so good morning good morning what is going on everybody out there welcome to Bitcoin philosophy for breakfast and this morning we have an amazing guest mr. Jameson Lopp how you doing man good morning man good morning that is awesome man so listen everybody first of all welcome to the black Bitcoin billionaires breakfast a Bitcoin philosophy for breakfast shout out to Adam Beaver Levine Adam Beaver Levine started this room in the black Bitcoin billionaires group and we've been keeping it running man so everyone welcome welcome welcome I appreciate everyone for being here this morning I appreciate you all for coming in it's it's amazing that you know we've we've had a crazy crazy what probably week with the price of Bitcoin but with Bitcoin philosophy for breakfast we'd like to talk about everything else except for the price so with that said let's get started first of all I'd like to introduce my man mr. Jameson Lopp from Casa Jameson has been in the game for a long time but I'm not going to talk about it I'm gonna let him introduce himself Jameson how you doing this morning man what give us a little bit about yourself and what you do at Casa man thanks for having me yeah so I've wow I've been in the Bitcoin game nine years now but about six years full-time I got hooked on it and had to leave my job as a software engineer to contribute my skills to this ecosystem and really what I've been doing for the six years is has been fairly mundane stuff I haven't been doing any crazy cutting-edge type of crypto stuff rather what I've just been trying to do is help people be able to secure their private keys better this is like one of the most basic things in the Bitcoin ecosystem and yet I still think we have quite a ways to go we've made massive improvements over the years but with the you know the responsibility that people have when they get into this system it's just it can be a shock to people and we want to avoid anyone having a catastrophic loss type issues because that creates confidence problems in the ecosystem and we're just trying to help people help themselves is the best way to describe it so I spent the first few years working on enterprise security solutions for a company called BitGo and then about three years ago I pivoted and founded Casa where we're really focusing on helping individuals manage their private keys and self-custody because we believe this is one of the most fundamental aspects of this space and we want people to be confident that they can take advantage of the security and the strength that Bitcoin is offering to people and you know this is this is good both for the individuals and I think it's good at a macro level that if we want the system as a whole to be more resilient then we want people to be holding their own money rather than having everyone keep their money with a trusted third party and basically recreating the banking system all over again man that's that's amazing listen man that's great because here's the thing I heard you say something in there talking about private keys so me being in a wallet software developer back in the day right I understood that it was pretty difficult for people at the time to understand how important it is to keep your keys secure so we're gonna we're gonna break this conversation up into a couple of places right first we're going to talk about security and then we're gonna go over and talk about privacy because I love you talking about that and the things you've been working on from that standpoint but let's talk about security like why is it important that you know we start moving into a paradigm of multi-seed because I know Casa is focused really heavily on multi-seed and when I heard you say you worked at BitGo that is also a place that they focused on multi-seed but of course like you said for enterprises so why is it important that we start moving towards multi-seed in the in the retail space yeah so without trying to bore people about the technicals the fundamental thing that we're going for when we're trying to design these user friendly wallets is we're trying to eliminate any single points of failure because the strength of Bitcoin is that once you're holding your own keys no one can really tell you what to do you don't have to ask permission to use your own money and and no one can stop you from using your own money but the flip side of that is that if something goes wrong there's no one who can help you you know there's no third party you can reach out to to recover your coins in a lot of circumstances so what we're trying to do here is look at the way that we're creating wallets and look at all of the ways that the wallets can fail and try to remove those potential failures and one of the most straightforward ways that we do that is by adding redundancy into the system making sure that instead of having a single key that could be lost or stolen and result in a catastrophic loss of funds that we're instead using some of the cool functionality of this protocol to distribute your keys and therefore to distribute the risk of catastrophic loss so the more redundancy we build into it the more difficult it is and the less likely it is that you will have a series of simultaneous events that can reach the the level of creating catastrophic loss right and that's huge right because I mean catastrophic loss is real when you're talking about generational wealth and you stacked all of these sats for a very long time by dollar cost averaging in and then you lose your keys I don't have access to your wallet so listen James and there's a thing really quick that I wanted to talk about because a lot of people come in and ask me about this can you tell people why the gentleman who lost access to 266 million and only had two other chances to put in his password why he's not able to get to it because I think a lot of people believe like even if they got on the casa that they wouldn't be able to get to their coins if they lost their password right are they not if they lost their password but if they couldn't do it they would lose all access to it after they tried ten times like can you explain how there's a difference between that and what you guys are doing and and what most people are trying to do in the spaces around security and that that that may be too much security yeah so all of the decisions that go into creating a wallet or figuring out how you're going to store your private keys all of these decisions are on a spectrum and the spectrum is convenience on one end and security on the other end and it's definitely possible to go too far in one direction you're really you're making trade-off decisions here and the the weird thing about security is you can have too much security because the the perfect level of security is actually really easy to attain all you have to do is take your private keys and destroy them and now that money is 100% secure no one can access that money not even you and a lot of people have lost access to their money by going too far in that direction so I believe you're actually referring to Stefan Thomas who he received thousands of Bitcoin and like 2010 or so for making the first-ever educational Bitcoin video and I think it's important to note that at the time when he received these you know it was like $20 worth so you when you're securing $20 you're not going to extreme lengths to think through all the crazy potential edge case loss scenarios that's that's the reason why so many of these early adopters have lost quote unquote hundreds of millions of dollars it's because they didn't actually lose hundreds of millions dollars they lost a few hundred dollars and later you know it ended up being worth that much but this particular individual had you know this was before multi-seg was even a thing so he had a single private key and that private key apparently he put it on a piece of hardware that I'm not even familiar with because this was before the days that even Trezor had been created yet Trezor was the first hardware wallet I think in 2013 or so Jameson did you get a phone call hello hello Jameson I think we lost him for a second he may have gotten a phone call it may be the FBI telling him he doesn't need to be talking about security so he so so openly Jameson some sort of hack will come along Jameson allow him to access just really quickly you we lost everything you said I don't know if you got a phone call or something I did get a phone that's what always happens it was probably probably the feds they were telling you stop telling people about the security but yeah go back and go back a little bit a little bit of the ways