Tell me a little bit about, and tell our audience a little bit about your privacy journey.
How did you guys first go down the privacy rabbit hole?
Like when, why, how, and what brought you here today?
I would say that, you know, the specific inflection point for me was during the 2017 hype where
I ended up getting a lot more attention due to my social media efforts.
And the result of that was that some of the attention was from the type of people that
you don't want to get attention from.
And so that's when I ended up getting extorted and had a SWAT team show up at my house, police
shut down the whole neighborhood.
And you know, that is what led me to realize that it was far too easy for someone with
just a minimal amount of technical expertise to be able to find my physical location and
harass me.
And you know, this is something that has been happening to a number of prominent people
in the space, though a lot of them don't talk about it because they don't want to attract
even more attention.
But you know, it's not a new problem.
It's the type of problem that anyone who gets enough attention has to deal with.
And before the internet age, this was more of a like superstar celebrity stalker type
of problem.
But the internet has just lowered the barrier for people to mess with you by so much that
now it doesn't take that level of fame to get enough attention that you can have major
problems happen to you that you did not anticipate.
So privacy, I just see as a sort of flip side to security.
And if you want to be prepared for potential edge case events like that, then you need
to have really good privacy before something bad happens.
Yeah, I think that's great.
I mean, I think for me, it is from a less of a personal point of view and more from
a global point of view.
I think real improvements in action happen on a personal individual level and people
need to take it into their own hands.
But for me personally, I always was a more discreet person.
I was like a more privacy focused person.
And I thought I was taking reasonable precautions.
And then 2013 came around, I was a young adult, 2013 came around and fucking Snowden just
kicked me right in the balls.
He kicked me right in the balls.
And I realized that all of these corporations and the governments that they have to report
to their incentives are misaligned.
They don't have my best interest at heart.
I remember like in 2012, if you asked me in 2012, I thought you could trust Google, it
sounds insane now, to trust Google with protecting your private information, at least to try
their best.
And I soon realized that that wasn't the case because of what Snowden showed.
I saw the power that could be harnessed there to control large amounts of people with so
much information that's just easily accessible.
And I started taking action to try and both fix my own vulnerabilities, but also just
to look at it from a completely different perspective, a perspective where really free
and open source software where these movements is an individual action is really the only
real change that we can have moving forward if we want to improve the situation.
Yeah, and just real quickly myself, I would say I really became radicalized just through
exposure to Jameson, but also if anyone wants to get a larger conceptual grounding in privacy,
I would recommend the book Surveillance Capitalism by Shoshana Zuboff.
That was another big part of my personal journey.
So just jumping ahead, this is a little bit of a state change that we want to take folks
on today and maybe think going forward where you might lie on the spectrum from a happy-go-lucky
TikTok user to someone kind of cutely wrapped in tinfoil.
So to set the stage, we want to start talking about how we think about privacy, right?
And we think about it in tiers.
Jameson, this is actually a framing from your Extreme OpsTech talk back from Riga, I think,
in 2018.
Do you want to talk a little bit about this framing and why it's useful for people?
Sure.
It's mainly because I think people don't understand that privacy and security are not a Boolean
or a binary thing.
It's not that you either are private or you are secure or you're not, but rather it's
what is the level of resources that an attacker would need to commit in order to peel away
enough of your levels of privacy or security?
So it's not something where I think people should give up because they think that getting
extreme privacy is too hard, but rather it's a journey.
And you can start off with really low level of commitment and resources.
Dip your toe into the water.
This can be a multi-year type of thing, and you just keep going until you feel like you've
gone far enough.
There's no need for someone to go as extreme as I have because a number of the things I've
done are also just sort of experiments to see what's even possible in the first place.
So there's a lot of things that you can do that they don't cost a lot of money.
They just take a little bit of time.
And I think what we'll really talk about a fair amount here is that a lot of it is just
a behavioral and mindset change.
Yeah, that's great.
Matt, so a lot of people, we were talking about this earlier, post 2013, they really
wanted to make themselves NSA proof.
You think that's even a helpful way to think about privacy?
No, I think it's probably the least helpful way to think about it.
I think it helps to kick people in the balls, right?
This is the second time I've said balls on the stream, so I'm off to a good start.
I think when you realize what the Snowden League showed a lot of people, including myself,
definitely not most people, what showed a lot of people is the capabilities that a single
central actor could have in our current setup.
And that's a wake up call.
That acts as a wake up call.
But when the average person is thinking about trying to be more private, trying to achieve
more security, they have to think of it from a proper threat model point of view.
