 Welcome, everybody. Thank you for joining us. Yes, welcome. Today we are, we have the great honor to present Avoid Scams and Spies, which will be presented by Daley Barnett from the Electronic Frontier Foundation. If you are interested in more SF Tech Week events, it runs this week, the night through the 15th. And you can call the Tech Week hotline at 557-4388 to learn more. I'm gonna put this information into the chat so people can access it there if they need it. If you have questions as we go along, please put them into the chat or the Q&A feature and our presenter will be answering at the end. Again, I'd like to thank our presenter, Daley Barnett. And do you wanna take it away, Daley? Sure, why not? Let's start. Did we wanna wait a couple of minutes for people to join or am I just free to go ahead? I think you can go ahead. Let me get into, whoop, let me get into, yeah, there you go. Okay, great. Well, thank you for the introduction. Thanks to the San Francisco Public Library for hosting Connect with Tech Week. It's an honor to be here. As mentioned earlier, I'm Daley Barnett, a staff technologist at the Electronic Frontier Foundation. And I'm gonna be talking a little bit about avoiding scams and spies online. It's a little bit of a click-baity title. Mostly I'm talking about digital privacy and security. But a little bit about the EFF, we are a nonprofit digital civil liberties organization. So we do a lot of anti-surveillance work and work fighting for the rights of the users online. So most of the material that I'll be covering is taken from the EFF and a couple of sources, that a couple of projects that we have there. The first is the Surveillance Self-Defense Guide and the Security Education Companion. The SSD or Surveillance Self-Defense Guide is a bunch of tips and tools and hands-on guides for how to use different technologies for upping your privacy and security game. And the Security Education Companion is a similar project, but it's specifically geared for educators and people that are interested in taking those lessons and distributing the knowledge elsewhere. And you can find both of those at sec.eff.org or ssd.eff.org. Or just go to eff.org and look for the projects there. So let's go into a couple of just working definitions as we go into this presentation. What are the scams and who are the spies? What do you have to be wary of online? Scams, generally speaking, are when you're taken advantage of or when you're tricked into handing over something valuable, such as private information, actual money, or other valuable data. And then the spies, it's the working definition that I'm using for spies online is any person or computer program that is sneakily invading your digital privacy. Yeah, and so those two things often co-mingle in different ways online, but it's worth sort of thinking about the adversaries that you might face when existing online. And digital privacy, we're talking a lot about, I like to think of it as your right to control your data. It's your ability, your autonomy to restrict that data, who gets it, how it's shared, where it's stored, who else sees it, et cetera. So as we talk about scams or things that are invasive to your privacy, I think it's important to think of them as these opportunistic events. They can appear in your email, over the phone, in text messages, or in your browser, like on websites that you visit. They're all over the digital and virtual landscape and they're always designed to lure you in in some way and they appear harmless. They're often preying on emotional impulses, getting you to trust them and like them or making you think that something bad is gonna happen unless you act and you click on some creepy link or something. So speaking of which, clicking on creepy links, a type of scam that often takes place is something we call phishing and it's a phishing with a pH. It's a type of scam where the attacker sends a message or an email or passes along some link to you that looks innocent but is actually malicious. These schemes are often used to distribute malware or malicious software or to steal valuable data. And it's usually crafted to appear like it's coming from someone that you might already know or that you trust or just a reputable business. And these can come in all sorts of places, right? Like I said, it could be in a phone text message, it could be in an email or it could be a social media message on a website. And as I mentioned in the last slide, those phishing schemes can be a way to distribute malware. Now malware, as I said, is a type of malicious software. It's a computer program that causes you or your computer harm. And there's all sorts of different species and types of malware that can exist online or offline just on a computer. But sometimes the damage that they cause can be very visible. It can make your computer crash or it will encrypt all of your files and make them inaccessible to you or does something just very clearly wrong with your computer. But other times it can be totally secret and covert operating behind the scenes without you even knowing that it's there but it's secretly stealing all of your data. A lot of different types of malware can be self-replicating. They can be able to avoid detection. They're often capable of mutating and evolving depending on the environments that they're in. They can be really scary. It's a cat and mouse game