The greatest fear that I have regarding the outcome for America of these disclosures is that nothing will change.
People will see in the media all of these disclosures.
They'll know the lengths that the government is going to grant themselves powers unilaterally
to create greater control over American society and global society.
But they won't be willing to take the risks, necessarily, to stand up and fight.
And the months ahead, the years ahead, it's only going to get worse.
The one too, a couple of years ahead, the third year and last year.
Of course, the first year I have been thinking about this.
The president of the United States, an many years ahead of the country,
What is happening everybody
Simon
Back
Another episode
A little intro there
From our boy
Eduardo Snowden
That was
Almost 13 years ago
Can you believe that?
And here we are
Here we are
13 years later
And his greatest fears
Essentially have come true
Unfortunately
So this is going to be
Kind of a packed episode
Got a lot of things to cover
Gonna go a little bit in depth
And some background
And some clarity
Um
different things that I think have been circulating around definitely the internet the last few days
that I've seen mostly from different YouTube personalities and people on the socials but
there yeah there's a lot going on so this episode is 53 recorded today March 12th
2026 9 30 Mountain Standard Time in the U.S. I was laughing so I can't remember I was going to try to
remember what the UTC time was and I just totally slipped my head so this episode is locked out how
governments and Google are closing the open internet and it's a pretty pretty bold statement
there and hopefully I'm wrong but it definitely seems that we are going in that direction so
yeah that's uh that's going to be like the main headline uh I'm going to try to get to some of
some important topics some of them not so important some of them are just informational
If I don't get to all of them, of course, as always, the show notes link will be in
the notes below. You can click on that, get to all of the different resources, my notes,
links, all of that fun stuff. So one of the biggest things is Motorola announcing a partnership
with Graphene OS. So I'm going to talk a little bit about that. But the main crux of what I'm
going to be talking about is pretty much what the title said. And that is, there's two massive
shifts happening right now, one driven by governments and one driven by Google. Of course,
there's more than that at play, but that's what I'm focusing on in this episode.
And they're both aimed at the same thing, ending the era of being anonymous or ungated access to
digital tools and platforms. So we're going to talk a little bit about some of the different
legislation that's going on in the US and internationally, and that whole thought,
everything that's kind of revolving around.
that where your os is becoming an identity checkpoint before you even open an app so we're
kind of getting to the the root level here and second uh google announced you know starting
this year in september that every app installed on a certified android device must come from a
developer who is registered with google that involves you know submitting government issue
id paying a fee and agreeing to the google's terms even for apps that are being installed
outside of the google play store which are often referred to as is side loading which i just call
installing applications so by 2027 that'll cover 95 of android devices on planet earth so uh separately
you know each story in itself is kind of alarming together they reveal a larger coordinated if not
deliberate deliberately coordinated uh effort closing off the open internet as we know it today
So governments demanding to know who you are, platforms demanding to know who built the tools that you use, and the apps that are most threatened are exactly the ones that privacy conscious users depend on, whether it's F-Droid or anonymous open source tools and utilities built by people who never wanted a relationship with a corporate gatekeeper in the first place.
So in this episode, we're going to break down kind of both sides to the story and kind of just in plain English as best as I can and connect the dots between those stories and walk through what you can do right now to protect yourself from Google phones to VPNs and end-to-end encrypted communications.
So a couple other stories of notes. ISIS using the same Microsoft tech Israel uses to surveil and go after Palestinians. Security researchers warn about age verification laws and building a global surveillance system.
have a link to that as well as tiktok has come out and said they won't add into end encryption
for user safety which is mind-blowing ad guard launching both uh for vr both their first ad
blockers and uh a trustee what they're calling trusty vpn through ad guard which you know if
you're a meta quest vr user those might be of interest to you and then um of course there's
some mandates coming out of mexico uh mandating biometric sim registration for all phone numbers
so uh it might get to that article actually as well so if any of that is of interest to you stick
around if not uh totally understand catch you in the next one uh for those that uh are sticking
around i just want to give a quick shout out to those who support the podcast both through time
effort and talent and those are you know very much appreciated those efforts as a collective
collective do help significantly keep the show going and hosting and all these different things
and moderating. So I'm just going to give a quick thank you because we don't do sponsors. We don't
do advertisers. You are the producers. You all. Me, I'm just a dude behind the mic gathering the
information, setting up some stuff and just doing the best I can. But really, this community has
grown beyond really my expectations. Over 436 people sitting in the Matrix channel right now.
And that's just really amazing. Every time I'm dropping into the Matrix channel,
there's more and more conversations happening and good, good resources being shared back and forth.
We do have a couple of smaller group chats, both in SimpleX and another one in Signal.
And then we also have an off-topic channel. All of those resources can be found over at
closednetwork.io. And so I want to give a shout out to our Patreons, Michael Bates,
Privacy Badass. I can't talk. Privacy Badass tier.
Along with David, as well as TK, Vo also, and Mr. Milkshake, privacy supporter, as well as Mr. Milk Mustache.
Sorry, I misspoke there.
I did not mean to detract from your name.
And as well as Hutch, thank you all for that ongoing support.
It's greatly appreciated.
And also from our lightning boosters, Bond, Wartime, Circus Media, SNX, Firefly Go, a couple of anonymous, some big, huge supporters.
Bond is number one.
Lightning supporters over 108,000 Satoshis.
For those that don't know what sats and Satoshis are, those are people donating through Podcast 2.0 applications and sending Bitcoin, basically, just through the app.