because I think you were talking about Stefan and that he had it on a hardware device that you don't even know what kind of hardware device it was because it predates everything that we're doing now so go ahead yeah start from there please yeah so he had you know the single private key on that device and just due to the nature of the hardware the only way you can access it is that pin and apparently he did not go to extreme lengths to back up the pin and you know some time went by before he eventually tried to access it again and realized that he did not have the pin and this this happens to a lot of people in the space where they create a setup but then they don't test it and they don't regularly check and validate the health of that setup so that like that's another important principle that we try to cover it casa is not not just a sort of set it and forget it type of setup but rather you set it up and then we give you regular reminders that you need to go around and make sure that your keys are still functioning as intended so you know the reason why casa is a bit more robust than that is that you don't have only one device or only one key rather you'll have multiple you know we have setups where you have three devices or five devices or six devices and you can even take it further and make clones of different devices if you want to but the entire point being that we assume that over a long enough period of time a device is going to stop functioning and so what you need to do is be in a setup where a device stopping functioning does not cause you to lose access to your money and with casa we actually have it built into the app where you know if you try to use a device and discover that it has broken or something has gone wrong or if you've lost it or someone stole it it's very easy for you to mark that device as lost compromise whatever and replace it with a different device that is in a healthy state so we take a different approach to your setup and we try to make it more flexible and make it a more interactive type of thing because your security in this space is constantly evolving and there are any number of things that can change you know whether it's your hardware devices or the firmware you're running on them or other software that you're using to coordinate your actual wallet just because the best practices in this space are still evolving and the security is a dynamic environment where there's more and more security researchers that are putting more and more effort into trying to break different hardware and software that is why we need to stay on top of our game and be able to inform our users what actions they need to take if there is some new evidence or new information that has come to light about the best practices in this space. Yeah man listen here's one thing I want to ask you right because I know a lot of people in the crowd they might not even understand multi-sig I didn't even think about that right so can you explain what multi-sig is and you can you explain the different levels of multi-sig at CASA and then I got a question to follow up to that but yeah can you explain what multi-sig is? I think the best analogy to use is actually just physical locks right so the way that the Bitcoin protocol works is that when you create a Bitcoin address there's a lot of stuff going on under the hood there's cryptography there's actual Bitcoin scripting logic and that all gets essentially composed into this one neat little fingerprint hash function that gets turned into a Bitcoin address which you can then display as a QR code but what you're really doing under the hood is you are describing the locking and unlocking mechanism that is going to be required to spend the funds out of that address and the default or most common type of Bitcoin address and Bitcoin script is a single signature type of script and that basically means you are defining that there is one public and private key pair that is responsible for locking and unlocking the funds in that Bitcoin address so if you want to spend the funds from that address you need to take the one corresponding private key and you need to sign the appropriate data to create a transaction that gets sent out on the network and all nodes validate it and eventually the miners put it into a block and so on and so forth and and so you know that is a single point of failure if that private key gets lost or stolen then you know whoever gets that key can easily take your funds if you want to get a bit more robust there is functionality in the Bitcoin protocol that allows you to define more complicated type of setups and the most common is multi SIG which is just one more step in which we say instead of only one key pair instead we're going to say there are two or three or four or five you can go up to I believe 15 or so and then with future improvements can go even higher but that's just creating a lot of complexity so you can instead say okay this Bitcoin address that I'm generating is a two out of three multi SIG address so there are three different private keys and in order to spend the funds from this address I need signatures from any two of those three private keys so this is similar if you want a real-world analogy it is similar to having a safety deposit box at a bank you know where there's not just one key there's usually two keys and you have one key and then an employee at the bank has one key and in order to actually unlock and open that box both of those keys need to be turned you know you could also in a more extreme level think of you know the way that various nuclear launch programs are set up you have multiple keys that need to be turned at the same time that are held by different people and are in different locations so you know there's a reason that these type of setups have existed in the analog world it's because you know it gets rid of that single point of failure it gives you a higher level of certainty that that particular thing is really supposed to be getting accessed right now and that there hasn't been one single person who has been compromised that can then take over the whole system so this is a good way to take that next step into creating more redundancy this starts protecting you against all types of both online and offline attacks even more importantly starts protecting you against various catastrophic loss you know common things like a house fire whatever you know if you're not keeping all of your keys in your house but rather they're geographically distributed then you start to get some very interesting new properties that make you resilient against edge case events that we do see happen you know when you have millions of people that are holding Bitcoin in their own wallets then you sort of law of large numbers starts to kick in and we've seen all types of crazy things you know over the 11 12 year history of Bitcoin yeah all kinds of crazy things so you you guys do a two of three you do a three or five is that correct and then what's the top what's the what's the diamond level is it like a yes so then we also have a three of six which is a very specific one for our inheritance products and the reason that sixth key gets added is what we we actually are onboarding your estate attorney as a key holder into your key set oh man that's awesome because here at the black Bitcoin billionaires we talk about generational wealth and becoming more self-sovereign right so talking about generational wealth you got to be able to pass your wealth down to your generations here's my question though right so some people may be asking let's say you do a two of three and you put one on a hardware wallet like a trezor or a ledger or something like that and you have one and then you give your cousin Earl one so if cousin Earl has a key right and cousin Earl he's I most times but he starts looking at the Bitcoin price and realizing like that key he has access to it's worth a lot of money so cousin Earl comes to your house and steals your trezor or ledger right does cousin Earl have all the access to your coins now yeah these type of theoretical scenarios get really interesting because there are so many variables at play so I can certainly give you reasons why he would not for example if Earl didn't know the pin to unlock your ledger device Earl's not going to be able to get into that device but you know that's not the only consideration in this particular setup because if Earl has deprived you of your only copy of your key then even though he can't steal your money he has effectively locked you out of your multi-sig wallet so this is you know situations where you