They have to think of it from their own personal threat model, and they have to think, which
kind of actors am I trying to protect myself against?
And when you look at privacy and security, it usually flows along a trade off with convenience
and ease of use.
So you don't want to beat yourself up in the convenience department and the ease of use
department and shoot yourself in the foot and make your whole life fucking hell and
difficult to try and reach some unattainable goal of protecting yourself from the most
sophisticated actor on this planet, which is the NSA.
And I'd go as far as to say, for most people, and they have to make their own personal decision,
they probably aren't focusing on trying to protect themselves from the top 10 sophisticated
actors.
But really, you want to think of it at a more practical point of view.
And you want to basically, you don't want to get overwhelmed.
It's easy to get overwhelmed when you're thinking about the most sophisticated actor.
The NSA can own me, so why do I care?
Why am I doing anything?
Don't look at it that way.
Think about little improvements, incremental improvements, steps you can take to increase
your situation.
And as people do that on a global scale, it increases all of our situation together.
Yeah, I think that's great.
So one other point before we dive in here, Jameson, I think you said this when we were
meeting earlier, that privacy isn't kind of one and done.
One thing that we see a lot is people who move to ProtonMail, stop using iMessage, go
to Signal, and Google, and use DuckDuckGo, and they kind of think everything's done,
that the problem's solved.
Before we dive in, can one of you guys talk a little bit more about just how to frame
this is like an active dance with attackers or scammers?
Yeah, I mean, the interesting thing, I think, from my long term history is that before I
went full time into Bitcoin, I actually worked as a large scale data analyst for an online
marketing company that was sending out hundreds of millions of emails every day.
So my job was the antithesis of what I do today in that I was aggregating and analyzing
petabytes of raw metrics data in order to help people sell stuff to other people.
So that's where I gained a real understanding of just how much data gets leaked and collected
and analyzed all over the internet.
And that's why there, I think, is a very easy way to prevent yourself from being exposed
to a lot of that by using some very simple to install software tools just to protect
your day to day browsing and stuff.
But moving beyond that, it's also important that you then start to think about what data
am I voluntarily handing over to people that I don't need to be?
And I think that's what we'll get into a bit more later.
Yeah.
So I think the first thing we want to start with is just a basic principle, and then we'll
move into some recommendations.
So Jameson, this is going right off what you're saying here.
One of our go to recommendations here at CASA is that people assume that any data you share
online can and will be stored indefinitely.
You also want to assume that parties that you may not know about could access it, and
then also that it could be leaked publicly.
So if I share my data, my personal information with party X, it's very possible that they're
selling it to parties, you know, Y, Z, all the way through the rest of the alphabet,
and also that they could be breached at any time.
It's pretty hard to interact with any service online without spilling some data, but that's
the frame of reference that you want to have.
So going into our first recommendation for today, what should you do if you suddenly
found out that you were a millionaire when Bitcoin hit 40k earlier this afternoon?
Only tell someone who you would literally trust with your life is the way that I would frame
that.
And even then, possibly not because a lot of people don't understand how to shut up
themselves.
Fair.
So jumping into some of our basics, recommendations that we give every casa client when they first
come on board, these are I hope pretty uncontroversial.
I wanted to ask, you know, Matt, when someone comes to you, and I think you probably get
a lot of this when someone comes to you, starting to go down the privacy rabbit hole, what's
the first piece of advice you don't want to give them?
Don't get discouraged.
You know, I think the most important thing, the single most important thing is that the
person has motivation, that they actually just want to do it.
And I think as someone who cares about privacy, you shouldn't waste your time.
Waste your time is the wrong word, but don't spend all your time trying to convince people
they need privacy.
There's plenty of people every day that come around and realize the importance of it, the
significance of it, and are motivated to try and achieve better privacy.
And then from that point, there's real steps they can take to slowly improve it.
But if someone isn't motivated, they're going to choose the most convenient option.
I mean, we live in a world where people, you know, pay Google and Amazon for the privilege
to wiretap their living room, and then they brag to their friends about it.
Those people need to come around on their own to realize why privacy is important.
You're never going to be able to convince that type of user to be more private.
They've already made that decision.
As for these items on here, I mean, I think VPN is important.
I think a password manager is important.
My favorite VPN is mole that VPN.
I hear good things about Proton Express kind of has like a shitty reputation.
I don't think anyone should really use Express in my personal opinion.
LastPass is like, I'm not sure if I love LastPass.
But once again, everything's just an improvement, you know, I could you could you could go down
and you could start saying one is worse than the other.
But for most people, you know, even just using a password manager like the one built into
your iPhone is probably a massive step improvement.
