so good morning good morning what is going on everybody out there welcome to
Bitcoin philosophy for breakfast and this morning we have an amazing guest
mr. Jameson Lopp how you doing man good morning man good morning
that is awesome man so listen everybody first of all welcome to the black
Bitcoin billionaires breakfast a Bitcoin philosophy for breakfast shout out to
Adam Beaver Levine Adam Beaver Levine started this room in the black Bitcoin
billionaires group and we've been keeping it running man so everyone welcome welcome
welcome I appreciate everyone for being here this morning I appreciate you all
for coming in it's it's amazing that you know we've we've had a crazy crazy what
probably week with the price of Bitcoin but with Bitcoin philosophy for
breakfast we'd like to talk about everything else except for the price so
with that said let's get started first of all I'd like to introduce my man mr.
Jameson Lopp from Casa Jameson has been in the game for a long time but I'm not
going to talk about it I'm gonna let him introduce himself Jameson how you doing
this morning man what give us a little bit about yourself and what you do at
Casa man thanks for having me yeah so I've wow I've been in the Bitcoin game
nine years now but about six years full-time I got hooked on it and had to
leave my job as a software engineer to contribute my skills to this ecosystem
and really what I've been doing for the six years is has been fairly mundane
stuff I haven't been doing any crazy cutting-edge type of crypto stuff rather
what I've just been trying to do is help people be able to secure their private
keys better this is like one of the most basic things in the Bitcoin ecosystem
and yet I still think we have quite a ways to go we've made massive
improvements over the years but with the you know the responsibility that people
have when they get into this system it's just it can be a shock to people and we
want to avoid anyone having a catastrophic loss type issues because
that creates confidence problems in the ecosystem and we're just trying to help
people help themselves is the best way to describe it so I spent the first few
years working on enterprise security solutions for a company called BitGo
and then about three years ago I pivoted and founded Casa where we're really
focusing on helping individuals manage their private keys and self-custody
because we believe this is one of the most fundamental aspects of this space
and we want people to be confident that they can take advantage of the security
and the strength that Bitcoin is offering to people and you know this is
this is good both for the individuals and I think it's good at a macro level
that if we want the system as a whole to be more resilient then we want people to
be holding their own money rather than having everyone keep their money with a
trusted third party and basically recreating the banking system all over again man
that's that's amazing listen man that's great because here's the thing I heard
you say something in there talking about private keys so me being in a wallet
software developer back in the day right I understood that it was pretty
difficult for people at the time to understand how important it is to keep
your keys secure so we're gonna we're gonna break this conversation up into a
couple of places right first we're going to talk about security and then we're
gonna go over and talk about privacy because I love you talking about that
and the things you've been working on from that standpoint but let's talk
about security like why is it important that you know we start moving into a
paradigm of multi-seed because I know Casa is focused really heavily on
multi-seed and when I heard you say you worked at BitGo that is also a place
that they focused on multi-seed but of course like you said for enterprises so
why is it important that we start moving towards multi-seed in the in the retail
space yeah so without trying to bore people about the technicals the
fundamental thing that we're going for when we're trying to design these user
friendly wallets is we're trying to eliminate any single points of failure
because the strength of Bitcoin is that once you're holding your own keys no one
can really tell you what to do you don't have to ask permission to use your own
money and and no one can stop you from using your own money but the flip side
of that is that if something goes wrong there's no one who can help you you know
there's no third party you can reach out to to recover your coins in a lot of
circumstances so what we're trying to do here is look at the way that we're
creating wallets and look at all of the ways that the wallets can fail and try
to remove those potential failures and one of the most straightforward ways
that we do that is by adding redundancy into the system making sure that instead
of having a single key that could be lost or stolen and result in a
catastrophic loss of funds that we're instead using some of the cool
functionality of this protocol to distribute your keys and therefore to
distribute the risk of catastrophic loss so the more redundancy we build into it
the more difficult it is and the less likely it is that you will have a series
of simultaneous events that can reach the the level of creating catastrophic
loss right and that's huge right because I mean catastrophic loss is real when
you're talking about generational wealth and you stacked all of these sats for a
very long time by dollar cost averaging in and then you lose your keys I don't
have access to your wallet so listen James and there's a thing really quick
that I wanted to talk about because a lot of people come in and ask me about
this can you tell people why the gentleman who lost access to 266 million
and only had two other chances to put in his password why he's not able to get to
it because I think a lot of people believe like even if they got on the
casa that they wouldn't be able to get to their coins if they lost their
password right are they not if they lost their password but if they couldn't do
it they would lose all access to it after they tried ten times like can you
explain how there's a difference between that and what you guys are doing and and
what most people are trying to do in the spaces around security and that that
that may be too much security yeah so all of the decisions that go into
creating a wallet or figuring out how you're going to store your private keys
all of these decisions are on a spectrum and the spectrum is convenience on one
end and security on the other end and it's definitely possible to go too far
in one direction you're really you're making trade-off decisions here and the
the weird thing about security is you can have too much security because the
the perfect level of security is actually really easy to attain all you
have to do is take your private keys and destroy them and now that money is 100%
secure no one can access that money not even you and a lot of people have lost
access to their money by going too far in that direction so I believe you're
actually referring to Stefan Thomas who he received thousands of Bitcoin and
like 2010 or so for making the first-ever educational Bitcoin video
and I think it's important to note that at the time when he received these you
know it was like $20 worth so you when you're securing $20 you're not going to
extreme lengths to think through all the crazy potential edge case loss scenarios
that's that's the reason why so many of these early adopters have lost quote
unquote hundreds of millions of dollars it's because they didn't actually lose
hundreds of millions dollars they lost a few hundred dollars and later you know
it ended up being worth that much but this particular individual had you know
this was before multi-seg was even a thing so he had a single private key and
that private key apparently he put it on a piece of hardware that I'm not even
familiar with because this was before the days that even Trezor had been
created yet Trezor was the first hardware wallet I think in 2013 or so
Jameson did you get a phone call hello hello Jameson I think we lost him for a
second he may have gotten a phone call it may be the FBI telling him he doesn't
need to be talking about security so he so so openly Jameson some sort of hack
will come along Jameson allow him to access just really quickly you we lost
everything you said I don't know if you got a phone call or something I did get
a phone that's what always happens it was probably probably the feds they were
telling you stop telling people about the security but yeah go back and go
back a little bit a little bit of the ways because I think you were talking
