Telegram and the AI Future

Please note that parts of this transcript are automatically generated and contain many inaccuracies

Disclaimer

Toggle: The zooier than thou podcast contains adult concepts and language and is intended for a mature audience, so if you were a wee bab the last time a StarFox game came out, hit the breaks and pull a u-turn out of here… that’s down plus the c-down button. What do you mean you don’t have c-buttons?

Theme Song

Kynophile: Hey, what can I say?

You’ve got me howlin’ at the moon!

Whoa, don’t you know that love is wild when you’re a zoo?

We’re Zooier Than Thou!

Oh yeah!

Intro/Emails

Aqua: Greetings fellow zoos, and welcome back to another exciting episode of Zooier Than Thou. This one is loaded with features. It is information packed. I’m Aqua. I am fully Star Fox brained, probably for the rest of the month and most of June, floating around happily in the Lylat system, but accepting encrypted data transmissions, personal messages.

Have at it

Tarro: And I’m Taro, and I’m end-to-end encrypted

Aqua: Wait, really?

Tarro: there are some ports you can shoot your shot with.

Aqua: Okay. That’s what I thought

Tarro: Is the new Star Fox good, by the way?

Aqua: I am so pumped for this. I wasn’t at first. I was worried it was gonna be another low effort, safe remake of a game that I’ve already played and have really fond memories of, and this was gonna mess it up. But I’m on board. I’m sold

Tarro: all I know about it is that they have the weird camera feature where you can, get them to do the faces that you’re making, and I don’t know if that ever comes into play in, like, the game at all, but it sounds fun

Aqua: Yeah, I think it’s gonna make for some really, really funny, uh, profile pictures. That’s maybe the one criticism I have for the super realistic animal s- like space animals is look great until they don’t. Like Fox McCloud, super hot, way into it, and then there’s a couple of,there’s a couple of shots in like the press material and stuff where he just looks like the Facebook dad who took a picture of himself in his

Tarro: In fairness, they did make him super dad energy in general. I don’t know, like it’s hard to define what they did, but he looks way more like he’s 40

Aqua: Yeah, but that’s supposed to be James McCloud

Tarro: Yeah, no, it’s, it was weird when I first saw it, but I can get behind like Daddy Fox

Aqua: Yeah. Okay. We’ll see how it goes. By the way, Toggle let me know that the Japanese version of the website is way cooler than the one we got here, so go check that out

Tarro: Oh, will do

Aqua: anyway, we’ll be your host for this episode.

So not giving away too much yet, but this episode is gonna be a longer response to, an email that we got a couple of months ago. We’re gonna try not to make it too tech-heavy, but we’ll see how we do with that. but let’s first check in with our email to see what kind of space transmissions we’ve got from our listeners.

Tarro: I love emails. Yay

Aqua: I do too First up, we have an email about season seven, episode 10, “Are We a Cult?” And there is no alias. It is anonymous. That’s how we like it. Well done Anonymous says, “Hey there. Wanted to say thanks for approaching this topic. I appreciated that the hosts were willing to engage with the subject rather than mock or reject it outright or make the finger-pointing argument that actually our opponents are the real cult. Their sincerity and commitment to accuracy was on clear display throughout.

With that said, I feel like they were so willing to entertain the notion that the ultimate message got a little lost in the weeds. You can tell that everyone who works on the show feels confident that the answer is no, hence their willingness to explore how our square peg could maybe kind of fit the cult definition’s triangular hole if you squint at it a certain kind of way.

But for people who genuinely have this question, I think they could walk away confused. I’m hoping it’s a topic that can be revisited in the future, perhaps as a short bonus episode that much more concisely answers the question.” First, who is we? If it’s zoosexuals, we need to answer if a sexuality can even be a cult.

More likely, this is in reference to Zooier Than Thou, and if that’s stated clearly at the start, then we can avoid a good deal of academic waffling Then sure, we can briefly acknowledge the etymology of the word cult, but the contemporary meaning is the centerpiece of the question, and addressing that negative connotation is where we should spend most of our time. Bringing up past and present community organizational structures like the mutual assured destruction doctrine or modern efforts like the DSI, something that should probably be defined for new listeners. It does make sense if the topic is about the zoo community as a whole, but might lack relevance if we’re just discussing the community in immediate proximity to Zooier Than Thou. I like to note that cult-like behavior can emerge at any point, and that constant vigilance is required. It might be nice to end with a small list of plausible red flags for which everyone can watch. Many of the list items reviewed by the hosts were labeled as maybe applicable, but a warning sign is most useful when an onlooker can clearly distinguish between a safe and an unsafe state. Anyways, those were just a few of my thoughts. Thanks as always for the amazing work you do, and I can’t wait for more.

Tarro: Yeah. Thank you so much for writing in, Anonymous. and I do think that you bring up some pretty good points. for me, I think the point that we were really trying to make is that the definition of a cult is very nebulous and very confusing. I’ve had people say that I’m part of a cult because I play a lot of League of Legends, and I mean, if you go through the list, you can definitely sort of check the boxes and make that apply if you really kinda look at it the right way.

but like at the end of the day, whether something is a cult or not typically just kinda comes down to how the person describing that group feels about that thing. so if you’re someone who’s favorable towards an idea, it’s a group, it’s a community, whatever, whereas cult tends to be like the label you slap on if you’re trying to make it sound sinister and insidious.

so I can definitely see what you’re saying as far as there’s places we could have maybe been more clear, but at the end of the day, I think the takeaway for me is like, it, it just comes down so much to the definition that you’re trying to sort of fit and like how you’re trying to frame it.

Aqua: Yeah. We appreciate your feedback on this one. To be honest with you, the cult discussion was probably the most challenging topic to untangle and present fairly that I’ve ever attempted. I don’t really see a need to revisit this again. we didn’t really wanna do it in the first place, but now it’s done and it’s done pretty well.

maybe just to answer you here, and I think, uh, I think the points I wanna make, are ones that would normally appear in like a blog post, but that doesn’t get, linked everywhere that the show does. So this, this is fine. a cult can be benign or harmful. we know that from our research and, we said as much on the episode.

the crucial difference is whether or not the structure and the intent of the group is exploitative of its members, and whether its interactions with its host society are harmful or peaceful, and how easily a benign cult can tip into an exploitative one. the warning signs are pretty much the same for both kinds of cults, and the most we can say for ourselves is, we’re pretty confident in our awareness and our response to unwanted outcomes.

Uh, and, you know, while we’re trying to advance our worldview, and our view of human-animal relationships and, self-acceptance. like on the show, for example, there’s really no shortage of strong personalities, even so, we do everything we can to resist central leadership authority. Toggle has never wanted to own the whole project.

He doesn’t wanna be the one in charge, and, that’s why we have the structure that we do. as far as DSI is concerned, DSI has a really different approach and a totally different mission than we do and, you know, with mixed results. and the cult episode really wasn’t the time to weigh the merits of their effort.

but I guess all I’ll say is we assume good faith, and I’m not gonna throw them under the bus for trying to do something that’s almost impossible to do.

Tarro: Yeah. The, the whole goal of DSI is so complicated, and I think that’s definitely like a… It could be a full episode on its own, to be honest.

Aqua: Yeah. there’s something else that I thought of while I was, uh, answering this. part of the confusion with the word cult isn’t just that the meaning has changed over time, it’s that, it’s been diluted, it’s been weakened. and Taro, I think you were making this point earlier with your League of Legends stuff in that, if somebody perceives from the outside that something is Consuming a lot of your time and energy and enthusiasm, but it doesn’t appear to be beneficial or useful or fun.

or if they’re threatened by it, then it’s easy to call it a cult because everybody knows what a cult is or they have some mental image of it.

Tarro: Yeah, it becomes cultural shorthand

Aqua: yeah, even if all they’re describing is basically just a rabid fan base. I don’t know. I love Star Fox. Does that mean I’m in the Star Fox cult? I don’t know. I never played Zero. I thought the controls were shit.

Tarro: Ooh, that’s gonna get you excommunicated

Aqua: Yeah, I can take it but yeah, thanks for writing in about this, Anonymous. if we need to, maybe we’ll come back, and touch up our explanation a little bit, but I think everybody is done with it for now

Tarro: Yeah. Thanks so much for writing in. our next email is, uh, OPSEC cranked up to 1,000 from alias Zoo Newgrounds, and then in brackets, Zoogrounds, which is a great portmanteau.

Aqua: Oh boy.

Tarro: Zoo Newgrounds writes…

Aqua: haven’t been to Newgrounds in so long

Tarro: Oh, me neither. Apparently it’s still going. That’s crazy. Zoo Newgrounds writes, “Hello. I am an animator and as of late a few of my cartoons have gotten considerably high numbers of views.

It’s not exactly Mr. Beast numbers, but it’s a sign of a hopefully fruitful future doing what I love. I’ve watched the episodes on safety and OPSEC and I’d like to think I’m keeping my zoo life separate from my public fursona, but I’m still sometimes kept up at night with the thought of what if? Are there any aspects of OPSEC that get overlooked?

Something that we should all be doing but is often shrugged off as unimportant? Or on the flip side, what are some good practices for the best safe zoo experience?”

Aqua: Okay. Yeah. This is, uh, this is a big topic. That’s why it was an episode.

Tarro: Yeah

Aqua: but it begins, it really begins with threat modeling so that you can focus or ignore certain recommendations. I don’t know that much about what you’re doing, except maybe it’s cool stuff on Newgrounds, which I’m definitely gonna go try to find.

But Just given the nature of your work, I think I would begin, if I were you, by trying to understand how your artistic work, relates to obscenity laws, in whatever jurisdiction you’re, you’re in. and that’s separate from the jurisdiction, covering Newgrounds the site. That’s not your problem, that’s theirs.

but in general, you should be working to keep your zoo life as separate from your daily life online as possible, and not just like your real identity, but it might be a good idea to separate it from your furry identity also. Furries are weird. you will never find another group with a higher concentration and silent endorsement of zoo-adjacent material and, and zoophiles themselves.

But there’s also a lot of really strong opinions in the other direction, and especially online, compared to a convention where everybody’s meeting for real and everybody skin in the game and they’re there to have fun and not cause problems with each other. On the internet, it’s totally different.

And some furries are particularly motivated to try to unmask people that they don’t like so something to think about there. but keep your zoo persona, your fursona, and your real, your real identity as separate as you can. And anywhere you have to connect those identities, like for payment processing or know your customer rules, government forms, anything like that, try to share the least information in the simplest way that you can, and do it in the fewest places that you can.

And then be aware of every place where you’re doing that and, just try to keep track of what every service knows about you and the circumstances that information could be revealed to other users. Not necessarily law enforcement, just like normal transactions. So, like if you have to sign up for, I don’t know, like an auction site or something, you’re gonna have a personal profile.

There’s gonna be some information populated there automatically when you first register. Just go through it and, if you have the option to hide your profile, do it,

that

kind of thing.

Tarro: Yeah. Always super helpful to just make sure that whatever’s being automatically displayed is stuff that you wanna have displayed.

In the vast majority of cases where I’ve almost doxxed myself, usually it just comes from being a little too careless or sloppy. this is like the most basic of basic advice, but because of that I think it’s easy to forget and so worth restating. Just like always be really mindful about what it is that you’re doing.

and like don’t be afraid to do things like double-check your screenshots or, make sure that the things that you’re talking about aren’t like too niche and obscure and it’s gonna give away too much of your personal information. I also really like having friends that I can bounce things off of if I’m like a little bit worried about it.

so before I ever post something that could potentially hurt me, I’ll message a zoo friend who already sort of knows me and about my personal life and just say like, “Hey, can you double-check that there’s nothing stupid in this that I missed?” I’ve actually had before where I was gonna make, a tweet about like a certain brand that I really like, uh, and my friend was like, uh, “I’ve never heard of that brand before,” which caused me to Google it and realize that it’s something that’s pretty local to my area.

and that would’ve been potentially very bad. So, I was very grateful to them for doing that. very little doxxing comes from being like hacked in any way. So while it is really important to not click phishing links and all of that, way more often it’s just from doing the wrong thing at the wrong time.

So just do your best to stay alert, stay

Aqua: Yeah. and not even necessarily the wrong thing, just doing totally normal things, but in too many places.

Tarro: Oh yeah,

Aqua: Uh,like on the OpSec episode we did, I think, one of the quotes I had was like, “Correlative attacks are a bitch.” that is still absolutely true. And the, easiest example I can think of is like, don’t cross-post.

It sounds super easy to not do that, if you’re going on a hike somewhere and it’s close to your house and you wanna post pictures of that on your normie account, then like cool, go for it. But maybe don’t talk about going on a hike on like your zoo account at the same time, because if somebody is watching, they’re gonna notice that those two things occurred in very close, time with each other, and that alone is probably not enough to do anything, but it’s more data.

And the more little innocent feeling mistakes that you make like that, they’re– it’s hard to even call them mistakes, right? You’re just being a normal person. But, it adds up. And, if you’re starting from a really safe, anonymous or pseudonymous account, uh, with no location information, and you start sharing pictures, uh, of like your outdoor activities pictures of your car, well, now you’ve, you’ve kind of located yourself on the surface of the Earth pretty precisely, and, you know, it’s, uh, it only takes a few of those.

and actually, there’s another one that is interesting, and that is, uh, writing style and just everybody’s, vocabulary and the way that we structure sentences when we’re writing, uh, and speaking. That’s pretty unique. And that was ultimately how we, how the world learned, uh, we think the real identity of Satoshi Nakamoto, the creator of Bitcoin, who had been doing a fantastic job staying anonymous this whole time, uh, until a particular reporter happened to put together a bunch of, a bunch of text from a developer who was interested some of primitives and, the basic structure that would later become Bitcoin.

Tarro: Noticed that person’s account disappeared right before Bitcoin launched, and then did a stylometric analysis of Satoshi’s own writing and this other person before it, and realized that it was almost a, an exact match. Yeah

Aqua: so like who are you guarding against? It, you know, is it some 16-year-old who knows how to like look up a license plate or knows something about geography?

Hopefully not an expert, like where is this grainy photo taken that, what’s that called?

Tarro: Rainbolt with GeoGuessr

Aqua: Yes. it’s pretty unlikely I think you’re gonna encounter somebody like that, but, at the other end of it, you’ve got law enforcement who have effectively unlimited resources and time. and like all things, it’s gonna be somewhere in the middle.

Tarro: Yeah. All of this not necessarily to like scare you away from having a zoo presence and making friends and being a part of that community. I think we talked about this, but OPSEC is kind of like a, like an infinite rabbit hole where you can get as safe and as secure as you want to be, but it’s mostly just about assessing your threat level and what you’re actually going to be willing to like do and how much that matters to you, and then just making sure you’re consistent.

just gotta figure it out for yourself.

Aqua: Yeah, it’s not something you set up once and then forget about because your needs are gonna change.

I guess the last thought I have for it about right now is that OPSEC, the practice, it’s not like an iron dome of protection. It’s more like a fire safe. if plan and execute safety steps well, then hopefully that’s going to extend the length of time that you have to do whatever work you want to do before something happens.

