EPISODE: 0.3.6
BLOCK: 697424
PRICE: 2067 sats per dollar
TOPICS: simple tips for securing your home network, privacy focused open source routers, pfsense, freshtomato, pc engines apu, hosted vs self hosted vpns
@jamesob: https://twitter.com/jamesob
@_k3tan: https://twitter.com/_k3tan
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch​
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch​
telegram: https://t.me/citadeldispatch​
support the show: https://tippin.me/@odell
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
Are more likely to own cryptocurrencies, and they're overwhelmingly choosing, digital assets over more traditional ones. And Kate Rooney is here with some new data. Makes me feel young that maybe I own some. K? Forever young. That's true.
[00:00:17] Unknown:
That's right. Well, Joe, these new investors are more bullish on cryptocurrencies. This is according to our new Invest in You next gen survey conducted by CNBC and Momentum. Those new US investors who've gotten to the markets in 2020 or later are more than twice as likely to own cryptocurrencies that's compared to more experienced traders or those who started in 2019 or earlier. That newer investor also tends to be more optimistic. More than a third say they think Bitcoin prices will be higher at the end of this year. That's compared to about a quarter of the larger investor base. Bitcoin, meanwhile, headed in that direction over the weekend. It's hitting a 3 month high above 50 $1,000 hit that over the weekend. And individual stocks, though, are still number 1 with about a third of new investors holding shares of individual companies. But in a close second, 26% of new US investors own crypto. That is more than twice the level of ownership in mutual funds or ETFs, and it's more than a third of what, real estate or bond ownership is for that group. And as far as the broader population, 1 in 10 US investors now say that they own crypto. Men are twice as likely as women to hold digital assets, and roughly half of all US investors say that crypto is, quote, high risk. But there are some differences in opinion depending on age. And about a third of those 18 to 34 say it's risky, while those over age 64 are much more skeptical.
More than 2 thirds describe it as a high risk investment. Guys, back to you.
[00:01:54] Unknown:
Let me ask you just one thing, Kate, quickly. What are the takeaways, for banks, for Wall Street Banks, brokerage firms that are trying to cater, to this new investor base? We saw how important it was, to Robinhood's results.
[00:02:08] Unknown:
Yeah. Absolutely. One of the big takeaways is how important mobile is and having a good mobile interface. The new investor group that we surveyed is more than 3 times as likely to place a trade on mobile, so it really highlights the importance of having a sleek interface. And the other thing is just the importance of cryptocurrency overall. So we'll see if, you know, a year from now, it's more than just Robinhood and Coinbase offering crypto. Another interesting finding is that they're more likely to find, investment advice on social media. They were more than twice as likely, than the average to get investment ideas on social media, so it may have an implication or 2 for, the financial advisers in that industry.
[00:03:24] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Matt Odell, here for another episode of SIDEL Dispatch, the interactive live show about Bitcoin distributed systems privacy and open source software. We're back to our regular programming after last week doing a Bitcoin Tuesday happy hour on Twitter Spaces because I had my guests and topic fall through. But I'm very excited, for today's topic. Before we get started, James, I can hear, like, some rumbling coming from your mic.
[00:04:01] Unknown:
Let me see if I can look into that.
[00:04:03] Unknown:
I'm just gonna mute you for now. Yeah. Perfect. So I wanted to do a quick shout out to the rider dive freaks in the live chat. You guys join every week, and you fucking make this show truly unique and truly special. So thank you all for joining, and, a big shout out to all the freaks who support the show. Ciddle Dispatch, as you know, is a 100% audience funded with no ads or sponsors, so you guys make that possible. The easiest way to fund the show is through the podcasting 2.0 platforms. If you go to new podcast apps.com, choose a podcasting 2.0 supported app, search Citadel dispatch, load stats up. You can stream stats directly to the show as you're listening via the podcast feeds.
You can also donate via lightning or [email protected]. That's also where all of all of our archives are. My pay name is easy to remember. It's simply Odell. And there's also merch available if you go to citadel dispatch.com/stack. Right now, the supply shortage has hit citadel dispatch. We are out of hats, but if you place an order, you will be first in line when they come back in stock. I can't get those nice trucker hats, the the mesh back Richardsons that I really like. And I refuse to compromise, so I'm hoping that my supplier, gets new hats soon.
What else do I have? Yeah. If you want if you're listening to the podcast feed right now, I had some people reach out, and you're like, how do I join the live chat? Ciel dispatch is streamed via Twitch, Twitter, and YouTube. All links are at cildispatch.com, and if you comment on any of those platforms, it automatically pulls your chat into, the live feed where we can answer your questions, and you can just participate. It's it's it's really fantastic having, all the rider dive freaks join us. So with all that said, today's focus is gonna be on our routers.
