EPISODE: 0.3.4
BLOCK: 695186
PRICE: 2194 sats per dollar
TOPICS: mobile phone privacy, iOS, calyxOS, grapheneOS, why privacy is important, open hardware, corporate surveillance, defcon, spending vs hodling, bitcoin vs monero tradeoffs
@sethforprivacy: https://twitter.com/sethforprivacy
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch​
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch​
telegram: https://t.me/citadeldispatch​
support the show: https://tippin.me/@odell
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
[00:00:00]
Unknown:
Bill widens the definition of broker. Those who would have to collect information on cryptocurrency consumers and report this information to the IRS. It would force every single participant in the cryptocurrency structure to operate as a financial institution, which would mean they would have to provide consumer information to the IRS even if they don't have access to that information. This overly broad definition of the word broker will block rapid innovation in cryptocurrencies, and it will endanger the privacy of many Americans in cryptocurrencies. This is wrong. So I applaud my colleagues for Trump. Fortunately, because the senator from Vermont objected that incremental approach hasn't been adopted. So let's exercise a brief shining moment of common sense, and let's recognize if we've gathered all 100 senators in this chamber and ask them to stand up and articulate 2 sentences defining what in the hell a cryptocurrency is that you would not get greater than 5 who could answer that question.
Given that reality, the barest exercise of prudence would say we shouldn't regulate something we don't yet understand. We should actually take the time to try to understand it. We should hold some hearings. We should consider the consequences. We shouldn't destroy people's lives and livelihoods from complete ignorance.
[00:02:14] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt Odell, here for another Citadel dispatch, the interactive live show about Bitcoin distributed systems privacy and open source software. This is Citadel dispatch 34. Our focus is gonna be mobile phone privacy. I wanna do a quick shout out as I usually do to the ride or die freaks joining us via the live chat that it comes through on Twitter, Twitch, and YouTube. Appreciate you guys. You make this show unique and special. Also wanna shout out all the freaks who support the show. This show is a 100% audience funded with no ads or sponsors. It will always be the case, and you guys make that possible.
The easiest way for you to do that is through podcasting 2.0 by going to new podcast apps.com, picking a podcasting 2.0 app, loading it up with Sats, searching for Citadel dispatch, and you can stream Sats directly to my node. It is appreciated, and it's pretty cool watching them stream in after the podcast feeds go up. You can also support the show at the website, sidildispatch.com. I have a pane m there. It's easy to remember. It's Odell. You can also support it through [email protected] using the tip and dot me link. So thank you, guys. I do appreciate it. To those freaks coming in through the audio feeds, that was senator Ted Cruz on the floor of congress talking about cryptocurrency.
I don't think that we should take extra you know, I I I doubt his, you know, I doubt his motives, but, it is pretty interesting watching it be you know, we're everyone's noticing us now. We're we're we have the attention of regulators everywhere. We have the attention of senators and congressmen. A lot of what we've heard over the last week has been disappointing but expected. But at the same time, to hear Ted Cruz basically call out everyone for not having any idea what Bitcoin or cryptocurrency is is a bit of a breath of fresh air, and it is really crazy to see. So I'm glad we're gonna have that archived in the Citadel dispatch archives forever. With the archives being mentioned, once again, you can view all previous [email protected].
There's Bitcoin TV links there, which is our peer tube instance dedicated to Bitcoin content, hosted on our own servers, and, there's also links to the audio. And I think you can also search through all the transcripts too, which is actually a really useful feature. I don't think people realize it's there. It is algorithmic instead of, like, a human transcribing it. So there are a lot of errors, but it is nice that you can just search keywords through there. So keep that in mind. Anyway, guys, I'm really excited for our guest today. We have Seth for privacy here.
He is the host of the Opt Out podcast, a very good podcast. We have, actually a lot of overlap with guests. He's he's had Catan on there. He's had Diverter on there recently. He had Max Tannahill on there, all previous guests of Cielo Dispatch and good friends of mine. The podcast is excellent. I highly recommend it. Also, me and Seth, we kinda go way back on Twitter. I think, Seth, I think we met at Bitcoin 2019, if I recall correctly. You introduced yourself. So welcome to dispatch.
[00:05:50] Unknown:
Thanks for having me on, man. It is a a huge privilege to be able to come on and and chat about, mobile privacy specifically. I think there's such a good crossover here with kinda your your normal audience, and Bitcoin in general, drives home that idea of self sovereignty and taking back control, and mobile privacy is a huge part of that. So glad to be able to to to dive into it with you here.
[00:06:11] Unknown:
Yeah. Absolutely. Thank you for joining us. I mean, mobile phone privacy is on the top of everyone's minds right now because of the recent iPhone announcement, Apple announcement. But before we jump in there, I mean, you've dedicated so much of your life, to privacy and personal privacy. Do you wanna tell the freaks why they should care about privacy, why they should care about their own privacy?
[00:06:41] Unknown:
Yeah. I mean, I think I think there's a lot of different reasons that we can come back to, and a a lot of the like, one of the things that I enjoy about my podcast is I could just sat sit down with people and just hear a little bit more about, like, their personal privacy journey and what drove them to to see the need for privacy and to tar start taking steps to to take back their privacy. And, the big thing for me that jumps out is just the the simple idea, and it's a phrase people have probably heard, but just that the privacy is the ability to selectively selectively reveal oneself to the world.
And just it's really a way for you to control the data about you, to control the the things that other people are able to see or not see. It's not about necessarily hiding things, not about necessarily hiding criminal activity or anything like that, but, it's really just about having that that control over your data, and I think a lot of times here, at least for me, I'm I'm in the West. I'm in the US, and people who grew up in areas that are a little bit better off or maybe have at least a a better facade of freedom, we can kind of get caught up in the idea that we we don't have anything to hide and that it doesn't really matter that all of our data's out there, that these these companies are just pulling in our data by troves. They're gathering information about where we go, who we visit, the apps that we use, how long we use those apps, where we click in the apps, that they're gathering data on all the people that we talk to, when we talk to them, what we talk to them about.
That has been going on for years years. Mean, we've we've seen it with the government, with the NSA, and, now I think we're starting to take steps towards corporate surveillance being the bigger problem than governmental surveillance, at least in the in the west here. And, people that have at least the privileges that I've had growing up, I haven't felt the the harsh pressure of an authoritarian regime or the harsh pressure of, persecution of, like, myself or my family or my maybe a religious group or something like that. So I haven't seen the need that's, like, life or death. But a lot of people in the world have seen that, and they fight for that privacy, that that right to be able to decide what they reveal and to who.
And I think that it's a responsibility for those of us who do have that freedom and and have access to those tools to to go ahead and jump in, focus on taking back our own personal privacy. And then as we go along that route, no one is too no one is too small or unknown or, maybe not technical. No one is is too far to be able to just write down the things that they do, share the that's the steps that they take towards privacy, and help pull other people into that journey over time.
[00:09:16] Unknown:
Really great answer, Seth. I think it was really well said. I mean, a couple of things there. First, you know, you said that corporate surveillance is becoming more of an issue. I seem I've noticed that it seems so intertwined now at this point. Right? It's like corporate surveillance is is almost it's an extension of state surveillance. And Mhmm. All that all that data that that these corporations are hoovering up oftentimes for their own profit motive, ends up in state hands. And even if you trust your government now, you don't really know, what the next government will be or what the next situation will be. Right?
And then the other thing you mentioned was you evoked the cypherpunk manifesto, with privacy, with your comments on privacy, and there's a there's there's something interesting here with, you know, part part of part of that quote before the quote is that privacy is not secrecy. It's the ability to selectively reveal yourself to the world. And you, for better or worse, seem to have ended up in the same situation as me, where you're a public persona, a public person talking about privacy. How do you and I often get a lot of shit, like, oh, you know, you can't talk about privacy if if you're publicly talking about it. Like, obviously, you don't care about your privacy if if we we know what you look like, and we know who you are.
You obviously don't take it that seriously. How do you circle that square? How do you, if if if when someone says to you, like, oh, you don't care about privacy because you're a public person talking about it, how how do you answer them? Yeah. Yeah. I'll I'll dive into the the first point you mentioned real quickly first. I accidentally didn't unmute. Wrong keyboard shortcut there.
[00:11:21] Unknown:
But for the corporate surveillance piece, I think, like you mentioned, the the government has realized that there's a a powerful tool at their disposal. If they can leverage the law and just social pressure onto these companies, they can get them to to do their work for them, and just take away the the need for them to do governmental surveillance or take away the need for them to do governmental censorship. But I think another reason why corporate surveillance is becoming so much of a problem is because it it pervades cross country lines.
It's something that usually will follow you no matter if you move countries, no matter if you leave. It's usually something that very easily crosses borders. And sometimes governmental surveillance can cross borders. There's lots of agreements. There's 5 eyes and 13 eyes and different, groups of countries like that that do share data, but sharing data between governments is always tricky because they're trying to get the leg up on each other even when they're technically allies. But I think corporate surveillance has a lot more danger in that sense, and the services that we're using on the daily are normally things that were being sold as free.
And the thing that they're selling us as a a service and taking our data. And so I think that's it can be a little bit sneakier than hearing that, like, the government surveilling you, and that can seem a little bit maybe conspiracy theorist or something to to think that the government's watching what you do. But we know that corporations are doing it. We've seen them do it time and time again, and it's only been growing as we've seen, monopolies around, specifically, like, social media is is one of the key areas. Social media and messaging apps. We've seen the monopolies around that shut down the smaller options. And then once they have control, they're able to really leverage that that surveillance and censorship, to sell your data and make themselves money or to censor and to push their own personal beliefs on the people that are using the platform.
And as for the whole idea of kind of revealing more about your public personality or persona versus just using an m, I I definitely I go back and forth on this. I mean, as things get a little bit scarier here in the US over time, I I lean towards going to a NIM, but, obviously, I've built up this brand that is set for privacy, which it I definitely wanna keep this this following. It's a it's a great group of people. It's people that are passionate about privacy and have followed me through a lot of different steps that I've taken. But I think the key thing for me is I I think there is a lot of value in there being non pseudonym people that are willing to step up, willing to put a little bit more at risk, willing to put a little bit more on the line to become that, those people that can kind of draw in the less trustful people. I think a lot of people can be a little bit worried about pseudonyms or can feel like if someone has a NIM, they're not trustworthy. And, I don't think there's a reason for that. I think names are great that many people should probably use that instead of using the real name in almost every circle.
But I think that I think it's useful for some people to just own at least part of their name or I mean, it it couldn't even be a fake name. Like, obviously, you don't know that my name is Seth, but, to own a little bit of that public persona, to own a a face and an image, and it helps to draw people in, especially kind of normies who maybe wouldn't be as comfortable with just jumping in and following all the things that a random NIM on the Internet says. So I think there's definitely value, but it is definitely it's extra risk, and it can complicate things as far as keeping keeping other aspects of life private if you do have any kind of linkage to your name, picture, that kind of thing.
[00:14:55] Unknown:
Yeah. I mean, 100% cosign that message. Grapple with it daily. Do you have do you ever have any regrets with that?
[00:15:09] Unknown:
I think my only real regret is just that I was so open early on. Obviously, the things that I know and can remove, I've I've gone through and removed. But I, obviously, before I jumped into privacy, which was only very recent, I think a lot of people may just assume because the main thing I talk about is is privacy, both in the cryptocurrency space and just generally that that I'm someone who's, like, been thinking deeply about privacy for a decade or something. But it's really recent. I mean, really, I started caring more about it in 2018, 2019. Probably even 2019, I think, would be when I started to really grapple with why personal privacy matters.
And so I think before that, obviously, I was careless with social media and the things that I shared. So I think I think if you go into it knowing what you're doing, you you know that you're going to be sharing, at least a theoretically real name and a face that can be a little bit easier to to latch on to. I think just being careful, obviously, about how you how you use that because if there is a a link to real life, it could be can be more dangerous for you and can make tying things together a little bit easier. I don't say I have any regrets. Just that, yeah, I'm I'm glad that I did it. I think I will keep doing it, but it is definitely as things get tighter and tighter, it it's tempting to to become a pseudonym rather than sticking with any kind of semblance of in real life personality.
[00:16:33] Unknown:
Yeah. And, I mean, it's not mutually exclusive. I don't know about you, but I exist on many nims. But, there there's there's definitely I can I can definitely relate with that path? I mean, with me, it happened a little bit earlier, but, you know, you kinda have, like, an moment where you realize I I think in today's world, most people, when they discover the importance of privacy, it's a it's a discovering of, oh, shit. I I'm completely exposed. And, that's when you start to realize why privacy why personal privacy really matters. Right?
[00:17:17] Unknown:
Yeah. For sure. And and that's a really good point that having a real persona and pseudonyms is not something that that can't coexist. Like, those are definitely things that go together. I use pseudonyms as well for different platforms. I think everyone that I know who has chosen to reveal something about themselves on social media usually has other names that they go by and other things. And I think that's that's excellent. And, like, something I do is I use a tool like SimpleLogin to do email aliasing and the things that I use email aliases for. I'm obviously not using a a name with that kind of thing, so there's definitely power in pseudonyms. Like I said, I would recommend most people use pseudonyms, but I I do think that there's there's value in this. And outside of the the one persona that I think is valuable to have a more real persona attached to, which is my Twitter account and then obviously is the host of my podcast.
Outside of that, I think pseudonyms are infinitely better. There's there's not really any comparison. You should avoid using, I think, real information wherever possible. But
[00:18:18] Unknown:
100%. Okay. So let's go back to, corporate surveillance. I mean, you made an interesting point there. Like, if if the government says they're reading all your emails, people tend to have a naturally revolting reaction to that. But if Google says they're doing it to serve you better ads and give you free email, people don't. If Facebook is tracking your location everywhere you go, people, for whatever reason, tend to have less of a reaction to that than if you found out your government was tracking your location everywhere you go. But at the end of the day, in both those scenarios, the end result ends up the same. Right? That data gets logged, and it can find the hands, whether that's in the government or it can find the hands of a malicious individual, get shared with all their partners. It's the same end result. But for whatever reason, people seem to be more, comfortable with sharing it with these corporations than they do, if if it's if it's explicit if it's explicit from a government actor.
So recently, we had this news that Apple will be scanning photos, that are stored on a person's local device on their phone and on the cloud, the Icloud or whatever they wanna call it. The Icloud has never been, encrypted end to end, so they've always had that functionality capable. Right? We have, Bitcoin in the audience. His name is Bitcoin, Clarifying that they're scanning hashes of photos, to match them with whatever their blacklist of hashes is, which isn't transparent. But the end result is the same. They are scanning your device, and there's been a lot of pushback on that, but they're going ahead with it anyway.
So, recently, there's been before that, I mean, Apple made a very big push to privacy, and a lot of their advertisements were about how if you want privacy, Apple is the product you wanna do, whether that's a computer or whether that's a phone. I I think before we jump into the, you know, privacy specifics, privacy specific OSes and phones, what is your what is your comment to someone who chooses iPhone or chooses Apple products for privacy? Why shouldn't they, why is that not a good option for someone seeking privacy?
[00:21:05] Unknown:
Yeah. Yeah. This is a that's a topic I've brought up with other people I've chatted with, and I've talked about a little bit. But I really think I'll start off with the positive. I do think that Apple is generally better than Android, specifically when we're talking mobile privacy. I think they've generally had better policies in place. They've generally been firmer about the requirements that they put out for apps in the App Store. They've had the recent really good push, about the the whole right to track idea where an app has to request if they can track you or not, and you get a very clear, do I wanna allow them to track me or not prompt. And we've seen lots and lots of people answer no to that, obviously. Because when you're presented with the with the clear question, you jump into, you jump to to no. You don't wanna share that data.
But with this license this latest push, I mean, they've had kind of a big marketing thing going for a while now pushing privacy. And I think they've latched on to the the narrative that's been increasing lately, which is, that people are starting to wake up to privacy, and they they realize that's it's a great tool for marketing. If they can jump on a a trend, jump on a narrative, and jump on something that their competitors do poorly, which is Android. Android has generally been very poor for privacy, they realize they can make more money. So I'm not saying that everyone at Apple is necessarily malicious or using it just to make money. I think there there are probably people there who do legitimately care about privacy and think they're doing the right thing, and have built out, again, like I said, some some good privacy measures.
I think at the end of the day, it's it's marketing. They wanna they wanna pull you in. They wanna get you using their devices, and get you under their ecosystem, which they've always made very hard to get out of, and they've always made it very holistic where you you need to get all of the different devices and things and accounts to to tie it all together. So I think iOS is generally alright for privacy. It has been very secure for a long time. That's one been one of its strengths, is that it is very secure against attacks. They they patch bugs and and vulnerabilities very quickly, and across the whole board of devices. You don't have to wait for different timings on on releases to patch those things, which is important.
But it really to me, it's a it's a marketing push. And, I mean, this this latest this latest thing with photo scanning, it's a it's a tricky one because they chose to focus it on something that is that something that everyone should be against, which is child pornography. That was the focus of this this effort is to help to to shut that down, to shut down, rings around that and and sharing of of images. And, like, obviously, that's 100% a good thing. Like, no one no one would disagree with that, but that really job pornography, terrorism, have been 2 of the kind of boogeymen that get used for a lot of attacks on privacy and freedom.
Again, not to say that those two things are not bad, but just to say that they are constantly used as a a fear inducing tool to push against privacy or to push against personal freedoms. And so that's what they that's what they chose to use this latest push for or to use for this latest push. And the the concept itself seems relatively harmless if you're just reading it at face value that they'll take caches of the images on your device. And for anyone who doesn't know, what what that means is that they'll take your image, they'll make a unique hash out of it that can only be that specific image. If a pixel is changed, the hash that's generated from that photo will change. So that's a it's a really specific thing with how hashes work. And, obviously, anybody who's familiar with Bitcoin or cryptocurrencies, hashes are very hashes and cryptography in general are very central to how cryptocurrencies work, but at least they do take that hash locally.
But like you mentioned, Icloud is not end to end end encrypted. They've always had access to to Icloud photos and videos. I mean, we've had the, like, we had the big celebrity hack 4 or 5 years ago, and that was only possible because they got access to they got essentially admin access into Icloud and were able to just view people's pictures, videos because they're not encrypted. Apple has access to all of that. So they can still see the videos. They can still compare the hashes that they got off your device with the photos and videos that they have in Icloud. So they could still easily pull up the photo that actually attaches to that hash. It would be very straightforward to do that. And the other key thing here is it it's really important when you see people making steps towards, steps that seem focused on helping with security or helping with criminality or to help to kinda bring supposed good, try to think about how can this be misused in the future. And that shouldn't necessarily mean they'd never do anything for good now, obviously. If there's something that it's just a net positive to knock it out and we'll figure out how to work around it, great. But, like, here specifically, if this is just used to shut down child pornography and never anything else in the future, I think, generally, that's probably a good thing. That's not necessarily a huge loss, but the the issue here is you are putting 100% of your trust in Apple, in the people who work at Apple, and in Apple, the company, as never being pressured by someone else, like a government, to use that data against you or against a a minority or really anything, and you're trusting that the the data that they collect through these hashes and the the things that they can do with the videos and pictures that they have in Icloud, that they'll never start to target something other than child pornography. And that, I think, is one of the kickers that people have have been talking about, thankfully, on Twitter and other places, that this technology could very easily be used to try to target people of different ethnicities, people in different religious minorities, people, in specific countries, or people who are taking pictures of specific things. I mean, I'll take a very a very harmless example, but, say, you're a gun owner in the US. Right now, guns are legal. You can get them there's obviously restrictions around how and where and all that stuff, and we'll get into that. But you can buy a gun right now. You can buy ammo. You can you can shoot a gun. There's there's nothing illegal or harmful in that.
But let's say in 5 years that the government decides that guns are illegal, we changed gun laws, now you have to either hand in all of your guns to the government. Maybe we'll give you, like, a $100 a gun or something to make you feel better about yourself. But you have to give it give all your guns. We're gonna take them away. You don't need them for your safety. Just let us take care of your safety. And they do that. They collect all the guns. Obviously, people who see the need for firearms as a deterrent to the government, some of them hold on to their guns. But what happens if you take a picture of that with your iPhone? You take a picture of a gun. Maybe you go out to the range. You're shooting with friends. You take a picture of of one of those guns.
It uploads that hash. Maybe maybe even at this point, it will say that iCloud is entity encrypted, so they don't have access to the photo. But it uploads that hash, and they're able to compare with the data that they have and say, okay. This is a photo of a gun. And so they know this person said that they gave us all of their guns, but they're still taking pictures of guns. And now they go to start rounding they go to start round up people who still own guns when they supposedly give them all into the government, and that's, like, that's probably one of the most harmless potential ways that this could be used. Another more, harsh one could be something like what's happened with, multiple different religious minorities in China where they've used technology, surveillance. They've used a lot of kind of data analysis to figure out how to tell when a person is in a specific religious minority, even if they don't know it via an actual, like, specific fact. And they're able to use those different technologies that were supposedly put up for harmless reasons to track them as people, figure out who they are, and then deport them, kill them, put them in concentration camps. Like, that's obviously the the harsher end of things, but essentially what this means is Apple has access to your pictures and videos, which they always have, but now they're telling you upfront that they are performing analysis on those pictures to find specific things. And right now, you may be fine with the thing that they're finding, but down the line, what they're actually looking for could quickly change. They have no requirement to tell you that they've changed what they're targeting, and they can easily be pressured by governments, social pressure, etcetera. So I know that was a bit of
[00:29:31] Unknown:
a a bit of a monologue. No. It was a great answer.
[00:29:34] Unknown:
There's so much to talk about there.
[00:29:37] Unknown:
With with most of these things, there tends to be a ton ton of nuance. My audience always makes fun of me because I say nuance at least 5 times in every episode. You know, just to add on there, I mean, first of all, Apple on the surface, a lot of the privacy improvements they've made, seem outstanding, but it is closed source. There's no way for us to verify anything that they say they're doing, ourselves. And then on top of that, a perfect example, I think, of of what I expect this type of capability to evolve into in the near future is we've already seen Apple bend to the will of the Chinese government because it's such a valuable market to them.
The the Icloud, for instance, Apple virtue signals about not giving government access, not accepting government requests from China for Icloud access. But what they did instead was, Icloud in China is co owned by a Chinese government entity, like a a so called private company that's really controlled by the Chinese government. So they don't even have to submit requests. They just have backdoor access to Icloud in China, and I could completely see, within the next few years this exact tool being used, to filter out to see if anyone has TNM and Square photos on their on their device. Like, that would not surprise me at all one bit.
[00:31:13] Unknown:
Yeah. So it's a really good point about how that governmental pressure has already affected Apple. Like, we we have concrete ways that we've seen them cave into this. And And like you said, that's because China is such a huge market for them, and guess what else is a huge market for them? The US. Guess what other government has shown themselves capable and willing of pressuring large tech companies to do the things that they want? The US. We've seen that push with them specifically giving things giving links to posts that they don't want to see on Facebook to Facebook and saying you need to take care of this and using social pressure as a a tool to to get them to do that. So to think that they won't do something to pressure Apple into using this data against citizens in the future is very naive. And, honestly, it very well could be happening right now. And, again, there's no there's no requirement or responsibility that they have to tell you. Well, there's a responsibility, but there's no requirement that they have to tell you when and if, they've been compromised or if they're giving up that data or if they're using that data in a new way. So it's it's very important that people realize that that that can happen very, very quickly.
[00:32:17] Unknown:
And just to add on top of that, I mean, there's there's another important aspect, when we see these attacks on encryption and privacy in general is that the criminals tend to be the quickest to evolve. So, this new tactic might be effective in the beginning to get some criminals, but most of those criminals will move on to platforms that don't allow them to be spied on. And the end result is you don't actually catch many criminals from it, but instead you hurt law abiding citizens. You hurt honest people, who just want easy, accessible privacy, and instead, you take that away from them.
[00:33:00] Unknown:
Yeah. And that's something that, that's something we've seen evidence around in the US too. Specifically, we've seen that, like, for instance, this note in revelations, which I'm sure people have heard of and probably talked about before. A a big part of that and a really huge part that stuck with me and has stuck around after learning more about what he revealed was that the the data that they were collecting, the things that they were doing I mean, we saw also a similar thing in the the CIA black sites where they were torturing prisoners to try to get information. These types of techniques, they rarely, if ever, yield actual crime prevention or actual catching of criminals.
It's very rare that that happens. But once the government see that they can do this, they use something that they wanna track down or that they say they wanna track down to implement these things, and then they utilize the power that we give them because we say, like, yeah. I'm afraid of terrorists, or, yes. I wanna see child porn shut down, which, again, like, those are things, like, we all hopefully want. But when the government sees that they can use those those tools of of fear or feigned morality to to to get us to give over the power that we have over our data to them.
They then leverage that to start to, to subtly oppress us or to censor information or to shut down, political minorities, to to shut down political dissidents. They start to use these things to keep consolidating power because that's what we've seen throughout all of history is governments love to consolidate power, consolidate power, consolidate power. So often these things are really about shutting down any kind of dissidents or any kind of resistance that they may have so they can keep consolidating power and increasing the the control that they have over people.
[00:34:47] Unknown:
A 100%. So and it's extremely frustrating that they they, like, pigeonhole us into it by by using criminals as the excuse when we obviously don't want criminal behavior to be happening, and we want, you know, we we we want people that hurt children to, you know, be behind bars, if not worse, for the rest of their lives. And they, like, intentionally pigeonhole you to to basically erode the ground you stand on when you're trying to defend personal privacy and personal freedom. You made an interesting point earlier, which I tend to agree with. So for most people when they're choosing a phone, they're choosing a stock iPhone, or they're choosing a stock Android.
We spent the last 20 minutes or so talking about the concerns over iPhone. You kind of mentioned in passing, and I I tend to agree with you, that that a stock Android experience is is probably strictly worse for your privacy. Would you you would agree with that. Right?
[00:36:02] Unknown:
Yeah. Definitely. I think, like I said, I do think that a lot of what Apple does is really just privacy theater. It's it's a it's a marketing gimmick, but they have made some measurable steps that that increase the privacy of the users of iPhones. Whereas Android, I mean, as it's it's owned by Google. It's created by Google and run by them. And I think it's also important to to quickly note, Android is not necessarily just stock Android that comes on Google Pixel devices, but it's also Android that's reskinned and owned from the ground up by other companies who also have an interest in collecting data, like Samsung, like Huawei, like Xiaomi. There's lots of other vendors that sell Android phones, and each of them want a piece of the pie as far as your data is concerned as well, and each of those people have full control over the the operating systems that they build.
So Android is a little harder to talk about because there are lots of different varieties. But at the core, Android is very much, very much centered on data collection, both for good or for evil. A lot of that is what makes it so easy to use and so helpful. I mean, like, Google Maps has been a really hard thing to not use because it's just so freaking effective. It's so good at what it does. And we'll we can talk about it later, but there there are ways to use Google Maps on Calix OS or, I'm not sure on Graphene, but on Calix OS at least. You definitely can use it on Graphene, but we will go into,
[00:37:26] Unknown:
the steps you can take on Kallix. Another thing, I mean, just since you brought up Google Maps, I mean, I think, if you're someone who drives a lot, it's well worth it to pay, like, $200 for a dedicated, like, Garmin GPS that isn't connected to the Internet.
[00:37:41] Unknown:
Yeah. I thought it was surprisingly good. I haven't made the jump yet. I've been using, I've been using Magic Earth mostly. But, yeah, I'll have I'll have to look into getting a a GPS itself. I've heard someone else mention that. I think it's a really good idea.
[00:37:56] Unknown:
So yeah. So, I mean, on Android, not only do you have Google basically spying on you by design, you have whatever the other vendors are on the phone as well, presumably spying on you, to different degrees. And like you said, oftentimes, it's like a convenience thing. Oh, here's an assistant that, knows what you're thinking about or knows what your next step is and knows when your restaurant appointments are, and it's sold to you as a convenience, which it undoubtedly is, but in so much of our lives, I feel like there's a there's a clear trade off between privacy and convenience. So enter privacy focused Android Forks, the 2 big ones being Kallix OS and Graphene.
What is your I mean, one of the reasons I brought you on the show is because you had a great write up on I think the write up was between Kallix, Graphene, and Copperhead. Copperhead is basically a closed source, source viewable, but not open source, fork of Graphene and Kallix OS, and you ultimately chose Kallix OS. I've been running Kallix OS as my daily driver for, I think, 7 months now. My lady has been running it even longer. I absolutely love it. What why when you make when you when you advocate for someone to consider one of those solutions, what is your what is your framing? Why should they care?
[00:39:44] Unknown:
Yeah. Yeah. So it's it's a really good topic, and it's one that I've I've talked about a lot and, talked about with other guests and something that, thankfully, I've had good people in the Bitcoin community that kind of turned me on to the idea and and brought this up. And you you mentioned a lot of them before when you're talking about people that that we have in common for our podcast. But I think, like we were talking about, Android is very non privacy centric. It's very focused on data collection and, like you talked about, that convenience. I think what a lot of people don't realize is the convenience that they're offered by most of these applications is either at the cost of giving up your data and that's all the company wants, just collect your data and sell it, which is is certainly bad, but is oftentimes not necessarily the worst case use of data even though it is terrible.
But another use case is to take your data and use it to train, AI, to train machine learning models, to to to actually keep putting that data back into the tools to make them better, which, again, there's nothing wrong with improving a tool using data. But, oftentimes, people are not aware that this data is being collected. They're not consenting to it. It's usually very unclear or impossible to know what data is actually being collected and what's done with it. So like you mentioned, the Google Assistant, which is a it's an amazing tool. It works so well. It has improved rapidly over the years. And what people don't realize is that the way that that tool is improved is that they record everything that you're saying and everyone else with an Android phone is saying.
In theory, they only record snippets and upload them when you say the the keyword, which is usually okay, Google. And, hopefully, lots of people's phones got triggered, and they'll think about switching to switching to Kallix or Graphene today. But that that data that they're constantly collecting from you, they are using to improve the tools, which makes them more convenient, which then makes you, what, keep committing back to their services, keep giving them your data, and you fall into this loop of convenience that pulls you deeper and deeper into someone else controlling everything about your digital life. And the the good thing, though, about Android and the good thing about a lot of what Google has done is that, thankfully, they do generally follow the open source model. So a lot of the stuff that they create is open source, and Android is no exception. They created the Android project a long time ago. I think it was probably 13 years ago now. Maybe it's been even before that that they created Android, but, Android itself as an operating system is open source. The Android that you actually get on your device is generally not open source and reproducible.
Like on a Pixel device, there are lots of specific things that they build in and do not release the source for it because they want them to be unique features to Pixel devices. And then, obviously, like Samsung, Huawei, Xiaomi, all the different vendors of Android, they usually do not open source their specific twists on Android either. But the base of Android, which is specifically called the Android Open Source Project, is an open source operating system. Like Monero Lionx said in chat, Android is it's based on Linux, uses Linux kernel, uses a lot of things that are are core to Linux. And so that that open source base provides the opportunity for people to take the code and to make what they want out of it.
And one of the really great things that we can do with that is we can take the Android open source project base, AOS, and tear out all of the pieces that Google has baked in that feed them everyone's data. We can tear that out, and then we can also add in new features, new abilities, new applications that are either privacy preserving, so they're focused on, like, end to end encryption or on hiding behavior from certain apps or for VPNs, Tor, that kind of thing. Or we can add in new applications and features that are very specifically free and open source software.