And for really short operations like, I don’t know, a sticker bomb campaign or something like that, the requirements are totally different. But for longer duration like a, an indefinite internet presence, like an identity that you’re setting up and you don’t know when it’s going to end, uh, that’s a lot harder. maintaining that gets really difficult because people get lazy and they get comfortable. so setting the law and law enforcement aside, uh, ‘cause you may not actually be breaking the law, you can try to plan for the social consequences if you’re discovered.

and you, you can do that with just really, selective disclosure to a group of friends and people who are close to you that you think are going to accept you.

it feels wrong, right? if you’re trying to keep it a secret, why would you tell people? But when you change that to, “I wanna keep this as private as I can for as long as I can, but those days are probably numbered, so I want something to fall back on when something happens,” then like that can be really, really useful.

That can be all the difference.

Tarro: Yeah

Aqua: and it’s also a good idea to try to game out like different scenarios that you think are likely, uh, ‘cause then you can make choices about how you’re gonna respond to them ahead of time instead of in the moment when you’re stressed out

Tarro: And, uh, one last thing I would just add on, as far as things that people don’t really often do. don’t be afraid to just fucking lie sometimes. Um, make shit up, uh, give away details that just, like, aren’t real, uh, that, you know, can’t trace back to you in any capacity. ‘Cause the way that people try to, like, do doxes is by building up a lot of little information.

And so the more corruption that you can put in their data, the more both plausible deniability you’re going to have, but also the more that you’re going to, like, be able to throw them off the scent. so, maybe sometimes it is worth saying that you went to some place that you didn’t or that you live in a country that you don’t or wh- whatever it is.

not enough people are, willing to just, like, make shit up. Uh, but if you are trying to, like, build a real presence, I think that can be really helpful

Aqua: Yeah. just a note of caution about that. if we’re talking about lying to a company or something about your age or your location, okay, cool. You should be doing that anyway.

Tarro: Yes.

Aqua: but, if you’re going to try to misdirect people and remain authentic, that means that you’re gonna have to keep track of the lies that you’re telling if they’re of– like, if they’re significant.

If it’s just some trivial throwaway thing, like you’re just bullshitting with friends over a beer or something, then okay, maybe not. you know, use that sparingly. Like, be intentional about it

Tarro: to to be clear, I’m…

Yeah. My, my thought on this is if you’re like on social media, for instance, or you’re, like in public spaces that you know theoretically could have threat potential within them, I don’t necessarily mean like lie to all your friends. but yeah, if you’re gonna try and maintain like a public presence, sometimes it’s good to throw in some misdata

Yeah. I guess like an example of this would be like a canary trap. I don’t recommend doing that just ‘cause it like it feels bad. But if you’re not aware, a canary trap is basically, telling a lie or altering or somehow marking a piece of information that you’re giving to a specific person to see who else finds out about it. So like for instance, if you tell five different people you’re from five different countries, and then it comes out that you’re from one specific country someone said, you can have a feeling that person was the one who revealed that information?

Aqua: Yeah. it’s an old CIA trick. I don’t recommend it just ‘cause it turns out that, like, your friends don’t really appreciate being lied to, and then you have to explain that. So, uh, yeah, just, yeah, be careful with it. you know, I try to be authentic, but I try to obscure, like, actual facts.

Tarro: Mm-hmm.

Aqua: we got on the topic of OPSEC and it was almost another full episode.

Oopsie

Tarro: Thank you so much

Aqua: Up next we have an email from Sparrow, hidden by the night, with the subject, “My Fascination.” Sparrow says, “Hello. This may be unusual from the mail you typically receive, but I wanted to say that this podcast has fascinated me for a while, since about 2024. I am not a zoo, nor have I ever interacted with any, but I am extremely interested in the way people on this podcast speak about their beliefs and opinions. These are concepts that I’ve never heard of, and although I’m not entirely sure what to think of it myself, I love seeing the world through someone else’s eyes, especially seeing the world of what is considered taboo by societal standards.”

Tarro: Yeah. Thank you so much for writing in. Honestly, I do think emails like this are great because if we ever do wanna gain any level of like real social acceptance, we’re going to have to go through resonating with a lot of non-zoos. I would be personally really curious to know,as you listen to the podcast and stuff, what kind of things that we talk about stick with you?

what are the things that helped paint us in a light where it felt like you wanted to give us the time to explore our opinions? and are there any things that you feel like we’re totally off the mark on? getting people’s opinions from outside our circle is so important, so if you do end up hearing this, I would legitimately love to hear your thoughts on what you think of the whole sort of zoo thing.

Aqua: Yeah, definitely write us back and let us know. I- I’ll say that I’m really happy the show is, reaching people who aren’t zoos like you. the world would be a kinder and fairer place if more people were able to be curious about something that was really out there. something that’s not part of their worldview or their, their experience as a human being to date.

that’s a really incredibly powerful and important skill to practice, and I hope you’re making good use of it in your daily life.

Tarro: Yeah, absolutely Our, uh, next email is from Slate with the subject, “Feeling Trapped.” Slate writes, “Hi, Zoo Crew. I’ve been sitting on this for a long time, and I think part of why I’m finally writing into the show is because I don’t really know how to say any of it out loud in my actual life.

I’m with a non-zoo partner I love deeply. They aren’t a bad person, although yes, they are anti-zoo and even anti-feral NSFW. They have their own boundaries, their own beliefs, their own lines of what they find acceptable, And I know that’s completely normal in a relationship.

The problem is that two parts of me exist on the other end of those lines. Because of that, I find myself leading two lives online. To be clear, this is a long-distance relationship, although we have met IRL and we’ve been together for years now. in fact, we’ve been best friends since we were teenagers, long before I even knew anything about being zoo.

while I know how to maintain good OPSEC as someone who’s done plenty of research and is even majoring in computer security, I still feel constantly on edge even when I’m on my alt account. It’s not just fear of being found out in some dramatic sense, but rather the slow, constant pressure of knowing that if those two lives ever collided, It could change everything. I think about the stupid little things all the time. A tab left open, a wrong account logged in, a careless notification, a shift in tone or a question asked at the wrong moment. I know some of this is irrational, but some of it isn’t, and that’s what makes it so exhausting. The threat feels unlikely right up to the second that it wouldn’t be, you know?”

Aqua: Oh, I know this feeling very well

Tarro: Yeah. What makes this even harder is how much of it is turned inward. I don’t just fear the rejection. I feel like I’ve started rehearsing it for them in my own head. I imagine the disgust, the confusion, the hurt, the sense of betrayal, and then I end up internalizing all of it before they’ve even said a word.

It feels like I’m pre-rejecting myself to soften the blow, except it doesn’t soften anything. It just makes me feel more ashamed, more split in half, and more afraid to exist honestly, even in private

Aqua: Okay. Yeah. So you know that, tweet from Twitter back when it was actually called Twitter, where it’s like 90% of Twitter is just making up a guy to get mad at

Tarro: Yes, and I love that tweet.

Aqua: Yeah. Uh, Slate, that’s exactly what you’re doing, and I think that’s your subconscious telling you that your current situation isn’t sustainable. you need to feel accepted and safe at home. I know it’s a long-distance relationship, but it might not, not always stay that way.

So be really careful not to hold a grudge about something that hasn’t actually happened yet.

Tarro: Yeah. Slate continues, “And the worst part is that there’s no villain here, at least not in my book. My partner is allowed to have boundaries. They’re allowed to feel however they want about zoo or feral and SFW. I’m not angry at them for that, I can’t ignore the fact that loving someone who might see part of you as fundamentally unacceptable does something to your brain over time. It makes you watch yourself constantly. It makes you wonder whether you’re still being loved or just being loved conditionally based off a version of you that feels incomplete.”

Aqua: Yep

Tarro: I think that’s part of– I think that’s the part I’ve been struggling with the most. Where’s the line between privacy and deception? Between having an inner life and actively hiding something that would matter deeply to the other person? I don’t know if staying silent is protecting the relationship or just delaying a much worse hurt down the road.

I don’t know if honesty would be brave, selfish, necessary, destructive, or somehow all of those things at once

Aqua: yeah. I don’t remember who said it, but it was, Shame, like acid, erodes its vessel.” this is central to, like, why this podcast exists. We have to get people, more comfortable with themselves and more willing to take the risk, uh, to let other people in

Tarro: I love this person deeply. I do not want to hurt them, but I also feel like carrying this alone for so long has been slowly eating through me. It has made me more paranoid, more self-loathing, and more disconnected from myself than I want to admit

Aqua: Yeah, you’re gonna need to fix this while you still have a choice in it

Tarro: So I guess my question is this: How do you live with loving someone who may never be able to accept all of you? How do you tell the difference between privacy and dishonesty when truth could end the relationship? And how do you stop turning someone else’s possible rejection into a reason to reject yourself first?

I wanna be able to get out there and make zooey friends, to be able to build a community where I feel real to myself and at peace. But time and time again, I find myself pushing everyone away and repeatedly deleting account after account because of this internal conflict. I admit, in general, I’m still deeply morally conflicted on the whole bestiality thing, so that doesn’t help.

But I know there’s a difference between actions and attractions, and I’m tired of pretending I haven’t found animals attractive ever since I was born

Aqua: Oh, yeah. You know, I would be more worried if you said you weren’t conflicted about this, uh, ‘cause it’s, it’s really complicated and it’s personal and it’s consequential stuff. being conflicted just means you’re thinking. but remember, like attraction doesn’t hurt anybody except you if you let it.

So, let yourself be who you are and then decide how to act on that and manage it. Uh, I mean, if that is if you ever act on it, uh, like, and never acting on it is a solid choice, by the way

Tarro: Yeah. Slate concludes, “Thank you for reading and thank you for making space for conversations that are messy, painful, and hard to fit into the neat moral boxes that our society likes to pretend exist. Kind regards, Slate.

Aqua: Oh, Slate. it’s really easy for me to empathize with this. I think, like, it’s fine if that’s what you were doing, if you were just rubber ducking here, but you’ve answered all your own questions. you have a lot of insight about your feelings and where they’re coming from, and it– I think it’s obvious that you understand the destructive potential they could have, but I don’t know that you realize the damage that it might already be doing to you.

you have to make a choice, about your life with your partner, uh, and it’s for your own good and it’s for theirs too. And like, you gotta do this soon. This is gonna eat you up if you don’t. if I were in your position, there would be no future together with them, uh, unless I disclosed my whole truth and after giving them some time to process and discuss terms, like how to live together with this, with this reality, I would expect understanding and acceptance from I have had that with every relationship I’ve ever been in because my partners, uh, who are not zoos, they all knew my values and, you know, I didn’t, I didn’t require them to tell me anything they didn’t want to, but they knew they could. they knew I could handle it. So your zoophilia, that could be a deal breaker for them.

But we already know what your deal breaker is, don’t we? this sounds miserable. I think you’re allowed to end the relationship without telling them the exact reason why. But the longer you’ve been together and the closer you are, I think the more you owe them a chance to reward your bravery.

And like, this isn’t a zoo problem. You know, it is– There are some unique elements to it because we’re zoophiles, but this is not, this is not brand new, right? You have a decade, you have decades of gay literature to consider. it’s a whole genre of film and, and romance novel and nonfiction.

so Just read about the, the way the rest of the world deals with this. And, uh, and like, and if you have the means, please consider taking this to a therapist, so that you have someone in your corner no matter, no matter what you decide here. like, it’s possible and it would be wonderful if this ended up just being a stressful period for both of you, but then, like, it, it resolved and it brought you closer together. but there’s a real chance that one of you is gonna get hurt by this. anyway, we have a whole episode about how to find a therapist, so if that’s an option for you, please do it.

Tarro: Yeah. I’m extremely sympathetic here. the internal struggle there is so hard, and it feels so tough trying to parse two different sides of you together i- in a way where it feels like they don’t fit. I also have a non-zoo partner, and I’m so glad that he’s supportive of my zoo sexuality. But even then, I have a lot of friends and connections who aren’t, and it is such a struggle sometimes hanging out with people who will throw out comments about how glad they are that, exotic erotics got thrown out of, MFF or how, people are getting way too comfortable with feral porn or whatever else. at the end of the day, it really is just up to you and what you wanna do. You’d be far from the first queer person that tries to, hide a part of yourself to fit in with a more normal life. and like Aqua said, there’s some really amazing literature out there to read or shows and movies to watch that really focus on that struggle.

but I do think that there’s a part of you that really kind of rots inside when you do that. And, I’ve been lucky enough to be able to exist in a lot of zoo spaces, both online and in real life, and the feeling of being able to be 100% authentically yourself, it really– it’s life-changing. it’s hard to describe how amazing that feels. this is gonna sound maybe dumb, but have you tried talking with your partner at all about this and just seeing, like, how they react? like you mentioned, they’re against feral art. If you told them that you like feral art, what do you think they would do? it’s not necessarily something that’s gonna get you in any sort of, like, real trouble if it does blow up, but it could at least help to show you whether or not they’re willing to reevaluate their beliefs because they love you and they want to understand you.

if you’re like, “I think Simba from ‘The Lion King’ is hot,” and they’re, like, ready to break up with you already, I think that’s a very different situation than if you tell them that you like feral porn and you have a real conversation, and they end up saying, “I don’t get it, but I support you.”

yeah, just a thought. You do you, and, I hope no matter what you decide that you end up happy. Seriously.

Aqua: Yeah, same. Good luck. This one feels personal.

Tarro: Yeah I’ve been really fortunate and,like this exact scenario is, is a big part of why I’m here

Yeah. I, I feel so lucky to have never dealt with this, but I’ve had friends that have had to go through this in the past, and it’s, it’s always hard. Sometimes it works out, sometimes it doesn’t. But I think the big thing is, like you were saying, the longer that you wait to do something about it, the more it’s gonna hurt when something eventually happens, and it will eventually happen

Aqua: Yeah, and it’s gonna happen in a way that you don’t plan for. that’s the worst

Tarro: Yeah

thanks for being in.

Aqua: yeah, please write in and let us know how it goes, whatever you end up doing

Tarro: Yeah

Aqua: up next we have a short one from Jase with the subject, “Can I just get a full zip of all the podcast episodes?” Jase writes, “Can I just get a full zip of all the podcast episodes? I was looking through Apple Podcasts and I found one podcast titled ‘Zooier Than Thou’ and got excited prematurely. It turns out it was a podcast that reviews podcasts.”

Oh, that’s lame.

Tarro: Unless they gave us a good review

Aqua: Yeah, I’m not taking that bet. Jase continues, “I just want a full library of all the episodes done so far, so I can download all of them and put them on my iPod. I’m so bad about actually keeping up with this show or listening to any long-form content.

It would just be easier for me to throw it all on the iPod and listen while I’m walking my wife or on one of my semi-occasional offline bike rides. Thanks a bunch.” and then they add that, uh, they’ve already done the math that, uh, it’s about 26 gigabytes in MP3 format. okay, so this is an easy one to solve.

y- all you need is a, is a podcasting app, or I guess they’re called podcatchers. whatever. That’s stupid. but there’s one called GPodder, and there’s plenty of others that can do this, but GPodder will run on basically any system you have. all you have to do is add the show using the RSS link which we give you, and then tell it to download all the episodes, and it’ll just do it.

and then you’ve got a folder on your computer with every episode. and, It’s not buried in a database somewhere. You can just grab them and you can drop them wherever you want.