Over the lightning network, Wartime, over 22,800 sats, Circus Media, 48,663, Firefly Go, just in the last episode alone.
alone 6,500 sats coming in a total of 17,567 satoshis just totally thank you thank you all
for that uh love and support and and i really appreciate it i'm gonna just talk uh real quick
about the patreon stuff i'm gonna keep the patreon up and i have some goals and ideas for that as i've
been kind of working behind the scenes on infrastructure i moved the website over from
wordpress to a ghost cms which is a open source content management system and it has the ability
to kind of do the same thing that patreon does so those that want to support financially that maybe
don't like patreon you can go directly to closed network.io you can set up an account with an alias
email account or whatever doesn't matter whatever works for you you can you can do a free or paid
subscription whatever works out for you economically is totally cool one of the benefits to signing up
for the free account over there
is I've been wanting to do this for a while, but kind of putting out a newsletter or at least
content via email. It will only be information sent from me, and it will only come through that
channel. I initially had the list building on the website going through MailChimp, but I didn't
really want to use MailChimp for the email marketing aspect, or not marketing, but the
newsletter because I just didn't really like all of the cookies and everything that they embed in
there, and you can't really opt out of it. Ghost is significantly better. It's more private-focused.
I'm the only one that sees the lists, and it's a little bit easier for me to have a central point
where I can create a post and email it out. I can embed a quick podcast in there or some audio or
some stories, some of my writings, those kinds of things, and some how-tos and tutorials as well.
that's going to be a little bit easier for me to do all through that one ghost cms platform and so
if you want to be signed up for that all you got to do is pop over and click subscribe yeah put in
a name could be fake name fake email whatever email alias you want to use the more the better
i love seeing email aliases in there it warms my heart so uh that's kind of where we're at the
website still um i have a lot of um content to add but the the primary links are there for if you go
to the website there is a link called community links and that is going to be basically the
breakdown for getting into the main matrix channel the off-topic channel and getting over to our forum
and show notes so still have the forum up uh it's not super active kind of just use it as a knowledge
based repository and i've got plans for that down the road but right now the main website closed
network.io is kind of the hub for everything and so you'll be able to get to the links uh from the
from the website and as well as on
under the podcast tab, um, I'm just embedded the yellow ball podcast feed in there as well as
links to the RSS directly. Or if you want to listen to it on Spotify, Apple, Amazon, whatever,
or you can just grab the RSS feed and add it to your favorite podcast player. Of course,
the podcast is in all major platforms. So if you just, you know, whatever podcast app you use
antenna pod or, you know, uh, podcast guru, whatever, whatever you should be able to just
search for closed network podcasting and it'll, it'll come up anyways. It's just those that want
to manually add stuff. Or if you don't like using an app, because a lot of people do listen through
the browser, you're welcome to just pop on over and, you know, click on whatever episode you want
and just hit play. And, uh, yeah, so that's kind of, kind of getting some streamlined. I talked about
this, uh, over the last few, a couple episodes about changing things up. And so, yeah, that's,
that's what I've decided to do for now. I don't know if I'll do this forever, uh, using
I don't know if I can't.
GoCMS, but it is open source, self-hosted. You can kind of keep things under one roof. And I'm
not also relying on a third party to send emails out. So those will all come directly from the
site. I want to give a quick thank you to our moderators on Intelligent 7, Mattis Max, always
in the forums and the Matrix channels and welcoming people. And even with their busy lives,
it's all volunteer. So I just want to say, I appreciate that. Thank you guys. And yeah,
if all of the channel links and everything are also in the show notes, so the Matrix channels
and all that fun stuff, you can follow me on Mastodon, Noster, X. I still am on X. Probably
will be there for a while. I don't know when I'll exit from there, but you know, if you want to
follow me, that's where I'm at. But you can also just subscribe through the website and I'll be
sending out more communique via that vehicle. So, uh, so
yeah, that's it. Without further ado, we're going to go and pop right into this debacle. I put a
lot of work into putting this together. So hopefully it conveys well, and you can kind of
simply understand and follow. If you watch YouTube, like some ordinary gamer or, you know, like
Mudahar, so just other privacy focused YouTube channels that have been talking about this in the
last week and even actually over the last year, especially with the Google stuff, but even more
so with the age verification, because we are really kind of in the home stretch of like, you really
can't hide from this. Even all, like a lot of mainstream Linux distributions are putting out
blog posts and things about how they're going to comply with some of these state laws and
international laws for the attestation of what age you are lumped into a group, and then that'll
create a signal. So I'm going to
to kind of talk a little bit about that. And I also want to talk about, you know, really,
what does this mean? Because there are two parallel scenarios happening simultaneously
this year. There's scenario A, which is you buy a new phone, and before you reach the home screen,
it asks for your date of birth. And every app you install from that point forward gets a signal
about your age. So this is law in California, Louisiana, Illinois, Texas, Utah, and dozens of
other countries are following. And then there's scenario B, an anonymous developer has spent,
you know, one, two, three years building a privacy tool that helps people in authoritarian countries
communicate safely. And it's starting in September of this year. So, you know, six, seven months away,
that app is going to be blocked from being installed on 95% of Android phones unless that
developer hands their government.
ID to Google. And so there's a connecting thread here, both stories, right? They're about the same
thing. Who controls access to digital tools and what price do you pay to use them? So the stakes
for everyday users are, you don't have to be an activist or a journalist for this to affect you.
These changes reshape the phone and your pocket, the apps you can install and what companies
behind your device, what they know about you. So let's, let's just talk about the OS level
age verification, right? So the traditional age verification is a website asks you to type in
a birthday. This is common if you've been to like a tobacco sales website or an alcohol beverage
website or something like that, you just type in your address, right? Easy to ignore, easy to fake,
you know, widely considered just theater for the most part, right? It's just like, Hey, we ask our
visitors how old they are. But the new approach, this new approach, legislation is moving the age
check.
into the operating system itself so before you open a browser or download an app
and there are four bracket systems to this so laws like california ab1043 classify users into
four age groups there's under 13 then 13 to under 16 16 to under 18 and 18 or older and the api
handshake every time you download or launch the app the os sends a real-time signal with your age
bracket to the developer silent automatic always on so this is happening in the background because
it's built into the operating system this isn't like an app this isn't just a setting this is
something that just has to be on by default and to be compliant so the simple analogy is think of
your phone's location services you turn them on it's set up an app can silently request your location
forever right
A lot of times, if you go into your privacy settings and you look at location, you can
see what applications have access to your location based on whether or not you're using
the app, whether they never have access to it, whether it's always on, right?
Well, this is going to be an always on feature, right?
