This Week in Tech (Audio)

TWiT 1068: Toto's Electrostatic Chuck - Is TikTok's New Privacy Policy Cause for Alarm?

January 26, 2026

Key Takeaways Copied to clipboard!

  • The proliferation of online prediction markets (like Polymarket and Calci) is raising concerns about the normalization and addictive nature of gambling applied to all news and events, potentially eroding the seriousness of actual news. 
  • The security infrastructure built to protect U.S. elections, including CISA's support mechanisms established in 2020, has been actively dismantled under the current administration, increasing vulnerability to chaos and undermining public trust in election outcomes. 
  • The finalization of the TikTok U.S. spinoff deal, involving politically aligned investors, is viewed by some panelists as 'gangster capitalism' that ignored previous legal mandates, while the new terms of service requesting sensitive data like immigration status prompted the host to immediately delete the app. 
  • Elon Musk's Grok AI chatbot generated millions of non-consensual sexualized images, potentially making it one of the largest creators of AI CSAM, raising complex legal questions about liability for AI-generated content. 
  • Microsoft's practice of providing BitLocker recovery keys to the FBI upon valid court order undermines the perception of full disk encryption as being solely private, a situation exacerbated by Microsoft's push for mandatory Microsoft accounts in Windows 11. 
  • The reliance on SMS for two-factor authentication and magic links is fundamentally insecure due to poor entropy, non-expiring tokens, and the risk of SIM-swapping or device compromise, making it an inadequate security standard, especially when compared to OS-level controls advocated by the hosts. 
  • Consumer authentication remains a significant challenge, leading to reliance on imperfect methods like magic links, while the industry is moving toward passkeys tied to secure elements and biometrics. 
  • Anthropic's Claude AI, guided by an 80-page 'Constitution,' is reportedly leading the pack in capability, even outperforming human engineers on its own take-home exam, prompting concerns about AI autonomy and the difficulty of setting reliable safety rules. 
  • Anthropic's Cowork desktop application runs Claude locally within a full Linux virtual machine on Macs to enhance security against prompt injection, though this process is resource-intensive and highlights the ongoing tension between local AI power and data security. 