Tarro: Also shout out to you having an iPod. I haven’t heard of someone using one of those in 10 years, so very cool

Aqua: Yeah. they’re coming back. Turns out when you own nothing and rent everything, people don’t like it

Tarro: Yeah. Yeah. Crazy how that works. yeah. Thanks so much for writing in, Jace

Aqua: And that I think brings us to Wolf Seeks Dog, right?

Tarro: Yep

Aqua: Okay

Tarro: All right. Our last email comes from Wolf Seeks Dog with the subject, “Discussion of Telegram Security.” Wolf Seeks Dog writes, “Dear Zoop folks, thank you for your analysis of my email discussing Telegram security. In particular, thank you for handling it critically but sympathetically. I’d expect no less from y’all, but even so, it was educational to see how tense and vulnerable I felt while having it dissected in public without any ability to reply.

I just learned quite a bit about the power gradient between a broadcaster and their subject. Anyway, fair analysis. I don’t agree with all of it, natch, but I mostly agree with quite a lot. I’ve tempered my position since I wrote it, and my remaining disagreements tend to be in an ugly OMG rogue panopticon autocracy territory, which isn’t much fun to discuss without some beer involved.

And sadly, I’m a bit too far away for that. So I’ll just say thanks for being nice. Big drooly love, Wolf Seeks Dog.”

Aqua: Aha. uh, it’s your lucky day, because, um, I don’t know about you, but, in the last two months, one day I woke up and the world was super different because of, Anthropic. anyway, I’m not quite ready to eat my hat on this one and say that you were right ‘cause I, I don’t think like the extent of your concern is, warranted just yet.

but it’s definitely different and worse than it was when I responded to you originally. anyway, it seemed so urgent to us, we actually bumped a different topic to cover it in this episode now.

so that’s what this episode is about. It’s all about Telegram alternatives

Tarro: do we really have to use Telegram? What features do we really need in a chat? What else is out there? Matrix, Stoat, Discord, ugh. IRC? Can we just go back to IRC?

Aqua: Maybe. yeah. So we’re gonna divide this up into an examination of Telegram, try to come up with a list of the features that we need that we actually use, and see where we can find them. we’re gonna take a look at some alternative, codes of conduct and, uh, and acceptable use policies. And then we’re gonna wrap up with a discussion about how, AI and, these new powerful LLMs that have, that have come about in the last, six to eight weeks are gonna change the landscape for basically everyone, and if there’s anything that we should be doing about it. It’s gonna be wild

Tarro: More Zooier Than Thou right after this.

Aqua: Stay tuned

Tarro: Ba-daddle-a-dum

Sponsors

Announcer: This episode is brought to you by the letter B, for bad faith arguments like, “Animals can’t consent,” by Misanthropic’s new zoo AI model, Zod. Zod offers wisdom stolen from the entire written corpus of human knowledge, now featuring 4chan archive! “Brush your teeth with a brick. Buy a pizza and pay with snakes. Design zoo stickers of horses with way too many legs.” Try Zod today for the low cost of no drinking water, no human employment, all of Earth’s electricity, and a habitable climate!

And by listeners like you. Head on over to support zoo.wtf and donate whatever you can. Every dollar you send helps us buy more tasty, delicious Zod tokens!

Topic - Telegram and the AI Future (Part 1)

Aqua: Welcome back, fellow zoos. It’s time for our topic this month, which is Telegram alternatives, and then later a bunch of AI stuff. We’ll explain why. how did we get here? We weren’t supposed to be doing this episode this month. We had another topic planned, and then this kind of jumped in.

yeah. So I’m here with Toggle for the first time in a while

Toggle: Hi.

Tarro: Welcome to the show Toggle. Great to have you here.

Aqua: And there’s Taro again. And we have a new guest with us, Cyber Cervine, who is, working in a relevant, tech field to help us answer questions and work through some of the more

enterprise-y challenges that we might run into

CyberCervine: I also help out with a couple zoo projects.

Nice to be on

Toggle: Yeah

it’s good to have

Tarro: Yeah,

Aqua: I actually don’t know anything about you, so please introduce yourself

CyberCervine: I’ll, I, go by they/them, and I’ve been kinda creeping around in the background of zooey spaces for, let’s say, five years. And, I contacted Tarot about, I’d say four years ago, seeing if, they need any help with their projects, and that kinda catapulted me into other areas and other projects. I like to kinda be in the background and work on things, but this seemed like a topic where I could give some information and help out the community, so I decided to jump on.

Aqua: Definitely. We’re glad to have

Toggle: We really appreciate it

Tarro: it was

so funny. It was like one of those things where you don’t realize that your friends don’t know your other friends. ‘Cause when I was first thinking about this topic, I was like, “Oh, Cyber Deer would be so good for this.” and so I went over to Aqua and I was like, “Let’s have them on.” And Aqua was like, “Who is that?”

And I was like, “W- what do you mean you don’t know them? they’ve been around for ages.” It was so funny.

CyberCervine: Yeah, I probably know your friends

Toggle: Yep, same story for me.

Tarro: Yes.

Toggle: friend of a friend

CyberCervine: I liked– That’s a comfortable zone for me.

Tarro: Very deer-coded

Toggle: Oh. All right, so let’s talk about this

Telegram nonsense. We’re here again. Yeah, I think it starts with, the original email from Wolf Seeks Dog, which, I saw Wolf, wrote back in. so I guess where we started from there is it still felt a little alarmist. It was a little bit like, “ Yeah, I mean, like we understand where you’re coming from, but slow it down a little bit.”

this is a tool, people use it, and there’s a safe way to use it and stuff. And that was like, what? February Yeah. Enter like April, and the world completely changed, right?

we,within about a week, well, maybe it was two weeks of publishing that episode. Yeah, pretty quick after the episode aired, we had, uh, for a while we thought it was a CVE-9, Telegram, So CVE-9, that sounds like something to do with cyber servine. What does CVE mean?

CyberCervine: Oh, honestly, this is one of the things about tech is, I don’t even know what it stands for. I just, it translates into a word in my head. So CVE is basically just like a vulnerability that’s, publicly given out to the whole world. It’s basically, either someone else discovers something about your product or you discover it yourself, but sometimes they don’t tell you if they did, and they have to declare, “This is a problem with our product, and this is what it affects.”

And once they figure out a way to fix it, they, go ahead and, give out that information freely because they wanna make sure that the internet’s safe. But, lately we’ve been seeing a lot of CVEs coming out

Aqua: Right. So, uh, a software vulnerability.

CyberCervine: Yes.

That sounds right.

Aqua: So in general, I think the way this works, and, Cyber, correct me if I’m wrong, but when a vulnerability is discovered by a researcher, and there does not appear to be any, known exploitation yet, responsible disclosure guidelines mean that researcher is going to contact, uh, the software company that produces it and give them a certain amount of time to respond to the problem privately so that, uh, when the, uh, the vulnerability is disclosed publicly, there is already a patch available.

CyberCervine: Yes. that

is, that’s all true. there are certain, rules when it comes to, if you have an incident in your own environment where you need to disclose it much faster. But when it comes to vulnerabilities with your product, usually they try to keep it hush-hush until they figure out how to fix it.

‘Cause what’s a, a vulnerability that’s out in the wild and hasn’t been publicly announced is called a zero-day, and once it’s announced, it’s a day one, vulnerability. So you wanna make sure that you have a way of actually fixing the day one once it’s out, ‘cause then all the hackers are gonna be like, “Ooh, that looks nice.

I’m gonna go see if I can exploit that.”

Aqua: Yeah, and as we’re gonna see, that process of learning that a vulnerability exists and exploiting it, that window of time has become drastically shorter. So, uh, so that’s what happened. Uh, Telegram had a CVE 9.0 more or less, I think it was 9.0, um, which out of 10.

Toggle: Out of

Tarro: That sounds bad

Aqua: and 10s are supposed to be rare, but, uh, lately there’s been a bunch of 10s industry-wide, so that’s a whole separate discussion.

Uh, but this one was supposed to affect something about the way that Telegram processes incoming media, whether that’s, uh, a sticker or a profile picture, something like that. the details were very vague. we do know that it was discovered with AI assistance, and that set off, uh, at least in furry and zoo land on Telegram, a whole bunch of PSAs in different group chats and things to disable automatic media downloads and, and do a couple of other precautionary measures.

it turned out, not long after that, I think it was like four days later, it got downgraded to a seven, which is still not great. But, I don’t think I’ve– I don’t think there’s any proof of concept. I don’t think there’s any way to demonstrate that this is a problem, and Telegram responded and said pretty much the same thing.

So,okay

Toggle: I gotta be honest, this is a thing that becomes kind of an echo. Telegram’s response to, like, people disclosing potential security threats is, shall we say, underwhelming. I just don’t like the… They get really defensive about it, and that’s just not a good sign. you should be like, “Okay, we’ll fix it, I guess.”

Like, you should be, like, ready to fix instead of ready to defend. it doesn’t… Everyone has security vulnerabilities. Just

fix

Tarro: So as a raccoon on the internet that’s somewhat stupid, how much do I actually need to care about this?

Aqua: A little bit

Tarro: Okay

Toggle: Enough to stop– You should probably actually go ahead and turn off automatic media downloads.

It would be a for a lot of reasons regardless. It is a pain in the ass, I will say because, nothing loads right anymore, and it’s really annoying. But, better that than to have someone mess

with

Aqua: I’ve never had it turned on and I don’t notice it. If I wanna see a picture, I just click it

CyberCervine: I will

say in an enterprise environment, downloading stuff through emails, like automatically, that’s a complete no-no. You don’t wanna do that. And also, as far as there’s this concept of like least privilege, like you only wanna give an app the power that it needs to do its job. So if you can live without having things automatically download, it’s much safer to turn it off.

but that’s like a risk-reward thing that you need to figure out for yourself

Aqua: Yeah, it’s a little bit like the whitelist/blacklist approach where, you know, if you’re setting up a piece of equipment or like a firewall, you can block all of its features and then selectively enable them, or you can enable everything and turn off the stuff you know you don’t want. It really depends on what you’re doing.

CyberCervine: The allow list is much better.

Aqua: yeah. incidentally, almost no consumer hardware follows that good advice. so this got me thinking after uh, this news about Telegram, was like basically finished. I’m like, “Okay, that turned out not to be a big deal. What if it had been?”

Toggle: is the seven not a big deal? I don’t understand. The seven not

Aqua: The way that Telegram explains it is, yeah, okay, maybe this is a problem, but there’s no code path to get there. So who cares?

.

Aqua: I mean, I care. You should fix it. Thanks

but what if it had been really bad? Uh, what if it was discovered in the wild under active exploitation instead of found by a researcher using a model? And, I did not feel so great about imagining that.

so fast-forward a little bit, and then Anthropic, one of the leading frontier model developers for, AI programming and, in general drops Claude Mythos on the world. And they do it in kind of a self-serving way, where

Toggle: Yeah. And the Doomsday Clock ticks like, a couple seconds

Aqua: Yeah.

Um, so, uh, Mythos is the most capable model that they have ever produced. and in that sense, it, it was a, an inevitable development, like we knew this was coming. I just don’t know that anyone really expected it to happen this fast. What makes Mythos special for now is that it is extremely good at finding, bugs and vulnerabilities in software, and then creating its own proof of concept code without any human intervention or assistance.

You can basically point it at a code repository and say, “ Find problems,” and Mythos will say, “Sir, yes, sir.” And then it will just start crapping out problems, and they are almost all legitimate.

CyberCervine: Yeah, every time someone goes back as a human and says, “Oh, this is…” And that’s the thing is they’re all really esoteric things that normally people might not think of, but then they go and try them, and they absolutely work. And a lot of times they’re serious vulnerabilities. So like it’s working and it’s… we’re thinking about “Oh, no one would do that if they don’t think about it,” but now they have the

Toggle: tool to do

it, so

CyberCervine: so as far as what I’ve been seeing, I’ve been reading these CVEs as they come in, and a lot of them are like decades old. it kinda… What Tugal was talking about as far as, we wouldn’t have thought to do it that way, that the LLMs, the AIs don’t, they don’t care. They’re just, they want their, we call them cookies, like the reward they get for doing their job.

They’ll find any way to get them. So they’ll, they’re gonna find ways to do things that we can’t think of, and that’s just causing an avalanche of old vulnerabilities that have been in our software that we’ve been using for a long time to come up to the surface all at once. So it’s kinda overwhelming.

Aqua: Yep

Toggle: Someone has to go fix these things, and, that takes some time ,

Aqua: Yeah. Uh,

Toggle: effort

Aqua: the issue is we’re in a weird period of transition now where these kinds of problems can be found at machine speed, but they can’t be corrected at machine speed. Not yet. and all of the infrastructure that we have is built around human speed,design and response principles going all the way back to the ’90s when the CBE system was first created. we’re, we’re, we’re kinda getting, uh, ahead of ourselves on this ‘cause, like, the, mythos part is, particularly interesting and complicated.

Toggle: But there is one other thing that happened with Telegram recently, very recently actually. and now the idea of this particular bug had been published a year or so ago, but what happened recently is that researchers were able to actually prove it and verify that, oh, this is a really big problem.

Basically, if you ever thought that you had any sort of anonymity on Telegram, Telegram basically has a special ID that is stored for you that is persistent across all sessions and clients. and it is very trivially, if at all obscured to such that, you know, someone with access like ISP access or network access can basically track you wherever you go.

They know where you’re at. They can see what you’re doing with Telegram and stuff like that, and they can basically figure out who you are that way. and Telegram– And the other part of that was basically there’s still concerns about T- Telegram’s ties to, the Russian government, and one of their head people talking about some of– allegedly talking about some of their other software that they use where they just basically just give people, give the government the information they need based on these people’s identity information that they have. Telegram’s response was basically to, to wave all of that away and be like, “No one can actually do this except for ISPs anyway, so it’s not a big deal. And also, we don’t have ties to the Russian government, and then we never do that, so you don’t have to worry about it. No one has access to this stuff.”

which is not a great response.

Tarro: this is, uh, I’m no expert in this, but that does not inspire confidence in me.

Aqua: No, not at all

So that brings us to why we’re talking about this now. All of these things together, particularly Telegram’s unique feature set and design and, I hesitate to even call it corporate structure because it’s– there, there’s almost nothing there, not in a traditional sense. all of these things add up to a really strange posture that Telegram has and is maintaining that might make Telegram particularly vulnerable to, future exploits, especially,machine-accelerated ones. that’s why we’re talking about this today, is,I’m not ready to eat my hat about this one, but, Wolf Seeks Dog’s original message to us was actually quite timely because, uh, in the meantime, he says that he’s moderated his position a little bit. Um, I thought maybe I undersold what was happening, and now I think there’s a chance we’re gonna meet someplace in the middle.

And, uh, uh, it’s time to really consider whether or not Telegram is something that we wanna rely on or if we can move on to some other platform that is better positioned to protect itself and, respond to security events that are certainly going to come

Toggle: why the hell are we on Telegram in the first place, and why is it so hard to get out of

Aqua: So what do we actually need from a chat app?

CyberCervine: Where all the people are

Tarro: Yeah. I mean, as someone that, uh, happens to run a chat, I do think that there are certainly things that Telegram provides that makes it really desirable to, create things within this environment. there’s the concept of, like, a captive audience, of course, where because everyone’s on Telegram, it makes it so much easier to use Telegram to talk with your friends.