Yeah, or Bitwarden is another good.
Yeah, I love Bitwarden and KeyPass are my two favorites Bitwarden if you want some kind
of hosted, you know, more convenient solution and KeyPass if you're if you're fine with
just keeping offline versions of your database.
Yeah, I think that's great.
All right, we'll jump forward.
If you haven't done any of the steps on the previous slides before moving forward, our
advice is just do it.
It can be tedious and annoying to set up.
But if you just carve out a couple hours on the weekend, you're really going to dramatically
change your personal security.
So next up, our second principle is Bitcoiners are at greater risk.
This should be obvious to most people on the call, but because Bitcoin is pseudonymous
and also censorship resistant, there's a higher payoff or motivated.
So we're talking a little bit quite a bit actually before about this book, The Sovereign
Individual.
There's a really good framing about the logic of violence and how that structures society.
We can't dive into it a ton, but Jameson, do you want to just give a quick TLDR?
This is, after all, required reading at CASA.
Yeah, I mean, the the short version of this is that the thesis is that, you know, technology
is going to continue to empower individuals, give them more optionality.
And that optionality means that governments and nation states will have to compete more
and more to keep people as citizens in order to continue to generate revenue from their
taxes.
So this is a book that is, I believe, over 20 years old at this point, but is quite prescient.
It even has a number of predictions in it that have come true, including stuff around
real currency, which, you know, of course, is why we're all here today.
So if this book continues to play out, then we're going to see governments become weaker
and weaker in the amount of control that they can exert over people.
And as a result, hopefully, that means that the the things that governments offer to its
citizens will become more palatable as they have to compete more.
That's great.
So jumping off that, we have a few things that every Bitcoiner should know.
I also want to call out this presentation will be available on Crowdcast immediately
after we're done.
And then also on YouTube for future reference.
So everything that we're going through here will be will be available for perusal.
I guess, Jameson, I think a lot of folks on here have probably heard what a SimJack attack
is.
Can you quickly explain how that works so people understand why their phone numbers?
I guess two things.
How much personal information can be derived just from your phone number?
And also, you know, what happens if you get SimJack?
Right.
So with the phone number, I'm not sure off the top of my head how easy it is to directly
tie a phone number to the service provider.
It's probably not hard to figure out, but once an attacker figures out who is actually
in control of that phone number, by which I mean, of course, the company that is providing
service for it, then they have a pretty big incentive, especially if they know that that
person is a crypto user and is probably using various online exchanges and other services
to manage their money, that that is a potential entry point or a single point of failure into
your entire life.
So essentially what happens is that the phone service providers are the controllers who
get to decide what specific SIM card gets tied to a specific phone number.
They can remap those, you know, at a whim, essentially.
So a lot of these providers do not have great protection around that.
Essentially it's like questions and answers with their support folks who can, with enough
time and effort, often be socially engineered into bypassing various security measures and
just remapping which SIM card has the mapping to that phone number.
Once the attacker is able to get the service provider to remap it to a SIM card that they
have in their position, they own your phone number, they can start going around to different
providers with other services and resetting your passwords, getting into your accounts.
Generally what they're going to be looking for is getting into your email account because
most people have a single email account that is their central identity and manager for
all of their other online accounts.
And once you get your email account compromised, it's often trivial for them to start going
around and resetting passwords and obtaining access to your more valuable accounts, say
your exchanges and whatnot.
If they get into that, of course, they're going to buy or take control of as much Bitcoin
as they can, withdraw it.
And once they withdraw Bitcoin into an address that is in their control, then there is no
way to get that back.
That is why the value and incentive is so much higher for these SIM swappers to attack
Bitcoiners.
I would just like to add that I think the problem is as a society as a whole, we've
basically, these companies, so many companies and so many industries and the financial sector,
not even Bitcoin, baking related is even worse, have basically been operating under this
procedure where they use your phone number, which most people don't change throughout
their whole lives, as both an identification and an authentication token to basically provide
root access to all account features.
So you could have like the most sophisticated password, everything else.
But if their internal systems are set up in a way that you can reset it with just access
to your phone number, then all of a sudden the whole security of their system is reliant
on the security of your phone provider.
And these phone providers have just not taken it seriously.
They're not very good at doing it.
It is a tall task for them to do in the first place.
So ultimately, really the solution is we should be pushing companies to just not have these
methods in place.
Companies that actually take security seriously should not allow your account to be compromised
if your phone number is compromised.
That's something that Kasa has always taken very seriously.
