Alright, welcome back everyone.
I have the pleasure of interviewing the co-founder and CTO of casa Jameson Lopp Jameson thanks for coming on the show.
My pleasure.
It's a blast to have you here so for the people that missed the episode with Andrew or at e currency he was on a couple weeks ago.
Can you describe to our listeners what casa is what their platform is, and what they're trying to do.
Sure, I mean, what we're really trying to do is what I've been focused on for seven, eight years now, which is bringing the promise of being your own bank to the average person so we're just trying to make self custody as simple straightforward
user friendly and also bulletproof, especially against foot guns and the user, basically, screwing up, because there's a million ways you can screw up, and we do that using a variety of technologies but nothing novel, we're basically using various standards
and technologies that are a part of the Bitcoin ecosystem, things like multi SIG and hardware devices for key management, and we put them all together in one nice package with a slick mobile app interface on top of it.
Let that help you basically manage your keys and your self custody. And along with that you're also providing a high level of service so that if you are new if you do encounter some weird edge case then there's someone there to help you.
So you don't have to send an email and wait for three months and hope that you know a customer support person will eventually respond to.
Yeah. You've obviously been in the space much longer than me I'm the class of 2020 so I consider myself a very new Bitcoin or haven't lived through a full happening cycle or four year cycle.
So when did you get into Bitcoin and what made you develop and start casa and when if you don't mind.
I've been a Bitcoin enthusiast for a decade now, and it was just an interesting side project hobby for me for several years, where one of the first things that I did was actually fork the Bitcoin core repository and added in a bunch of statistics
and data collection, just trying to expose more data for developers and other people in the ecosystem to better understand like what the Bitcoin knows we're doing.
And after a couple years of just going to meetups and talking to people on Twitter and forums I went full time in 2015, and started building infrastructure for bit go where we were basically helping enterprises secure their hot wallets.
And after doing that for three years I did a small pivot and helped co found casa where we're using some of that same technology like multi signature technology and bringing that to the the retail user the average club, so that they can start to self custody
and really be confident that they can do that, because I think that's one of the big pieces of friction that's resulting in a lot of people still leaving their keys and their coins with third parties is that they feel like it's safer to trust the experts to take care
of that, rather than take on the responsibility of doing it themselves.
Yeah, I mean, if the Canada freedom convoy isn't proof of that enough trusting experts or other people to hold your money. I don't know what else is.
So I guess, can you take me through the process if you're a pleb and you're just wanted to self custody your keys but with the guidance of you guys what would the process be like.
I mean we have an entry level product that ends up being about $10 a month but really all you need is at least one of the popular hardware devices, whether that's treasure, leisure, cold card.
We're also rolling out support for some of the QR animated QR code based devices. And, you know, those are a bit more expensive but I think that the user experiences is totally worth it.
If you want to go sign up. We've got a free trial you can also check out at keys.casa it's keys.casa. And it's really just a matter of following the instructions in the mobile app, plugging your device in or doing the QR code setup,
I mean we make it a pretty seamless process to get yourself into not only what would be considered a cold storage setup where your keys are offline, but a distributed multiple key setup, so that you're essentially eliminating single points of failure by having
your keys in multiple different locations with multiple different types of security.
That's excellent. I guess you, I know you guys have already addressed this but I'm not sure what the answer is. How do you guys remove yourself from the equation as a point of failure if you guys were to become compromised or you were forced by a
government entity or a corporation to basically go against your users or your customers.
Yeah, if we were a single point of failure then we'd really be no better than any of the other exchanges or you know Bitcoin banks as it were. And that's one of the first things that actually happens when you finish your initial setup with CASA is you receive
a personalized email that is a step by step guide to what we call the sovereign recovery process which is basically, what are your options of if for any reason CASA ceases to exist or stops responding becomes unreliable.
How do you take your existing keys your hardware devices, and the small amount of information that you need to know really to reconstitute that setup, and you can do that and multiple other types of Bitcoin wallets that are totally unrelated to CASA we have
no control over them, using them does not rely on any CASA infrastructure, and that's one of the big benefits of us not doing anything novel, and us using standards, using third party manufacturers that are widely used across the ecosystem,
is that as a result there are a number of different wallets out there that follow the same standards, and you can essentially import your keys and other data into so that you can then manage your funds in a worst case scenario even if CASA stops working for some reason.