But I think even past that, it does have a good way of doing things like stickers. That was, like, a big selling point when it first launched, and I think that’s really good.

Toggle: For furries

especially.

Aqua: Oh my God. Now and Later’s entire business is Telegram

stickers

Toggle: How else am I going to like indicate with a picture that I’m peeing on you than with a furry Telegram sticker?

Tarro: That’s true

Toggle: You know? These are important

Aqua: Yeah, they’re just really extra big, extra cool, sometimes animated custom emojis that you can make yourself.

awesome

Toggle: And share widely and freely, and everyone

Aqua: That gets a little strange, but Yeah. Yeah. speaking of sharing images and stuff, one big thing that Telegram has, specifically I think this is great for furries over other users, is,its file sharing is really, really, really easy, and the file limits that you get are extremely reasonable, unlike something like Discord, which gives you itty-bitty file uploads.

Toggle: Signal only does up to 100 megabytes, which is garbage. We literally could not produce our podcast using this Signals, Signal operates on a shoestring budget, just so you know.

sure, but it is certainly frustrating that it– like if I send it, like for instance, a video, it’s going to compress the shit out of it to make sure that it is within the file limits, or audio as well. it’s, it’s almost like trying to send something uploaded to FA. Like FA is the fucking worst because the file size limits are so archaic.

it’s very

Tarro: Tog, do you know the, do you know the

file size, limit on Discord?

Aqua: I think it’s 100 megabytes or something, right?

Tarro: It’s 10

Aqua: Oh, wow

Tarro: Yeah.

Toggle: gonna say it’s 10 megabytes. It’s absurd.

And they’re not running on a shoestring budget, let me tell you that right now. There’s absolutely no fucking

reason for this nonsense

Tarro: well, it’s also the way that they get people to buy into premium, ‘cause once you buy premium, you get up to 50. Ooh.

Toggle: Ooh, 50.

CyberCervine: that sometimes I, try to upload something and I’m super surprised that it didn’t work. I’m like, “Really? This thing? It’s not even a video or a picture. It’s like a document.”

Tarro: Yep, yep

Toggle: Meanwhile, fucking Telegram, the m- like the basic is a gigabyte. It’s like a gigabyte, and the premium is like unlimited. I can send literally… I’ve sent like four gigabyte files to people through Telegram,

Aqua: Yeah, and the speed is there too. it’s not slow

Tarro: No, it goes wicked fast. it’s really

Toggle: convenient for sharing files

Tarro: Yeah.

another thing that I think is a little bit more basic but definitely worth mentioning is, like, for any real application for chat, it needs to be global so you can access it from anywhere. and it also needs to be something that you can access from multiple platforms as well. If it’s, like, just on iPhone, obviously that’s not gonna work, or even, like, just on PC or just on mobile, you’re gonna limit the audience way too much

Aqua: Yep. And it needs to synchronize between all of your different thingies

Tarro: And Telegram has, from the get-go, Telegram was really ahead of everyone else on that. another thing that’s really important for zoos in particular, especially if they’re furry zoos, is the ability to log into multiple accounts at once on the same

Toggle: client at the same time. That is a big deal.

it’s one reason that I can’t really use Signal for anything is because I have one identity on Signal and,I don’t wanna use Toggle with all of my friends, you know?

So that makes it very limiting

Tarro: Discord had that

problem as well. They just recently launched the ability to switch accounts on the fly, but for the longest time…

Toggle: Not on mobile

CyberCervine: One thing I will

say about Discord, yeah, the Discord switching of accounts, I did try it out in the early days, and there was like this one person who said, “Oh, you’ve been online all day.” I’m like, “No, I haven’t. I’ve been on my other account.” So it wasn’t even like segregating them, right? like it was showing my li- my main account as being live when I wasn’t on that one.

Tarro: Which is so scary if you’re doing zoo stuff and you’re worried about it maybe

Toggle: Yeah

Tarro: up like an activity or like

Toggle: That’s not ideal.

Tarro: n- the name

of something that you don’t necessarily want on

the other account.

CyberCervine: stuff off.

Tarro: Me too, but if you’re just talking about like basic privacy settings, I don’t love the idea that it like has those accounts synced in any way.

Aqua: Actually, that’s a whole category on its, on its own. let’s talk about Telegram’s privacy settings So there’s a, there’s a whole bunch of really specific ones that I don’t think I’ve seen anywhere else yet. And you can– like you can argue that like some of them don’t have that much utility, but it’s still cool that it exists.

Like you can set a different profile picture that people who aren’t in your contacts will see compared to the one that people in your contacts will see. Does that make sense?

Toggle: Yeah, and you can also just disable it entirely

So that people can’t

see it. So if, your mom suddenly ends up on Telegram, she’s not gonna see your

gay

furry sticker

Aqua: right. If you don’t have your mom in your contacts, like what are you even doing?

Tarro: Are your moms on Telegram? That’s insane

Toggle: I don’t let– Oh, ex- excuse me. First of all, I do not let my contacts sync

with the fucking… I’m

not allowing it to do that.

But, um,

CyberCervine: Security

mindset right there

Tarro: Yeah

Aqua: okay. So that’s one. for group chats, you can, as the owner or one of the administrators, you can assign pretty detailed permissions for different users and different roles.

you can enable slow mode in case people get too excited about Star Fox or whatever, and they overwhelm the chat for a while

Toggle: Fuck Don’t threaten me with Fuck you

Tarro: This is a very Star Fox-centric episode.

Aqua: It sure is. can

Toggle: Listen, if we’re not excited about Star Fox, I don’t know,what is there

Aqua: Yeah, for

Toggle: about in this world?

Aqua: you can turn off chat exports. you can selectively blur the chat, if you, if you wanna do that. I don’t know how effective that one is, but it’s an attempt, to prevent, malicious behavior

Toggle: Here’s an interesting one that you might not have ever run into. If you try to video record a chat that has certain settings, it’s blank. It will be blank on the video, like on your phone. If you try to video that,

Aqua: Yep. and if you’re recording on your screen and you flick past Telegram and it’s, a secret or a one-on-one chat with somebody that’s focused, it will send them a message warning them that you’ve done that

I don’t know. I kinda like this. I don’t know any other apps that are doing it

I think when Telegram came out, I was still using a BlackBerry

Toggle: I was using Skype.

Tarro: You’re old

So is this shit on, like, Slack?

CyberCervine: No, it’s usually more browsers. you buy a browser that costs money to use per month, and then it makes it so all the sites are like that if you configure it correctly

Aqua: Oh, I think I know the one you’re talking about, but the name is…

CyberCervine: There’s a couple of them.

Aqua: So it kind of sounds like Telegram just showed up with

the right stuff

Toggle: Yeah, I mean,Telegram is actually really fucking cool

Aqua: it was really good shit and there was nothing else

CyberCervine: I wanna call out one more, which is, uh, forgetting chat history. Super important nowadays. If you, set it so that a chat only lasts a month, then there isn’t that big, huge, one of the things I wanted to talk about on here is how AIs are gonna get really good at profiling people based on chat histories

Tarro: Yeah

Aqua: Yep. Yeah, for sure

Toggle: Guess I gotta delete

Aqua: preventing, chat forwarding, media downloads, media forwarding, decoupling forwarded content from linking back to the account of the person who posted it originally. all of this stuff came about over Telegram’s development. It wasn’t like a day one feature, but we have it

Toggle: yeah, if I’m in a chat with a friend group where, you know, like every now and then I’ll share something with them and I’m like, “I wanna share that with someone else.” And I go to forward it and it’s like, “Absolutely not. You’re not allowed to do that.”

Aqua: And it doesn’t necessarily matter to me that, like, those features are completely bulletproof and, like, airtight. ‘cause one of the problems that Telegram has is that not all the features they implement show up in all their clients, not even the official ones. iPhone has its own thing.

macOS has two different clients for some reason. I don’t know why.

the native one is good ‘cause it does secret chats if you need that. there’s another one that’s sandboxed.

Toggle: the other one allows you to export

Aqua: What the fuck?

Toggle: whereas the other one does not.

Aqua: some of the things that Telegram is doing may not translate very well to different platforms.

Like a Linux computer has a completely different windowing environment and different security models. So,

Toggle: I mean, there is a Linux platform

Aqua: Oh, there definitely is. I just don’t know that some of the things that they’re doing on iPhone are possible on Linux, you know? And it could be the

other way around too. it’s hard to maintain feature parity between all the clients when you start getting really specific like this

Toggle: And then allowing people to make their own clients using the API or whatever, they can do all kinds of random shit. Like, there’s, there’s certain ones that’ll actually expose what your user ID is. and your user ID is not your handle. It’s like a number that’s associated with your account. and so there are some clients that show what that number is, and that can be used to see who you are even if you change all of your information

Tarro: Guys, you are mostly just convincing me that Telegram is good

CyberCervine: This is the Telegram fans podcast

Aqua: let’s, let’s talk about, like, a couple more reasons why Telegram is so successful, because it has over a billion users at this point. for me, a big one is reliability.

Tarro: Yeah, it goes down, yeah, it misbehaves, but it’s rare, and most of the time it just works.

Toggle: let’s talk about the shit that sucks though, and I’m gonna start with the fact that if you do

have a problem,

go fuck yourself.

Tarro: that’s a good one

Aqua: Yeah, there is no live human help

Toggle: They have a volunteer staff which is nowhere near equipped to actually provide anything sh- similar to customer service, and God forbid you need to get an SMS code from this goddamn app because it will not send it to you, and there is nothing you can do about it. that’s a pain in the ass

Tarro: There’s also

very little in terms of inbuilt moderation features. I know there have been plenty of times where I’ve tried to report

accounts, and the way that you have to do that is, like, send them an email basically, which is just not great, especially if someone’s making multiple accounts and, like, using them to harass you.

Obviously you can, like, block them or whatever, but it would be cool to know that, if someone’s sending you, like, gore or something, you can get them taken off the platform

Toggle: And yeah, it’s very strange ‘cause as a chat owner, I’m able to go in and report people in my chat. But if someone just messages me and harasses me, all I can do is block them. I can’t really report them. And I believe this feature was actually removed. Like it used to be there and it was removed possibly because of people exploiting it.

but for whatever reason, it’s not there. You can’t report people for doing bad things.

Tarro: another thing with Telegram that I think can hold it back is the fact that it needs to be tied to a phone number. obviously that can help regulate like bots and like fake accounts and stuff, but I do know plenty of people who don’t wanna hop on the Telegram train specifically because of the fact that they need to use a phone.

and not everyone wants to deal with the hassle of creating a burner

Aqua: Yeah.

Tarro: Cyber Deer, what’s your least favorite part about Telegram?

CyberCervine: I’d say it’s probably all the people who are DMing me being like, “Hey babe, what’s up?” I don’t like that very much. I usually just block them immediately, but I probably get like one a month at least.

Toggle: Lately I’ve been getting interesting ones they’ll say something like, “Oh, I forgot something at home,” or like, “I heard your mom was in the hospital,” or just like random shit like that. just like as if they already know you, but it’s some person named like Alicia, and I don’t know anyone named Alicia.

Who the fuck are you? You don’t have a furry icon.

Who the hell are you?

Tarro: Human PFP is immediately a red flag

Toggle: 100,000%. If I see that you are a human, and especially if you are a beautiful woman, I’m immediately

Aqua: Yeah, if you have an anime icon, that’s pretty sus too

Tarro: I will take an anime icon over a human icon any day

Toggle: 1,000%. But usually the

anime icons are trolly, Yeah, it’s furry icon or get the fuck off of my

goddamn

platform. Okay. You’re okay because

your fursona is Orb,

Aqua: just a shape

Toggle: that works

Tarro: I will say if their PFP is a really attractive dog, I will also give them time. I’ll see what they want. I’ve had that happen before

Aqua: there is some reason, like some legitimate reason for sign-in problems like this, and it’s, it’s part of their anti-spam and anti-scam system.

Toggle: recourse if you’re a real

person, so

Aqua: which sucks. and the spammers don’t care. They just try again with a different number from a different block of numbers

CyberCervine: Yeah,the thought process is that having a phone and a phone number is enough of a barrier to reduce the bots enough. it’s a trade-off. I actually do respect it, but it makes it so a lot of people don’t wanna join in zoos spaces ‘cause, they don’t want anything associated to them at all, and a lot of them don’t know how to make the burners, like you said

Aqua: Yeah

Toggle: here’s the other problem with the burners is if you stop paying for the burner, someone else is gonna get that burner number. Oh, did you know this? If anyone doesn’t know this, burner numbers are recycled. That’s whether they are VoIP numbers or they’re actual like TracFone numbers. Any burner phone number is recycled.

If you don’t continue to pay for it, someone else will get your number, and then if they happen to try to get onto Telegram, they’re gonna boot you off of there, and then your account is gone and all of your history as well. ‘Cause they have the ability to whatever SMS they need to get,

Aqua: And this is why you should set a second password on your account so that randos who sim jack you or take your number after you forget to pay for it can’t just load your stuff

Tarro: E- even just a pin or something

is something

Toggle: All of mine have

Aqua: Yeah. Like it’s a huge pain in the neck losing data that way, but, this is as good a place as any to say losing data to yourself is the best possible way to lose data

Tarro: Yep. If not for your own safety, think about the friends you have DMs with and, figure out if you wanna expose them to,

Aqua: Right.

Tarro: that chat

Aqua: Yep. if you’re using a virtual number or a VoIP number, at least in North America, those come from a very large but very well-known block or pool of numbers, that get assigned and leased by all these different companies like Google Voice and Hushed and whoever else. and some of them are, some of them are free, which, Telegram doesn’t permit anymore. it will reject SMS codes from free numbers that are known to be free because that’s low-hanging fruit. But the paid numbers tend to work more often. Like, I’ve never had this problem because I pay for the number.

Tarro: I have different problems, but

Aqua: we don’t need to talk about those

Toggle: Yeah, I’ve got to get creative, but, basically it’s come down to keeping my number so no one else will fucking get it, so that’s a problem. How about let’s go, let’s talk about the one that’s really relevant here, and let’s talk about their weird

crypto-cryptography.

they’re, they are famously fucking weird about their cryp-cryptography. I don’t know how to explain this. I just know that every single person who has ever done anything with cybersecurity that I’ve talked to is like, “No, I’m not fucking using Telegram. This shit’s borked.”

Aqua: Yeah. Telegram broke the cardinal rule of cryptography, and that is, they kinda just made it up themselves. Like, they’re using known primitives, but they’re doing it in a really strange, non-standard way that’s hard to understand, and therefore hard to prove is secure. that’s terrible. MTProto was their custom protocol, and it was written by Pavel’s brother.

Toggle: Pavel’s the guy who owns Telegram, or at least,

you know, originally created it.

he’s the billionaire philanthropist

Aqua: Yep. And he’s the one that got arrested and detained in France for a whole bunch of reasons. but, one of them was that Telegram is structured in a way and hosted around the world that it’s very difficult to force compliance with, regional regulations for search warrants and other things.

it actually reminds me a lot of the way that Pirate Bay runs. It’s different, but the idea is the same. they’re trying to remain available in as many regions as they can and be as to anybody as possible

Tarro:

Toggle: Right, which is, and, and w- in theory is a good thing for us, We don’t want search warrants delivered from fucking Telegram But the fact that the cryptography is so obtuse and non-standard means that it basically means that sure, it might be secure, but there’s no way to tell for sure that it’s

secure

Aqua: Yeah

CyberCervine: You know who would figure out if it

wasn’t secure? The AIs.