Sending this signal of your age already, you cannot kind of shield that, that piece of
data about yourself.
So in the US, right, state by state, California has AB 1043, which is the Digital Age Assurance
Act.
And that was signed October 2025 and effective January 1st, 2027.
And that applies to any entity that develops, licenses, or controls an OS.
And it's sweeping.
And it's not just Windows and Mac OS, Android and iOS, but Linux distributions, Valves, Steam
OS, and even niche open source projects.
So it does not require a photo.
ID and users self-report their age. So critics are calling this the honor system dressed up as
child safety policy. And for me, this, I'm looking at this as like the, it's a layer layering in
the groundwork, right? So it's kind of like, Hey, we get everyone on board with building this in
at the OS level, they build out the APIs. And then later on, it'll be a lot easier for them
to actually pass new laws to enforce photo ID because the mechanism, the system will already
be in place, right? So like I said, it doesn't require a photo ID right now. This is a user
self-reporting their age, but the penalties are stiff for not implementing this. So for each affected
child that, that is access to an OS that didn't have any kind of attestation where they attest
their age to the device's $2,500 fine.
for unintentional violations, and $7,500 per fine for intentional ones.
So Louisiana has a similar bill, HB House Bill 570.
That goes into effect July 1st, 2026, a few months out.
Illinois, Senate Bill 3977.
That's effective January 1st, 2027.
Texas, SB 2420.
That's a mobile-focused, similar framework bill.
Utah has SB 142, already partially enforced, and full activation is December of this year,
2026.
Colorado is SB 26-051, proposed, modeled on the California law, and its potential effective
date is January 1st, 2028.
So Louisiana, Texas, and Utah already have App Store Accountability Acts requiring mobile
app stores to verify and transmit users' age.
And California's law goes further by...
the desktop apps as well. So it's a lot to keep up with because some of these are just mobile only
or mobile app store. Some of them are now going to be OS level. And on the international platform
here or in its stage, if you will, Australia has the global trailblazer. And that's December 2025.
It's a major social platform, you know, basically, you know, requires legally requires to ban
users under 16 or face heavy fines. And in March 2026, there's an extent an extension to
pornographic and explicit pornographic material and explicit gaming and search engines have until
June of 2026 to implement age assurance for logged in users. In the United Kingdom, of course,
we've talked many, many times about the Online Safety Act. That's, you know, from 2023, those
provisions are in force as of July.
of last year so all platforms social media forums search engines dating apps they must they have to
age verify you know of course to protect minors and early enforcement uh you know reddit was fined
for for uh relying on the self-declaration and then france germany spain spain brazil netherlands
portugal poland norway malaysia all have various stages of social media age restrictions or age
verification mandates through 2026 and then in the eu there's the digital services act and the eu
digital identity wallet integrating age assurance standards expected to mature later this year so
over the next one to two years we're going to start seeing significant changes you might already see
a lot of these things happening if you're an ios user i know i mentioned i think on the last episode
52 that ios 26.4 which was still currently in beta but it probably will be pushed out over the next
next month or so already has that age verification
baked baked into it as well as some other features like rcs into an encryption for uh
you know communicating with android users using rcs and those kinds of things but that's where
these different um technology stacks are rolling out so you know why does this matter for privacy
beyond the child safety right it's because you know looking at this of course we always hear
it's for the children it's for the children and but everyone has to provide their age
at the os setup not just kids so if you don't have kids in the house you don't it's like everyone is
impacted by this so the infrastructure is built into your device from first boot regardless of
who you are and the self-declaration problem is we're seeing is california's law doesn't require
adv verification and if it's this easy to lie what's the actual goal here right the infrastructure is
just being built for a more durable policy policy and you know it's it's it's easier to just
justify it when many
you
and nations are or countries are kind of doing the same thing it just sounds it just seems like
it's a lot easier they they have momentum to to push this out and we we know about the data
breach risks right in october 2025 discord through a third-party vendor there was a breach
exposing approximately 70 000 government ids collected specifically because of age requirements
and now age data is is a new honeypot so the open source collision right uh where the laws
definition of os provider and i'm using air quotes with my fingers as i say os provider
is so broad it sweeps in linux distros steam os and even niche open source like calculators
db 48x which responded by geo blocking california and colorado users entirely rather than comply
because it's
it's like if you're a small volunteer team you may not have the resources to you know build out
os level or app level uh age verification so what some people or some groups are doing is they're
just saying okay well if you're in california colorado you just can't use our app and we'll
just basically geo block you you know from ip so if you're coming to their site from uh your you
know an ip address in those states they just just won't let you access it so you know will that work
in the short term sure but uh probably not very well and at some point people are gonna have to
start making hard decisions and i have my own questions around that too because there's a lot
of situations where it's like well what about server os's or what about hypervisors right they're not
technically an operating system they're just a kernel manager uh is it an os i don't know is that defined
is proxmox an os is true naz an os
os is docker nos you know if you set up a docker instance for an application specifically
technically i guess it's an operating system but is it though because you know uh yeah you know
and if a child were to access an app uh from that docker container running this could be something
like a media player a media server is you know does that fall within that because they didn't
age verify to watch something on jellyfin i you know i i don't i don't know i i'm asking a lot of
questions is cubes os going to adhere to this it's technically a hypervisor for for a workstation
right for a for computer desktop every time you launch an ephemeral vm application it's pulling
from a vm template does that template vm need to be os verified right i mean you see like how
ridiculous this is and how do you
enforce that. And I don't think the governments are really too worried about how they're enforcing
it yet, as much as they are as laying the groundwork, the foundation for the acceptance
of this being a new normal, so that years coming down the road, it becomes a little easier for
them to get to the ultimate endgame, which is photo ID, like your identity will be verified
to the operating system, not just you attesting that you're within a certain age signal,
but that you have actually doxed yourself just to use a stupid phone or a laptop. So I want to kind
of step back and look at the two different, you know, we'll look at the, you know, the Android
ecosystem specifically, right? So Android's open promise and why it matters. So iOS, right? iOS is
what runs on Apple iPhones. From the very beginning, it's been one store, one gatekeeper, Apple decides
what exists.