Yeah, that's a, that's a really important point.
I guess I want to start transitioning I know you wrote an article back in November called I believe it was called to swat a swatter. I'll post it in the chat for our platforms but I guess can you take us on this long journey that kind of goes about security
and safety without giving out. I guess, I don't want to give out details of the perpetrator which you kind of outline in the article but can you talk about what happened, I think a better part of five years ago and then what ultimately what the conclusion was.
Yeah, so I guess it was in October 2017, it has been over four years when I had an incident where essentially my entire neighborhood got shut down by police, and it didn't take too long for us to uncover that it was essentially a swatting call or a prank
call, as it were, but one that happened to say the right words, which triggered a lethal force response from local law enforcement because they thought that people's lives are in danger so essentially someone claiming to me me calling my local law enforcement
and saying that I had killed people and had hostages and bombs and all this other stuff.
And, and so, you know, thankfully that situation ended.
It ended without incident, because I wasn't even home at the time and I ran into the police blockade trying to get to my house.
So this was, I mean this was obviously fortunate and if not for that one thing it might have ended differently. But this actually in, you know, I have several really long blog posts that go into all the details but that's actually an interesting point of
operational security that I brought up, which was that when I post things, I try not to do it in ways that would give away exactly what I'm doing or where I am at the time.
What I do in the morning is that I posted something at probably 630 or seven o'clock in the morning, talking about it being Monday and it was going to be a long week, and I suspect that that's when my attacker saw that said, Oh, he must have just gotten out
of bed so that was the perfect time to swat him. But in fact I was already on the other side of town at the gym, because I'm a really early riser and like to work out early in the morning.
And so it just so happens that you know they thought that that was a great time to swap me and ended up not being a great time. But fast forward a year or two. Basically, I announced that I had been swatted but didn't really say much more about the details
for nearly a year because I spent the next year, basically tearing down my entire life and rebuilding it with a focus on privacy, and I felt like one of my goals was I wanted to be able to go after the attacker without worrying about more attacks against
myself. And also, I didn't want to have to completely give up my identity and my reputation that I had already built up around it and start all over again.
You know, in order to protect my privacy so from a privacy perspective I kind of took the hard route there, because I wanted to keep using my, my real name and yes it is my real name.
Unfortunately, I was not smart enough, you know, a decade ago to think about creating a pseudonym.
And so then it turned into really like a four year long ordeal of talking to private investigators talking to a number of different attorneys, collecting tips.
I wasn't talking to the FBI but it took like three years to ever get someone at the FBI is attention and that was also just sort of fortuitous networking connection.
And after after many years and handing over all the information I collected the FBI.
It took them almost a year after receiving the information to get back and say hey we found the guy, and unfortunately the the federal district attorney has declined to prosecute because they're a minor, and they apparently, you know,
the federal system doesn't really have good justice or enforcement when it comes to minors and so they usually just sort of get off.
So it was all over at that point but then a few months later, the, the state district attorney actually came to us and said hey, we are interested in prosecuting.
And at that point, things happen pretty quickly. The guy in question didn't contest anything he pled guilty to all the charges.
I actually ended up flying out there and giving my own witness statement. And, you know, he basically got probation and a handful of other terms that he has to follow by for the next few years, since he did not have a criminal record.
So it was it was kind of a weird conclusion like I really, I had hoped that it had been an adult who should have known better and been able to take responsibility for stuff but you know I get it.
It's kind of crazy that we're at the point now where due to advancements in technology and certain times when law enforcement and the justice system can't keep up with it, you can have these really weird asymmetries.
You know, some like 14 year old kid who knows a little bit about tech you know just enough to be dangerous is able to actually have lethal force arbitrarily pointed at really anybody that they want because very few people have sufficient privacy to
prevent you from being able to find their home address. And, and then that ends up being so difficult to have law enforcement even care enough to try to track them down.
And then even when they do track them down the justice system isn't really prepared to do much about it if they're just a young kid without a record so it's a very interesting and complicated long case and I'm just glad to finally have it behind me now.
That's wild. There's so many threads I want to pull on here I mean especially because I'm the Twitch project manager as well as the producer for this live stream swatting is a pretty common occurrence I won't say pretty common, but it's more well known in the
gaming community when you're playing video games you're most likely that's really where it started out and then it sort of branched out into other things and now like celebrities and politicians and, and now like anybody who pisses anybody off enough should worry about it.
