BITCOIN IS CLOSE TO BECOMING WORTHLESS
BITCOIN IS CLOSE TO BECOMING WORTHLESS
Alright you ungovernable misfits. I'm your host, Max.
Everybody knows that Bitcoin is useless, worthless and doomed to fail.
But what if everyone's wrong? What if it's the system that is doomed to fail?
Join me as I speak to some of the brightest people in the space and slither to the deepest, darkest depths of the Bitcoin rabbit hole.
Welcome back everyone. Today's episode is with Jameson Lopp and I really enjoyed this chat.
We managed to talk about a few different topics that I had in the back of my head and who better to ask these security questions than Jameson.
He's always a step ahead of the curve and he puts out some incredible content.
A lot of time goes into making sure that people have the best information possible and I'm very, very glad that he takes the time to do it.
Before we dive into the show I want to say thank you to my show sponsors.
First up I'd like to thank CASA. Obviously I've just done this show with Jameson.
I have him on here for a reason. I really respect his opinion and I'm working with CASA for a reason because I really think they make security so easy for the average person.
Obviously their first thought is about security but they've also taken time to make sure that it's possible to be pretty private when you're doing it as well.
If anyone wants to reach out to me and has any questions on how to do this I'd happily share and yeah I really, really am very happy to be working with CASA.
The UX is beautiful and the security is incredible. Go to keys.casa for more information.
Next up we have FastBitcoins. Danny Brewster will be joining me on the show in a few days and I'm really looking forward to speaking to him again.
FastBitcoins make it incredibly easy to stack sats and they do things very differently.
We will reveal more when I speak to Danny but I'm very happy to be working with these guys. They're very forward thinking and if you're looking to stack sats I suggest you go to FastBitcoins.com.
Finally, where are you going to secure those sats? If you're going to use single SIG or multi SIG you're going to use a hardware wallet and you better make sure it's a good one.
I really love using the foundation device's passport. It's beautifully designed, the team are awesome and it's fully open source.
One of the things I really love about this device is it's just so easy with the QR scanning. I think until you've actually used it it's hard to imagine how different this is to what you're probably used to but it's become the hardware wallet of choice for me.
I use it all the time and I actually enjoy the process. I find it very, very simple. I've set a few friends and family up with it. They love it as well.
If you haven't seen one or you haven't tested one I suggest you go to FoundationDevices.com. There's loads of tutorials. Bitcoin Q&A has done an incredible tutorial on how to set one up.
If anyone has any questions please do feel free to reach out and ask me. I'll be happy to answer any questions.
If you do decide you want to go ahead, you want to buy one of these things then you can use Bit by Bit as your code on checkout and you will get $10 off your purchase.
I really hope you enjoy the show and as I said, any questions please do reach out.
Hey Jameson, I've boosted everything right up now. Is it coming through better now?
Yep.
Perfect. Alright, sorry about that. Well, welcome back on the show and nice to speak to you again. How have you been?
Busy, busy.
I've been reading through some of the things that you've been working on because one of them I'm actually updating at the moment, the seed storage stuff, seed plates and bits and pieces.
You haven't slacked there. You seem to have covered pretty much all of them. Do you do that yourself?
Yeah, and I'll actually be publishing this year's, I think it's round five of those reviews with like another dozen or so devices.
So this is just one of those. I have probably three or four like annual projects that I do every year and then I'd have at least three or four more just ongoing kind of continuous projects, all of which are linked off my website.
But with the metal stress test stuff, that's the type of thing where just for my own efficiency and sanity, I really need to do larger batches of them because it basically takes me a whole weekend just to do the stress tests.
So I usually wait until I'll collect them over the year until I get to like 10 or 12 or so and just do them all at once. And so that has resulted in me ending up doing about a batch every nine to 12 months for the past few years.
It's such an important thing as well. Like it's the one thing if you fuck that up and you think you're all secure and you've got everything sorted and there is a fire or something and it doesn't withstand the heat, you're in serious trouble there.
It's something I'm updating at the moment. Have you ever used the seed mint or seen them? The like stamping kit?
That one doesn't ring a bell.
Okay, I'll have to send it to you. It's kind of like a block mint if you've seen them before, but like a bit more hard wearing all made of solid brass and then you put your washers in there like stainless washers for stamping so you don't lose your fingers or whatever.
It all keeps everything in place and makes sure that everything is adjusted correctly.
Oh yeah, I'm looking at the GitHub right now. I'll need to add this to my to-do list for next time around. Is this looks like a more do-it-yourself type of thing rather than something you purchase?