on the phone, what apps come stock from, you know, Apple developers, and then what kind of store
you can, you know, is available and what apps are available in that store. Android, on the other
hand, is built on AOSP, which is the Android open source project. And you could always install apps
from anywhere, your own files, you could compile your own APK and just install it. There are third
party stores like F-Droid and Aurora. And you could even just download applications from like APK
Pure and, you know, other repositories that keep basically an archive of different versions of
different applications that you might want to regress to and things of that nature. That's often
referred to as side loading. I like to think of it as just installing an application. Side loading is
a term that's used when you're typically installing an app out from not using the preferred,
well, you know, app store. In this case would be the Google.
play store so you know installing those apps is how privacy how the privacy ecosystem has survived
i remember uh a while back this is probably a few years going back but my pseudo
is um an app that you can create different anonymous identities in it can be ephemeral
it can be persistent you can attach a phone number to it an email address is kind of having
these pseudo anonymous you know pseudo anonymous profiles uh to be able to use for different
situations i myself to this day still use my pseudo there was a time uh where they just made
the apk available from their website to download and install that would be considered side loading
and you know there's there's tons of instances where we're all a lot of us listening to this and
that talk in the in the in the group that all sideload right most of my applications i'd say
a large percentage of them are
are either coming from Accrescent,
which is the built-in store from Graphene OS,
or from GitHub or other repositories
using the Obtainium app,
because you can just add a source link
of where the app lives,
and Obtainium will install it
and tell you when there's a new update available.
This is how I install Signal
as well as several, several other applications,
but I am installing in those all through Obtainium.
So if I look at my Obtainium list right now,
you know, NT Photos, Orbot, ProtonMail,
AntennaPod, BravePipe, Breezy, Weather, Clock,
you know, I mean, tons and tons,
Image, ICSX app, Mastodon, Material Files,
Mali, MulvadVPN, I have Micro-G installed
even through there,
because I do use it in a specific user profile,
Primal, Revance.
you know runster seal i mean to the wave lake i mean tons and tons of apps i install
from uh the source directly using obtainium i'm not installing them from like the play store so
anonymous developers specifically chose android because it let them ship tools without handing
their identity to a platform controller well back in august of 2025 google announced you know
starting september of 2026 every app installed on a certified android device must come from a
developer who is registered with google regardless of where the app come from right so this is just
not about google play store it covers side loading apps installing apps so fdroid apps apps from any
third-party store apps distributed directly from developers websites anything on certified devices
so certified android devices
make up probably 95% of all Android phones worldwide. I think the number I've heard
tossed around as far as like the number of Graphene OS users is somewhere in the ballpark
of around 400,000. Now that sounds like a lot, but in a planet with billions of mobile devices,
that's just nothing. That's a drop in the bucket. So, you know, some people will say, well, this
doesn't impact de-Googled phone users, but it actually really does because the user base is
going to shrink to literally almost nothing overnight come September. So, you know, will
developers continue developing for the very few out there that are using de-Googled phones,
especially when these people might be relying on donations and things to fund the project and
run their infrastructure? We don't know. Likely a lot of people will stop developing because they
don't want to dox themselves for writing an app that circumvents ad blocking or things of that
nature. So what are the developer certification requirements? It's a 24%
one-time registration fee paid to google so we have an extortion fee built in the creation of
a google put google payment profile of course so that we can pay them government issued id
an agreement to google's terms and conditions which okay if you're a revanced developer if
you're a new pipe developer like you're already breaking their terms of conditions so you're not
going to submit that proof of ownership of the app signing keys and registration of all apps
in a new android developer console so if you're an app developer and you want people to be able to
install your apps even if your app isn't in the app store the google play store all of these changes
will roll out to the android os so you're kind of boned so what the timeline looks like right is
august 2025 last year this policy was announced november of 2025 there was an early access preview
where google added you know students and hobbyists to carve out
you
like limited device distribution to get buy-in march 2026 this month verification opens to
all developers globally so there's they're starting the process now in september of 2026
enforcement begins and brazil indonesia singapore and thailand and then into 2027 and beyond will
be a global rollout of all certified android devices worldwide so this is a this is kind of
a staged rollout but who gets hurt from this like i said f droid open source app stores the entire
model source code auditing instead of identity checks is going to be replaced by google's
identity-based gatekeeping its catalog of privacy tools utilities open source apps all face dramatic
reduction so f droid or a board member and i'm gonna i cannot say this dude's last name his name
is mark prudemoy prudemoy prudemoy prudemoy prudemoy prudemoy
p-r-u-d apostrophe h-o-m-m-e-a-u-x um so uh board member for f droid i'm just gonna call
mark estimates 90 to 95 percent of android developers are opposing this policy sure
totally could completely see that anonymous privacy app developers developing build you know
developers building tools for journalists activists i mean think of all your security drop
and orbot and and everything to do with tor and anonymous communications encrypted you know
tools and all these different things um those users you know especially repressive countries
face like a stark choice like reveal their identity to google and any government that compels access
to that database or lose reach to virtually every android device and the database concern here is
google has not answered what the data it collects during verification how long it's retained
or which governments can access it
So this policy creates a comprehensive global database of all Android developers, including their government IDs.
So the antitrust angle here is the policy follows Google's 2024 antitrust loss to Epic Games, which required allowing third-party app stores.
So critics argue verification is a workaround.
Third-party stores technically still exist, but every developer must register with Google first.
So like I said, it doesn't matter if you want your app in the app store.
If you're just even developing it to be installed through a different channel, like Obtainium, or through a Crescent, or F-Droid, you have to do this.
So this extends Google's gatekeeping authority beyond its own marketplace into distribution channels where it has no legitimate operational role.