And there like you mentioned, there are 3 main projects that have take taken the base that is the Android open source project. All 3 of these come from the same base, and they've built up a privacy preserving version of Android that is, focused on maintaining your privacy, giving you control over what happens. At the very start, I'll just go ahead and say Copperhead OS is probably not a good choice for anyone who's listening to this. They are enterprise focused. There's been a lot of drama around them and around their founder and how he handles things, but I I will not recommend Copperhead OS. So we'll just go and toss that one aside for now. Just know that it's essentially Graphene OS. There's not much difference there. So if I'm talking about Graphene OS and for some reason you're interested in Copperhead OS, there's there's complete similarities there in almost every way.
So the other two main containers that are left are Calix OS, which, like you mentioned, you're running. It's my favorite mobile operating system. It's what I use daily. And I think we we must have started using it right about the same time. I started in in January as well. So going on 7 months now of of Calix OS as a daily driver. And then GrapheneOS is the other main option, which kind of to I guess to sum up the differences between the 2, and like you mentioned, I have a good bit of this on my blog, But the main differences that I see between the 2 are that Calix OS, I think they've taken a very good approach, which is trying to bake in as much convenience as possible while preserving privacy.
And they're not they're not doing that at the expense of large gaping privacy holes. Like, the defaults are very solid. They put in a lot of good apps that they include by default, but they've they've realized, I think and something that more and more privacy projects need to realize. They've realized that the the way to get people into using privacy preserving tools is if they are at least as good, if not better in certain ways as far as usability goes, than non privacy observing tools. So if you make something just impossible to use but perfectly private, guess what? No one uses it, and no one's privacy has improved. I feel like PGP is, like, the perfect example.
Yeah. Yeah. It really is. It's a great tool that works well and still works well however many years later at the thing that it does, which is providing privacy, but it's god awful to use in almost every scenario. And I think there is a little bit of a shift to coming back to BGP, so there are some some good developments there that hopefully will be helpful. But, yeah, that's that's the perfect example of a tool that's existed forever that's been effective at what it says it does forever, but it's just basically impossible to use on a daily basis, or at least only for the very technically advanced and for the people who are willing to give up a lot of convenience.
[00:46:34] Unknown:
So yeah. You're I mean, I I'm aware that you used copperhead, but you never actually used Graphene. Right? No. No. I didn't. And So I I spent, like so 7 months of Calix. The 3 months before that, I tried to use Graphene as my daily driver, and I was actually I was a pro this is very common with me. I was a prolific shill of Graphene, and I I created a guide that a lot of people have used. I think there's, like, over 10,000 hits on YouTube on how to install Graphene on your pixel device, and I saw that as a way of opting out at of the surveillance Panopticon. Everything has trade offs, and with Graphene, the trade off balance was extremely severe on the privacy security side.
I could tell that a lot of effort and motivation went into hardening that OS as much as possible. But from my experience, what was happening was, and it almost happened to me, if I didn't find Kallix, is that people were switching to Graphene. They were having an absolute horrible time of it, their photos were horrible, their battery life wasn't great, the performance wasn't good, They couldn't use any apps that they any apps that they wanted to use, and then they were switching back to either stock Android or stock iPhone.
But with Kallix, while they they they make a lot of interesting like, a lot of good steps towards being more privacy focused, and strictly the the number one thing both of these OSes do is they just completely rip out Google. There's no Google in the device. Is it's an enjoyable experience. Like, I actually I feel like I have a better phone than my peers that have iPhone or have the latest Samsung. My battery life's better. The photos are great. And then I also have these additional privacy and security benefits. So it to me, when you look at the trade off balance, it's it's if if if what you care about most is privacy and security, then, yes, choose Graphene. Maybe if you're using it as, like, a dedicated Bitcoin device and you're not using it as your daily driver, choose Graphene.
The the install method for both are is relatively similar. It's actually way easier than you would expect. But when it comes down to, like, a daily driver that you want to have some convenient elements to it, you wanna have good battery life, you wanna be able to take the occasional photo and not have it just be potato quality. Kallax is just so much more accessible, so much more usable.
[00:49:27] Unknown:
Yeah. No. I definitely agree. And, I mean, that's that's why I I switched to Kallax from Copperhead, which is, like I said, was very Graphene OS like, not exactly the same, but very similar. And the the core reason why I switched was that I wanted to use the phone as my daily driver. Like, I wanted it to be everything. Everything. I didn't wanna just be using that phone when I felt like I needed privacy and then have another phone for the things that I couldn't get to work on on my main phone. I wanted to be able to really dive into this idea of of protecting my personal privacy on mobile, which a lot of people, I think, don't realize that so much of our lives now happen on our mobile devices. Most people don't really use a laptop or computer that much for browsing, for interacting with people, for chatting.
So preserving your privacy on your mobile device is, I think, often the most important step to take and the most kind of broad net that you can cast to to help to to preserve your privacy in key ways. But, yeah, like you said, CalixWorks just does a really good job of making things really usable. And I think, like, you you specifically called out that both strip out Google completely. So that is that's a lot of people, when they refer to these operating systems, they'll call them de googled Android. So for anyone who's heard that term and didn't know what that meant, that's that's kind of a blanket term for both Calix OS and Graphene OS. And I would say that they have very similar privacy guarantees between Calix and Graphene.
The main caveat is that Kallix OS has this, kind of middleman layer that you can use for utilizing apps that rely on Google Play Services, which, really briefly, Google Play Services are kind of a core feature that almost every Android app utilizes for very important things like sending notifications, like querying for information, like, getting new messages and doing background processes. Google has done a good job of pulling people into their ecosystem and then pulling them into their very specific, applications. When people are building apps for Android, often they're building them in a way that makes the the application entirely reliant on Google servers to function properly.
And so this is why you hear a lot if you hear people who have used GrapheneOS, you hear a lot that GrapheneOS, you can't run, like, any apps, that almost every app is broken or doesn't work. And the key reason behind that is not that GrapheneOS messed something up or did something wrong or something like that, but that most apps are designed to be used on a device that has Google Play services. And so a lot of those core features of every application are reliant on those those Google Play services. With GrapheneOS, there is no way to use Google Play services in in any fashion. So if the app relies on Google Play services, you're just you're stuck. There's nothing you can do. If you're on Kallax OS, however, you can use something called Micro g, which is a it's a privacy preserving anonymous wrapper for Google Play Services. It essentially integrates a lot of the a lot of the most important features that are part of the Google Play Services package into a free and open source middleman layer that you can use without having a Google account. So a Google account is not tied back to Google Play Services.
Someone in the chat did say, and I saw someone mention it today, but I hadn't had time to do research, that Graphene launched something called Sandbox Google Play Services. I have not seen that, and I haven't dug into that. So, unfortunately, I can't speak to that today. If you can, Matt, feel free to to share about that. I I hadn't heard anything about that until literally right before going live. But those those micro g the micro g functionality in Calix OS is when it enables you to use almost every Android app without issues and still without having Google Telemetry, without having Google Tracking, without having a Google account tied to all of the data that's going through that.
And it's very it's a it's a privacy preserving way to use Google Play Services. I still think if you're if you're very privacy conscious and you're willing to go through the hassle, installing without Micro g is is the ideal way for privacy, but it's not necessary for most people. A lot of people will benefit from just using Calix OS with micro g to make the transition a lot more smooth.
[00:53:43] Unknown:
Are you running without Micro g?
[00:53:45] Unknown:
Yeah. Yeah. I I I dove in all the way and did without Micro g. And there have definitely been some caveats, but it hasn't been as bad as I expected.
[00:53:52] Unknown:
I I I run it with Micro g.
[00:53:55] Unknown:
And most people I know do. It's extremely useful.
[00:54:01] Unknown:
I mean, it's it's not just, you know, people when you hear Google Play Services, you think it's, like, Google services, like, only Google Apps. But, like, a perfect example in the Bitcoin world is a wallet that I talk about a lot, Moon Wallet, m u u n, and they have Google Play Services requirements on that app. So you can't use it, unless you have micro g enabled. But if you have micro g enabled, it works relatively seamlessly, And there's other examples of that. I mean, I guess we could dive in a little bit deeper. I mean, in general, I think people should reduce the amount of apps they have on their device as just a simple rule of thumb. As for the sandboxed, Google Play services that Graphene added, I actually became, like, pretty close friends with with Daniel McKay of Graphene, He's very excited about this new feature. I have not tested it out myself.
My understanding is it's less performant and is on, like, an app by app basis, than Kallix. But what's cool here is is competition is helping the customer. Right? And I I think a lot of it is the reason we see that feature getting added to Graphene, is because Kallix has Micro g support, and they see that a lot of users want to at least have some kind of limited Google Play services support, which is, just good to see in general, than just having a single project working on privacy stuff. Before we dive in deeper, I mean, I think one of the really cool parts of Kallix to me is that Kallix is actually maintained by a foundation called the Kallix Foundation that is just generally focused on privacy and freedom.
To me, that's a very interesting model for funding development costs of a open source project. I'm a proud supporter of Kallix. I have been for a while even before I started running it. I just think that's a really, really cool concept, and anyone who does end up switching to Kallix and enjoys it, should consider, you know, supporting them as a member.
[00:56:19] Unknown:
Yeah. It's a it's a really unique part of it, and I would definitely recommend anyone who who is curious to go I think their website is I don't know if it's calyx.org or calyxinstitute. I'll have to look it up. But just dig into a little bit about Nick Merrill, the founder of the Kellogg's Institute and just the the things that he's done. He's gone through attempts to be silenced by the government and to to be forced to give up data, and so there's some there's some really interesting interviews out there with him and kind of why he became interested in it. But, yeah, they've got a very unique model of funding Calix OS development and the other services they provide, which they do not only do Calix OS. They have other things like a a free community VPN. But, yeah, they fund those things through the Kellogg's Institute. And, like Carrington 1859 mentioned in chat, if you are in the US, you get some specific benefits if you're a member.
In the past, they've done and I think they're still doing hot spots that you can use, for free for for for free once you get them. No monthly fee, and, you get unlimited data on these hotspots. And they actually work pretty well. I have one. Nice. Yeah. I've I've been waiting to be able to to fund them with Monero, to go ahead and dive in there, but I've been wanting to been wanting to support them for a while, and and I have have money ready. I've been trying to help them with that integration, but, they also recently started doing Pixel devices with Kallix OS as part of their membership benefits.
So that's another way that people could get a Pixel device with Kallix OS for donating to the the foundation that's actually building Kallix OS, which I think is a it's a really unique model, and they've done really well funding themselves using these these different kind of benefits that they offer. And funding is a huge issue throughout the FOSS ecosystem. It's almost always a problem. So when you have someone who can who can really build a good model around funding the operating system development, I think that's a really important thing for people to consider.
[00:58:17] Unknown:
So we kinda jumped ahead. I mean, first of all, for both of these OSes, you primarily you need a you need a Pixel phone. You need a Google Pixel phone. And part of that reason is because they have this this basically a known platform that they're developing for, but also it's because you're able to relock the bootloader afterwards. I saw, I think, Monero Lion mentioned Lineage OS, which is, basically the successor to Synergen mod, if if some of the freaks remember that, Android 4th. Yeah. The good old days. And Lineage is cool because you can run it on a lot of different devices.
Unfortunately, you can't relock the bootloader. And what that means is, and you'd see this when you install on a Pixel, when it comes time to flash a new OS, basically, the device has a fail safe, and that fail safe is when you unlock the bootloader, it wipes the whole device. If you don't have your bootloader locked and someone gets physical access to your device, they can road run code on your device, without that fail safe activating and wiping. Before you even enter an encryption password or anything like that, they can run whatever code they want to run on the device, potentially compromising what you have on the phone.
So that is the main concern in terms of using something like Lineage and one of the reasons why I like this combination of Pixel versus, you know, using a Pixel with with with Graphene or Calix. Now when we're talking about the pixels, you have basically the the big model for a while that people were talking about was 3 a. To me, I think that's, like, kind of obsolete hardware now. It will it's nearing end of life. I really like the 4 a. It's very cheap. I currently am running a Pixel 5, just because I wanted to ball out, and the experience is fantastic. So, basically, when it comes down to it, I say, you know, use a 4 a or a 5 depending on what your price range is. You can get the 4 a's for pretty cheap. I expect both of them to have discounts very soon because they just announced the Pixel 6. We have Crypto Grampy mentioning do not buy a Verizon one because the Verizon ones, can you can't unlock the bootloader. But if you just get an unlocked Pixel, ideally buying it with cash, that's one of the cool aspects of using general purpose hardware, because then you can just go into a store, a local store.
Right now, you know, you can take advantage of wearing a mask while you do it, buy a pixel with with cash, and then you can, unlock the bootloader, install Kallix very straightforward. I believe Techlore has a guide up. I imagine he does. He could do it to a machine. But but I found it very easy to install. My lady installed it without, you know, having an issue whatsoever. So it's very accessible for people to install. Now, Seth, a common thing I hear, and I'm already seeing it in the comments, is how do we feel about the fact that we're using a Google device and trying to remove Google from the device? Should we be concerned about hardware backdoors or, know, lingering things that Google has running there?
[01:01:47] Unknown:
Yeah. It's definitely this is a a common one that comes up a lot. I think confuses a lot of people when they hear that dGoogle to Android only runs on Google devices. It's definitely it's an odd concept to get your head around, but you you already did a really good job explaining the one of the core reasons why Pixel devices make such a good platform for this, and that that's kind of twofold that it's a platform that Google themselves develop against. So you know that you're going to have the longest term possible hardware support, which is especially in Android, some of the some of the drivers for the actual hardware of the phone are not open source. Actually, most of the drivers are not open source.
So once Google or whoever makes the phone stops developing updates for it, you can't update the hardware drivers, which oftentimes restricts what versions of Android you can use in the future. So when you use a Pixel, you know that you're gonna have the the longest lifetime of the hardware support out of any Android phone, at least as far as far as I know. And you know that Google's putting the the development of Android against those Pixel devices first, so you're you're gonna get a better support experience because, again, this is these these operating systems, both Kallax and Graphene, are both pulling from the Android open source project, which is where Google is putting all of the changes and updates and improvements that they to Android, and they're making those improvements for the Pixel devices. So it's it's the the quickest way to have releases after Google puts out releases because they're able to pull for devices that are specifically built by Google, that there are factory images for from Google.
It really simplifies that process and makes supporting devices long term much easier, which can be a a big problem for an operating system like Lineage, or in the past, Cyanogenmod because they rely on individual people just deciding to support devices long term. And, like I said, when the hardware drivers get too out of date, you can't install more recent versions of Android. So, like, I have an old, Nexus 5 x that I spun up, and and I installed Lineage on that because I just wanted something that I would run at home without Google Play services or anything like that as a a little easily mobile server. But the the most recent version of Android you can run on that device because of the hardware drivers is Android 8.1.
So it's massively out of date as far as the the operating system itself. Thankfully, it still gets security patches, but I still I wouldn't wanna run that as my daily driver or sign into any accounts or using my SIM card, nothing like that. And the other piece, like you mentioned, is that that security that you get from that ability to relock the bootloader and other security benefits that you get within the Pixel devices is because of a specific chip that Google designed for, secure compute. Sometimes these can be called secure enclaves or hardware security modules. But, essentially, it's it's something called a Titan M chip. And supposedly, they're releasing a new version of that chip on the Pixel 6, which will be interesting to see what that actually means for calyx and graphene or tools like that. But what that means is, like you mentioned, you can lock the bootloader again, which is what really transforms Kallax and Graphene from just kind of ROMs you can flash on your phone. We have to do with a lot of headache. You have to open yourself to a lot of, security risks. Like you mentioned, you can open yourself to attacks where you can get the maybe an an OTA update man in the middle. It gets installed.
Then you don't have that fail safe that can double check the the signing keys and make sure the thing's legitimate. And you also open yourself to a lot of other hands on attacks that can't be done when the Titan M chip is involved because the the Titan M chip essentially protects a lot of essential data like, fingerprints and and other biometric data and things you do on your on your device. So there's some really key benefits there. And that that combination of not only de googling the operating system, but also still maintaining the, now, I would say, strong security guarantees of Android, without you're not having to compromise on that to get privacy, which is it's a really important combination.
[01:05:45] Unknown:
And, I mean, that I don't believe the Titan M Chip is completely open, but Google makes a strong attempt to open up the parts that are needed to interact with it so they can use it. I mean, I know, Samsung, for instance, has basically their own version of a secure chip, that these forks can't use, they can't interact with. So the fact that you have this chip there that these forks can use and can interact with in a relatively open manner is a massive boon, for us. I do worry, you kinda insinuated. I do worry. I I think the Pixel 6, they're going farther than that. I mean, previously, they've used qual Qualcomm hardware, for their devices. I think they're doing all the chips in house now, so I wonder if they do close it up.
That is, like, an existential risk. What do you to to specifically, the question about, like, hardware backdoors, are you worried about Google having something running on their chips that we're not aware of?
[01:06:53] Unknown:
Yeah. Thanks for bringing me back to that. I mean, this is one of those situations where a lot of times people let a potential risk get in the way of measurable steps towards privacy. And the risk of a hardware back is always present. That's present in essentially every piece of hardware you can purchase because open source hardware has not really taken off. It's not really a thing for most types of devices, and it is absolutely not a thing for mobile phones in any usable sense. I know there are some open source hardware phones that have been in the works for a long time now, but, they just haven't developed into something that I would ever recommend to someone.
But because the hardware is closed source and because the hardware is proprietary, yes, there is not a way that you can easily verify that there's not some sort of hardware backdoor. And then, yeah, I I don't love that. But that that would be true of any device that you flash a privacy preserving version of Android on. If you took a random Samsung phone and did that, you would have the same problem. Samsung could have put in hardware backdoors. Samsung actually manufactures a lot of the the hardware that goes into Google phones. I mean, they they manufacture a lot of NAND chips that are used for storage. They manufacture a lot of screens. There are lots of places where they could have done something with the backdoor. And it's just it's one of those attack vectors that is it's there and it exists and it could always happen, but it is very rare.
And you have to think about the effect they would have if something about a hardware backdoor came out that a company had done that. I mean, this is something that has happened in the past with, like, the NSA has been caught catching devices in transit, imp implementing hardware backdoors, and then passing them along. And later, we found out that some companies were complicit in this and okay with it, and that has a devastating effect effect on public opinion about that company. So there is a a social incentive that helps to keep companies honest. I also think there are so many other ways to collect data that Google knows that 99.9999% of the users of Google Pixel devices are just gonna be using their OS. So if they really wanted to do something malicious, it would be infinitely easier to just put something malicious in the code that they ship and not have to worry about putting in a hardware backdoor, and they could still do a lot of the same things.
So I think, yes, it's an attack vector. It's something that's true of every piece of hardware that is proprietary, which is practically every piece of hardware, but it's something that it's it's very costly for a company to do. And if it is done, as far as I know, every instance of it being done is in an extremely targeted way. So it's to target very specific people or very specific organizations that are worth the risk of it being discovered that you put in a hardware backdoor. So, like, you as the random person listening to this, your threat model likely does not include Google targeting you and specifically finding a way to get a pixel in your hands that is hardware backdoored. And from everything we know about pixels, they are not hardware backdoored today. So it would have to be a a unique pixel device that's backdoored and sent to you. So I think the the actual real life risk is extremely minimal to non existent. If you do have a very advanced threat model where you're worried about a hardware backdoor targeting you, that's a different conversation. You probably need to find a way to use open source hardware, or make sure that you're getting a device that is known to be not backdoored or learning hardware engineering and, just kind of digging through the device and making sure that nothing's been changed. But, it's it's one of those things that I understand the hesitancy, but I think it's I think it's unnecessary. It shouldn't get in the way of you making practical steps towards mobile privacy.
[01:10:33] Unknown:
And it's it's just not something that most people really need to worry about. Yeah. I mean, it comes down to trade offs, offs, once again as everything in life does. And you can't let the perfect be the enemy of the good, or good enough. I, obviously, I think open hardware is the ideal, that we should strive for. Unfortunately, it's not really there yet. There are some projects working on open phones, more open privacy focused phones, including Purism and Fairphone and Pine Phone. Some of them have hardware switches on them so you can turn off Wi Fi, stuff like that. Unfortunately, they're just not really there yet. Some of them haven't shipped.
They come very outdated to begin with, hardware wise. They're not very usable a lot of the time. Hopefully, that's just growing pains, and we see more open hardware in the future. I think in general, people should operate even if you're using a Kallax or a Graphene phone, or like on on desktop or laptop, you're using a Linux device. You should operate that all your all your electronics are compromised to begin with if it's a sophisticated hacker, a sophisticated attacker, to speak more clearly. And so you operate under that assumption. But in general, all things equal, you take a off the shelf Google Pixel device and you flash one of these, more privacy focused, open source forks, you you have better privacy, for mass collection from the low hanging fruit, than you would have otherwise.
[01:12:16] Unknown:
Yeah. Absolutely. And I wanna circle back to a couple of things earlier. Let's do it. One is that a few people have mentioned in the chat that they're a little confused what Pixel phones are unlockable. And to my understanding, every Pixel device is unlockable except those that have been sold through Verizon. For some reason, Verizon has chosen to not allow their bootloaders to be unlocked. And really quick note, there's 2 types of unlocking devices. One that a lot of people think of is carrier unlocked, which just means that you can go take your phone from, like, Verizon to AT and T and use it there. And, thankfully, most phones nowadays can be carrier unlocked either right away or after, like, a 2 year contract ends or something like that.
But the the key thing that matters for flashing, Kallax, or Graphene is that the bootloader is unlockable. And Google is good about that, but Verizon specifically, as a partner with Google, have chosen to not allow the bootloader to be unlocked. So if you get a Pixel device, make sure in every way possible that it is not a Verizon Pixel because you will not be able to bootloader unlock that. But every other carrier, AT and T, everyone else you can get it through. I mean, you you can get them straight from Google as well. There's not Google stores, so that's probably not the best privacy preserving way to do it, but it's it's doable. But, just make sure when you're using, like I I would definitely recommend buying these secondhand as well when you can, and using services, at least in the US. I don't know how worldwide this is, but swappa.comswappa.com are a really good secondhand phone market, and they constantly have pixels on there that are for sale. And they're very specific in you have to list the carrier properly. They check the IMEI when it's turned into the site to make sure that it's for the right carrier carrier and unlocked and everything like that. So you can make sure that you don't get a Verizon Pixel on there or if using Craigslist.
I'm sure there are ways to inspect it to make sure that it's not a Verizon. I don't know them offhand, but I'm sure you could look that up to do that.
[01:14:13] Unknown:
Why do you recommend secondhand purely from cost perspective?
[01:14:17] Unknown:
Cost and privacy. I think I mean, cost specifically. If phones are just ridiculously overpriced these days, there's not a need for them to be as expensive as they are. And especially since, normally, when you're buying a device for calyx or graphene, you're buying a generation behind or the the lower end phone because you don't need all of the power because Kallax OS is so lightweight. It works incredibly well. Battery life is much better than normal Android, that kind of thing. But also just privacy. It's it's great to be able to especially if you can use something like Craigslist. You can meet someone. They don't know your name. Like you said, in this environment, you can wear a mask, sunglasses, and a hat.
You can hand them cash. They hand you a phone. You make sure that's legitimate, and you walk away. And there's there's no record other than maybe an email, and hopefully you're using some other email or an email alias or something to do that. There's no record that you're the one that purchased that phone or that that IMEI is yours specifically. And if you take it home and you immediately flash Kallax or Graphene before doing anything else, there's no record that you were you used an account on there that's Google specific or anything like that. So, I think it's it's nice for both price. You're just saving money on a phone that's gonna work well even if it's a little bit older and privacy.
[01:15:30] Unknown:
That's interesting. I I mean, I came at it from a different perspective. I tend to think it's worth it for the premium to just buy it new and not have a potential malicious individual in between you and the device.
[01:15:45] Unknown:
I think I mean, I would normally be concerned with that, except that, again, like I talked about earlier, that would be a very targeted risk. Right. There's not really like, the chances of you, the person you find on Craigslist or whatever, being a government agent that's selling you a back to a pixel, like, it I mean, again, yeah, like I mentioned, it's possible unless you have a very specific threat model that fits that or you're a very high profile individual, that probably won't happen. And the other thing, you don't need to be worried about the malicious operating system because you're just gonna be flashing it with a a known, hopefully, verified version of Calix OS or Graphene. Right. Most malicious individuals would probably
[01:16:26] Unknown:
if they were gonna compromise the device somehow, they'd probably do it on the software side. Yeah. For sure. For the low hanging fruit. I mean, we even see that with, like, hardware wallets. They, you know, they tend to, like, just ship it with a predetermined seed already. So even if you just created a new seed, you'd be fine. But, in general, to me, one of the biggest advantages of something like Kallax over something like Purism I'm pretty sure Purism isn't shipping still, but over something like Purism is with Purism, you basically have to buy it online, and it's a direct privacy focused device. I love what Purism does on their laptops, but the same thing goes with the laptops. You know? You're buying a you're buying a device that is focused for privacy people.
You're buying it online, so you have all these other threat models that you have to deal with, other all these gotchas that could happen because you're online. It's it's really fantastic with the Kallik setup that you can just go buy off the shelf hardware that is very common hardware with cash, and have a relatively private acquisition experience just from that. So, I mean, before we continue, I think we should dive into actually everyday usage of Kallix. I put your link in the video feed earlier, but to the people on audio, your blog is seth for privacy.com. You also have your podcast opt out, which is opt outpod.com.
And on both, you have links to, like, different tools or, you know, resources to tools you like using on Calix. You wanna go into that a little bit?
[01:18:16] Unknown:
Yeah. For sure. Yeah. When I made the switch to Kallax OS, I wanted to be very specific about recording the things that I that I learned, recording the the app stores that I used, recording the apps that I found that that replaced some non open source or centralized alternatives as I kinda made the switch so that, honestly, just so that I would have a good resource that I could share with people. Because a lot of what I found is when I'm interacting with people regularly on Twitter, it can get really tiring to have to kinda dig up lists and find things and be like, oh, wait. What what app was I using? That kind of thing. So, oftentimes, it's just helpful for me to have these lists of things so I can easily share them and and share them as resources, But also just to help people who are trying to figure out, like, can I switch to Calix OS? Are there apps that'll meet the needs that I have that that don't rely on Google or don't rely on Google Play Services or maybe that are just not as as much of a kind of a data collection tool as some of the the kind of default services that people use.
And so I I wrote out this blog post. Kinda it talks through my reasons for going with Kallix OS specifically, which we've talked a lot about today. It very briefly goes through how to install Calix itself, but like you mentioned, it's actually a lot easier than people realize. There's a really simple CLI flashing tool that does the vast majority of the work for you. It walks you through when to unlock the bootloader, when to lock it, what it's doing with each step. It it works really well. I am more tech savvy. I'm very familiar with CLI, but it took me, I think, like, 8 minutes from deciding to flash Kallix to flashing Kallix and to being up and running. Like, it it was it was incredibly quick, and it was not a complex process. And, like, I I would have been more familiar with the complex process and fine with it, but it was simpler than I expected for sure. And then Bitcoin q and a also has a really good installation guide for Kallax that's way more detailed than mine on how you actually do the process. So if you're if you're more worried about the installation, his guide is also linked for mine, and I'm sure you can throw it in the notes or something, Matt, as well. But, that's a good guide to just actually getting it installed.
But one of the biggest things that people have to do continue really quickly,
[01:20:27] Unknown:
he's really good with his naming scheme. So I'm 99% sure it's bitcoiner.guide/kallixos. Okay. Continue.
[01:20:36] Unknown:
Just off the top of your head. I like it. So the the biggest thing people have to wrap their heads around with switching to Kallax or Graphene is that you don't have the Google Play Store anymore. And that may seem like a small thing, but that means that all of the apps that you want to install on your phone, you have to find some other way, and that is a 100% a good thing. I know it is, again, giving up convenience for for privacy and security, but, it is worth it. So you won't have the Google Play Store. So the way that you can install apps is there's essentially 2 different ways. 1 is using a different app store, the the main one of which is something called F droid, which is a repository of only free and open source apps that F droid themselves build from source and verify.
So it's an app store that is really, really good for that because everything you're gonna find in there is false, which is it's great. That's what I use for, like, 99.9% of the apps that I use. There's also a open source Google Play Store alternative that is able to pull in apps that are on the Google Play Store and help you to install them locally. And that works really well. I definitely advise, if at all possible, using F droid, just because it's good to switch to those FOSS apps anyways and support them, but also just that there's better security guarantees with using F droid than there are with Aurora store.
You can also the second main way to install apps is to install the actual APKs is the the term, but the actual, application files for the application manually. But there's a lot of risk in doing that. Most people are not going to verify signatures or anything like that. It's very easy to get a malicious version of an app. So if you are going to install directly via the APK, make, like, a a 1000000 percent sure that you're going to the official website, that everything is legitimate. If there's a way to verify signatures, verify signatures because you're taking on a lot of risk manually side loading apps. Yeah. Learn how to verify signatures.
[01:22:39] Unknown:
Oh, man. Yeah. BGP signatures. The freaks are very aware of that. I I try and phone that one home, as much as possible on dispatch. You know, when I first started using Kallax, they actually didn't even offer signatures of the Kallax image files, but then they started doing it after I asked them to. So that's fantastic. And the easiest way I have a lot of people ask me, how do I do that on my mobile phone? How do I do that on my Kallax device? What I like to do is I I actually will just verify it on my computer, and then I will side load it over to the device.
I just find it more convenient. There are ways to verify, the signatures directly on the device. Bitcoin, Bitcoin q and a also has a bitcoiner.guide has a as a resource for verifying PGP signatures. Dude is just a absolute machine. I have had him on the show previously, and he will be on dispatch again in the future. The other thing you can do, which I think is extremely underrated, is you can run the web app version, which is, like, most popular apps tend to have a relatively responsive, browser version. Twitter, for instance, is that's how I use Twitter. I only use the web app. So you you just you open, whether you're using Chromium or a Brave Browser.
I think Kallax defaults to Brave Browser now. You can just go to twitter.com, and you can sign in, and you have pretty much 99% of the features that you would have on the Twitter app without having a dedicated app.
[01:24:25] Unknown:
Yeah. That is a that is I mean, it's a it's a different topic a little bit because it's not installing an application, but it is a 100% the best way to go in, like, almost every scenario. If you can use a web app, there are so many advantages. And like you mentioned, browsers on mobile make it really easy for you to kind of turn a web app into an application. It'll put an icon on your screen. It'll be treated kind of like an app and how it's handled in the recents bar. There's a lot of advantages to doing that. And the I mean, the biggest one is you're not giving that website or that tool any access into your system past what the the browser allows, which is generally next to nothing. You're essentially running a sandbox version, not technically. So if you're technical out there, I know. But you're essentially running a sandbox version of the application that doesn't have control over the system data, over storage, doesn't have access to webcam or microphone unless you explicitly allow it. So it provides a lot better, potential privacy and security, guarantees than you would have if you're running the app itself, but it's kind of this it's a it's a greater topic of digital minimalism, which has a lot of crossover with privacy, but is a really important one. And just the idea that you really you really can cut down on the the the services that you use, the tools that you use, the applications you use. And as you actually do that and you kind of move more towards digital minimalism, less apps, less, accounts that you have, all of that, you actually gain better privacy just by being off of those things. So like you, I I only use Twitter through the the browser on my phone. I save it as an application on the home screen, so I can still just click straight into Twitter. And, yeah, it's not quite as nice as using the app. It's a little bit more annoying. Sometimes there's some issues and nuance, but most of the time, it works pretty darn well, and I don't ever have to worry about all of the telemetry and data collection that Twitter's trying to do through their app. But I can just use it straight through the browser.