Yeah, so you buy that or you can either mill it yourself or you buy that. I just bought one because I don't have the equipment to do it and then you have your washers and for as many washers or as many seeds as you want to stamp forever, you just use this unit, which I thought was pretty cool.
So that's what I've done and then just use the washers and a nut and a bolt and then saw them away.
Yeah, I think most of the do-it-yourself options tend to use washers just because they're so readily available and I think I've only tested one of those and my problem was not with the washers but more with the bolt and how they were held together.
It held up really well for everything though during the crush test I could tell that kind of depending upon how the bolt was set up and if there was any sort of wiggle room or looseness then you had some potential for the bolt to basically shear apart and then of course the washers would go everywhere.
Yeah, that's a good point and then you don't know which way around they are and I guess unless you put stamps with the numbers on them.
Yeah, but even then you know if you lose more than a few of them that becomes a problem.
Yeah, good point. I guess it's just having backups on backups, isn't it?
But yeah, I'll have a look through the rest of them there but I just thought I'd mention that one because I particularly like it.
I've been reading through the Forbes op-ed that was done as well. That was an interesting one. I liked the part you were saying about like people are starting to change the way they're thinking about their security because it's going from wealth creation for a lot of people to wealth preservation.
And it's something that I've noticed really between like circles of friends and Bitcoiners that I'm speaking to that their minds have really shifted to this like okay maybe I was right and now I've got more wealth than I thought I possibly could have.
What do I do now? Now I need to make sure that this is secure and it's almost more stressful than the fear of losing what you've put in as an investment when you first start because it's like well I actually have something to lose now.
Like this is something serious and this is for my family. So are you seeing that that's a big shift generally and people are asking more about that because I was actually surprised to see something like that in Forbes.
I had sort of had the opinion that they sort of they weren't thinking along these lines.
Well you know that's the nice thing which I think not many people have realized yet. You know I started writing articles for Forbes a few months ago and I don't know if they really announced it but basically Forbes has revamped their whole crypto
journalism section and have put a lot of effort into bringing more experts in as contributors and this was almost a year long process.
I think I started I had to go through this whole application process with them to get vetted and everything and it took them almost a year I think to approve me.
But basically the cool thing about being a Forbes contributor is that you have a decent amount of free rein to write almost whatever you want as long as it's within your approved like area of expertise.
So when you see a Forbes article that's written by me nobody told me to write it or assigned it to me or anything. It was just something that I decided would be a topic that would be good for a more mainstream audience.
And you know I write I try to write at least one article a month but I publish to a number of different places. I've written for probably at least 10 different websites over the years but most regularly these days I either publish things to my personal blog or to the Casa company blog.
Sometimes to Bitcoin magazine or to BTC times which I'm on the editorial board of. And so for me it's I have no lack of things that I want to research and write about.
It's usually more of a question of what's most pressing and where is the best venue to put it like what's the audience going to be. So if it's a really really technical long form thing it's probably going to go on my personal blog if it's somehow related to stuff we're doing at Casa it'll go there so on and so forth.
So is that something that you particularly enjoy doing if you're writing one article a month because it takes it takes a lot of time to write or maybe that's just being a bit dyslexic but is it because you love doing it or is it because you just think it's so important that you want to get it out there.
Yeah it's because I think it's important. I certainly do not write because I think it's going to get me a large audience I would say most of the things that I write are so technical and low level that only a few hundred people even bother to read them.
So, you know, I get to see some of the stats for other contributors to various publications that I contribute to and the more mainstream like high level things that are like around price movements or on screen you know popular stuff like that'll get an order of magnitude if not
multiple orders of magnitude more viewers and readers than the stuff that I write. So I'm not optimizing for massive audience and readership. I'm optimizing for depth and exploring new things that just not many people have the knowledge and the skills to be sort of on
that edge of the envelope or being you know looking in that dark corner of the Bitcoin rabbit hole.
Yeah, well that's one of the reasons I was particularly excited to have you on the first time and today is because you know that really the privacy and security is is what you do. And it's definitely the way that I'm pushing this show is to try and help people on a much more basic level because I'm a fuckwit and just doing my best and sort of like muddling through it.
But, you know, there's a lot of things at the moment where I'm trying to improve my security I'm trying to improve my privacy, and it's so important to get this stuff out there but there seems to be this big gap between someone like you who's really understanding this on a very very technical level,
and then the people who just want to be private and secure, but they don't have a background in computer science and all this kind of stuff and so that's a big thing for me with CASA, where I'm like, you know, this is very very nice that someone who doesn't have the knowledge can actually be very secure.