You've never been able to reset, get access to an account just by taking over someone's
phone number.
So I think short term, you know, it's up to users to protect themselves because so many
of these services still do it.
I mean, we saw Jack Dorsey himself.
It happened to his own service on Twitter where they got access to his Twitter through
his phone number.
And that was he's the CEO of the goddamn service.
So like it's going to take a little time.
So for that till then users have to protect themselves.
But ultimately, we need companies to improve their processes here.
It's actually it's kind of ridiculous that especially a lot of the exchanges in the space
still entice users into adding their phone number and using it as a account reset mechanism.
When I was working at BitGo in 2015, as soon as we saw these SIM swaps starting to become
a trend, we removed all the phone number stuff from our system because we knew it was a major
vulnerability.
So I think that this is evidence that a lot of these Bitcoin related services out there
don't actually place the user security foremost.
They have these mechanisms available because it's a convenience for them that if something
goes wrong, hopefully the user will reset their account access themselves and not have
to bother support for help to do it.
All right.
So we just covered some of the dangers with your phone number getting leaked.
The next couple slides, we're going to move through and talk about what happens if your
physical address gets leaked.
So shortly before Christmas, probably many of our audience today are aware that quite
a bit of information from Ledger customers was leaked online.
The actual breach came earlier in 2020, I think in July 2020, but it didn't make its
way until public forums until shortly before Christmas.
So this is a screenshot of the post raid forums where someone posted, I mean, I think it was,
you know, effectively a million email addresses and many IRL addresses of Ledger users, right?
So we won't do a full recap of that here.
But the next thing we want to talk about briefly are just what are called $5 wrench attacks.
So these are in person attacks on Bitcoiners.
Sometimes these are real, but sometimes just the threat of these can be enough to cause
someone to part ways with their coin.
So the point is just to realize that if you put your information somewhere and it's associable
with your crypto holdings or with your Bitcoin holdings, there could be really real consequences
for that.
And definitely a number of folks who were involved in that hack or in that raid forum
post, you know, have gotten threats similar to what we're seeing screenshotted here.
So the name of the game is to limit the amount and the quality of data that you provide to
anyone.
So there's a list of some very easy ways to do that.
I'm curious, you know, Matt or Jameson, what is like the most important and do you think
like the easiest like low hanging fruit here?
Well if you're an American, I'm not sure how many different countries it's available to,
then you can get access to earth class mail or similar services and privacy.com similar
services so that this is what I do.
Like every time you make a purchase that requires shipping something to a physical address,
you can use a completely unique credit card number and you can use a shipping address
that is not your home.
And of course, I would advise not using your real name as well.
So think of it in terms of like proxies or firewalls of like your real identity, your
real location, you should really consider that to be almost toxic information where
this is the main mindset change that needs to happen.
But you know, whenever I'm looking at some sort of form or someone is asking me for information,
it almost physically hurts me if I'm about to turn over, you know, my real information
like you need to have this like internal alarm clock, really internal alert that goes off
that says, you know, do I really need this?
Or is there an alternative path to provide other information?
And also the other thing that's just hard to get over is lying to people.
In the vast majority of cases, when you're interacting with someone, you're under no
legal obligation to give them real information.
There's very, very few cases in which you have to give your real identity, your real
location.
That was the bigger, I would say, hurdle for me to overcome.
But you know, after you do that for six months or a year or so, it really becomes second
nature.
I mean, the overarching goal here is to just reduce the amount of information you're sharing
period across the board everywhere.
And one thing that people don't realize and look, no one expects you to be, you know,
perfect lop level of his explanations of doing all these different steps, you know, little
things improve, little things help.
But one thing to keep in mind that I think is always missed in this conversation is it's
not a Bitcoin specific issue.
Bitcoin does increase the risks because at least before multisig, it was it was more
common for a big corner to have large amounts of easily accessible bearer money in their
in their in their places of business or home.
But this is not Bitcoin specific.
We see people getting their identity stolen all the time, bank accounts getting opened
up in their name.
Just basic phishing fraud.
You know, they just start hammering email lists and and and phone lists to try and get
to try and trick the target, the lowest hanging fruit into giving them up their money.
And then last but not least, because it's not Bitcoin specific, we basically live in
a world where every business that you interact with inside of Bitcoin outside of Bitcoin
is a massive data honeypot.
And they they're not most of them aren't prioritizing it enough.
They don't realize the value of this data until they get compromised.
And we've never lived in this type of situation before.
This data is increasing, increasing every day.
So ultimately, I think what happens here is we're just going to keep seeing bigger and
bigger data compromises until people get burned enough that these companies start taking it
more seriously.