[01:26:19] Unknown:
Yeah. I mean, in general, you should probably just reduce the amount of apps you use, use reduce the amount of services you use. Obviously, social media in general tends to be surveillance focused, reduce your social media usage. Twitter is my weak spot, but I I don't use any other social media besides Twitter. What else do I have on the list? So Calix oh, so the the big the the the big gaping hole that most users will see when they switch to something like Kallix is going to be the banking apps, whether that's directly for your bank or if it is a one of these, like, new age banking apps, like a Cash App or a Venmo or something like that.
You tend to they first of all, they none of them provide APKs, so you can't get the direct download. They're not free open source software, so you're not gonna get it on F droid. An Aurora store tends to not have them. So that will be, I think, for most people, will be the the biggest loss in terms of what they're used to. Obviously, whether you're in Bitcoin or Monero, that that is that is something that we're trying to obsolete anyway. So, hopefully, it's just a short term pain. You can still, you know, maybe if you really need to have that type of mobile banking experience, you know, you have a a a separate, basically, like, KYC phone, that you use for those types of things, that is separate from your daily driver, and then it becomes a little bit less of a sacrifice.
Another big one is if you're not running Micro g, you lose access to, like, the Ubers and the Lyfts of the world, which is a a very big one that I've heard from people. And this is where some of the nuance comes in about why I do like Micro g is because when I am in a when I'm traveling and I'm in a town, like, when I was in Miami recently, Uber is an extremely useful tool to have, because I don't have a car and drunk driving is bad anyway, And I do have a little bit of an alcohol consumption
[01:28:52] Unknown:
issue. Me whiskey bottle, pork pops this episode. So
[01:28:58] Unknown:
yes. I I I try not to do it on episodes anymore because it turns into a a a much better conversation if I consume beer instead. The the nice thing is you can use Uber with Micro g, and and best practice is probably to uninstall it when you're not using it. But what's really cool about Kallax is it has this built in firewall that comes with the phone, And Graphene does not have this, and it's it is extremely useful for these types of quasi surveillance apps. As far as I'm concerned, Uber is a surveillance app. They're harvesting as much information from you as possible. With Kallix, you can set in this firewall. You can you can literally choose, which apps have background data access, which apps have Internet access, period.
And you can force an app to only connect if you have a VPN. So you can install you you can run a VPN on your phone, and you can set it so Uber can never access the Internet unless the VPN is running. So it's got a, like, a, basically, a foot gun protection because a lot of people, what they'll do if they don't have that firewall feature is they'll intentionally make sure they're running a VPN whenever they do it. But, undoubtedly, you're gonna make a mistake and you're gonna, open the app without a VPN. So I think that firewall that they have built in is absolutely fantastic. It's the coolest
[01:30:27] Unknown:
thing. Yeah. So it's, like, it's such a simple feature, but it is so helpful to be able to control that. And, like, something I I would do if I was running an app like that is when I know I'm not using the app, like, at all, like, when I'm not traveling, especially apps like Uber, like Lyft, like, maybe if you fly a lot, maybe you have, like, the airplane or the airline specific app. When you you know you're not gonna need it until you travel next time, just go into the firewall, switch off network access, and that app has no ability to transmit anything. So even if you open it in between on accident or if you don't open it and it has some background process that normally tries to collect data and send it off, it has no access at all until the next time you need it. Like, you're in the in the airport, you're ready to go ahead and get on, go ahead and give it Internet access, grab the boarding pass, you're done.
So that's I think that's a really important feature as well. And I actually never connected the dots that you could use that to make the app only available to connect to the VPN. I actually had thought about the the opposite way, so that was a really good point that you brought up. I hadn't hadn't thought about making that change. And I would also mention with VPNs, generally, Android in general is good about this. Kallax OS is no different, but, Android has a really good feature. When you use a VPN and and you set it up, go into the VPN settings under, I think it's Network and Internet, in your general settings, and you can check Always on VPN, which will mean that the moment you have a network connection, your phone will try to connect to VPN immediately without even do anything extra. And then, also, you can check block all connections without VPN so that if for some reason your VPN's disconnected, your account dies, or, there's some issue connecting to the VPN, your phone won't have network access until you reconnect to the VPN.
And that, especially, I found that can be really powerful when you're traveling and hopping on to different public Wi Fi because sometimes public Wi Fi providers will block known VPN providers or normal VPN ports, and so your VPN can't connect. And if you don't have that that, toggle switched, your phone will just connect without the VPN, and then you could be leaking a lot of stuff that you don't want to. So those are some really important VPN controls. They're not specific to Kallix or Graphene, but I just think those are important pieces that some people don't see.
[01:32:32] Unknown:
Yeah. Very good point. In general, Android handles VPNs way better than iPhone does. I I think iPhones come a long way recently, but still, it's definitely lacking. At least I've noticed that when I've tried to help friends install VPNs on their iPhones. To go back to this firewall, so what's really cool so I think so I've never used Kallix without Micro g, But a cool aspect of Micro g is that I can I side loaded the the the native Pixel camera app? And because because both for my Fiat job and just for life in general, I I tend I've I've tend to really appreciate the convenience of having a high quality camera in my pocket.
And Google is known to basically, what they do is they take off the shelf hardware for their cameras, the actual sensors, but they do a lot of software magic to try and make the photos as good as possible, and that's only in the the Pixel camera app. So I side load the Pixel camera app, and the camera app checks if there's Google Play services. So it won't run without Google Play services, but the micro g checks that box. And because of the firewall, I can set it so the app never has any kind of network access even if the VPN is running. There's no network access at all if the software firewall is working as designed. So it's a nice little trade off balance there where I get better photos, without necessarily trusting that there's not, like, some, you know, Google server back end that's getting hit by it.
And then the other big one that you hear a lot of Kallax proponents talk about is, you know, the open source keyboards tend to be a lot worse than Google's keyboard. I assume what do you use? Like, AnySoft?
[01:34:41] Unknown:
I use let me just double check the name. I haven't looked at it in a while. I use OpenBoard. It's the one that I use. It's available on F droid. I've tried most of the ones that people recommend, and they all have issues that make them kind of unusable for me. OpenBoard has been the best. I'm assuming what you'll probably get to is that you can use other keyboards that would be collecting data and kill the data access. But You can literally use Google's keyboard. You can use Gboard,
[01:35:07] Unknown:
and you kill data access. I mean, obviously, you're putting a lot of trust in that software firewall, but it is a nice trade off balance because you get the full, basically, Google keyboard experience where they've worked really hard on on making that a really fantastic keyboard, without that information theoretically getting hitting their servers.
[01:35:33] Unknown:
Yeah. It's a really powerful feature, and that's I'm willing to use some apps that I wouldn't be willing to use otherwise because of that firewall. And I I have been able to find all of the banking apps that I have used in the past on Aurora. I've uninstalled them all now because I realized I don't actually need any of them installed on my phone. But, like, all of mine specifically were available at Aurora. I think someone mentioned in the chat that there was a way to kind of change how Google sees your Aurora store instance to make it think that you're in a different location, which will, give you access to the apps that you should have access to. I I haven't tried that, but there may be something there about, playing around with Aurora store a bit. But for me in Aurora store, all the banking apps I've needed have been available and installed just fine. Oh, that's interesting.
[01:36:21] Unknown:
Yeah. I mean, in general yeah. I a lot of the banking apps also block VPNs or they don't they, like I don't know. They have issues with VPNs. In in general, the those are obviously going to be anti anti privacy apps.
[01:36:42] Unknown:
Usually, just not necessary, honestly. I think people really wrestle with the idea of, like, do I need this thing within one click? The answer to a lot of that is just no. Like, a lot of the stuff you you get used to using, but there's just not really a reason to have it installed most of the time. And like you mentioned with websites, most of these services have mobile websites that work pretty darn well. And if you do need to install the app, maybe you can just do it for a short time if there's a specific thing you need to do, like upload a check or something. But a lot of the time, you really just can kind of decide, I don't actually need this app, and get away with just the mobile website or just doing it on your computer when you're at your computer next.
[01:37:19] Unknown:
100%. We have a none your business in the chat asking what the name of the Kallix firewall app is. It's literally preinstalled and just called firewall. So when you install Kallix, you will have that firewall, there. It is not enabled. You have to go in, and you can enable it on a per app basis, whether you want to limit background access, limit all Internet connectivity, or force it to only use a VPN, to access.
[01:37:50] Unknown:
There were a couple other questions that think I've rolled past, but that I grabbed to to maybe cover if you wanna Let's answer them. Boom. And and, Freaks, just a reminder,
[01:37:59] Unknown:
you know, the live chat is my favorite part of dispatch, so feel free to just keep putting questions in there. Okay. Continue, Seth.
[01:38:07] Unknown:
Yeah. This is really nice. I'm tempted to do something similar for for op.pod at some point. I like the live interaction. I don't think I will have quite as many people jumping in, but we'll see. So we'll we'll go and jump back. Manera Lion asked, what is the biggest downside of having Micro g on Calix? I think this is a a good one to cover. I think I briefly mentioned a little bit about it before. I'm not sure your thoughts around it, Matt. From my understanding, it doesn't give Google a direct link between your phone and you.
It doesn't tie a device ID or a Google account to the things that you're running through Google Play Services. So it's definitely better than just having regular Android and having Google Play Services. In my mind, the the downsides are kind of twofold. One of them is that it enables you to keep using the services that have chosen to be reliant on Google Play services, which personally, I like to I it it takes extra effort. It takes extra time. It takes getting used to, but I like to use and support apps that have taken the the step to not be relying on the Google Play Store or sorry. Google Play Services, and there are a lot of apps that have baked in other ways to handle those things without Google Play Services, like, for instance, 3 months. I started using 3 months recently for messaging. If you have Google Play Services, notifications come in real time because, again, Google Play Services, one of the key things is that they handle push notifications and they simplify it for app developers.
But Threema have put in the effort to build in a background service that if you don't have Google Play services, it will regularly pull for messages, I think, anywhere between every 5 30 minutes, which isn't quite as seamless as having instant push notifications. The moment someone sends a message, missing a message for a max of 5 minutes. To me, it doesn't really matter. And if you have the app open, you're you get notifications instantly. But that's an example of a good app that you could rely on Google Play services for, but you don't have to. And so, really, one of the reasons I chose not to use Micro g is not necessarily that I see it as a major privacy risk. I really think for most people, it's probably fine.
It's not there's like I said, there's no direct ties between you and Google through it. It provides some anonymization, but I wanted to force myself to to go through the process of finding alternatives that did not reply that did not rely on the services that Google provides. And that's what I did, and it was it was a little bit painful. But like I mentioned before, it really was not as bad as I expected to make that to make the switch to FOSS apps that actually cared about providing tools that could be used by those not using Google Play services. So
[01:40:51] Unknown:
I definitely think that yeah. Before we get to the next question, I mean, I just wanna jump in real quick. First of all, is awesome. I love. That's how I invited you onto the show. It costs money, and that's not a bad thing, people. That's what's cool. It's a my god. It's a free open source app, free as in freedom, that that has a a paid model instead of harvesting your data, which is is very sustainable. And I I wouldn't be against other projects offering similar,
[01:41:22] Unknown:
monetization models. Paying money, and they accept Bitcoin. You can buy free money today with Bitcoin directly, use some post mixed stats, go buy a a license that's $5. You're supporting the company who's building or not company, the organization who's building such a great tool. Like, people need to use the concept that I am no longer paying in data, so I'm gonna pay in money to make sure that the people who are building the tools that I love can continue to build the tools that I love. Like, sorry. It's not a a high horse and a No. I agree. A little angry about, but I just I love seeing companies just willing or organizations willing to just say, hey. We want money for this because we're building a great tool, and people should be willing to pay for that. And and also to add there,
[01:42:01] Unknown:
3 mo was originally closed source, and they recognized that the community was very upset about that, and they opened it up, which is fantastic. Another good app that handles without Google Play services and makes it a priority is Tutanota if you're using email, which is a fantastic email provider, and and the app works really well without Google Play services. I would just add on to the Micro g thing is there's 2 ways to use Micro g on Kallix. Some apps, you can use it to actually sign in to your Google account, through Micro g.
I wholeheartedly don't think anyone should do that. You should never use the Micro g component where you're signing in to your Google account. I I don't have a Google account attached to my device. A lot of services don't actually need you to sign in to a Google account. They just need to know that there's a a Google Play Services, basically, capability on the device. And those just will just work in the background, and and and you can you can get by on it. But I do I do agree with you that in general, even if you are running Micro g, you should try and support services that go out of their way to not require Google Play services. And I I mentioned Moon earlier.
I know they're actively working, to remove that requirement, so that that is good.
[01:43:26] Unknown:
Yeah. And having if it's a good project that just hasn't taken the step yet, which I think there definitely are many of those out there. I mean, like, for example, ProtonMail, which is a service that I use, their app does not work without Google Play services as far as notifications are concerned. So, like, I can't get email notifications through ProtonMail. And they also don't publish onto F droid. And I do think that they're a good organization. I think they need to prioritize some some different things, and that would be F droid and not needing Google Play services as one of the big ones. But, it also has pushed me towards services that do work without Google Play services. So I've, like, I've paid for c templar email because I know that I can get notifications using their app, and their app is available through F droid. So, again, we can show we can show our support for organizations that are willing to put in the time and effort to to let us opt out of Google services more easily by paying for their services, by showing our support publicly, by talking with people about why we use that app. And that can also be just really good competition to push the other organizations that are legitimately good, but maybe have different priorities to start thinking more deeply about that before they start to lose market share.
[01:44:37] Unknown:
100%. You said you have some more questions written down?
[01:44:41] Unknown:
Yeah. Just one more. There's, one from some poor that says, is there privacy risk to regularly carrying around a private phone and nonprivate phone together? This is one that I've been thinking about a lot. I I have to have an iPhone for work. The services that we use for work, I work in IT, and some of the stuff that we do has to has to go on a device, and I don't want it touching my device, and they will give you an iPhone. So I have a an iPhone for work, so I do have a private my regular personal Kallax OS phone, and then I have a non private iPhone that I use. I would say there definitely is privacy risk. I mean, the main thing to to keep in mind is if you are carrying around that non private device with your private device everywhere, you're likely giving away location. If there's, like, an assistant enabled, you could be giving away audio where you're at.
If you're taking pictures and videos, like we talked about earlier, Apple's gonna be digging through those looking for whatever they deem to be worth looking for at the moment. So I definitely would say avoid it if you can. But if you need the other device for some reason, stick to a very minimal approach. So you can take, like, with my iPhone, the only things I have in there, like, the very required work apps and then a couple apps that I don't want on my main personal phone, but that I need sometimes. And so I'm able to keep them on there. I just keep them closed. I don't use them most of the time, but they're available if I have to. So just stick to that digital minimalism idea when when doing that is kinda my take, but any thoughts around that, Matt?
[01:46:13] Unknown:
Yeah. I mean, I think, it kinda goes hand in hand with Nonya Business's question that just asked about thoughts on carrier privacy. You know, there's there's additional nuance here with your carrier. So so, obviously, whether or not you're using Kallix or iPhone or stock Android or Samsung stock or whatever, you should have that little toggle that says location toggled off for 99% of your time. If you absolutely need to use it, enable it when you're using it, and then disable it. But that is specifically for GPS location. There's also a method of tracking location that is done via carrier triangulate triangulation, which is they take your your 3 closest towers, and they basically measure the distance from those 3 three towers. And you can imagine it kind of like a Venn diagram, but with 3 circles.
And they're able to relatively closely pinpoint your location based on that data alone without GPS. GPS will give them a very, very accurate location, and might be harvested by apps that provide them to marketers, which then that data gets shared and leaked. And sometimes I we've even seen the feds, they'll get around warrants because they'll just buy that data. But, also, they're especially among the major carriers, the AT and T, the Verizons of the world, the T Mobiles, they also monetize by selling that triangulation data.
And if I if I remember correctly, that data, they they when they sell it to to marketers, they they they call it anonymized location data, but there's no such thing as anonymized location data. Because if if you're traveling between your work and your home on a constant basis, then, obviously, you work at that place and you live at that place. And we saw a case where I believe The New York Times used so called anonymized location data, and they basically tracked a secret service agent, and they were able to see where he lives. And that was because the location data basically showed him traveling around with the president and then going back home. So if you're using a if you have a second device, you're adding you're you're adding that element of additional data that is being taken. So how do you reduce that data from being taken from your your your privacy focused phone?
And in that case, the trade off becomes even greater in terms of convenience because you basically end up in a situation where you have to basically get prepaid SIM cards. Whether or not you pay with Bitcoin or you or you pay with cash, you have to attempt to get prepaid SIM cards that are not attached to your identity. And there's there's a great service that works Kallix but not Graphene, because Graphene doesn't support esims, called silent dot link, which accepts Bitcoin, and they'll give you an eSIM, which is instead of that little SIM card that you put in your device, which is how it the carrier recognizes it, It gives you a digital version that is super easy to load onto the device.
My boy, Ketamineer, who has a telco background, says that there's also certain device data that gets transferred to your carrier. So rotating your SIMs isn't necessarily enough if you, you know, you switch between prepaid carriers, and that data can also connect back to you. But once again, as we went back earlier, you know, you can't let perfect be the enemy of good, and you're taking small steps to improve your privacy surface or your your attack surface on the privacy side and mass collection of data are tangibly better for you. You you wanna just try and reduce that exposure as much as possible.
[01:50:31] Unknown:
Yeah. I'm glad you brought it back to that idea of, like, don't let don't let talk about cell tower triangulation scare you out of making actionable steps towards privacy. I mean, that it's definitely that is a concern, and it's something you can't really get around. I mean, if your device is connected to cell signal, you your location is being triangulated. And that is either to collect the location or it's being used to help you accurately and efficiently jump between cell towers for for getting good cell signals. So that is unfortunately one of the things of having mobile data.
If you really want to worry about that more, you could use airplane mode when you absolutely don't need mobile data, which probably not a bad idea at all. Like you mentioned as well, there is a unique device identifier. It's called an I IMEI. Probably heard people talk about it before, but that that unique identifier is new to is specific to your phone, and no other. So even if you are swapping between carriers, that data could be correlated between. But I think a a good thing to think about here and something we haven't really talked about too much today, but, you have to think about threat models. And most people's threat model and, like, my threat model is mostly, it's getting a little different as we kinda see things shift in society. But, mostly, my threat model is I want to make sure that when companies and governments are just mass collecting data and seeing what interesting things they find, I don't show up or I don't easily stand out, and my data is not easily correlated across companies, across governments, that kind of thing. And for for people who have that type of threat model, which I really think is most people, using something like Kallix OS will get you most of the way there. And using some of these apps we've been talking about and tools we've been talking about, and you you probably don't need to worry about cell tower triangulation because that is gonna be very targeted. They're gonna need to say, like, hey. I wanna find out where Seth is. We don't have GPS because he doesn't use that. We don't have all of this data because he uses calyx, but we can use cell tower triangulation to try to track him down. And, like, that is a legitimate concern, but I 1, that's a really hard thing to shut down, and 2, I don't think that I would be targeted in that way at the moment.
So that can be it can be a tricky one to get around, but definitely do not let perfect be the enemy of good. Like, take the steps. The more you're reducing that, the also, the more you're reducing the data that can be easily correlated between your location and other things that you do. Like, if you're using private messaging apps, it's not gonna be easy for them to correlate the person that you're meeting up with and you being there at the same time, at least not as easy. Or if you're not using social media and sharing where you're at each time, they may not even they may not go to the the lengths to dig into cell tower data to find where you are.
So it it really you can protect yourself from Dragonet surveillance. And if you have a very targeted threat model, you have other concerns, so that's a different conversation. But for most people, you don't really need to worry about that if we're honest. But think about your threat model. Look up how to build a threat model. The EFF has a really great resource on that. Try to figure out what you're trying to protect, what you're trying to protect against, and what lengths you'll go to to do that, and see if something like worrying about cell tower triangulation is is a concern of yours.
But there are there are some good carriers. You can also get non, like, personally identifiable SIM cards and data through. Mint Mobile is one that a lot of people talk about in the US. You can get prepaid Mint Mobile cards with cash without giving any personal information over. And if you did buy your phone secondhand or if you bought it without giving away real name and address and everything, the IMEI for your phone is not tied to your identity either. So it'd be it'd be much more difficult for them to correlate that the IMEI, which is yours, is connected to the, Mint Mobile account, which is yours, when neither of those things have personally identifiable information attached.
[01:54:21] Unknown:
Yeah. In general, with with privacy, it's very easy to get caught in the in the hole that, oh, I'm just fucked regardless. And I think it's really important to just constantly reiterate that
[01:54:40] Unknown:
that
[01:54:41] Unknown:
that might you know, do do not get discouraged on that aspect. It's important to just take simple steps on a constant basis to consistently improve your privacy and and and what your, like, your surface area is in terms of, how much data you're leaking on a daily basis because most of us are leaking a ton of data. Like, I, you know, I we get down in the weeds on the show, and then you do an opt out pod. But simple things, you know, stop using Gmail. Stop you know, don't don't have an Alexa in your home that's just constantly running a microphone connected to the Internet. Just simple steps, to improve your privacy.
[01:55:25] Unknown:
And and, I mean, if if we are all fucked and the the data collection that we can't work around or that's very hard to work around is happening and comes back to bite us, do you wanna go out as somebody who just bent the knee and gave them all your data anyways, assuming the worst? Or do you wanna go out as somebody who fought, who made it difficult for them, who complicated their lives, who made it hard for them to complete their whatever their mission is. Like, I I think a big aspect of it is, like, if something is really and I don't think personal privacy is impossible or unattainable, I do not think that. But if somehow that turned out to be the case, that all the steps that I've taken have been pointless, I wouldn't really care. I would be happy that I had done everything that I could. Like, that it wasn't because of my laziness or because of my, poor choices that I suffered in the end or that something changed in the end, but that I would be one of the ones who stood up, who chose to fight, who chose to put in the time, and who chose to educate other people around me and try to pull them into it.
And I really think that that's a worst case scenario. And I think the more realistic scenario is we're we're gonna keep pulling in more and more people. We're gonna make it difficult enough on them that they're gonna have to start changing the way they do things and not relying on people just willingly giving away troves of data.
[01:56:36] Unknown:
100%. I mean, I think a lot of this is education too. Like, I think if people realize that there was no such thing as an anonymized location data, and that their carriers are tracking all this stuff and selling it to marketers, there'd be public outrage. And, maybe, unfortunately, a lot of people will have to be burned in the in the meantime for that to become more aware publicly aware. But I I do have optimism that as people do get burned, there will be more public outcry and people will push, for these things to not be so normalized. We have a great question from Crypto Grampy in the audience, asking, is there any benefit to blending in with some of this stuff? I hear this a lot. You know, Calyxt is a privacy focused OS. Graphene's a privacy focused OS.
Are we putting, a target on our backs, or or or or basically adding risk by seeking out privacy focused solutions?
[01:57:42] Unknown:
That's a that's a really good question. It's one that I've started thinking about a bit more lately, but it's still kind of, I don't know, still kinda mulling over it. I think there certainly could be a benefit, but I think the benefit that that could provide in almost all cases outweighs the risk of giving over data that just makes it easier for them to do what they wanna do. I mean, I definitely think they could use like, our government could use a list of people who, for some reason, do not show up with KYC cell phone numbers and do not show up with Google accounts that are tied to their real identity and stuff like that and use that as a list to start targeting people. But I think kind of 2 two responses to that. One of them is if they do that, it's gonna be hard for them to actually collect the data that they need to make that realistic. So, yes, they have a list of people or a a group of identities that they don't have an identity for that they need to go track down.
And so that's complicated by the steps that you've taken. And the other answer would be, I think a much better thing to do than blending in is increasing the the crowd that you get to hide in. And the way that we do that is through education, through building better tools, through funding better tools, through, pulling in friends and family by regularly talking to them about the steps that we're taking towards personal privacy, making it personal, making it about the the specific things that you see that they need or want out of maybe a mobile phone or an application and and crafting the crafting the message that we have about privacy for them specifically. But, really, the best way to not have to worry about blending in is to blend in with a crowd of people who are growing rapidly that care about personal privacy, that are installing mobile operating systems like Kallax or Graphene, that are using tools like Bitcoin and Monero.
And the more people we're able to to bring into using those tools and using them effectively, we end up blending into a crowd of people who are private. And those that crowd of people who are private all provide good privacy to each other because now there's less and less data between the whole group, and you're all using similar tools that are privacy preserving that they can't actually just collect data from simply or subpoena data from, and you end up in a much better world that way, I think, than if you try to blend in in some ways while keeping some things private. I also think it it would just be really difficult in real life to blend in effectively without connecting the dots between your blended in personality and your private personality, especially, like, we were talking about the 2 phone idea. If if 2 phones, let's say you're let's say you're using Kallax OS, but you're not using a VPN when you're walking around, and you're using some service that that IP address is logged. Maybe it's not logged in a a malicious way, but it's there, and they're able to use or let's just forget the IP address, actually. Let's say you're they're using cell tower triangulation, and maybe you didn't purchase your cell plan for your your Calix OS without giving up your identity, and then they see your non private phone walking around. These two devices are always hand in hand. They're always together.
They're gonna be able to tie pieces of data together that maybe they're getting from Calix from your Calix OS install, maybe some things that you're doing on there, maybe you're still using the Twitter app rather than using the mobile app, and and some data is getting out of there that, they can use to to do that. All all that's kind of, like, just conceptual, but just that idea that if you do try to kind of blend in halfway while opting out halfway, it can be really hard to keep those two lives separate. So it can be tricky.
[02:01:18] Unknown:
I think you made a very good point in the beginning of your response, in terms of of basically trying to increase the anonymity set of these services, increase the adoption and use of these services so that you don't have that issue when you're using them. I think I can speak for both of us. I I mean, that's why I do dispatch. That's why I'm so outspoken on Twitter. I think that's why you do opt out pod. I think that's why we're doing this show right now. I mean, we need more people using Kallix so that you don't have that that concern as much. That is not just necessarily a privacy tool.
It does give me better performance and better battery life than if I was running stock, Google on my Pixel. Like, significantly better battery life. Like, Pixels have historically I've had a horrible battery life. But because this thing's not hitting Google all the time, my battery life competes with, you know, brand new iPhones, which is pretty unbelievable.
[02:02:22] Unknown:
It's a really underrated part of Kallax OS that I don't think a lot of people talk about. Like, I was talking to somebody who was at Defcon, and he mentioned that he had has a had his Kallax phone in his bag for, like, 6 days straight, and it still had tons of battery, like 80% or something. And he had used it a good bit throughout that, but it really does help with battery life. And a perfect example of that is signal. In the beginning of signal usage,
[02:02:45] Unknown:
you basically if you were able to get a list of phone numbers that were using signal, you could pretty much assume that they were all privacy focused individuals. But now it's starting to hit the mainstream where, you know, my grandmother uses signal, and her friends use signal. And and it does have features that are better than if you were just using a text message besides just privacy. And we've seen success with it that and I think it's a very good example of of, basically, what we wanna see with some of these privacy tools is is to them get some level of mainstream adoption so you don't have as much of that, you know, that that risk of basically just you using it becomes suspicious. Not that it should be suspicious, but, obviously, that that is going to be the case a lot of times when you're first starting, these types of projects.
We had Jack Sparrow in the chat ask if he was to use Gmail on Kallix, would he be better off using it in browser? Yes. Just in general mean, you shouldn't use Gmail, but just in general, using a browser based version is is strictly better. And and if if you have to use it, that's how you should use it. Seth, you mentioned Defcon. You were there this weekend. How how was how was that? Do you have any insight there? What was that experience like? I've never been.
[02:04:15] Unknown:
Yeah. So it was it was my 1st year there. They changed a lot of things this year. I think they've kind of I don't know. This might be a little divisive, but they bit the knee a little bit and forced people to provide personally identifiable information to get in. They also did not make it clear that they accepted cash at the door, which has been like a Defcon thing forever, and they instead did preregistration via credit card. So there were a lot of bad changes, but it was the 1st year I was able to go. And there were a a there's a a large contingent of the Monera community going there, which I've been wanting to get together with with a lot of those people for quite a while.
And, actually, the Monero people put on, along with the help of a couple other projects, but it was mostly driven by the Monero people, they put on a cryptocurrency village, which normally there has been a Monero village itself in the previous years. But since this DevCon was much smaller, they capped it to, like, a third of of the normal size, and I'm not sure if they even hit that. So it was a very different year for sure, but, we were still able to put on that cryptocurrency village. I may or may not have attended with or without a ticket, and and actually helped out.
But we had the the cryptocurrency village there. It was it was cool to see a lot of people come in from the DEFCON crowd that may or may not be familiar with cryptocurrency. There was actually a much larger contingent than I expected that didn't really know anything past, like, very basics about Bitcoin and really just kinda the number go upside of Bitcoin. There were a couple people that I talked to who had a a deeper understanding. Obviously, my focus there was on Monero, but it was the cryptocurrency village. So I I try to just kinda be generic unless someone specifically asked about Monero stuff, but had a lot of really good conversations, a lot of, obviously, privacy loving people. So there was there was good stuff around that.
We put on a few talks also, mostly focused on cryptocurrency privacy and some some research that's gone into to scaling and privacy protocols from a a researcher who's, who has done research for Monero in the past and and is now doing research for other projects in addition to Monero. But it it ended up being a good time. I mean, my focus was hanging out with Monero people, getting to know a little bit more of the the community, getting a little a little closer to them, but, I was able to to get into to DEFCON for a bit and and see it. I I didn't leave the cryptocurrency village, though. I didn't go to any of the other sections or talks or anything like that. So I have a I had a very limited view of DEFCON, but, the parts that I did see within the cryptocurrency village were were really good. It was it was a good time getting to to meet some of the people there. And, honestly, just to show cryptocurrency and privacy to people, that's not something it really specifically Bitcoin and Monero to people, and have those kind of face to face discussions with a lot of people who aren't as familiar with Bitcoin and Monero as the people that I regularly interact with on on Twitter or in chat rooms.
So definitely still good. Sad to see some of the changes that DEFCON has chosen to make to kinda bend to to social pressure, and even to go way above restrictions that are put in place, but, that can be a that can be a discussion for another day. But, overall, a good time. Some awesome people, that came out from the Monero community. Many of them are also part of the Bitcoin community. If you're active in Samurai Circle, some of the people there are active there. There's a lot of crossover between privacy focused Bitcoiners and Monero users.
So it was great to hang out with them, get to chat a little bit more, kinda, yeah, just just a really good time.
[02:07:52] Unknown:
Awesome. Appreciate the insight. I mean, I since you mentioned it, I mean, I'm pretty sure they use COVID as the excuse for the additional information collection.
[02:08:02] Unknown:
Yeah. They did. They requested vaccine reports.
[02:08:06] Unknown:
Yeah. It's pretty fucked up. It's, troubling. It's a troubling trend in general, but especially when you start seeing privacy focused organizations and events, kind of bend the knee to that. It's not a good trend.
[02:08:25] Unknown:
When I when I found that out because they they'd announced it really early on, but it was, like, when things were much more restricted and locked down because of COVID and, whatever you think about that, whatever, but for other people listening. But, things opened back up. Vaccine was out. Everybody was feeling fine, and then DEFCON did not reduce any of the restrictions even though they were way above CDC recommendations, local requirements, anything like that. And when I saw that, when they kind of reiterated their stance, I reached out and and chatted with them to try to figure out if there was any kind of workarounds there or anything I could do. And, essentially, their answer and this person wasn't necessarily speaking for all of Defcon, but I think it was a good window into what has become of what used to be a countercultural hacker privacy focused, conference. The the response I got from the person who worked for Defcon, and he was the person responding to me in my support case, was essentially that because I don't have a reasonable expectation of privacy outside of the conference in Vegas because there's cameras everywhere, that kind of thing, that they have no problems with requesting personally identifiable information to get into the conference, which I think is just absolutely nuts and an awful response to hear from a a conference like that. And, again, that may that may not line up with the actual people who, like, are creating and running the conference, but that was the official response that I got, which was a little bit terrifying. I'm not I think I think took away a bit of my interest in going to future DevCons.