often with antivirus softwares and malware developers. So as I painted kind of a scary landscape of the internet world we all exist in, full of malware and phishing schemes and attackers and hackers, it can seem pretty daunting to protect yourself. But that's what I want to dispel here. There are a lot of pretty easy things you can do now to up your privacy and security. And the vast majority of privacy and security incidents that take place online are preventable for the average citizen in the virtual realm. So let's cover a few of those. One good thing to keep in your back pocket, especially to avoid scams, is how to spot phishing in the wild. As I mentioned, sometimes these phishing schemes are specifically crafted to prey on emotions. So I want you to be able to look out for any sort of act now or beware messaging that comes in messages that you receive. It could be something like a good thing, like you've won a prize, but you only have 24 hours to claim your prize. So you have to click this link now when secretly that link is doing something bad. Or it could be something like the order that you've placed or there's a police warrant out for your arrest. And if you don't act now and click this link or register this account, then all is lost. If you sense that there's kind of that emotional praying happening and unexpected message that you've received, take a moment to investigate it further before you fall prey to it. Always avoid clicking on links or opening attachments in unexpected messages. If it appears to be coming from someone that you trust, double check with that person that they meant to send it to you. It's a good thing to do. They will probably appreciate that because they know that you're taking your security seriously and that can also be their security too. And if you're not sure who the sender is or if you know them or not, just be free to double check with them. And I mean, in this case, with businesses or just other individuals that would be on a professional level or something, retouch them through another method. You can contact the business directly or ask to speak over LinkedIn or another social media account you might have. Just in general, you want to double check that the reported sender is who you think they are. So on the screen right now, visible on the screen, I've attached a screenshot of the headers for an email that was sent to someone. And in the from line of who is the sender of the email, it says it's from the Gates Foundation. And if you look closely, the email address is from info at GatesFoundation.org. At first glance, it seems legitimate. It's just info at GatesFoundation.org. But if you look closely, the word foundation and that address is actually spelled wrong. And so in this case, they're actually hoping that you just glance at it quickly and you don't read the full email address of the sender because it looks legitimate at first glance. And in the subject line, it says important notice to EFF. And that important notice, most likely in the body of the email, it says something like, maybe you're facing a lawsuit from the Gates Foundation and you have to respond now or also be taken to court. But if you look closely, it's spelled wrong. It's not actually Bill Gates or whoever trying to contact you. Okay, so let's talk a little bit about tracking. When I'm talking about tracking here, I mean web tracking and that's tracking both on your phone or on your computer, just anywhere that you're accessing the web, the worldwide web, the internet. There is an entire industry online designed to track you. It tracks what you do, who you know, where you're going, what you're buying, how you're behaving on websites, the type of software that you have installed, the browser that you're using, where you're located, what versions of operating system you're on, et cetera. It can collect a lot about you. And this industry is designed to collect that and sell it. It's creepy, it's very privacy invasive. Unfortunately, it's also entirely legal. Trackers are hidden in advertisements on webpages, but they're also just embedded on those websites secretly, totally invisible to you under the hood on the website. These invisible, completely legal things are able to gather information about you and it gathers information not just on the one website that you're on, but on all of the websites that you visit. And the same trackers can be placed all over. And so you can imagine that information snowballs and just gets bigger and bigger and bigger. And the portrait of you that it begins to portray is really scarily accurate. And that information, that portrait that they've gathered is then sold to whoever wants it, anyone that's got the money to buy it. And this is all happening behind the scenes without you knowing that it's happening. So when you visit a website and you get an advertisement that is like really creepily accurate, like say you've been thinking about and kind of like doing a little bit of cursory web searching throughout the last week or so about buying a new rug. And then you go on to a random website and suddenly you're just being bombarded with all of these advertisements for rugs. That's because of this. It's because of advertisers that are buying that data that is being collected from web trackers and then making advertisements designed for you, hoping that you'll click on their links and buy their