about Stefan and that he had it on a hardware device that you don't even know
what kind of hardware device it was because it predates everything that
we're doing now so go ahead yeah start from there please yeah so he had you
know the single private key on that device and just due to the nature of the
hardware the only way you can access it is that pin and apparently he did not go
to extreme lengths to back up the pin and you know some time went by before he
eventually tried to access it again and realized that he did not have the pin
and this this happens to a lot of people in the space where they create a setup
but then they don't test it and they don't regularly check and validate the
health of that setup so that like that's another important principle that we try
to cover it casa is not not just a sort of set it and forget it type of setup
but rather you set it up and then we give you regular reminders that you need
to go around and make sure that your keys are still functioning as intended so
you know the reason why casa is a bit more robust than that is that you don't
have only one device or only one key rather you'll have multiple you know we
have setups where you have three devices or five devices or six devices and you
can even take it further and make clones of different devices if you want to but
the entire point being that we assume that over a long enough period of time a
device is going to stop functioning and so what you need to do is be in a setup
where a device stopping functioning does not cause you to lose access to your
money and with casa we actually have it built into the app where you know if you
try to use a device and discover that it has broken or something has gone wrong
or if you've lost it or someone stole it it's very easy for you to mark that
device as lost compromise whatever and replace it with a different device that
is in a healthy state so we take a different approach to your setup and we
try to make it more flexible and make it a more interactive type of thing because
your security in this space is constantly evolving and there are any
number of things that can change you know whether it's your hardware devices
or the firmware you're running on them or other software that you're using to
coordinate your actual wallet just because the best practices in this space
are still evolving and the security is a dynamic environment where there's more
and more security researchers that are putting more and more effort into trying
to break different hardware and software that is why we need to stay on top of
our game and be able to inform our users what actions they need to take if there
is some new evidence or new information that has come to light about the best
practices in this space. Yeah man listen here's one thing I want to ask you right
because I know a lot of people in the crowd they might not even understand
multi-sig I didn't even think about that right so can you explain what multi-sig
is and you can you explain the different levels of multi-sig at CASA and then I
got a question to follow up to that but yeah can you explain what multi-sig is?
I think the best analogy to use is actually just physical locks right so
the way that the Bitcoin protocol works is that when you create a Bitcoin
address there's a lot of stuff going on under the hood there's cryptography
there's actual Bitcoin scripting logic and that all gets essentially composed
into this one neat little fingerprint hash function that gets turned into a
Bitcoin address which you can then display as a QR code but what you're
really doing under the hood is you are describing the locking and unlocking
mechanism that is going to be required to spend the funds out of that address
and the default or most common type of Bitcoin address and Bitcoin
script is a single signature type of script and that basically means you are
defining that there is one public and private key pair that is responsible for
locking and unlocking the funds in that Bitcoin address so if you want to spend
the funds from that address you need to take the one corresponding private key
and you need to sign the appropriate data to create a transaction that gets
sent out on the network and all nodes validate it and eventually the miners
put it into a block and so on and so forth and and so you know that is a
single point of failure if that private key gets lost or stolen then you know
whoever gets that key can easily take your funds if you want to get a bit more
robust there is functionality in the Bitcoin protocol that allows you to
define more complicated type of setups and the most common is multi SIG which
is just one more step in which we say instead of only one key pair instead
we're going to say there are two or three or four or five you can go up to I
believe 15 or so and then with future improvements can go even higher but
that's just creating a lot of complexity so you can instead say okay this Bitcoin
address that I'm generating is a two out of three multi SIG address so there are
three different private keys and in order to spend the funds from this
address I need signatures from any two of those three private keys so this is
similar if you want a real-world analogy it is similar to having a safety deposit
box at a bank you know where there's not just one key there's usually two keys
and you have one key and then an employee at the bank has one key and in
order to actually unlock and open that box both of those keys need to be turned
you know you could also in a more extreme level think of you know the way
that various nuclear launch programs are set up you have multiple keys that need
to be turned at the same time that are held by different people and are in
different locations so you know there's a reason that these type of setups have
existed in the analog world it's because you know it gets rid of that single
point of failure it gives you a higher level of certainty that that particular
thing is really supposed to be getting accessed right now and that there hasn't
been one single person who has been compromised that can then take over the
whole system so this is a good way to take that next step into creating more
redundancy this starts protecting you against all types of both online and
offline attacks even more importantly starts protecting you against various
catastrophic loss you know common things like a house fire whatever you know if
you're not keeping all of your keys in your house but rather they're
geographically distributed then you start to get some very interesting new
properties that make you resilient against edge case events that we do see
happen you know when you have millions of people that are holding Bitcoin in
their own wallets then you sort of law of large numbers starts to kick in and
we've seen all types of crazy things you know over the 11 12 year history of
Bitcoin yeah all kinds of crazy things so you you guys do a two of three you do
a three or five is that correct and then what's the top what's the what's the
diamond level is it like a yes so then we also have a three of six which is a
very specific one for our inheritance products and the reason that sixth key
gets added is what we we actually are onboarding your estate attorney as a key
holder into your key set oh man that's awesome because here at the black
Bitcoin billionaires we talk about generational wealth and becoming more
self-sovereign right so talking about generational wealth you got to be able
to pass your wealth down to your generations here's my question though
right so some people may be asking let's say you do a two of three and you put
one on a hardware wallet like a trezor or a ledger or something like that and
you have one and then you give your cousin Earl one so if cousin Earl has a
key right and cousin Earl he's I most times but he starts looking at the
Bitcoin price and realizing like that key he has access to it's worth a lot of
money so cousin Earl comes to your house and steals your trezor or ledger right
does cousin Earl have all the access to your coins now yeah these type of
theoretical scenarios get really interesting because there are so many
variables at play so I can certainly give you reasons why he would not for
example if Earl didn't know the pin to unlock your ledger device Earl's not
going to be able to get into that device but you know that's not the only
consideration in this particular setup because if Earl has deprived you of your
only copy of your key then even though he can't steal your money he has
effectively locked you out of your multi-sig wallet so this is you know
situations where you might want to have more backups and more redundancy so that
you know even if something happened where your device was lost and Earl's