But regardless, there was still a big crowd there, so it was good to have a presence and good to have, just some some good discussions throughout anyways.
[02:10:06] Unknown:
Yeah. I mean, it's a real shame. It's it's a worrying trend. I do feel like I I wonder if it's just my bias showing, but I do feel like there's just just an increasing trend of anti privacy aggression, around the world right now coming from a 1000000 different sources, and it's more important than ever for people to stand up and say no and and care about their privacy, care about their sovereignty, and help educate friends and family the same, and and and the the movement is more important than ever right now, I think, but maybe I also will acknowledge that it could partially be my own bias.
But it does definitely feel like a a worrying trend. Seth, I mean, this has been an absolutely great conversation. I know you're tired from traveling. We've been talking for over 2 hours now. I really appreciate your time. Do you have anything that you wanna cover before we wrap this up?
[02:11:15] Unknown:
I don't think I have any kind of major major topics. I would just say, like, I'm not I'm not making this about Calix OS or First Graphene OS, that kind of thing. I know there's a lot of issues and just conflicts between them. I've had some run ins with the Graphene OS crowd that have been quite hostile, but I think what I will just kinda say to sum up what you've been chatting about is definitely take the steps to to dig into mobile privacy. Try out both Kallix OS and Graphene OS if you have the time. If you're focused on usability, jump into Kallix OS.
If you feel you have a a more aggressive threat model or a more, kind of high level threat model, maybe go for GrapheneOS. It should be a little bit more secure in some ways. Privacy is kind of they kinda trade blows there, but, find the tool that works for you. For me, that's Calix OS. Like Matt said, for him, that's Calix OS. So, I mean, I I definitely do personally show Calix OS, but Graphion OS can be a great tool too, no matter what drama is going out around that.
[02:12:24] Unknown:
One one of the one of the cool aspects of both Graphene and Kallix is that they run on the same hardware, and it's very easy to switch between them. It's also, Google is, I think, relatively unique in that they actually provide images for stock Android as well. So you can you can literally take your your Pixel device, you can flash Graphene on it, you could try it out, you can flash Kallax on it. And if you still disagree with both of us that it's a better experience, even if privacy is not necessarily the concern, you can then go and, flash flash stock Android onto it, back onto it and go back into the Google universe so you don't have that issue.
We have we have Monero Lyon, bringing up the Monero question, which is not a surprise given his name. So do we wanna have a brief discussion on our views of Monero? And, I guess he's he's specifically asking about usefulness. I mean, I think we all know where you stand here. I mean, you you started as as pretty much a fully focused Bitcoiner, and you seem to have moved on more towards Monero due to the privacy focus of Monero. I think I am often, mischaracterized in how I view Monero. I've been very consistent in that. I do believe that it is useful if if if you want transactional privacy today, there's a lot less gotchas than if you're using Bitcoin.
I think the tools around using Bitcoin privately have improved tremendously, and I expect them to continue to improve. But I I do not I I do not, disagree that Monero is useful. My belief, though, is that long term, you will be better off holding Bitcoin than Monero in terms of, purchasing power, in terms of how much to in terms of holding your purchasing power and your purchasing power increasing for your everyday expenses. And I don't I I where I tend to disagree with people who think that Monero is strictly better than Bitcoin is that it's kind of a damned if you do, damned if you don't on the Monero side because there's a strong focus to make it easy to swap between Monero and Bitcoin.
And as long as that is the case, there is no real incentive for someone to hold Monero when they can just switch into Monero for short term, transactional privacy and then swap back into Bitcoin for a long term hold? Do you what what is your thoughts on on my statement?
[02:15:51] Unknown:
I mean, I I definitely I think I agree with a good bit of what you said. The way the way I look at it, I think, is a little bit different than a lot of people. I mean, I'm not I'm not interested in the the number go up aspect. I'm not really I mean, I you I know you phrased it as purchasing power, which I think is a more a more nuanced and better way to phrase that idea of the price increasing over time versus Fiat, which is what is meant by purchasing power increasing, at least in my eyes. If that's wrong, feel free to correct it. But
[02:16:21] Unknown:
Well, I mean, I would say, fuck Fiat, but purchasing power between Bitcoin and Monero long term.
[02:16:30] Unknown:
Yeah. Yeah. And I I mean, obviously, history has shown so far, depending on when you bought in, Monero's purchasing power could be a lot better. Bitcoin's could be a lot better. And over the long term, Bitcoin has done obviously incredibly well in price performance. So if your if your only concern is price performance or if your main concern is price performance and store value, I I think, obviously, Bitcoin has proven itself as that so far, that it has worked well as that. The technology works well for for that piece of cryptocurrency, and I do think store value is a a meaningful and useful, use case for cryptocurrency in general.
I think where I differ a bit is that I think that the world needs a store of value much less than it needs a way to transact privately. And I think that Bitcoin can be used to transact privately. It's definitely doable. I've done it. I am really close to a ton of people in the samurai community. I love what Samurai Wallet's doing. I think without them, there would be no hope for Bitcoin. And I know that's a bold statement, but they're really kind of the last the last bastion of privacy preserving crypto or, cypherpunk people who are are working on Bitcoin or or some of the few. And, yes, you you can use Bitcoin privately, but I think the caveat is it is extremely difficult in comparison to Monero.
Again, samurai wallet makes it possible, but not necessarily easy. It is time consuming. It takes a lot longer to go through the mixing process with Bitcoin. You have to learn how to set it up. You have to learn how to mix. Hopefully, you set up your own Dojo, which requires obviously setting up the Dojo and connecting to your own server and then maybe setting up the desktop GUI client to make sure that you're syncing all the time. And, there's a lot that goes into preserving privacy on Bitcoin, and there are a lot of ways you can mess it up, either pre, post mix, or obviously if you're not using Samurais or some other privacy approach, but there's not too many great ones out there for Bitcoin.
If you're not using samurai, you're just you're shooting you're shooting yourself in the foot the whole time that you're using Bitcoin, and you're making a clearly deterministically traceable footprint in a ledger that will last forever and is readily available for data analysis by governments, companies, all of that. So because my focus is more on a method of exchange, a way to transact value, and more on something that is a replacement for cash. So we need digital cash, something that we can transact digitally with, but that carries over the the principles of cash, which are essentially fungibility and privacy.
I I lean towards Monero, and I've chosen to focus my time in in learning and education, and in, just the yeah. Really, the educational content that I put out is focused on Monero because I view it as an extremely approachable, extremely easy to use, and not perfect. The the UX is not perfect. Some of the wallets are better than others, of course, and, hopefully, user experience will continue to improve over time. But anyone who uses Monero with any wallet that's available for Monero gets very strong privacy guarantees, and they get that digital cash like feel where they they don't have to worry about fungibility. They always know that the transactions that they make, are being protected in both the sender's protected in each transaction, the receiver's protected in each transaction, and the amount is transact is protected in each transaction.
And since those things are enforced by the consensus layer, there's no way for you to mess that up in those core ways. Obviously, there are some other issues that you could do, like if you're using a a KYC exchange, you go to your wallet once, and then you go to another KYC exchange. If those exchanges share information, they could link the transaction back to you. But those are also KYC exchanges, which you shouldn't be touching.
[02:20:22] Unknown:
What if you don't use it with your own node, like, something like Cake Wallet?
[02:20:26] Unknown:
There's there's an inherent trust with Cake Wallet servers. Right? No. No. So there is well, I mean, yes, there is a tiny bit of trust placed in using a remote node, but the important the important distinction is that there is only one light wallet for Monero, and that's called MyMonero. Every other mobile wallet, Cake Wallet, Monero Show, there are other ones like, I can't remember what they are. They're not Monero specific. I won't focus on them. But, like, Monero Show and Cake Wallet, both of them just use remote nodes, which is it's an RPC connection just like if you were to use your own Bitcoin remote node. So there's no leakage of, so just just to break down Monero really quickly for anybody who's not aware.
So Monero, like I said, receiver, sender, and amount are protected in every transaction by default. If you want to reveal that information, like, if you want to selectively reveal some information about a transaction to a 3rd party, you can give them what's called a view key. And that view key lets them decrypt that information about, about transactions that have been received to a specific address. So, like, if I wanted to, I could publish the view key for the donations that I receive via opt out pod so that people could see how much I've received in donations. I think in a lot of situations, there's no reason to do that, but, like, if you're a maybe a, an open source foundation and you wanna make it transparent how much money you're getting and what you're spending it on, or, maybe you're a political candidate and you have to reveal donations, that kind of thing. It can be useful.
But the way that light wallets work, like my Monero, is that you hand them the view key to your wallet, and so they are able to decrypt that information about your transactions so that they can do the actual syncing of the blockchain for you. They can look through the blockchain for all the transactions that correspond to your wallet and let you know about them without you having to go to the node, request every block's data, and dig through yourself. So you are offloading quite large amounts of trust when you're using that. You're still, at worst, as bad off as using Bitcoin.
You still do have some some privacy provided there, but that is much less than just using a normal remote node. But, like, when I'm using I use Monerojo and Cake Wallet. When I'm using those, I'm connecting to my own node. Or even when I'm connecting to another node, I'm not revealing any information about the true spend in a transaction. I'm not revealing any information about amounts, and I'm not revealing who I'm sending that transaction to, which is a really important point that that remote node privacy is much less of an issue in Monero because transactional privacy is so much stronger.
[02:23:03] Unknown:
Appreciate that insight. Before I respond, we have Moe's bleb mentioning Bunny's open hardware phone. Bunny is doing amazing work. I look forward to seeing what he has for us. We did not mention it on the show, so it should be mentioned. I'm very excited about it, but it's not out yet. So I have, you know, Gitmo BTC mentioned StoreWealth and Bitcoin and then spend in in Monero or Whirlpool where where Monero isn't accepted using CoinJoin. To me to me, that's the gotcha. The gotcha is and this is the case with pretty much all Altcoins, but most Altcoins do not have any kind of usability or usability advantage that Monero presents. Monero presents a short term to me transactional privacy advantage. I expect long term I hope long term becomes easier to use Bitcoin privately, especially as people start to realize the need, especially as people start spending it more because a lot of people don't spend Bitcoin right now.
And when I when I try and conceptualize where we're going, I just all the all the the privacy gains that you get in the short term spending Monero overspending Bitcoin, as long as it's easily just easy to swap between the two chains, a Bitcoin user has those available to them. They can use CoinJoin. They can swap into Monero. They can spend with Monero. They can receive Monero donations and swap back into Bitcoin and hold it in Bitcoin. And to me, that's that's the ultimate gotcha. It means that, basically, XMR is like a utility token for a transactional privacy chain, and I value the project. I think it's very good work that's being done there, and I think it's useful to Bitcoiners.
But long term, I just don't see the incentive to not hold your savings in Bitcoin and just use Monero for short term transactional privacy until, hopefully, Bitcoin privacy gets better. And this is not this is where I get there's a lot of I butt heads with a lot of Monero people on this, is this is not necessarily my desire. This is my expectation. I think the way the incentives are set up, I think the different properties of the 2 change where Bitcoin is much harder, much more difficult to change, is is harder money to me. On a characteristic level means that, ultimately, it is the better spot to keep your savings. And as a result, the purchasing power will always increase against Monero long term.
That is my expectation. That's the expectation I'm operating under.
[02:26:24] Unknown:
Yeah. And I'm I mean, I think that's a that's a really common one. And the the concept of Bitcoin as savings and Monero as checking as a checking account is is another super common one. I I definitely I think that is a valid approach today, based on the performance of Bitcoin and the the spendability of Monero. We're seeing Monero acceptance increase drastically. We've seen a ton more FOSS organizations start to accept it as donations and preferred as donations. We've seen, a lot of companies start to accept it more. We've seen, like, coin cards accept Monero, so it's really easy to spend gift cards through there. So I think because the spendability of Monero is increasing, more places are accepting it. And because the Monero community is so focused on spending Monero and not just HODLing, which I'm not a fan of the whole HODL thing, I think that it it defeats a lot the purpose of cryptocurrencies even though it can be useful, so some people definitely can. But, because Monero focuses on the idea of spending and using Monero, I think merchant acceptance has been improving quickly. Donation acceptance has especially seen kind of the biggest gains, a ton of privacy focused projects, and people accept donations either only in Monero or primarily in Monero in Monero, which is is great to see.
[02:27:40] Unknown:
But I I mean, I think, ultimately, these things go hand in hand, and I butt heads on both sides of the argument spending versus HODLing because these networks for them to be truly distributed and censorship resistant, they need a native token to pay the miners. That native token needs to have value. Maybe in, like, a perfect theoretical sense, that value is just a stable value. But it's that that's not really feasible without entering third party risk, having some kind of centralized peg. So what happens is we have a free floating value. And, ultimately, better than that value going down would be that value going up over time and the network becoming more secure as a result. And you being able to spend that value needs that the token needs to have value to begin with. Right?
So I do think they kind of go hand in hand. I think people will have savings, and they'll have spend it. I I think good money, you should be able to save and spend without permission. I will, however you wanna do it. So so I do think that they I do think those two characteristics go hand in hand, and there's really not that much nuance in that in that discussion that happens. Like, it gets very extreme, especially on Twitter, where there's, it's not really a good, platform for it. And then the other thing you mentioned was donations, and I I think, like, donations is, like, a perfect example here where because Monero has stealth addresses where you're able to just post a a static string, to receive donations or a static QR code that interprets that string, without revealing what donations you've received and not having that issue, the same issue you have on Bitcoin where you don't wanna reuse an address because if if you have that static donation address in Bitcoin, you can just look it up on chain and see all the donations that come in and all the spends that go out.
Monero's had that advantage over Bitcoin for a long time, but now we're starting to see, we have a have a have a new, lightning invoice format that is being rolled out right now, bolt 12, which attempts to provide a privacy preserving static, either text string or QR code that gives you similar functionality to Monero donations. And that's a trend I expect to continue. So to me, you know, I I the the the long term value prop of Monero, I see eroding, but, you know, I don't pretend to know everything. I'm not gonna
[02:30:34] Unknown:
I'm not gonna lecture you. Yeah. And, I mean, I'll I'll just go ahead and make the call out that I am thankful both tools exist. I think that they Bitcoin has done great things. Without Bitcoin, Monero would not be here. Without people working on Bitcoin, many of the technologies that are fundamental to Monero would not be here. And Bitcoin just being the being the the lead, the alpha in the in the cryptocurrency space takes a lot of the heat away from an arrow and lets us just focus on building and not have to worry about a lot of the other issues. So, like, I don't want people to come away with us thinking, like, I hate Bitcoin. I I just the the the big things for me and I'll I'll I'll comment on the the l n thing in just a second. But, the big things for me are that Monero is easily spendable for anybody in a private manner. I I don't I don't question that Bitcoin is spendable privately by people like yourself or people who are using Ceramic Wallet today or who understand those concepts. My concern with Bitcoin is that we we don't improve the base layer. We don't provide better privacy.
And also coupled with that, that Lightning Network doesn't take off or it doesn't provide the privacy that people thought it would at first, which again is what happened with Bitcoin. The people thought it was private and then found out that there were too many issues, and then it didn't proceed. And then, obviously, Lightning inherits some privacy issues from the base layer, but that's a whole another topic. But my my concern is that we pull people more into Bitcoin, and they don't know how to use the tools. And there's only like, right now, there's only 1, in my opinion, privacy preserving wallet implementation. If that wallet gets shut down or if the samurai devs die or if the samurai devs leave, Bitcoin is in a really bad place, and that requires the servers that they're running to coordinate Whirlpool.
So if that stuff gets compromised, that could be really problematic, and that's not something that there's any real other great tool to jump into. But we have joined market. The usability is not great. But Yeah. I mean, I I know it's there, but greater problems of pulling people in to actually who can actually functionally use it, and it has the core problem of post mix spending is really difficult. But it it really comes back to, like, why I focus on Monero is because I want if I'm gonna focus on building a tool, and this is different than, like, the tools that I educate people about through opt out pod or through my blog. Those are not tools that I'm building and pouring time into. They're they're tools, many of them, that I donate to or that I help out with, like, bug requests and feature requests that I see are necessary. But the reason I focus on Monero is because I see that it's a tool that practically anyone can get into and use, and they don't have to be technically savvy. They don't have to be wealthy to pay fees. They don't have to to have access to a a node that they can run so that they can preserve their and not just one that I could use. I could use Bitcoin privately today, and it would be fine for me.
I mean, I I prefer to use Monero. It's much easier. I I prefer the the ease of mind that I have when using it, but I I have the technical skills. I have the money. I can afford the fees. I can afford the time investment to to use Whirlpool and spend funds. But I choose to focus on Monero because I want to I want to build a tool that's more easily approachable for other people. Any comment on that before I say a couple more things?
[02:33:53] Unknown:
I mean, I'd just to be clear, I respect you. I love the work you're doing. I I love your your your your your extremely motivated, and I I think you're fighting the good fight. And I, you know, I re likewise, I'm I'm glad that we have both Monero and Bitcoin. I I guess I mean, like, I've I view Monero as a tool of receiving and sending Bitcoin, basically.
[02:34:23] Unknown:
Yeah. And, I mean, it can it can function really well as that second layer. I mean, it really can be a in many ways, a more complete tool than Lightning, at least today, as a second layer for Bitcoin. And I am really glad that that's a possibility, and I love that the Monera community funded and is building atomic swaps that really, the atomic swaps that we're building benefit Bitcoiners. They don't really benefit Monero people, because if we're gonna be the ones on the other side of that, if we're gonna be market making for atomic swaps, we're gonna be gonna we're gonna be getting tainted UTXOs, toxic change. We're gonna getting all we're gonna be getting all that fun stuff and have to deal with mixing it or finding ways to sell it or trade it, or, there's gonna be a lot of people to be able to use Monero when and how they want. If you wanna use Bitcoin for savings and you wanna use Monero for for spending, that's awesome. I'm glad that that that that possibility exists. And, like, I think that's probably the most coherent approach that I see Bitcoiners take, just at least acknowledging that Monero is an extremely effective tool for spending money.
But I also think the the one with Bitcoin as a store of value long term is a tricky one because a store value really depends on really 2 things. It could be one of 2 things, but generally 2 things, which are network effect, that remains the the main thing that's being used to store value. And, generally, value increases as people use something and keep increasing the price by needing to buy back in and keep using it. A method of exchange generally leads to price stability, which can also help as a store of value because if the price is stable and slowly rising rather than rapidly increasing and rapidly declining, it's a much more attractive store value for more people.
And since Monero does so well at method of exchange, the argument could be made that that would lead to price stability and a good store value long term. Like I said, my my focus is not on price. I haven't looked at charts and compared and seen how these things specifically affect coins. I'm not really as concerned with that, but there are lots of other arguments around that.
[02:36:35] Unknown:
When I when I say price, though, I'm specifically referring to XMR versus BTC, like, not Fiat price. I'm talking about the 2 between the 2. But,
[02:36:46] Unknown:
Yeah. But, I mean, the the reason for the price differences is because Fiat price changes. I mean, if if we're being honest, it's not that there's a massive a massive market between Bitcoin and Monero. It's that people are buying buying Bitcoin with fiat, pumping the price, and Monero is not as purchased because it's restricted because people hate privacy, so it's not on as many exchanges. So I don't I don't I mean, I I agree that specifically, XMR versus BTC price is your focus, but, I mean, that is at the core, that's still fiat price. But, yeah, so far, I mean, like, I'll I'll just be quite honest. If I had held Bitcoin and not hold Monero, I would've and I don't hold Monero. I use Monero. But if I had only bought and held or used Bitcoin and not touched Monero, I would have a lot more money today. Do I regret it? No? I'm glad that I got into Monero and that I was I've dedicated the time and effort to to building up that tool and educating people. But, yes, I mean, price has not been kind to Monero, especially since I got into it, which is either unfortunate or maybe I caused something. I don't know.
But but, I mean, yes, I would have been better off price wise, but I think that Monero is a much more approachable tool that I I wanna get people into. You also mentioned something about network security relying on price increases. That that one is something that a lot of people I don't know. I go back and forth on that one. I agree that price increase can drive network security, but when something has a rapidly changing price, it can also hurt network security. But the the main thing to me is, what is the technological approach that's taken with Bitcoin versus Monero for long term network security?
And the one of the reasons that I like Monero is that the approach has been taken that we don't want to rely solely on fees long term to to support network security. We wanna make sure that there's at least some base stable layer of block reward that miners can trust will happen no matter what's happening with fees at the moment. And so for those who are new to Monero, that's called the tail emission. Essentially, what that means is that Monero has a a set supply. And then after that set supply, which I think May 2022 is when this will happen, it'll switch to something called a tail emission, and that tail emission will be that there will be point 6 XMR per block or point 3 XMR per minute depending on how you how you wanna look at it, emitted forever.
And I know to to Bitcoiners with your 21,000,000 cap out there, that's a terrifying concept, but it's really important to realize that it's it's what's called asymptotically approaching 0%. So because it's a fixed amount of Monero, when it's compared to the total amount of Monero, the percent of inflation is constantly approaching 0%. And it's also already a lower inflation percentage than Bitcoin and gold. And, again, that percentage will continue to decrease. So it's it's a very small inflation that is known, that is predictable, but that provides a base level of network security to what happens with fees.
And that is definitely a concern for Bitcoin long term if when there are less Bitcoin per block in the block subsidy or if there are when there is no Bitcoin given out in the blocks of the block world. Well, there'll never be no Bitcoin given out.
[02:39:51] Unknown:
It just it halves forever. Well yeah.
[02:39:55] Unknown:
Essentially, no. Yeah. It will never have to 0, but it'll be very, very, very strong. Purchasing power increases, like, we've seen even with all the havings we've had,
[02:40:05] Unknown:
like, the reward the subsidy paid to miners now in purchasing power is significantly higher than the reward that was paid to the concern in terms of supply with with the tail emission on Monero is less so than the fact that for better or worse, Monero is is easier to change, and and Monero stakeholders have taken advantage of that to adapt quickly. But as a result, it means that any guarantees you have in terms of what the protocol says it's going to be, are reduced because you don't you don't know if, it'll change out from under you. So, like, even, you know, like, something that's that's a if if you if you take an altcoin that has let's say that they're actually holding a 21,000,000, supply cap, in the protocol now. That supply cap promise is significantly weaker than Bitcoin's because Bitcoin has shown that it's extremely hard to change, So you have a a much stronger guarantee that that that that will be held, and it won't be changed in the future out from underneath you.
[02:41:34] Unknown:
Yeah. I think there's there's kinda 2 key points I'd like to make in response to that. I mean, one is I don't think that it's valid to really be concerned about the supply changing in Monero. Just like in Bitcoin, the supply is purely social consensus. If social consensus changed in Bitcoin enough that the supply wanted to be changed, it would be changed. It's it's just code. I mean, it's not gonna change. But I know. Yeah. I know. I I agree. I don't think that Bitcoin's never gonna make any large base layer changes in the future, and supply is something that is obviously that's, like, the number one narrative for Bitcoin. So I I don't I don't see that changing. So I'm not saying that. I'm just saying it is social consensus.
And thankfully for Bitcoin, at least as far as number go up, the supply is fixed. Social consensus is that the supply will stay fixed. It's not gonna fork in any real changes anyways, so that's not really a concern there at all. But it's also not a concern in Monero because it's, again, social consensus. If if people were to want to change the supply, it would have the same impact it would have on Monero, which would be to destroy trust and destroy the fundamental guarantees that have been existent since the Genesis block in Monero. So, I mean, that's it's never that's never gonna happen either, and it's not like Monero is small. Monero is a very large community and a very large project compared to most altcoins.
But, yes, in comparison to Bitcoin, it is it is a much smaller community. The other key part though is that this unwillingness to change in Bitcoin, which is good for things like supply cap, is also very bad for things like increasing the base layer's privacy. I mean, this is something we've seen. There have been many proposed approaches to increase the privacy of the Bitcoin base layer, many of which have gone on to be included in Monero and and used regularly with great success. But those changes have been denied simply because people either do not wanna sacrifice the narrative of the back of the back of the napkin math on looking at the total outputs to calculate the supply of Bitcoin versus trusting in some some cryptography for that, or it has it has just not been implemented because people didn't want to take the risk of implementing a serious change into the Bitcoin base layer. So there is the I mean, the the niceness of Bitcoin being hard to change also has serious side effects in that Bitcoin's layer 1 privacy will probably never improve, or at least it doesn't seem like it will improve noticeably. Hopefully, it will. Again, many of these things I'm saying about Bitcoin, I've said this many times before on Twitter and other places, but the best thing for the world would be for Bitcoiners to wake up to the need for privacy, to wake up the for the need for the the spendability of Bitcoin to be improved, the fungibility to be improved, and to make the necessary changes to the base layer to make that happen. I would love that. If we had no need for a Monero in the world, that would be freaking awesome. I would be so happy. So, like, don't take what I'm saying as something where, like, I want Monero to beat Bitcoin or anything like that. I would much rather Bitcoin just evolve into what the world needs, in my opinion, rather than needing a Monero. But but because I see that as unlikely, that's why I why I focus on, on Monero.
[02:44:42] Unknown:
Yeah. I mean, there's 2 different approaches, trade offs like everything else. Look. I I appreciate I I appreciate you having, this discussion with me on air. I hope the freaks appreciate it. I mean, regardless, I think before the Monero topic came up, we had a very, very important discussion on mobile phone privacy. So I know the freaks will find that extremely helpful, but I also hope they found it helpful our discussion on Monero and Bitcoin, and the different trade offs that both projects are making. Yeah. And I just wanna reiterate that I, you know, I respect you, and I'm I'm really glad you came on the show. I I I respect what you're doing with opt out pod. I think it's one of the best podcasts in the space. I don't want Bitcoiners that are listening here to get discouraged from listening to opt out because, Monero really isn't the main focus.
Privacy and sovereignty is, and it's it's a fantastic show. So I really do appreciate the work you've done there. It's not even it's not even cryptocurrency
[02:45:56] Unknown:
centric. That is definitely obviously a topic that comes up. We've talked about Bitcoin more than Monero, but, yeah, I definitely don't I don't want people to think that it's like a a Monero only podcast or anything like that. That is not the focus. It is much more similar to the earlier discussion we had for the first couple hours that that focused on Kallix and using different tools to opt out.
[02:46:14] Unknown:
100%. And I expect insecure bit corners to come at me probably for this last segment. I will reiterate to them that open discussion of these very important topics is good for everybody and that as soon as we stop having open discussion, that's when things start to degrade and things get a lot worse. So it's extremely important that we have open discussion on on all of these topics, and that's one of the reasons why I started dispatch. That's one of the reasons why there's no ads or sponsors. It's completely funded by the audience. Buy us for us.
Seth, really enjoyed this conversation. You have any final thoughts before we wrap up?
[02:46:59] Unknown:
No. I just I really wanna say thank you for having me on. I mean, I know that having on a a shit coiner like myself is sometimes detrimental to your, your Twitter health. And I'm sure you're gonna take a lot of flack for it. But but like you said, I I think that it's hopefully, I didn't come off as too aggressive or abrasive specifically about Monero. I get fired up about that. But if anyone is just surely anti Monero, listen to the rest of this this dispatch. It's been a great conversation. And I just I know you you took some some risk in social circles having me on, but I I think that this this concept of kind of pushing the boundaries of just Bitcoin privacy into more general privacy journey is so vital. And I really hope that more Bitcoiners they they fall down the Bitcoin rabbit hole, they fall down the Bitcoin privacy rabbit hole, and then they fall down the the general privacy rabbit hole because it's it's really I mean, that's that's the way I have gone through. I'm I'm here because of Bitcoin, Privacy Maximalist.
That's why I'm I'm into the tools that I am. That's much of why I created a podcast. That's much of why I created a blog. So I'm I'm really grateful for for you, for the content you're putting out, and just just grateful to to be able to come on, to chat, to have some really good, I think, meaningful discussions about mobile privacy that that really can they can change things for the better on a on a large scale. It is very much about personal privacy, but with all of us opting out of the the tools that that the government and the corporations are trying to use to surveil us and pulling others along with us, we I think can have a a really major impact on the world for good.
So I hope that more people take the time to to learn about those tools, to to gain more knowledge and understanding, and to just pull pull their friends and family and pull, their online communities in, really try to be the one pulling pulling people down the privacy rabbit hole and and, making a change in the world that way. So, yeah, really grateful for this time. I love what you're doing with with dispatch, all the educational content you've done in the past. You are one of my absolute favorite Bitcoiners, and, yeah, just had a great time chatting, Matt.
[02:49:04] Unknown:
Thank you, Seth. The feeling is mutual. I'm I'm I'm glad I'm glad to have you have you on our side in this fight. It's it's the most important thing as far as I'm concerned, and, yeah, just just thank thank you for joining, and thank you for everything you do. Big thanks to the freaks who joined us in the live chat, to the freaks who support the show and keep us going. And thanks for everyone for listening. Appreciate you all. Thanks, Seth.
[02:49:34] Unknown:
Thanks, Matt.
[02:49:40] Unknown:
It's been a ride. I guess I had to go to that place to get to this one. Now some of you might still be in that place if you're trying to get out, just follow me. I can too. You can try and read my lyrics off, but it's capable for all I am. But you won't take this thing off these words before I say them. Because ain't no way I'm gonna let you stop me from causing them. When I say them, I do something, I do it. I don't give a damn what you think. I'm doing this for me. So fuck the world, feed it beans, it's gas stuff. If you think it's stopping me, I'm a be what I set out to be. Without a title, I'm tired of bleeding. All those who look down on for Christmas. His gift is a curse. Forget that earth has got the urge to pull his dick from the dirt and fuck the whole universe. I'm not afraid, I'm not afraid to take a stand, take a Okay. Take away your senses and shit and cut the crap. I shouldn't have to rhyme these words in the rhythm for you to know it's a rap. You said you was king, you lied through your teeth. For that, fuck your feelings. Instead of getting crowned, you're getting capped into the bands. I never let you down to get them back. I promise to never go back on that promise. In fact, let's be honest, at last we last see the was aired. Perhaps our random accents fucking black cloud still follows me around but it's time to exercise these demons. These motherfuckers are doing jumping jacks. I'm not afraid. I'm not afraid to breaking out of this cave. I'm standing up. I'm a face my demon. I'm manning up. I'm a hold It was my decision to get clean. I did it for me. Admittedly, I probably did it subliminally for you. So I could come back a brand new me you helped seen me through. And don't realize what you did, because believe me you, hopping through the wringer, but taking too little to the middle finger. I think I got a tear in my eye, I feel like the king of my world. Haters can make like bees when those fingers end up ripe gay. No more beef fingers, no more drama from now. I wanna promise to focus solely on handling
[02:53:57] Unknown:
Love you, freaks. Thanks again for joining another dispatch. Looking forward to our HR this week on Thursday, and I'll see you next Bitcoin Tuesday for another great dispatch. Cheers. Stay humble. Stack stats.