And that's something that draws me to it, but I did have some questions outside of CASA and outside of your writing which is, I've been playing around a bit more with lightning, and I get a lot of abuse from a lot of people saying oh lightning is pointless and it's having to take off
and take off blah blah blah especially the privacy people, I actually think it's really cool, but I do have some concerns on the privacy side with it, and on the security side with it and I wondered if it's something that you're giving thought to, and whether you have any like, on a more basic level
for example, I use a Raspberry Pi Blitz, most people seem to suggest that and think that it's as a node package, one of the better ones. Do you have any advice around these sort of things or anything that you can share?
Oh, do I, yes. CASA built and shipped our own lightning and Bitcoin node product for somewhere between 18 months and two years we did two iterations of that and so you know we discontinued it because it was just a massive support nightmare.
And, you know, not profitable, by any means.
You know, we, we originally did it because we wanted it to be you know kind of the next part of the suite of the you know self sovereign Bitcoiner setup that CASA was offering and like the short version is that even despite building a lot of nice UX and
user friendly interfaces on top of the lightning stack.
I would say the biggest fundamental problems that we ran into is just the fact that we're a software company and we were shipping hardware that was getting deployed into unknown environments.
So we ran into all these crazy edge cases and you know people's home networks and their ISPs and and other stuff that caused a lot of trouble trying to debug, like you know trying to help someone who's not familiar on the command line to like get inside of
Raspberry Pi and get you logs and diagnostic information. We, you know, we did have, we built in some various diagnostic information stuff with good UX and that would work some of the time but in other cases, you know, even that wouldn't work due to
various failures on the device itself. So, long story short, it's just, it's a lot more onerous to ask a non-technical person to operate their own hardware, if they don't, especially if they don't have networking knowledge.
Also, what we saw, I mean one mistake that I did regret, which I should have pushed harder for is the first iteration of the Kasa node had a spinning disk, and I knew that that wasn't optimal but we had a ton of spinning disks, I think, due to a previous product that we had set up that was similar to that.
And I would say that was probably the biggest failure that we saw is, you know, these tiny little two and a half inch spinning disks just, they don't last that long so like solid state drives are the way to go.
Especially with
these like Bitcoin and Lightning nodes. I've been running these tiny micro node things ever since probably like 2014 or 2015 bit seed and bit nodes I think were two of the first ones that came out back then.
And, you know, those iterations made some fundamental mistakes where they were using micro SD cards for everything because back then you could fit the whole blockchain on, you know, 100 gigabytes or so.
And we found out very quickly that doing all the Bitcoin related stuff on a micro SD card is going to burn out a micro SD card and usually a matter of months.
So that was kind of similar to what we then saw with the Kasa node and spinning disk is just, it's pretty disk IO intensive.
And so when you have moving parts.
They tend to fail. So that's why it's better to have solid state without as many moving parts, even getting beyond
just the hardware and networking issues.
One of the primary problems with lightning, you're compared to doing high security on chain stuff is that you have single points of failure.
First of all, you know you're keeping private keys on what is essentially a hot wallet, and it's, it's automated and stays unlocked, and I mean this is getting pretty technical, but one of the reasons that the people end up losing money when they're
using lightning nodes is because the the wallets and the data that they're creating is non deterministic.
And so this is actually kind of a regression, where in the very early days of Bitcoin, before we had HD wallets, which is hierarchical deterministic wallets.
It would just generate like 100 random private keys, and then create more private keys as needed. And the downside to this where a lot of people lost a lot of coins early on, is they didn't realize that you had to be constantly making backups.
Otherwise, you would be using private keys that you hadn't backed up even if you backed up the initial set of keys.
And so, the same thing happens now with lightning if you don't set up automatic backups, which is that, while the on chain lightning wallet is deterministic, all of the stuff that's happening with the channels, and, and like the payout the final payout addresses
when channels get closed, those funds end up going to non deterministic addresses where the only way to recreate them to re derive them is to have additional data from like the most recent channel state itself.
So, if you have a massive, like hard drive crash or file corruption or whatever, and you don't have that actual wallet database anymore like you weren't automatically backing up the full wallet database.
You have to fall back to this static channel backup recovery procedure, which uses the seed phrase, plus a little bit of data for each channel, but that alone is not enough to reestablish and recreate and close out and retrieve the funds that were in the channels.
I think what a lot of people don't realize is that with those static channel backups.
It's still required to get a little bit more data from your channel peers, in order to get the most recent channel state.
And so, you know, I've actually spent a few hours this past weekend and a lot more previously, helping people recover from crash lightning nodes. And really what I see happen fairly often is if people aren't paying attention and their node crashes, and then they don't bother to try to
recover it for months or a year, then what ends up happening is some, if not all of their channel counterparty peers will go offline, you know, leave the network probably permanently.
