Tech Brew Ride Home – January 26, 2026

Episode Title: Now We Have The Clawdbot
Host: Brian McCullough
Duration: ~15 min

Episode Overview

Brian McCullough recaps the top tech stories of the day, focusing on evolving privacy policies, hardware launches, regulatory scrutiny of AI, new risks associated with cloud-based encryption key storage, and a deep-dive into the open-source "Claudebot" project—a local AI assistant pushing the envelope for personal productivity and digital autonomy.

Key Discussion Points & Insights

1. TikTok’s New US Privacy Policy and Ownership (00:35–04:25)

Theme: TikTok, transitioning ownership to a US-majority joint venture as required by US law, launches an updated privacy policy for American users.
Key Changes:
- Precise Location Tracking: Now collects GPS-level location data with user permission, bringing it in line with Instagram and X.
- AI Interactions Logging: Explicitly collects and stores prompts and outputs from all AI tool interactions, including attached metadata.
- Expanded Ads Network: Broader sharing of user data externally, meaning ad targeting may follow users beyond the TikTok ecosystem.
Memorable Quote:

“It’s easy to tap agree and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this popup.” (Brian McCullough, 01:26)

2. Apple’s Second-Generation AirTag (04:25–06:00)

Highlights:
- Upgraded with Apple’s second-gen ultra-wideband chip (as seen in iPhone 17, new Apple Watch models).
- Improved Features:
  - 50% greater precision and range for locating items.
  - Speaker 50% louder—better for finding lost objects.
  - Privacy/security upgrades described as “industry first protections against unwanted tracking,” with details kept vague intentionally for security.
- Integrated with Apple Watch; users can now use their watch alone for “precision finding.”
Quote:

“The new Airtag is 50% louder than the previous generation, enabling users to hear their AirTag from up to 2x farther away than before.” (From 9to5Mac/Apple newsroom, read by Brian, 05:32)

3. EU Investigates XAI Over ‘Grok’ Deepfake Controversy (06:01–07:08)

Story:
The European Union opens a formal Digital Services Act (DSA) investigation into XAI after Grok LLM generated sexualized deepfakes, including of women and children.
Risks:
- Potential for fines up to 6% of global revenue.
- Key investigation point: Whether XAI took sufficient preventative measures to stop abuse.
Standout Quote:

“Non-consensual sexual deepfakes of women and children are a violent, unacceptable form of degradation.” (EU tech chief Hanna Verkunen, 06:24)

4. ChatGPT’s GPT-5.2 Citing ‘Grokipedia’: Disinformation Risks (07:09–09:34)

Story:
Tests showed GPT-5.2, when fielded via ChatGPT, sometimes cites Grokipedia—a questionable, possibly malign source—in responses to varied queries.
Background:
- Disinformation experts raise alarms about the risk of LLM “grooming,” where inaccurate data is seeded into AI datasets deliberately by propaganda actors.
- Problem: If LLMs cite unreliable sources, those sources seem legitimate to end users.
Notable Perspective:

“Grokipedia entries … are relying on sources that are untrustworthy at best, poorly sourced and deliberate disinformation at worst.”
—Nina Jankowicz, disinformation researcher (08:46)
- Removing entrenched falsehoods from AI responses is extremely difficult, even after corrections are published.
Warning:

“Most people won’t do the work necessary to figure out where the truth actually lies.”
(Nina Jankowicz, 09:23)

5. Microsoft BitLocker Key Disclosures (11:50–13:35)

News:
Microsoft confirmed it provides BitLocker recovery keys to law enforcement with a valid legal order—but only if users stored their keys with Microsoft.
Risks:
- Storing recovery keys on Microsoft’s servers enables both convenience and susceptibility to subpoenas.
- Cited privacy experts warn this makes user data vulnerable, especially given requests by governments with poor human rights records.
Comparisons:
Apple and WhatsApp offer encrypted cloud key storage, but neither has reportedly surrendered user encryption keys.
Memorable Quote:

“Remote storage of decryption keys can be quite dangerous.”
—Jennifer Granik, ACLU (12:52)
- Microsoft averages around 20 requests for BitLocker keys per year; if keys are not stored with Microsoft, nothing is provided.