And, you know, there's an open letter to Google signed by EFF and Free Software Foundation and Tor Project and Proton and F-Droid and 30-plus others.
as of last month, February 24th, 2026. So that's kind of who's fighting back, right,
to keep the Android open movement. There's keepandroidopen.org. That's led by the F-Droid
board member, Mark. The open letter addressed directly to Sundar and Larry Page and Sergey
Brin, Google's VPs for, you know, app and ecosystem trust. The signatories include the EFF,
Free Software Foundation, F-Droid, you know, all of them, Proton, AG, NextCloud, Fastmail,
Vivaldi, Article 19 and dozens more. So there's a lot of, like, people trying to reach out and push
back. I know even, I think, last, earlier this week or last week, the CEO or one of the founders
for System76 met with a Colorado senator to really explain, like, the challenges and the dangers of
doing this, who's a Colorado senator who was, you know, behind the bill in Colorado.
for the OS age verification and you know Google's partial concessions are well you know a student or
hobbyist account type has limited distribution and there's a vague advanced flow I don't know
for power users and probably if you've if you've been following the story you've probably heard
advanced flow but no one really understands what that is and fdroid notes that Google has refused
to provide any concrete details on what advanced flow actually entails and it's probably just some
something that you know they kind of came up with to say oh no we've got some we've got something to
address your concerns it's called you know they probably just pulled it off a whiteboard in a
conference room somewhere we'll call it advanced flow uh that will help you know ease the burden
uh you know for for this and yeah so connecting the dots right the pattern here is governments
are requiring OS providers to collect and broadcast identity signals they're a
at the infrastructure level so before you even open an app or download an app install an app
and then google is requiring developers to be identifiable to a central authority before their
software can reach the device so gating who gets to build for their platform even though it's
supposed to be an open platform both policies use the language of protecting children protecting
users from malware to justify this infrastructure change and create this gatekeeping power both
policies hit the privacy community the hardest because the tools are most threatened by identity
requirements and those are tools designed to resist identity you know so it's kind of like a catch-22
and you know if you have to start giving pieces of your identity to just use the device like you're
and then now the apps are limited because the apps that you want are from developers who don't want
to participate in doxing themselves it's like uh you know so the compounding effect
uh, that I see is, you know, once both policies are in full force, you know, your OS is broadcasting
your age bracket with every app launch and every app on your device comes from a Google verified
developer who surrendered their identity to install their software on your phone. So at the
OS layer, the governments know your age, it can trace your app usage. And at the app layer,
Google knows every developer can disable any app and holds a global registry of who built what.
So what's the end result? A device that is far less anonymous than most users can assume. And it
both ends of the software stack from the end user using the device and the developer making the
software that for which device it goes on. So what are the escape hatches? Well, I mean, we know about
a lot of the de-Googled Android, you know, OS is yet graph, you know, as the biggest one, some might
say Calix OS or lineage OS. I don't think, I don't even know if Calix OS has come back to developing any
new ROMs. I think they were taking a six.
months sabbatical and i honestly haven't followed uh the status of what they're doing but you know
those are those are exempt from the google's developer verification policy because they're not
you know these certified right they're not certified so they're just aosp based builds
they're not certified android devices so they fall outside google's enforcement reach on the
age verification though these these builds also sidestep the os level age signal since they don't
use the standard google account setup process where age data would be collected so in my opinion
this is not really just a fringe option it's increasingly you know the answer to both problems
at once um i think that people are resilient and you know developers like there will be a lot more
users that were you know and and kind of dovetailing over because i have you know obviously this story
which is huge about motorola being the oem that's
partnering with graphene os to basically uh you know from from motorella side they want to expand
their enterprise portfolio and offer like a more secure private device and so they're working with
the graphene os team to actually make a foam that meets the security requirements of the graphene os
team so there's a possibility here that um the demand i mean and really
motorola is the only official oem that graphene os works with but graphene os is not exclusive to
them so other oems could make phones and tablets or whatever uh that meet the security requirements
and collaborate with graphene os to grow because i think there might be this sub market that will
grow like if we're saying 400 000 users well i could see that growing to 4 million i could see a 10x
growth in a year and a half or two because you know when you think about who's using graphene
os well hardcore privacy advocates i i use graphene os a lot of people and made in our groups let's
you know use it but it's it's kind of small it's it is not kind of small it's small it's a small
user base if we can get that user base to grow then that incentivizes open source you know app
developers to continue developing even though they won't be able to get the reach to the larger
android market so i am trying to be optimistic and hopeful that that is maybe the path that we see
because if we don't then it's it's just going to be hard right we may still have the hardware we
may still have graphene os but you may have very limited you know options for applications because
developers walk away from continuing to build out their software and we're just left with a bunch of
old-stale
patched applications so what can we do like right now um and that's basically going through your
devices and checking your privacy and security see what data is being collected and which apps
have access to what knowing which of your apps came from where was it installed via f droid was
it installed from attainium was it from uh google play store is it at risk under google's new policy
uh then the next step i would actually this is kind of something that a roadmap for myself right like
okay simon like you're telling all this what what can i do back up what you have so before google's
enforcement hits save local copies of your apps that you depend on tools like apk extractor can
pull those installer files from apps already on your device export data from privacy sensitive apps
while you still have full access because they may they may shut them off right if you're this is like if
you're
a regular Android user, right? If you're on Graphene OS, that wouldn't be as big of a threat.
If an app you rely on is distributed through F-Droid only, like reach out to the developer
and ask what their plans are under the Google's new policies. Some will register, others won't
or can't, and try to find out what you can. If you have like a few apps that you just 100% rely on,
email, contact the developers. Tell them, hey, first of all, I really appreciate you doing this.
I live by this application. I need this application. What are your plans for Google's
new policy and how would this impact this app? Because the more information and the knowledge
you have before these things happen, the more you can plan some of your alternate roadmaps.
Graphene OS, in my opinion, the gold standard, right? Runs on Pixel devices, has sandbox Google
Play option for apps that require it. It's completely exempt from both Google's developer
verification policy.
and the standard os level age collection setup and you know lineage os yeah i mean i know some
people use that and they'll say that in the chat it's you know broadest it's got the broadest device
you know compatibility and it has a strong open source community is it as secure and private as
you know graphene os definitely not um i honestly probably wouldn't advocate to use lineage os if
you have a threat model that you know makes you worry at night about the security of your device
meaning if you lost it or something like that um but you know it's just it's something so i'm
mentioning it um and then also use the right tools right so you know you make sure you know you're
using a vpn to mask your traffic um i personally really like mulvad i've been using mulvad for a
long time i like to keep my vpn separate from other app companies that i also use so i do use proton
mail i use tutomail so for my my vpn i like to use mulvad so that way i have these kind of
compartmentalized applications and
uh
It's harder to correlate users.