They start securing their data better.
And and the result there before that happens is I'll give you a real world explanation
is is like there was a like a sub tier ticket master.
There was a sub tier ticket master that got hacked, that my that released billing addresses
of everyone's of everyone's billing addresses and their email address.
So if on the ledger hack, you had your email address compromised, but not your mailing
address, there was 250,000 mailing addresses, but a million email addresses.
A malicious actor could use that email database and cross reference it with the previous,
you know, sub tier ticket master database that leaked and then get your mailing address
from that.
They can cross check all these different databases, you know, all these data leaks that are just
all all around the Internet.
So you really have to be trying to cover yourself nonstop all the time.
And no one's saying it's not a big task.
It is, but you just you just do your best.
I think the the issue with phishing is interesting because if you're always lying to your services
that you're interacting with and giving them pseudonyms, and then you get a phishing message
that says, hey, pseudonym, you need to do this or your social security is going to get
wiped out or whatever.
It certainly makes phishing a lot less effective.
Yeah.
All right, well, we're going to try to move pretty quickly and move on to questions in
about five minutes, but I think we'd be remiss if we didn't talk, Matt, particularly to you
for a second about mixers for folks who may not be familiar with them.
Do you want to give a quick kind of recap of what they are, how they work and your personal?
I personally like to make the differentiation between mixing and coin join.
So mixing is historically have been the centralized services that try and give you some privacy
in a custodial sense.
They provide you custodial privacy where they're giving you better privacy from external actors,
but you have to trust them both with your coins and your privacy.
Coin join is a Bitcoin batch Bitcoin transaction where you send Bitcoin with other participants
as a collaborative transaction that uses Bitcoin best practices to try and improve your privacy.
And the key here, the reason is because all this data leaks that we're talking about just
on the last slide, just in the last 15 minutes, when we're talking about cross referencing
data leaks on the Bitcoin side, we just have this this transparent ledger that if we're
right is going to be there forever.
It is never going away.
We have this transparent ledger that everyone can look at.
They can see all these transactions happening both in real time and historically, and then
they can cross reference that on any future data leak you have.
So if you're not using if you're not using the Bitcoin ledger in a responsible way, in
a private way, thinking ahead of time about how you're using it, you can either get screwed
from the side that your private information leaks in the future and someone could then
use that information leak to figure out past transactions you made.
And or it could be the opposite, where you could be a otherwise private individual and
your lack of proper Bitcoin usage actually is the data leak that exposes your privacy.
And that's what we saw with the Twitter hacker, where the Twitter hacker, you know, didn't
have a fantastic OPSEC, but really the nail in the coffin for them was how they interacted
with the Bitcoin ledger.
The Bitcoin ledger just blew them wide open.
Now is there big that was their big privacy shortcoming.
Jameson, a similar question about Tor, I was jokingly asking you before if you would describe
yourself as a Tor maximalist.
Myself no.
I mean, I use it from time to time when I want even better privacy, but it's not something
that I use 100% all of the time.
There are, of course, trade offs between privacy and convenience.
And for example, if you're going around the Internet on Tor all the time, you're probably
going to find it's a lot less convenient for you.
A lot of sites will be broken or will outright block you from using the service in the first
place because of a lot of attackers use Tor.
That even happens a bit less likely to happen.
But it even happens just if you're using common VPNs.
So there's different levels of privacy and convenience that I make a conscious effort.
So I stick to VPNs 100% of the time.
And then when I'm willing to trade off some more convenience for more privacy, then I'll
use Tor for more sensitive stuff.
Cool.
Yeah.
So I mean, just to expand there, the difference in trade off there is when you use a VPN, you
have this trusted relationship with your, I mean, if you use a hosted VPN, a shared VPN,
which is what most people are using, which is what we were talking about earlier with
ProtonVPN or MolVat or something, there's a trust relationship there where you're trusting
that hosting provider.
But in return, what happens is you're getting a faster experience, a more convenient experience
than if you use something like Tor, which is trust minimized.
That's the main trade off at least.
So I think we're going to move into questions just a second here.
The one thing I want to ask Jameson before we go in is we'll show some links in a second
where people can learn more about your kind of privacy rabbit hole.
This itemizes a few of the things that you did.
Was there anything that you want to call out here that was surprising as you learned along
the way?
Like maybe how much this cost, maybe how there was a higher or lower social cost to some
of this?
I mean, when you went on this journey, I guess it's 2018, 2019, what surprised you?
I mean, I knew it would be hard.
The big problems that I ran into is that you still have to have trusted relationships.