Definitely. So like, for my point of view, it's definitely an area that kind of worries me if you know this can happen to quite literally anyone.
So it's definitely an area that I would want to improve on what would you recommend for a person to start since you kind of went on this four year long manhunt and trying to hide your identity yourself.
It can be an overwhelming or daunting task where would you recommend a Bitcoin plebs start with trying to improve their privacy and security to start off the bat.
Yeah, I mean, the, the easiest thing, and what I should have done but you know in hindsight. It's hard to predict that you'll go from having a couple dozen people following you to having hundreds of thousands of people as an audience.
But of course, that's that's the other thing that I think people need to understand, you know, in the, the communications age, you might be a pleb today, but tomorrow, if you say or do the right, or in some cases the wrong thing, then that can attract
a level of attention that you're simply not prepared for you you can essentially become a micro celebrity if you go viral. And if you then have the attention of hundreds of thousands, millions, tens of millions of people attracted at you, then it's just a numbers
game that some of them are going to be deranged and or willing to do things that could cause cause harm to you. So really, I see it more as like anyone who participates on the public internet needs to worry about this potential edge case because you don't know
how you might hit the lottery, as it were, and go viral and have too much attention. And, and so from that perspective, like one of the easiest things to do is just not use your real name.
Because there's, I mean, there's obviously benefits to using your real name. But if you think of security and privacy as complimentary, then I consider privacy to be like the outermost layer of good security.
So if you can prevent an attacker from even being able to target you in the first place, then it doesn't really matter what the rest of your security is though you should have good security you you should have many many good layers of security regardless, but the
further out in the layers of security and then privacy that you can stop an attacker from coming at you, the better, essentially the safer you are the more easily you can sleep at night so you know if you are participating in discourse on social media or other public
forums, especially if you're in a sort of fringe or political space where discussions can get very heated, and people might get angry. That is certainly a situation where I recommend using a pseudonym that can't be tied back to you.
Other than that, there is really no limit to how much time and resources, you can put into improving your privacy. The think the most important thing for people to understand is that it's not an all or nothing thing it can certainly feel overwhelming
especially if you start to read some of the articles I've written about the extreme privacy things that I've implemented. But if you do want to start going down that rabbit hole.
There's a ton of good resources I have a privacy resources section on my website, Bitcoin dot page will get you there. Though, the, I would say, the, the kind of privacy Bible at least for Americans is going to be Michael bezels privacy guide
which you can find on Amazon for around $40. And he's been coming out with a new edition of that almost every year, and each, each new edition adds like another 150 pages so I think it's up to like 400 or 500 pages at this point.
And it talks about you know every possible aspect of your life, and how you can implement better privacy for it. But you don't need to go to the extreme that I did, which is creating legal entities to you know own all of your property.
And also that is something that is very jurisdiction specific. It's hard to do outside of America. But you can do things like use a VPN you know it doesn't take more than an hour or two for a new person to figure out how to set up and install VPN.
And install ad blockers same thing that that'll help protect you from just sort of everyday corporate surveillance that happens as you're going around the internet, and I can tell you from experience because in my pre Bitcoin engineering life I worked for a
company, and my job was to essentially write analytics, analytics, analytics jobs that were being run across these huge clusters of data sets with you know hundreds of petabytes of raw tracking information that were being collected from things like
email campaigns and website visits and whatnot so there's a ton of data that you just leave strewn about the internet as you're going about your daily life and everything that you can do to minimize that footprint or obfuscate it and make it look like something
else is going to be good.
Yeah, I think, Jimmy song said, you know, in the United States were addicted to free so that's why you know the Facebook's the Google's the YouTube's. I know they're on by the same company but all of those things that offer free services but basically
you become the product. Obviously they're selling your data, and they'll take anything they can get to marketing to advertising. I mean just Google, you can look up Google AdWords you can look up trying to run a marketing campaign on Facebook
and you just see the prices. I think that I was saw numbers recently. I think it's like $150 per person, per day, maybe maybe that's too much. But basically it's like some absurd amount of basically they're pricing what it's worth to sell a campaign to this subset
of a population it's normally $150 per person which is chum change to a lot of these big tech companies but when you think about in terms of other businesses they're just selling your privacy and your data, which is pretty absurd.