You have no idea whether or not they're going to come back online. And if they're not online, then you're not going to be able to reestablish those channels and retrieve the funds that were in the channels themselves.
So it's a lot more complex than on-chain Bitcoin. There's pros and cons. It will never be, I believe, as secure as on-chain Bitcoin.
I don't think you can ever create a layer above a protocol that is more secure than the protocol below it.
But of course, there's reasons why we use it. And that's because it's faster and cheaper to actually make payments. So, you know, this is the type of setup that I think is good for retail wallet type of cases.
And especially if you're running a node with a lot of value, because maybe you're a merchant or an exchange or you're trying to be a profitable routing node, which I've also spent a lot of time investigating, playing around with,
then that moves you from what I would consider to be like a hobbyist node runner who hopefully doesn't have more than a few hundred or a thousand dollars or whatever on the node.
To if you're putting tens of thousands or hundreds of thousands or millions of dollars onto a Lightning node, then you need to be doing enterprise level management with multiple redundancies and backups on the databases and basically every channel state update.
And watch towers can play a role here, but I think if you're an enterprise level, you would not be outsourcing to other watch towers, but you would be setting up your own watch towers as well.
Yeah, I mean, I'm certainly not playing around with large amounts. It's just more just to learn and play around with it.
But I try and back up onto a memory stick and also on Dropbox as well, which I don't know how I feel about privacy wise, but that was what was advised.
I've got those two backups on the Raspberry Blitz, but yeah, with larger amounts of funds, I don't know, I would certainly not feel comfortable at this point personally.
Yeah, I don't know how Raspberry Blitz is doing it, but I'm not running any Raspberry Pi nodes anymore.
I'm running a really beefy node in a data center where I know that it has multiple redundant backups, both at the power level and the hard drive level.
And I've also set up manual backup scripts where it basically watches the channel backup file and every time that file gets updated, it shoots off a new copy of it to Dropbox.
And that is okay because if you're only backing up that static channel backup file, it doesn't matter if a malicious third party gets a hold of it. They can't do anything with it unless they also have your seed phrase.
But in terms of privacy, does it matter? Like if they have that, can they sort of work anything out in terms of like possibly where you are or who you are? Does it leak any extra data possibly or not?
Well, that's a whole other thing, right, is that I have a blog post from earlier this summer when I really started going deep into sort of enterprise level lightning node management.
And I set my lightning node up to be 100% Tor only, both for the Bitcoin node and the lightning node. And I suspect that this is actually probably detrimental to my goal to be a profitable routing node.
You know, Tor is slower and it means that non Tor nodes can't make connections to me. I have to make connections to them. I think it's just it's a lot more limiting in a variety of ways.
But I did that because, you know, I'm a cypherpunk and I wanted to push the boundaries of doing this all privately.
So it really depends on your node setup. Once again, I'm not as familiar with Raspberry Blitz and what their default configuration is.
But unless it is very specifically Tor only for both Bitcoin and lightning, then you're probably leaking some data via IPv4 or v6, various clear nets.
Yeah, I think that's the thing that maybe pulls me away from using it more. I believe everything that I have, as long as I've set it up correctly, is all running over Tor.
But I do always think, well, is everything correct? And is there a way that when I'm receiving payments, is it then going to leak my IP somehow to someone?
And I remember setting up BTC pay server or actually I never managed to I fucked it up and it never worked. But I was trying to use what was it called?
It was basically a way of obscuring like it was one hop away from my IP so that it wouldn't link. I can't think what it was called now. It's gone from my mind.
But it seems there's lots of like tricks that you can do like this. But it's it still seems to me that it's certainly not simple to do privately.
Whereas I kind of feel with the on chain Bitcoin stuff now, like I feel pretty comfortable running a Ronin dojo and having that link to a samurai wallet and just using that for all my spend and having everything done over Tor.
I feel pretty comfortable with that setup. I just feel like, yeah, it's not quite there for me with lightning.
But do you think that comes in the next couple of years where it's it's a little bit more simple for slightly less or a lot less technical people?
I mean, maybe a bit. There's various ways it could go.
I think if at least on the lightning side, it's always going to be more complicated if you're running your own full node and have to deal with all the networking stuff around that.
I would be more optimistic about more like lightweight neutrino based lightning wallets that you could just like run on your phone.
I suspect that will be far easier for developers to build a nice user experience around. And it should be good enough for mainstream use.
You know, people who just want to be able to send and receive and they're not worried about being a routing node or contributing liquidity basically to the network.
So these are all things that we're kind of pondering ourselves at CASA and trying to figure out how can we push forward the user experience of this?
Because I don't foresee us going back to the full node lightning route for our users, but we definitely have users who want CASA lightning support.