products. And sometimes you might actually want that, right? Like sometimes I like having a targeted advertisement because it might introduce me to something that I didn't know existed, like a cool product that I wanna buy. But the point is you should always have the option, you should always have the ability to opt into that. They should ask you before collecting that data, right? So in the industry, we call this sort of tracking ability your fingerprint, like your unique fingerprint online. And so we've developed a tool at EFF called Cover Your Tracks. It is a browser tool, it's a website that is used to determine your unique fingerprint ability online. Really what that means is it's running all of these different algorithms and special scripts behind the scenes that determine how easy it is to uniquely identify you as a user as opposed to any other random user online. And that paints a pretty good way of marking how these advertisers or these trackers online are able to do the same thing. Now, this tool is really cool because it can give you like a basic sort of score on how uniquely identifiable you are, but also it gets pretty in depth in describing some things if you want to go in depth with it about the actual technical things that it's able to use to identify you and to make a unique portrait of you. And so in that way, you can pick and choose the right tools to mitigate the problems that maybe this has uncovered for you. But it itself doesn't protect you from those trackers. But don't worry, we've developed a tool for that. There's another tool called Privacy Badger and it's also developed by us at EFF. I'm one of the developers for the project. It is a browser extension. It's a plugin, which is like a piece of software that you install on your browser. So on your Firefox or Chrome or Opera, Microsoft Edge, whatever browser you're using, as long as they support this type of extension. This runs in the background to identify those trackers on the websites that you visit. So it's working sort of in the same invisible layer of the websites and it identifies trackers based on that creepy tracking behavior, the fingerprint stuff that cover your tracks is able to look at. And it determines what is a tracker and what isn't and then it blocks them. And so it blocks them across all those different websites that you're visiting. It's really cool because it's an install and forget kind of tool that works behind the scenes. And it's not an ad blocker, but a positive sort of side effect of it is that it acts kind of like an ad blocker sometimes because a lot of these advertisements have those trackers built into them. And so they get blocked by Privacy Badger. Okay, so another tactic or tool that you can use to up your security and privacy is multi-factor authentication. I hope you've heard of this, but don't worry if you haven't, it's a pretty easy concept to grasp. It is when you're asked by a website or an account that you hold to provide another form of verification besides just username and password to log in, that's multi-factor authentication or sometimes also called two-factor authentication, 2FA. On the screen, I have provided a screenshot of the menu on Twitter for when you are configuring your Twitter account and turning on two-factor authentication here. This is a really common pattern that they will put two-factor authentication under a sort of security menu that's under your settings. Sometimes it's under privacy, but usually it's under security. And it's not usually turned on by default with the types of accounts that you're holding. So with any of the accounts that you regularly use, you should definitely go into the security menu that they have and turn it on. It's a very, very common security tool that these platforms have and it's super useful. The types of verification that they will provide for you to use when you log in are things like codes that would pass along in a phone text message or an email sent to you or sometimes there are special apps that are made just for this purpose. Like Google makes one, that's an authenticator app. There's another one called Authy or if you don't want to rely on a piece of software, you could even get a little piece of like a little physical tool called a UB key to do the steps involved of multi-factor authentication when you're logging into a website or account that you own. The point being turn it on for all of the accounts that you have because this particular tactic protects you from having any of your accounts hijacked. So if somebody is specifically targeting you or if an account that you have somewhere on a platform, if that platform is hacked or there's a breach of some kind and all of the credentials for all of the users on that platform are spilled to the public, you can rest assured that nobody's going to log into your account because you have a good multi-factor authentication setup on it. Okay, so another tactic to use up in your security is backups, backing up your data. This is the practice of taking a snapshot of the entire contents of your computer and like all of the files, all of the drives, everything on your computer at the moment and saving it in the event that your data is lost or tampered with. A lot of the times, depending on the operating systems that we use, it's turned on by default, thankfully. That's a good step forward that operating systems have made