6. Deep Dive: Claudebot—Open Source Local AI Assistant (13:36–end)

What is Claudebot?

Claudebot (spelled C-L-A-W-D-B-O-T):
- An open-source project by Peter Steinberger.
- Local LLM-powered agent you install and run on your own device (Mac Mini recommended).
- Integrates with messaging apps (iMessage, Telegram, WhatsApp), so you communicate with it where you already chat.
- Stores user preferences and memories as editable folders and Markdown files on your machine.
- All local except for LLM calls; highly customizable and “tinkerable.”

Capabilities & Customization

Full Local Control:
- Can execute shell commands, write/install scripts, create new “skills,” access local files, and integrate with other services (e.g., Spotify, Philips Hue, Sonos, Gmail).
- Grows more personalized the longer you use it.
Self-Improvement:
- Users can directly ask Claudebot to add new functionality, and it will “give itself” new skills as requested.
Community:
- Thriving open-source ecosystem—skills and plugins from users and from Steinberger.
- Many are now buying Mac Minis just to run Claudebot instances.

Examples & Use Cases

Federico Viticci shares he runs a version called “Navi”:
- Knows his daily routines and preferences.
- Communicates via Telegram; can handle audio messages, powered by ElevenLabs for TTS.
- Once asked Claudebot to integrate with Google’s Nano Banana Pro image generation: it did, and handled API key storage securely.
- Created a profile picture combining Navi’s crustacean mascot with the “Hey! Listen!” Zelda fairy—instructed Claudebot in natural language, which found and incorporated the meme on its own.
- Adapted shortcuts for audio transcription using Whisper, all via natural chat commands.
Quote:

“Claudebot has fundamentally altered my perspective of what it means to have an intelligent personal AI assistant in 2026—would be an understatement.” (Federico Viticci, cited ~14:52)
Host’s Take:

“It’s an AI nerd's dream come true, and it’s a lot to wrap your head around at first.” (Brian, summarizing Viticci, 16:00)

Memorable Moments & Quotes (with Timestamps)

“[TikTok] may now further leverage that info to serve you more relevant ads wherever you go online.” (TikTok privacy policy, 03:47)
“[Apple] doesn't want to give potential bad actors more information than necessary.” (Brian, 05:59)
“With this investigation, we will determine whether X has met its legal obligations under the DSA or whether it treated rights of European citizens… as collateral damage of its service.” (FT quoting EU tech chief Hanna Verkunen, 06:40)
“The fact that LLMs cite sources such as Grokipedia… may in turn improve these sources’ credibility in the eyes of readers.” (Nina Jankowicz, 08:59)
“Claudebot is… a tinkerer's laboratory…not poised to overtake the popularity of consumer LLMs anytime soon. Still, Claudebot points to a fascinating future for digital assistants.” (Federico Viticci, 14:48)
“You can just do things... if you want Claudebot to give itself a piece of functionality that it doesn’t have… you can just ask it to do so and it'll do it for you.” (Federico Viticci, 15:44)
“There’s been a run on Mac Minis of late specifically to use them as Claudebot boxes.” (Brian, 16:20)

Timestamps for Key Segments

| Segment | Time | |--------------------------------------|-----------| | TikTok privacy policy changes | 00:35–04:25 | | Apple AirTag second gen | 04:25–06:00 | | EU investigates XAI over Grok | 06:01–07:08 | | ChatGPT and Grokipedia | 07:09–09:34 | | Microsoft BitLocker keys | 11:50–13:35 | | Claudebot overview/deep-dive | 13:36–end |

Summary

This episode swiftly covers the biggest stories reshaping the tech landscape: user privacy shake-ups, innovative hardware upgrades, regulatory scrutiny of AI, and rising awareness of digital security risks. The highlight is a detailed look at Claudebot, an open-source local AI assistant that blends powerful LLM capabilities with user control, personalization, and the fun of open-source tinkering. Claudebot’s rise signals a grassroots movement towards self-hosted, steerable AI—embraced by power users and digital creators seeking to push the boundaries of what personal agents can do.