might want to have more backups and more redundancy so that you know even if something happened where your device was lost and Earl's device was inaccessible that you would be able to retrieve backups from elsewhere see Jameson I'm glad you said that because my wife always tells me I'm redundant sometimes and now I need her to know that redundancy is actually a valuable trait it's a it's a valuable trait to have to be redundant so yeah I didn't even think about that when I asked that question because I always bring up cousin Earl because cousin Earl is always the variable we don't know what cousin Earl's gonna do cousin Earl's the reason why we're in Bitcoin in the first place because he bought some and it price went up he came to Thanksgiving and everybody was like if cousin Earl's making money why the heck can't we make money you get what I'm saying so we talked about these we talked about security and one of the things about Bitcoin and the philosophy behind Bitcoin is about you being able to control your own keys but a lot of people also believe that Bitcoin was about privacy and and we know now of course many of the government officials in the past would have said that the addresses are anonymous or that there's some anonymity there but we all know they sue anonymous because at the end of the day you sent the money to someone that you probably know and so once I know that's your address then you know I could pretty much track you and that's what's happening with this KYC so let's get into privacy like in this in this era of extreme KYC right it's like they they're asking for everything and even when Steve Mnuchin on his way out he was trying to force everyone to tell people where they're at what addresses they were sending it to and who they were sending it to at that address how do we remain private because I love the stuff you're doing and some of the mental exercise you've been going through and actually the research around privacy so how do we remain private let's just start like how do we become private knowing that every single one of our transactions is tracked because it's on the on the blockchain yeah I mean this is a really deep and complex topic because there are so many variables and because we're living such highly connected lives these days and basically everything that you're doing is leaking information to someone and then that third party is probably either intentionally or over a long run unintentionally leaking that information to a number of other people so the you know the unfortunate thing about privacy these days is that you know the only foolproof way to be private is to not use the internet not use computers not interact with people otherwise you have to be selective and you can certainly shore up a lot of different aspects of your life to reduce the amount of data that you're leaking but at the end of the day you know we're all gonna have to interact with some people or some institutions and have to trust that they're not going to leak data from my perspective what I try to do in most of these cases if I can't avoid giving data to some third party then I'll straight-up lie to them in most cases it's not illegal to lie unless you are like you know under oath in court or you're signing some sort of legal document where you're attesting that you as a certain identity are doing things then the vast majority of the time there's no reason you need to give your real name real identity real contact information when you are interacting with some other person or service provider I mean I give fake addresses fake phone numbers fake names the vast majority of times that I'm presented with some sort of form to fill out and and even if if I am dealing with some sort of service provider that needs to have contact information then I'll have a proxy information essentially like a burner phone number a remail or physical address you know things that are creating layers of protection between my real information and still allowing people to contact me in a sort of roundabout way but you know it's hard to distill all of the different things that you need to do to improve your privacy because really the the guy that I tend to point people to is around 550 pages long but if you really want to get into this then I recommend that people go on to Amazon and they buy a book called extreme privacy what it takes to disappear the second edition of that came out about six months ago and it is a volume of information and it will it will probably open your eyes about a number of ways that you're leaking information that you haven't even really thought about what's so crazy so I'm with you man on a lot of sites and I'll guarantee this is probably for everybody there are a lot of probably birthdays on January the 1st and I'm 70 years old pretty much everywhere I mean to be all the way honest if somebody asked for my birthday I got a couple of pseudonyms that I use as well but one thing again man is that old cousin Earl right I always like to use the idea that my daddy always say son don't put me on Facebook man you're trying to be on Facebook but the problem is is that my daughter is on Facebook and my son is on Facebook and they take pictures right and so my dad could be in the back of a picture with with his location in the back right so how do you even get around that like at the end of the day do you have to live in a freaking bubble like to get away from old cousin Earl like how do you get away from that man like exactly just not have friends and family so yeah I mean it's it's not really feasible that you're going to be able to convince your friends and family to give up on a lot of these things and you know as soon as a photo gets uploaded that has you in it you know the facial recognition software at Facebook is gonna start to you know cross examine and correlate that with the other trillion photos in their database so you know from a physical standpoint and just the proliferation of cameras that's happening at a global level it's very difficult to avoid you know having your your real-world identity and likeness get sucked up into some systems like this the the solution to that you know other than becoming a hermit and living in the middle of nowhere the solution is remarkably I think low-tech though it's not it's not a perfect solution but basically you know having a big hat and sunglasses and in these days you can wear a mask and people don't look at you weird so you know there are ways to mitigate that but it's you know it's not a 100% solution by any means so you can walk around looking like for real so go get a huge hat or Cam Newton get a huge hat get you some sunglasses and won't know where I recognize you and that's real though right as real so here's the question though what do you think about services like coin joins right like people that set up coin joins for other people I understand that the United States government clearly doesn't look look at these things as advantages for them so they have they have come down pretty hard in a disciplinary way on coin join type services but what do you think about those for privacy and to help out with privacy at least from a transactional level and and everyone coins I like I'll let Jameson explain it Jameson go ahead explain coin join what is a coin join yeah as you mentioned you know every transaction every every so you know there is no such thing as a Bitcoin rather there are only transaction outputs when it comes to the actual data of the blockchain and the transaction outputs that have not been spent those have values associated with them they are Satoshi amount of values and those are the quote-unquote bitcoins that currently exist and can be spent now as you're going about your life and you are you're receiving and sending transactions on the Bitcoin network your wallet is receiving new unspent transaction outputs and then sometimes you are spending those and creating new unspent transaction outputs addresses that are owned by whoever you're sending money to so what sophisticated analysis firms will do is they will do basically clustering analysis and use various heuristics to probabilistically determine which unspent outputs likely belong to a given entity and this is not terribly difficult to do if you understand how wallets work but there is a technique to try to break that analysis and the technique basically involves trying to get a lot of people to come together and interactively join their Bitcoin transaction outputs together and and the way that they do that is well first you have to have some sort of coordinator software that helps people connect