I guess you don't pay for it or the product. And that's actually we have a very strong privacy policy at casa that you can read on our website where we have extreme limitations on what we'll do with any data.
And more importantly, is the fact that we just don't collect much data.
What we really need is an email address to get set up with us and of course we happily recommend people just create a new proton mail or to denote or whatever privacy preserving email address for that.
I was going to say I think you guys even have a service that you can do it pseudo anonymously obviously I guess it would be tied to a bank account, or I guess you guys would accept Bitcoin, and then you could use another email to do so to pay for that.
Definitely accept Bitcoin. You know we do have, you know, data purging policies within our commerce mechanisms as well but, you know, if you really want to be paranoid then you shouldn't trust, because you can't verify whether or not we've purchased any data,
but if you pay us in Bitcoin you know that, you know, we don't have address or other financial like personal identifiable information.
I know, I don't know if you guys do this but by any chance, do you guys do a coin join as you accept Bitcoin payments I know that's something that Francis kind of took to the extreme because he interpreted the law with bull Bitcoin that anyone that sends Bitcoin to his
exchange, he coin joins because he said it's in order to protect his customers privacy. Obviously with everything going on with the freedom convoy I'll see if they are going to try and go after him or bull Bitcoin in general to get that information
but I know that he said that it's in the best interest of privacy of them and their customers.
That's a good question which I'll have to look into on our BTC pay server, I'm not sure offhand if that's possible to do.
The BTC pay server doesn't have the private keys readily available, because I think that as a more interactive protocol. But the answer is no for right now but I definitely should go look into it and see what the requirements are to enable page one offers basically.
Yeah, I didn't mean to get you guys but I know that was something that he did which I thought was very clever and I think it'd be cool for other businesses to implement going forward. So I guess, a question that I have from someone at the company is what do you think the biggest fault is
that someone can prevent in general, in regards to security and privacy.
Yeah.
That's tricky because it's like, are we talking about the most common thing or the the worst possible thing right is the whole spectrum so the, like I said earlier the, the most common thing or the easiest thing to prevent against is just normal day to day corporate
surveillance.
When it comes to like your regular day to day privacy and security, I mean, it's it's going to sound lame, but really I think one of the biggest things that people fail to do is just use a password manager to make sure that they are generating unique
passwords like most people that I know have a handful of passwords that they keep in their head and they reuse them everywhere and that's really the best way I think to guarantee that you're going to get pwned at some point, because it's the same.
The same type of problem with using credit cards, is that you're going out you have this little bit of sensitive information, whether it's a password or a credit card number, what other you know banking information.
And as you go about your life you're interacting with hundreds if not thousands of third parties, and every time you have some sort of interaction with them, you're giving them this private data so essentially you're you're you're just sewing your private
data over the internet all over the world. And it's only a matter of time before one of those third parties gets compromised. And it doesn't really matter if they get hacked by an external hacker or if they have an internal like rogue employee that siphons
off all the day or what it doesn't matter.
It's just, once again, sort of a law of large numbers that over a long enough period of time that data is going to end up in the hands of an adversarial entity.
So what do you do to mitigate that risk. Well, you, you don't reuse data you know just like you shouldn't be reusing Bitcoin addresses when you're receiving funds, you preferably should not be giving your credit card data to everybody you
should not be giving the same password to everybody that way. If, and when that data gets compromised, it's limited you know it's siloed to that one service or to that one credit card.
And you may be confused right now of like well how do you not give your credit card to everybody well that's, that's where you need to use virtual credit cards, or prepaid debit cards or whatever like I really like the privacy.com service there's
some other services out there that do the same thing where you can essentially, just like with a password manager, generate a new credit card that then gets locked to that one merchant. So, and you can even put limits and other, you know, security
mechanisms on it. So that's, that's what I really, I think it comes down to like understanding how to silo off these different pieces of sensitive information, so that it's okay.
When they get compromised. It's, it's really it's not, not any different than one of the major things that we use at Casa when we're thinking about architecture which is single points of failure.
If you're if you're using the same password everywhere if you're using the same credit card everywhere. If you're using the same private key everywhere becomes a single point of failure.
That's why, once again like with Casa with having a distributed multi key setup. We, we did that because we understand that people are human things happen edge cases happen and you need to build a system, you need to build preferably every aspect
of your life in such a way that a failure is tolerated and can be easily recovered from, and you don't want a failure to be potentially catastrophic.