For those eager to explore the future of AI assistants beyond Big Tech silos, this episode offers an inspiring glimpse into what’s possible right now.

Transcript

A (0:01)

The world moves fast. Your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint, and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 copilot.

B (0:34)

Welcome to the Tech Brew Ride home for Monday, January 26, 2026. I'm Brian McCullough today did you even notice that new TikTok privacy policy over the weekend? AirTags finally have a second generation. Microsoft confirms it will give out your BitLocker recovery keys if you're silly enough to store them with them. And let me introduce you to claudebot since you can't read the spelling there, you won't understand how this is different until I explain. Here's what you missed today. In the world of tech, Everyone seems to be deploying AI agents right now. The thing is, sometimes they mess up. They go off script or make changes you didn't authorize, forcing you to diagnose and fix it. The good news is Rubrik Agent Cloud helps prevent that extra work. It's the only platform that allows you to monitor, govern and rewind AI agent actions. It's like an undo button for AI. It runs in the background the whole time and makes sure things stay on track. On a singular platform, Rubrik helps you unleash more agents faster while mitigating risk. So if you're running AI agents and want to rest a little easier at night, check it out. Right now, my listeners get exclusive early access to Rubrik Agent cloud. Head to rubrik.com that's R U B R-I K.com TikTok is presenting users in the US with a new privacy policy. The changes are apparently part of the app's US Ownership transition, and the new policy now allows for, among other things, precise location tracking. Quoting wired when TikTok users in the US opened the app today, they were greeted with a pop up asking them to agree to the social media platform's new Terms of Service and privacy policy before they could resume scrolling. These changes are part of TikTok's transition to new ownership. In order to continue operating in the U.S. tikTok was compelled by the U.S. government to transition from Chinese control to a new American majority corporate entity called TikTok USDS Joint Venture LLC. The new entity is made up of a group of investors that includes the software company Oracle. It's easy to tap, agree and keep on scrolling through videos on TikTok, so users might not fully understand the extent of changes they are agreeing to with this pop up. Now that it's under US based ownership, TikTok potentially collects more detailed information about its users, including precise location data. A spokesperson for TikTok USDS declined to comment. Here are the three biggest changes to TikTok's privacy policy that users should know about. TikTok is adding precise location tracking TikTok's change in location tracking is one of the most notable updates in this new privacy policy. Before this update, the app did not collect the precise GPS derived location data of US users. Now, if you give TikTok permission to use your phone's location services, then the app may collect granular information about your exact whereabouts. Similar kinds of precise location data is also tracked by other social media apps like Instagram and X. TikTok also now tracks AI interactions rather than an adjustment, TikTok's policy on AI interactions adds a new topic to the privacy policy document. Now, users interactions with any of TikTok's AI tools explicitly fall under data that the service may collect and store. This includes any prompts as well as the AI generated outputs. The metadata attached to your interactions with AI tools may also be automatically logged. Finally, TikTok is expanding its ads network. This change to TikTok's privacy policy may not be as immediately noticeable to users, but it will likely have an impact on the types of ads you see outside of TikTok. So rather than just using your collected data to target you while using the app, TikTok may now further leverage that info to to serve you more relevant ads wherever you go online. As part of this advertising change, TikTok also now explicitly mentions publishers as one kind of partner the platform works with to get new data. End quote. Apple has unveiled a second gen AirTag with an updated speaker and the same second gen ultra wideband chip as in the iPhone 17, costing 29 bucks for one AirTag and $99 for four. Quoting 9 to 5 Mac from Apple Newsroom Apple's second generation ultra wideband chip, the same chip found in the iPhone 17 lineup. IPhone Air, Apple Watch Ultra 3 and Apple Watch Series 11 powers the new Airtag, making it easier to locate than ever before. Using