device was inaccessible that you would be able to retrieve backups from elsewhere
see Jameson I'm glad you said that because my wife always tells me I'm
redundant sometimes and now I need her to know that redundancy is actually a
valuable trait it's a it's a valuable trait to have to be redundant so yeah I
didn't even think about that when I asked that question because I always
bring up cousin Earl because cousin Earl is always the variable we don't know
what cousin Earl's gonna do cousin Earl's the reason why we're in Bitcoin in the
first place because he bought some and it price went up he came to
Thanksgiving and everybody was like if cousin Earl's making money why the heck
can't we make money you get what I'm saying so we talked about these we talked
about security and one of the things about Bitcoin and the philosophy behind
Bitcoin is about you being able to control your own keys but a lot of
people also believe that Bitcoin was about privacy and and we know now of
course many of the government officials in the past would have said that the
addresses are anonymous or that there's some anonymity there but we all know
they sue anonymous because at the end of the day you sent the money to someone
that you probably know and so once I know that's your address then you know I
could pretty much track you and that's what's happening with this KYC so let's
get into privacy like in this in this era of extreme KYC right it's like they
they're asking for everything and even when Steve Mnuchin on his way out he was
trying to force everyone to tell people where they're at what addresses they
were sending it to and who they were sending it to at that address how do we
remain private because I love the stuff you're doing and some of the mental
exercise you've been going through and actually the research around privacy so
how do we remain private let's just start like how do we become private
knowing that every single one of our transactions is tracked because it's on
the on the blockchain yeah I mean this is a really deep and complex topic
because there are so many variables and because we're living such highly
connected lives these days and basically everything that you're doing is leaking
information to someone and then that third party is probably either
intentionally or over a long run unintentionally leaking that
information to a number of other people so the you know the unfortunate thing
about privacy these days is that you know the only foolproof way to be
private is to not use the internet not use computers not interact with people
otherwise you have to be selective and you can certainly shore up a lot of
different aspects of your life to reduce the amount of data that you're leaking
but at the end of the day you know we're all gonna have to interact with some
people or some institutions and have to trust that they're not going to leak
data from my perspective what I try to do in most of these cases if I can't
avoid giving data to some third party then I'll straight-up lie to them in
most cases it's not illegal to lie unless you are like you know under oath
in court or you're signing some sort of legal document where you're attesting
that you as a certain identity are doing things then the vast majority of the
time there's no reason you need to give your real name real identity real
contact information when you are interacting with some other person or
service provider I mean I give fake addresses fake phone numbers fake names
the vast majority of times that I'm presented with some sort of form to fill
out and and even if if I am dealing with some sort of service provider that needs
to have contact information then I'll have a proxy information essentially
like a burner phone number a remail or physical address you know things that
are creating layers of protection between my real information and still
allowing people to contact me in a sort of roundabout way but you know it's
hard to distill all of the different things that you need to do to improve
your privacy because really the the guy that I tend to point people to is around
550 pages long but if you really want to get into this then I recommend that
people go on to Amazon and they buy a book called extreme privacy what it
takes to disappear the second edition of that came out about six months ago and
it is a volume of information and it will it will probably open your eyes
about a number of ways that you're leaking information that you haven't
even really thought about what's so crazy so I'm with you man on a lot of sites
and I'll guarantee this is probably for everybody there are a lot of probably
birthdays on January the 1st and I'm 70 years old pretty much everywhere I mean
to be all the way honest if somebody asked for my birthday I got a couple of
pseudonyms that I use as well but one thing again man is that old cousin Earl
right I always like to use the idea that my daddy always say son don't put me on
Facebook man you're trying to be on Facebook but the problem is is that my
daughter is on Facebook and my son is on Facebook and they take pictures right
and so my dad could be in the back of a picture with with his location in the
back right so how do you even get around that like at the end of the day do you
have to live in a freaking bubble like to get away from old cousin Earl like
how do you get away from that man like exactly just not have friends and
family so yeah I mean it's it's not really feasible that you're going to be
able to convince your friends and family to give up on a lot of these things and
you know as soon as a photo gets uploaded that has you in it you know the
facial recognition software at Facebook is gonna start to you know cross examine
and correlate that with the other trillion photos in their database so
you know from a physical standpoint and just the proliferation of cameras that's
happening at a global level it's very difficult to avoid you know having your
your real-world identity and likeness get sucked up into some systems like this
the the solution to that you know other than becoming a hermit and living in the
middle of nowhere the solution is remarkably I think low-tech though it's
not it's not a perfect solution but basically you know having a big hat and
sunglasses and in these days you can wear a mask and people don't look at you
weird so you know there are ways to mitigate that but it's you know it's not
a 100% solution by any means so you can walk around looking like for real so go
get a huge hat or Cam Newton get a huge hat get you some sunglasses and won't
know where I recognize you and that's real though right as real so here's the
question though what do you think about services like coin joins right like
people that set up coin joins for other people I understand that the United
States government clearly doesn't look look at these things as advantages for
them so they have they have come down pretty hard in a disciplinary way on
coin join type services but what do you think about those for privacy and to
help out with privacy at least from a transactional level and and everyone
coins I like I'll let Jameson explain it Jameson go ahead explain coin join what
is a coin join yeah as you mentioned you know every transaction every every so
you know there is no such thing as a Bitcoin rather there are only
transaction outputs when it comes to the actual data of the blockchain and the
transaction outputs that have not been spent those have values associated with
them they are Satoshi amount of values and those are the quote-unquote bitcoins
that currently exist and can be spent now as you're going about your life and
you are you're receiving and sending transactions on the Bitcoin network your
wallet is receiving new unspent transaction outputs and then sometimes
you are spending those and creating new unspent transaction outputs addresses
that are owned by whoever you're sending money to so what sophisticated
analysis firms will do is they will do basically clustering analysis and use
various heuristics to probabilistically determine which unspent outputs likely
belong to a given entity and this is not terribly difficult to do if you
understand how wallets work but there is a technique to try to break that
analysis and the technique basically involves trying to get a lot of people
to come together and interactively join their Bitcoin transaction outputs
together and and the way that they do that is well first you have to have some
sort of coordinator software that helps people connect all of their wallets to
it and then the coordinator will basically create these big Bitcoin
transactions that will have dozens if not hundreds of different inputs to the