So just like Matt was saying, when you use a commercial VPN, you're entering into a trusted
relationship with that company.
And I was doing other things, setting up various legal entities.
I had to enter into trusted relationships with attorneys and bankers.
And in pretty much every case, they leaked data and let me down at one point or another.
Nothing that was too critical, but still major annoyances.
And this was a recurring theme really, is that I really found that I couldn't trust
anybody perfectly, like even members of my own family.
I could not trust to keep certain secrets.
And so that was actually why after a few years, I redid everything with even higher level
of paranoia and less trust in any third parties.
But the biggest pain for me that I ran into was the driver's license issue.
And that's because in the majority, if not all states in America, this is the point where
the government really tries to get you and pin you down because they tend to require
multiple hard proofs of residence.
Things like utility bills and bank statements and things that are very hard to get without
actually renting or owning a physical property.
They're really trying to pin down your physical location with that stuff.
And so that ended up being one of the biggest expenses too, is just finding a really crappy
property that met those requirements that I could then use for my driver's license.
Yeah, I mean, getting a driver's license, you kind of have to do three, five multi-sig
with different PII containing documents.
So all right, let's jump in here.
We've got a bunch of questions for the audience.
We've got just a few more minutes booked, but we can go a little bit longer.
So the first thing, and this is something we see a lot, is a question, how can you protect
your privacy with Bitcoin after you've already been KYC'd by the exchanges?
This is a situation a lot of people are probably in.
Well, that's where mixers come into play.
But then you have to realize that if you are mixing your coins and actually not necessarily
even sending them back to the exchange, I think we've heard of some exchanges that even
look forward to what the withdrawals are doing.
Basically if you're improving the privacy of your coins too many hops close to where
they're coming in and out of the exchange, you're then risking getting kicked off of
that exchange.
Yeah, Matt, anything you want to add there?
I mean, look, so when we talk about KYC, we're talking about this identifying information
of your personal ID.
Sometimes they require a passport, sometimes they require a driver's license, social security
number, mailing address, name, occupation sometimes, they get really crazy on it.
Sometimes you can't use it unless you have your bank account attached and that bank account
has its own proxy, KYC, because you can't open the bank account unless you provide all
that information.
And all of that can then be tied to your Bitcoin transaction history going backwards and forwards.
And we spoke about this earlier that this ledger is there forever.
So you need to be very careful about trying to reduce the damage that that information
can happen, because what happens is your transaction history leaving the broker of the exchange
can leak and also your KYC info can leak and we've seen it leak in the past from these
exchanges.
I'm pretty sure Binance happened to them, it was an unconfirmed report, but it seemed
like it did.
We saw the ledger happen, they're not an exchange, but still these exchanges are massive data
honeypots that have your private information and you have to kind of just assume that they're
going to get leaked, stolen, shared, bought, you know, like this is like the kind of situation
we live in.
So then you have to ask yourself, OK, I've already KYC'd, I've already bought Bitcoin,
so I've already shared my personal information with this service.
They know I own Bitcoin, they know how much I bought at the time.
If you use CoinJoin and use better Bitcoin privacy practices going forward, you can reduce
the data leak of your future transaction history after you leave that service.
But obviously you can never erase the fact that you've purchased those coins and how
many coins you purchased and how many you withdrawn.
You just can't, that's impossible to remove that record.
So you just try your best and you try and reduce that and you try and use non-KYC means
as much as possible going forward.
But it's just a constant trade-off balance that you have to deal with.
Another thing that I don't think comes up a lot is like if you know that you're going
to be moving soon and you want to keep using AML KYC services, sign up for all of them
like right before you move and then in my experience, they never ask you for that information
again or ask you to update it.
So that's one potential easy compromise, I guess.
Cool.
So I think this digs into another good question, which is non-KYC coins are in demand, but
often more difficult to acquire.
Can you comment on physical security purchasing BTC directly from others or with local bitcoins
or a similar service?
Well face-to-face trades are the most dangerous thing you can do.
If anyone takes a look at my GitHub where I'm tracking all of the physical attacks against
Bitcoiners, I think close to half of them are for face-to-face high-value trades.
So definitely be very careful about your physical security.
If you're going to be doing that, it needs to be out in the open in a public place with
video surveillance so that if anything does go wrong, you have a lot of evidence that's
collected automatically.
Otherwise, you can use more sophisticated means of doing private peer-to-peer transactions
that don't have that physical danger.
But of course, it's going to be involving trade-offs again.
It's not going to be as fast or as convenient as just clicking buy on an exchange.