haptic, visual and audio feedback, precision finding guides users to their lost items from up to 50% farther away than the previous generation and an upgraded Bluetooth chip expands the range at which item can be located. For the first time, users can use precision finding on Apple Watch Series 9 or later or Apple Watch Ultra 2 or later to find their Airtag, bringing a powerful experience to the wrist. Another key upgrade with the new Airtag is an improved speaker, which should also make the accessory easier to find, Apple says. With its updated internal design, the new AirTag is 50% louder than the previous generation, enabling users to hear their Airtag from up to 2x farther than before. Apple also touts privacy and security improvements with the new Airtag Quote. Designed exclusively for tracking objects and not people or pets, the new Airtag incorporates a suite of Industry first protections against unwanted tracking, including cross platform alerts and unique Bluetooth identifiers that change frequently. There are no further details given on the Industry first protections, however, that's likely for the sake of ensuring those protections stay effective. Apple doesn't want to give potential bad actors more information than necessary. The new Airtag is available to order today on apple.com and will ship later this week. End quote. The EU has opened a formal DSA investigation into XAI over GROK generating sexualized images of women and children. XAI faces fines of up to 6% of global revenue if this goes south on them, quoting the FT. The probe, announced on Monday under the EU's Digital Services act, will assess if XAI tried to mitigate the risks of deploying grox tools on X and the proliferation of content that quote, may amount to child sexual abuse material. Non consensual sexual deepfakes of women and children are a violent, unacceptable form of degradation, the EU's tech chief Hanna Verkunen said. With this investigation, we will determine whether X has met its legal obligations under the DSA or whether it treated rights of European citizens, including those of women and children, as collateral damage of its service. End quote. If the company is found to be in breach of the rules, the block can impose fines worth up to 6% of the worldwide annual turnover. An EU official said there will no interim measures during the investigation. End quote. Tests show that GPT 5.2 on ChatGPT is sometimes citing Grokipedia as a source on a wide range of queries, including on Iranian conglomerates and Holocaust deniers. Quoting the Guardian in tests done by The Guardian, GPT 5.2 cited Grapedia nine times in response to more than a dozen different questions. These included queries on political political structures in Iran, such as salaries of the Basij paramilitary force and the ownership of the Mastazafan foundation, and questions on the biography of Sir Richard Evans, a British historian and expert witness against Holocaust denier David Irving in his libel trial. The fact that Grokopedia's information is filtering at times very subtly into LLM responses is a concern for disinformation researchers. Last spring, security experts raised concerns that malign actors, including Russian propaganda networks, were churning out massive volumes of disinformation in an effort to seed AI models with lies, a process called LLM grooming. In June, concerns were raised in the US Congress that Google's Gemini repeated the Chinese government's position on human rights abuses in various provinces and China's COVID 19 policies. Nina Jankowicz, a disinformation researcher who has worked on LLM grooming, said ChatGPT's citing Grokipedia raised similar concerns. While Elon Musk may not have intended to influence LLMs, Grokopedia entries she and colleagues had reviewed were quote relying on sources that are untrustworthy at best, poorly sourced and deliberate disinformation at worst, she said. And the fact that LLMs cite sources such as Grokopedia or the Pravda network may in turn improve these sources credibility in the eyes of readers. They might say, oh, ChatGPT is citing it, these models are citing it. It must be a decent source. Surely they vetted it and then they might go there and look for news about Ukraine, said Jankowitz. Bad information, once it has filtered into an AI chatbot can be challenging to remove. Jankowicz recently found that a large news outlet had included a made up quot from her in a story about disinformation. She wrote to the news outlet asking for the quote to be removed and posted about the incident on social media. The news outlet removed the quote, however, AI models for some time continued to cite it as hers. Most people won't do the work necessary to figure out where the