all of their wallets to it and then the coordinator will basically create these big Bitcoin transactions that will have dozens if not hundreds of different inputs to the transaction that are coming from many many different wallets and then once again there will be many many different outputs in that transaction that will also go to many different Bitcoin wallets and this creates a type of obfuscation that is difficult for you to analyze and try to figure out which money went where just because it's no longer like one input to two output type of problem but it's rather a many-to-many type of problem and that just creates a level of probability where these heuristics break down you no longer have a high certainty of what is going where and this is interesting to do it can get expensive it also has security trade-offs because it means that you're having to constantly spend these coins which means the private keys have to be somewhat easily accessible and I think that a lot of people put a little too much weight on them because there are still a lot of complex issues that you run into after you've done a coin join where you can make naive mistakes that essentially undo a lot of the benefits of what that coin join transaction gave to you so it's easy for you to screw up and accidentally recorrelate all of your different transaction outputs together so the the way that I can best describe it is I think the simple way to make use of coin joins if you want to do that is I would only really use a coin join when I am making a payment and I would I would basically send the money through the coin join mixer and then immediately send it as a payment to wherever I wanted it to go because that means whoever received that money from you if they try to look on a block explorer or you know look on the blockchain then they're immediately gonna hit this huge transaction with so many inputs and outputs that they have no idea where it came from however if you're trying to you know constantly coin join money and then send it to cold storage you're still gonna eventually run into privacy problems later down the line when you try to spend that money from cold storage so I think that it's best used as something you know in the moment of trying to make a payment that you want to be private right like it within the transaction so for everyone out there it's kind of like if you ever seen the Thomas Crown Affair at the very end and I'm not spoiling the faith you haven't they they they are walking around in the museum not really at the end but they walk around in the museum and everybody has the same outfit on and so it kind of mixes everybody up to not know who the who the culprit really is they all have the same outfit the same briefcase and that's kind of what happens right it's just a misdirection the thing is that I always say though is even in a coin join all I'm going to do is take the inputs if I know the people who are sending them I'm gonna take those and just match them to all of them and watch every one and now the crazy part about that is is that as we move further into this space of KYC and watching addresses and coin elitics we wind up seeing that people might start thinking that you sent money to a terrorist because you are part of a coin join that they followed that entire that entire stream all the way to Alabama to whoever that domestic terrorist is right I didn't really get to mention yeah you know that you are you're placing yourself in danger of having various services turn off your accounts because they deem this suspicious and the reason for that is because so few people do it if we get to the point where the vast majority of people are tumbling and mixing their coins together then it's no longer feasible for services to essentially say that this is suspicious activity so I will say while I'm kind of bearish on the current state of mixing I'm optimistic because some of the improvements we're gonna see coming down the line especially with snore signatures which allow you to aggregate these signatures together I'm very hopeful that once we have that technology available to us that it will get implemented into the mixers in a way that will actually sort of turbocharged the the way that all of these funds get mixed together because you won't even it'll basically become even more difficult for people to tell that a coin join even happened in the first place and so you can't flag it as suspicious if you can't even tell that funds are being joined together well look you know what James say what about us going up one layer so everyone Bitcoin is what I always call the fund the foundational protocol layer and things are going to be built on top of it so let's move up one layer to lightning to the lightning network we had Jamal James on yesterday from lightning labs and he was telling us all about the lightning network if we move up one layer do we get some of that privacy back like the lightning network help out with some of that privacy and I might be pushing things a little bit but is Casa going to get into the lightning game so there's there's certainly potential even at a really high level of you just the fact that you are you're creating these protocols on a completely different layer means that you have a lot more flexibility you can innovate a lot faster you don't have to get you know consensus from as wide of an ecosystem to make changes however at least from the current state of lightning when you are opening and closing channels you know those are still relegated to all of the same issues with the on-chain privacy now once again looking into the future there's reason for optimism specifically around this concept of having shared lightning channels and this is something that I believe blockstream developers with their L2 product have been working on so essentially figure out a way where if we could have hundreds or thousands of people who are trustlessly able to share a lightning channel then that once again turns into this mixer like scenario where it's just it's impossible to de-obfuscate what's happening inside of those channels a because a lot of it is not being broadcast to the entire world and B because the data is it's only known you know by whoever is managing that channel and we may even be able to get to the point where the channel management itself is not being managed by like one central entity but there's a number of different ways that this could go and we've even seen over the past few years that the you know privacy much like security is a it's a never-ending battle so there was reason to believe early on that privacy on lightning was going to be awesome simply due to the nature of the onion routing that is built into the protocol it's very much like Tor network from that standpoint of how the payments get passed around but of course eventually these various researchers come in and they start to poke and prod and they find different edge cases where they're able to essentially do probing of the network to try to figure out you know what's happening on the network and and then you know the people who are building the network read those papers and say okay well maybe we can tweak these things and you know prevent that type of of de-anonymization and so it's very much still a an early game or we're gonna see how things settle over the long run but in general I think it is it's logical to believe that any cutting-edge new technology is more private from the sense that nobody's looking at it so the same thing I think happened in the early days with Bitcoin where when it was primarily used with darknet markets a lot of people said oh this thing is private because it's so small nobody is really even looking at it there there haven't been any like law enforcement investigations so on and so forth and in a way that was true and you know for the first few years I think people did have a level of privacy simply because the tools had not been built to help law enforcement de-anonymize people but that's no longer the case today it could be the case you know for Lightning Network that you're you are you are relatively private and the tools to help de-anonymize you haven't been built and maybe they won't ever be built this is another one of those things where it's very hard to predict the future oh yeah and here's the thing so I was sorry I was mess with the mic um so here's the thing so it's hard to predict the future but my question is does it but does the future require us to get off the grid so I want to talk a little bit about what you I heard you in the very first day you were in here man you were telling people about