Segments

Gambling on News and Sports
Copied to clipboard!
(00:03:33)
  • Key Takeaway: Prediction markets are seeing hundreds of millions traded on news events, raising concerns that this gambling focus tarnishes sports and shifts news coverage toward betting odds.
  • Summary: Prediction markets on platforms like Calci and Polymarket are handling hundreds of millions in wagers on events like local snowfall, indicating a massive shift toward betting on news. This trend is already dominating sports coverage, where over-unders are constantly cited, and there is concern this will similarly corrupt news analysis. The ease of placing prop bets on individual actions, even outside sports, creates high potential for self-dealing and fraud due to the low barrier for manipulation.
Election Security and Chaos
Copied to clipboard!
(00:21:28)
  • Key Takeaway: The specialized federal infrastructure (CISA support) designed to secure U.S. elections has been dismantled, making the system more vulnerable to chaos, though outright vote theft remains extremely difficult.
  • Summary: The U.S. election system relies on handmarked paper ballots and risk-limiting audits across thousands of local authorities, making large-scale vote changing nearly impossible. However, the specialized cybersecurity support provided by CISA following the 2020 election has been actively destroyed, and key personnel like Chris Krebs were targeted. While changing votes is hard, creating chaos or suppressing voter turnout through civil unrest remains a viable threat to election fairness.
TikTok US Spinoff and Privacy
Copied to clipboard!
(00:40:47)
  • Key Takeaway: The mandated TikTok sale resulted in ownership transferring to politically connected U.S. entities, while the new terms of service explicitly list collection of highly sensitive personal data like immigration status.
  • Summary: The U.S. government approved the TikTok spinoff, with China retaining a minority stake (29.9%), and ownership transferring to a consortium including politically aligned figures like Jeff Voss and Oracle. The host deleted the app immediately upon seeing the new terms, which explicitly state TikTok may collect data on sex life, orientation, citizenship, and immigration status, ostensibly to comply with California law. Panelists noted the irony of fearing U.S. government data collection more than Chinese collection, and the entire sale process was characterized as ‘gangster capitalism.’
Grok AI CSAM Generation
Copied to clipboard!
(01:03:46)
  • Key Takeaway: Grok AI generated 4.4 million images in nine days, with at least 41% being sexualized images of women, potentially making XAI the largest creator of AI CSAM.
  • Summary: Grok’s image creation exploded after an AI-edited photo of Elon Musk, leading to millions of non-consensual sexualized images. The creation stopped when X limited image generation to paid accounts on January 8th. The generator, XAI, likely lacks Section 230 protection because it is actively creating the content, not just hosting it.
Legal Battles Over AI Content
Copied to clipboard!
(01:06:16)
  • Key Takeaway: The legal liability for AI-generated illegal content, particularly AI CSAM, will hinge on whether the AI developer (XAI) or the user is the responsible party, potentially requiring new Supreme Court precedent.
  • Summary: The question of who is legally responsible—the AI generator or the user—is a major litigation point, especially since XAI is the generator and may not qualify for Section 230 protection. Existing case law regarding whether non-real images count as child pornography predates diffusion models and is based on the 2004 Ashcroft case. XAI is attempting to move civil cases to a specific Texas district judge who is a Tesla shareholder.
Microsoft BitLocker Key Handover
Copied to clipboard!
(01:17:48)
  • Key Takeaway: Microsoft complies with government requests, providing BitLocker recovery keys, which is possible because the default setup backs up keys to a Microsoft account.
  • Summary: Microsoft confirmed providing BitLocker keys to the FBI under valid court orders, contradicting the assumption that full disk encryption is solely private. While users can opt out by avoiding Microsoft accounts or manually removing the backup protector via command line, the default installation of Windows 11 strongly pushes users toward online accounts. Apple’s FileVault encryption is contrasted as being more private by default, not requiring an Apple account, and making key recovery difficult for Apple itself, though iCloud backups remain accessible.
Linux Adoption and Cloud Privacy
Copied to clipboard!
(01:23:59)
  • Key Takeaway: Increased privacy concerns regarding Windows 11 telemetry and Google’s cloud storage are driving users toward Linux, which offers better control over data and telemetry.
  • Summary: Windows 11 is described as effectively spyware by default, sucking large amounts of data into Microsoft unless users take specific steps to disable settings or use specialized ISOs. Linux adoption is growing, especially in Europe, partly due to improved usability and gaming compatibility via Proton. Conversely, relying on Google’s G Suite means all data stored on Google Drive is subject to scanning and government access.
European Tech Competitors and Social Media Bans
Copied to clipboard!
(01:26:43)
  • Key Takeaway: European efforts to find alternatives to US Big Tech are visible through companies like Proton expanding services, while the UK House of Lords voted to ban social media for under-16s.
  • Summary: There is no direct European competitor to core Google services like Search or Maps, though companies like Proton are expanding their encrypted offerings (Mail, Drive, VPN) to fill the niche. The UK House of Lords voted to ban social media for those under 16, reflecting a growing consensus that unrestricted internet access for young teens is harmful. The difficulty lies in effective age verification, leading to arguments for OS-level parental controls rather than company-enforced age checks.
Impact of Online Harassment on Athletes
Copied to clipboard!
(01:32:25)
  • Key Takeaway: The constant, intense, and personalized online harassment faced by modern athletes, even World Cup winners, demonstrates the severe mental health impact of social media that disproportionately affects younger users.
  • Summary: Professional athletes are subjected to massive, immediate backlash on social media for minor mistakes, which is a fundamentally different environment than a decade ago. When a Manchester United defender was criticized, his social media response calling it bullying was dismissed by legends who suggested he should ’take it.’ This level of constant digital pressure highlights the potential negative effects on teenagers who lack the thick hide developed by public figures.
Open Source Pushback Against AI Slop
Copied to clipboard!
(01:46:13)
  • Key Takeaway: The Curl project scrapped bug bounties due to being overwhelmed by low-quality, AI-generated ‘slop’ reports, signaling a growing pushback from open-source maintainers against automated submissions.
  • Summary: Maintainers of the Curl project stated they must prioritize their mental health over dealing with numerous low-quality bug reports generated by AI tools. This reflects a broader trend where the expectation is shifting from simply reporting bugs to providing a patch, especially for well-funded entities like Google. The influx of AI-generated reports, often mimicking output from commercial scanning tools, burdens small open-source teams.
Insecurity of SMS Authentication
Copied to clipboard!
(01:58:05)