transaction that are coming from many many different wallets and then once
again there will be many many different outputs in that transaction that will
also go to many different Bitcoin wallets and this creates a type of
obfuscation that is difficult for you to analyze and try to figure out which
money went where just because it's no longer like one input to two output type
of problem but it's rather a many-to-many type of problem and that
just creates a level of probability where these heuristics break down you
no longer have a high certainty of what is going where and this is interesting
to do it can get expensive it also has security trade-offs because it means
that you're having to constantly spend these coins which means the private
keys have to be somewhat easily accessible and I think that a lot of
people put a little too much weight on them because there are still a lot of
complex issues that you run into after you've done a coin join where you can
make naive mistakes that essentially undo a lot of the benefits of what that
coin join transaction gave to you so it's easy for you to screw up and
accidentally recorrelate all of your different transaction outputs together so
the the way that I can best describe it is I think the simple way to make use of
coin joins if you want to do that is I would only really use a coin join when I
am making a payment and I would I would basically send the money through the
coin join mixer and then immediately send it as a payment to wherever I
wanted it to go because that means whoever received that money from you if
they try to look on a block explorer or you know look on the blockchain then
they're immediately gonna hit this huge transaction with so many inputs and
outputs that they have no idea where it came from
however if you're trying to you know constantly coin join money and then send
it to cold storage you're still gonna eventually run into privacy problems
later down the line when you try to spend that money from cold storage so
I think that it's best used as something you know in the moment of trying to make
a payment that you want to be private right like it within the transaction so
for everyone out there it's kind of like if you ever seen the Thomas Crown Affair
at the very end and I'm not spoiling the faith you haven't they they they are
walking around in the museum not really at the end but they walk around in the
museum and everybody has the same outfit on and so it kind of mixes everybody up
to not know who the who the culprit really is they all have the same outfit
the same briefcase and that's kind of what happens right it's just a
misdirection the thing is that I always say though is even in a coin join all
I'm going to do is take the inputs if I know the people who are sending them I'm
gonna take those and just match them to all of them and watch every one and now
the crazy part about that is is that as we move further into this space of KYC
and watching addresses and coin elitics we wind up seeing that people might
start thinking that you sent money to a terrorist because you are part of a coin
join that they followed that entire that entire stream all the way to Alabama to
whoever that domestic terrorist is right I didn't really get to mention yeah you
know that you are you're placing yourself in danger of having various
services turn off your accounts because they deem this suspicious and the reason
for that is because so few people do it if we get to the point where the vast
majority of people are tumbling and mixing their coins together then it's
no longer feasible for services to essentially say that this is suspicious
activity so I will say while I'm kind of bearish on the current state of mixing
I'm optimistic because some of the improvements we're gonna see coming
down the line especially with snore signatures which allow you to aggregate
these signatures together I'm very hopeful that once we have that
technology available to us that it will get implemented into the mixers in a way
that will actually sort of turbocharged the the way that all of these funds get
mixed together because you won't even it'll basically become even more
difficult for people to tell that a coin join even happened in the first place
and so you can't flag it as suspicious if you can't even tell that funds are
being joined together well look you know what James say what about us going up
one layer so everyone Bitcoin is what I always call the fund the foundational
protocol layer and things are going to be built on top of it so let's move up
one layer to lightning to the lightning network we had Jamal James on yesterday
from lightning labs and he was telling us all about the lightning network if we
move up one layer do we get some of that privacy back like the lightning
network help out with some of that privacy and I might be pushing things a
little bit but is Casa going to get into the lightning game so there's there's
certainly potential even at a really high level of you just the fact that you
are you're creating these protocols on a completely different layer means that
you have a lot more flexibility you can innovate a lot faster you don't have to
get you know consensus from as wide of an ecosystem to make changes however at
least from the current state of lightning when you are opening and
closing channels you know those are still relegated to all of the same issues
with the on-chain privacy now once again looking into the future there's reason
for optimism specifically around this concept of having shared lightning
channels and this is something that I believe blockstream developers with
their L2 product have been working on so essentially figure out a way where if we
could have hundreds or thousands of people who are trustlessly able to share
a lightning channel then that once again turns into this mixer like scenario
where it's just it's impossible to de-obfuscate what's happening inside of
those channels a because a lot of it is not being broadcast to the entire world
and B because the data is it's only known you know by whoever is managing
that channel and we may even be able to get to the point where the channel
management itself is not being managed by like one central entity but there's a
number of different ways that this could go and we've even seen over the past few
years that the you know privacy much like security is a it's a never-ending
battle so there was reason to believe early on that privacy on lightning was
going to be awesome simply due to the nature of the onion routing that is
built into the protocol it's very much like Tor network from that standpoint of
how the payments get passed around but of course eventually these various
researchers come in and they start to poke and prod and they find different
edge cases where they're able to essentially do probing of the network to
try to figure out you know what's happening on the network and and then
you know the people who are building the network read those papers and say okay
well maybe we can tweak these things and you know prevent that type of of
de-anonymization and so it's very much still a an early game or we're gonna see
how things settle over the long run but in general I think it is it's logical to
believe that any cutting-edge new technology is more private from the
sense that nobody's looking at it so the same thing I think happened in the
early days with Bitcoin where when it was primarily used with darknet markets
a lot of people said oh this thing is private because it's so small nobody is
really even looking at it there there haven't been any like law enforcement
investigations so on and so forth and in a way that was true and you know for the
first few years I think people did have a level of privacy simply because the
tools had not been built to help law enforcement de-anonymize people but
that's no longer the case today it could be the case you know for Lightning
Network that you're you are you are relatively private and the tools to help
de-anonymize you haven't been built and maybe they won't ever be built this is
another one of those things where it's very hard to predict the future oh yeah
and here's the thing so I was sorry I was mess with the mic um so here's the
thing so it's hard to predict the future but my question is does it but does the
future require us to get off the grid so I want to talk a little bit about what
you I heard you in the very first day you were in here man you were telling
people about you getting off the grid what are some of the ways because I'm
gonna be real I just got a telephone our cell phone sim card after not having one
for almost man since tooth I didn't have one since 2007 until two years ago so