you getting off the grid what are some of the ways because I'm gonna be real I just got a telephone our cell phone sim card after not having one for almost man since tooth I didn't have one since 2007 until two years ago so that's what 12 years I didn't have a sim card and I only use like a Wi-Fi and a bunch of other stuff to really connect with people so what are some of the methods you have used to kind of get off the grid and not be connected in in as in as many places as you normally are right as normal people are right well I'm not calling you that you're weird or something but but I'm saying like how many how how many ways have you figured out how to kind of get yourself off the grid into a privacy into a privacy place yeah I mean we don't even have time to go into all the different variables but that's why I direct people to get the extreme privacy book you know there are there are simple things that you can do I say the simplest thing anyone can do is just install a lot of popular ad blockers on all of the devices that they use you know that will get rid of a lot of the tracking that is watching you hop around to all these different sites and correlating exactly what you're doing and then you're just trying to sell stuff to you and oddly enough that's actually what I did before Bitcoin as I worked for an online marketing company that was sending out hundreds of millions of emails a day through its system and my job was to write large scalable analytics systems that could ingest these petabytes of raw data and metrics and tracking that were coming back into the system and the goal of that was to help retailers you know increase their return on their investment and better be able to target people to sell stuff to them but that really opened my eyes into how much data is getting sucked up and analyzed you know just from your normal day-to-day operations so there's you know there's easy technical stuff that you can do that only you know takes a few minutes or a few hours and you can also go and set up VPNs on all of your devices so that you're not leaking your real IP address to every website and every service that you use it gets more complicated though when you want to protect like physical aspects of your life if you if you don't want to be leaking your actual home address then you have to stop receiving anything to your home address and that's everything from bills to birthday cards to stuff you buy off of Amazon and you know one interesting fact that few people know is that like everything that goes through the postal system gets scanned and put into a database you know every envelope every every label and who knows what's happening with that information so you know any any time that you receive something to your actual home address that's probably happened because you've given someone your mailing information and that goes into a database that's probably getting shared or will eventually get hacked and leaked and even if it isn't the actual physical act of that mail going through the postal system is getting it scanned and put into a database and that database is probably gonna get shared or leaked at some point so you know the only way to protect yourself from these things is to not put the data out there in the first place so for for mailing stuff it means you have to have mailboxes elsewhere if you want to receive things it gets really the most onerous and resource intensive parts of the privacy journey that I've been through have been the the legal issues of publicly registered property and things like documents like your driver of license the driver license is really where they get you because you know anyone who's going to get a driver's license knows they require you to provide multiple proofs of residence which means in most states you're not able to just give them a PO box or a mailing address you have to have things like utility bills bank statements etc etc so that can get onerous and expensive the other things like houses vehicles anything that creates a public record which is basically anything that you pay property tax on the only way around that is to create a legal entity such as a trust or a corporation and have that legal entity be the thing that actually owns the house or the car or whatever and you know of course this is where we get into lawyer territory and the bills start to add up and that's where I've spent you know tens of thousands of dollars in legal bills over the years building these protections and somebody on Facebook said wow he makes it really scary but the thing is is that all he's doing is telling you what's going on he's not the one making it scary the boogeyman is the one making it scary um so here's the thing man like it's crazy all the steps you have to go to go through just to make yourself private right just to get yourself into a situation and one thing that I remember I had a buddy who's he was really big into privacy he lived on a homestead and he was giving me directions to get to his homestead and it was very difficult to find like I drove past it like 30 times right and so we wind up me and my other friend were going to his house because we were gonna leave out with him we went in his neighborhood just some random suburb suburbia neighborhood and a guy was walking his dog and picking up his crap right picking the crap up from the dog and we stopped and the dude we said hey man do you know where blank blank blank lives have you ever heard of him and that guy because he had been in the community so long knew the exact directions to get to the homestead so when we got there it was like man we know you trying to be private but it seems like everybody around here knows exactly where you are so it's like even if you're private even if you you know do all the things the PO box and all of those things you literally have to lie to your neighbors a lot you know especially if you live in a community for a long time you have to lie to them because somebody is going to leak it right somebody that's actually a good point that I didn't get to which is that I have a pseudonym for my physical locations like obviously I speak to my neighbors and we're on good terms and they know me as a cyber security consultant that's about as as detailed as I get on that but they also don't know my real name they know my alias right and that's see if you come to certain neighborhoods in the United States I know a lot of people by their nickname and I have no clue what their name is like I know a lot of people by their nickname like Junie matter of fact I have a cousin that we call pig my whole life and I didn't find out how what his real name was until I was probably 33 like and I called him he came to a funeral and I was like hey he said man I don't go back pig anymore I said my whole life that's all I've known you as his pig like what is your real name he was like are you serious I'm like yeah everybody calls you pig so what am I supposed to know I'm younger than you so I thought your name was Pig so you you just have to be you have to give people nicknames are you like your alias I would love to know what your alias is but I know you're not gonna say it on her but um I would I would love I wish I was around you so I could find out what your alias is it'll probably be something cool that's like my buddy at the Chinese restaurant his name is Harrison Ford you know what I'm saying I love him so this one thing that I learned the hard way when I first started doing this is I was giving different aliases to basically a unique alias to every different provider I interacted with I learned very quickly that that became way too hard to keep track of so I only have a handful of aliases now that's a lot easier for me to track and of course you don't want to you don't want to choose anything that stands out you want it to be a name that is common for your ethnicity your culture your geographic location yada yada yada right so you you now walking around saying your name is the roof is Leroy I got you bro I got you here's the other thing man you know who else is real good at this players everybody knows a player they done said a million different names to a million different women right so Jameson maybe you a player man maybe that's what's going on here you don't learn how to play the players way you know I'm saying okay so look man this has been awesome what I'm gonna do is open up the stage really quickly can you take a few questions before you get out of here you bet all right hold on man let me open this stage up let me bring some folks up let's see we got Ali and Damar let's see what's up Damar how