Yeah, I can imagine so because it's really starting to take off. More and more people are starting to play around with it.
I can't remember if it was you who wrote this piece, but I remember when I first signed up because I use CASA for a percentage of my holdings, not for everything, but for a percentage.
And I remember reading an article and I'm pretty sure it was from you on how to use it privately.
I wonder if you've got any updates on that because my understanding at the time was basically use an email that doesn't dox yourself.
So set up something new, then ideally send funds that are post mix from Whirlpool so that ideally it doesn't have any links to your identity.
And then once you set it up, pay with SATs and run everything via a VPN.
Is there a flaw in that? If you're looking at it, are there any attack vectors where you would be concerned with someone who really cares about their privacy using the service?
Well, so CASA will never be as private as certain setups where you do everything yourself, right?
This is one of the trade-offs where our top priority is security, privacy is, well, I would say our top priority is security.
Our second priority is user experience and then privacy is probably third.
And there's friction here, like you can't optimize for everything.
And in order for us to offer a better user experience, we need to be able to easily communicate with our users.
And if we can't communicate with them, it becomes a lot trickier.
So, you know, the fact that we even have to use emails in the first place is suboptimal on the privacy standpoint.
However, I will. So as it is, like when if you're familiar with the process for like signing and creating a fully valid multisig transaction with CASA,
it basically involves you get an email, the email itself doesn't have very cognizant about not putting any information about your transactions or your balances or anything into these emails.
It basically has a single link that you're clicking on and then you hook up your hardware wallet and verify everything on there and sign the transaction.
One thing that I'm really excited about, not only not so much from the privacy perspective and somewhat,
but more just from the user experience perspective is the what I consider to be like next generation of hardware wallets, which don't use USB at all.
So that's the basically the standard and foundation that are using the animated QR codes for transmitting data back and forth.
We do know that cold card 4.0 is going to have near field communication, which I'm also hopeful will drastically improve the user experience
versus having to use micro SD cards and adapters and moving files around and stuff like that.
But just talking about privacy in general, it's complicated, right?
Because it depends on what threats we're talking about, what shear attack vectors that you're worried about.
And the sort of extreme case, of course, is nation states.
If you're trying to be nation state resistant, you should probably assume that they'll be able to find all of the email addresses that you're using
and even assume that they can come to CASA and coerce us into handing over whatever information we do have about you,
which should only be if you're trying to be private, should only be that burner email and maybe a pseudonym.
And then it really comes down to what you're doing with your keys.
And so that's why CASA doesn't want to know where your keys are or what you're doing with them.
We have one key, so you should assume that that could get coerced somehow and used against you.
But this is what the sovereign recovery process is for.
Even if somehow either CASA ceased to exist or we were forced to stop servicing your account for whatever reason, that you can always route around us.
So privacy is really hard, especially if you're trying to have perfect privacy.
You can never really know that you have perfect privacy.
All you can really know is that to the best of your knowledge, you haven't been compromised because you haven't seen anything weird happening.
Yeah, that makes sense. Like you said, it's all trade-offs.
It's a question that I get quite often from people who listen to the show and they're thinking about using the service.
And that's always the advice I give is just the things I've said about using the VPN and the burner
and on the way in and on the way out to make sure that they're mixed.
And I'm like, that's as good as I can suggest for now.
But that is a specific group of people who listen to the show who really care.
And the average user isn't even thinking about it, I imagine.
And like you said, it is about the security that you have to focus on mainly because, well, you're a security company, aren't you?
I mean, this applies both to the privacy and security aspects, which is that you should think through what happens if CASA becomes my adversary.
It doesn't really matter why. You can assume government coercion. You can assume whatever.
But assume that CASA turns malicious and wants to use anything that CASA has against you.
So that's why it's important that you give as little information as possible
and that you don't trust us with a sufficient quorum of keys that could be used to prevent spending or spend without your permission.
Yeah, definitely. The other thing I was looking through that seems like it's one of these projects that you are constantly working on
and it's quite interesting is the financial disclosures.
I had a question from reading through that. All the way down one column, all the financial disclosures say they were disclosed in 2020.
Is that just because they had to for some reason or is that just that a load of them woke up in 2020 and went, fuck me, I need to buy some Bitcoin?
What was the reason there?
Yeah, I mean, I learned a lot about congressional financial disclosures. I had never looked into this stuff before.
And basically, every congressman is required to file an annual financial disclosure.
There are also periodic transaction disclosures, though I'm not sure what the requirements are around them.
A lot fewer congressmen file periodic transaction disclosures.
Some of them do one every month if they're really active. Some of them never do. And I guess it's more of an optionality thing, not a requirement.