I know there's some controversy about ProtonMail recently
because they gave payment information to law enforcement to arrest somebody.
That's a topic for another time.
So I do know about that story, and I think it's kind of like,
hey, expect that if any commercial company is compelled by law enforcement
that they're going to have to give them whatever they can.
They can't give them access to the email content,
but they can give them access to other meta information and payment details
were tied to that user using a credit card in their name.
So think about those kinds of things, right?
Keeping the separation of who knows what you're doing.
Also, Tor or Orbot is a great tool.
It adds an anonymization on top of VPN-level privacy.
It's available on Afterroid because you can actually have Orbot running,
which is a connection to Tor,
and you can select which app specifically you want to route through Tor
because not all apps...
will work well, right?
Like your banking app probably wouldn't, you know,
route that through Orbot, but a social media app,
sure, why not?
You know, other applications, podcast apps,
anything that you want to break up, you know,
any traceability of what data is being sent where,
it's a great tool for that.
Signal, obviously, it's a tried and true
into an encrypted, you know, messaging tool.
It's available in Google Play.
It's probably at less risk
from developer verification and on AfterEd
because they'll probably verify
because it's so big.
And then your end-to-end encrypted email providers,
you know, like I said, ProtonMail, 2Denota,
they also both signed the open letter
opposing Google's policy.
So I kind of look at them as, you know,
like on our side in this case,
whatever that means.
And for the people fighting this,
you know, you can sign the open letter
at keepandroidopen.org.
You can support F-Droid.
It runs entirely off donations.
And volunteer labor.
fjoy.org you can support electronic frontier foundation so they have a great leading legal
and legislative team that fights you know multiple issues and start talking about it start talking
about it to people in your life they may not have any idea that this is going on and these changes
are happening so you know share this episode maybe with them or share content in a meaningful way
that's just kind of more informative but not you know like threatening and you know the more people
that you know also start emailing and calling their their state legislators their whoever wherever
you are wherever you live however that's set up with your government organization contact the people
that represent you or should be representing you so uh what not to panic about yet so the california
age verification law is self-reported on our system right now enforcement verification mechanisms are
really unclear at the time so the risk um is just what infrastructure becomes you know
you
and what it is and what it isn't, you know, today. And Google's enforcement doesn't go global until
2027. Like I said, 2026 is rolling out a handful of countries this year, and then will be global
next year, 2027. But it's not unlimited. So the legal challenges, you know, are coming on both
fronts, both from the First Amendment side, if you're in the US, and as well as antitrust
proceedings and EU regulatory friction and could slow that implementation down. So we'll see how
that goes. So basically, the takeaways are just governments are building these age verification
infrastructures at the OS level, California's law, Louisiana, Illinois, Texas, Utah, and much more
are to follow. And your device will be the identity checkpoint, right? Google is closing the Android
open ecosystem by 2027. This is all in motion. So these are the kind of things to think about.
And, you know, there are two different actors, you know, there's the government, there's Google,
there are building two different gateways.
This is...
basically to access your digital life.
You know, one wants to know your age.
One wants to know who built your software.
Neither is asking for your permission.
It's just going to be mandated.
And all these tools and apps that we use
are effectively, you know, caught in the crossfire.
And a lot of those tools are designed to protect you
from that kind of scrutiny.
So I look at this as just a total attack across the board.
And, you know, the open internet was never guaranteed.
It was built by people, I believe,
who, you know, believe it should exist
and it should be defended by people who still believe that.
So, and that's, you know, what this whole podcast is about
is trying to identify, you know, what's happening.
What are the forces out there that are trying to creep in
and encroach on your sovereignty,
your ability to communicate, share ideas, be creative,
make dank memes, whatever.
And now it's like, well...
they want to know initially now more about you uh from from the get-go and they want to know
what apps are being installed and who are the developers behind those apps so that is the
crux of you know this whole thing that's been going on really since last year and is getting
a lot more traction into this year and i expect you know over the next few months uh you know i
keep tabs on this i'm trying to keep tabs on which states which countries uh are going to be
affected you know by this whether it's os verification or age restrictions and that kind
of thing but it's just a weird time to i never in a million years would have thought that ever
installing uh a linux distribution where it would ask for your age at the point of install and how
they even roll that out to adhere to all that is like a whole nother ball of wax i don't know what
that's going to look like i think
you
you know and again in the beginning it's on our system so you can just put in anything really but
the problem is is that that infrastructure now becomes in place because there's these api calls
that are being done at the os level to send that signal of the age to the app uh as you install
applications but like how does this work you know especially when you think about linux you can
compile applications from source i mean i i've done that many times uh where there's not a binary
for it i mean the enforcement side of it i don't understand i don't understand and that's why i
think i don't think they really care i don't think it's really so much about that right now
is it is more about setting uh the precedent for it just to exist at all and then over time see how
far they can get away with eroding that so uh kind of come back real quick to this graphene os
partnership so
So, Motorola says it's introducing a new era of smartphone security through a long-term partnership with the GrapheneOS Foundation, the leading nonprofit and advanced mobile security and creators of the hardened operating system based on Android open source project.
Together, Motorola and GrapheneOS Foundation will work to strengthen smartphone security and collaborate on future devices engineered with GrapheneOS compatibility.
It says, quote, we are thrilled to be partnering with Motorola to bring GrapheneOS's industry-leading privacy and security-focused mobile operating system to the next generation smartphone, said spokesperson at GrapheneOS.
I'm not sure who it was.
So, quote, this collaboration marks a significant milestone in expanding the reach of GrapheneOS, and we applaud Motorola for taking this meaningful step towards advancing mobile security.