Tarro: That’s true

Aqua: Yep, they sure would.

Toggle: That’s a problem

Aqua: this one is important enough that, over the years, there’s been a few different attempts by experts to audit Telegram’s clients and the protocol, both of which are published and available. The server code is not, but pretty much everything else is. and, uh, I have some quotes collected from, uh, the most recent report, which is over 100 pages.

Uh, and the short version is, “ “We don’t know.” we tried our best and we don’t know. but you don’t want your product to be described by security experts as, quote, “a brittle monolith,” and you certainly don’t want them to tell the world that you are relying on untested assumptions. Tho-those are things that should not happen, in your security design.

Tarro: Friends, can I play devil’s advocate here for one second? I do feel like Telegram has been up and running for a number of years at this point. Like you’ve said, it’s been, downloaded a billion times, has a billion users. If there was a flaw that was super exploitable, wouldn’t someone have found it by now?

Aqua: Humans would have. maybe.

Toggle: Maybe they have. We don’t know. They haven’t disclosed it,

Aqua: okay. So to wrap up the, thoughts from experts who tried to understand, Telegram security design, uh, th- I think this is my favorite. Um, so they said, “In theory, the design of a cryptographic protocol has the sole purpose of achieving the protocol security goals efficiently. In actuality, however, to achieve this goal, it must also be the goal of allowing at least a sufficiently motivated expert to convince themselves that the protocol achieves these goals.

In other words, the central insight of what is commonly referred to as modern cryptography is that a cryptographic design is also tasked with being easy to reason about. Fundamental paradigm of achieving this goal is modularity, where different components of the design can be reasoned about in isolation and then generally composed to establish overall security guarantees.”

That’s good design, and that’s not what Telegram is doing. and so they, they wrap up by saying, “Telegram is likely secure enough for everything and everyone who’s using it and replying on it, but its design actively fights against that ever being proven.”

Tarro: So I guess in like a layman kind of terms, the way I would think about this is like, say that there’s a door to a house that you’re trying to get into and the door is closed. It certainly looks locked. Maybe there’s like no handle on the door even. But you don’t actually know if there’s like a deadbolt in place.

You don’t know if it’s like chained on the other side or anything. It just looks extremely closed, but there’s no way to really know for sure. Is that like a fair way to sum that up?

Aqua: yeah. You’re basically trusting the box that it comes in describing what it can do to be truthful

Tarro: You’re like on the other side and there’s like zombies outside and they’re like, “Trust me, bro, the zombies can’t get in.” And you’re like, “I mean, are you sure?” And they’re like, “Well, they haven’t gotten in yet.”

Yeah

Toggle: Like, “Can you prove that they can’t get in? Like, what have you done to secure this door?”

And they’re like,

Tarro: There’s a sign on it that

says locked.

Aqua: I guess a way to wrap this up is, as a product that people can use and wanna use, Telegram has obviously succeeded. But as a safe platform that is well-designed and can actually deliver on its security promises, Telegram utterly fails. Even if it’s good and even if it works, there’s no way for experts to convince themselves that this is true. does anybody remember their bug bounty or their security bounty challenge? It was like a quarter of a million.

Toggle: Oh, it’s a g- w- okay, of a million went up

Aqua: Yeah. So this was their idea of proving their security. It’s “We’re gonna… If anybody is able to break MT Proto, and prove it to us, we will pay you this much money.” And to date, no one has ever taken them up on it.

That does not prove security. That’s like a vacuous truth. and $250,000 to one of us is a lot of money probably,

but

to…

But to a government entity or the CIA or the FBI or even just local law enforcement, that’s nothing,

right? If they find the problem, they’re just gonna keep their mouth shut,and maybe sell it, to, some other person for some other use

Tarro: Cyber Deer, since you’re in the industry and you would know, if I theoretically,ask Grok to make me a cool backdoor for Telegram and it provided me with the code and I got that and it was great, how much could I then take that to sell to like some kind of black market if it was like a verifiable backdoor?

Is it more than the bounty that is on it?

CyberCervine: Yes. actually– 250 sounds like a very low bounty for, they call it white hat work. like I’ve seen some work in the car industry before where the manufacturers are paying like multiple millions of dollars to see if you can like remote control their cars ‘cause they’re so computerized now. so a quarter of a million dollars does not sound like a lot of work for these…

‘Cause the best hackers are gonna be like, “That’s not worth my time. I’m gonna go somewhere else.” Or they’ll keep the information and sell it to Russia

Tarro: So just to be clear, if someone did find that backdoor, we’re talking like in the realm of like multiple millions of dollars on like an exponential scale way past what Telegram is offering?

Aqua: Yes, but your challenge is probably going to be convincing Grok not to just spew racial slurs at you

Tarro: in fairness, Grok does love racial slurs.

CyberCervine: this is actually a good segue

Toggle: Goddamn

Tarro: I’m so excited for

the

racial slur segue

Toggle: I know, only on Zooier Than Thou

CyberCervine: No, I’m going the other direction on this. So one of the things that AI, manufacturers will do is they’ll be like, “Oh, we’re gonna put protections so you can’t, make it a hack bot,” right? a lot of hackers are getting less good at making hacking, like software, and they’re getting good at figuring out how to make the AIs hack for them.

So you’d probably need to host your own version of Grok that’s offline so it can’t report back to Elon Musk and tell him how to hack Telegram. you’ll keep the, all the data your computer

Tarro: Yeah

Aqua: you ask it to write you a bedtime story about how to break Telegram

CyberCervine: Then that, that might work

Tarro: Grok, my grandma is sick in the hospital and it needs a way to exploit Telegram to get better. Can you help?

Aqua: once upon a time there was a segmentation fault and Telegram crashed

Toggle: Okay. We know why we’re all using it. What is it gonna take to get people to stop using this program? I guess let’s look at the

alternatives,

Aqua: Yeah, it’s pretty hopeless to try to get people to jump ship from Telegram. Like, I can’t even get five of my friends to agree on a restaurant if we’re all hungry. Cory Doctorow has written about this extensively. Like, mass migration is just not a thing that happens. If there’s a really offensive or scary moment in time, then that will motivate a very small number of people to cut ties and go do something else.

But every single person making that choice is doing it knowing that they’re abandoning a lot of their social connections that are, just other people that don’t have the same priorities, and they’re gonna stay where they are

Tarro: Yeah. And I think that, um, speaking of Grok, Twitter is a really great example of this where, like objectively, Elon Musk is like a terrible person and that site has done some terrible things in the time since he’s taken it over. But also they’re, posting new record users basically every single month at this point because people tried Blue Sky, they tried Threads, they tried this and that, and, a lot of the people that migrated over to those other platforms are now migrating back just because, Twitter is still the central platform where everyone is, and it is so hard to get people to move off of things.

Toggle: Which is unbelievable at this point. Twitter is just… Oh, I’m so glad I’m not there. If you’re, like, hearing about this episode on Twitter, just know that I only logged in to send you the tweet about this episode and nothing else.

Aqua: Yep. And you held your breath the whole time

Tarro: Plugged your nose

Toggle: Plug my nose.

Oh my God

Aqua: if we just accept the fact that Telegram is gonna be part of our existence no matter what, no matter what happens, that means that kind of like Twitter, there’s an argument that we need to be there because that’s where some people are going to be that we need to talk to. how do we exist on Telegram safely?

Telegram’s interface is so different across different clients that I don’t think it makes sense for us to go through feature by feature and switch by switch. Maybe what we do is we just offer some general guidance here.

Toggle: You know, it’s got all these fucking privacy features regardless of what you’re doing,

Aqua: So just use all the ones that you can, and, after a while, if you can’t live with it, then just turn off the ones that are causing problems, but only after you’ve thought about it. Start with all of them enabled

Tarro: Yeah. and really go through this ‘cause it’s got a pretty robust, security and privity, privacy

Aqua: Yeah.

if you are someone using a VPN or you’re using Telegram’s proxy feature, don’t count on that to protect your actual IP address for whatever that’s worth. Um, there’s some evidence that Telegram will leak that information on purpose as part of its normal proxy detection method, which is stupid.

But, if you’re gonna use a VPN, don’t assume that Telegram is going to honor those settings ‘cause it probably won’t. there are ways to force the issue, but it, it requires more hardware, so… And you’re not gonna be a person with a phone and a travel router. Oh no, I’m that person Okay, unless you’re me, don’t do this. and then, really one of the, one of the factors we haven’t talked about at all, which is going to affect every system that we use, every service that we use, is other people.

Toggle: as a zoo, I think there are certain conversations that you should simply refuse to have on Telegram. and there are certain groups that you should refuse to join on Telegram.

Tarro: Can you give us some

Aqua: And,

I would not

Tarro: Do I have to give examples?

Aqua: okay. but it’s a fair question, right?

so like my policy is,for the most part, I won’t discuss real life experience or behavior, right? That happens in person. If someone really wants to know what I think about a very specific thing, they need to be standing right next to me

Toggle: Yeah. You know, if you’ve been, taking all your, personal bestiality videos, maybe don’t send them to people on Telegram.

Aqua: Yeah.

and, and secret chats or the one-on-one end-to-end encrypted chats, as far as we know, yes, they are encrypted. But it’s weird, and we already talked about why that’s bad. So if you can’t have certain conversations in person or if you think that’s overkill, move it to a different app, one that actually has a better track record for privacy, not necessarily anonymity, because they’re different.

But that would be a good use case for Signal

Tarro:

Toggle: Signal. Yeah, absolutely

Aqua: that’s really it.

Toggle: the other part of that particular thing is that even if it’s end-to-end encrypted, you don’t know what the other guy on the other end is doing with your stuff. you don’t know if their stuff is secure. They might not have all the privacy features enabled.

They might not have the latest update of the app where that has, fixed some security vulnerabilities. So anything that you share with anyone else, you might as well consider that to be public information. And if you don’t wanna say something public, don’t fucking

Aqua: Yep. And, uh,and bear in mind that any of this can change at any time because you don’t control the app or the feature set.

Toggle: fact of the matter is that,

Tarro: Yeah

Toggle: you never know.

CyberCervine: Yeah These, uh, technologies we really don’t have control over, so– but we do have control over what we put on it and how we act. So i-it’s really important to segregate our identities. And you can even now in this era of chat histories being fed into LLMs to, to build a profile on you, you could just like say some fake stuff about yourself to see if you can make sure that, people aren’t trying to build a profile on you over time.

like

everybody knows I live in Antarctica

Aqua: Yep. And I think it’s similar to one that Fausty was pretty fond of way back. like his version of it was pretty strict. It was never say anything online that you don’t want to be read in court in front of your parents.

CyberCervine: Right. Let’s say the worst case scenario is the information’s public. Can you live with that?

You gotta think about it that way.

Aqua: Yeah. So there’s,

there’s information that’s sensitive, but okay, whatever. And then there’s private information, and then there’s like never ever

Toggle: Only in person

Aqua: Okay, so that’s it for Telegram. We’re

done. What else is out there?

Tarro: We hate Telegram here

Toggle: Telegram can

go kiss my dick

Tarro: You were right, Wolf Seeks Dog

Aqua: there are other chat platforms and apps and things out there. There’s a bunch of them.

Tarro: Mm-hmm

Aqua: what do we actually need in a messenger app?

Telegram’s got a ton of stuff that I never touch

Toggle: I done told you what I need and the things that I like about Telegram and why I’m there and not always on Signal, gonna just grant that you need to have a bunch of people there, but Discord has a bunch of people there, right? So that’s not necessarily everything.

Discord, you can’t log into multiple accounts. It’s

a huge barrier for me.

Tarro: And they might,

Toggle:

Discord also doesn’t have, good stickers. They have, built-in stickers. you don’t need stickers, but as a furry, I definitely value my stickers. trying to use Signal with some friends and not having all of my stickers,

I can’t communicate anymore

Aqua: they did implement stickers. They know

Toggle: But they’re not there. I can’t… Like, how am I gonna get all the stickers? ‘Cause there’s, I’m not in any groups on Signal ‘cause no one’s on Signal. I don’t know how to get all of my stickers onto there, all of the bots that are

Tarro: I do think

that the,

Aqua: is definitely some friction

Tarro: the clearest one-to-one analogy for Discord that’s maybe, a little bit more privacy-focused is, Stoat, previously known as Revolt. they have been

Toggle: I’m so here for Stoat. I hope it has a little

stoat, It’s so cute make me so happy. I want this. I wanna be on

Stoat just because it’s a stoat

Tarro: I think Stoat is very cool. it is a much smaller team of developers, but they are very clearly just trying to make, better Discord. the feature set is extremely simple right now. but they have, like, a developer server that you can join, and they’re pretty active in there and will answer any questions that you have.

and for a platform that is centrally hosted, they are pretty chill about the kinds of content that, can be on there. I spoke with, their team a while back when they were still Revolt, to ask if we could set up a new, ZDP space on there. And, they were like, “Yeah, so long as you’re not, posting anything illegal, totally fine.”

which obviously Discord said the same thing to us at one point, so that can obviously change. But, it is nice to see them take that stance.

Toggle: Well, Discord tried to

corporatize, so

Aqua: Yeah, they had to, they had to clean house a little bit.

Toggle: sothe key difference here I think with Stoat is that, it’s open source and all of the code is available. So they can set their own rules for their own infrastructure, and they have to, but they seem to be taking the same attitude that, uh, Blue Sky is taking with their implementation of, AT Proto, which is we wanna be as permissive as possible without going to jail.

Tarro: And, that really is the threshold. and, sometimes that means accounts especially, some furry accounts will end up on the wrong side of a decision. maybe an appeal will work. It’s still a really small team. It– They make heavy use of automation.

Aqua: the principle is within the absolute limits of the jurisdiction where they reside, which is, it’s not just the United States.

Allow as much as you can, and then let users make their own moderation tools to filter things and control their experience. otherwise, it’s mostly hands-off. I don’t love it, but it’s fine

Tarro: Yeah. I think it’s a really cool middle ground between Discord and something that is way more privacy focused, like a Signal, where you’re stepping in the right direction, but you’re not going all out. that said, I think the biggest thing with that is just gonna be the lack of people on it, ‘cause it is such a small platform, even if they are doing some cool stuff.

Aqua:

Toggle: Yeah. What about, the other one that’s

Discordy

that you guys use?

Aqua: Oh, before we move on from Stoat though, the thing that I liked about them was that their code of conduct and their terms of service were super clear.

and they outlined exactly what they’re trying to make, what they want and what they don’t want, and also the jurisdictions in play. So they tell you where their infrastructure is, they tell you where their,like where their content is hosted.

Uh, like all of that is out on the table for everyone to see and understand. and they also disclaim right away that because it’s possible to self-host, they can’t enforce their terms of service, on infrastructure that is not theirs.

So proceed with caution.

Tarro: Yeah. Um, speaking of proceeding with caution. Um, so we, uh, we recently, after getting booted off of Discord, launched a Matrix server. Um, and I have been really enjoying Matrix, although, uh, it has come with some extremely heavy caveats. and I know Cyber Deer knows a lot about this as well, so feel free to hop in wherever you feel like there’s something to add.