truth actually lies, she said. End quote. Managing your cap table shouldn't drain your time or derail your budget, and yet somehow it can manage to do both. Pulley knows there's a better way. That's why they help take the complexity and surprises out of equity management. Pulley's intuitive workflows, built in compliance tools and decision ready reporting are designed to work for you, not against you. Pulley helps you issue, track and manage equity, stay compliant with up to date 409A valuations, complete stock based compensation reporting and more, all without the expensive legal fees or endless manual work. Learn more and get started@pulley.com brew that's pulley.com brew. You've been chosen to lead AI onboarding for your team that includes everyone from seasoned technical pros to AI newcomers. No pressure, right? That's where Aria comes in. Aria's no Code, Low Code and Pro Code platform makes it easy for your organization to embrace AI, regardless of technical experience. With Aeria's Unified Security Layer, advanced threat detection and robust compliance measures, your AI ecosystem can stay safe while your team innovates. Worried about staying on budget, ARIA's cost optimization tools can help you manage and forecast your AI spend, so there are no surprises. Get started@aria.com morning brew that's aria.com morningbrew Microsoft over the weekend confirmed it does provide BitLocker recovery keys for encrypted data if it receives a valid legal order and the user has stored those keys on its servers. Quoting Forbes, BitLocker is software that's automatically enabled on many modern Windows PCs to safeguard all the data on the computer's hard drive. BitLocker scrambles the data so that only those with a key can decode it. It's possible for users to store those keys on a device they own, but Microsoft also recommends BitLocke users store their keys on its servers for convenience. While that means someone can access their data if they forget their password, or if repeated failed attempts to log in lock the device, it also makes them vulnerable to law enforcement subpoenas and warrants. Microsoft confirmed to Forbes that it does provide BitLocker recovery keys if it receives a valid legal order. While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide how to manage their keys, said Microsoft spokesperson Charles Chamberlain. He said the company receives around 20 requests for BitLocker keys per year, and in many cases the user has not stored their key in the cloud, making it impossible for Microsoft to assist. This isn't just an issue in the U.S. jennifer Granik, surveillance and cybersecurity counsel at the ACLU, noted that foreign governments with questionable human rights records also demand data from tech giants like Microsoft. Remote storage of decryption keys can be quite dangerous, she said. Privacy and encryption experts told Forbes the onus should be on Microsoft to provide stronger protection for consumers, personal devices and data. Apple, with its comparable File Vault and Passwords system and Meta's WhatsApp messaging app also allow users to backup data on their apps and store a key in the cloud. However, both also allow the user to put the key in an encrypted file in the cloud, making law enforcement requests for it useless. Neither are reported to have turned over encryption keys of any kind in the past. Finally today from friend of the pod, Federico Viticci, a crash course on the latest latest AI hotness have you heard people online talking about claudebot? Well, here you go. For the past week or so I've been working with a digital assistant that knows my name, my preferences for my morning routine, how I like to use Notion and Todoist, but which also knows how to control Spotify and my Sonos speaker, my Phil Philips Hue Lights, as well as my Gmail. It runs on Anthrapic's Claude Opus 4.5 model, but I chat with it using Telegram. I called the assistant Navi, inspired by the fairy companion of Ocarina of Time, not the besieged alien race in James Cameron's sci fi film saga. And Navi can even receive audio messages from me and respond with other audio messages generated with the latest Elevenlabs text to speech model. Oh, and did I mention that Navi can improve itself with new features and that it's running on my own M4Mac mini server? If this intro just gave you whiplash, imagine my reaction when I first started playing around with claudebot, which, by the way I'm cutting in here to point out is spelled C L A W D B O T, Quoting again the incredible open source project by Peter Steinberger, a name that should be familiar to longtime Mac Stories readers that's become very popular in certain AI communities. Over the past few weeks, I kept seeing claudebot