I would just add that if you use cash, it's going to be the most private way, but obviously
you have cash on you.
So when you're physically in person trading that cash for Bitcoin, obviously you're at
a heightened security risk.
Just to go back on the previous statements about KYC and exchanges, this is not me dismissing
all KYC services.
Businesses that operate in the Bitcoin space and interact with your bank account or a custodial
service are compelled to require KYC, and I'm not dismissing all of those companies.
What I'm saying is if you are going to use one of those companies, make sure you fucking
trust them.
You're trusting them with your private information, and that's a relationship that is going to
go on forever.
They can't delete that information most of the time because of regulation.
So you're trusting them, and you better pick your privacy custodians carefully because
it could haunt you down the line.
Use the amount of them you use as possible.
So I've got another good question here, which is, would changing your phone number reduce
the chance of a sudden swap happening?
It depends on where you've leaked that phone number to.
The problem with phone numbers and email addresses and whatever is that people tend to have one,
and then the same problem with credit cards really.
They have one phone number, one email address, one physical address, one credit card, and
they give that information out to hundreds if not thousands of different entities, and
that's just increasing your risk of the data leaking.
So if you switch over to a completely new phone number, then that's only going to protect
you if you stop giving it out to everybody.
So maybe you have one phone number that you use for critical things and talking to family,
friends, whatever, and then you have multiple other phone numbers that you only use for
specific things to basically compartmentalize them and minimize the damage that would be
done if they somehow got swapped out.
Phone numbers suck and they need to die.
We're just trying to wait it out for now.
Okay, I've got another one.
Should people be cautious about checking their addresses or balances on a block explorer?
So we've got a question here like if I'm using a VPN, is that good enough for me to go check
out my transactions on a block explorer?
I wouldn't be too worried about it.
Obviously, the best option would be for you to run your own node and run a block explorer
on top of it, but that may be asking too much for a lot of people, but that continues to
get easier and easier.
Especially if you're accessing it over a tour of VPN, you've got at least one layer of protection
there.
Yeah.
I mean, the risk here is that the block explorer you're entering into a trusted relationship
with them and they can associate your IP address, your computer's public address, which can
also be associated with your location and if you're a sophisticated actor, potentially
your real address and name with your Bitcoin transaction.
So if you use a VPN, then all of a sudden you're adding another trusted relationship
in there and hope that the VPN provider will protect your IP address from the blockchain
explorer that is possibly connecting your transaction data.
If you use a tour, it's a little bit more trust minimized, but then there's these exit
node issues if you're not using an onion site.
Blockstream.info for instance, their block explorer has an onion site.
This all sounds very complicated, but ultimately the reality is that there's going to be different
trade-offs here for all of these different things and you're going to have to kind of
think about it and look at it and decide what's best for me in my given situation.
But as Lop said, the best option when you're interacting with any of these Bitcoin services
is to use your own node and fortunately it has gotten easier.
These packages like Umbrol and Raspi Blitz and Mynode that allow you to basically install
a node, 24-7 dedicated node on an open hardware on Raspi hardware allows you to do that.
You then also host your own block explorer and it's not even necessarily for you.
Maybe you're hosting it and then all of your Bitcoin friends, like if you're the Bitcoin
guy in your group, they can use your explorer so instead of them trusting Blockstream with
their privacy, they trust you instead and you could be that trusted party for them.
All right, so I've got one other question here.
It's about password managers, but I think it applies to other kind of like sleeve services
like we're talking about, like re-mailers or even VPNs.
So you recommend online password managers, but what if they get compromised?
Well what is compromised really mean, right?
There's so many different ways, you know, ideally if you're using an online password manager,
you know, like LastPass for example, which some people are not a fan of because it's
closed source, there's more trust there.
The reason why these password managers are supposed to be secure against the company
or the entity behind it having internal attackers is that all of the encryption and decryption
of those passwords should only be occurring on the client side and any data that gets
sent to the backend servers should be just fully encrypted blobs that, you know, even
if a government entity got into their servers, they would not be able to access it.
So you know, that's what I would say the main question is around like what if the password
manager itself got compromised?
Obviously, these companies are highly incentivized not to let that happen because that type of
exploit or compromise would be catastrophic for all of their users.
Yeah, I mean, Lob nailed it on the head there.
I mean, the key issue there is for some of these services, you can't verify yourself
that they're encrypting it locally on your device before they're sending it.
That's the key thing.
If you can verify yourself, you know, that's where open source software comes in.
But if you can't verify yourself, then you're trusting them and you're trusting that business
reputation risk as Lob said.