Now, the one thing that I noticed and the reason why I didn't publish this project until like September of this year is because
I might get the dates wrong, but I think that the annual disclosures are due in March or April,
so that the 2020 disclosures are supposed to be filed in March or April or May or something of 2021.
But it seems from me looking through hundreds of these disclosures that a significant portion, if not the majority of congressmen,
don't file their disclosure then, but instead they file an extension. And it's like a six month extension.
So in reality, most congressional financial disclosures for the previous year are not actually filed and available until around September or October.
So I expect that about a year from now I'll be going through this process all over again and seeing who's updated what,
but I don't really expect a lot of change to happen before then. There are a few congressmen that I'm keeping an eye on,
just checking to see if they're doing any periodic transaction disclosures. But other than that, it's weird.
I guess I didn't want to go into this in my write up because it would have kind of gone off on a tangent, but I've seen a lot of patterns as well,
just looking through the assets that are owned by these congressmen. And surprisingly, a lot of them disclose almost no assets.
Maybe that's because they're just really young and they don't have any assets. I don't know.
A number of them are fairly, I would say most of them are what you would consider like fairly mundane type of middle class,
have a few hundred thousand dollars and it's all in like index funds or mutual funds. It's very boring type of investing.
And then on the extreme, there are a non-trivial number of congress people who have portfolios in the tens or hundreds of millions of dollars
and they file financial disclosures that are hundreds of pages long and they're invested in everything.
And some of these are just highly, highly diversified financial portfolios.
And then also I noticed a trend that a non-trivial number of them are real estate moguls and that they own almost no financial assets
and instead their entire portfolio is real estate. So I found that to be interesting too.
I wonder what happens over time or whether you have any thoughts on people moving out of property and moving into Bitcoin
because it's something on a small scale. That was my previous business was property. I sold off everything and moved into Bitcoin
because I see it as a risk and also a lot of hassle. Tenants are a pain in the ass. Regulations are a pain in the ass.
The way they sting you on the taxes is a pain in the ass. You've got the risk of the market crashing, especially when it's as toppy as it is.
There's all this risk. And at the end of the day, if something goes wrong or a government wants to screw you over or some sort of pandemic
or whatever bullshit is going on in the world, you're very vulnerable. Whereas if you have your stats properly secured, well, certainly I feel a lot safer.
Do you think that's a trend that will continue and more people do start to see this as digital real estate?
That's really tough to know how the actual Congress people view the threat of the government. They probably view it differently than we do.
Probably. Oh yeah, another thing that I think this is fairly well known, but it seemed like the majority of Congress people own
Pfizer stock, which I found to be another interesting outlier. Shocking. What a shock.
Even among the folks who had very small portfolios, Pfizer was almost always showing up and anybody that was disclosing more than one page worth of assets.
Show me the incentive. I'll show you the outcome.
Yeah, the other trend, of course, it's easy to see if you look at my page and just sort by who has disclosed Bitcoin ownership is that 100% of them are Republicans.
So that's another thing that I'm keeping my eye on is when will the first Democrats decide that they're interested in sovereign money?
Or is that going to be a trend that continues, which would be, I think, ridiculously stupid for Bitcoin to be a partisan thing, but I can understand how it might be that way
because I suspect that the more liberal leaning folks are probably also more liberal when it comes to monetary policy.
Yeah, that's something I've noticed actually quite a lot is definitely the more left leaning people are more opposed to the idea. And a lot of the time it's this kind of like environmental fad or that kind of stuff that people say.
And it seems like a nice virtue signal for most of them of like, oh, well, we don't care about money and we don't care about the environment and all this sort of bullshit that goes along with it.
I've been jumping in a load of communist spaces on Twitter over the last couple of days and trying to just like understand what the fuck they are talking about. But definitely they hate Bitcoin, which is interesting to see.
It's just another thing that's dividing people at the moment. Presumably, at some point, they're going to have to jump on board. And I suppose maybe it's best they wait a few years so they have less control.
Yeah, I think the biggest surprise from this project was just how few of the most vocal Bitcoin proponents in Congress have actually disclosed owning it.
And I get some pushback when basically whenever I see some bold pro Bitcoin statement from a congressman now on Twitter and they haven't disclosed owning it, I'm just going to reply.
They don't have any skin in the game. I don't believe the shit coming out of their mouth. As far as I know, they're just pandering.
And of course, I get some pushback on that of like, well, maybe they just have good OPSEC. I'm like, well, sure, they could own it and not disclose it. And that means that they're breaking federal ethics laws.