Yeah, I would completely agree with that. And even to your point of like reusing data I think all people are the majority of people are guilty of this you know use the same passwords, whether they're your birthday, your last four digits of your social for your
birthday, you know constantly reason the same passwords, and I know as the hackers get the information they get smarter to, you know, if they can tie my name my identity and my email together, they're going to start using okay this is a password that was
used in a different database this is his birthday this is his pain, like last four digits of social and stuff.
I guess, what are ways that you kind of avoid. I guess you kind of brought it up there but even perfect example I'm moving right now, a way to kind of try and increase my privacy they kind of went hand in hand it wasn't.
I'm going to do this for more privacy but it just kind of worked in my favor.
But when I was going to set up my internet surprisingly you know you call them you say what kind of internet connection you want the router the modem all that.
And they were asking me for my credit check didn't they. Yeah, they are not even that they wanted to do my social security number, and I literally stopped them and I said I'm not giving you that information, and the person just kind of like stopped at his
tracks, and he was like, Oh, okay like why not I'm like because I don't feel like giving that information, and we just kept going on with the transaction which was fine which is the irony of it all.
But, yeah, he was asking for some really private information that I didn't want to give and luckily for my new home setup, I have a separate mailing address compared to my actual address.
So, I was okay with giving you know the PO box or whatever I have as my mailing as the address of the location I'm going but it was very weird like yes for.
Yeah, the social security or the credit. Yeah, social security number and stuff. So, in a way that's more and more surveillance what are ways that you combat that.
Yeah, so that's also that. That's one of the things that can be awkward especially when you're new to trying to be more privacy conscious is you start to recognize all of the times that you interact with third parties and they ask you for information
that's just not necessary and you know obviously they're doing this for marketing purposes or, and in the case of various like utility and services companies they're doing it to protect themselves from you know, bad credit, you know customers that that don't pay
their bills.
On the service side I found most of the time that you can bypass credit checks, if you offer just to make a deposit, you know, I will pay you up front, I will give you enough money that you don't have to worry about my credit worthiness.
When it comes to a lot of other merchants are especially. It's those face to face or phone or interactions you have the real time stuff that's more awkward, because you know they asked the question because it's part of their template right it's
like it's the company guidelines of how they need to interact with customers. And in many cases they're just not used to that response because most people don't think about the consequences of giving away all this information and so they just will answer anything
that's asked of them. And so, yeah, you have to be willing to say that, you know, you don't give away private information like that, and that's when it can get kind of weird because then, depending on like what their logical branching tree of how to react to
that is then you might end up having to like escalate to somebody else.
I've certainly had some odd roundabout interactions over the years, where I was basically like the one guy who was asking to do something away that wasn't part of corporate procedure and so would have to keep pushing keep pushing.
This is where sometimes you you have to be insistent you have to you know put your, your, your foot down, draw a line and basically say look.
Well hopefully it's not a monopoly service hopefully you can say look I'll just you know have to go you know call your competitor and see how they react.
Yeah, I was able to get around it and they were okay with taking a deposit and stuff so I was able to get around it but definitely when I said I wasn't giving my social the guy just kind of stopped in his track then no one had ever really or at least recently,
not opted to give their social security number which I just thought was a big breach of privacy.
And, I mean, so I think I tweeted about this but I actually I had an issue recently, which I've had before, but where, like I said, I don't own property in my real name, and that is an edge case that throws a number of companies for loop especially
insurance companies, because I start to explain that the property is owned by a business and then they start asking me for all the information about the business and like revenue and stuff I'm like no it's just, it's an asset holding business.
And, and most of the time they're like, oh, we, we don't know how to deal with that.
And other times though, like, I know when I bought a car one time, I started going down the similar path of they're like, this is really weird we don't really know how to do this and then like the guy calls his manager over, and the managers like, oh, I've seen
this once before is like I know what you're doing like we can we can help you out here but it's, it is, you do sometimes feel like a trailblazer which is really odd because, like, this should not be something that is like blazing a trail just to protect your privacy.
And I think it's even a weird thing that you're almost putting a target on your back, but in the sense for security and privacy it's almost like they're like they remember you because it's not a normal occurrence.
You're like you you normally you want to blend in with the crowd, but in my experience.