you doing man hey what's going on yeah hey Damar I think I'm gonna use an alias like some old old black deacon dude or something man my name gonna be Otis Otis Bishop Otis Bishop Otis Otis Bartholomew or something we figure something out like it if anybody else wants to raise their hand and ask mr. Jameson a question please hop up on stage what's up Damar what's your question doc yeah so real quick Jameson so this you know how like sometimes you could type your name on it and then Google and it pulls up your address and everything like that do you have any apps or or companies that can help wipe that away I heard of this site called delete me but I haven't used it yet but do you have yeah that's it that's a very good common question and I've seen people posting that question on forums there are a lot of websites out there that will claim to help you clean up those records a lot of them are probably scams and the ones that do work they'll be able to clean up some things but the unfortunate story of the situation is once the data is out there you're never going to be able to completely get rid of it and the the way that I described what I ended up doing and what I end up telling a lot of people who are in sensitive situations is that the the only way to do this privacy thing from a foolproof standpoint is to walk away from your current life and by current life I mean all of your public information this is something where I had to I had to sell my house I had to sell my cars I had to get rid of everything that was publicly I associated with me and I had to go redo everything move buy new stuff and do that all from a privacy centric standpoint that is the extreme you know if you want to be a hundred percent certain and even then you're gonna if you're doing it right then you're gonna want to keep running reports against yourself I I hired private investigators after I set everything up and and tried to see what they could find and it's amazing I actually I had someone I had someone run a report on me just this week that I do on a regular basis and it was 50 pages of information and you know this is just like public records and things like phone records and other services and the crazy thing about these reports is it'll not only be your entire history of information but it'll also dig into like everyone else who is associated with any addresses that you are associated with or anyone else who is associated with ownership of vehicles or property and it's it's crazy the amount of correlation that happens on the back end I will say that one thing that has come in helpful from a sort of obfuscation standpoint is that by using like enterprise mail receiving addresses I'm now sharing physical addresses with dozens if not hundreds of other people and so that's actually it I look at it as it's actually it's kind of like doing a coin join but for my mailing addresses so you know that's I guess the the long pessimistic version if if you want to feel a little bit better about your current setup then I guess it couldn't hurt I wouldn't spend a lot of money on those services to try to clean up your data because I can guarantee you they're not going to be a hundred percent effective so you know if you want to spend 50 bucks or something and see if it makes you feel better then I guess it couldn't hurt as long as that level of resource isn't a big deal to you but in order to do it right it requires a lot more commitment and and resources unfortunately so okay thank you for that and you mentioned a book earlier right a book to read on this what it was the name of that book yeah so it's called extreme privacy the author his name is Michael Bazell of course that's not his real name but he is a former federal agent and private investigator and so he knows how all of this works because he used to be on the other side of it tracking people down his his name is really cousin Earl that's really cousin Earl writing books and other people's names maybe it's big it's big I've actually been listening to Michael for many years he has a phenomenal podcast as well I highly recommend it when you search Olson on podcast his will come up the privacy podcast but very very knowledgeable we have those privacy chats sometimes guys all my knowledge is from Michael Bazell oh thank you Daniel Ali what's up first real quick I got a question on on Facebook how can you travel internationally like if you've given up all of this how can you travel internationally that's what someone as Jameson yeah so I think another important thing to note is that nothing I've done is designed to be nation-state resistant I'm I'm not trying to tell people that you can get like Osama bin Laden level privacy which of course that is literally going and hiding in a cave for 20 years right rather you know everything that I've done I've done via legal avenues via legal entities that America is actually somewhat well positioned most other countries do not allow you to create these types of legal privacy protections so if if you know government agents that are well funded and have a lot of resources behind them wanted to then they can start piercing the veils of the different legal protections that I've created and they can you know find the entities that know the private correlations of you know what my actual contact information and address information is so also you know from a a travel standpoint you know obviously I have I don't have like fake passports or anything like that that's not my goal if if nation-states want to know my comings and goings they definitely will however there are still a few things that you can do so when I am traveling for example or even if I'm going to a hotel or whatever there there are a number of situations where counterparties will ask you for legal identification and in these cases I never present my driver license because that has an address on it that address is not my normal address of course that's a whole other issue but I don't want to leak that address anyways so I always present my passport and that's because the passport does not have any address information on it also man Ali what's your question man hi hi Lamar hi Jameson hi everyone thanks for thanks for the opportunity so although you know I admire Jameson for all the Bitcoin knowledge but I didn't know he was so he was so great at secure privacy as well so what I want to know is very related to what Damar had so it's about before knowing all this you know you would have a lot of social media presence you'd have Facebook Insta everything so when you get this realization that you want to focus on privacy how do you what steps do you take and how do you how do you ensure that face Zuckerberg forgets about me Facebook gets about me is it actually possible based on your previous answer it seems that no it's not possible but suppose if I've deleted my Facebook years ago never had Instagram I'm never going to get back onto Facebook but of course whatever data I had provided in the past that would still be there isn't it that's that's not going to go away isn't it yeah so like in order to quote unquote delete your Facebook the right way they're actually entire articles and guides around that because Facebook tries to trick you during that process and absolutely I'm deactivating rather than deleting right the the other tricky thing about even after you purge all of your Facebook information a your you are trusting that Facebook is actually deleting that after 30 days or whatever their terms say but the other thing is that you also need to go into every device that you use to browse the internet and you need to clear out all of your cookies on there because you most likely have cookies and other tracking identifiers where Facebook has fingerprinted your devices and associated with them with you and most likely you will continue to associate them with you even after you've quote unquote deleted your profile so that's the next step and then of course you also need to make sure you set up appropriate ad blockers on all of those devices so that they don't continually recorrelate your devices and this is I mean an unfortunate thing about some of the complexity of the nature of like internet browsers in general is that your browser leaks so much information to every website and every service that you go to that it's very easy for unique fingerprints of your browser and your device to be created and then have that data used to correlate and track you as you're going across many different websites okay so that's that's that sounded more scarier than I imagined actually with the device signatures and everything