Those little devices that you have in your home often supplied by your Internet service provider, whether that's a cable company or Fios or some shit like that, that controls everything in your home in terms of Internet access in your local network. A lot of times, people just kind of disregard it. They think it's just a magic little device that has a very long password that is automatically generated by the Internet company that gives it to you. But, really, it's the command and control center of your home. It is, it's a little computer that is basically, you know, connecting all of your devices and connecting them to the wider Internet. It's a very important piece of technology.
I think this conversation will have a lot of good overlap in terms of previous conversations. Specifically, the one I've been thinking about a lot lately, is that they'll dispatch 31 where we talk about home mining. And when you're home mining, you, you know, you have you have your your miners connected to your router, and you're potentially doxing your your IP address to your mining pools. You're also giving a bunch of information to whatever your router is. Your router basically knows everything that's happening in your network. So that was a little bit longer of an introduction than I usually do, but I'm happy to say that 2 close friends are joining us today.
Both repeat guests on sale dispatch. We have James O'Byrne. James, how are you doing over there?
[00:07:36] Unknown:
Hey. I'm doing great. Is my mic sounding any, less rumbly?
[00:07:41] Unknown:
Yeah. You sound better now. It was, like, just a constant low but going on or no? No. You're you're good now. Okay. Great. Yeah.
[00:07:50] Unknown:
The Texas heat probably has my fans whirring a little bit.
[00:07:54] Unknown:
That might be it. And we got our boy, Catan, here. How's it going, Catan?
[00:07:58] Unknown:
Good day, Matt. How are you, Matt?
[00:08:01] Unknown:
So what do you guys think about my introduction about what a router is? Like, how how how would you describe it?
[00:08:08] Unknown:
Yeah. I think it was really good, you know, for a lot of people, for myself included for a long time. A router is just this kind of, like, magic black box that you plug in an Ethernet cable into. And as long as you see the blinking lights go and the network connection comes up on your host, you know, you're pretty happy. You know, the most you might interact with it is turning it on and off, if you have some kind of a problem. But router is a really critical piece of infrastructure, for your home network. Basically, it mediates, you know, every packet that flows in and out, of, your computers to the broader Internet. So it's a it's a really important device.
[00:08:52] Unknown:
And I think it's even more important now, with the advent of Bitcoin that we secure our networks. Sure. We have things like hardware wallets to protect and and and those sorts of things, for our cold storage, but if we're running nodes, Bitcoin nodes, that also have lightning network on top of them, it becomes really important that our network is something that we look at, to to protect, and that can be achieved through routers.
[00:09:28] Unknown:
Yeah. For example, if your router was compromised, in a certain way, you might be vulnerable to what's called an Eclipse attack, meaning that, conceivably, if somebody controls the software on your router, they can control the nodes that your Bitcoin node is talking to, and and they could potentially eclipse you from honest nodes on the network. So that's that's just one of many attacks that, you know, might be capable if someone, had control over your router. So it's a it's a really critical piece of equipment.
[00:09:56] Unknown:
So in case of an Eclipse attack, basically, an Eclipse attack is when an attacker feeds your node, basically fake blockchain data, And the the main purpose is to either trick you into thinking you received Bitcoin that you didn't receive, or I guess I that's what's happened to to exchanges. I think it happened to Coinbase on Ethereum Classic, But I guess, presumably, it could also trick someone into thinking they didn't receive Bitcoin when they did receive Bitcoin. But it's harder. I I can't, like, really fathom how you would use that against someone. But the main way is to trick you into saying, like, look. I sent you Bitcoin when in fact you didn't because it is faulty blockchain data. But, with with Lightning, with Hotwallets specifically connected to the Internet, a lot of people might be using a Raspberry Pi Blitz or an Umbrel or something like that.
You also have a direct security issue in terms of, it's a hot wallet connected to the Internet, and that's connected to your router. So if your router is compromised, someone might be able to drain funds directly from, your lightning hot wallet. I feel like we kind of just jumped in hard. I wanna pull it back for a second. So first off, most people in America, at least correct me if I'm wrong, Khitan. I don't know if it's the same by you. But most people here, the router they use is the router that they get in the mail or the cable provider guy brings when he comes over. And it's it's usually branded with, like, Verizon on it or Cablevision or something.
And they're just kinda handed this device, And and they say to plug it in, and you will just protect your privacy.
[00:11:48] Unknown:
Yep. That's exactly how it works here as well, but just different manufacturers. So it won't be, you know, it it it won't be, like, a specific, like, Verizon or anything like that. It might be. It might be like something like Optus over here, but it's also just a generic hardware like NETGEAR or TP Link or Asus. They might give you something like that.