over the years. In Windows, this type of program is called File History and that takes care of that for you. If you're an Apple user and you're on Mac OS, the same type of program is called Time Machine. If you're not sure that they're turned on or not, it's worth looking for that program, whichever you use in your operating system and looking at the little slider or switch or whatever way that it tells you that it's currently enabled. Now, as I mentioned, backups are just a snapshot, right? It's just like a moment in time of your computer and the files on it. So it's something that you have to keep up. It's a routine, but thankfully those programs can be scheduled to do it like once a week or sometimes once a day or once a month depending on how you want to do it. They run behind the scenes. So I like to do them quite often. In this particular tactic, backing up is especially useful if you're ever targeted with something called ransomware, which is a type of malware, remember malicious software, that holds your data hostage. It will plant itself onto your machine and it encrypts or scrambles all of your data and makes it inaccessible to you. And it will hold it ransom until you pay whoever some amount of money to get access back. But if you have good backups saved and they're saved onto the cloud or in some other place that is not on your computer, you don't have to worry about that. If that happens, hoping it doesn't. If you take the other steps described here, it's a lot less likely to happen, you'll still be okay because you'll have a pretty recent snapshot of all of the things that were on your computer before. Okay, another good practice to keep in upping your privacy and security online are passwords, keeping strong passwords. A good rule to have in all of your accounts is that you should have long, unique and difficult to guess passwords for every account that you use. Every single one needs its own unique password. And when I say long, I mean like 14 plus characters is a good minimum to go with because it's not, speaking from a sort of like hacker point of view, it's not too difficult to get the like encrypted or scrambled versions of passwords and with types of like password cracking software or decrypting software. It's actually not too difficult to decrypt or unscramble those passwords if they're like up to 13 characters. It can be kind of easy sometimes. And especially if they're easier to guess, you should use passwords that aren't easy to guess based on who you are or the account that it's used for or like the season or the year that you're in. You'd be amazed how often people use something like password summer 2021 for an account. And it's like, well, okay, maybe that's a long password but it's actually kind of easy to guess because we're moving into summer, it's 2021 and it's a password. So, you might think having a unique long password for every single account that you use would make it really, really difficult to remember all of them, right? You wouldn't be wrong. It would be difficult to do that. Thankfully, there's a tool for that. There are things called password managers. These are tools that can encrypt or scramble your passwords and store them all into a single place that you access with a main password. So, all you have to do is remember one password. And when you're using something like a password manager in tandem with multi-factor authentication on your accounts, it protects your accounts from being hijacked, as I mentioned. These password managers are super handy too sometimes in that you can use them across different devices. You can use them depending on the one that you choose. You can have the same one on your phone, on your computer, on another computer. There can be a browser plugin or extension for it that is directly on your browser. So, you just have to click a little button and it will automatically fill it for you. They're really good and they're really convenient. Sometimes they do cost money. There are some free versions. Either way, it's definitely worth looking into. They're super handy, they'll make your life easier and they raise your privacy and security up a whole bunch. Okay, so I just covered a lot there. Those are a lot of tools and tips and tactics you can use to raise the threshold of your privacy and security online. But one thing I always like to mention in these types of presentations or trainings is that digital privacy and security is a group effort. It's a shared practice, really, because this is a social world we live in. We interact with so many different people. So, getting help from the people that you know and trust will do wonders for you. These things can be difficult to talk about. So, making digital privacy and security a priority to talk about with your loved ones, it not only makes these things easier to accomplish, but you can get their help and their insight onto raising your own privacy and security. But also, it actually increases the privacy and security overall for you and your community. I think of it as sort of like a principle of networking in that, well, at least in the security world, in networking when you have a node or like a person on a network of a bunch of different people around in a network. If there's one person that is compromised in any sort of way or there's an unwanted security incident on that node, it could implicate all the other nodes on