the the other part is with regards to aces you mentioned how do you go about your normal life like you know apply for a mortgage for example if you apply for a mortgage you're inadvertently going to get communication to your address in your real name things like that and so you can't really keep an alias for everyone isn't it your neighbors are going to know your postman is going to know various people are going to know regardless isn't it so it is it really worth it well is it worth it for any of this stuff is very hard to quantify I'm the first to admit that I have taken this project to the extreme partially I mean obviously partially because I have an actual event where I had a SWAT team show up at my house and that was disturbing and I want to prevent that from happening happening again but from more of the curiosity standpoint I take it to the extreme because I want to see what it actually costs to do things you know the best way that you possibly can and that's where I have learned that unfortunately you know extreme privacy unfortunately most people are priced out of it it has kind of become I think a wealthy person in this game at this point if we're really talking about the extreme level of things but kind of going back to your point one gauge that I have is that if I ever receive any correspondence to my real physical address or any of what I consider to be my real contact information and that's in my real name then I know that I've screwed something up and I have had that happen one or two times and it's always due to some third party that I ended up having to trust so I've I've had issues where attorneys or bankers who I have entered into trusted relationships with to help act as these privacy proxies for me have due to just their default processes leaked information even though I was very specific and spent a lot of time telling them you know why I was doing all of this so for example like I've received stuff to my real residence in my real name which was things like a holiday card and the reason why that happened was that when they entered my information into their system it automatically it got slurped up into some other stupid marketing system automatically they didn't even know that it happened and then you know by the time several months later when I received this holiday card in my real name and then I get really pissed off and I start yelling at my banker they're like oh yeah we forgot about that so it's it's just like the nature of all of these systems it's just not designed for privacy and even when you tell people up front that they just they haven't thought these things through hey would you could would you say as well Jameson I don't know if you have children but would you say children are probably one of the biggest security or privacy breaches places for breach in the entire system because kids don't always understand you know I'm saying and they'll mess around and tell everything all your business and everything so do you think children also are kind of a privacy breach for a lot of people definitely and this is not something that I've had to deal with but even thinking through you know all of the other issues this you know similar to the issues that you enter in with public property you know you end up having to register your children in so many different ways that I don't think that there's any great solution for that either so this is this is I think one of the the trade-offs that you also have to make is that you I don't think that you can tell your children that they have to follow any sort of protocols or procedures so you would you really have to bake that into your model and you know assume that they're gonna be a sieve when it comes to holding information yeah that's crazy it almost feels like after listening to you talking thinking about all of this it almost feels like the best privacy is no privacy at all it's just to be completely transparent here here I am is everything I do now okay you got everything now what you know I'm saying it almost feels like just take it all man and I think a lot of people to be honest have fallen into that right like I think that's where a lot of people have gone somebody on Facebook Ryan Cooper says social engineering facts he said kids be talking talking he said his kids are quiet though lol so so yeah and then we got one more one more person up I think Daniel you got a question doc thanks to my thank Jimson oh yeah there you go Aliyah I mean I would probably say as an exchange or someone that you know is a peer-to-peer on border and off-border I know from myself in 2017 I had a had a tack on me and I'm super safe where they were able to find my phone number they had a friend at a for you guys will be like like Sprinter Verizon and then even though I had a pin code on and everything and you know they were directed not to sim swap me that's well how would you say is the best way for newcomers to be alert because the one thing that we need to know about Bitcoin if you're out there flaunting it's a guarantee that they're trying to figure out where you live and to sim swap you and find all the other good stuff is a very very large occurrence like I said it happened to me not only do they sim swap me and get nothing because I had Google Authenticator but they actually when you have a gmail or a hotmail it backs up your iPhone contacts which I wasn't even aware when you sign that contract so then they shamed the shit out of me and message every single person begging for Bitcoin my gosh basically saying hey man I ran into some tough times if you could send me over 200 bucks a Bitcoin la la la la and like honestly when people look at you as like oh he's doing well with Bitcoin and then they get those messages and you tell them it wasn't you they're like oh you sure bro cuz that was kind of weird how would you what would be the security measures that you would suggest for new onboarders coming on with their bitcoins that you know maybe are not a litter enough to hold their own keys and use a vault online or something like that what would you suggest for those people right so I think one thing worth noting like the reason that I've gone to the extreme for all of these privacy issues this is this is the hard path to take the the easy path would have been for me to delete all of my accounts and just stop using social media stop being a public person like that's the reason I got in trouble is that I over a period of a year or two kind of got catapulted into the limelight and when you get more attention sort of law of large numbers means that eventually there's gonna be a few crackpots and that's the type of thing that celebrities have had to deal with for most of history but now the internet age has lowered the bar so much that that anybody can basically overnight have the attention or the ire of millions of people directed at them and then a few of those might be some sort of sociopath or psychopath or other criminally minded person who doesn't have morals and ethics and is willing to try to attack you so the first thing that you can do is just not be public with your real identity that you're into Bitcoin set up social media accounts that are pseudonymous and that's your Bitcoin account to talk about with people you know that provides you with one more layer of protection because anyone who's talking about Bitcoin is going to become a target because these are you know bearer assets they're once stolen they cannot be returned that really it changes the incentives of the game with regard to attacks but you mentioned sim swapping you know that's a very common thing and the the real answer to that is that you should not be associating your phone numbers with any type of sensitive accounts this can get tricky because there are plenty of services out there that require a phone number to be associated with you so if you have to give a phone number then I would not give a phone number that is to a service that is in your name by which I mean if you're using a major service provider a major carrier Verizon AT&T whatever whatever they all suck at security and this is because they have over the matter of a few years found themselves in a position where now they're actually being their services are being used to secure millions of dollars in people's money they never intended for you know their your phone service to be a high security thing that is protecting millions of dollars it just it's not designed for that and so they are getting socially engineered left and right they're having internal attacks by employees at these companies that have real how much money