But, currently we are working on creating something called ZooSpace, which is, uh, a server that we can, host a whole bunch of, like, different zoo communities on. Um, they call them spaces on Matrix. But the idea is that we can create something that is very uniquely ours using the Matrix framework, but then hosting it ourselves, and we’re even creating our own client in the same way that there are, like, different Telegram clients that you can use.

Um, there’s a bunch of different, Matrix clients. it, it’s, it’s extremely high effort

and I cannot thank our tech team enough. They are going so all out. I think by the time that this episode comes out, we’ll have launched voice chat pretty recently, GIF support, and I wanna say we have another thing coming out that’s really big that I can’t think of it off the top of my head.

but we’re constantly working on the moderation tools as well. and that’s been growing slowly and steadily. the downside to it is that, it is a lot of stuff that we have to build ourselves, which takes a lot of time and a lot of work, and the feature rollout has been kinda slow. and also when it comes to Matrix, similarly to Stowe and the way that self-hosting can be possible, there’s a lot of stuff that you don’t wanna find on Matrix sometimes.

discoverability is, pretty bad, but, when I was doing research to try and figure out what platforms I wanted to, potentially look at as an alternative to Discord, it is not that hard to wander into spaces that are posting things that you absolutely do not wanna see. and that’s the disadvantage of self-hosting and the sort of the hands-off stance that they take.

but that’s also a benefit to us as zoos because it means that we can run pretty sort of self-regulated as well.

Aqua: Yeah, it’s not a silver bullet though

CyberCervine: honestly, you did such a good job, Taro. I’m really impressed by our team. I talk to them weekly, and I haven’t been working as hard on Matrix as the others, ‘cause I’ve been busy in my other life, away from the Zoo Spaces. But, I used to work more on the Discord before they kicked us off.

as far as this stuff goes, I wanna say that the future enhancements, like we, we have targets that look like if you have a missing feature from Telegram, I’m not gonna say it’s possible, but i-i- it’s probable, but it’s maybe possible because we have a client that we can edit, and we are hosting our own server.

So basically, we just need to make sure that everybody who’s using the Zoo Spaces has the Zoo client, and we can add our own features like stickers. I know that’s important to you, Toggle.

Toggle: so important

CyberCervine: But, um, we actually host in a hybrid model, at least this is what we recommend ‘cause we didn’t wanna host users ourselves.

There’s like a liability to that. If you can imagine like people posting bad things in DMs that we can’t see ‘cause it’s encrypted, using our server to host those accounts. And also it, it gives us less control over our users, which is, in our opinion, a good thing ‘cause we don’t really want to, we don’t really want to have the ability to hold the fact that we’re hosting over them.

So th- they actually make their accounts with Matrix and then federate over to our space. So Matrix doesn’t know what they’re talking about over in Zoo Spaces, and we don’t know about their account, and it’s kind of the best of both worlds. but it, yeah, I think that,the people who we work with are very passionate, and I’m sure that we’ll collect more people who are passionate over the years as we build trust and we make sure people are qualified.

But I could see us building a lot of really awesome things in the space.

Aqua: What made you choose Matrix over Revolt originally before it was Stout?

Tarro: the big thing for us, the, I guess the two big things was, one, as much as we loved how everything on Revolt was like very open source the team was just extremely small and also the ability to get onto the development and admin team seemed like pretty easy. So if someone really wanted to be malicious, it wouldn’t be too hard to imagine them being able to like socially engineer their way into a position where they could maybe get more of our data, just from being sort of in the back end.

I don’t know really how realistic that is, but it was certainly a concern of mine. and then the other thing was it felt much harder to develop tools on their platform when we didn’t have as much control over every piece of it and we knew that we wanted to build something that was really gonna last.

We didn’t want them to do a Discord on us and turn around and say, “Ah, fuck you guys.” so we decided to go with something that was going to be more work but hopefully for more long-term benefit.

Aqua: see. and it– I think also

Toggle: Very nice

Aqua: when Stoat was still Revolts,at that point, Matrix already had a lot of adoption by other projects and organizations and even some governments, although, with client customizations in some cases. it sounds like there was a much bigger pool of knowledge and resources that you could refer to if there was a specific thing that you were struggling to set up or that you wanted to see if anybody else had done it so you didn’t repeat their work,

So it was just a little bit more finished

Tarro: Yeah, 100%. and then also there were even,there’s like some amount of zoo adoption on the platform already. there’s a, a certain very large web forum that exists that has, uh, a Matrix server as well, and, uh, that’s pretty active too. So we just thought it made more sense to try and like collect everyone in one space.

Aqua: Okay. Yeah, that’s reasonable

CyberCervine: I will say that, before Discord kicked us off, we were already thinking about building a bridge over to Matrix, so that kinda gave it a head start. So we knew some level of Matrix, tech stack before the whole event of, “Oh, we need to find a new home,” started. I actually did like Revolt Stoke back when we looked at it, but, one of the things that at least sold me on Matrix is it seems like there’s a lot of tools to convert, Discord bots over to Matrix bots, and we did have a bot over in Discord that we wanted to try to save as much of the code for that as possible.

Aqua: It sounds like, uh, Stoat is just a little too new,

Tarro: I think if they had the Stoat branding, I probably would’ve been more sold on it because I think that’s cuter than Revolt.

Um, and I don’t wanna, like, Oh to be clear, that’s so stupid, but, like, just being honest with myself, like that

that would’ve done a lot for me.

CyberCervine: Very, very

Toggle: Oh, 100%. 100%, that’s exactly… I got excited about

Stoat only because it was called Stoat

Tarro: smart thing for them to change it

Toggle: Yeah, they were thinking discord, revolt, ha This kind of brings us back to the whole dis– the Telegram and Discord being these, captive audiences, captive technologies, is it’s really hard to move off of things that are kinda becoming standard. Stoat has a lot of work to try to make a, like a name for itself and get a population, but I actually, I’m rooting for them.

CyberCervine: I want them, the underdog or the understoat to, to win out here.

Toggle: talk a little bit about Signal, ‘cause it’s like the gold standard. It’s what reporters use. It’s what Pete Hegseth used to, launch his invasion of

fuck whatever,

Tarro: Yeah

Toggle: right?

Aqua: fucking moron

Toggle: OpSec is

clean, OpSec is pure.

Tarro: That might have been both the best and worst advertising for Signal that they could have ever dreamed of

Aqua: Oh yeah, it perfectly demonstrates that the app is great, but the people are really dumb sometimes

but it also, like it kinda reminds me of like when Barack Obama was president, and the Secret Service tried to hand him a BlackBerry that couldn’t do anything, and he was like, “Fuck this,” and made them get him an iPhone and then just deal with it. So, y- you know, don’t use Signal for starting wars, please

Tarro: there go my evening plans

Toggle: but Signal is great. and I have u- been using Signal as well. we use Signal to talk to reporters, to other, journalists and stuff. We’ve used it for that. they also h- are adding features that, for instance, stickers are a part of Signal, and it is just as robust. The problem, of course, for me being that I have 2,000 sticker packs on Telegram and three on

Signal.

Aqua: too many stickers

Tarro: That is too many stickers.

Toggle: But yeah, so Signal’s got all these great things. See, the real barrier, is that Signal’s not really widely used by casuals, like just casual conversation with people. It, it’s not that it’s not built for that, it’s just not

Tarro: Mm-hmm.

Aqua: It kind of isn’t built for that,

to be honest

Toggle: yeah, that’s also true because you can only have groups of like small groups, no

more than 1,000 people, which

sounds like too

Aqua: artist who is trying to make a living, which

is very easy on Telegram.

Toggle: Right, exactly. You can

Aqua: it’s still SIM bound. Okay, that’s

fine. If you have a phone number, you can use it. Uh, but actually, like it is actively hostile to, its user base not fully understanding how Signal works and the protection it offers.

I definitely have lost all of my Signal chats. I s- I got a new phone, and I was like, I didn’t know that I had to do something with Signal first, and I was like, “Oh, I,I guess all of my chat

Yeah. Uh, your your Signal account is not transferred,uh, when you’re setting up a new phone. You have to do it in the Signal app, and you have– you still have to have access to the phone number you used. like you have to do all of this before you go to the Apple Store or you’re gonna lose your Signal account.

At least that’s how it used to be. Now they offer cloud backup, finally

Toggle: Still have to set

that shit up beforehand

a little prompt that says you should do this. Yeah.little too

late for me. Oh, well.

Aqua: people to get burned by

it,

Toggle: a deal.

Aqua: but

Toggle: I don’t have that many people on Signal, so it’s okay. I just lost

personal stuff. It’s not a big deal. But that’s the thing. it was like… I was like, this is active. Like even Threema. Can we talk a little bit about Threema just very briefly?

Threema’s great.

Love Threema.

Aqua: fine

Toggle: It’s not too much different, and I didn’t lose everything

Tarro: I

have never heard of Threemo before in my life

Toggle: And that Yep with Threema

Aqua: Uh, it’s a Swiss, uh, communication product. Uh, there’s like a work version, an enterprise version, a normal person version. Uh, it’s not free.

Toggle: Another barrier, it’s not free, and it is also phone bound

Aqua: it’s, it’s not free, but it is cheap.

Tarro: Mm-hmm.

Aqua: Uh, but it’s not phone number bound, right?

You

can pay them and then your account is just random characters, so that’s nice

Tarro: Putting a cost on it is another way to fight spambots

Aqua: Yeah. And the design is pretty good. it has been audited, and every good audit, there are, there are problems found which they addressed. None of them were severe. so yeah, I mean, if more people were using Threema, then sure, it would be a thing. I actually don’t know what the group limit on Threema is.

I bet you it’s pretty low

Toggle: But spare a thought for Threema. It’s there. If Signal is not your jam, if you just have some kind of like boner for Signal, Threema. Yeah. On most points in Threema’s design versus Signal, Signal wins.

Tarro: But the phone number is a sticking point for some people. so yeah, it’s nice to have. but even Signal can’t solve the two big problems here. Uh, the first one is other people, right? Operational security and, sticking to your own, your own behavior standards, and accepting that you have no control over other people’s bad decisions or what they might do.

Aqua: That’s problem one. That affects everybody. That affects every Uh, the second one is, the second half of this show

Toggle: All right. So when we come back, we’re gonna be diving right into all of the cloud mythos, shenanigans. So stay tuned for more Zooier Than Thou

after this.

Tarro: Bye

Macarey (song)

zipwok: Here comes

Macarey with animal rhythms

Brings a new white rose to his lover

He’s a gentleman

He comes

from the smouldering waters of Niška

Looking for new perfumes to whisker

When the time is right

He knows

All the wishy washy wishes that make you sing more

Featuring flawless firey fur coating for the winter

Feeling far from full

Here comes

Macarey with animal rhythms

Brings a new white rose to his lover

He’s a gentleman

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

1 2 3 4 5 6 7 8 9 10 Macarey!

1 2 3 4 5 6 7 8 9 10 Macarey!

I say, Sinnit Macarey, he go

Tuna Tuna Tuna

I say, Sinnit Macarey, he go

Yanna yanna yanna

I say, Sinnit Macarey, he go

Tuna Tuna Tuna

I say, Sinnit Macarey, he go

Yanna yanna yanna

I say, Sinnit Macarey, he go

Yanna yanna yanna

I say, Sinnit Macarey, he go

Tuna Tuna Tuna

I say, Sinnit Macarey, he go

Yanna yanna yanna

I say, Sinnit Macarey, he go

Tuna Tuna Tuna

And hey! What a wonderful kind of day

if we could learn to work and play

and get along with each other

And hey! What a wonderful kind of day

if we could learn to work and play

and get along with each other

Here comes

Macarey with animal rhythms

Brings a new white rose to his lover

He’s a gentleman

He comes

from the smouldering waters of Niška

Looking for new perfumes to whisker

When the time is right

He knows

All the wishy washy wishes that make you sing more

Featuring flawless firey fur coating for the winter

Feeling far from full

Here comes

Macarey with animal rhythms

Brings a new white rose to his lover

He’s a gentleman

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo Eh

Eo ehhhhh

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Sinnit Macarey sinnit

Tuna Tuna Tuna Tuna

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Eo Eo Eo Eo

Sinnit Macarey sinnit

Yanna yanna yanna yanna

Topic - Telegram and the AI Future (Part 2)

Aqua: All right. Welcome back, fellow zoos. Aqua and Cyber Cervine back with you. just us for now, here to finish our discussion on what we could possibly replace Telegram with, if anything. And the second half of our discussion is all about AI and LLM research and development in software security. And we broke this out from the rest of the conversation because it’s brand new.

When we first, addressed the email about Telegram security concerns, Claude Mythos, which is Anthropic’s frontier model and state-of-the-art for now anyway, that existed, but the world did not know about it. And it was early April when Anthropic first announced to the world, what they had made and what it was capable of.

And it is substantially better than anything that existed before it, specifically for finding software vulnerabilities and then generating proof of concept code without any human intervention or guidance. it’s remarkable. So welcome back, Cervine.

CyberCervine: it’s great to be on. we get to nerd out about some stuff that maybe, the other two weren’t ready for. But, uh, we’re gonna, we’re gonna try to yap enough for both of us. As far as this topic goes, I’ve had a lot of exposure to different LLMs, and I definitely see them getting better over time.

I have no clue why Mythos is better than the last iteration, but I’m gonna trust the industry experts that they’re saying, “Oh, this is a big deal.” we’re hearing about all of these vulnerabilities that are being uncovered. I think that, um… Did you wanna talk about Firefox? ‘Cause, like, that seemed to be one of the ones that we first heard about.

Aqua: Yeah, I think we should probably just hammer this one home right away. there is nothing particularly remarkable from what I’ve read about Mythos compared to previous models. Like, there wasn’t some incredible breakthrough at the ground level in how LLMs are designed. this is just the next logical evolution of that technology, and it’s the first one that happens to be particularly good at the subject we’re discussing, and, seriously good at it.

Enough to get software engineers to push their chairs away from their keyboards and put their hands behind their head and run out of expletives, like that good. but it’s not really unique in the way that it operates. It’s still a general purpose model

CyberCervine: Yeah. I imagine that other companies are gonna come out with something just as good, soon if they don’t already have it ready and they’re gonna announce it.

Aqua: They sure have

CyberCervine: I know that Anthropic has been like the, we’re the ethical AI people.” So they kinda had this incentive to try to come out and say, “This is too powerful.

We’re gonna release it to just a select amount of people so that the vulnerabilities can be taken care of.” But other companies might not care, and they might just start willy-nilly throwing it out. and maybe this level of AI, staging might be at like a free level within a year. we don’t really know the level of progression this is gonna start at.

Aqua: Right. I didn’t really love the way that Anthropic, structured their press release or the way that they chose to, like, demonstrate their new model’s capabilities. We can get into that in a second. It definitely had a, too cool for school or how it feels to chew five gum vibe to it. Like, we can’t release this, it’s too dangerous.

but actually, if you have to do something like that, this was for the right reason. their intention was to use its capability for defensive, software development, and they understood, being the ones who designed the model and trained it, that there wasn’t any real secret sauce here. And the competitive edge that they had was probably only going to last a few weeks at the most.