Bill widens the definition of broker. Those who would have to collect information on cryptocurrency consumers and report this information to the IRS. It would force every single participant in the cryptocurrency structure to operate as a financial institution, which would mean they would have to provide consumer information to the IRS even if they don't have access to that information. This overly broad definition of the word broker will block rapid innovation in cryptocurrencies, and it will endanger the privacy of many Americans in cryptocurrencies. This is wrong. So I applaud my colleagues for Trump. Fortunately, because the senator from Vermont objected that incremental approach hasn't been adopted. So let's exercise a brief shining moment of common sense, and let's recognize if we've gathered all 100 senators in this chamber and ask them to stand up and articulate 2 sentences defining what in the hell a cryptocurrency is that you would not get greater than 5 who could answer that question.
Given that reality, the barest exercise of prudence would say we shouldn't regulate something we don't yet understand. We should actually take the time to try to understand it. We should hold some hearings. We should consider the consequences. We shouldn't destroy people's lives and livelihoods from complete ignorance.
[00:02:14] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt Odell, here for another Citadel dispatch, the interactive live show about Bitcoin distributed systems privacy and open source software. This is Citadel dispatch 34. Our focus is gonna be mobile phone privacy. I wanna do a quick shout out as I usually do to the ride or die freaks joining us via the live chat that it comes through on Twitter, Twitch, and YouTube. Appreciate you guys. You make this show unique and special. Also wanna shout out all the freaks who support the show. This show is a 100% audience funded with no ads or sponsors. It will always be the case, and you guys make that possible.
The easiest way for you to do that is through podcasting 2.0 by going to new podcast apps.com, picking a podcasting 2.0 app, loading it up with Sats, searching for Citadel dispatch, and you can stream Sats directly to my node. It is appreciated, and it's pretty cool watching them stream in after the podcast feeds go up. You can also support the show at the website, sidildispatch.com. I have a pane m there. It's easy to remember. It's Odell. You can also support it through [email protected] using the tip and dot me link. So thank you, guys. I do appreciate it. To those freaks coming in through the audio feeds, that was senator Ted Cruz on the floor of congress talking about cryptocurrency.
I don't think that we should take extra you know, I I I doubt his, you know, I doubt his motives, but, it is pretty interesting watching it be you know, we're everyone's noticing us now. We're we're we have the attention of regulators everywhere. We have the attention of senators and congressmen. A lot of what we've heard over the last week has been disappointing but expected. But at the same time, to hear Ted Cruz basically call out everyone for not having any idea what Bitcoin or cryptocurrency is is a bit of a breath of fresh air, and it is really crazy to see. So I'm glad we're gonna have that archived in the Citadel dispatch archives forever. With the archives being mentioned, once again, you can view all previous [email protected].
There's Bitcoin TV links there, which is our peer tube instance dedicated to Bitcoin content, hosted on our own servers, and, there's also links to the audio. And I think you can also search through all the transcripts too, which is actually a really useful feature. I don't think people realize it's there. It is algorithmic instead of, like, a human transcribing it. So there are a lot of errors, but it is nice that you can just search keywords through there. So keep that in mind. Anyway, guys, I'm really excited for our guest today. We have Seth for privacy here.
He is the host of the Opt Out podcast, a very good podcast. We have, actually a lot of overlap with guests. He's he's had Catan on there. He's had Diverter on there recently. He had Max Tannahill on there, all previous guests of Cielo Dispatch and good friends of mine. The podcast is excellent. I highly recommend it. Also, me and Seth, we kinda go way back on Twitter. I think, Seth, I think we met at Bitcoin 2019, if I recall correctly. You introduced yourself. So welcome to dispatch.
[00:05:50] Unknown:
Thanks for having me on, man. It is a a huge privilege to be able to come on and and chat about, mobile privacy specifically. I think there's such a good crossover here with kinda your your normal audience, and Bitcoin in general, drives home that idea of self sovereignty and taking back control, and mobile privacy is a huge part of that. So glad to be able to to to dive into it with you here.
[00:06:11] Unknown:
Yeah. Absolutely. Thank you for joining us. I mean, mobile phone privacy is on the top of everyone's minds right now because of the recent iPhone announcement, Apple announcement. But before we jump in there, I mean, you've dedicated so much of your life, to privacy and personal privacy. Do you wanna tell the freaks why they should care about privacy, why they should care about their own privacy?
[00:06:41] Unknown:
Yeah. I mean, I think I think there's a lot of different reasons that we can come back to, and a a lot of the like, one of the things that I enjoy about my podcast is I could just sat sit down with people and just hear a little bit more about, like, their personal privacy journey and what drove them to to see the need for privacy and to tar start taking steps to to take back their privacy. And, the big thing for me that jumps out is just the the simple idea, and it's a phrase people have probably heard, but just that the privacy is the ability to selectively selectively reveal oneself to the world.
And just it's really a way for you to control the data about you, to control the the things that other people are able to see or not see. It's not about necessarily hiding things, not about necessarily hiding criminal activity or anything like that, but, it's really just about having that that control over your data, and I think a lot of times here, at least for me, I'm I'm in the West. I'm in the US, and people who grew up in areas that are a little bit better off or maybe have at least a a better facade of freedom, we can kind of get caught up in the idea that we we don't have anything to hide and that it doesn't really matter that all of our data's out there, that these these companies are just pulling in our data by troves. They're gathering information about where we go, who we visit, the apps that we use, how long we use those apps, where we click in the apps, that they're gathering data on all the people that we talk to, when we talk to them, what we talk to them about.
That has been going on for years years. Mean, we've we've seen it with the government, with the NSA, and, now I think we're starting to take steps towards corporate surveillance being the bigger problem than governmental surveillance, at least in the in the west here. And, people that have at least the privileges that I've had growing up, I haven't felt the the harsh pressure of an authoritarian regime or the harsh pressure of, persecution of, like, myself or my family or my maybe a religious group or something like that. So I haven't seen the need that's, like, life or death. But a lot of people in the world have seen that, and they fight for that privacy, that that right to be able to decide what they reveal and to who.
And I think that it's a responsibility for those of us who do have that freedom and and have access to those tools to to go ahead and jump in, focus on taking back our own personal privacy. And then as we go along that route, no one is too no one is too small or unknown or, maybe not technical. No one is is too far to be able to just write down the things that they do, share the that's the steps that they take towards privacy, and help pull other people into that journey over time.
[00:09:16] Unknown:
Really great answer, Seth. I think it was really well said. I mean, a couple of things there. First, you know, you said that corporate surveillance is becoming more of an issue. I seem I've noticed that it seems so intertwined now at this point. Right? It's like corporate surveillance is is almost it's an extension of state surveillance. And Mhmm. All that all that data that that these corporations are hoovering up oftentimes for their own profit motive, ends up in state hands. And even if you trust your government now, you don't really know, what the next government will be or what the next situation will be. Right?
And then the other thing you mentioned was you evoked the cypherpunk manifesto, with privacy, with your comments on privacy, and there's a there's there's something interesting here with, you know, part part of part of that quote before the quote is that privacy is not secrecy. It's the ability to selectively reveal yourself to the world. And you, for better or worse, seem to have ended up in the same situation as me, where you're a public persona, a public person talking about privacy. How do you and I often get a lot of shit, like, oh, you know, you can't talk about privacy if if you're publicly talking about it. Like, obviously, you don't care about your privacy if if we we know what you look like, and we know who you are.
You obviously don't take it that seriously. How do you circle that square? How do you, if if if when someone says to you, like, oh, you don't care about privacy because you're a public person talking about it, how how do you answer them? Yeah. Yeah. I'll I'll dive into the the first point you mentioned real quickly first. I accidentally didn't unmute. Wrong keyboard shortcut there.
[00:11:21] Unknown:
But for the corporate surveillance piece, I think, like you mentioned, the the government has realized that there's a a powerful tool at their disposal. If they can leverage the law and just social pressure onto these companies, they can get them to to do their work for them, and just take away the the need for them to do governmental surveillance or take away the need for them to do governmental censorship. But I think another reason why corporate surveillance is becoming so much of a problem is because it it pervades cross country lines.
It's something that usually will follow you no matter if you move countries, no matter if you leave. It's usually something that very easily crosses borders. And sometimes governmental surveillance can cross borders. There's lots of agreements. There's 5 eyes and 13 eyes and different, groups of countries like that that do share data, but sharing data between governments is always tricky because they're trying to get the leg up on each other even when they're technically allies. But I think corporate surveillance has a lot more danger in that sense, and the services that we're using on the daily are normally things that were being sold as free.
And the thing that they're selling us as a a service and taking our data. And so I think that's it can be a little bit sneakier than hearing that, like, the government surveilling you, and that can seem a little bit maybe conspiracy theorist or something to to think that the government's watching what you do. But we know that corporations are doing it. We've seen them do it time and time again, and it's only been growing as we've seen, monopolies around, specifically, like, social media is is one of the key areas. Social media and messaging apps. We've seen the monopolies around that shut down the smaller options. And then once they have control, they're able to really leverage that that surveillance and censorship, to sell your data and make themselves money or to censor and to push their own personal beliefs on the people that are using the platform.
And as for the whole idea of kind of revealing more about your public personality or persona versus just using an m, I I definitely I go back and forth on this. I mean, as things get a little bit scarier here in the US over time, I I lean towards going to a NIM, but, obviously, I've built up this brand that is set for privacy, which it I definitely wanna keep this this following. It's a it's a great group of people. It's people that are passionate about privacy and have followed me through a lot of different steps that I've taken. But I think the key thing for me is I I think there is a lot of value in there being non pseudonym people that are willing to step up, willing to put a little bit more at risk, willing to put a little bit more on the line to become that, those people that can kind of draw in the less trustful people. I think a lot of people can be a little bit worried about pseudonyms or can feel like if someone has a NIM, they're not trustworthy. And, I don't think there's a reason for that. I think names are great that many people should probably use that instead of using the real name in almost every circle.
But I think that I think it's useful for some people to just own at least part of their name or I mean, it it couldn't even be a fake name. Like, obviously, you don't know that my name is Seth, but, to own a little bit of that public persona, to own a a face and an image, and it helps to draw people in, especially kind of normies who maybe wouldn't be as comfortable with just jumping in and following all the things that a random NIM on the Internet says. So I think there's definitely value, but it is definitely it's extra risk, and it can complicate things as far as keeping keeping other aspects of life private if you do have any kind of linkage to your name, picture, that kind of thing.
[00:14:55] Unknown:
Yeah. I mean, 100% cosign that message. Grapple with it daily. Do you have do you ever have any regrets with that?
[00:15:09] Unknown:
I think my only real regret is just that I was so open early on. Obviously, the things that I know and can remove, I've I've gone through and removed. But I, obviously, before I jumped into privacy, which was only very recent, I think a lot of people may just assume because the main thing I talk about is is privacy, both in the cryptocurrency space and just generally that that I'm someone who's, like, been thinking deeply about privacy for a decade or something. But it's really recent. I mean, really, I started caring more about it in 2018, 2019. Probably even 2019, I think, would be when I started to really grapple with why personal privacy matters.
And so I think before that, obviously, I was careless with social media and the things that I shared. So I think I think if you go into it knowing what you're doing, you you know that you're going to be sharing, at least a theoretically real name and a face that can be a little bit easier to to latch on to. I think just being careful, obviously, about how you how you use that because if there is a a link to real life, it could be can be more dangerous for you and can make tying things together a little bit easier. I don't say I have any regrets. Just that, yeah, I'm I'm glad that I did it. I think I will keep doing it, but it is definitely as things get tighter and tighter, it it's tempting to to become a pseudonym rather than sticking with any kind of semblance of in real life personality.
[00:16:33] Unknown:
Yeah. And, I mean, it's not mutually exclusive. I don't know about you, but I exist on many nims. But, there there's there's definitely I can I can definitely relate with that path? I mean, with me, it happened a little bit earlier, but, you know, you kinda have, like, an moment where you realize I I think in today's world, most people, when they discover the importance of privacy, it's a it's a discovering of, oh, shit. I I'm completely exposed. And, that's when you start to realize why privacy why personal privacy really matters. Right?
[00:17:17] Unknown:
Yeah. For sure. And and that's a really good point that having a real persona and pseudonyms is not something that that can't coexist. Like, those are definitely things that go together. I use pseudonyms as well for different platforms. I think everyone that I know who has chosen to reveal something about themselves on social media usually has other names that they go by and other things. And I think that's that's excellent. And, like, something I do is I use a tool like SimpleLogin to do email aliasing and the things that I use email aliases for. I'm obviously not using a a name with that kind of thing, so there's definitely power in pseudonyms. Like I said, I would recommend most people use pseudonyms, but I I do think that there's there's value in this. And outside of the the one persona that I think is valuable to have a more real persona attached to, which is my Twitter account and then obviously is the host of my podcast.
Outside of that, I think pseudonyms are infinitely better. There's there's not really any comparison. You should avoid using, I think, real information wherever possible. But
[00:18:18] Unknown:
100%. Okay. So let's go back to, corporate surveillance. I mean, you made an interesting point there. Like, if if the government says they're reading all your emails, people tend to have a naturally revolting reaction to that. But if Google says they're doing it to serve you better ads and give you free email, people don't. If Facebook is tracking your location everywhere you go, people, for whatever reason, tend to have less of a reaction to that than if you found out your government was tracking your location everywhere you go. But at the end of the day, in both those scenarios, the end result ends up the same. Right? That data gets logged, and it can find the hands, whether that's in the government or it can find the hands of a malicious individual, get shared with all their partners. It's the same end result. But for whatever reason, people seem to be more, comfortable with sharing it with these corporations than they do, if if it's if it's explicit if it's explicit from a government actor.
So recently, we had this news that Apple will be scanning photos, that are stored on a person's local device on their phone and on the cloud, the Icloud or whatever they wanna call it. The Icloud has never been, encrypted end to end, so they've always had that functionality capable. Right? We have, Bitcoin in the audience. His name is Bitcoin, Clarifying that they're scanning hashes of photos, to match them with whatever their blacklist of hashes is, which isn't transparent. But the end result is the same. They are scanning your device, and there's been a lot of pushback on that, but they're going ahead with it anyway.
So, recently, there's been before that, I mean, Apple made a very big push to privacy, and a lot of their advertisements were about how if you want privacy, Apple is the product you wanna do, whether that's a computer or whether that's a phone. I I think before we jump into the, you know, privacy specifics, privacy specific OSes and phones, what is your what is your comment to someone who chooses iPhone or chooses Apple products for privacy? Why shouldn't they, why is that not a good option for someone seeking privacy?
[00:21:05] Unknown:
Yeah. Yeah. This is a that's a topic I've brought up with other people I've chatted with, and I've talked about a little bit. But I really think I'll start off with the positive. I do think that Apple is generally better than Android, specifically when we're talking mobile privacy. I think they've generally had better policies in place. They've generally been firmer about the requirements that they put out for apps in the App Store. They've had the recent really good push, about the the whole right to track idea where an app has to request if they can track you or not, and you get a very clear, do I wanna allow them to track me or not prompt. And we've seen lots and lots of people answer no to that, obviously. Because when you're presented with the with the clear question, you jump into, you jump to to no. You don't wanna share that data.
But with this license this latest push, I mean, they've had kind of a big marketing thing going for a while now pushing privacy. And I think they've latched on to the the narrative that's been increasing lately, which is, that people are starting to wake up to privacy, and they they realize that's it's a great tool for marketing. If they can jump on a a trend, jump on a narrative, and jump on something that their competitors do poorly, which is Android. Android has generally been very poor for privacy, they realize they can make more money. So I'm not saying that everyone at Apple is necessarily malicious or using it just to make money. I think there there are probably people there who do legitimately care about privacy and think they're doing the right thing, and have built out, again, like I said, some some good privacy measures.
I think at the end of the day, it's it's marketing. They wanna they wanna pull you in. They wanna get you using their devices, and get you under their ecosystem, which they've always made very hard to get out of, and they've always made it very holistic where you you need to get all of the different devices and things and accounts to to tie it all together. So I think iOS is generally alright for privacy. It has been very secure for a long time. That's one been one of its strengths, is that it is very secure against attacks. They they patch bugs and and vulnerabilities very quickly, and across the whole board of devices. You don't have to wait for different timings on on releases to patch those things, which is important.
But it really to me, it's a it's a marketing push. And, I mean, this this latest this latest thing with photo scanning, it's a it's a tricky one because they chose to focus it on something that is that something that everyone should be against, which is child pornography. That was the focus of this this effort is to help to to shut that down, to shut down, rings around that and and sharing of of images. And, like, obviously, that's 100% a good thing. Like, no one no one would disagree with that, but that really job pornography, terrorism, have been 2 of the kind of boogeymen that get used for a lot of attacks on privacy and freedom.
Again, not to say that those two things are not bad, but just to say that they are constantly used as a a fear inducing tool to push against privacy or to push against personal freedoms. And so that's what they that's what they chose to use this latest push for or to use for this latest push. And the the concept itself seems relatively harmless if you're just reading it at face value that they'll take caches of the images on your device. And for anyone who doesn't know, what what that means is that they'll take your image, they'll make a unique hash out of it that can only be that specific image. If a pixel is changed, the hash that's generated from that photo will change. So that's a it's a really specific thing with how hashes work. And, obviously, anybody who's familiar with Bitcoin or cryptocurrencies, hashes are very hashes and cryptography in general are very central to how cryptocurrencies work, but at least they do take that hash locally.
But like you mentioned, Icloud is not end to end end encrypted. They've always had access to to Icloud photos and videos. I mean, we've had the, like, we had the big celebrity hack 4 or 5 years ago, and that was only possible because they got access to they got essentially admin access into Icloud and were able to just view people's pictures, videos because they're not encrypted. Apple has access to all of that. So they can still see the videos. They can still compare the hashes that they got off your device with the photos and videos that they have in Icloud. So they could still easily pull up the photo that actually attaches to that hash. It would be very straightforward to do that. And the other key thing here is it it's really important when you see people making steps towards, steps that seem focused on helping with security or helping with criminality or to help to kinda bring supposed good, try to think about how can this be misused in the future. And that shouldn't necessarily mean they'd never do anything for good now, obviously. If there's something that it's just a net positive to knock it out and we'll figure out how to work around it, great. But, like, here specifically, if this is just used to shut down child pornography and never anything else in the future, I think, generally, that's probably a good thing. That's not necessarily a huge loss, but the the issue here is you are putting 100% of your trust in Apple, in the people who work at Apple, and in Apple, the company, as never being pressured by someone else, like a government, to use that data against you or against a a minority or really anything, and you're trusting that the the data that they collect through these hashes and the the things that they can do with the videos and pictures that they have in Icloud, that they'll never start to target something other than child pornography. And that, I think, is one of the kickers that people have have been talking about, thankfully, on Twitter and other places, that this technology could very easily be used to try to target people of different ethnicities, people in different religious minorities, people, in specific countries, or people who are taking pictures of specific things. I mean, I'll take a very a very harmless example, but, say, you're a gun owner in the US. Right now, guns are legal. You can get them there's obviously restrictions around how and where and all that stuff, and we'll get into that. But you can buy a gun right now. You can buy ammo. You can you can shoot a gun. There's there's nothing illegal or harmful in that.
But let's say in 5 years that the government decides that guns are illegal, we changed gun laws, now you have to either hand in all of your guns to the government. Maybe we'll give you, like, a $100 a gun or something to make you feel better about yourself. But you have to give it give all your guns. We're gonna take them away. You don't need them for your safety. Just let us take care of your safety. And they do that. They collect all the guns. Obviously, people who see the need for firearms as a deterrent to the government, some of them hold on to their guns. But what happens if you take a picture of that with your iPhone? You take a picture of a gun. Maybe you go out to the range. You're shooting with friends. You take a picture of of one of those guns.
It uploads that hash. Maybe maybe even at this point, it will say that iCloud is entity encrypted, so they don't have access to the photo. But it uploads that hash, and they're able to compare with the data that they have and say, okay. This is a photo of a gun. And so they know this person said that they gave us all of their guns, but they're still taking pictures of guns. And now they go to start rounding they go to start round up people who still own guns when they supposedly give them all into the government, and that's, like, that's probably one of the most harmless potential ways that this could be used. Another more, harsh one could be something like what's happened with, multiple different religious minorities in China where they've used technology, surveillance. They've used a lot of kind of data analysis to figure out how to tell when a person is in a specific religious minority, even if they don't know it via an actual, like, specific fact. And they're able to use those different technologies that were supposedly put up for harmless reasons to track them as people, figure out who they are, and then deport them, kill them, put them in concentration camps. Like, that's obviously the the harsher end of things, but essentially what this means is Apple has access to your pictures and videos, which they always have, but now they're telling you upfront that they are performing analysis on those pictures to find specific things. And right now, you may be fine with the thing that they're finding, but down the line, what they're actually looking for could quickly change. They have no requirement to tell you that they've changed what they're targeting, and they can easily be pressured by governments, social pressure, etcetera. So I know that was a bit of
[00:29:31] Unknown:
a a bit of a monologue. No. It was a great answer.
[00:29:34] Unknown:
There's so much to talk about there.
[00:29:37] Unknown:
With with most of these things, there tends to be a ton ton of nuance. My audience always makes fun of me because I say nuance at least 5 times in every episode. You know, just to add on there, I mean, first of all, Apple on the surface, a lot of the privacy improvements they've made, seem outstanding, but it is closed source. There's no way for us to verify anything that they say they're doing, ourselves. And then on top of that, a perfect example, I think, of of what I expect this type of capability to evolve into in the near future is we've already seen Apple bend to the will of the Chinese government because it's such a valuable market to them.
The the Icloud, for instance, Apple virtue signals about not giving government access, not accepting government requests from China for Icloud access. But what they did instead was, Icloud in China is co owned by a Chinese government entity, like a a so called private company that's really controlled by the Chinese government. So they don't even have to submit requests. They just have backdoor access to Icloud in China, and I could completely see, within the next few years this exact tool being used, to filter out to see if anyone has TNM and Square photos on their on their device. Like, that would not surprise me at all one bit.
[00:31:13] Unknown:
Yeah. So it's a really good point about how that governmental pressure has already affected Apple. Like, we we have concrete ways that we've seen them cave into this. And And like you said, that's because China is such a huge market for them, and guess what else is a huge market for them? The US. Guess what other government has shown themselves capable and willing of pressuring large tech companies to do the things that they want? The US. We've seen that push with them specifically giving things giving links to posts that they don't want to see on Facebook to Facebook and saying you need to take care of this and using social pressure as a a tool to to get them to do that. So to think that they won't do something to pressure Apple into using this data against citizens in the future is very naive. And, honestly, it very well could be happening right now. And, again, there's no there's no requirement or responsibility that they have to tell you. Well, there's a responsibility, but there's no requirement that they have to tell you when and if, they've been compromised or if they're giving up that data or if they're using that data in a new way. So it's it's very important that people realize that that that can happen very, very quickly.
[00:32:17] Unknown:
And just to add on top of that, I mean, there's there's another important aspect, when we see these attacks on encryption and privacy in general is that the criminals tend to be the quickest to evolve. So, this new tactic might be effective in the beginning to get some criminals, but most of those criminals will move on to platforms that don't allow them to be spied on. And the end result is you don't actually catch many criminals from it, but instead you hurt law abiding citizens. You hurt honest people, who just want easy, accessible privacy, and instead, you take that away from them.
[00:33:00] Unknown:
Yeah. And that's something that, that's something we've seen evidence around in the US too. Specifically, we've seen that, like, for instance, this note in revelations, which I'm sure people have heard of and probably talked about before. A a big part of that and a really huge part that stuck with me and has stuck around after learning more about what he revealed was that the the data that they were collecting, the things that they were doing I mean, we saw also a similar thing in the the CIA black sites where they were torturing prisoners to try to get information. These types of techniques, they rarely, if ever, yield actual crime prevention or actual catching of criminals.
It's very rare that that happens. But once the government see that they can do this, they use something that they wanna track down or that they say they wanna track down to implement these things, and then they utilize the power that we give them because we say, like, yeah. I'm afraid of terrorists, or, yes. I wanna see child porn shut down, which, again, like, those are things, like, we all hopefully want. But when the government sees that they can use those those tools of of fear or feigned morality to to to get us to give over the power that we have over our data to them.
They then leverage that to start to, to subtly oppress us or to censor information or to shut down, political minorities, to to shut down political dissidents. They start to use these things to keep consolidating power because that's what we've seen throughout all of history is governments love to consolidate power, consolidate power, consolidate power. So often these things are really about shutting down any kind of dissidents or any kind of resistance that they may have so they can keep consolidating power and increasing the the control that they have over people.
[00:34:47] Unknown:
A 100%. So and it's extremely frustrating that they they, like, pigeonhole us into it by by using criminals as the excuse when we obviously don't want criminal behavior to be happening, and we want, you know, we we we want people that hurt children to, you know, be behind bars, if not worse, for the rest of their lives. And they, like, intentionally pigeonhole you to to basically erode the ground you stand on when you're trying to defend personal privacy and personal freedom. You made an interesting point earlier, which I tend to agree with. So for most people when they're choosing a phone, they're choosing a stock iPhone, or they're choosing a stock Android.
We spent the last 20 minutes or so talking about the concerns over iPhone. You kind of mentioned in passing, and I I tend to agree with you, that that a stock Android experience is is probably strictly worse for your privacy. Would you you would agree with that. Right?
[00:36:02] Unknown:
Yeah. Definitely. I think, like I said, I do think that a lot of what Apple does is really just privacy theater. It's it's a it's a marketing gimmick, but they have made some measurable steps that that increase the privacy of the users of iPhones. Whereas Android, I mean, as it's it's owned by Google. It's created by Google and run by them. And I think it's also important to to quickly note, Android is not necessarily just stock Android that comes on Google Pixel devices, but it's also Android that's reskinned and owned from the ground up by other companies who also have an interest in collecting data, like Samsung, like Huawei, like Xiaomi. There's lots of other vendors that sell Android phones, and each of them want a piece of the pie as far as your data is concerned as well, and each of those people have full control over the the operating systems that they build.
So Android is a little harder to talk about because there are lots of different varieties. But at the core, Android is very much, very much centered on data collection, both for good or for evil. A lot of that is what makes it so easy to use and so helpful. I mean, like, Google Maps has been a really hard thing to not use because it's just so freaking effective. It's so good at what it does. And we'll we can talk about it later, but there there are ways to use Google Maps on Calix OS or, I'm not sure on Graphene, but on Calix OS at least. You definitely can use it on Graphene, but we will go into,
[00:37:26] Unknown:
the steps you can take on Kallix. Another thing, I mean, just since you brought up Google Maps, I mean, I think, if you're someone who drives a lot, it's well worth it to pay, like, $200 for a dedicated, like, Garmin GPS that isn't connected to the Internet.
[00:37:41] Unknown:
Yeah. I thought it was surprisingly good. I haven't made the jump yet. I've been using, I've been using Magic Earth mostly. But, yeah, I'll have I'll have to look into getting a a GPS itself. I've heard someone else mention that. I think it's a really good idea.
[00:37:56] Unknown:
So yeah. So, I mean, on Android, not only do you have Google basically spying on you by design, you have whatever the other vendors are on the phone as well, presumably spying on you, to different degrees. And like you said, oftentimes, it's like a convenience thing. Oh, here's an assistant that, knows what you're thinking about or knows what your next step is and knows when your restaurant appointments are, and it's sold to you as a convenience, which it undoubtedly is, but in so much of our lives, I feel like there's a there's a clear trade off between privacy and convenience. So enter privacy focused Android Forks, the 2 big ones being Kallix OS and Graphene.
What is your I mean, one of the reasons I brought you on the show is because you had a great write up on I think the write up was between Kallix, Graphene, and Copperhead. Copperhead is basically a closed source, source viewable, but not open source, fork of Graphene and Kallix OS, and you ultimately chose Kallix OS. I've been running Kallix OS as my daily driver for, I think, 7 months now. My lady has been running it even longer. I absolutely love it. What why when you make when you when you advocate for someone to consider one of those solutions, what is your what is your framing? Why should they care?
[00:39:44] Unknown:
Yeah. Yeah. So it's it's a really good topic, and it's one that I've I've talked about a lot and, talked about with other guests and something that, thankfully, I've had good people in the Bitcoin community that kind of turned me on to the idea and and brought this up. And you you mentioned a lot of them before when you're talking about people that that we have in common for our podcast. But I think, like we were talking about, Android is very non privacy centric. It's very focused on data collection and, like you talked about, that convenience. I think what a lot of people don't realize is the convenience that they're offered by most of these applications is either at the cost of giving up your data and that's all the company wants, just collect your data and sell it, which is is certainly bad, but is oftentimes not necessarily the worst case use of data even though it is terrible.
But another use case is to take your data and use it to train, AI, to train machine learning models, to to to actually keep putting that data back into the tools to make them better, which, again, there's nothing wrong with improving a tool using data. But, oftentimes, people are not aware that this data is being collected. They're not consenting to it. It's usually very unclear or impossible to know what data is actually being collected and what's done with it. So like you mentioned, the Google Assistant, which is a it's an amazing tool. It works so well. It has improved rapidly over the years. And what people don't realize is that the way that that tool is improved is that they record everything that you're saying and everyone else with an Android phone is saying.
In theory, they only record snippets and upload them when you say the the keyword, which is usually okay, Google. And, hopefully, lots of people's phones got triggered, and they'll think about switching to switching to Kallix or Graphene today. But that that data that they're constantly collecting from you, they are using to improve the tools, which makes them more convenient, which then makes you, what, keep committing back to their services, keep giving them your data, and you fall into this loop of convenience that pulls you deeper and deeper into someone else controlling everything about your digital life. And the the good thing, though, about Android and the good thing about a lot of what Google has done is that, thankfully, they do generally follow the open source model. So a lot of the stuff that they create is open source, and Android is no exception. They created the Android project a long time ago. I think it was probably 13 years ago now. Maybe it's been even before that that they created Android, but, Android itself as an operating system is open source. The Android that you actually get on your device is generally not open source and reproducible.
Like on a Pixel device, there are lots of specific things that they build in and do not release the source for it because they want them to be unique features to Pixel devices. And then, obviously, like Samsung, Huawei, Xiaomi, all the different vendors of Android, they usually do not open source their specific twists on Android either. But the base of Android, which is specifically called the Android Open Source Project, is an open source operating system. Like Monero Lionx said in chat, Android is it's based on Linux, uses Linux kernel, uses a lot of things that are are core to Linux. And so that that open source base provides the opportunity for people to take the code and to make what they want out of it.
And one of the really great things that we can do with that is we can take the Android open source project base, AOS, and tear out all of the pieces that Google has baked in that feed them everyone's data. We can tear that out, and then we can also add in new features, new abilities, new applications that are either privacy preserving, so they're focused on, like, end to end encryption or on hiding behavior from certain apps or for VPNs, Tor, that kind of thing. Or we can add in new applications and features that are very specifically free and open source software.
And there like you mentioned, there are 3 main projects that have take taken the base that is the Android open source project. All 3 of these come from the same base, and they've built up a privacy preserving version of Android that is, focused on maintaining your privacy, giving you control over what happens. At the very start, I'll just go ahead and say Copperhead OS is probably not a good choice for anyone who's listening to this. They are enterprise focused. There's been a lot of drama around them and around their founder and how he handles things, but I I will not recommend Copperhead OS. So we'll just go and toss that one aside for now. Just know that it's essentially Graphene OS. There's not much difference there. So if I'm talking about Graphene OS and for some reason you're interested in Copperhead OS, there's there's complete similarities there in almost every way.
So the other two main containers that are left are Calix OS, which, like you mentioned, you're running. It's my favorite mobile operating system. It's what I use daily. And I think we we must have started using it right about the same time. I started in in January as well. So going on 7 months now of of Calix OS as a daily driver. And then GrapheneOS is the other main option, which kind of to I guess to sum up the differences between the 2, and like you mentioned, I have a good bit of this on my blog, But the main differences that I see between the 2 are that Calix OS, I think they've taken a very good approach, which is trying to bake in as much convenience as possible while preserving privacy.