the network. So, you wanna make sure that the people in your network, your loved ones, also have good privacy and security. And so, it's worth talking to each other, setting good standards for each other on how you share data about each other, the types of security protocols you have in place, and you know who you can turn to in the case of an unwanted incident online. All right, and as I mentioned, all of these tools and things that I've covered are gone over in the surveillance self-defense guides and the security education companion on EFF that is at sec.eff.org and ssd.eff.org. I also have my email on the visible on the screen here and if you can't read it or see it, that's daily at eff.org, D-A-L-Y at eff.org. Please feel free to reach out to me if you aren't comfortable asking in this space a question or you just maybe a question pops in your head later after this presentation and you wanna ask a privacy and security person about it. I should say though that I'm not a lawyer, so I can't provide any sort of legal advice, but I do work with them. I work with many lawyers and so I could perhaps point you to someone else who might know an answer for you, but I am a technologist, so I have got answers for that kind of thing. And that's the end of my slides. So I'm, well, I guess I'll leave this slide up for everyone to see, but we can move into the Q and A portion of this. Thank you, D-A-L-Y, thank you so much for that. I was gonna suggest, yeah, why don't we leave this up for a few minutes for, there's quite, there's 92 people here at the moment and another 24 or 25 on YouTube. So, yeah, give folks some time to grab a pencil or we'll take a photo of the screen. And we've got, in just a minute or two, I'm gonna put up the information for taking a survey about how much you enjoyed this program, but while I do that, I'm gonna throw out a couple of questions that we got during your presentation. Why don't ISPs do a better job protecting us, protecting our privacy? Do they have any motivation to do so? That would be the second part is my question. That's a great question. Why they don't can be a bit of a grab bag, right? They're, okay, so why they might not is that it might be in their sort of profit incentive to undermine your privacy. Or they might be legally responsible in some way to provide data, maybe to like nation states or the law enforcement of some kind that are demanding that data for whatever reason and they want to comply. On the other hand, it's also a good business model for some who provide a safe, secure and private internet connection. So there are still some ISPs out there who build a business model off of that. And they're still within the law and they'll hand over logs or just whatever sort of files or data that law enforcement or state agencies might be asking for, but it's all encrypted. So it's like, here's the data, but it means nothing. So all that, I mean, that's a big conversation to have. What I would say though, is that if you have the option to, it's not always an option because often ISPs have monopolies on the districts or the places or the locales that they serve or that they service. But if you do have an option, it's worth looking into ISPs that have good privacy and security standards in place. And if you don't have the option, pressure the ISPs that you do have because you do have a say as a user and as a person online. Great, thank you. I had two questions about privacy badger. Is it free? And does it, will it slow down your browsing at all? Oh, great questions. I should have mentioned that. All of the tools that we make at EFF are free. So it's totally free to use. It's free to download. It's also open source. So if you are a programmer or you know someone who is, feel free to check it out online, the source code for it. And you can look through it and make sure it's doing what it says it is. But yeah, it's totally free to use. As for the speed of it, it actually often speeds up browsing. It depends on like what you're doing and where you're going. Like when you first started up, it has like a hiccup moment because it has to like, you know, run some startup programs or some startup functions that are taking place when it first boots. But it actually often creates like a less noisy and faster browsing experience, which is great. And it's often because it's blocking things like ads and things that are on web pages. That's great. We've got a few questions about how secure are password managers? And if there's a password manager, you would recommend. Sure, it depends on the password manager. And I know it's like I'm not a great answer. I apologize, but it's really true. So it's happened in the past where reputable password managers have fallen prey to a successful attack or a breach of some kind. And that isn't necessarily a bad thing on the password manager itself. What I like to look for in a password manager is how they've handled incidents like that. If there has been a breach in the past, how did they disclose that breach to their users? What sorts of methods or sort of like cleanup efforts did they take after the incident to up their own security? Yeah, so and the security points you might look for when choosing a password manager, there are some that, it depends on where they're located. It's a good one. It's a good thing to think of. Whether or not it is stored online or off, there are some