You know they don't remember what they had for lunch or breakfast so they're not going to remember the transaction they have with you but it definitely always kind of not irks me but I guess worries me that it's like oh they made a note of like this is a unique customer
and for whatever that's worth whether they think we're selling drugs or we own a lot of money or, you know, for whatever nefarious reason that they would want to go after us or learn more.
That's just something that always kind of like creeps over me or worries me a little bit.
And so, you know, if you read through a bunch of my privacy stuff, then you'll find that really what most of this stuff comes down to is.
If it's not simply withholding information, then it's using a proxy to protect your information and a proxy can be many different things you know people generally think of it in terms of internet terms and like VPNs and stuff and that's one kind.
But in in meat space, as it were, you can have other humans be proxies for you, whether that is like for the physical mail delivery and you can get a PO box you can get private remalers that handle your mail and then forward it wherever you want.
The sort of extreme end of this which I have had to use a few times is legal proxies, where I know there was one time, a utility company was really insistent that they have like all my information.
And eventually, because it was the monopoly, you know the only utility company like you want electricity. What I did is I called my attorney, I said look, you need to go use your magical legal ease to explain to this, this company like how this stuff is
going to work and, you know, unfortunately that can get expensive as well, but there's usually an option.
And with unlimited time and an unlimited resources you can pretty much get anything done.
I don't know if that's good thing or a bad thing but I hope that it went in your favor at least the monopoly didn't take out harsh punishment against you.
Yeah, I mean that's, I think one of the bad conclusions from this journey is that privacy is not cheap.
Now there are a lot of things that you can do to protect your privacy that don't cost money, but they will always cost you at least some sort of time and and you know, learning curve that you have to get up to speed to understand.
And this is the downside to all of the defaults in various aspects of our lives being very poor for our privacy is that you have to work against the grain you have to blaze that trail and you blazing a trail is inherently hard.
Because there's a lot of obstacles in your path. And so that's why it's unfortunate that I think this is one of the reasons I'm a bit more pessimistic on gender privacy in general is because first of all we know that most people don't think about it or care about it,
at least until it's too late and something has gone wrong. And then if you do care about it and start trying to improve your own privacy you find out very quickly that it's, it's not necessarily easy especially if you want to be comprehensive about it so unless
you're someone who's highly motivated or has had some sort of edge case attack like I have.
There are a million dollar businesses that are in the business of selling people's information so there's a financial incentive in order to do so, I guess going back to like retaliation and stuff like that.
So, to your article, obviously they're a minor and I don't want you to give out any information you don't feel comfortable about but when you get went to give your testimony and statement I'm assuming maybe you talked to him or maybe your lawyer advised to not talk
to this person would maliciously do something to get back to you because obviously, even though the punishment might be small, do you worry that in once he gets off his probation or whatever would come after you and in a later function or at least attempt to,
I know you've put up roadblocks and ways to try and prevent that.
No, I don't think so you know I really do think that it was just a guy who, first of all, he didn't know who I was, I released, I believe, when he told me that he didn't know who I was that you know he was he was basically hanging out with the wrong crowd
and got kind of goaded into using his skills for this particular thing.
Yeah, I'm not, I'm not too worried about him.
I'm, I'm just worried about anyone else, you know any number of other more malicious people who might be willing to actually use physical violence.
The guys who were sitting in a basement and, you know, hanging out in darkened at forums and you know swapping hacks and all this other stuff.
It's an interesting subculture.
I think it's very easy if you're in that subculture to completely miss the ramifications of the consequences of what could happen to you, whereas it's a very different type of criminal who is willing to say, come up to you and actually point a gun at you
and you know use physical violence because when you when you cross that physical threshold like they are actually putting themselves in physical danger and it's completely obvious like what the level of risk that they're taking is.
So that's, that's really more of the criminal element that I'm worried about these days rather than the keyboard warriors.
Yeah, and it goes to your point it's almost like you were bummed that this minor was the one that got you and kind of, it seems like he didn't know you, I guess you were kind of hoping to get the people that gave the command or the, the, the people
or person that issued the order to go after you because it kind of seems it was kind of a step away, probably trying to increase their own privacy in the attack that you kind of ensued against them.
I guess, physical attacks in the meat space, what would you give to a pleb that's going to a conference because, in case the listeners don't know Bitcoin magazines hosting one of the biggest and best Bitcoin conferences coming up April six through the ninth in Miami
Beach Florida I hope Jameson will be there I know his company will be there. So excited to see some of his employees as well as him, if he's going, but how would you recommend a pleb have security and privacy at a conference like this.