And they're not they're not doing that at the expense of large gaping privacy holes. Like, the defaults are very solid. They put in a lot of good apps that they include by default, but they've they've realized, I think and something that more and more privacy projects need to realize. They've realized that the the way to get people into using privacy preserving tools is if they are at least as good, if not better in certain ways as far as usability goes, than non privacy observing tools. So if you make something just impossible to use but perfectly private, guess what? No one uses it, and no one's privacy has improved. I feel like PGP is, like, the perfect example.
Yeah. Yeah. It really is. It's a great tool that works well and still works well however many years later at the thing that it does, which is providing privacy, but it's god awful to use in almost every scenario. And I think there is a little bit of a shift to coming back to BGP, so there are some some good developments there that hopefully will be helpful. But, yeah, that's that's the perfect example of a tool that's existed forever that's been effective at what it says it does forever, but it's just basically impossible to use on a daily basis, or at least only for the very technically advanced and for the people who are willing to give up a lot of convenience.
[00:46:34] Unknown:
So yeah. You're I mean, I I'm aware that you used copperhead, but you never actually used Graphene. Right? No. No. I didn't. And So I I spent, like so 7 months of Calix. The 3 months before that, I tried to use Graphene as my daily driver, and I was actually I was a pro this is very common with me. I was a prolific shill of Graphene, and I I created a guide that a lot of people have used. I think there's, like, over 10,000 hits on YouTube on how to install Graphene on your pixel device, and I saw that as a way of opting out at of the surveillance Panopticon. Everything has trade offs, and with Graphene, the trade off balance was extremely severe on the privacy security side.
I could tell that a lot of effort and motivation went into hardening that OS as much as possible. But from my experience, what was happening was, and it almost happened to me, if I didn't find Kallix, is that people were switching to Graphene. They were having an absolute horrible time of it, their photos were horrible, their battery life wasn't great, the performance wasn't good, They couldn't use any apps that they any apps that they wanted to use, and then they were switching back to either stock Android or stock iPhone.
But with Kallix, while they they they make a lot of interesting like, a lot of good steps towards being more privacy focused, and strictly the the number one thing both of these OSes do is they just completely rip out Google. There's no Google in the device. Is it's an enjoyable experience. Like, I actually I feel like I have a better phone than my peers that have iPhone or have the latest Samsung. My battery life's better. The photos are great. And then I also have these additional privacy and security benefits. So it to me, when you look at the trade off balance, it's it's if if if what you care about most is privacy and security, then, yes, choose Graphene. Maybe if you're using it as, like, a dedicated Bitcoin device and you're not using it as your daily driver, choose Graphene.
The the install method for both are is relatively similar. It's actually way easier than you would expect. But when it comes down to, like, a daily driver that you want to have some convenient elements to it, you wanna have good battery life, you wanna be able to take the occasional photo and not have it just be potato quality. Kallax is just so much more accessible, so much more usable.
[00:49:27] Unknown:
Yeah. No. I definitely agree. And, I mean, that's that's why I I switched to Kallax from Copperhead, which is, like I said, was very Graphene OS like, not exactly the same, but very similar. And the the core reason why I switched was that I wanted to use the phone as my daily driver. Like, I wanted it to be everything. Everything. I didn't wanna just be using that phone when I felt like I needed privacy and then have another phone for the things that I couldn't get to work on on my main phone. I wanted to be able to really dive into this idea of of protecting my personal privacy on mobile, which a lot of people, I think, don't realize that so much of our lives now happen on our mobile devices. Most people don't really use a laptop or computer that much for browsing, for interacting with people, for chatting.
So preserving your privacy on your mobile device is, I think, often the most important step to take and the most kind of broad net that you can cast to to help to to preserve your privacy in key ways. But, yeah, like you said, CalixWorks just does a really good job of making things really usable. And I think, like, you you specifically called out that both strip out Google completely. So that is that's a lot of people, when they refer to these operating systems, they'll call them de googled Android. So for anyone who's heard that term and didn't know what that meant, that's that's kind of a blanket term for both Calix OS and Graphene OS. And I would say that they have very similar privacy guarantees between Calix and Graphene.
The main caveat is that Kallix OS has this, kind of middleman layer that you can use for utilizing apps that rely on Google Play Services, which, really briefly, Google Play Services are kind of a core feature that almost every Android app utilizes for very important things like sending notifications, like querying for information, like, getting new messages and doing background processes. Google has done a good job of pulling people into their ecosystem and then pulling them into their very specific, applications. When people are building apps for Android, often they're building them in a way that makes the the application entirely reliant on Google servers to function properly.
And so this is why you hear a lot if you hear people who have used GrapheneOS, you hear a lot that GrapheneOS, you can't run, like, any apps, that almost every app is broken or doesn't work. And the key reason behind that is not that GrapheneOS messed something up or did something wrong or something like that, but that most apps are designed to be used on a device that has Google Play services. And so a lot of those core features of every application are reliant on those those Google Play services. With GrapheneOS, there is no way to use Google Play services in in any fashion. So if the app relies on Google Play services, you're just you're stuck. There's nothing you can do. If you're on Kallax OS, however, you can use something called Micro g, which is a it's a privacy preserving anonymous wrapper for Google Play Services. It essentially integrates a lot of the a lot of the most important features that are part of the Google Play Services package into a free and open source middleman layer that you can use without having a Google account. So a Google account is not tied back to Google Play Services.
Someone in the chat did say, and I saw someone mention it today, but I hadn't had time to do research, that Graphene launched something called Sandbox Google Play Services. I have not seen that, and I haven't dug into that. So, unfortunately, I can't speak to that today. If you can, Matt, feel free to to share about that. I I hadn't heard anything about that until literally right before going live. But those those micro g the micro g functionality in Calix OS is when it enables you to use almost every Android app without issues and still without having Google Telemetry, without having Google Tracking, without having a Google account tied to all of the data that's going through that.
And it's very it's a it's a privacy preserving way to use Google Play Services. I still think if you're if you're very privacy conscious and you're willing to go through the hassle, installing without Micro g is is the ideal way for privacy, but it's not necessary for most people. A lot of people will benefit from just using Calix OS with micro g to make the transition a lot more smooth.
[00:53:43] Unknown:
Are you running without Micro g?
[00:53:45] Unknown:
Yeah. Yeah. I I I dove in all the way and did without Micro g. And there have definitely been some caveats, but it hasn't been as bad as I expected.
[00:53:52] Unknown:
I I I run it with Micro g.
[00:53:55] Unknown:
And most people I know do. It's extremely useful.
[00:54:01] Unknown:
I mean, it's it's not just, you know, people when you hear Google Play Services, you think it's, like, Google services, like, only Google Apps. But, like, a perfect example in the Bitcoin world is a wallet that I talk about a lot, Moon Wallet, m u u n, and they have Google Play Services requirements on that app. So you can't use it, unless you have micro g enabled. But if you have micro g enabled, it works relatively seamlessly, And there's other examples of that. I mean, I guess we could dive in a little bit deeper. I mean, in general, I think people should reduce the amount of apps they have on their device as just a simple rule of thumb. As for the sandboxed, Google Play services that Graphene added, I actually became, like, pretty close friends with with Daniel McKay of Graphene, He's very excited about this new feature. I have not tested it out myself.
My understanding is it's less performant and is on, like, an app by app basis, than Kallix. But what's cool here is is competition is helping the customer. Right? And I I think a lot of it is the reason we see that feature getting added to Graphene, is because Kallix has Micro g support, and they see that a lot of users want to at least have some kind of limited Google Play services support, which is, just good to see in general, than just having a single project working on privacy stuff. Before we dive in deeper, I mean, I think one of the really cool parts of Kallix to me is that Kallix is actually maintained by a foundation called the Kallix Foundation that is just generally focused on privacy and freedom.
To me, that's a very interesting model for funding development costs of a open source project. I'm a proud supporter of Kallix. I have been for a while even before I started running it. I just think that's a really, really cool concept, and anyone who does end up switching to Kallix and enjoys it, should consider, you know, supporting them as a member.
[00:56:19] Unknown:
Yeah. It's a it's a really unique part of it, and I would definitely recommend anyone who who is curious to go I think their website is I don't know if it's calyx.org or calyxinstitute. I'll have to look it up. But just dig into a little bit about Nick Merrill, the founder of the Kellogg's Institute and just the the things that he's done. He's gone through attempts to be silenced by the government and to to be forced to give up data, and so there's some there's some really interesting interviews out there with him and kind of why he became interested in it. But, yeah, they've got a very unique model of funding Calix OS development and the other services they provide, which they do not only do Calix OS. They have other things like a a free community VPN. But, yeah, they fund those things through the Kellogg's Institute. And, like Carrington 1859 mentioned in chat, if you are in the US, you get some specific benefits if you're a member.
In the past, they've done and I think they're still doing hot spots that you can use, for free for for for free once you get them. No monthly fee, and, you get unlimited data on these hotspots. And they actually work pretty well. I have one. Nice. Yeah. I've I've been waiting to be able to to fund them with Monero, to go ahead and dive in there, but I've been wanting to been wanting to support them for a while, and and I have have money ready. I've been trying to help them with that integration, but, they also recently started doing Pixel devices with Kallix OS as part of their membership benefits.
So that's another way that people could get a Pixel device with Kallix OS for donating to the the foundation that's actually building Kallix OS, which I think is a it's a really unique model, and they've done really well funding themselves using these these different kind of benefits that they offer. And funding is a huge issue throughout the FOSS ecosystem. It's almost always a problem. So when you have someone who can who can really build a good model around funding the operating system development, I think that's a really important thing for people to consider.
[00:58:17] Unknown:
So we kinda jumped ahead. I mean, first of all, for both of these OSes, you primarily you need a you need a Pixel phone. You need a Google Pixel phone. And part of that reason is because they have this this basically a known platform that they're developing for, but also it's because you're able to relock the bootloader afterwards. I saw, I think, Monero Lion mentioned Lineage OS, which is, basically the successor to Synergen mod, if if some of the freaks remember that, Android 4th. Yeah. The good old days. And Lineage is cool because you can run it on a lot of different devices.
Unfortunately, you can't relock the bootloader. And what that means is, and you'd see this when you install on a Pixel, when it comes time to flash a new OS, basically, the device has a fail safe, and that fail safe is when you unlock the bootloader, it wipes the whole device. If you don't have your bootloader locked and someone gets physical access to your device, they can road run code on your device, without that fail safe activating and wiping. Before you even enter an encryption password or anything like that, they can run whatever code they want to run on the device, potentially compromising what you have on the phone.
So that is the main concern in terms of using something like Lineage and one of the reasons why I like this combination of Pixel versus, you know, using a Pixel with with with Graphene or Calix. Now when we're talking about the pixels, you have basically the the big model for a while that people were talking about was 3 a. To me, I think that's, like, kind of obsolete hardware now. It will it's nearing end of life. I really like the 4 a. It's very cheap. I currently am running a Pixel 5, just because I wanted to ball out, and the experience is fantastic. So, basically, when it comes down to it, I say, you know, use a 4 a or a 5 depending on what your price range is. You can get the 4 a's for pretty cheap. I expect both of them to have discounts very soon because they just announced the Pixel 6. We have Crypto Grampy mentioning do not buy a Verizon one because the Verizon ones, can you can't unlock the bootloader. But if you just get an unlocked Pixel, ideally buying it with cash, that's one of the cool aspects of using general purpose hardware, because then you can just go into a store, a local store.
Right now, you know, you can take advantage of wearing a mask while you do it, buy a pixel with with cash, and then you can, unlock the bootloader, install Kallix very straightforward. I believe Techlore has a guide up. I imagine he does. He could do it to a machine. But but I found it very easy to install. My lady installed it without, you know, having an issue whatsoever. So it's very accessible for people to install. Now, Seth, a common thing I hear, and I'm already seeing it in the comments, is how do we feel about the fact that we're using a Google device and trying to remove Google from the device? Should we be concerned about hardware backdoors or, know, lingering things that Google has running there?
[01:01:47] Unknown:
Yeah. It's definitely this is a a common one that comes up a lot. I think confuses a lot of people when they hear that dGoogle to Android only runs on Google devices. It's definitely it's an odd concept to get your head around, but you you already did a really good job explaining the one of the core reasons why Pixel devices make such a good platform for this, and that that's kind of twofold that it's a platform that Google themselves develop against. So you know that you're going to have the longest term possible hardware support, which is especially in Android, some of the some of the drivers for the actual hardware of the phone are not open source. Actually, most of the drivers are not open source.
So once Google or whoever makes the phone stops developing updates for it, you can't update the hardware drivers, which oftentimes restricts what versions of Android you can use in the future. So when you use a Pixel, you know that you're gonna have the the longest lifetime of the hardware support out of any Android phone, at least as far as far as I know. And you know that Google's putting the the development of Android against those Pixel devices first, so you're you're gonna get a better support experience because, again, this is these these operating systems, both Kallax and Graphene, are both pulling from the Android open source project, which is where Google is putting all of the changes and updates and improvements that they to Android, and they're making those improvements for the Pixel devices. So it's it's the the quickest way to have releases after Google puts out releases because they're able to pull for devices that are specifically built by Google, that there are factory images for from Google.
It really simplifies that process and makes supporting devices long term much easier, which can be a a big problem for an operating system like Lineage, or in the past, Cyanogenmod because they rely on individual people just deciding to support devices long term. And, like I said, when the hardware drivers get too out of date, you can't install more recent versions of Android. So, like, I have an old, Nexus 5 x that I spun up, and and I installed Lineage on that because I just wanted something that I would run at home without Google Play services or anything like that as a a little easily mobile server. But the the most recent version of Android you can run on that device because of the hardware drivers is Android 8.1.
So it's massively out of date as far as the the operating system itself. Thankfully, it still gets security patches, but I still I wouldn't wanna run that as my daily driver or sign into any accounts or using my SIM card, nothing like that. And the other piece, like you mentioned, is that that security that you get from that ability to relock the bootloader and other security benefits that you get within the Pixel devices is because of a specific chip that Google designed for, secure compute. Sometimes these can be called secure enclaves or hardware security modules. But, essentially, it's it's something called a Titan M chip. And supposedly, they're releasing a new version of that chip on the Pixel 6, which will be interesting to see what that actually means for calyx and graphene or tools like that. But what that means is, like you mentioned, you can lock the bootloader again, which is what really transforms Kallax and Graphene from just kind of ROMs you can flash on your phone. We have to do with a lot of headache. You have to open yourself to a lot of, security risks. Like you mentioned, you can open yourself to attacks where you can get the maybe an an OTA update man in the middle. It gets installed.
Then you don't have that fail safe that can double check the the signing keys and make sure the thing's legitimate. And you also open yourself to a lot of other hands on attacks that can't be done when the Titan M chip is involved because the the Titan M chip essentially protects a lot of essential data like, fingerprints and and other biometric data and things you do on your on your device. So there's some really key benefits there. And that that combination of not only de googling the operating system, but also still maintaining the, now, I would say, strong security guarantees of Android, without you're not having to compromise on that to get privacy, which is it's a really important combination.
[01:05:45] Unknown:
And, I mean, that I don't believe the Titan M Chip is completely open, but Google makes a strong attempt to open up the parts that are needed to interact with it so they can use it. I mean, I know, Samsung, for instance, has basically their own version of a secure chip, that these forks can't use, they can't interact with. So the fact that you have this chip there that these forks can use and can interact with in a relatively open manner is a massive boon, for us. I do worry, you kinda insinuated. I do worry. I I think the Pixel 6, they're going farther than that. I mean, previously, they've used qual Qualcomm hardware, for their devices. I think they're doing all the chips in house now, so I wonder if they do close it up.
That is, like, an existential risk. What do you to to specifically, the question about, like, hardware backdoors, are you worried about Google having something running on their chips that we're not aware of?
[01:06:53] Unknown:
Yeah. Thanks for bringing me back to that. I mean, this is one of those situations where a lot of times people let a potential risk get in the way of measurable steps towards privacy. And the risk of a hardware back is always present. That's present in essentially every piece of hardware you can purchase because open source hardware has not really taken off. It's not really a thing for most types of devices, and it is absolutely not a thing for mobile phones in any usable sense. I know there are some open source hardware phones that have been in the works for a long time now, but, they just haven't developed into something that I would ever recommend to someone.
But because the hardware is closed source and because the hardware is proprietary, yes, there is not a way that you can easily verify that there's not some sort of hardware backdoor. And then, yeah, I I don't love that. But that that would be true of any device that you flash a privacy preserving version of Android on. If you took a random Samsung phone and did that, you would have the same problem. Samsung could have put in hardware backdoors. Samsung actually manufactures a lot of the the hardware that goes into Google phones. I mean, they they manufacture a lot of NAND chips that are used for storage. They manufacture a lot of screens. There are lots of places where they could have done something with the backdoor. And it's just it's one of those attack vectors that is it's there and it exists and it could always happen, but it is very rare.
And you have to think about the effect they would have if something about a hardware backdoor came out that a company had done that. I mean, this is something that has happened in the past with, like, the NSA has been caught catching devices in transit, imp implementing hardware backdoors, and then passing them along. And later, we found out that some companies were complicit in this and okay with it, and that has a devastating effect effect on public opinion about that company. So there is a a social incentive that helps to keep companies honest. I also think there are so many other ways to collect data that Google knows that 99.9999% of the users of Google Pixel devices are just gonna be using their OS. So if they really wanted to do something malicious, it would be infinitely easier to just put something malicious in the code that they ship and not have to worry about putting in a hardware backdoor, and they could still do a lot of the same things.
So I think, yes, it's an attack vector. It's something that's true of every piece of hardware that is proprietary, which is practically every piece of hardware, but it's something that it's it's very costly for a company to do. And if it is done, as far as I know, every instance of it being done is in an extremely targeted way. So it's to target very specific people or very specific organizations that are worth the risk of it being discovered that you put in a hardware backdoor. So, like, you as the random person listening to this, your threat model likely does not include Google targeting you and specifically finding a way to get a pixel in your hands that is hardware backdoored. And from everything we know about pixels, they are not hardware backdoored today. So it would have to be a a unique pixel device that's backdoored and sent to you. So I think the the actual real life risk is extremely minimal to non existent. If you do have a very advanced threat model where you're worried about a hardware backdoor targeting you, that's a different conversation. You probably need to find a way to use open source hardware, or make sure that you're getting a device that is known to be not backdoored or learning hardware engineering and, just kind of digging through the device and making sure that nothing's been changed. But, it's it's one of those things that I understand the hesitancy, but I think it's I think it's unnecessary. It shouldn't get in the way of you making practical steps towards mobile privacy.
[01:10:33] Unknown:
And it's it's just not something that most people really need to worry about. Yeah. I mean, it comes down to trade offs, offs, once again as everything in life does. And you can't let the perfect be the enemy of the good, or good enough. I, obviously, I think open hardware is the ideal, that we should strive for. Unfortunately, it's not really there yet. There are some projects working on open phones, more open privacy focused phones, including Purism and Fairphone and Pine Phone. Some of them have hardware switches on them so you can turn off Wi Fi, stuff like that. Unfortunately, they're just not really there yet. Some of them haven't shipped.
They come very outdated to begin with, hardware wise. They're not very usable a lot of the time. Hopefully, that's just growing pains, and we see more open hardware in the future. I think in general, people should operate even if you're using a Kallax or a Graphene phone, or like on on desktop or laptop, you're using a Linux device. You should operate that all your all your electronics are compromised to begin with if it's a sophisticated hacker, a sophisticated attacker, to speak more clearly. And so you operate under that assumption. But in general, all things equal, you take a off the shelf Google Pixel device and you flash one of these, more privacy focused, open source forks, you you have better privacy, for mass collection from the low hanging fruit, than you would have otherwise.
[01:12:16] Unknown:
Yeah. Absolutely. And I wanna circle back to a couple of things earlier. Let's do it. One is that a few people have mentioned in the chat that they're a little confused what Pixel phones are unlockable. And to my understanding, every Pixel device is unlockable except those that have been sold through Verizon. For some reason, Verizon has chosen to not allow their bootloaders to be unlocked. And really quick note, there's 2 types of unlocking devices. One that a lot of people think of is carrier unlocked, which just means that you can go take your phone from, like, Verizon to AT and T and use it there. And, thankfully, most phones nowadays can be carrier unlocked either right away or after, like, a 2 year contract ends or something like that.
But the the key thing that matters for flashing, Kallax, or Graphene is that the bootloader is unlockable. And Google is good about that, but Verizon specifically, as a partner with Google, have chosen to not allow the bootloader to be unlocked. So if you get a Pixel device, make sure in every way possible that it is not a Verizon Pixel because you will not be able to bootloader unlock that. But every other carrier, AT and T, everyone else you can get it through. I mean, you you can get them straight from Google as well. There's not Google stores, so that's probably not the best privacy preserving way to do it, but it's it's doable. But, just make sure when you're using, like I I would definitely recommend buying these secondhand as well when you can, and using services, at least in the US. I don't know how worldwide this is, but swappa.comswappa.com are a really good secondhand phone market, and they constantly have pixels on there that are for sale. And they're very specific in you have to list the carrier properly. They check the IMEI when it's turned into the site to make sure that it's for the right carrier carrier and unlocked and everything like that. So you can make sure that you don't get a Verizon Pixel on there or if using Craigslist.
I'm sure there are ways to inspect it to make sure that it's not a Verizon. I don't know them offhand, but I'm sure you could look that up to do that.
[01:14:13] Unknown:
Why do you recommend secondhand purely from cost perspective?
[01:14:17] Unknown:
Cost and privacy. I think I mean, cost specifically. If phones are just ridiculously overpriced these days, there's not a need for them to be as expensive as they are. And especially since, normally, when you're buying a device for calyx or graphene, you're buying a generation behind or the the lower end phone because you don't need all of the power because Kallax OS is so lightweight. It works incredibly well. Battery life is much better than normal Android, that kind of thing. But also just privacy. It's it's great to be able to especially if you can use something like Craigslist. You can meet someone. They don't know your name. Like you said, in this environment, you can wear a mask, sunglasses, and a hat.
You can hand them cash. They hand you a phone. You make sure that's legitimate, and you walk away. And there's there's no record other than maybe an email, and hopefully you're using some other email or an email alias or something to do that. There's no record that you're the one that purchased that phone or that that IMEI is yours specifically. And if you take it home and you immediately flash Kallax or Graphene before doing anything else, there's no record that you were you used an account on there that's Google specific or anything like that. So, I think it's it's nice for both price. You're just saving money on a phone that's gonna work well even if it's a little bit older and privacy.
[01:15:30] Unknown:
That's interesting. I I mean, I came at it from a different perspective. I tend to think it's worth it for the premium to just buy it new and not have a potential malicious individual in between you and the device.
[01:15:45] Unknown:
I think I mean, I would normally be concerned with that, except that, again, like I talked about earlier, that would be a very targeted risk. Right. There's not really like, the chances of you, the person you find on Craigslist or whatever, being a government agent that's selling you a back to a pixel, like, it I mean, again, yeah, like I mentioned, it's possible unless you have a very specific threat model that fits that or you're a very high profile individual, that probably won't happen. And the other thing, you don't need to be worried about the malicious operating system because you're just gonna be flashing it with a a known, hopefully, verified version of Calix OS or Graphene. Right. Most malicious individuals would probably
[01:16:26] Unknown:
if they were gonna compromise the device somehow, they'd probably do it on the software side. Yeah. For sure. For the low hanging fruit. I mean, we even see that with, like, hardware wallets. They, you know, they tend to, like, just ship it with a predetermined seed already. So even if you just created a new seed, you'd be fine. But, in general, to me, one of the biggest advantages of something like Kallax over something like Purism I'm pretty sure Purism isn't shipping still, but over something like Purism is with Purism, you basically have to buy it online, and it's a direct privacy focused device. I love what Purism does on their laptops, but the same thing goes with the laptops. You know? You're buying a you're buying a device that is focused for privacy people.
You're buying it online, so you have all these other threat models that you have to deal with, other all these gotchas that could happen because you're online. It's it's really fantastic with the Kallik setup that you can just go buy off the shelf hardware that is very common hardware with cash, and have a relatively private acquisition experience just from that. So, I mean, before we continue, I think we should dive into actually everyday usage of Kallix. I put your link in the video feed earlier, but to the people on audio, your blog is seth for privacy.com. You also have your podcast opt out, which is opt outpod.com.
And on both, you have links to, like, different tools or, you know, resources to tools you like using on Calix. You wanna go into that a little bit?
[01:18:16] Unknown:
Yeah. For sure. Yeah. When I made the switch to Kallax OS, I wanted to be very specific about recording the things that I that I learned, recording the the app stores that I used, recording the apps that I found that that replaced some non open source or centralized alternatives as I kinda made the switch so that, honestly, just so that I would have a good resource that I could share with people. Because a lot of what I found is when I'm interacting with people regularly on Twitter, it can get really tiring to have to kinda dig up lists and find things and be like, oh, wait. What what app was I using? That kind of thing. So, oftentimes, it's just helpful for me to have these lists of things so I can easily share them and and share them as resources, But also just to help people who are trying to figure out, like, can I switch to Calix OS? Are there apps that'll meet the needs that I have that that don't rely on Google or don't rely on Google Play Services or maybe that are just not as as much of a kind of a data collection tool as some of the the kind of default services that people use.
And so I I wrote out this blog post. Kinda it talks through my reasons for going with Kallix OS specifically, which we've talked a lot about today. It very briefly goes through how to install Calix itself, but like you mentioned, it's actually a lot easier than people realize. There's a really simple CLI flashing tool that does the vast majority of the work for you. It walks you through when to unlock the bootloader, when to lock it, what it's doing with each step. It it works really well. I am more tech savvy. I'm very familiar with CLI, but it took me, I think, like, 8 minutes from deciding to flash Kallix to flashing Kallix and to being up and running. Like, it it was it was incredibly quick, and it was not a complex process. And, like, I I would have been more familiar with the complex process and fine with it, but it was simpler than I expected for sure. And then Bitcoin q and a also has a really good installation guide for Kallax that's way more detailed than mine on how you actually do the process. So if you're if you're more worried about the installation, his guide is also linked for mine, and I'm sure you can throw it in the notes or something, Matt, as well. But, that's a good guide to just actually getting it installed.
But one of the biggest things that people have to do continue really quickly,
[01:20:27] Unknown:
he's really good with his naming scheme. So I'm 99% sure it's bitcoiner.guide/kallixos. Okay. Continue.
[01:20:36] Unknown:
Just off the top of your head. I like it. So the the biggest thing people have to wrap their heads around with switching to Kallax or Graphene is that you don't have the Google Play Store anymore. And that may seem like a small thing, but that means that all of the apps that you want to install on your phone, you have to find some other way, and that is a 100% a good thing. I know it is, again, giving up convenience for for privacy and security, but, it is worth it. So you won't have the Google Play Store. So the way that you can install apps is there's essentially 2 different ways. 1 is using a different app store, the the main one of which is something called F droid, which is a repository of only free and open source apps that F droid themselves build from source and verify.
So it's an app store that is really, really good for that because everything you're gonna find in there is false, which is it's great. That's what I use for, like, 99.9% of the apps that I use. There's also a open source Google Play Store alternative that is able to pull in apps that are on the Google Play Store and help you to install them locally. And that works really well. I definitely advise, if at all possible, using F droid, just because it's good to switch to those FOSS apps anyways and support them, but also just that there's better security guarantees with using F droid than there are with Aurora store.
You can also the second main way to install apps is to install the actual APKs is the the term, but the actual, application files for the application manually. But there's a lot of risk in doing that. Most people are not going to verify signatures or anything like that. It's very easy to get a malicious version of an app. So if you are going to install directly via the APK, make, like, a a 1000000 percent sure that you're going to the official website, that everything is legitimate. If there's a way to verify signatures, verify signatures because you're taking on a lot of risk manually side loading apps. Yeah. Learn how to verify signatures.
[01:22:39] Unknown:
Oh, man. Yeah. BGP signatures. The freaks are very aware of that. I I try and phone that one home, as much as possible on dispatch. You know, when I first started using Kallax, they actually didn't even offer signatures of the Kallax image files, but then they started doing it after I asked them to. So that's fantastic. And the easiest way I have a lot of people ask me, how do I do that on my mobile phone? How do I do that on my Kallax device? What I like to do is I I actually will just verify it on my computer, and then I will side load it over to the device.
I just find it more convenient. There are ways to verify, the signatures directly on the device. Bitcoin, Bitcoin q and a also has a bitcoiner.guide has a as a resource for verifying PGP signatures. Dude is just a absolute machine. I have had him on the show previously, and he will be on dispatch again in the future. The other thing you can do, which I think is extremely underrated, is you can run the web app version, which is, like, most popular apps tend to have a relatively responsive, browser version. Twitter, for instance, is that's how I use Twitter. I only use the web app. So you you just you open, whether you're using Chromium or a Brave Browser.
I think Kallax defaults to Brave Browser now. You can just go to twitter.com, and you can sign in, and you have pretty much 99% of the features that you would have on the Twitter app without having a dedicated app.
[01:24:25] Unknown:
Yeah. That is a that is I mean, it's a it's a different topic a little bit because it's not installing an application, but it is a 100% the best way to go in, like, almost every scenario. If you can use a web app, there are so many advantages. And like you mentioned, browsers on mobile make it really easy for you to kind of turn a web app into an application. It'll put an icon on your screen. It'll be treated kind of like an app and how it's handled in the recents bar. There's a lot of advantages to doing that. And the I mean, the biggest one is you're not giving that website or that tool any access into your system past what the the browser allows, which is generally next to nothing. You're essentially running a sandbox version, not technically. So if you're technical out there, I know. But you're essentially running a sandbox version of the application that doesn't have control over the system data, over storage, doesn't have access to webcam or microphone unless you explicitly allow it. So it provides a lot better, potential privacy and security, guarantees than you would have if you're running the app itself, but it's kind of this it's a it's a greater topic of digital minimalism, which has a lot of crossover with privacy, but is a really important one. And just the idea that you really you really can cut down on the the the services that you use, the tools that you use, the applications you use. And as you actually do that and you kind of move more towards digital minimalism, less apps, less, accounts that you have, all of that, you actually gain better privacy just by being off of those things. So like you, I I only use Twitter through the the browser on my phone. I save it as an application on the home screen, so I can still just click straight into Twitter. And, yeah, it's not quite as nice as using the app. It's a little bit more annoying. Sometimes there's some issues and nuance, but most of the time, it works pretty darn well, and I don't ever have to worry about all of the telemetry and data collection that Twitter's trying to do through their app. But I can just use it straight through the browser.
[01:26:19] Unknown:
Yeah. I mean, in general, you should probably just reduce the amount of apps you use, use reduce the amount of services you use. Obviously, social media in general tends to be surveillance focused, reduce your social media usage. Twitter is my weak spot, but I I don't use any other social media besides Twitter. What else do I have on the list? So Calix oh, so the the big the the the big gaping hole that most users will see when they switch to something like Kallix is going to be the banking apps, whether that's directly for your bank or if it is a one of these, like, new age banking apps, like a Cash App or a Venmo or something like that.