they easily access and you just should not use them to secure anything so my answer is that this is my excess and you just should where'd you go hello yeah I think you were breaking up a bit there hello is everyone good is everyone good I can hear you I'm pretty good good I don't know what happened actually actually I do I was going to change some of the video and some of the sound came back to you guys so my bad okay oh yeah but go ahead Jameson I'm sorry but but yeah long story short I do not have any phone service at any major provider that is in my name my only SIM cards I these days are once again bought through these anonymous LLC's that I set up and they're set to mailing addresses that don't have my name on them so since so on and so forth but that's even that's only the first the first layer for the actual SIM card itself I don't even know my real phone numbers I then I set up proxy phone numbers I set up virtual phone numbers that forward to the real phone numbers and then I hand out those virtual phone numbers as yet another layer of protection so that I can still receive you know SMS messages for those really terrible services that only do SMS two-factor authentication but there's no way anybody is going to be able to call up and socially engineer a mobile service provider because I Jameson Lopp do not have accounts at any major providers but you know the preferable thing to do if if a service supports it is to like you said either use Google authenticator or what I prefer is to use an actual piece of hardware to use a ubico device and use that to secure the the private data for the 2FA and you can actually use ubico authenticator which is it's the same as Google authenticator except the private data is stored on that dedicated hardware device yeah and and just to give you a heads up Lamar so I put I put alerts on my account no matter what cannot be switched and they did the most brilliant thing so the Rogers guy got back to me which is like our Verizon he said that the culprit walked into one of the Rogers stores probably so imagine you go to a Verizon store and you go to the employee and you look at his name tag it's his name tag says Lamar and he goes Lamar which store number is this by the way I'm curious and he goes oh this is store 4283 then this guy has the employee line he calls in and says hey this is Lamar from store 4283 I have Daniel he doesn't remember his pin code I verified his ID and that's how they actually sim swap me which and actually because I never give up my number online I'm pretty sure had something to do from a guy that used to come to our exchange because he actually had my real number I slipped up which is why I only use my pseudo because I don't trust any major carrier I'd rather use a virtual number that you can't do shit with like literally nothing and yeah man you literally can walk into a Verizon ask them which store number it is and look at the guy's name tag and then call the employee line which will be on Google and just that's how they do sim swaps now hey I'm Lamar from store 4832 I got this customer in front of me Daniel Bork la la la la he's got to change this thing and they don't even ask a question they don't ask verify his address all his license they just know you're an employee they hit the store number they hit the name and that's it it's over they got it man I will say that for a normal person who doesn't want to go through all the stuff that Daniel and I were just talking about the best option which I used for a few years was project fi I think now it's a Google fi but basically if you're at least for Americans you can get Google's phone service and the good thing about that at least so far is they literally do not have any human customer support agents that have the ability to unlock and port your phone number if you don't have the pin that you set on that then there's no one in the world who is going to be able to be socially engineered and unlock it man yeah that's that's awesome news because that's what my wife uses so yes awesome news somebody on Google Ryan Cooper said yeah I've used Google voice in the past to spoof my numbers to weird women so that's another way I guess to stay private and as a matter of fact I remember back in the day women used to use 2545 400 that was like the budget number and they would give dudes that number back in the day so yeah I don't want to keep everyone too long and I know Marcus had one question Marcus could you shoot that question and then we'll try to close this thing up man yeah real quick hey I want to go back to a comment you made a few minutes ago Lamar appreciate you Jameson for the information but like you said a few minutes ago Lamar I'm one of those public people who you know my wife is in TV news I publish a magazine I got a son who played division one football there's no way for me to hide from anybody I need to focus more on some of these multi-sig security options and just you know to put it out there I don't own any Bitcoin all these questions are for a friend right so what types where can I find more information about some of these multi-sig security techniques and you know some of the stuff that's coming up that you guys were talking about so I would definitely recommend checking out my website at lop.net l-o-p-p dot net I have enough resources there to keep you occupied for months there is a security page in general that has every popular security protocol that has ever been published that I've been able to run into and then of course my company you can check out our website at keys.casa k-e-y-s dot c-a-s-a and we have a how it works link there that has about 36 pages of documentation into the threat model and the architecture and all the decisions that we made around that and of course I'm highly biased I do believe that we are offering the best user experience that can give you high security the thing about security in this space is that there is no perfect solution everybody's security needs and threats that they're worried about are different this is a very personal matter and that's why we think it's very important not just to provide a piece of software but also to provide actual client services to discuss all the decisions that need to go into your own security setup great thank you and thank you Jameson man this was a really fun yet scary interview man I appreciate you coming on this morning to Bitcoin philosophy for breakfast we tend to do this some mornings and Jameson of course agreed to come on and give us that is there anything you want to leave the crowd with man because some of these people are gonna sleep well tonight yeah I mean the main thing is that we've talked about a bunch of different extreme stuff over the past 90 minutes or so and this is just coming from the knowledge that I have generated over the past few years of putting a ton of time and resources into it but you should not allow the extremes to paralyze you in fear and and throw up your hands and say ah well you know I don't have the time or resources to do this there's always low-hanging fruit and I did not do this all at once I I gradually over the period of probably 12 to 18 months worked on these things piece by piece so you know if you set aside an hour or two a weekend to keep digging into this and slowly but surely incrementally improve your own privacy and security posture then over time all of those little improvements will add up to a cumulative level where you're gonna be in the top point zero zero one percent of people in the world so you know it's just a matter of dedication think of it as like you know the tortoise versus the hare you can get there eventually man thank you Jameson man I really appreciate it it's listen this is Bitcoin philosophy for breakfast I am your host DJ I don't know what else I am Lamar is it's been really good being here on the Bitcoin on the black Bitcoin billionaires club if you're a member already man keep coming it coming back if you're not a member go ahead and hit that greenhouse above my head everybody on Facebook thank you guys for tuning in this was a really big show on Facebook if you want to catch this later you can go to Coinda on Facebook or you can find it at the black Bitcoin billionaires channel on YouTube we just getting it started so we don't really have a name yet but if you search black Bitcoin billionaires on YouTube you can get this it's wonderful presentation for my man Jameson man so thank you again Jameson man we appreciate you and to everybody out there like I always say live love love life if you live love you will love your life man till next time see y'all