that's what 12 years I didn't have a sim card and I only use like a Wi-Fi and a
bunch of other stuff to really connect with people so what are some of the
methods you have used to kind of get off the grid and not be connected in in as
in as many places as you normally are right as normal people are right well I'm
not calling you that you're weird or something but but I'm saying like how
many how how many ways have you figured out how to kind of get yourself off the
grid into a privacy into a privacy place yeah I mean we don't even have time to
go into all the different variables but that's why I direct people to get the
extreme privacy book you know there are there are simple things that you can do
I say the simplest thing anyone can do is just install a lot of popular ad
blockers on all of the devices that they use you know that will get rid of a lot
of the tracking that is watching you hop around to all these different sites and
correlating exactly what you're doing and then you're just trying to sell stuff
to you and oddly enough that's actually what I did before Bitcoin as I worked
for an online marketing company that was sending out hundreds of millions of
emails a day through its system and my job was to write large scalable
analytics systems that could ingest these petabytes of raw data and metrics
and tracking that were coming back into the system and the goal of that was to
help retailers you know increase their return on their investment and better be
able to target people to sell stuff to them but that really opened my eyes into
how much data is getting sucked up and analyzed you know just from your normal
day-to-day operations so there's you know there's easy technical stuff that
you can do that only you know takes a few minutes or a few hours and you can
also go and set up VPNs on all of your devices so that you're not leaking your
real IP address to every website and every service that you use it gets more
complicated though when you want to protect like physical aspects of your
life if you if you don't want to be leaking your actual home address then
you have to stop receiving anything to your home address and that's everything
from bills to birthday cards to stuff you buy off of Amazon and you know one
interesting fact that few people know is that like everything that goes through
the postal system gets scanned and put into a database you know every envelope
every every label and who knows what's happening with that information so you
know any any time that you receive something to your actual home address
that's probably happened because you've given someone your mailing information
and that goes into a database that's probably getting shared or will
eventually get hacked and leaked and even if it isn't the actual physical act
of that mail going through the postal system is getting it scanned and put
into a database and that database is probably gonna get shared or leaked at
some point so you know the only way to protect yourself from these things is to
not put the data out there in the first place so for for mailing stuff it means
you have to have mailboxes elsewhere if you want to receive things it gets
really the most onerous and resource intensive parts of the privacy journey
that I've been through have been the the legal issues of publicly registered
property and things like documents like your driver of license the driver
license is really where they get you because you know anyone who's going to
get a driver's license knows they require you to provide multiple proofs
of residence which means in most states you're not able to just give them a PO
box or a mailing address you have to have things like utility bills bank
statements etc etc so that can get onerous and expensive the other things
like houses vehicles anything that creates a public record which is
basically anything that you pay property tax on the only way around that is to
create a legal entity such as a trust or a corporation and have that legal entity
be the thing that actually owns the house or the car or whatever and you know
of course this is where we get into lawyer territory and the bills start to
add up and that's where I've spent you know tens of thousands of dollars in
legal bills over the years building these protections and somebody on
Facebook said wow he makes it really scary but the thing is is that all he's
doing is telling you what's going on he's not the one making it scary the
boogeyman is the one making it scary um so here's the thing man like it's crazy
all the steps you have to go to go through just to make yourself private
right just to get yourself into a situation and one thing that I remember
I had a buddy who's he was really big into privacy he lived on a homestead and
he was giving me directions to get to his homestead and it was very difficult
to find like I drove past it like 30 times right and so we wind up me and my
other friend were going to his house because we were gonna leave out with
him we went in his neighborhood just some random suburb suburbia neighborhood
and a guy was walking his dog and picking up his crap right picking the
crap up from the dog and we stopped and the dude we said hey man do you know
where blank blank blank lives have you ever heard of him and that guy because
he had been in the community so long knew the exact directions to get to the
homestead so when we got there it was like man we know you trying to be
private but it seems like everybody around here knows exactly where you are
so it's like even if you're private even if you you know do all the things the
PO box and all of those things you literally have to lie to your neighbors
a lot you know especially if you live in a community for a long time you have to
lie to them because somebody is going to leak it right somebody that's actually a
good point that I didn't get to which is that I have a pseudonym for my
physical locations like obviously I speak to my neighbors and we're on good
terms and they know me as a cyber security consultant that's about as as
detailed as I get on that but they also don't know my real name they know my
alias right and that's see if you come to certain neighborhoods in the United
States I know a lot of people by their nickname and I have no clue what their
name is like I know a lot of people by their nickname like Junie matter of fact
I have a cousin that we call pig my whole life and I didn't find out how what
his real name was until I was probably 33 like and I called him he came to a
funeral and I was like hey he said man I don't go back pig anymore I said my
whole life that's all I've known you as his pig like what is your real name he
was like are you serious I'm like yeah everybody calls you pig so what am I
supposed to know I'm younger than you so I thought your name was Pig so you you
just have to be you have to give people nicknames are you like your alias I
would love to know what your alias is but I know you're not gonna say it on her but
um I would I would love I wish I was around you so I could find out what your
alias is it'll probably be something cool that's like my buddy at the Chinese
restaurant his name is Harrison Ford you know what I'm saying I love him
so this one thing that I learned the hard way when I first started doing this
is I was giving different aliases to basically a unique alias to every
different provider I interacted with I learned very quickly that that became
way too hard to keep track of so I only have a handful of aliases now that's a
lot easier for me to track and of course you don't want to you don't want to
choose anything that stands out you want it to be a name that is common for your
ethnicity your culture your geographic location yada yada yada right so you you
now walking around saying your name is the roof is Leroy I got you bro I got
you here's the other thing man you know who else is real good at this players
everybody knows a player they done said a million different names to a million
different women right so Jameson maybe you a player man maybe that's what's
going on here you don't learn how to play the players way you know I'm saying
okay so look man this has been awesome what I'm gonna do is open up the stage
really quickly can you take a few questions before you get out of here
you bet all right hold on man let me open this stage up let me bring some
folks up let's see we got Ali and Damar let's see what's up Damar how you doing
man hey what's going on yeah hey Damar I think I'm gonna use an alias like some
old old black deacon dude or something man my name gonna be Otis
Otis Bishop Otis Bishop Otis Otis Bartholomew or something we figure
something out like it if anybody else wants to raise their hand and ask mr.