Right.
That's why you're such a fan of Bitwarden, right?
Yeah, Bitwarden.
I mean, KeyPass is just really simple and has been around for a long time.
But the problem is, is like LastPass has like a really convenient extension, you know, and
it's like really easy to just upgrade yourself without really reducing your convenience much.
And that's why I would even say like for someone who's just reusing the same password over
and over again on all the different websites, for them to move to just like Apple's closed
source version of the password manager on their iPhone is probably a massive improvement
for them.
Once again, you know, who are we protecting against?
Is the average user trying to protect themselves against Apple and trying to protect themselves
against the NSA?
No.
And if we cut them out, all of a sudden, you don't have to be nearly as sophisticated.
If you if if one of the largest companies in the world and one of the most powerful
governments in the world isn't in your threat model, all of a sudden it gets way easier.
Yeah.
One thing I just wanted to drop in the chat here is if anyone hasn't been to have I've
been pwned.com, I would definitely recommend checking it out.
You can drop your email address in there or even just a sample email address and see,
you know, basically see if your email address was part of a breach.
We're a little over time, but we've got time for I think one more question here.
It's a question about five dollar wrench attacks.
So question goes, no amount of multi SIG can secure you against a physical attack where
someone threatens you or your relatives with physical violence to hand over your funds.
If it's a real threat, you will do what is needed to satisfy the attacker.
So I think this is a more complicated topic than the question is presuming.
I think you guys want to take that.
And this is not specific to you know, this isn't a specific shell here.
Well, obviously, I disagree.
But this is a very, very broad issue.
So it is correct to say that if you're under duress or you have a friend or loved one that
you really care about and they are being held hostage, held ransom, whatever, then you will
do whatever you can to get them out of that situation.
So the question really becomes what can you do?
And if you want to make it impossible for you to be put under duress and be able to
hand over your life savings, then obviously the solution is you need to put the keys to
your life savings in storage in a way that you can't access them if something like that
happens.
Now, you know, this gets into much nastier philosophical and ideological stuff around,
well, does that mean that you care more about your Bitcoin than your family member and all
of that stuff?
But from a purely like cold hearted technical standpoint, that is what I consider to be
the solution to this type of problem.
Yeah, Matt, anything to add there?
I mean, Lopp is right on point once again, but it's a security versus convenience tradeoff.
How conveniently can you access your funds in a rush?
And I think ultimately, like really, yeah, for larger amounts, like the balance has to
be, and this is something that Casa has been trying to focus on as a business, is you want
to make it as difficult as possible for you to access your funds in that kind of situation.
And it's in practice, really, the goal is almost like when you see these home security
signs out front that says like protected by ADT, the idea is that if enough of us are
doing it, especially higher value Bitcoiners and public Bitcoiners, then it acts as a deterrent.
It's basically it's not that like in a specific situation where a loved one is being held
hostage or something, God forbid, that that that like, you know, maybe this like completely
illogical attacker will, you know, act in a logical manner and walk away and you just
have to hope that he's not a fucking crazy person.
It's more of a like we don't negotiate with terrorists in general and know this going
in.
So don't do the terrorist attack because we don't have the means to negotiate with you
even if we wanted to.
Yeah, I heard a term that I really liked earlier this year about herd OPSC immunity.
What you said just reminds me of it.
I mean, this is an ongoing issue, right?
Security is never finished.
It's always a cat and mouse game.
And we're at yet another inflection point now, whenever the price goes parabolic, it's
going to attract attention from bad people who are willing to do bad things.
And they're going to start probing.
They're going to continue to try to figure out what is the risk and reward of me attacking
Bitcoin holders in different ways.
And if we make it easier to attack Bitcoiners than it is to rob a bank, then we've fucked
ourselves.
So we need to be better than banks.
And in order to be better than banks, we need to use the technology in a way that gives
us security that is better than a single bank location.
And we have that technology.
We just need to get people to adopt it so that we can get that herd immunity that you're
talking about.
Yeah.
I mean, the interesting point, if you're using multisig correctly and you have enough keys
and you have them with the right access controls, the average Bitcoiner can actually have stronger
security than, unfortunately, most exchanges over the last 10 years.
All right.
Well, we're a couple of minutes over time.
I just want to say thanks to our audience for the awesome questions.
If anyone here is not following Lopp and Matt on Twitter, I would definitely encourage you
to do that.
It's a pretty fast-changing environment, and you're going to pick up all kinds of great
stuff from these guys.
So with that, we are closing KeyFest.
A big thank you to everyone who joined, and we'll see you next time.