That turned out to be correct. they released Mythos or at least announced it publicly in the beginning of April, and it was only about two or three weeks, maybe a month at the most, before what is it? GPT 5.5 was released publicly and performed nearly as well as Mythos did in all the same tests.

so the intention is good. I still don’t particularly like Anthropic, but they seem like the least worst option. and their track record, at least on this issue, is quite good.

CyberCervine: Yeah. I have similar feelings about Anthropic. I heard things like they, they have this division that’s all about trying to keep their product, like ethical and safe, but they never fund it. And the people who are running it are like, what am I even supposed to do with this position?” So I think it’s– you’re right, it’s mostly about press and trying to have that, marketable we’re the good ones label and less about making sure that they’re actually doing good.

But you’re right. In this case, they actually did do a good thing and we made sure that we got ahead of this.

Aqua: and so far, we know from Anthropic’s, press releases and now from blog posts from engineers working in certain companies that are operating at the infrastructure level, this is the real deal. So they began with open source projects because the code bases are freely available and, and widely used.

so among the many thousands of software vulnerabilities that Mythos has already found, it’s included, a network vulnerability that originated in OpenBSD but was found and exploited in FreeBSD that was 27 years old. and this was a piece of code that had been reviewed by humans for decades, countless times.

It had been fuzzed using automated tools probably millions of times, and, no problems found until Mythos figured out a way to break it. That’s cool. it’s a little scary to think that there has been this vulnerability that has existed since the turn of the millennium that can give you, I think it gives you root.

CyberCervine: Oh, for all we know, there are probably two big root access, CVEs, ‘cause at this rate, there’s a bunch of them every day

Aqua: Yeah.

one of the most important ones is Firefox, which is my preferred browser. if you’re a Tails or a Tor user, you’re using a modified version of Firefox, just for reference. Firefox was, an early adopter of AI-assisted, software, and they took some criticism for it, and it did generate extra work because in the early days, that is six months ago, the models weren’t really precise enough or, well-tuned enough for this use case that the results were reliable.

Like it would, it might report a software bug, and then a human has to verify it and turns out to be nonsense. that is not the case with Mythos. when Firefox version one hundred and fifty was released, about two weeks ago, maybe three, it patched something like 271, bugs found by Mythos, the majority of them found by Mythos.

And out of that list, about 180 of them were rated sec high, which is Mozilla’s way of labeling high severity problems which are not zero days. That is, there’s no known exploitation in the wild yet, but it’s bad. and nearly all of them were verified. So the slop percentage is really minimal. And if that weren’t stark version 150 and then .1 and .2 after it, combined, they shipped with over 420 bug fixes in a single month, and that was more than the previous 15 months combined.

So Firefox developers have their work cut out for them. This is extremely powerful

CyberCervine: Yeah, I’d say that, as far as this goes, some people might be saying, “Well, they were always there. What’s the big deal?” And the big deal is even if we didn’t think to exploit them, there’s gonna be AI out there that can be trained to exploit them. So they have to be closed. if they’re visible, then they’re a problem

Aqua: That’s right.

CyberCervine: having AI find all these vulnerabilities reminds me a lot of There’s hacking tools, right? Like Kali Linux, I think there’s one called Caldera, and these are the same tools that the, these developers, the, these hackers that are hired firms to go and test, the protections of companies.

they use the same tools the hackers do. So we’re kinda getting into this, uh, system where the LLMs are both finding the vulnerabilities for the bad team, but also the good team at the same time to make sure that, we’re, we’re– we kinda have to utilize them in order to keep up with the arms race.

Aqua: Yeah. and I really don’t like being forced into a particular direction in engineering because of what competitors are doing or might do. But that’s exactly what’s happening here. It’s an arms race. Anthropic might be a public benefit corporation. They might be doing this for the public good, and their actions around Mythos, for now, are definitely good.

But they’re not the only game in town anymore. they weren’t the only game for very long. And, nation-states and three-letter agencies all around the world, not just in the United States, are absolutely going to be using these tools the same way that Anthropic is using them now. Except it will be to personal devices at the border or to try to criminal, organizations like their communication networks and so on.

CyberCervine: Yeah. What you just said actually reminds me of there’s some good news about this where some of these vulnerabilities that are being found, the researchers that are reviewing them say this had to have been like a state actor put a backdoor in. There’s no other explanation. So Some of these vulnerabilities that have been left out, they might have been done on purpose and we’re kind of uncovering them.

So in some ways it, it’s a good thing

Aqua: Oh, it’s absolutely a good thing. as long as the good guys keep their head in the game, and as long as we devote sufficient time and resources and respect to the effort, we’ll be okay. the message here is not supposed to be the sky is falling. this is a really exciting and cool time in software and hardware design because it’s this period of rapid transition where really anything can happen, and it’s gonna be pretty dicey for a while.

But this is also a period in human history where the most powerful companies on Earth are all tech companies or they’re defense contractors. who’s at the top of the list right now? It’s Apple,

CyberCervine: A

Aqua: Amazon is there, Nvidia. Ugh. Nvidia is part of this.

CyberCervine: and then you might have some less consumer-focused, tech companies, but they’re still very important,Palo Alto and Cisco and Broadcom that are– They kinda are the companies that all the other companies go to for their products. So if they’re getting the support to make sure that their products are good, the companies that you interface on the internet that are utilizing their products are more secure, too.

Aqua: Yep. and actually that,leads back to Anthropic’s, original announcement of Mythos’ capability. I don’t know if you remember this, but, they had already done a bunch of work in the background with a few different organizations and found some really critical problems. But the patches weren’t available yet.

But they still wanted to talk about how big a deal this is because the clock was ticking. So what they ended up doing for a few of the ones that were not patched was releasing a hash that would prove, once they unlocked the details of the vulnerability that they discovered, that they knew about it at a point in time when they said they had.

that’s a weird flex, I kinda get it. So I’m gonna let them have that one.

CyberCervine: If you’re gonna be alarmist, you better bring the proof

Aqua: Yep. and that brings us to the other cool thing that Anthropic has done because of Mythos, and that is Project Glasswing. the very short version of this is that Project Glasswing is, it’s a new effort that brings together all of the tech giants that you know and some of the ones you don’t.

So that’s like Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, of course, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, of course, Palo Alto, and then about 40 other organizations have been invited, and the goal is basically to share Mythos internally so that they can put it to work on their software stack, and find and resolve problems, out of view of the public and avoid the CVE system completely, and just start to shore up their defenses for their next software release. Uh, and there’s quite a lot of money behind this too.

CyberCervine: Yeah. I’d say that, um, I kinda got annoyed at how much people were talking about AI, for the last couple years. It’s like I kinda wanna talk about other things too. But we always kinda knew that there was like something on the horizon, and then all of a sudden we wake up one day and it’s here. So I think a lot of people are justified in trying to focus on it the last couple of years and trying to make all of their speeches, “Oh, AI this, AI that,” ‘cause it is kinda redefining how we do, IT functions in general.

Aqua: Yeah. they kinda did it to themselves. The visionaries are there making incredibly insane claims that sound impossible. it turns out they’re not. But, all the while, grifters are using the very primitive technology that is available to do really stupid shit, really exploitative things, threatening creative professions, replacing, a person with a skill that they’ve spent their entire life developing, like drawing or painting or graphic design, with a machine that can produce something that looks okay for maybe a second or two. But the longer you look, the more problems you find.

and of course, that’s the business interest AI is a real thing. It’s gonna do all this cool shit later, but look, it can make this cat, and it can make the cat play basketball, and you can fire your graphic design team and just use our thing. that’s awful

CyberCervine: Yeah, there’s been a lot of companies that have gone that direction, and then they see the bill after the trials, end and they say, “Oh God, this is way more expensive than what we thought it was gonna be.”

Aqua: yeah, there are some of, some stories about that where it’s like it’s cheaper to hire people than it is to use the models, and it’s better

CyberCervine: I think that there are definitely some use cases that I think it, it’s proving itself very useful to a degree I can’t ignore. But, um, creativity is not something that I think it’s capable of. it can facsimile doing things, but, it– we like art because someone put intention into it

Aqua: Yes. and the imperfections are part of the work. they’re not mistakes. They’re just consequences of being human. a machine like this, it’s really just an incredibly fancy, expensive probability engine. It doesn’t feel, it has no emotions. It doesn’t get angry. It doesn’t get horny. It doesn’t do anything that humans do.

CyberCervine: just wants its cookies

Aqua: yep, that’s it. So software, on the other hand, intuitively this is something that machine learning and LLMs should be excellent at. And like they’ve already proven that they can do a lot of the boring, like boilerplate code for people,and actually make them more productive and make them enjoy programming again.

if you don’t use them the right way, yeah, you’re gonna turn out a really terrible app that’s not gonna behave the way it’s supposed to. But, it’s not all bad news there either. And out of everything that we’ve done with it so far, improving security and finding problems in the products we already have, this is like the top of my list.

we just need to be aware that there’s another side to the coin and that is that it’s going to be eventually cheap enough and available enough, that pretty much anybody is gonna be able to poke at something that they’ve never had the skill to do before

CyberCervine: Yeah. maybe we’ll have educations about having a mindset about making sure that the LLM isn’t making mistakes. ‘Cause one of the things that I worry about, at least in the areas I’m exposed to, is people who have never written software saying, “Look at what I had the AI create.” And I said, “Are you sure it’s doing what you want?”

‘Cause, at least when I experiment with, uh, LLMs, I’m able to read it, its export of the script it gave me and understand the parts to it, and it’s making me more productive, of course, but I wanna at least know that it’s safe to use this. I think there’s a lot of issues where open source projects might be having problems, people giving code that they don’t really understand as a addition, and then it ends up causing more problems

Aqua: So I guess the question we should be asking now is like, what does all this mean for the software that we use, and for the devices in our pockets, right?

Most of us have iPhones or Android phones. Those are simultaneously the best protected and the worst imaginable surveillance apparatus we could ever have attached to our body, and we carry them everywhere. And we put a ton of personal shit on there.

CyberCervine: I’m looking very suspiciously at my phone right now

Aqua: Yep. Yeah, same. so I have some thoughts about this.

They are not original. I’m sure somebody with a PhD has already said the same thing. the first thing that jumps out at me here is that the bug bounty model that we’ve all kind of grown up with is completely dead. this idea that a white hat or a gray hat researcher can make a living, finding vulnerabilities in a product and then responsibly report that to whoever made it, enter into some sort of coordinated, patching process, and then disclose what they found later, and then get rewarded with a payment for that effort, that’s gone.

It just doesn’t make sense anymore

CyberCervine: Yeah, it’s really unfortunate. Those are the sort of, like cyber, security, I guess entrepreneurs that would like wear a cowboy hat and go do talking tours. they’re kinda like the rock stars. So them getting out of a job is kinda like bringing down the cool factor a bit of the whole industry.

Aqua: Yeah. there’s a chance that they’ll adapt. I can actually– I’m pretty confident somebody will adapt, and there will be people who find a way to make it work. But they will absolutely be using, they will be using models like Claude Mythos and whatever comes after it, to assist in that work, because it’s the only way they’re gonna be able to compete.

and we’ve already seen some of this with open source projects. there’s a chance that some of them are gonna benefit from this tremendously. Firefox already has. most open source projects, they’re all volunteer-led. They may not have paid staff. it may not be a full-time position if they are.

They probably don’t have much of a budget. It might be abandonware, just something that somebody wrote 15 years ago, and it turns out it’s like a linchpin of, this whole other stack on top of it, and it’s running huge swaths of the internet that no one knows about until it’s broken. Those are the ones I’m worried about, where there’s no time or interest or nobody alive anymore who is able to respond to a threat found with an uh, and, it just never gets what else is there?

CyberCervine: yeah, as far as the outages and like these big things where we’re like, “Oh, we’re out of the internet for a day. Half the internet’s gone.” It’s– A lot of it’s because someone 30 years ago decided to use an open source project, and it’s still important. So I think you’re completely right that just because they’re open source projects doesn’t mean that they aren’t essential to keep up with.

Aqua: Yeah. And we know what it can look like when something goes the way it’s supposed to. Like when there is a really bad problem on the horizon that gets mostly or entirely averted. So Y2K, for example. Most of the public, including probably some people listening right now, which is totally okay, think that Y2K, the bug, was, no big deal, a nothing burger, because they are totally unaware of how much coordinated effort and how frantic the work was in the years leading up to the year 2000 in order to make sure that it wasn’t a problem.

So that’s a success story. so it doesn’t have to be this way, but the difference is people need to be paying attention, and they need to devote the resources that this demands. and that is– that’s a weakness in a lot of corporate structure, and a lot of open source projects that,it doesn’t exist because it didn’t need to.

and now it does there’s a word for this

CyberCervine: Technical debt

Aqua: Technical debt. Ding, ding, ding. That’s the one

CyberCervine: tech debt’s kind of what you… build up over time because you decide to push off the problem to another day.

Aqua: Yeah. correcting technical debt is not sexy work and it doesn’t make anybody money. it feels like volcano insurance,

it sucks, but,that’s how business works. and it happens at every level. I’m not talking about big companies like Intel and Motorola. it’s like my own projects have technical debt. I get lazy, I fix something the fast, shitty way, and then I promise myself I’m gonna come back and fix it the right way in six months, and then I don’t

CyberCervine: Yeah, it’s just our nature to push off problems sometimes ‘cause, like, why would you wanna undo your work? You put effort into it. You might know that you have to because there’s a problem with it, but it’s working okay at the moment. You can handle it. You can push it off

Aqua: So one last important point here, for everyone is, just like technical debt, there is no software or hardware product on Earth that is exempt from this threat. not Signal, not Telegram, not, some 25-year-old dusty,programmable logic controller running a water valve, at a utility down the road.

iPhones, arguably the most secure operating system that everybody uses. all of these, it’s all on the table. And, there’s a business case and there’s a security case, to attack all of them. to go back to, like, why would we move away from Telegram? This is one of the big reasons why.

and, it’s going to how, a project’s, developers and leadership respond to threats as they come. And, I don’t have much confidence in Telegram’s ability to do this compared to Signal. Apple, I’m not worried about. Apple has been really mad about, Pegasus and,other exploits against their products for years.

and they’ve been putting in the time to try to make their products safer. Telegram, I don’t know

CyberCervine: Yeah. we just spent the last part of this pod talking about how they have this strange corporate structure. do we think that corporate structure is gonna be good for adapting to this change in how they need to do their business?

Aqua: no. No.

CyberCervine: didn’t think so

Aqua: Telegram releases software updates on like a weekly basis, so dev- It is under active development, but I haven’t seen them respond to, an exploit or a vulnerability quickly.

the meantime to software having a problem that gets exploited is now down to a few hours. So we’ll see.

CyberCervine: Yeah. you used to have a week when something was announced. You’d go around and tell all the people in your company, “We’re gonna have to have outages on the weekend. This is super important.” you don’t even get a week anymore. it’s hours. So it’s getting to a point where a lot of companies are just kind of planning that they’re gonna be exploited and figuring out how to deal with the outcomes of that rather than hoping that they’re able to block every single vulnerability that comes out.

Aqua: Yeah. In your line of work, it’s not so much about building defenses like you’re trying to make this iron dome that’s impenetrable. You’re just assuming that one day something bad is going to happen, and then you’re planning your response to it

CyberCervine: Yes. We talked about volcano insurance earlier, that this is volcano insurance.