Jameson a question please hop up on stage what's up Damar what's your
question doc yeah so real quick Jameson so this you know how like sometimes you
could type your name on it and then Google and it pulls up your address and
everything like that do you have any apps or or companies that can help wipe
that away I heard of this site called delete me but I haven't used it yet but
do you have yeah that's it that's a very good common question and I've seen
people posting that question on forums there are a lot of websites out there
that will claim to help you clean up those records a lot of them are probably
scams and the ones that do work they'll be able to clean up some things but the
unfortunate story of the situation is once the data is out there you're never
going to be able to completely get rid of it and the the way that I described
what I ended up doing and what I end up telling a lot of people who are in
sensitive situations is that the the only way to do this privacy thing from a
foolproof standpoint is to walk away from your current life and by current
life I mean all of your public information this is something where I had
to I had to sell my house I had to sell my cars I had to get rid of everything
that was publicly I associated with me and I had to go redo everything move buy
new stuff and do that all from a privacy centric standpoint that is the extreme
you know if you want to be a hundred percent certain and even then you're
gonna if you're doing it right then you're gonna want to keep running
reports against yourself I I hired private investigators after I set
everything up and and tried to see what they could find and it's amazing I
actually I had someone I had someone run a report on me just this week that I do
on a regular basis and it was 50 pages of information and you know this is just
like public records and things like phone records and other services and the
crazy thing about these reports is it'll not only be your entire history of
information but it'll also dig into like everyone else who is associated with
any addresses that you are associated with or anyone else who is associated
with ownership of vehicles or property and it's it's crazy the amount of
correlation that happens on the back end I will say that one thing that has come
in helpful from a sort of obfuscation standpoint is that by using like
enterprise mail receiving addresses I'm now sharing physical addresses with
dozens if not hundreds of other people and so that's actually it I look at it
as it's actually it's kind of like doing a coin join but for my mailing addresses
so you know that's I guess the the long pessimistic version if if you want to
feel a little bit better about your current setup then I guess it couldn't
hurt I wouldn't spend a lot of money on those services to try to clean up your
data because I can guarantee you they're not going to be a hundred percent
effective so you know if you want to spend 50 bucks or something and see if
it makes you feel better then I guess it couldn't hurt as long as that level of
resource isn't a big deal to you but in order to do it right it requires a lot
more commitment and and resources unfortunately so okay thank you for that
and you mentioned a book earlier right a book to read on this what it was the
name of that book yeah so it's called extreme privacy the author his name is
Michael Bazell of course that's not his real name but he is a former federal
agent and private investigator and so he knows how all of this works because he
used to be on the other side of it tracking people down his his name is
really cousin Earl that's really cousin Earl writing books and other people's
names maybe it's big it's big I've actually been listening to Michael for
many years he has a phenomenal podcast as well I highly recommend it when you
search Olson on podcast his will come up the privacy podcast but very very
knowledgeable we have those privacy chats sometimes guys all my knowledge is
from Michael Bazell oh thank you Daniel Ali what's up first real quick I got a
question on on Facebook how can you travel internationally like if you've
given up all of this how can you travel internationally that's what someone as
Jameson yeah so I think another important thing to note is that nothing
I've done is designed to be nation-state resistant I'm I'm not trying to tell
people that you can get like Osama bin Laden level privacy which of course that
is literally going and hiding in a cave for 20 years right rather you know
everything that I've done I've done via legal avenues via legal entities that
America is actually somewhat well positioned most other countries do not
allow you to create these types of legal privacy protections so if if you know
government agents that are well funded and have a lot of resources behind them
wanted to then they can start piercing the veils of the different legal
protections that I've created and they can you know find the entities that know
the private correlations of you know what my actual contact information and
address information is so also you know from a a travel standpoint you know
obviously I have I don't have like fake passports or anything like that that's
not my goal if if nation-states want to know my comings and goings they
definitely will however there are still a few things that you can do so when I
am traveling for example or even if I'm going to a hotel or whatever there there
are a number of situations where counterparties will ask you for legal
identification and in these cases I never present my driver license because
that has an address on it that address is not my normal address of course that's
a whole other issue but I don't want to leak that address anyways so I always
present my passport and that's because the passport does not have any address
information on it also man Ali what's your question man hi hi Lamar hi
Jameson hi everyone thanks for thanks for the opportunity so although you know
I admire Jameson for all the Bitcoin knowledge but I didn't know he was so he
was so great at secure privacy as well so what I want to know is very related
to what Damar had so it's about before knowing all this you know you would have
a lot of social media presence you'd have Facebook Insta everything so when
you get this realization that you want to focus on privacy how do you what steps
do you take and how do you how do you ensure that face Zuckerberg forgets
about me Facebook gets about me is it actually possible based on your previous
answer it seems that no it's not possible but suppose if I've deleted my
Facebook years ago never had Instagram I'm never going to get back onto
Facebook but of course whatever data I had provided in the past that would
still be there isn't it that's that's not going to go away isn't it yeah so
like in order to quote unquote delete your Facebook the right way they're
actually entire articles and guides around that because Facebook tries to
trick you during that process and absolutely I'm deactivating rather than
deleting right the the other tricky thing about even after you purge all of
your Facebook information a your you are trusting that Facebook is actually
deleting that after 30 days or whatever their terms say but the other thing is
that you also need to go into every device that you use to browse the
internet and you need to clear out all of your cookies on there because you
most likely have cookies and other tracking identifiers where Facebook has
fingerprinted your devices and associated with them with you and most
likely you will continue to associate them with you even after you've quote
unquote deleted your profile so that's the next step and then of course you
also need to make sure you set up appropriate ad blockers on all of those
devices so that they don't continually recorrelate your devices and this is I
mean an unfortunate thing about some of the complexity of the nature of like
internet browsers in general is that your browser leaks so much information
to every website and every service that you go to that it's very easy for unique
fingerprints of your browser and your device to be created and then have that
data used to correlate and track you as you're going across many different
websites okay so that's that's that sounded more
scarier than I imagined actually with the device signatures and everything the
the other part is with regards to aces you mentioned how do you go about your
normal life like you know apply for a mortgage for example if you apply for a