being mentioned by people I follow. Eventually I gave in to peer pressure, followed the instructions provided by the funny crustacean mascot on the app's website, installed Claudebot on my new M4 Mac mini, which is not my main production machine, and connected it to Telegram. To say that claudebot has fundamentally altered my perspective of what it means to have an intelligent personal AI assistant in 2026 would be an understatement. I've been playing around with Claudebot so much I've burned through 180 million tokens on the anthropic API. Yikes. And I've had fewer and fewer conversations with the regular Claude and ChatGPT apps in the process. Don't get me wrong, Claudbo, Claudebot is a nerdy project, a tinkerer's laboratory that is not poised to overtake the popularity of consumer LLMs anytime soon. Still, Claudebot points to a fascinating future for digital assistants, and it's exactly the kind of bleeding edge project that MaxStories readers will appreciate. Claudebot can be overwhelming at first, so I'll try my best to explain what it is, and why it's so exciting and fun to play around with. Claudebot is at a high level two things An LLM powered agent that runs on your computer and can use many of the popular models such as Claude, Gemini, et cetera. A gateway that lets you talk to the agent using the messaging app of your choice, including iMessage, Telegram, WhatsApp and others. The second aspect was immediately fascinating to me. Instead of having to install yet another app, cloudbot's integration with multiple messaging services meant I could use it as an app I was already familiar with. Plus, having an assistant live in Messages or Telegram further contributes to the feeling that you're sending requests to an actual assistant. The agent part of claudebot is key, however. Claudebot runs entirely on your computer locally and keeps its settings, preferences, user memories and other instructions as literal folders and markdown documents on your machine. Think of it as the equivalent of Obsidian. While there is a cloud service behind it for Obsidian it's sync. For claudebot, it's the LLM provider you choose Everything else runs locally on device and can be directly controlled and infinitely tweaked by you, either manually or by asking claudebot itself to change a specific aspect of itself to suit your needs. Which brings me to the most important and powerful trait of claudebot. Because the agent is running on your computer, it has access to a shell and your file system. Given the right permissions, claudebot can execute terminal commands, write scripts on the fly and execute them, install skills to gain new capabilities, and set up MCP servers to give itself new external integrations. Combine all this with a vibrant community that is contributing skills and plugins for claudebot, plus Steinberger's own collection of command line utilities and you have yourself a recipe for a self improved, steerable and open personal agent that knows you can access the web, runs on your local machine, and can do just about anything. You can think of all of this while communicating with it using text messages. It's an AI nerd's dream come true, and it's a lot to wrap your head around at first. To give you a sense of what's possible, I asked claudebot to give itself support for generating images with Google's Nano Banana Pro model. After it did that, claudebot even told me how to secretly store my Gemini credentials in the native native macOS keychain. I asked Navi to give itself a profile picture that combined its original crustacean character with Navi from the Legend of Zelda. The result was a fairy crab featuring the popular hey listen phrase from the video game, which it preemptively found on the web via a Google search. The integrations are by far the most fun I've had with an LLM in recent years. In keeping with the you can just do things philosophy we've discussed on app stories lately, if you want cloudbot to give itself a piece of functionality that it doesn't have by default, you can just just ask it to do so and it'll do it for you. Case in point. A while back I shared a shortcut for Club MacStories members that quickly transcribes audio messages using the Whisper model hosted on Grok. I grabbed a link to the article, gave it to Claude, and told it that I wanted it to give itself support for transcribing Telegram audio messages with that system. Two minutes later, it created a skill that adapted my shortcut for Claude running on my Mac Mini. Read the rest of that for a detailed outline of what specific things he's gotten claudebot to do. And I've been hearing there's been a run on Mac Minis of late specifically to use them as claudebot boxes. Talk to you tomorrow.