Not to say that no one in Congress ever breaks any federal laws, but my preference would be that these people do more than just social signal and they signal with their assets. Show me your skin in the game.
Yeah, they don't break any ethics before 8am at least. But yeah, it's kind of, I suppose what they could do is the argument would be like, if they have good OPSEC, they would keep their mouth shut.
But maybe they can do more than virtue signal and they can say, well, yes, I do own some. They can let people know they own some. It doesn't mean they have to let people know that they own everything.
But it just gives a bit more confidence to people when they see that actually they are disclosing these things. And I mean, they should be doing their job properly and actually caring. But I don't know whether we can actually believe that they're going to do that.
But it is an interesting trend. I don't think anyone's done it in Europe, been taking note of what people are doing. That would be quite an interesting thing to see in the UK.
Yeah, I mean, it would be great. Like I created this as a crowdsourced project as soon as I realized that it was way too much work for me to spend like 40 hours going through all of these disclosures.
And I have no idea what the state of financial disclosures for politicians in other countries is.
I believe the US only really started putting these documents online about a decade ago. And even then, it's not always easy to parse through because I would say the majority of the filings are digital and text.
And you can just do a control F and search for Bitcoin or GBTC or whatever keywords you want. But a decent number, maybe 10 to 20% of the filings that are uploaded are still scans of PDFs.
You literally have to read the entire thing. I didn't try to get fancy and do like optical character recognition of the PDFs or anything like that because even that can be not accurate because on top of the fact that you can't just do a text search on these things.
Most of the ones that are uploaded as PDFs are handwritten and whoever's writing these, I doubt it's the actual congressmen themselves, but their handwriting is usually terrible and borderline illegible.
Yeah, that sounds tedious trying to read through all of that. But it's a cool project. It's nice to see this kind of stuff. And if anyone's listening and wants to jump in and help with the European stuff and help with these things, that'd be awesome.
Jameson, if you've got another few minutes, I just have one more sort of question for you. I remember ages ago, years ago, I was listening to a podcast that you were on and you were talking about securing your home networks and that from the sort of the first thing that you
should have down is that your router is a secure one and that making sure that your like home network is secure. I wondered like, because it's something I'm thinking more and more about, especially I'm moving soon and I'm trying to redo from the start.
I'm thinking, well, okay, I want to have a router that is secure but I'd also like to have one ideally that like has like a built in VPN with a with a kill switch or something like that.
And on top of that, I want to start doing some home mining, which is going to be unprofitable because I'm in the UK and they absolutely rape us on our energy bills. But I just want to give it a go and have a play.
Can you give any advice on that side of things like any big gotchas that I might do and regret?
Yeah, and this is actually one of the dozen or so draft research projects that I've started a year ago and haven't finished.
I mean, I do have a blog post or two about my experiences with, you know, full home network VPN stuff. Because, especially if you have non technical people in your household, putting VPN software on every internet connected device and making sure it's always
running and always has a kill switch enabled, it's just too onerous. It's not feasible to maintain for long periods of time. And that's why I recommended instead, you know, just have your VPN client running in one place, which is the actual router itself.
And then automatically every machine that connects to that will be protected by the VPN.
I've been doing that for probably at least four years now. And the there are some downsides.
And I would say the biggest downside is that very few routers support having this type of VPN that automatically funnels all the traffic through it.
Even the ones that do pretty onerous to set up if you've never done it before.
And they tend, as far as I'm aware, they, they tend to only support the open VPN protocol.
And that's a protocol that's been around for a really long time. It's very bloated. It's, it's not very performant. And that coupled with the fact that routers, or at least the routers you buy off the shelf, tend to be really underpowered.
They're, they have a CPU that's probably, you know, not even as, as powerful as the CPU in your phone. And that's because it generally doesn't take a lot of computational power to just forward packets through a network.
And when you are suddenly asking the router to be doing encryption and decryption of a VPN protocol for, you know, all the connected devices, then you very quickly run into the issue where the bottleneck on your network becomes the CPU and the router itself.
And so, you know, I usually am on like gigabit internet. But what I found was that I wasn't really able to get more than like 50 to 70 megabit bandwidth pushed through any of these off the shelf routers that I was putting open VPN software on.
But there are ways around that. I haven't come up with what I consider to be a user friendly way yet.
One way is to instead of buying an off the shelf router to actually build your own router basically with a desktop computer.
And this is, of course, going to require a decent amount of technical expertise. I haven't haven't even tried to do it myself, because that's just a whole other layer of complexity, but you can basically run the routing software on a desktop computer.
And, you know, if you're not a network expert, I wouldn't recommend going that route. But that's how you could get around the performance problems because then you're using a desktop CPU that is going to be capable of encrypting and decrypting the traffic at hundreds of megabits, if not gigabit speeds.