mortgage you're inadvertently going to get communication to your address in
your real name things like that and so you can't really keep an alias for
everyone isn't it your neighbors are going to know your postman is going to
know various people are going to know regardless isn't it so it is it really
worth it well is it worth it for any of this
stuff is very hard to quantify I'm the first to admit that I have taken this
project to the extreme partially I mean obviously partially because I have an
actual event where I had a SWAT team show up at my house and that was
disturbing and I want to prevent that from happening happening again but from
more of the curiosity standpoint I take it to the extreme because I want to see
what it actually costs to do things you know the best way that you possibly can
and that's where I have learned that unfortunately you know extreme privacy
unfortunately most people are priced out of it it has kind of become I think a
wealthy person in this game at this point if we're really talking about the
extreme level of things but kind of going back to your point one gauge that
I have is that if I ever receive any correspondence to my real physical
address or any of what I consider to be my real contact information and that's
in my real name then I know that I've screwed something up and I have had that
happen one or two times and it's always due to some third party that I ended up
having to trust so I've I've had issues where attorneys or bankers who I have
entered into trusted relationships with to help act as these privacy proxies for
me have due to just their default processes leaked information even though
I was very specific and spent a lot of time telling them you know why I was
doing all of this so for example like I've received stuff to my real
residence in my real name which was things like a holiday card and the
reason why that happened was that when they entered my information into their
system it automatically it got slurped up into some other stupid marketing
system automatically they didn't even know that it happened and then you know
by the time several months later when I received this holiday card in my real
name and then I get really pissed off and I start yelling at my banker they're
like oh yeah we forgot about that so it's it's just like the nature of all of
these systems it's just not designed for privacy and even when you tell people
up front that they just they haven't thought these things through hey would
you could would you say as well Jameson I don't know if you have children but
would you say children are probably one of the biggest security or privacy
breaches places for breach in the entire system because kids don't always
understand you know I'm saying and they'll mess around and tell everything
all your business and everything so do you think children also are kind of a
privacy breach for a lot of people definitely and this is not something
that I've had to deal with but even thinking through you know all of the
other issues this you know similar to the issues that you enter in with public
property you know you end up having to register your children in so many
different ways that I don't think that there's any great solution for that
either so this is this is I think one of the the trade-offs that you also have to
make is that you I don't think that you can tell your children that they have to
follow any sort of protocols or procedures so you would you really have
to bake that into your model and you know assume that they're gonna be a sieve
when it comes to holding information yeah that's crazy it almost feels like
after listening to you talking thinking about all of this it almost feels like
the best privacy is no privacy at all it's just to be completely transparent
here here I am is everything I do now okay you got everything now what you
know I'm saying it almost feels like just take it all man and I think a lot
of people to be honest have fallen into that right like I think that's where a
lot of people have gone somebody on Facebook Ryan Cooper says social
engineering facts he said kids be talking talking he said his kids are
quiet though lol so so yeah and then we got one more one more person up I think
Daniel you got a question doc thanks to my thank Jimson oh yeah there you go
Aliyah I mean I would probably say as an exchange or someone that you know is a
peer-to-peer on border and off-border I know from myself in 2017 I had a had a
tack on me and I'm super safe where they were able to find my phone number they
had a friend at a for you guys will be like like Sprinter Verizon and then even
though I had a pin code on and everything and you know they were
directed not to sim swap me that's well how would you say is the best way for
newcomers to be alert because the one thing that we need to know about Bitcoin
if you're out there flaunting it's a guarantee that they're trying to figure
out where you live and to sim swap you and find all the other good stuff is a
very very large occurrence like I said it happened to me not only do they sim
swap me and get nothing because I had Google Authenticator but they actually
when you have a gmail or a hotmail it backs up your iPhone contacts which I
wasn't even aware when you sign that contract so then they shamed the shit
out of me and message every single person begging for Bitcoin my gosh
basically saying hey man I ran into some tough times if you could send me over
200 bucks a Bitcoin la la la la and like honestly when people look at you as like
oh he's doing well with Bitcoin and then they get those messages and you tell
them it wasn't you they're like oh you sure bro cuz that was kind of weird how
would you what would be the security measures that you would suggest for new
onboarders coming on with their bitcoins that you know maybe are not a litter
enough to hold their own keys and use a vault online or something like that what
would you suggest for those people right so I think one thing worth noting like
the reason that I've gone to the extreme for all of these privacy issues this is
this is the hard path to take the the easy path would have been for me to
delete all of my accounts and just stop using social media stop being a public
person like that's the reason I got in trouble is that I over a period of a
year or two kind of got catapulted into the limelight and when you get more
attention sort of law of large numbers means that eventually there's gonna be a
few crackpots and that's the type of thing that celebrities have had to deal
with for most of history but now the internet age has lowered the bar so much
that that anybody can basically overnight have the attention or the ire
of millions of people directed at them and then a few of those might be some
sort of sociopath or psychopath or other criminally minded person who doesn't
have morals and ethics and is willing to try to attack you so the first thing
that you can do is just not be public with your real identity that you're into
Bitcoin set up social media accounts that are pseudonymous and that's your
Bitcoin account to talk about with people you know that provides you with
one more layer of protection because anyone who's talking about Bitcoin is
going to become a target because these are you know bearer assets they're once
stolen they cannot be returned that really it changes the incentives of the
game with regard to attacks but you mentioned sim swapping you know that's a
very common thing and the the real answer to that is that you should not be
associating your phone numbers with any type of sensitive accounts this can get
tricky because there are plenty of services out there that require a phone
number to be associated with you so if you have to give a phone number then I
would not give a phone number that is to a service that is in your name by which
I mean if you're using a major service provider a major carrier Verizon AT&T
whatever whatever they all suck at security and this is because they have
over the matter of a few years found themselves in a position where now
they're actually being their services are being used to secure millions of
dollars in people's money they never intended for you know their your phone
service to be a high security thing that is protecting millions of dollars it
just it's not designed for that and so they are getting socially engineered
left and right they're having internal attacks by employees at these companies
that have real how much money they easily access and you just should not
use them to secure anything so my answer is that this is my excess and you just