password managers that are entirely offline and that you control the vault on your own machine and you only access it whenever you want to rather than it being like a thing that's plugged into your browser and is always internet connected. Yeah, and as for particular recommendations, I'm not entirely comfortable giving one right now because I wouldn't want, I would be remits if I were to give a recommendation for one that I haven't fully audited yet. But that said, there are some pretty good scorecards online. If you look up like a password manager scorecard, there's like a pretty good one for password managers and for VPNs that other people make. And so I won't make the technology recommendation, but I like those guides that make them. I hope that helps. I hope it's not too frustrating of an answer. We had a question. Do you have any suggestions for a good VPN? Same one for that. For VPNs, yeah, I like to choose, like I think about where their servers are located, what they've done in the, like in how they've responded to security incidents in the past, like what kind of language are they using? Like what kind of encryption are they talking about? And also like, what is their pricing model? I think things should be accessible. And I understand that it costs money to run a business, but security and privacy should be free for everyone, quite frankly. Yeah, and so the same sort of recommendation thing for that, I'm not comfortable giving out a specific recommendation for like a VPN that is good to use, but I will say that there are some pretty accurate or trustworthy scorecards or guides out there that you should use or you should look at. Here's a good question. I wonder if this is coming from a librarian or maybe a student. Any resources you would recommend for digital literacy besides the Electronic Frontier Foundation? Yeah. So I take the, it depends on what you're looking for. Digital literacy, and I might be misunderstanding like the sort of more working definition of it, but in my mind that's a very broad topic. And so if you're thinking about like privacy and security, or like the point of view of the user in a digital space, I think consumer reports is a great resource for both, you know, like thinking about the products that you use or the applications and platforms you engage with. And they have just some really good guides on like, you know, privacy and security or like doxing defense. They're really good with that. I would also look at Herzlala. They have some pretty interesting things happening in like the browser space, Brave. And, hmm, I'm sure I could think of a lot more, but maybe email me, maybe reach out and I'll get some more recommendations for you. I know I'm hitting you like one after the other. This was a question from YouTube. Is there a way to scrub your personal information off of the web? Where would you start doing that? Or I'm sure that's, yeah. Yeah, yeah. It's possible to make a good dent in what's out there, right? There's like that saying that, you know, what happens on the internet is forever. I think theoretically that could be true, but there's so much on the internet that it doesn't really matter sometimes. So like you can do a lot to take control of what there is online about you. I actually wrote a blog post about this a few months ago on EFF. If you look for Doxing Self-Defense or Doxing Guide EFF, you'll find a blog post that I wrote and has some recommendations on how to like sort of scrub that data. But a good starting point to do, especially when you're by yourself, is to just Google yourself or just see what sort of available is already, or what information is already available about you online. Especially doing it private because it can be kind of a triggering exercise. It can be really surprising like how much there is. But once you do that, you have a greater understanding of where, like where you need to do that scrubbing. And then from there, there are like opt-out lists of like different agencies that you have to go opt out of your data being shared through them. There are just of course like taking hold of older accounts you've owned and deactivating them, deleting them, asking the maintainers of the platforms to remove the information about you. And if you're in a pretty high pressure situation that you really need things to be scrubbed or taken care of quickly, there are actually some paid services out there that do this professionally. And you could look up some of those. Yeah. Yeah. And those are like a varying degrees of success. And I've heard some negative critiques of some of them lately, but I've also heard great things about like paying someone else to do it for you. Oh, and of course ask your friends or like trusted loved ones. Like I always want to reiterate that in this situation. You should, you can ask them to help you take care of removing that stuff, but also ask them to sort of be like the buddy in charge for if you are being targeted with any kind of incident. Okay. We had a couple of people ask about the security of two part authentication. Is that, do you see those that security measures sort of become secure? Well, I can talk a little bit about that. I don't see it. Actually, I think because I'm a screen sharing I can't see the Q&A. Oh no, I mean, are you aware of, I should say, two part authentication failing? Yeah. There was actually a pretty interesting happening