You tend to they first of all, they none of them provide APKs, so you can't get the direct download. They're not free open source software, so you're not gonna get it on F droid. An Aurora store tends to not have them. So that will be, I think, for most people, will be the the biggest loss in terms of what they're used to. Obviously, whether you're in Bitcoin or Monero, that that is that is something that we're trying to obsolete anyway. So, hopefully, it's just a short term pain. You can still, you know, maybe if you really need to have that type of mobile banking experience, you know, you have a a a separate, basically, like, KYC phone, that you use for those types of things, that is separate from your daily driver, and then it becomes a little bit less of a sacrifice.
Another big one is if you're not running Micro g, you lose access to, like, the Ubers and the Lyfts of the world, which is a a very big one that I've heard from people. And this is where some of the nuance comes in about why I do like Micro g is because when I am in a when I'm traveling and I'm in a town, like, when I was in Miami recently, Uber is an extremely useful tool to have, because I don't have a car and drunk driving is bad anyway, And I do have a little bit of an alcohol consumption
[01:28:52] Unknown:
issue. Me whiskey bottle, pork pops this episode. So
[01:28:58] Unknown:
yes. I I I try not to do it on episodes anymore because it turns into a a a much better conversation if I consume beer instead. The the nice thing is you can use Uber with Micro g, and and best practice is probably to uninstall it when you're not using it. But what's really cool about Kallax is it has this built in firewall that comes with the phone, And Graphene does not have this, and it's it is extremely useful for these types of quasi surveillance apps. As far as I'm concerned, Uber is a surveillance app. They're harvesting as much information from you as possible. With Kallix, you can set in this firewall. You can you can literally choose, which apps have background data access, which apps have Internet access, period.
And you can force an app to only connect if you have a VPN. So you can install you you can run a VPN on your phone, and you can set it so Uber can never access the Internet unless the VPN is running. So it's got a, like, a, basically, a foot gun protection because a lot of people, what they'll do if they don't have that firewall feature is they'll intentionally make sure they're running a VPN whenever they do it. But, undoubtedly, you're gonna make a mistake and you're gonna, open the app without a VPN. So I think that firewall that they have built in is absolutely fantastic. It's the coolest
[01:30:27] Unknown:
thing. Yeah. So it's, like, it's such a simple feature, but it is so helpful to be able to control that. And, like, something I I would do if I was running an app like that is when I know I'm not using the app, like, at all, like, when I'm not traveling, especially apps like Uber, like Lyft, like, maybe if you fly a lot, maybe you have, like, the airplane or the airline specific app. When you you know you're not gonna need it until you travel next time, just go into the firewall, switch off network access, and that app has no ability to transmit anything. So even if you open it in between on accident or if you don't open it and it has some background process that normally tries to collect data and send it off, it has no access at all until the next time you need it. Like, you're in the in the airport, you're ready to go ahead and get on, go ahead and give it Internet access, grab the boarding pass, you're done.
So that's I think that's a really important feature as well. And I actually never connected the dots that you could use that to make the app only available to connect to the VPN. I actually had thought about the the opposite way, so that was a really good point that you brought up. I hadn't hadn't thought about making that change. And I would also mention with VPNs, generally, Android in general is good about this. Kallax OS is no different, but, Android has a really good feature. When you use a VPN and and you set it up, go into the VPN settings under, I think it's Network and Internet, in your general settings, and you can check Always on VPN, which will mean that the moment you have a network connection, your phone will try to connect to VPN immediately without even do anything extra. And then, also, you can check block all connections without VPN so that if for some reason your VPN's disconnected, your account dies, or, there's some issue connecting to the VPN, your phone won't have network access until you reconnect to the VPN.
And that, especially, I found that can be really powerful when you're traveling and hopping on to different public Wi Fi because sometimes public Wi Fi providers will block known VPN providers or normal VPN ports, and so your VPN can't connect. And if you don't have that that, toggle switched, your phone will just connect without the VPN, and then you could be leaking a lot of stuff that you don't want to. So those are some really important VPN controls. They're not specific to Kallix or Graphene, but I just think those are important pieces that some people don't see.
[01:32:32] Unknown:
Yeah. Very good point. In general, Android handles VPNs way better than iPhone does. I I think iPhones come a long way recently, but still, it's definitely lacking. At least I've noticed that when I've tried to help friends install VPNs on their iPhones. To go back to this firewall, so what's really cool so I think so I've never used Kallix without Micro g, But a cool aspect of Micro g is that I can I side loaded the the the native Pixel camera app? And because because both for my Fiat job and just for life in general, I I tend I've I've tend to really appreciate the convenience of having a high quality camera in my pocket.
And Google is known to basically, what they do is they take off the shelf hardware for their cameras, the actual sensors, but they do a lot of software magic to try and make the photos as good as possible, and that's only in the the Pixel camera app. So I side load the Pixel camera app, and the camera app checks if there's Google Play services. So it won't run without Google Play services, but the micro g checks that box. And because of the firewall, I can set it so the app never has any kind of network access even if the VPN is running. There's no network access at all if the software firewall is working as designed. So it's a nice little trade off balance there where I get better photos, without necessarily trusting that there's not, like, some, you know, Google server back end that's getting hit by it.
And then the other big one that you hear a lot of Kallax proponents talk about is, you know, the open source keyboards tend to be a lot worse than Google's keyboard. I assume what do you use? Like, AnySoft?
[01:34:41] Unknown:
I use let me just double check the name. I haven't looked at it in a while. I use OpenBoard. It's the one that I use. It's available on F droid. I've tried most of the ones that people recommend, and they all have issues that make them kind of unusable for me. OpenBoard has been the best. I'm assuming what you'll probably get to is that you can use other keyboards that would be collecting data and kill the data access. But You can literally use Google's keyboard. You can use Gboard,
[01:35:07] Unknown:
and you kill data access. I mean, obviously, you're putting a lot of trust in that software firewall, but it is a nice trade off balance because you get the full, basically, Google keyboard experience where they've worked really hard on on making that a really fantastic keyboard, without that information theoretically getting hitting their servers.
[01:35:33] Unknown:
Yeah. It's a really powerful feature, and that's I'm willing to use some apps that I wouldn't be willing to use otherwise because of that firewall. And I I have been able to find all of the banking apps that I have used in the past on Aurora. I've uninstalled them all now because I realized I don't actually need any of them installed on my phone. But, like, all of mine specifically were available at Aurora. I think someone mentioned in the chat that there was a way to kind of change how Google sees your Aurora store instance to make it think that you're in a different location, which will, give you access to the apps that you should have access to. I I haven't tried that, but there may be something there about, playing around with Aurora store a bit. But for me in Aurora store, all the banking apps I've needed have been available and installed just fine. Oh, that's interesting.
[01:36:21] Unknown:
Yeah. I mean, in general yeah. I a lot of the banking apps also block VPNs or they don't they, like I don't know. They have issues with VPNs. In in general, the those are obviously going to be anti anti privacy apps.
[01:36:42] Unknown:
Usually, just not necessary, honestly. I think people really wrestle with the idea of, like, do I need this thing within one click? The answer to a lot of that is just no. Like, a lot of the stuff you you get used to using, but there's just not really a reason to have it installed most of the time. And like you mentioned with websites, most of these services have mobile websites that work pretty darn well. And if you do need to install the app, maybe you can just do it for a short time if there's a specific thing you need to do, like upload a check or something. But a lot of the time, you really just can kind of decide, I don't actually need this app, and get away with just the mobile website or just doing it on your computer when you're at your computer next.
[01:37:19] Unknown:
100%. We have a none your business in the chat asking what the name of the Kallix firewall app is. It's literally preinstalled and just called firewall. So when you install Kallix, you will have that firewall, there. It is not enabled. You have to go in, and you can enable it on a per app basis, whether you want to limit background access, limit all Internet connectivity, or force it to only use a VPN, to access.
[01:37:50] Unknown:
There were a couple other questions that think I've rolled past, but that I grabbed to to maybe cover if you wanna Let's answer them. Boom. And and, Freaks, just a reminder,
[01:37:59] Unknown:
you know, the live chat is my favorite part of dispatch, so feel free to just keep putting questions in there. Okay. Continue, Seth.
[01:38:07] Unknown:
Yeah. This is really nice. I'm tempted to do something similar for for op.pod at some point. I like the live interaction. I don't think I will have quite as many people jumping in, but we'll see. So we'll we'll go and jump back. Manera Lion asked, what is the biggest downside of having Micro g on Calix? I think this is a a good one to cover. I think I briefly mentioned a little bit about it before. I'm not sure your thoughts around it, Matt. From my understanding, it doesn't give Google a direct link between your phone and you.
It doesn't tie a device ID or a Google account to the things that you're running through Google Play Services. So it's definitely better than just having regular Android and having Google Play Services. In my mind, the the downsides are kind of twofold. One of them is that it enables you to keep using the services that have chosen to be reliant on Google Play services, which personally, I like to I it it takes extra effort. It takes extra time. It takes getting used to, but I like to use and support apps that have taken the the step to not be relying on the Google Play Store or sorry. Google Play Services, and there are a lot of apps that have baked in other ways to handle those things without Google Play Services, like, for instance, 3 months. I started using 3 months recently for messaging. If you have Google Play Services, notifications come in real time because, again, Google Play Services, one of the key things is that they handle push notifications and they simplify it for app developers.
But Threema have put in the effort to build in a background service that if you don't have Google Play services, it will regularly pull for messages, I think, anywhere between every 5 30 minutes, which isn't quite as seamless as having instant push notifications. The moment someone sends a message, missing a message for a max of 5 minutes. To me, it doesn't really matter. And if you have the app open, you're you get notifications instantly. But that's an example of a good app that you could rely on Google Play services for, but you don't have to. And so, really, one of the reasons I chose not to use Micro g is not necessarily that I see it as a major privacy risk. I really think for most people, it's probably fine.
It's not there's like I said, there's no direct ties between you and Google through it. It provides some anonymization, but I wanted to force myself to to go through the process of finding alternatives that did not reply that did not rely on the services that Google provides. And that's what I did, and it was it was a little bit painful. But like I mentioned before, it really was not as bad as I expected to make that to make the switch to FOSS apps that actually cared about providing tools that could be used by those not using Google Play services. So
[01:40:51] Unknown:
I definitely think that yeah. Before we get to the next question, I mean, I just wanna jump in real quick. First of all, is awesome. I love. That's how I invited you onto the show. It costs money, and that's not a bad thing, people. That's what's cool. It's a my god. It's a free open source app, free as in freedom, that that has a a paid model instead of harvesting your data, which is is very sustainable. And I I wouldn't be against other projects offering similar,
[01:41:22] Unknown:
monetization models. Paying money, and they accept Bitcoin. You can buy free money today with Bitcoin directly, use some post mixed stats, go buy a a license that's $5. You're supporting the company who's building or not company, the organization who's building such a great tool. Like, people need to use the concept that I am no longer paying in data, so I'm gonna pay in money to make sure that the people who are building the tools that I love can continue to build the tools that I love. Like, sorry. It's not a a high horse and a No. I agree. A little angry about, but I just I love seeing companies just willing or organizations willing to just say, hey. We want money for this because we're building a great tool, and people should be willing to pay for that. And and also to add there,
[01:42:01] Unknown:
3 mo was originally closed source, and they recognized that the community was very upset about that, and they opened it up, which is fantastic. Another good app that handles without Google Play services and makes it a priority is Tutanota if you're using email, which is a fantastic email provider, and and the app works really well without Google Play services. I would just add on to the Micro g thing is there's 2 ways to use Micro g on Kallix. Some apps, you can use it to actually sign in to your Google account, through Micro g.
I wholeheartedly don't think anyone should do that. You should never use the Micro g component where you're signing in to your Google account. I I don't have a Google account attached to my device. A lot of services don't actually need you to sign in to a Google account. They just need to know that there's a a Google Play Services, basically, capability on the device. And those just will just work in the background, and and and you can you can get by on it. But I do I do agree with you that in general, even if you are running Micro g, you should try and support services that go out of their way to not require Google Play services. And I I mentioned Moon earlier.
I know they're actively working, to remove that requirement, so that that is good.
[01:43:26] Unknown:
Yeah. And having if it's a good project that just hasn't taken the step yet, which I think there definitely are many of those out there. I mean, like, for example, ProtonMail, which is a service that I use, their app does not work without Google Play services as far as notifications are concerned. So, like, I can't get email notifications through ProtonMail. And they also don't publish onto F droid. And I do think that they're a good organization. I think they need to prioritize some some different things, and that would be F droid and not needing Google Play services as one of the big ones. But, it also has pushed me towards services that do work without Google Play services. So I've, like, I've paid for c templar email because I know that I can get notifications using their app, and their app is available through F droid. So, again, we can show we can show our support for organizations that are willing to put in the time and effort to to let us opt out of Google services more easily by paying for their services, by showing our support publicly, by talking with people about why we use that app. And that can also be just really good competition to push the other organizations that are legitimately good, but maybe have different priorities to start thinking more deeply about that before they start to lose market share.
[01:44:37] Unknown:
100%. You said you have some more questions written down?
[01:44:41] Unknown:
Yeah. Just one more. There's, one from some poor that says, is there privacy risk to regularly carrying around a private phone and nonprivate phone together? This is one that I've been thinking about a lot. I I have to have an iPhone for work. The services that we use for work, I work in IT, and some of the stuff that we do has to has to go on a device, and I don't want it touching my device, and they will give you an iPhone. So I have a an iPhone for work, so I do have a private my regular personal Kallax OS phone, and then I have a non private iPhone that I use. I would say there definitely is privacy risk. I mean, the main thing to to keep in mind is if you are carrying around that non private device with your private device everywhere, you're likely giving away location. If there's, like, an assistant enabled, you could be giving away audio where you're at.
If you're taking pictures and videos, like we talked about earlier, Apple's gonna be digging through those looking for whatever they deem to be worth looking for at the moment. So I definitely would say avoid it if you can. But if you need the other device for some reason, stick to a very minimal approach. So you can take, like, with my iPhone, the only things I have in there, like, the very required work apps and then a couple apps that I don't want on my main personal phone, but that I need sometimes. And so I'm able to keep them on there. I just keep them closed. I don't use them most of the time, but they're available if I have to. So just stick to that digital minimalism idea when when doing that is kinda my take, but any thoughts around that, Matt?
[01:46:13] Unknown:
Yeah. I mean, I think, it kinda goes hand in hand with Nonya Business's question that just asked about thoughts on carrier privacy. You know, there's there's additional nuance here with your carrier. So so, obviously, whether or not you're using Kallix or iPhone or stock Android or Samsung stock or whatever, you should have that little toggle that says location toggled off for 99% of your time. If you absolutely need to use it, enable it when you're using it, and then disable it. But that is specifically for GPS location. There's also a method of tracking location that is done via carrier triangulate triangulation, which is they take your your 3 closest towers, and they basically measure the distance from those 3 three towers. And you can imagine it kind of like a Venn diagram, but with 3 circles.
And they're able to relatively closely pinpoint your location based on that data alone without GPS. GPS will give them a very, very accurate location, and might be harvested by apps that provide them to marketers, which then that data gets shared and leaked. And sometimes I we've even seen the feds, they'll get around warrants because they'll just buy that data. But, also, they're especially among the major carriers, the AT and T, the Verizons of the world, the T Mobiles, they also monetize by selling that triangulation data.
And if I if I remember correctly, that data, they they when they sell it to to marketers, they they they call it anonymized location data, but there's no such thing as anonymized location data. Because if if you're traveling between your work and your home on a constant basis, then, obviously, you work at that place and you live at that place. And we saw a case where I believe The New York Times used so called anonymized location data, and they basically tracked a secret service agent, and they were able to see where he lives. And that was because the location data basically showed him traveling around with the president and then going back home. So if you're using a if you have a second device, you're adding you're you're adding that element of additional data that is being taken. So how do you reduce that data from being taken from your your your privacy focused phone?
And in that case, the trade off becomes even greater in terms of convenience because you basically end up in a situation where you have to basically get prepaid SIM cards. Whether or not you pay with Bitcoin or you or you pay with cash, you have to attempt to get prepaid SIM cards that are not attached to your identity. And there's there's a great service that works Kallix but not Graphene, because Graphene doesn't support esims, called silent dot link, which accepts Bitcoin, and they'll give you an eSIM, which is instead of that little SIM card that you put in your device, which is how it the carrier recognizes it, It gives you a digital version that is super easy to load onto the device.
My boy, Ketamineer, who has a telco background, says that there's also certain device data that gets transferred to your carrier. So rotating your SIMs isn't necessarily enough if you, you know, you switch between prepaid carriers, and that data can also connect back to you. But once again, as we went back earlier, you know, you can't let perfect be the enemy of good, and you're taking small steps to improve your privacy surface or your your attack surface on the privacy side and mass collection of data are tangibly better for you. You you wanna just try and reduce that exposure as much as possible.
[01:50:31] Unknown:
Yeah. I'm glad you brought it back to that idea of, like, don't let don't let talk about cell tower triangulation scare you out of making actionable steps towards privacy. I mean, that it's definitely that is a concern, and it's something you can't really get around. I mean, if your device is connected to cell signal, you your location is being triangulated. And that is either to collect the location or it's being used to help you accurately and efficiently jump between cell towers for for getting good cell signals. So that is unfortunately one of the things of having mobile data.
If you really want to worry about that more, you could use airplane mode when you absolutely don't need mobile data, which probably not a bad idea at all. Like you mentioned as well, there is a unique device identifier. It's called an I IMEI. Probably heard people talk about it before, but that that unique identifier is new to is specific to your phone, and no other. So even if you are swapping between carriers, that data could be correlated between. But I think a a good thing to think about here and something we haven't really talked about too much today, but, you have to think about threat models. And most people's threat model and, like, my threat model is mostly, it's getting a little different as we kinda see things shift in society. But, mostly, my threat model is I want to make sure that when companies and governments are just mass collecting data and seeing what interesting things they find, I don't show up or I don't easily stand out, and my data is not easily correlated across companies, across governments, that kind of thing. And for for people who have that type of threat model, which I really think is most people, using something like Kallix OS will get you most of the way there. And using some of these apps we've been talking about and tools we've been talking about, and you you probably don't need to worry about cell tower triangulation because that is gonna be very targeted. They're gonna need to say, like, hey. I wanna find out where Seth is. We don't have GPS because he doesn't use that. We don't have all of this data because he uses calyx, but we can use cell tower triangulation to try to track him down. And, like, that is a legitimate concern, but I 1, that's a really hard thing to shut down, and 2, I don't think that I would be targeted in that way at the moment.
So that can be it can be a tricky one to get around, but definitely do not let perfect be the enemy of good. Like, take the steps. The more you're reducing that, the also, the more you're reducing the data that can be easily correlated between your location and other things that you do. Like, if you're using private messaging apps, it's not gonna be easy for them to correlate the person that you're meeting up with and you being there at the same time, at least not as easy. Or if you're not using social media and sharing where you're at each time, they may not even they may not go to the the lengths to dig into cell tower data to find where you are.
So it it really you can protect yourself from Dragonet surveillance. And if you have a very targeted threat model, you have other concerns, so that's a different conversation. But for most people, you don't really need to worry about that if we're honest. But think about your threat model. Look up how to build a threat model. The EFF has a really great resource on that. Try to figure out what you're trying to protect, what you're trying to protect against, and what lengths you'll go to to do that, and see if something like worrying about cell tower triangulation is is a concern of yours.
But there are there are some good carriers. You can also get non, like, personally identifiable SIM cards and data through. Mint Mobile is one that a lot of people talk about in the US. You can get prepaid Mint Mobile cards with cash without giving any personal information over. And if you did buy your phone secondhand or if you bought it without giving away real name and address and everything, the IMEI for your phone is not tied to your identity either. So it'd be it'd be much more difficult for them to correlate that the IMEI, which is yours, is connected to the, Mint Mobile account, which is yours, when neither of those things have personally identifiable information attached.
[01:54:21] Unknown:
Yeah. In general, with with privacy, it's very easy to get caught in the in the hole that, oh, I'm just fucked regardless. And I think it's really important to just constantly reiterate that
[01:54:40] Unknown:
that
[01:54:41] Unknown:
that might you know, do do not get discouraged on that aspect. It's important to just take simple steps on a constant basis to consistently improve your privacy and and and what your, like, your surface area is in terms of, how much data you're leaking on a daily basis because most of us are leaking a ton of data. Like, I, you know, I we get down in the weeds on the show, and then you do an opt out pod. But simple things, you know, stop using Gmail. Stop you know, don't don't have an Alexa in your home that's just constantly running a microphone connected to the Internet. Just simple steps, to improve your privacy.
[01:55:25] Unknown:
And and, I mean, if if we are all fucked and the the data collection that we can't work around or that's very hard to work around is happening and comes back to bite us, do you wanna go out as somebody who just bent the knee and gave them all your data anyways, assuming the worst? Or do you wanna go out as somebody who fought, who made it difficult for them, who complicated their lives, who made it hard for them to complete their whatever their mission is. Like, I I think a big aspect of it is, like, if something is really and I don't think personal privacy is impossible or unattainable, I do not think that. But if somehow that turned out to be the case, that all the steps that I've taken have been pointless, I wouldn't really care. I would be happy that I had done everything that I could. Like, that it wasn't because of my laziness or because of my, poor choices that I suffered in the end or that something changed in the end, but that I would be one of the ones who stood up, who chose to fight, who chose to put in the time, and who chose to educate other people around me and try to pull them into it.
And I really think that that's a worst case scenario. And I think the more realistic scenario is we're we're gonna keep pulling in more and more people. We're gonna make it difficult enough on them that they're gonna have to start changing the way they do things and not relying on people just willingly giving away troves of data.
[01:56:36] Unknown:
100%. I mean, I think a lot of this is education too. Like, I think if people realize that there was no such thing as an anonymized location data, and that their carriers are tracking all this stuff and selling it to marketers, there'd be public outrage. And, maybe, unfortunately, a lot of people will have to be burned in the in the meantime for that to become more aware publicly aware. But I I do have optimism that as people do get burned, there will be more public outcry and people will push, for these things to not be so normalized. We have a great question from Crypto Grampy in the audience, asking, is there any benefit to blending in with some of this stuff? I hear this a lot. You know, Calyxt is a privacy focused OS. Graphene's a privacy focused OS.
Are we putting, a target on our backs, or or or or basically adding risk by seeking out privacy focused solutions?
[01:57:42] Unknown:
That's a that's a really good question. It's one that I've started thinking about a bit more lately, but it's still kind of, I don't know, still kinda mulling over it. I think there certainly could be a benefit, but I think the benefit that that could provide in almost all cases outweighs the risk of giving over data that just makes it easier for them to do what they wanna do. I mean, I definitely think they could use like, our government could use a list of people who, for some reason, do not show up with KYC cell phone numbers and do not show up with Google accounts that are tied to their real identity and stuff like that and use that as a list to start targeting people. But I think kind of 2 two responses to that. One of them is if they do that, it's gonna be hard for them to actually collect the data that they need to make that realistic. So, yes, they have a list of people or a a group of identities that they don't have an identity for that they need to go track down.
And so that's complicated by the steps that you've taken. And the other answer would be, I think a much better thing to do than blending in is increasing the the crowd that you get to hide in. And the way that we do that is through education, through building better tools, through funding better tools, through, pulling in friends and family by regularly talking to them about the steps that we're taking towards personal privacy, making it personal, making it about the the specific things that you see that they need or want out of maybe a mobile phone or an application and and crafting the crafting the message that we have about privacy for them specifically. But, really, the best way to not have to worry about blending in is to blend in with a crowd of people who are growing rapidly that care about personal privacy, that are installing mobile operating systems like Kallax or Graphene, that are using tools like Bitcoin and Monero.
And the more people we're able to to bring into using those tools and using them effectively, we end up blending into a crowd of people who are private. And those that crowd of people who are private all provide good privacy to each other because now there's less and less data between the whole group, and you're all using similar tools that are privacy preserving that they can't actually just collect data from simply or subpoena data from, and you end up in a much better world that way, I think, than if you try to blend in in some ways while keeping some things private. I also think it it would just be really difficult in real life to blend in effectively without connecting the dots between your blended in personality and your private personality, especially, like, we were talking about the 2 phone idea. If if 2 phones, let's say you're let's say you're using Kallax OS, but you're not using a VPN when you're walking around, and you're using some service that that IP address is logged. Maybe it's not logged in a a malicious way, but it's there, and they're able to use or let's just forget the IP address, actually. Let's say you're they're using cell tower triangulation, and maybe you didn't purchase your cell plan for your your Calix OS without giving up your identity, and then they see your non private phone walking around. These two devices are always hand in hand. They're always together.
They're gonna be able to tie pieces of data together that maybe they're getting from Calix from your Calix OS install, maybe some things that you're doing on there, maybe you're still using the Twitter app rather than using the mobile app, and and some data is getting out of there that, they can use to to do that. All all that's kind of, like, just conceptual, but just that idea that if you do try to kind of blend in halfway while opting out halfway, it can be really hard to keep those two lives separate. So it can be tricky.
[02:01:18] Unknown:
I think you made a very good point in the beginning of your response, in terms of of basically trying to increase the anonymity set of these services, increase the adoption and use of these services so that you don't have that issue when you're using them. I think I can speak for both of us. I I mean, that's why I do dispatch. That's why I'm so outspoken on Twitter. I think that's why you do opt out pod. I think that's why we're doing this show right now. I mean, we need more people using Kallix so that you don't have that that concern as much. That is not just necessarily a privacy tool.
It does give me better performance and better battery life than if I was running stock, Google on my Pixel. Like, significantly better battery life. Like, Pixels have historically I've had a horrible battery life. But because this thing's not hitting Google all the time, my battery life competes with, you know, brand new iPhones, which is pretty unbelievable.
[02:02:22] Unknown:
It's a really underrated part of Kallax OS that I don't think a lot of people talk about. Like, I was talking to somebody who was at Defcon, and he mentioned that he had has a had his Kallax phone in his bag for, like, 6 days straight, and it still had tons of battery, like 80% or something. And he had used it a good bit throughout that, but it really does help with battery life. And a perfect example of that is signal. In the beginning of signal usage,
[02:02:45] Unknown:
you basically if you were able to get a list of phone numbers that were using signal, you could pretty much assume that they were all privacy focused individuals. But now it's starting to hit the mainstream where, you know, my grandmother uses signal, and her friends use signal. And and it does have features that are better than if you were just using a text message besides just privacy. And we've seen success with it that and I think it's a very good example of of, basically, what we wanna see with some of these privacy tools is is to them get some level of mainstream adoption so you don't have as much of that, you know, that that risk of basically just you using it becomes suspicious. Not that it should be suspicious, but, obviously, that that is going to be the case a lot of times when you're first starting, these types of projects.
We had Jack Sparrow in the chat ask if he was to use Gmail on Kallix, would he be better off using it in browser? Yes. Just in general mean, you shouldn't use Gmail, but just in general, using a browser based version is is strictly better. And and if if you have to use it, that's how you should use it. Seth, you mentioned Defcon. You were there this weekend. How how was how was that? Do you have any insight there? What was that experience like? I've never been.
[02:04:15] Unknown:
Yeah. So it was it was my 1st year there. They changed a lot of things this year. I think they've kind of I don't know. This might be a little divisive, but they bit the knee a little bit and forced people to provide personally identifiable information to get in. They also did not make it clear that they accepted cash at the door, which has been like a Defcon thing forever, and they instead did preregistration via credit card. So there were a lot of bad changes, but it was the 1st year I was able to go. And there were a a there's a a large contingent of the Monera community going there, which I've been wanting to get together with with a lot of those people for quite a while.
And, actually, the Monero people put on, along with the help of a couple other projects, but it was mostly driven by the Monero people, they put on a cryptocurrency village, which normally there has been a Monero village itself in the previous years. But since this DevCon was much smaller, they capped it to, like, a third of of the normal size, and I'm not sure if they even hit that. So it was a very different year for sure, but, we were still able to put on that cryptocurrency village. I may or may not have attended with or without a ticket, and and actually helped out.
But we had the the cryptocurrency village there. It was it was cool to see a lot of people come in from the DEFCON crowd that may or may not be familiar with cryptocurrency. There was actually a much larger contingent than I expected that didn't really know anything past, like, very basics about Bitcoin and really just kinda the number go upside of Bitcoin. There were a couple people that I talked to who had a a deeper understanding. Obviously, my focus there was on Monero, but it was the cryptocurrency village. So I I try to just kinda be generic unless someone specifically asked about Monero stuff, but had a lot of really good conversations, a lot of, obviously, privacy loving people. So there was there was good stuff around that.
We put on a few talks also, mostly focused on cryptocurrency privacy and some some research that's gone into to scaling and privacy protocols from a a researcher who's, who has done research for Monero in the past and and is now doing research for other projects in addition to Monero. But it it ended up being a good time. I mean, my focus was hanging out with Monero people, getting to know a little bit more of the the community, getting a little a little closer to them, but, I was able to to get into to DEFCON for a bit and and see it. I I didn't leave the cryptocurrency village, though. I didn't go to any of the other sections or talks or anything like that. So I have a I had a very limited view of DEFCON, but, the parts that I did see within the cryptocurrency village were were really good. It was it was a good time getting to to meet some of the people there. And, honestly, just to show cryptocurrency and privacy to people, that's not something it really specifically Bitcoin and Monero to people, and have those kind of face to face discussions with a lot of people who aren't as familiar with Bitcoin and Monero as the people that I regularly interact with on on Twitter or in chat rooms.
So definitely still good. Sad to see some of the changes that DEFCON has chosen to make to kinda bend to to social pressure, and even to go way above restrictions that are put in place, but, that can be a that can be a discussion for another day. But, overall, a good time. Some awesome people, that came out from the Monero community. Many of them are also part of the Bitcoin community. If you're active in Samurai Circle, some of the people there are active there. There's a lot of crossover between privacy focused Bitcoiners and Monero users.
So it was great to hang out with them, get to chat a little bit more, kinda, yeah, just just a really good time.
[02:07:52] Unknown:
Awesome. Appreciate the insight. I mean, I since you mentioned it, I mean, I'm pretty sure they use COVID as the excuse for the additional information collection.
[02:08:02] Unknown:
Yeah. They did. They requested vaccine reports.
[02:08:06] Unknown:
Yeah. It's pretty fucked up. It's, troubling. It's a troubling trend in general, but especially when you start seeing privacy focused organizations and events, kind of bend the knee to that. It's not a good trend.
[02:08:25] Unknown:
When I when I found that out because they they'd announced it really early on, but it was, like, when things were much more restricted and locked down because of COVID and, whatever you think about that, whatever, but for other people listening. But, things opened back up. Vaccine was out. Everybody was feeling fine, and then DEFCON did not reduce any of the restrictions even though they were way above CDC recommendations, local requirements, anything like that. And when I saw that, when they kind of reiterated their stance, I reached out and and chatted with them to try to figure out if there was any kind of workarounds there or anything I could do. And, essentially, their answer and this person wasn't necessarily speaking for all of Defcon, but I think it was a good window into what has become of what used to be a countercultural hacker privacy focused, conference. The the response I got from the person who worked for Defcon, and he was the person responding to me in my support case, was essentially that because I don't have a reasonable expectation of privacy outside of the conference in Vegas because there's cameras everywhere, that kind of thing, that they have no problems with requesting personally identifiable information to get into the conference, which I think is just absolutely nuts and an awful response to hear from a a conference like that. And, again, that may that may not line up with the actual people who, like, are creating and running the conference, but that was the official response that I got, which was a little bit terrifying. I'm not I think I think took away a bit of my interest in going to future DevCons.
But regardless, there was still a big crowd there, so it was good to have a presence and good to have, just some some good discussions throughout anyways.