should where'd you go hello yeah I think you were breaking up a bit there hello
is everyone good is everyone good I can hear you I'm pretty good good I don't
know what happened actually actually I do I was going to change some of the
video and some of the sound came back to you guys so my bad okay oh yeah but go
ahead Jameson I'm sorry but but yeah long story short I do not have any phone
service at any major provider that is in my name my only SIM cards I these days
are once again bought through these anonymous LLC's that I set up and
they're set to mailing addresses that don't have my name on them so since so
on and so forth but that's even that's only the first the first layer for the
actual SIM card itself I don't even know my real phone numbers I then I set up
proxy phone numbers I set up virtual phone numbers that forward to the real
phone numbers and then I hand out those virtual phone numbers as yet another
layer of protection so that I can still receive you know SMS messages for those
really terrible services that only do SMS two-factor authentication but there's
no way anybody is going to be able to call up and socially engineer a mobile
service provider because I Jameson Lopp do not have accounts at any major
providers but you know the preferable thing to do if if a service supports it
is to like you said either use Google authenticator or what I prefer is to use
an actual piece of hardware to use a ubico device and use that to secure the
the private data for the 2FA and you can actually use ubico authenticator
which is it's the same as Google authenticator except the private data is
stored on that dedicated hardware device yeah and and just to give you a heads up
Lamar so I put I put alerts on my account no matter what cannot be switched
and they did the most brilliant thing so the Rogers guy got back to me which is
like our Verizon he said that the culprit walked into one of the Rogers
stores probably so imagine you go to a Verizon store and you go to the employee
and you look at his name tag it's his name tag says Lamar and he goes Lamar
which store number is this by the way I'm curious and he goes oh this is store
4283 then this guy has the employee line he calls in and says hey this is Lamar
from store 4283 I have Daniel he doesn't remember his pin code I verified his ID
and that's how they actually sim swap me which and actually because I never give
up my number online I'm pretty sure had something to do from a guy that used to
come to our exchange because he actually had my real number I slipped up which is
why I only use my pseudo because I don't trust any major carrier I'd rather use a
virtual number that you can't do shit with like literally nothing and yeah man
you literally can walk into a Verizon ask them which store number it is and
look at the guy's name tag and then call the employee line which will be on Google
and just that's how they do sim swaps now hey I'm Lamar from store 4832 I got
this customer in front of me Daniel Bork la la la la he's got to change this
thing and they don't even ask a question they don't ask verify his address all
his license they just know you're an employee they hit the store number they
hit the name and that's it it's over they got it man I will say that for a
normal person who doesn't want to go through all the stuff that Daniel and I
were just talking about the best option which I used for a few years was project
fi I think now it's a Google fi but basically if you're at least for
Americans you can get Google's phone service and the good thing about that at
least so far is they literally do not have any human customer support agents
that have the ability to unlock and port your phone number if you don't have the
pin that you set on that then there's no one in the world who is going to be able
to be socially engineered and unlock it man yeah that's that's awesome news
because that's what my wife uses so yes awesome news somebody on Google Ryan
Cooper said yeah I've used Google voice in the past to spoof my numbers to weird
women so that's another way I guess to stay private and as a matter of fact I
remember back in the day women used to use 2545 400 that was like the budget
number and they would give dudes that number back in the day so yeah I don't
want to keep everyone too long and I know Marcus had one question Marcus could
you shoot that question and then we'll try to close this thing up man yeah real
quick hey I want to go back to a comment you made a few minutes ago Lamar
appreciate you Jameson for the information but like you said a few
minutes ago Lamar I'm one of those public people who you know my wife is in
TV news I publish a magazine I got a son who played division one football there's
no way for me to hide from anybody I need to focus more on some of these
multi-sig security options and just you know to put it out there I don't own any
Bitcoin all these questions are for a friend right so what types where can I
find more information about some of these multi-sig security techniques and
you know some of the stuff that's coming up that you guys were talking about so I
would definitely recommend checking out my website at lop.net l-o-p-p dot net I
have enough resources there to keep you occupied for months there is a security
page in general that has every popular security protocol that has ever been
published that I've been able to run into and then of course my company you
can check out our website at keys.casa k-e-y-s dot c-a-s-a and we have a how it
works link there that has about 36 pages of documentation into the threat
model and the architecture and all the decisions that we made around that and
of course I'm highly biased I do believe that we are offering the best user
experience that can give you high security the thing about security in
this space is that there is no perfect solution everybody's security needs and
threats that they're worried about are different this is a very personal matter
and that's why we think it's very important not just to provide a piece of
software but also to provide actual client services to discuss all the
decisions that need to go into your own security setup great thank you and thank
you Jameson man this was a really fun yet scary interview man I appreciate you
coming on this morning to Bitcoin philosophy for breakfast we tend to do
this some mornings and Jameson of course agreed to come on and give us that is
there anything you want to leave the crowd with man because some of these
people are gonna sleep well tonight yeah I mean the main thing is that we've
talked about a bunch of different extreme stuff over the past 90 minutes
or so and this is just coming from the knowledge that I have generated over the
past few years of putting a ton of time and resources into it but you should not
allow the extremes to paralyze you in fear and and throw up your hands and say
ah well you know I don't have the time or resources to do this there's always
low-hanging fruit and I did not do this all at once I I gradually over the
period of probably 12 to 18 months worked on these things piece by piece so
you know if you set aside an hour or two a weekend to keep digging into this and
slowly but surely incrementally improve your own privacy and security posture
then over time all of those little improvements will add up to a
cumulative level where you're gonna be in the top point zero zero one percent
of people in the world so you know it's just a matter of dedication think of it
as like you know the tortoise versus the hare you can get there eventually man
thank you Jameson man I really appreciate it it's listen this is Bitcoin
philosophy for breakfast I am your host DJ I don't know what else I am Lamar is
it's been really good being here on the Bitcoin on the black Bitcoin
billionaires club if you're a member already man keep coming it coming back
if you're not a member go ahead and hit that greenhouse above my head everybody
on Facebook thank you guys for tuning in this was a really big show on Facebook
if you want to catch this later you can go to Coinda on Facebook or you can find
it at the black Bitcoin billionaires channel on YouTube we just getting it
started so we don't really have a name yet but if you search black Bitcoin
billionaires on YouTube you can get this it's wonderful presentation for my man
Jameson man so thank you again Jameson man we appreciate you and to everybody
out there like I always say live love love life if you live love you will love
your life man till next time see y'all