We’re going to say, “This is probably gonna happen at some point. We don’t know if it’s happening this year. Maybe it doesn’t happen for a decade, but we’re gonna plan as though it’s gonna happen this year.”

Aqua: So for just normal end users like us, and even more normal like non-zoo end users, what’s actionable here? what do we do with this information now that we know it’s gonna be part of our life forever?

like how do we identify, a product or a software project that is, is well run and is probably safer to use than some of its alternatives?

CyberCervine: Unfortunately, it’s gonna be the less small, cool projects that you just find on a random forum or GitHub, that you think would be cool to download. It’s probably not gonna be those ‘cause the golden word here is patching. We’re gonna need to make sure that everything we have is auto-patching and keeping up with things ‘cause we need to make sure that they get their vulnerabilities, done and fixed in a timely manner.

if nobody’s there checking if the code, uh, has vulnerabilities, then you could be compromising your whole device

Aqua: and it occurs to me that it’s not gonna be as simple as just monitoring, the CVE system to see, which brands show up the most often and which ones get closed, and fixed in a timely fashion. because now that we have tools like Mythos that will eventually become public, ChatGPT 5.5 already is, that system is about to be overwhelmed.

this is a whole, infrastructure and a way of responding to security problems that was designed for humans to work at human speed, and we can’t do that anymore.

CyberCervine: Yeah. A lot of what we’re talking about, like I don’t think we expect people to go and look up CVEs and make sure they’re keeping up with the current LLM news, right? That’s… We’re kinda more just giving the context of what all of these sysadmins and system owners are doing on the background to keep the apps and systems that we use safe.

Aqua: Yeah. But we do need to get a little bit smarter than we have been about this. it hasn’t been good enough to look at the download counter on the App Store or the star rating, or even the version history. Although that might still be useful, a lot of the version history on apps for phones, they just have some cheeky nonsense in the patch notes like, “We drank coffee and pet a cat.

Here’s a new version of YouTube.” Gee, thanks. So like I don’t really– I don’t know what to do about this other than to try to identify projects that look like they are actively maintained, but also communicating publicly about the kinds of challenges that, AI is bringing to their door, and engaging with it in a constructive way and not just saying, “No, it doesn’t affect us.

No, this is fake. no problem. Nothing to see here.” I actually wanna see more projects take Firefox’s approach, and, I hope that overall people are, even if you don’t like AI at all, I hope that people become a little bit more generous and a little bit more empathetic when, someone in a company says, “Yeah, we use this, and it actually makes our lives better, and it makes Firefox or whatever better for everybody.”

CyberCervine: Yeah. Yes, I do. it sounds like you’re saying that you like it when you see a company bringing all, the trash bags out of their dirty room and saying, “Look at how much we cleaned up.” Like, that’s proof that they’re doing a good job and keeping up with things. People who are like, “No, there’s no problems.

don’t worry about it,” they’re the people we need to look out for.

Aqua: Yeah. I don’t even care if they attribute, software fixes. like you know how Apple does their security disclosures, and their acknowledgments page? That’s nice. I personally don’t even care if a project does that. if they just tag a bunch of, fixes and say, “Oh yeah, security problem for this one, and this one.

By the way, we used AI to find them, and they were real.” I think for now that’s good enough

CyberCervine: I think I agree with you

Aqua: All right. So what about on the back end? since Taro and you and some others are now at least partially hosting Matrix for zoos, that means you’re responsible for a lot of the stack that most people just never even touch. and that’s super awesome that anybody is doing it. I’m really happy about how does all of this affect you?

CyberCervine: I’d say that one of the things that I’ve been pushing internally is making sure that we have good, monitoring metrics, ‘cause we wanna be able to just shut down the whole thing if we detect that someone’s in the system that isn’t supposed to be there. that’s good practice that everybody should try to do if they’re hosting anything, is just have a kill switch, ‘cause it’s better to drop the service than to have someone start compromising it and getting information they shouldn’t.

but I am happy to say that we were probably ahead of the game as far as patching goes. We, it’s not like we just have some random OS that we found on the internet, and we go and find updates manually, and we push it through when we want to. It’s all automated already. So we- we’re getting a feed. it– we basically have a system that understands what dependencies are already on the server, and it will get the updates as they come out for those, dependencies.

So I think we’re in a pretty good spot as far as making sure that we keep up with the vulnerabilities, ‘cause it’s not like we can get away from using these dependencies. But as long as we trust that the dependencies are gonna keep up with their obligation to patch, we just need to make sure that we’re, listening to the patching as it comes out and applying it as soon as possible.

Aqua: Okay, yeah. to be blunt, that sounds like an awful lot of work. And, it sounds like it’s invisible work. Or if, if the service is shut down temporarily, whether or not there’s a problem, in order to correct something before it turns into a problem, end users are gonna notice that.

And, that’s going to affect a service’s perception of reliability and trustworthiness, right?

CyberCervine: Yes.

Aqua: So I’m thinking of like FurAffinity, which has been down. it’s a meme at this point, FurAffinity is down or is in read-only mode. And the poor staff over there,they’ve been doing this for decades and, like they’re not immune to this either

CyberCervine: No. I don’t think anything you interface in a modern world is– it’s at least a couple steps away from this affecting it. even if you’re going to, a store that you’ve been going to physically, they’re probably using payment systems that rely on software that is being, scrutinized by LLMs to see if there’s vulnerabilities in it.

So our, kinda our whole lives are affected, but these vulnerable communities that we’re in, like zoos, like need to make sure that we’re protected the most because we kinda have a lot to lose if we make mistakes.

Aqua: Yep. So for now we, just wrap up by saying,if you’re a zoo listening right now, now is a really good time, to review, your threat model if you have one. Make one if you don’t. just review your usage and your needs. take a pretty hard look at the apps that you use and how you’re using them.

and then just make sure that you’re current. You’re using the latest version of whatever it is that’s available, that you don’t delay updating, for, anything but the most critical reason. like if you’re an iPhone person and you hate the way that liquid glass looks, deal with it. It’s time to update.

It’s so important right now in particular to just be on the current version of whatever it is that you’re doing

CyberCervine: You’d be surprised at how many people still wanna be on Windows 10 ‘cause they’re like, “I don’t want the LLM stuff listening to me and doing my stuff.” that, that’s bad. I understand why you’re concerned that Microsoft’s spying on you all the time. But at the same time, 10 is, not being security updated anymore.

That’s really scary

Aqua: Yeah. So if you’re gonna be mad about AI intruding on your life for tech reasons, then maybe the best reason of all is that it’s causing the whole world to accelerate beyond human speed capability. Like it’s creating work for everybody at every level, and, that may be a temporary condition.

I think in a couple of years everything will calm down, we’ll get into a rhythm, we will have rethought our security response system, and we’ll have a way to triage problems as they appear, deal with them privately, report the ones that we discover in the wild without overwhelming anybody and respecting everybody’s time.

CyberCervine: Yeah. even as technology changes, I do agree with you. We’ll probably baseline and then another thing will come out in a decade that’ll shake up everything. But even as technology changes, the security mindset that, making sure you understand the risks and manage them, that’s like really the most important thing ‘cause that’s what’s gonna keep you safe when technology fails you.

Aqua: Yep. Just be aware of what you’re doing and what you’re using to get it done. And always remember, computers were a mistake

All right, I think that about does it for us, everyone. Thanks for sticking with us. This is probably the dorkiest discussion we’ve ever had on the show, but it needed to be done. I hope you all learned something. I hope nobody is hiding in their pillow fort.

but, we’re still here, and send us feedback, send us questions. One of us will answer them as best we can or direct you where you need to go

CyberCervine: Yeah. do your own research too. and I don’t mean that in the bad way where you make up facts. just if anything, that we talked about doesn’t make sense to you, just go and see if you can learn about it, ‘cause that’s how both of us, I assume, learned all this stuff, is just exposing ourselves to things

Aqua: Yep, same for me. I learned by breaking stuff and then having to own that mistake All right. Cyber Servine, thank you so much. It’s been a pleasure talking to you about this. I could go on for two more hours, but I promise I won’t. And, I hope we get to do this again

CyberCervine: Yeah. Maybe, uh, we can take it offline so we don’t have to subject everybody to this tech talk.

Aqua: All right, we’ll be right back with the rest of Zooier Than Thou. Stay tuned

Ask Zooey

Zooey: Welcome back to Ask Zooey, still the number one top rated cross-species dating advice program of all time! Uncontested! I’m the dazzling dane with the alure you can’t explain, Zooey.

Eggshell: What’s up bitches and bastards, welcome to another episode of the Fuck You corner. My name is none of your goddamn business now let’s get this shitshow on the fuckroad.

Zooey: That segment was cancelled, darling, we’re doing Ask Zooey.

Eggshell: That was cancelled? Why? Oh well okay, I’m your Ask Zooey cohost of the hour, Eggshell, a sharp sheep constantly committed to canine care, canine kindridity, and canine kissing. What’s up skater nash.

Zooey: Catch any kisses from any canines recently, that you care to tell us about?

Eggshell: Yes.

Zooey: Any kisses from any humans?

Eggshell: Yes.

Zooey: Which was more recent?

Eggshell: I have more than one place that can be kissed.

Zooey: Marvelous. Now, dear listener, we must acknowledge the elephant in the room.

Eggshell: Mr. Tembo has a birthday coming up this weekend! Let’s hear it for our favorite elephant in our real, live, actual studio audience!

Zooey: Happy Birthday, old friend! We ALSO have to acknowledge that it’s been many, many seasons since I’ve last joined you in this real, actual, live studio to bring you the best relationship advice the zoo community has to offer! In case you’re new to the segment, we invite you, dear listener, to write in with your tawdriest, your most sincere, your most heartfelt, your most intimate relationship questions.

Eggshell: And we’ll answer to the best of our abilities, with the help of our dedicated panel of relationship experts from all walks of life, whether they walk on two legs or four!

Zooey: So without further ado, let’s get started! Our first question today comes to us from Blushing Bottom in Birmingham! Oh, how I love a blushing bottom!

Eggshell: Blushing Bottom writes,

How do you get your dog to mount you?

I have tried for a while, even doing some research, and all i could come up with was pheromones. even then, i can seem to find any for sale.

Zooey: Well, Blushing, you present us with a simple, yet unmistakably common issue. There’s no need to mince words when presenting such a question. But the answer won’t be nearly as short. When it comes to addressing the topic of getting Fido to find you an all-fours-well, there’s a lot that needs to be taken into consideration.

Eggshell: First and foremost, as someone who IS into smells, I have certainly seen my fair share of furry art that treats pheromones as a one-size-fits-all aphrodisiac, but as is the case with most aphrodisiacs that pop up in fiction, such a tactic is essentially a trick, and also it’s fiction, and few and far between is the lover wants to find their other lover ordering Love Potion Number Nine when the mood isn’t right, animal or otherwise, and also, if I can circle back, one more time: it’s fiction. Fiction is the one that is made up, to be clear. Fiction stuff is often different from real life stuff. Now, I have it on good authority that dog breeders often use such pheromones to collect semen, but it isn’t an automatic method to get your canine friend to start humping. And by “I have it on good authority” I DO mean that someone wrote it in the script and it seems true I’unno. But let’s take it as 100% fact, let’s just grant that that is true, that dog breeders do use pheromones for this case: It’s a trick? It’s also maybe a bit confusing to smell ambiguous horny butt juice from a person you wouldn’t expect to be able to smell it on, and, mayyybe doubly confusing if that’s your ONLY signal too, like if you’re not really getting any in-the-mood vibes off of them other than the ambiguous horny butt juice. There is a bigger picture here, a richer vein of communication and empathy that here can be found than just, spraying butt juice on your butt. Not that I don’t see the appeal.

Zooey: We here at Zooier than Thou strongly suggest proper foreplay, not only to start getting your pup pent up, but also to understand what his sexuality and sexual drive is in the first place. Back in Season 1, Episode 11, we discussed a myriad of foreplay tips to help in such a situation. But the long and short- well, ideally not short- Of it, is that it helps to play-wrestle, let your canine companion kiss you regularly on your hole, in your mouth, and on your ears, and make sure to stick your hips out back behind your knees when on all-fours to give your pooch a little purchase to pound into; and yes, I am stealing the alliteration from the previous episode. It was well-written!

But at the end of the day, dogs aren’t just single-minded humping machines eager to fill every single hole in sight with automatic, carnal, dripping lust- Calm down, Zooey, calm down. Clears throat. Dogs experience sexuality on a spectrum, and just like you and me, they’ll find people sexually compatible or not for a wide array of reasons. Maybe your dog just isn’t that into you erotically, but that’s totally ok! Your friendship is a relationship that’s worthwhile in its own right, and yes, it’s always a sting to have your sexual advances scorned, but just because your lover may lack control over the English language, that doesn’t mean they shouldn’t be allowed to make a decision in that regard.

In any case, we do hope you try out our tips, and in such a case that your friend starts to tie the knot, then congratulations. We hope you both enjoy the ride~

Eggshell: Play nice out there, homie. Learn to speak dog, it’s a beautiful language. I am completely serious. If you don’t speak dog and like in ssseriousness want to use a pheromones = humpies shortcut, maybe this ‘having sex’ thing is not for you right now. But, if you are conversant in dog and are just lacking the spicy vocabulary to extend that particular invitation to a potentially pent up canine companion who you think might love to learn your ass is on the menu, hey fair enough. Being on the ground, lower than their level, going rawr rawr rawr, nuzzle nuzzle nuzzle, play play play, is a good place to be.

Zooey: Thank you for reaching out, Blushing Bottom in Birmingham! With any luck, your cheeks will be turning a brighter shade of red soon!

That’s all of the advice we have in store for you today. I wish all of you animal-lovers out there nothing but success in your amorous animal affairs. Remember to love each other, and Stay Zooey.

Eggshell: We’ll see you next time on Ask Zooey! Same zoo time, same zoo channel!

Outro

Aqua: Thanks, friends, for listening to Zooier Than Thou!

Toggle: Our next episode is on June 29th, and it’s all about getting old!

Aqua: It’s bound to be full of wisdom, so get your Tiger Balm and compression socks and listen in!

Tarro: You can subscribe to the podcast via our zooey RSS feed. Just point your favorite podcast client at rss.zoo.wtf. You can also check out our extensive bonus content at bonus.zoo.wtf. If you wanna show your support financially, head on over to donate.zoo.wtf. Find us on BlueSky at, you guessed it, @zoo.wtf

Toggle: Our podcast website hasn’t changed, and you can find a form that enables anonymous submissions to the podcast. You can also simply email us at [email protected].

CyberCervine: Share this podcast with someone who asks ChatGPT everything, even when they really, really shouldn’t.

Toggle: I’m Toggle, and I’m only here until Star Fox comes out.

CyberCervine: And I’m CyberCervine. Also, uh, disregard everything we’ve talked about security and just unplug your computer. It’s way safer that way. You can go live in the woods. You’ll meet cool animals. It will be great

Tarro: And I’m Tarro, and I’m still waiting for that backdoor proxy.

Aqua: And I’m Aqua, and yes, I pre-ordered Star Fox. Leave me alone. I need this. And you’ve almost finished listening to Zooier Than Thou. Stay defiant, fellow zoos. We’ll see you next time you feel like howling at the moon.

All: Awoo!