Well I mean the first thing you have to understand is that criminals in the area are going to know that this is happening. And in fact I believe there was at least one case last year of a guy who got in a taxi and the taxi driver basically asked for his
wallet and was starting to screw around with it and you gave the impression that he was like, trying to open up his wallets and steal his money so you just have to be vigilant and understand that, you know, this conference because of its size and publicity
it's going to attract attention. And so if you're going to the conference.
Maybe when you're not physically at the venue don't wear crypto stuff that makes you stand out.
And certainly don't be walking around with large sums of money that are easily accessible like you should not have a hot wallet on your phone that has you know thousands or 10s of thousands I mean, I've seen people who had like hundreds of thousands of dollars
of single signature wallet on their phone because they just left it there for so many years and never bothered to move it off but consider the fact that you know you yourself can be a single point of failure.
I talked about wrench attacks and physical attacks, a decent amount.
Though they are very rare.
Most likely, the, you know, 99.9% of people who attend the conference will not have anything bad happened to them.
However, just due to how many people are there and the fact that crime has certain rates of things that happen, you know, probably will have one or two people who have a bad experience and a lot of this stuff, the security privacy, whatever.
In terms of insurance, and that you, you know that bad things happen in the world, and a lot of them are fairly rare and so the question comes down to how much of your time and resources, are you going to invest to ensure yourself against one of these
cases. And, you know, just just doing something as simple as like not walking around with Bitcoin logos all over you when you go out to the nightclub where you might get you know something slipped in your drink.
I think that's like a pretty simple ask like doesn't take a lot of resources to do.
But, yeah, don't don't be stupid I mean you just need to make sure that you aren't attracting attention and understand that if for some reason you do attract attention that you need to be able to mitigate, you know what the possible downsides are.
Yeah, I know some people don't have street smarts and I'm not the most intimidating dude standing at a stature of like five six so I'm not the scariest or biggest dude on the street but definitely.
To your point, kind of be street smart you know don't if you can avoid wearing Bitcoin merchandise, or even talking about it, you know, say that you're in the financial sector if you're out of the bar don't say you work for a Bitcoin company.
I'll definitely say I work in a media company and, you know, probably get harassed for saying you know I'm the spreading bad news and I'll go with that saying I'm mainstream media but they don't have to know for a Bitcoin company.
Yeah, and I think that's pretty important. So, Jameson I think we're getting to the end of the time that I had you. I don't want to keep you because I know you're quite busy with your day job and running a company so is there anything else that you'd like to send off our listeners
with.
Um, you know just not to let it get to your head right is that, you know, I talk about bad things happening all the time, but I've also been on the front lines of helping people self custody their funds for many many years and so I've seen really some of the worst case scenarios.
They're still very rare, but I think that they're useful data points and they're they're learning lessons and a lot of the decisions that went into how we've architected casa and how we continue to develop the product are based upon very hard earned decisions
that have really learned the hard way over the years, sometimes through catastrophic loss or just having a really really bad time as a result of one particular decision that was made.
There's, like I said, an overwhelming level of things that you can learn or dive into. But also you know you, there's no rush you have plenty of time, you can start small, spend a few hours on the weekend, just digging into some of the easier stuff
and just just doing that just investing a few hours into your security and privacy will already put you ahead of 98% of other people in the world.
And that's one of the other major factors when it comes to security in a variety of different ways is you don't have to have perfect security, you just have to have better security than the guy next to you know it's kind of like the, the old adage
that you don't have to be able to outrun the bear you just have to be able to run faster than the other guy is because we know there will be criminals, there will be malicious people out there trying to attack people.
And if you think from their perspective, they're looking for the soft targets they want to get the best return on their investment.
And if they look at you. Well, preferably you'd make it so they don't even look at you in the first place but if that fails and they look at you, and they're also looking at any number of other targets, then you want them to say no that looks like
it's going to be too much trouble I'm going to try to attack that other person instead.
Thanks, I think that's a really good point. And thanks so much for coming on the show it's been a pleasure talking with you and I look forward to seeing you in Miami as well as a bunch of your employees that work there.
So, everyone, we're going to get ready to go to a commercial break, and then I'll be back right after that and we'll be prepping for the deep dive that's going to go on in spaces.