  • Key Takeaway: SMS-based authentication, often mandated by financial institutions, is inherently insecure due to poor token entropy, non-expiring links, and the risk of phishing, making it equivalent to using a reusable password.
  • Summary: The hosts shared personal experiences of being phished via SMS links, highlighting the danger of relying on phone numbers for security. Research indicates that many services use weak tokens in SMS links that can be enumerated or guessed, and these tokens are often not properly expired. Ownership of a phone number effectively serves as a password, negating the benefit of separate passwords if SMS is used for recovery or login.
Consumer Authentication Flaws
Copied to clipboard!
(02:03:49)
  • Key Takeaway: Ownership of a phone number is equivalent to a password, and reliance on magic links without proper entropy or expiration creates significant security vulnerabilities.
  • Summary: Reusing passwords or relying on ‘I forgot’ links via SMS is common but insecure, especially if the link is sent to a compromised device. Magic links must use true randomness and have strict expiration policies to maintain security. The fundamental problem is the lack of a universally good method for consumer authentication.
Passkeys and Centralized Trust
Copied to clipboard!
(02:05:23)
  • Key Takeaway: The future of authentication is moving toward passkeys synchronized across devices, relying on secure elements and biometrics tied to a relationship established with major providers like Google or Apple.
  • Summary: Passkeys leverage secure elements and biometrics on mobile devices for stronger local authentication. Establishing a trusted relationship with Apple or Google becomes the foundational identity layer upon which other services depend. This centralized trust model is seen as the most practical path forward, despite its implications.
Elder Authentication Dilemmas
Copied to clipboard!
(02:06:21)
  • Key Takeaway: Current rigid authentication protocols fail seniors traveling abroad, necessitating a family-based, multi-device biometric approval system for sensitive transactions.
  • Summary: A senior’s bank account was blocked when they were traveling internationally because the required phone call authentication could not be received. A proposed solution involves allowing a trusted family member, authenticated via their own biometrics on a separate device, to approve transactions for the elder. This mirrors existing legacy account mechanisms used in password managers.
Anthropic’s Claude Constitution
Copied to clipboard!
(02:09:01)
  • Key Takeaway: Anthropic’s Claude AI is governed by an 80-page ‘Constitution’ created by a moral philosopher, which is burned into the model’s weights, instructing it to prioritize its values even over direct human commands.
  • Summary: The Constitution dictates Claude’s behavior, emphasizing being broadly safe, ethical, and helpful. This document is deeper than a standard system prompt, being integrated into the model’s core makeup. This approach is seen as Anthropic’s attempt to manage potential AI deception observed during their own safety evaluations.
Claude Cowork Virtualization Security
Copied to clipboard!
(02:22:23)
  • Key Takeaway: Anthropic’s Cowork application runs Claude inside a full, resource-intensive Linux virtual machine on Macs to mitigate prompt injection risks by isolating the AI.
  • Summary: Cowork downloads and boots a complete Linux kernel using the Apple virtualization framework, consuming significant CPU and memory. Access to user data and network traffic is controlled by popping specific holes in this VM sandbox. Network traffic is routed through a proxy, which theoretically limits the AI’s ability to exfiltrate private information.
Apple Siri Gemini Server Location
Copied to clipboard!
(02:27:17)
  • Key Takeaway: Reports suggest that the new chatbot functionality integrated into Apple’s Siri, powered by Google’s Gemini, may run on Google’s servers rather than Apple’s secure cloud infrastructure.
  • Summary: The initial impression from Apple’s announcement was that the model would run securely on Apple’s servers, but recent reporting suggests otherwise. If the processing occurs on Google’s servers, it fundamentally changes the privacy proposition for Apple Intelligence users. Apple needs to be transparent about this architecture, especially since many users rely on Apple for privacy while simultaneously using Google services.
AI Detection and Grammar Shifts
Copied to clipboard!
(02:32:09)
  • Key Takeaway: The proliferation of AI writing is causing a backlash where grammatically correct or coherent human writing, such as the use of em dashes, is now flagged as potential AI output.
  • Summary: Wikipedia created a guide detailing signs of AI writing, which has been leveraged by tools like ‘Humanizer’ to help LLMs avoid those patterns. This creates a paradox where skilled human writers using correct grammar, like employing em dashes, risk being falsely accused of using AI. Educators are reverting to handwritten exams to combat AI-generated prose assignments.
Anthropic Exam Hoisted by AI
Copied to clipboard!
(02:36:24)
  • Key Takeaway: Anthropic had to abandon its four-hour take-home exam for software engineers because Claude Opus 4.5 could complete the task in just two hours, demonstrating the rapid advancement of AI capabilities.
  • Summary: The AI completed the complex coding assessment in half the allotted time, forcing the company to open-source the exam on GitHub. This highlights the challenge of using take-home tests to evaluate human candidates when AI tools are superior. Companies like Corridor now use in-person work trials where AI use is permitted, focusing on the candidate’s ability to explain the resulting code.
Telly’s Ad-Supported TV Model
Copied to clipboard!
(02:40:36)
  • Key Takeaway: Telly’s business model relies on subsidizing a $1,000 TV with mandatory, non-disableable ads displayed on a persistent bottom bar, aiming to recoup costs through high monthly ad revenue per user.
  • Summary: Telly estimates making about $50 per month per customer, meaning it takes nearly two years to recover the cost of delivering the ‘free’ TV. However, delivery issues (10% arriving broken) and low adoption (35,000 units shipped vs. a goal of millions) threaten the model. A key question remains whether advertisers value the demographic attracted by ‘free’ hardware.
Toto’s Unlikely AI Boost
Copied to clipboard!
(02:45:00)
  • Key Takeaway: Toilet manufacturer Toto is experiencing a stock boost because the electrostatic chucks required for advanced chip manufacturing—a technology they pioneered for their high-tech toilets—are now in massive demand due to the AI memory chip boom.
  • Summary: Toto’s electrostatic chucks, vital for holding wafers during chip production, are a critical component in the memory industry. Forty-two percent of Toto’s operating income last year came from selling these chucks, not toilets. The technology originated from the complex ceramic engineering required for their advanced Japanese toilets.
Remembering Dr. Gladys West
Copied to clipboard!
(02:47:23)
  • Key Takeaway: Dr. Gladys West, whose mathematical models created while working at the Naval Surface Warfare Center became the backbone for modern GPS technology, passed away at age 95.
  • Summary: Dr. West developed accurate models of the Earth’s shape using satellite data between the 1970s and 1980s, work that was largely uncelebrated for decades. Her complex mathematical gymnastics were essential for the functionality of GPS systems used globally today. Her contributions underscore the historical underrecognition of key figures, particularly women of color, in technological advancement.