[00:12:11] Unknown:
So if someone's using that type of device, why should they care about listening to the next hour of our conversation?
[00:12:21] Unknown:
I think what you could do is, get more out of it. So that's one thing that we need to do. We can get more out of our router, but we can also utilize some of the functions, to to improve our security and improve our privacy. So that's probably why you'd wanna listen to the next hour or so. But, also, some of these, routers are also the the firmware that's on them is closed source, and there have been backdoors, intentional backdoors placed into some of these companies, which have, yeah, proprietary software that nobody can really look at. And there have been known cases of, you know, unauthorized access into home routers.
So I'm not trying to be alarmist. I'm not trying to be, I guess, spreading fiber or anything like that, but, it is something to be cognizant of.
[00:13:21] Unknown:
Yeah. I think that's that's a really good, thing to follow-up on there. You know, there's a lot of disparate evidence that, nation states in particular, do engage in supply attacks because it's just such a a sort of asymmetric payoff. Right? If if you only have a few manufacturers of routers, if you only have a few big telecom companies, then, you know, inserting instrumentation into into these few points, that are deployed so widely and and mediate, so much critical infrastructure is is really, really appealing. And so, you know, I wanted to just mention, a few interesting things that you can look at, you know, as data points. The first is a talk that I really enjoyed by a guy named Rob Joyce, and, he was the chief of Tailored Access Operations or TAO at NSA for a while. I think he's still at NSA, and he gave a talk in 2016 at Usenix, about ways in which the NSA, you know, compromises networks in in pretty broad terms. And, I have a quote from him here, I think.
He says so you'll hear a common theme throughout my talk. It'll boil down to a couple small things. The theme I want you to take away is if you really wanna protect your network, you really have to know your network. You have to know the devices, the security technologies, the things inside it. So why are we successful? We put the time in to know that network. We put the time in to know it better than the people who designed it and the people who are securing it, and that's the bottom line. So he goes on to kind of insinuate that, you know, you may not fully understand the devices that are, running your network, and I think that's that's a pretty good indication. You know, we we know from the Snowden leaks, for example, that, supply chain attacks are are are are fairly commonly used. So I think it stands to reason that that, you know, it's likely that a router that you could be handed from your ISP, you know, may well have a a backdoor on there. Another data point that's kind of an interesting anecdote is, you know, even if you're not talking about, say, a US security agency, you know, There was a a famous hack, a few years ago, discovered that was done by a company called Supermicro Computer Inc, and they do, 3,300,000,000 in revenue, you know, per year as of, I think, 2018.
They manufacture motherboards, and it was actually discovered that there was a chip sitting on this thing sort of in plain sight, that was that was malicious. So, you know, pretty much any sophisticated actor, I think, is gonna try and go after, these these network devices.
[00:16:01] Unknown:
I mean, I would go even further. I I mean, I think for the average person, if you're trying to prevent a state attack from the United States or one of the more countries like a China or maybe even a Russia, you're probably just gonna paranoid yourself into discouragement and, poor user experience, very, you know, bad convenience. And I to to most people, I I would say, you know, you don't even include that in your threat model. You kinda just you try your best, but you you just kind of operate under the assumption that if if you're if you're targeted, you'll probably get owned. You know, with the supply chain attacks, a lot of times, what we saw was, you know, it was specific suppliers. They would see a Cisco switch or router go, to a specific place, and they would intercept it midway, and they'd put in some kind of hardware backdoor. But with the ISP routers, there's this element, and we we talked about it on dispatch 34, when I had Seth Simmons on.
There's this element of corporate surveillance where they bake in a lot of surveillance items into their devices, and into their software stack to both analyze what you're doing, and they claim a lot of times, they'll claim, like, oh, we're doing that so to keep the network healthy. You know, we want we wanna know how our users are using our devices to keep our network healthy, deliver you the best service. But, also, a lot of times, it's for targeted marketing and monetization in terms of customer data, which has become extremely valuable. So not only will a lot of these, you know, ISP supply devices, come with that prepackaged, then you have to wonder, not only who are they selling that data to, but can that data be compromised. Right? And and, often the case, that data does get end up compromised because they they're not able to secure their systems on their side well enough.
[00:18:06] Unknown:
Absolutely. So, you know, whether or not it's a nation state, you could see a fairly sophisticated attacker maybe gaining access to Verizon's systems, and then, you know, Verizon themselves maintain some kind of a backdoor into equipment that they're giving out to customers, for example, you know, that that could that could end up poorly.
[00:18:28] Unknown:
And, James, what didn't you mention in that tweet the other day that you were, like, sniffing traffic on on the router you were using, and it was it was basically communicating back to, like, a phone home server that was operated by the manufacturer?