in the security space. Pretty recently, where it was, there was like a proof of concept that was shown that it's actually easy enough to hijack the multi-factor authentication codes sent through text messages or SMS messaging. And it's just through like paying for a service that can spoof a phone number, basically. So that called into question using text messages or SMS messaging for two-factor authentication. It's less likely that it's going to happen, but it's possible. So if you're enabling two-factor authentication on accounts that you wanna be especially protective of, you might opt for a more secure method. The more secure methods of being something like an application that you have on your device, like on your phone, maybe, like Google Authenticator or Authy. Those are the two that come to my mind that have like a rotating codes that are generated to use as that secondary form of authentication. Or if you're extra, extra secure and you don't wanna rely on this device to store those codes for you, you could have the physical device, like the piece of hardware that does it, which is like that UV key, which sort of looks like a little USB stick, kind of. And you plug it in to the USB drive on your computer and you use your thumb to activate it. It's cool. I don't prefer that just because I tend to lose things. But I know how to use one and I have it handy in case I need to in like high-intensive situations. We had a question, what was the Scorecard website? It's probably in the, I'm sure it's in the YouTube, but was there a score? I don't know that I have it handy. There's a couple that I've seen. And I haven't, I mean, as I've said a couple of times, protectively or very professionally, I've said that like I can't formally recommend a like a Scorecard or like a piece of individual technology. That's not like officially endorsed by the EFS. But I can say that like if you look for, if you do some web searching, some Googling, something like a VPN Scorecard or a password manager Scorecard, the most popular ones to come up are likely to be pretty reputable. And I can recommend guides like Consumer Reports, which deal directly with that kind of thing and often give recommendations. We have a question. Are cookies, is it safe? Is it really safe to accept cookies? That's a great question. So cookies are horrible. They're really privacy invasive and they're really not needed in like the modern web. So what, when websites do that, when you get those notifications on a website, it says like, you know, accept these cookies and it like it blasts you with a big pop-up that like you have to get out of in order to access the website you wanted to. And you have to opt into your cookies being shared or whatever collected or made on the website for you. I'm not gonna say it's not that it's unsafe to accept them. It's just that it kind of sells out your privacy. However, it doesn't mean that that's actually happening on the website. What is actually happening is that those websites are legally required to ask you for permission because of different privacy laws that are in place. There is like the GDPR law out of Europe. There's the California Consumer Privacy Act, Privacy Act, the CCPA out of California. And it's like these types of legislations that make platforms required to respect your privacy in some way and to ask for your permission to not respect your privacy as much. But as you can see, often when you go to those websites is that they're asking for your permission but they're making it really inconvenient for you to opt out of it. Or sometimes what we call dark patterns is when they kind of trick you into opting into your data being shared or they trick you into like accepting it even though you weren't sure that that's what was happening. Yeah, so all that aside, all of that spiel about cookies that I just gave, you often have to accept them in order to engage with the website you want to. However, there are tools that mitigate that problem. Privacy Badger is one that has specific mechanisms in place to identify when third party cookies are being used to track you and it stops that tracking from happening. So if you can still opt in on the website to having cookies be a thing there but if you have Privacy Badger involved like installed on your browser, you can feel a bit safer about it. This is probably opening a little bit of a can of worms. So maybe in 25 words or less, can you talk about, there were a number of questions along these lines of government surveillance versus commercial entities and you have a sort of a brief take on how often the government is surveilling us online. That's huge. Yeah. That's huge. Yeah, sorry. That's okay. That is like- That's a good question. That is like the blue whale that is like under the surface of this conversation, right? It's very well beyond the scope of what we're talking about. But all I can say is that government and state surveillance is very capable. It is often bigger and more advanced than the technologies and tips and tactics that I've covered here. And I don't mean to instill a sense of like nihilism or that all is lost because of the vast surveillance apparatus that the state has over us but that there are legal productions in place and there are organizations like the EFF that are fighting to prevent that encroaching surveillance apparatus. Great. Thank you. Thanks so much, Daly.