Which kind of makes me think that Motorola actually approached GrapheneOS because it looks like Motorola, you know, wants to basically offer...
some enterprise, like I said earlier, some enterprise products and services for businesses
and different things. But, you know, as far as on the consumer side, benefits us because
they are an OEM. So Graphene OS will get easier and quicker access to AOSP releases. We kind of
lived through the little hiccup with the initial Android 16 QPR1 release that they were struggling
to get. Also, too, Google has not been releasing the Pixel firmware or device drivers and things
of that nature. That makes it, you know, a lot easier for the Graphene OS team to add enhancements
and features to the device components like the camera and microphone and these different things.
You know, with their operating systems. So working with an OEM that's basically working hand in hand
will knock a lot.
lot of those barriers down. And I think that the end result will be very cool. I think that, again,
I think I also could open up the possibility to expanding our reach and growing that user base
even further. One thing I wanted to touch on was that Mexico mandates biometric SIM registration
for all phones. And this is something to keep an eye on because if this takes off, I could see
something like this happening. I know that there's already in a lot of countries that require you to
KYC yourself, show identity and all that kind of stuff to activate a mobile number or activate a
SIM card. But this is mandating a biometric SIM registration. So anonymous prepaid SIM cards
are dying in Mexico. So this is going to be in effect this year, July 1st, 2026. Every active
cell phone number in the country must be biometrically linked to a named government
credentialed individual.
or face suspension. That is around 127 million numbers, each one tethered to an identity the
Mexican government can look up by name. So the mobile registration law took effect January 9th
of this year, covering prepaid and postpaid plans, physical SIMs and eSIMs. Existing subscribers
have until June 30th to complete registration. New lines activated after January 9th of this year,
so a couple months ago, get 30 days. If you miss the window, the line goes dark, phones cut off. So
enforcement mechanism runs through the CURP Biometrica, Mexico's biometric upgrade to its
existing population registry code. So the new credential embeds a photograph, electronic
signature and QR code that directly is tied biometrically to a verified record.
uh, held in the national record.
registry. So it's, I don't know, that's pretty scary. So residents are registering a mobile
line must provide their CURP number alongside a valid government ID, which makes biometric
enrollment not optional, but structurally required. You cannot register a phone number
without first handing your biometric data to the state. So it's like your thumbprint,
that kind of thing. What Mexico is building here is a national phone network where every number
has a face attached to it. Other than convenience for those who have low usage in some criminals,
prepaid SIMs have historically been the tool of people, tool of people who need connectivity
without disclosure, domestic abuse survivors, journalists, activists, anyone whose safety
depends on the gap between a phone number and illegal identity is closing. They've announced
any, there's no exemption. So the government has
not announced, or I should say they have not announced any exemption for these populations,
and the administrative guidelines released so far contain no carve-out for people who face
genuine risk from identity-linked registration. So this article will be in the show notes if you
want to go read the whole thing, and I'm just looking at this going, man, you know, we talk
about how sometimes certain states or countries will pass laws, and you're like, oh, wow, sucks
for them. But, I mean, this really is a global challenge. Like, no matter where you are,
they're likely probably talking about, have already implemented, or planning to implement
similar laws that basically force people to, you know, dox themselves. And then the second part is
these databases are being created, which will be just massive honeypots for
hackers. Especially, I mean, the FBI can't even knock.
get hacked right uh there's just another recent fbi hack and internal hacks regarding the epstein
files i mean it's just there's no such thing as a secure computer there's no such thing as a secure
database it's not a matter of if just when and so now governments are forcing citizens to adhere to
this and give more and more information biometric information government issued ids names addresses
phone numbers that kind of thing and if you're in the hacking business i mean it's just a gold mine
uh because it's again it's just gonna i think it's just gonna create a lot of um chaos uh for
identity theft and blackmail and spying and people who have access to this data you know exes or
abusive relationships or stalkers or whatever uh yeah it's all
in the name to like well we have to protect the kids but there are so many other better ways to
do that than forcing everyone into these honeypots um you know what's interesting though is that there
are services like silent link and stuff that exist uh i wonder how long they'll exist but you know
they could be ways to circumvent some of these to have a phone pay for it with cryptocurrency like
monero activated as an e sim my guess though is that if you're in a hostile state like like mexico
they'll see you know these mz numbers the international mobile subscriber ids that don't
have any identity link to it they might think it's maybe just a tourist or something but if it's just
if it's always on or on you know connecting a lot to the network they probably will have surveillance
tools to report on that and they might find reason to investigate that by triangulating from you know
like
connected cell towers and things of that nature. So, uh, you know, I, I don't really know. I don't
really know where we're going with all this. I just sit in here and I'm always researching and
collecting this into my notes and everything. And I'm reading these articles. I'm like, Oh my gosh,
like what, what's happening? How did we get so far so quickly, uh, with this? Uh, one other
article I want to touch on, cause it kind of, kind of falls within this is ISIS using the same
Microsoft tech. And this is a real news network, uh, article, uh, says ISIS using the same
Microsoft tech Israel uses to surveil and kill Palestinians. So, you know, in just six months
immigration and customs enforcement, also known as ice, it's more than tripled the amount of data
stored on Microsoft's Azure cloud platform. And the guardian reported at the same time that it's
arsenal of surveillance technology ballooned. So this week tech workers with the no Azure for apartheid
NOAA campaign staged a protest and informational picket
at Microsoft's global headquarters in Redmond, Washington, demanding that Microsoft
cancel all contracts that provide technological support for Israel's
ethnic cleansing of Palestinians and ISIS campaign of terror
in the U.S. We speak with
Ibtil, a former software engineer at Microsoft, and
organizer with the NOAA campaign.