I think the more promising thing that is starting to get more adoption is a more performant VPN protocol. And that is the WireGuard protocol.
It's a lot newer. It's far more performant. I've done some testing of it, and it just blows open VPN out of the water. Now, the downside is that WireGuard support at the router level is even less and worse than open VPN support, mainly because it's so new.
So some router. So, so first of all, when I say router,
there's only really specific types of routers that are recommended for this and and generally what you have to do is in order to get the support, you can't just use the firmware that ships with the router, you have to flash the router with some open source firmware,
either the open WRT firmware or on ASUS devices, I use the Merlin WRT firmware, which basically adds in this VPN client functionality.
And hopefully someday they will just add in WireGuard functionality next to it, but I have not seen that on any like hard roadmaps yet. So I have on my to do list to play around with some other options.
There, there are, there's a class of routers called I think Ubiquiti that support WireGuard.
I haven't gone to the trouble of buying one and trying to set it up yet because I've still been reading through the forums and stuff and it still just sounds like actually configuring it is still going to be a real pain.
And even once you do what I found, you know, if you're using a commercial VPN.
The thing that I like about the Merlin WRT firmware is that it lets you put in like half a dozen different VPNs and you can actually configure kind of failovers so that like if one doesn't work it fails over to the other one.
What I found with commercial VPNs, and I'm not entirely sure why this is the case, but usually about like once a month or so, the VPN connection will just freeze up.
And so my entire home internet will shut down because the kill switch activates well, it's not even clear if it's the kill switch activating because usually it still thinks that the VPN is still active.
I basically have to go in and mess with stuff all the time is what I'm saying.
So like it's still really onerous unless you're a network expert because so many things can go wrong.
It's far from a seamless experience.
Yeah, mine goes down all the time.
It's actually a real pain in the ass.
And like for recordings and stuff like that, I often just have it off because it will just suddenly it will show that I have connection, then it will just go off.
It's like an old ad which you know is cool because you can pay with Bitcoin and like I like that side like privacy.
Yeah, and you can do it anonymously like there's doesn't even require an email address.
Exactly. It just has like a little code so it's really cool but like things like that just really piss me off and I'm just like, yeah, I was just wondering if there's a way around it but it sounds as though it's still a bit tricky.
I think the simple explanation for that or at least my belief is that, you know, what you're doing is you're creating a single point of failure and you're routing all of your traffic through one server by the VPN provider.
And I'm not sure why this is the case but it's from a network, network perspective, it seems to me like these providers ought to be able to set up basically a load balancer with a single public IP then automatically, you know, figures out what other actual
hardware servers to route stuff through on the back end.
It seems like they're not doing that, and, and they're just you know sending you literally to one machine and so when some when something screws up on that machine your whole connection screws up until you reconfigure it to point it to a different machine.
So, I don't I don't really know the, the, the back end operations of how these VPN providers are actually setting stuff up but I don't know it seems to me like a kind of a failure and infrastructure configuration on their part.
Okay. Well, it sounds like you have many, many projects you're working on but when you do have that blog post done I'll have a read through and see if I want to try and tackle this.
Yeah.
The one thing I'll say about wire guard I mean more of that is nice because it's one of the few VPNs that does support wire guard.
You know there are some technical deficiencies with wire guard as opposed to VPN but open VPN but I don't think they're really worth going into that minutia.
So, the one thing that I have noticed of reading through people talking about using wire guard is that it seems like what most people are doing is they're actually running their own VPN server, by which I mean, they go basically get a rental virtual
private server at some provider you know whether it's Amazon or, you know, pick your favorite pro privacy pro Bitcoin hosting provider, and you run the wire guard server software on that, and then basically configure your clients to all points to it.
And then you're actually in control of both the client and the server. Now of course the downside to that is that if you want that traffic to be private then hopefully whatever server hosting provider you've used is anonymous and you know you're paying for that
some sort of crypto, you know maybe Monero, maybe Bitcoin, maybe lightning, whatever. I think I've got a link in the privacy section on my site to another website that lists a number of like privacy preserving hosting services but once again, you know we're talking about
a more onerous higher level of technical requirements to get that set up. So, not user friendly yet.
Well that's always the way. I think I'm going to give it a go anyway, and then call Bitcoin Q&A or Katarn or someone like that when I inevitably fuck it up and need help but I think it's worth trying.
But Jameson thanks so much for your time. It's always a pleasure speaking to you and thanks for all the incredible content you're putting out there and allowing us to try and catch up.
Thanks for joining me and hopefully we'll get a chance to chat again soon.
Thanks for having me.