since they turn into air tags.

So just be aware of this technology because it is used for dragnets in many areas. I wouldn’t be surprised if a large portion of the population has been part of search results just by being near places where crimes have occurred. This would victimize average citizens in many big cities. This would fall under the category of warrantless digital searches. While the EU did us a good turn by not passing the CSAM related laws, unfortunately, we did not pass 2023 unscathed.

Apparently the EU wants to implement standardized national identity cards for EU citizens. Now that part is the business of the EU, but they are apparently implementing something else that will impact us all. The EU wants to create a root certificate for the EU entity and then this root certificate will grant intermediate root certificate authority to each country. Just so you know, it is very unusual to have a root certificate be forced upon us by a democratic government.

This is a policy implemented in countries like Iran, Cuba, China and so on. But the presence of a root certificate that is not a valid root certificate authority is very dangerous. As I explained in multiple recent videos, it allows that government to issue fake certificates which can then be used to break web encryption in cybersecurity speak. It allows a man in the middle to capture network traffic and observe it.

This capability will be in the hands of each EU country when this law gets implemented. Apparently the browsers would be banned by law from removing these root certificates, and these are not really true root certificates issued by valid authorities. They would be imposed certificates the same way Google, Apple and Microsoft imposes their root certificates on their devices without any check and balance. So in addition to the already dangerous root certificates from big tech, we now will have governments to worry about.

Selective surveillance of web traffic would become easy to do anywhere in the world as long as you are in cahoots with one of these eu countries. Scary stuff. And I personally feel that web encryption is completely broken. I made a proposal to change the whole public key infrastructure to defend against MITM or man in the middle. That was in a recent video. Another highlight of 2023 is that once again the FISA law has been renewed by Congress.

FISA means the foreign intelligence Surveillance act. Originally from 1978, it was meant to provide judicial and congressional oversight on investigations on foreign persons in the name of national security. This law was changed rapidly, though, with the passing of the Patriot act. As a result of 911. Under section 702 of the Foreign Intelligence Surveillance act, the US government engaged in mass warrantless surveillance of Americans and foreigners. Phone calls, text messages, emails and other electronic communications.

Information collected under the law without a warrant can be used to prosecute and imprison people, even for crimes that have nothing to do with national security. First of all, FISA is implemented in secret. Second, though the original intent was to spy on foreign persons, the reality is that FISA was used to spy on 200,000 us persons. FISA was abused constantly and FISA courts really rubber stamped every request.

Once again, Congress was weak. Privacy groups, including the ACLU and the Electronic Frontier foundation, have lobbied for reform of FISA to put limits on the surveillance. But once again, they failed. It failed because we as a people accept surveillance as a fact of life. Yeah, you have nothing to hide, so you don’t care. Got it. These are the events highlighted for 2023. Each year a further reduction in privacy occurs, and this year we took another big hit.

I thought there was going to be a positive in 2023 with the introduction of pass keys and I’ve learned recently that even that’s a fake. So I thought that was going to be a privacy positive, but apparently not. I’ve said over and over that my goals are very simple. I don’t care that I have nothing to hide. I care that it’s none of their business. As a law abiding and tax paying citizen, I just want to be left alone.

I started a company to provide solutions to the average person instead of just talking about problems. Privacy is a changing battlefield and approaches always change. So I’ve studied the privacy problem and I came up with a few things that will greatly help. The primary solution to use is still a Degoogle phone. As I discussed in other videos, it is immune from geofencing and also protects your identity since it does not have a Google id.

Check that out. These phones are around $400 so they are cheaper than normal phones. I have a VPN product that protects you from mass surveillance and even hackers doing man in the middle attacks. They also protect your IP address. So this solves one of the issues I mentioned in this video which is the EU route certificates and the solution is the BytesVPN service which I’ve started a few years ago.

We have worldwide coverage and a known entity providing the service. Me. Hopefully someone you can trust. We have a Brax mail service that hides identity information from your email. We offer unlimited aliases, seven domains and webmail. Check that out for $50 a year. All these are on my store on Braxme. Sign up on there and you will not be asked for personal information to sign up. Thanks for watching and see you next time.

Funny. .