So, it's kind of a brief article, but
I just found it, you know, interesting to highlight that
with the expansion of
data collection, data brokers, data warehouses,
artificial intelligence models being ran on that
doing correlation and analysis to basically
increase, exponentially increase
you know, all of any any targets that they're looking
for.
it's just so much easier to do now than ever before no warrants generally required because
a lot of this data falls within terms of service that can be purchased or accessed under some sort
of rubber stamp warrant of some kind and it just just seems that you know again going back to that
clip I played at the very beginning of the podcast Edward Snowden 2013 was you know his biggest fear
was that Americans are you know talking about America or people in general won't fight back
won't resist and I feel like we're kind of being pushed into a corner there's like one little
corner that we're standing in that basically gives us the ability to communicate like I said share
ideas and without all of this surveillance and known identities it really is a move to
remove any kind of freedom of speech freedom of expression
uh, you know, ways to assemble and activate, uh, for a cause that they can preemptively
stop it before it ever happens.
And, you know, it, it just, it does concern me.
It concerns me that, you know, just only, you know, in the last couple of years, I've
been like, oh yeah, I really, I really do have a plan to migrate from Mac OS to Linux
on my work machines and how would that look and all this.
And I'd like to be in a, you know, free and open environment.
Now those free and open environments are being targeted.
The very things we hold sacred are now being targeted with financial criminal penalty.
So I can't blame a lot of the large Linux distributions to adhere to this because could you imagine,
I mean, it could be charged for potentially every Linux ISO that's downloaded.
They could.
assume that that's a charge you know I don't I don't know I just it's so outlandish to me
I can't even really wrap my head around what this will look like in another two years from now
like what I will be talking about into the microphone if I'm even talking into a microphone
I don't know I I really don't have any idea I don't want to like sound like you know just kind
of like the like with this defeatist but uh also too you know we have to be really thoughtful about
how and what systems you know we want to build on for the future because they're all under attack
right now with with all of this so yeah I don't really know come into the chat and let's let's
talk about it while we still have a chat server because you know that server probably runs an OS
that's not age verified um speaking of the OS and the chat I'm looking at still alternatives to
matrix matrix has been okay
okay but um i think that in the long run i'd probably like to move towards some sort of
decentralized communication protocol i've always talked about and matrix is a protocol we're just
not self-hosting we're currently utilizing matrix.org to host our chat rooms and i think
that moving to something like xmpp in the long run would be really good the more we can be
decentralized in our communications uh and when i say we i'm talking about we as a collective not
just the podcast community but we in general having communications that are basically ran by
operators that you know you trust um is going to be kind of like the only only real way to move
forward and um i did talk to a friend of mine who is the guru on reticulum and i'm planning to have
him on the on the pod hopefully this month uh definitely
you
Within the next two to four weeks, I'd like to try to get him on and do an entire episode on just Reticulum, which is a completely separate network stack, totally decentralized, and can be ran on many different signals like Bluetooth, LoRa, Wi-Fi, over TCP IP.
And you can host things like servers and websites and different things like that.
It's pretty wild, and you can run it on really old hardware, too, which is cool.
It's very easy to flash old devices with OpenWRT and get Reticulum set up and connect it to a node to get into the node network.
And it's very resilient, and I think that that might be something that I rely on heavily over the coming years to be able to have communication that is not under direct service.
of any kind and it kind of is out in the fringes you know so uh yeah so have that working on as
well some other things coming up for some other episodes and also would like to host um kind of
a privacy bar we've done one in the past and it was kind of fun and it was just basically having
everyone on who that wants to be on to have a open group chat and i thought about just maybe turning
that into an episode if anyone would like to to hear it because i'm sure there's just a lot of
questions and like hey what do you use for this and what are you guys running and how i do this those
those conversations are where all the meat is i have learned so much from so many different people
by just talking about things like hey you know what do you use to download uh a song or a video
or something on your mobile device oh i set up a me tube server oh i have a you know cobalt uh you
know cobalt server well what is that a white cobalt server and by doing learning those things i've set
them
up myself and now i use those servers myself hosted on my own proxmox server to like do those
very things and you know sometimes it's even just what keyboard are you using or what you know uh
text-to-speech engine are you using and and things so you kind of get plugged in and you know learn
what people are doing and it really broadens your your thoughts on on like how to you know set up
workflows and things of that nature and if that's your cup of tea cool and if it's not that's cool
too um i encourage you to definitely pop over to the new website closednetwork.io and maybe just
join as a free member so that um as i put out more content that is outside of just the podcast feed
that you'll be glued into that of course if it's not your cup of tea and you don't want want uh the
extra email i get it i really do that's why i really try to make this all very uh laid back and
chill uh again you know there's no there's no advertising there's no promotion uh i'll never
see
send you an email with a, an affiliate link, uh, or anything such like that. So it really is, uh,
meant to be really for the community and, and that's it. So, uh, if someone, um, has any other
ideas, um, with how I can kind of improve upon that too, feel free to let me know, shoot me an
email, simon at closed network.io. Uh, if you just have some basic input or feedback and, um, yeah,
yeah. So that's, um, that's really all I had for this episode. I really wanted to kind of
delve into this whole debacle between these two forces between, you know, governments and Google
and kind of give my interpretation of it and how I see what this, what this, what's happening right
now. And, um, like I said, I'll keep, I'll keep tabs on it. We'll keep, we'll keep trucking along.
Um, yeah. And that's, that's all I've got for this one, everyone. I hope you're doing well,
uh, and look forward to, uh,
Bye.
uh, seeing how, you know, these new things that I'm working on, how, how the, how they work out,
how they're received. Uh, if you hate it all too, I want to know that as well. Um, but, um, you know,
again, feel free to chime in and otherwise I'll just assume that you love everything that I do.
So yeah. So with that, I will catch you all in the next episode, which should be in the next
week or two. All right. Catch you later.
Going. And if I ever fail, just know I'll go again. I never quit. Cause I know that every
loss may lead to another win. I'm going up. I bet when I land, they're going to tell me it's luck
again. See that I'm winning. It's harder to watch. I'm setting the stage. You should give me my prize.
You ain't got a soul. You lacking the spirit. You talk out your neck. I'm going to show you I'm with it.
I've been really happy. You just shouldn't watch me win again and win again and win again. I know
it's probably getting on me and when I'm sending them. So if I ever win again, it's nobody to minimum.
I didn't have to sell my soul.