[02:10:06] Unknown:
Yeah. I mean, it's a real shame. It's it's a worrying trend. I do feel like I I wonder if it's just my bias showing, but I do feel like there's just just an increasing trend of anti privacy aggression, around the world right now coming from a 1000000 different sources, and it's more important than ever for people to stand up and say no and and care about their privacy, care about their sovereignty, and help educate friends and family the same, and and and the the movement is more important than ever right now, I think, but maybe I also will acknowledge that it could partially be my own bias.
But it does definitely feel like a a worrying trend. Seth, I mean, this has been an absolutely great conversation. I know you're tired from traveling. We've been talking for over 2 hours now. I really appreciate your time. Do you have anything that you wanna cover before we wrap this up?
[02:11:15] Unknown:
I don't think I have any kind of major major topics. I would just say, like, I'm not I'm not making this about Calix OS or First Graphene OS, that kind of thing. I know there's a lot of issues and just conflicts between them. I've had some run ins with the Graphene OS crowd that have been quite hostile, but I think what I will just kinda say to sum up what you've been chatting about is definitely take the steps to to dig into mobile privacy. Try out both Kallix OS and Graphene OS if you have the time. If you're focused on usability, jump into Kallix OS.
If you feel you have a a more aggressive threat model or a more, kind of high level threat model, maybe go for GrapheneOS. It should be a little bit more secure in some ways. Privacy is kind of they kinda trade blows there, but, find the tool that works for you. For me, that's Calix OS. Like Matt said, for him, that's Calix OS. So, I mean, I I definitely do personally show Calix OS, but Graphion OS can be a great tool too, no matter what drama is going out around that.
[02:12:24] Unknown:
One one of the one of the cool aspects of both Graphene and Kallix is that they run on the same hardware, and it's very easy to switch between them. It's also, Google is, I think, relatively unique in that they actually provide images for stock Android as well. So you can you can literally take your your Pixel device, you can flash Graphene on it, you could try it out, you can flash Kallax on it. And if you still disagree with both of us that it's a better experience, even if privacy is not necessarily the concern, you can then go and, flash flash stock Android onto it, back onto it and go back into the Google universe so you don't have that issue.
We have we have Monero Lyon, bringing up the Monero question, which is not a surprise given his name. So do we wanna have a brief discussion on our views of Monero? And, I guess he's he's specifically asking about usefulness. I mean, I think we all know where you stand here. I mean, you you started as as pretty much a fully focused Bitcoiner, and you seem to have moved on more towards Monero due to the privacy focus of Monero. I think I am often, mischaracterized in how I view Monero. I've been very consistent in that. I do believe that it is useful if if if you want transactional privacy today, there's a lot less gotchas than if you're using Bitcoin.
I think the tools around using Bitcoin privately have improved tremendously, and I expect them to continue to improve. But I I do not I I do not, disagree that Monero is useful. My belief, though, is that long term, you will be better off holding Bitcoin than Monero in terms of, purchasing power, in terms of how much to in terms of holding your purchasing power and your purchasing power increasing for your everyday expenses. And I don't I I where I tend to disagree with people who think that Monero is strictly better than Bitcoin is that it's kind of a damned if you do, damned if you don't on the Monero side because there's a strong focus to make it easy to swap between Monero and Bitcoin.
And as long as that is the case, there is no real incentive for someone to hold Monero when they can just switch into Monero for short term, transactional privacy and then swap back into Bitcoin for a long term hold? Do you what what is your thoughts on on my statement?
[02:15:51] Unknown:
I mean, I I definitely I think I agree with a good bit of what you said. The way the way I look at it, I think, is a little bit different than a lot of people. I mean, I'm not I'm not interested in the the number go up aspect. I'm not really I mean, I you I know you phrased it as purchasing power, which I think is a more a more nuanced and better way to phrase that idea of the price increasing over time versus Fiat, which is what is meant by purchasing power increasing, at least in my eyes. If that's wrong, feel free to correct it. But
[02:16:21] Unknown:
Well, I mean, I would say, fuck Fiat, but purchasing power between Bitcoin and Monero long term.
[02:16:30] Unknown:
Yeah. Yeah. And I I mean, obviously, history has shown so far, depending on when you bought in, Monero's purchasing power could be a lot better. Bitcoin's could be a lot better. And over the long term, Bitcoin has done obviously incredibly well in price performance. So if your if your only concern is price performance or if your main concern is price performance and store value, I I think, obviously, Bitcoin has proven itself as that so far, that it has worked well as that. The technology works well for for that piece of cryptocurrency, and I do think store value is a a meaningful and useful, use case for cryptocurrency in general.
I think where I differ a bit is that I think that the world needs a store of value much less than it needs a way to transact privately. And I think that Bitcoin can be used to transact privately. It's definitely doable. I've done it. I am really close to a ton of people in the samurai community. I love what Samurai Wallet's doing. I think without them, there would be no hope for Bitcoin. And I know that's a bold statement, but they're really kind of the last the last bastion of privacy preserving crypto or, cypherpunk people who are are working on Bitcoin or or some of the few. And, yes, you you can use Bitcoin privately, but I think the caveat is it is extremely difficult in comparison to Monero.
Again, samurai wallet makes it possible, but not necessarily easy. It is time consuming. It takes a lot longer to go through the mixing process with Bitcoin. You have to learn how to set it up. You have to learn how to mix. Hopefully, you set up your own Dojo, which requires obviously setting up the Dojo and connecting to your own server and then maybe setting up the desktop GUI client to make sure that you're syncing all the time. And, there's a lot that goes into preserving privacy on Bitcoin, and there are a lot of ways you can mess it up, either pre, post mix, or obviously if you're not using Samurais or some other privacy approach, but there's not too many great ones out there for Bitcoin.
If you're not using samurai, you're just you're shooting you're shooting yourself in the foot the whole time that you're using Bitcoin, and you're making a clearly deterministically traceable footprint in a ledger that will last forever and is readily available for data analysis by governments, companies, all of that. So because my focus is more on a method of exchange, a way to transact value, and more on something that is a replacement for cash. So we need digital cash, something that we can transact digitally with, but that carries over the the principles of cash, which are essentially fungibility and privacy.
I I lean towards Monero, and I've chosen to focus my time in in learning and education, and in, just the yeah. Really, the educational content that I put out is focused on Monero because I view it as an extremely approachable, extremely easy to use, and not perfect. The the UX is not perfect. Some of the wallets are better than others, of course, and, hopefully, user experience will continue to improve over time. But anyone who uses Monero with any wallet that's available for Monero gets very strong privacy guarantees, and they get that digital cash like feel where they they don't have to worry about fungibility. They always know that the transactions that they make, are being protected in both the sender's protected in each transaction, the receiver's protected in each transaction, and the amount is transact is protected in each transaction.
And since those things are enforced by the consensus layer, there's no way for you to mess that up in those core ways. Obviously, there are some other issues that you could do, like if you're using a a KYC exchange, you go to your wallet once, and then you go to another KYC exchange. If those exchanges share information, they could link the transaction back to you. But those are also KYC exchanges, which you shouldn't be touching.
[02:20:22] Unknown:
What if you don't use it with your own node, like, something like Cake Wallet?
[02:20:26] Unknown:
There's there's an inherent trust with Cake Wallet servers. Right? No. No. So there is well, I mean, yes, there is a tiny bit of trust placed in using a remote node, but the important the important distinction is that there is only one light wallet for Monero, and that's called MyMonero. Every other mobile wallet, Cake Wallet, Monero Show, there are other ones like, I can't remember what they are. They're not Monero specific. I won't focus on them. But, like, Monero Show and Cake Wallet, both of them just use remote nodes, which is it's an RPC connection just like if you were to use your own Bitcoin remote node. So there's no leakage of, so just just to break down Monero really quickly for anybody who's not aware.
So Monero, like I said, receiver, sender, and amount are protected in every transaction by default. If you want to reveal that information, like, if you want to selectively reveal some information about a transaction to a 3rd party, you can give them what's called a view key. And that view key lets them decrypt that information about, about transactions that have been received to a specific address. So, like, if I wanted to, I could publish the view key for the donations that I receive via opt out pod so that people could see how much I've received in donations. I think in a lot of situations, there's no reason to do that, but, like, if you're a maybe a, an open source foundation and you wanna make it transparent how much money you're getting and what you're spending it on, or, maybe you're a political candidate and you have to reveal donations, that kind of thing. It can be useful.
But the way that light wallets work, like my Monero, is that you hand them the view key to your wallet, and so they are able to decrypt that information about your transactions so that they can do the actual syncing of the blockchain for you. They can look through the blockchain for all the transactions that correspond to your wallet and let you know about them without you having to go to the node, request every block's data, and dig through yourself. So you are offloading quite large amounts of trust when you're using that. You're still, at worst, as bad off as using Bitcoin.
You still do have some some privacy provided there, but that is much less than just using a normal remote node. But, like, when I'm using I use Monerojo and Cake Wallet. When I'm using those, I'm connecting to my own node. Or even when I'm connecting to another node, I'm not revealing any information about the true spend in a transaction. I'm not revealing any information about amounts, and I'm not revealing who I'm sending that transaction to, which is a really important point that that remote node privacy is much less of an issue in Monero because transactional privacy is so much stronger.
[02:23:03] Unknown:
Appreciate that insight. Before I respond, we have Moe's bleb mentioning Bunny's open hardware phone. Bunny is doing amazing work. I look forward to seeing what he has for us. We did not mention it on the show, so it should be mentioned. I'm very excited about it, but it's not out yet. So I have, you know, Gitmo BTC mentioned StoreWealth and Bitcoin and then spend in in Monero or Whirlpool where where Monero isn't accepted using CoinJoin. To me to me, that's the gotcha. The gotcha is and this is the case with pretty much all Altcoins, but most Altcoins do not have any kind of usability or usability advantage that Monero presents. Monero presents a short term to me transactional privacy advantage. I expect long term I hope long term becomes easier to use Bitcoin privately, especially as people start to realize the need, especially as people start spending it more because a lot of people don't spend Bitcoin right now.
And when I when I try and conceptualize where we're going, I just all the all the the privacy gains that you get in the short term spending Monero overspending Bitcoin, as long as it's easily just easy to swap between the two chains, a Bitcoin user has those available to them. They can use CoinJoin. They can swap into Monero. They can spend with Monero. They can receive Monero donations and swap back into Bitcoin and hold it in Bitcoin. And to me, that's that's the ultimate gotcha. It means that, basically, XMR is like a utility token for a transactional privacy chain, and I value the project. I think it's very good work that's being done there, and I think it's useful to Bitcoiners.
But long term, I just don't see the incentive to not hold your savings in Bitcoin and just use Monero for short term transactional privacy until, hopefully, Bitcoin privacy gets better. And this is not this is where I get there's a lot of I butt heads with a lot of Monero people on this, is this is not necessarily my desire. This is my expectation. I think the way the incentives are set up, I think the different properties of the 2 change where Bitcoin is much harder, much more difficult to change, is is harder money to me. On a characteristic level means that, ultimately, it is the better spot to keep your savings. And as a result, the purchasing power will always increase against Monero long term.
That is my expectation. That's the expectation I'm operating under.
[02:26:24] Unknown:
Yeah. And I'm I mean, I think that's a that's a really common one. And the the concept of Bitcoin as savings and Monero as checking as a checking account is is another super common one. I I definitely I think that is a valid approach today, based on the performance of Bitcoin and the the spendability of Monero. We're seeing Monero acceptance increase drastically. We've seen a ton more FOSS organizations start to accept it as donations and preferred as donations. We've seen, a lot of companies start to accept it more. We've seen, like, coin cards accept Monero, so it's really easy to spend gift cards through there. So I think because the spendability of Monero is increasing, more places are accepting it. And because the Monero community is so focused on spending Monero and not just HODLing, which I'm not a fan of the whole HODL thing, I think that it it defeats a lot the purpose of cryptocurrencies even though it can be useful, so some people definitely can. But, because Monero focuses on the idea of spending and using Monero, I think merchant acceptance has been improving quickly. Donation acceptance has especially seen kind of the biggest gains, a ton of privacy focused projects, and people accept donations either only in Monero or primarily in Monero in Monero, which is is great to see.
[02:27:40] Unknown:
But I I mean, I think, ultimately, these things go hand in hand, and I butt heads on both sides of the argument spending versus HODLing because these networks for them to be truly distributed and censorship resistant, they need a native token to pay the miners. That native token needs to have value. Maybe in, like, a perfect theoretical sense, that value is just a stable value. But it's that that's not really feasible without entering third party risk, having some kind of centralized peg. So what happens is we have a free floating value. And, ultimately, better than that value going down would be that value going up over time and the network becoming more secure as a result. And you being able to spend that value needs that the token needs to have value to begin with. Right?
So I do think they kind of go hand in hand. I think people will have savings, and they'll have spend it. I I think good money, you should be able to save and spend without permission. I will, however you wanna do it. So so I do think that they I do think those two characteristics go hand in hand, and there's really not that much nuance in that in that discussion that happens. Like, it gets very extreme, especially on Twitter, where there's, it's not really a good, platform for it. And then the other thing you mentioned was donations, and I I think, like, donations is, like, a perfect example here where because Monero has stealth addresses where you're able to just post a a static string, to receive donations or a static QR code that interprets that string, without revealing what donations you've received and not having that issue, the same issue you have on Bitcoin where you don't wanna reuse an address because if if you have that static donation address in Bitcoin, you can just look it up on chain and see all the donations that come in and all the spends that go out.
Monero's had that advantage over Bitcoin for a long time, but now we're starting to see, we have a have a have a new, lightning invoice format that is being rolled out right now, bolt 12, which attempts to provide a privacy preserving static, either text string or QR code that gives you similar functionality to Monero donations. And that's a trend I expect to continue. So to me, you know, I I the the the long term value prop of Monero, I see eroding, but, you know, I don't pretend to know everything. I'm not gonna
[02:30:34] Unknown:
I'm not gonna lecture you. Yeah. And, I mean, I'll I'll just go ahead and make the call out that I am thankful both tools exist. I think that they Bitcoin has done great things. Without Bitcoin, Monero would not be here. Without people working on Bitcoin, many of the technologies that are fundamental to Monero would not be here. And Bitcoin just being the being the the lead, the alpha in the in the cryptocurrency space takes a lot of the heat away from an arrow and lets us just focus on building and not have to worry about a lot of the other issues. So, like, I don't want people to come away with us thinking, like, I hate Bitcoin. I I just the the the big things for me and I'll I'll I'll comment on the the l n thing in just a second. But, the big things for me are that Monero is easily spendable for anybody in a private manner. I I don't I don't question that Bitcoin is spendable privately by people like yourself or people who are using Ceramic Wallet today or who understand those concepts. My concern with Bitcoin is that we we don't improve the base layer. We don't provide better privacy.
And also coupled with that, that Lightning Network doesn't take off or it doesn't provide the privacy that people thought it would at first, which again is what happened with Bitcoin. The people thought it was private and then found out that there were too many issues, and then it didn't proceed. And then, obviously, Lightning inherits some privacy issues from the base layer, but that's a whole another topic. But my my concern is that we pull people more into Bitcoin, and they don't know how to use the tools. And there's only like, right now, there's only 1, in my opinion, privacy preserving wallet implementation. If that wallet gets shut down or if the samurai devs die or if the samurai devs leave, Bitcoin is in a really bad place, and that requires the servers that they're running to coordinate Whirlpool.
So if that stuff gets compromised, that could be really problematic, and that's not something that there's any real other great tool to jump into. But we have joined market. The usability is not great. But Yeah. I mean, I I know it's there, but greater problems of pulling people in to actually who can actually functionally use it, and it has the core problem of post mix spending is really difficult. But it it really comes back to, like, why I focus on Monero is because I want if I'm gonna focus on building a tool, and this is different than, like, the tools that I educate people about through opt out pod or through my blog. Those are not tools that I'm building and pouring time into. They're they're tools, many of them, that I donate to or that I help out with, like, bug requests and feature requests that I see are necessary. But the reason I focus on Monero is because I see that it's a tool that practically anyone can get into and use, and they don't have to be technically savvy. They don't have to be wealthy to pay fees. They don't have to to have access to a a node that they can run so that they can preserve their and not just one that I could use. I could use Bitcoin privately today, and it would be fine for me.
I mean, I I prefer to use Monero. It's much easier. I I prefer the the ease of mind that I have when using it, but I I have the technical skills. I have the money. I can afford the fees. I can afford the time investment to to use Whirlpool and spend funds. But I choose to focus on Monero because I want to I want to build a tool that's more easily approachable for other people. Any comment on that before I say a couple more things?
[02:33:53] Unknown:
I mean, I'd just to be clear, I respect you. I love the work you're doing. I I love your your your your your extremely motivated, and I I think you're fighting the good fight. And I, you know, I re likewise, I'm I'm glad that we have both Monero and Bitcoin. I I guess I mean, like, I've I view Monero as a tool of receiving and sending Bitcoin, basically.
[02:34:23] Unknown:
Yeah. And, I mean, it can it can function really well as that second layer. I mean, it really can be a in many ways, a more complete tool than Lightning, at least today, as a second layer for Bitcoin. And I am really glad that that's a possibility, and I love that the Monera community funded and is building atomic swaps that really, the atomic swaps that we're building benefit Bitcoiners. They don't really benefit Monero people, because if we're gonna be the ones on the other side of that, if we're gonna be market making for atomic swaps, we're gonna be gonna we're gonna be getting tainted UTXOs, toxic change. We're gonna getting all we're gonna be getting all that fun stuff and have to deal with mixing it or finding ways to sell it or trade it, or, there's gonna be a lot of people to be able to use Monero when and how they want. If you wanna use Bitcoin for savings and you wanna use Monero for for spending, that's awesome. I'm glad that that that that possibility exists. And, like, I think that's probably the most coherent approach that I see Bitcoiners take, just at least acknowledging that Monero is an extremely effective tool for spending money.
But I also think the the one with Bitcoin as a store of value long term is a tricky one because a store value really depends on really 2 things. It could be one of 2 things, but generally 2 things, which are network effect, that remains the the main thing that's being used to store value. And, generally, value increases as people use something and keep increasing the price by needing to buy back in and keep using it. A method of exchange generally leads to price stability, which can also help as a store of value because if the price is stable and slowly rising rather than rapidly increasing and rapidly declining, it's a much more attractive store value for more people.
And since Monero does so well at method of exchange, the argument could be made that that would lead to price stability and a good store value long term. Like I said, my my focus is not on price. I haven't looked at charts and compared and seen how these things specifically affect coins. I'm not really as concerned with that, but there are lots of other arguments around that.
[02:36:35] Unknown:
When I when I say price, though, I'm specifically referring to XMR versus BTC, like, not Fiat price. I'm talking about the 2 between the 2. But,
[02:36:46] Unknown:
Yeah. But, I mean, the the reason for the price differences is because Fiat price changes. I mean, if if we're being honest, it's not that there's a massive a massive market between Bitcoin and Monero. It's that people are buying buying Bitcoin with fiat, pumping the price, and Monero is not as purchased because it's restricted because people hate privacy, so it's not on as many exchanges. So I don't I don't I mean, I I agree that specifically, XMR versus BTC price is your focus, but, I mean, that is at the core, that's still fiat price. But, yeah, so far, I mean, like, I'll I'll just be quite honest. If I had held Bitcoin and not hold Monero, I would've and I don't hold Monero. I use Monero. But if I had only bought and held or used Bitcoin and not touched Monero, I would have a lot more money today. Do I regret it? No? I'm glad that I got into Monero and that I was I've dedicated the time and effort to to building up that tool and educating people. But, yes, I mean, price has not been kind to Monero, especially since I got into it, which is either unfortunate or maybe I caused something. I don't know.
But but, I mean, yes, I would have been better off price wise, but I think that Monero is a much more approachable tool that I I wanna get people into. You also mentioned something about network security relying on price increases. That that one is something that a lot of people I don't know. I go back and forth on that one. I agree that price increase can drive network security, but when something has a rapidly changing price, it can also hurt network security. But the the main thing to me is, what is the technological approach that's taken with Bitcoin versus Monero for long term network security?
And the one of the reasons that I like Monero is that the approach has been taken that we don't want to rely solely on fees long term to to support network security. We wanna make sure that there's at least some base stable layer of block reward that miners can trust will happen no matter what's happening with fees at the moment. And so for those who are new to Monero, that's called the tail emission. Essentially, what that means is that Monero has a a set supply. And then after that set supply, which I think May 2022 is when this will happen, it'll switch to something called a tail emission, and that tail emission will be that there will be point 6 XMR per block or point 3 XMR per minute depending on how you how you wanna look at it, emitted forever.
And I know to to Bitcoiners with your 21,000,000 cap out there, that's a terrifying concept, but it's really important to realize that it's it's what's called asymptotically approaching 0%. So because it's a fixed amount of Monero, when it's compared to the total amount of Monero, the percent of inflation is constantly approaching 0%. And it's also already a lower inflation percentage than Bitcoin and gold. And, again, that percentage will continue to decrease. So it's it's a very small inflation that is known, that is predictable, but that provides a base level of network security to what happens with fees.
And that is definitely a concern for Bitcoin long term if when there are less Bitcoin per block in the block subsidy or if there are when there is no Bitcoin given out in the blocks of the block world. Well, there'll never be no Bitcoin given out.
[02:39:51] Unknown:
It just it halves forever. Well yeah.
[02:39:55] Unknown:
Essentially, no. Yeah. It will never have to 0, but it'll be very, very, very strong. Purchasing power increases, like, we've seen even with all the havings we've had,
[02:40:05] Unknown:
like, the reward the subsidy paid to miners now in purchasing power is significantly higher than the reward that was paid to the concern in terms of supply with with the tail emission on Monero is less so than the fact that for better or worse, Monero is is easier to change, and and Monero stakeholders have taken advantage of that to adapt quickly. But as a result, it means that any guarantees you have in terms of what the protocol says it's going to be, are reduced because you don't you don't know if, it'll change out from under you. So, like, even, you know, like, something that's that's a if if you if you take an altcoin that has let's say that they're actually holding a 21,000,000, supply cap, in the protocol now. That supply cap promise is significantly weaker than Bitcoin's because Bitcoin has shown that it's extremely hard to change, So you have a a much stronger guarantee that that that that will be held, and it won't be changed in the future out from underneath you.
[02:41:34] Unknown:
Yeah. I think there's there's kinda 2 key points I'd like to make in response to that. I mean, one is I don't think that it's valid to really be concerned about the supply changing in Monero. Just like in Bitcoin, the supply is purely social consensus. If social consensus changed in Bitcoin enough that the supply wanted to be changed, it would be changed. It's it's just code. I mean, it's not gonna change. But I know. Yeah. I know. I I agree. I don't think that Bitcoin's never gonna make any large base layer changes in the future, and supply is something that is obviously that's, like, the number one narrative for Bitcoin. So I I don't I don't see that changing. So I'm not saying that. I'm just saying it is social consensus.
And thankfully for Bitcoin, at least as far as number go up, the supply is fixed. Social consensus is that the supply will stay fixed. It's not gonna fork in any real changes anyways, so that's not really a concern there at all. But it's also not a concern in Monero because it's, again, social consensus. If if people were to want to change the supply, it would have the same impact it would have on Monero, which would be to destroy trust and destroy the fundamental guarantees that have been existent since the Genesis block in Monero. So, I mean, that's it's never that's never gonna happen either, and it's not like Monero is small. Monero is a very large community and a very large project compared to most altcoins.
But, yes, in comparison to Bitcoin, it is it is a much smaller community. The other key part though is that this unwillingness to change in Bitcoin, which is good for things like supply cap, is also very bad for things like increasing the base layer's privacy. I mean, this is something we've seen. There have been many proposed approaches to increase the privacy of the Bitcoin base layer, many of which have gone on to be included in Monero and and used regularly with great success. But those changes have been denied simply because people either do not wanna sacrifice the narrative of the back of the back of the napkin math on looking at the total outputs to calculate the supply of Bitcoin versus trusting in some some cryptography for that, or it has it has just not been implemented because people didn't want to take the risk of implementing a serious change into the Bitcoin base layer. So there is the I mean, the the niceness of Bitcoin being hard to change also has serious side effects in that Bitcoin's layer 1 privacy will probably never improve, or at least it doesn't seem like it will improve noticeably. Hopefully, it will. Again, many of these things I'm saying about Bitcoin, I've said this many times before on Twitter and other places, but the best thing for the world would be for Bitcoiners to wake up to the need for privacy, to wake up the for the need for the the spendability of Bitcoin to be improved, the fungibility to be improved, and to make the necessary changes to the base layer to make that happen. I would love that. If we had no need for a Monero in the world, that would be freaking awesome. I would be so happy. So, like, don't take what I'm saying as something where, like, I want Monero to beat Bitcoin or anything like that. I would much rather Bitcoin just evolve into what the world needs, in my opinion, rather than needing a Monero. But but because I see that as unlikely, that's why I why I focus on, on Monero.
[02:44:42] Unknown:
Yeah. I mean, there's 2 different approaches, trade offs like everything else. Look. I I appreciate I I appreciate you having, this discussion with me on air. I hope the freaks appreciate it. I mean, regardless, I think before the Monero topic came up, we had a very, very important discussion on mobile phone privacy. So I know the freaks will find that extremely helpful, but I also hope they found it helpful our discussion on Monero and Bitcoin, and the different trade offs that both projects are making. Yeah. And I just wanna reiterate that I, you know, I respect you, and I'm I'm really glad you came on the show. I I I respect what you're doing with opt out pod. I think it's one of the best podcasts in the space. I don't want Bitcoiners that are listening here to get discouraged from listening to opt out because, Monero really isn't the main focus.
Privacy and sovereignty is, and it's it's a fantastic show. So I really do appreciate the work you've done there. It's not even it's not even cryptocurrency
[02:45:56] Unknown:
centric. That is definitely obviously a topic that comes up. We've talked about Bitcoin more than Monero, but, yeah, I definitely don't I don't want people to think that it's like a a Monero only podcast or anything like that. That is not the focus. It is much more similar to the earlier discussion we had for the first couple hours that that focused on Kallix and using different tools to opt out.
[02:46:14] Unknown:
100%. And I expect insecure bit corners to come at me probably for this last segment. I will reiterate to them that open discussion of these very important topics is good for everybody and that as soon as we stop having open discussion, that's when things start to degrade and things get a lot worse. So it's extremely important that we have open discussion on on all of these topics, and that's one of the reasons why I started dispatch. That's one of the reasons why there's no ads or sponsors. It's completely funded by the audience. Buy us for us.
Seth, really enjoyed this conversation. You have any final thoughts before we wrap up?
[02:46:59] Unknown:
No. I just I really wanna say thank you for having me on. I mean, I know that having on a a shit coiner like myself is sometimes detrimental to your, your Twitter health. And I'm sure you're gonna take a lot of flack for it. But but like you said, I I think that it's hopefully, I didn't come off as too aggressive or abrasive specifically about Monero. I get fired up about that. But if anyone is just surely anti Monero, listen to the rest of this this dispatch. It's been a great conversation. And I just I know you you took some some risk in social circles having me on, but I I think that this this concept of kind of pushing the boundaries of just Bitcoin privacy into more general privacy journey is so vital. And I really hope that more Bitcoiners they they fall down the Bitcoin rabbit hole, they fall down the Bitcoin privacy rabbit hole, and then they fall down the the general privacy rabbit hole because it's it's really I mean, that's that's the way I have gone through. I'm I'm here because of Bitcoin, Privacy Maximalist.
That's why I'm I'm into the tools that I am. That's much of why I created a podcast. That's much of why I created a blog. So I'm I'm really grateful for for you, for the content you're putting out, and just just grateful to to be able to come on, to chat, to have some really good, I think, meaningful discussions about mobile privacy that that really can they can change things for the better on a on a large scale. It is very much about personal privacy, but with all of us opting out of the the tools that that the government and the corporations are trying to use to surveil us and pulling others along with us, we I think can have a a really major impact on the world for good.
So I hope that more people take the time to to learn about those tools, to to gain more knowledge and understanding, and to just pull pull their friends and family and pull, their online communities in, really try to be the one pulling pulling people down the privacy rabbit hole and and, making a change in the world that way. So, yeah, really grateful for this time. I love what you're doing with with dispatch, all the educational content you've done in the past. You are one of my absolute favorite Bitcoiners, and, yeah, just had a great time chatting, Matt.
[02:49:04] Unknown:
Thank you, Seth. The feeling is mutual. I'm I'm I'm glad I'm glad to have you have you on our side in this fight. It's it's the most important thing as far as I'm concerned, and, yeah, just just thank thank you for joining, and thank you for everything you do. Big thanks to the freaks who joined us in the live chat, to the freaks who support the show and keep us going. And thanks for everyone for listening. Appreciate you all. Thanks, Seth.
[02:49:34] Unknown:
Thanks, Matt.
[02:49:40] Unknown:
It's been a ride. I guess I had to go to that place to get to this one. Now some of you might still be in that place if you're trying to get out, just follow me. I can too. You can try and read my lyrics off, but it's capable for all I am. But you won't take this thing off these words before I say them. Because ain't no way I'm gonna let you stop me from causing them. When I say them, I do something, I do it. I don't give a damn what you think. I'm doing this for me. So fuck the world, feed it beans, it's gas stuff. If you think it's stopping me, I'm a be what I set out to be. Without a title, I'm tired of bleeding. All those who look down on for Christmas. His gift is a curse. Forget that earth has got the urge to pull his dick from the dirt and fuck the whole universe. I'm not afraid, I'm not afraid to take a stand, take a Okay. Take away your senses and shit and cut the crap. I shouldn't have to rhyme these words in the rhythm for you to know it's a rap. You said you was king, you lied through your teeth. For that, fuck your feelings. Instead of getting crowned, you're getting capped into the bands. I never let you down to get them back. I promise to never go back on that promise. In fact, let's be honest, at last we last see the was aired. Perhaps our random accents fucking black cloud still follows me around but it's time to exercise these demons. These motherfuckers are doing jumping jacks. I'm not afraid. I'm not afraid to breaking out of this cave. I'm standing up. I'm a face my demon. I'm manning up. I'm a hold It was my decision to get clean. I did it for me. Admittedly, I probably did it subliminally for you. So I could come back a brand new me you helped seen me through. And don't realize what you did, because believe me you, hopping through the wringer, but taking too little to the middle finger. I think I got a tear in my eye, I feel like the king of my world. Haters can make like bees when those fingers end up ripe gay. No more beef fingers, no more drama from now. I wanna promise to focus solely on handling
[02:53:57] Unknown:
Love you, freaks. Thanks again for joining another dispatch. Looking forward to our HR this week on Thursday, and I'll see you next Bitcoin Tuesday for another great dispatch. Cheers. Stay humble. Stack stats.
The overly broad definition of the word broker in the cryptocurrency bill
The lack of understanding of cryptocurrency among senators
Mobile phone privacy and the importance of personal privacy
Comparison between Calix and Graphene privacy guarantees
Difference between GrapheneOS and CalixOS in terms of app compatibility
Micro g as a privacy-preserving alternative to Google Play Services
Discussion on using Calix OS with or without Micro g
The unique funding model of the Calix Foundation
The importance of funding development costs in the FOSS ecosystem
Choosing the right Google Pixel phone for Calix OS
The benefits and risks of using Google Pixel devices with Calix OS
Installing apps on Calix OS without Google Play Store
Using Kallix OS and recommended apps
The limitations and workarounds for certain apps on Kallix OS
Threema's background service for message retrieval without Google Play services
Reasons for not using Micro g
Benefits of paying for privacy-focused apps
Concerns with Bitcoin's base layer and privacy
Challenges of pulling people into Bitcoin
Focus on Monero as an easily approachable tool