[00:18:41] Unknown:
Yeah. So, what happened was, I use a router at home, that I sort of built, and we can talk a little bit about that later. But, in order to get Internet actually up to the 3rd floor of my house, in the process of, you know, getting ready to run Cat 5 through my walls. But, basically, I needed to use a little, wireless receiver manufactured by Asus. And, yeah, I was I was, looking at TCP traffic and or I'm sorry, network traffic, and, I saw this mysterious traffic on a on a port that I didn't recognize coming from the Asus host. And I looked that up, and, it turns out that they're yeah. They're this this little network device ships with the server that it runs, that has a known vulnerability, that allows remote code execution.
And so, you know, that's obviously not something that's not network traffic that I wanna facilitate because, you know, that could lead to a vulnerability.
[00:19:48] Unknown:
Catan, you have anything to add here before we move on from ISP routers?
[00:19:53] Unknown:
Yeah. No. I think that's just scary stuff, to see to some of these, you know, devices that are out there. Yeah, you've gotta be very, very careful with what you put into your network. And so, yeah, having open source software is probably a better outcome than, something that's, you know, proprietary.
[00:20:15] Unknown:
And I would I mean, I would add here that depending on where you live, some some Internet providers, and you see this a lot when they, like, bundle in phone and video. They they they say that you can't use another router, or modem. If you have fiber, then you don't need a modem, but, they'll they'll tell you that you can't use another device except the device that's supplied for them, and they kind of, like, brick their software stack in a way that, like, you you can't, like, you can't use the you can't use the TV or you can't use the phone unless you use their device. For those people, I mean, besides trying to find a better ISP, a lot of times you don't have competition there.
First, I would say, if you go for the Internet only plan, you have a lot more, wiggle room. There's a lot less they can do. Even if they tell you you can't use your own, device, most of the times, you can figure out a way to use your own device. But, also and I guess we should probably go into this. I don't know if we go into it now, but you can run a device that sits within, you know, you you can run a a device that sits within your home network that everything else connects to except for, like, the ISP stuff, like the TV or the phone or whatnot. Right?
[00:21:47] Unknown:
Right. So if you think about, what a router is, sort of metaphorically, it's basically like almost a diplomat. So, you know, you have a country of people that's, you know, the the hosts on your network, your laptops, your phone. And then the router is like a diplomat that communicates with the rest of the world, and all all communication goes through the diplomat. And, so what you could do is sort of, like, have a diplomat to the diplomat. So you could introduce your own device, and all the ISPs router knows about is that that single device. And in that way, you can insulate your hosts from, the device that ISP has given you.
[00:22:32] Unknown:
Yeah. I I I think we should probably go into some actionable steps for beginners, of what I think you could probably, sort of, do if you're just not even you know, if you're just starting down this rabbit hole, I think the first thing that you want to do is actually log in to your router page. Your router page is something that you can, it's like the interface, the command, that Matt was talking about earlier, the command the control center. And, basically, when you log in, the website is, like it's httpcolon/ 192 dot 168.one.one.
I've seen it as 192 dot 168 dot zero dot one. I've also seen it as 10 dot zero dot zero dot one. It really just depends on the manufacturer and the maker of your router. But if you're on the same network, you should be able to call to, that router and log in. And the first thing that will happen is, you'll be presented with a, a login page. If you've never done this before, you will probably get a default, I guess, username and password, and that default username and password is admin. Usually, it's admin and the password is admin. Sorry. Yeah. Or the password is just password.
So there are weak, passwords. So the first recommendation that I have is to log in using these, default username and password and change the password to something a little bit more secure using a, password manager. And you wanna make sure that you save that password in case you need it for the next time. Otherwise, you're gonna have to reset the router. So that's not fun. So be sure to change that in the administration function of your router. Now the reason that I'm saying this is because if, for example, you bring, you know, someone, a friend or family comes over and they want access to your Wi Fi, You give them the password to your WiFi, and they can just easily go into 192 dot 168.1.1 and log in to your router control room, using the, a default username and password.
[00:24:51] Unknown:
Not ideal. I've done that at Airbnbs before.
[00:24:54] Unknown:
Yes. And, yeah, you can see that at sort of like Airbnbs and hotels and those sorts of things. Hotels are a little bit different, but, yeah, Airbnbs and people's homes, they usually have left their routers at, yeah, on on sort of yeah. It's just the default. So it's not ideal, and I've seen this at, other businesses as well when they you know, you log in and they provide you with free Wi Fi access. You get in, and, you can then control their router as well. It's not a very good look. Now
[00:25:26] Unknown:
yeah. Go on. Oh, I was just gonna say, another nice thing you can do on some routers is through this administrative panel you're talking about. You can set up a secondary guest network that basically isolates your hosts from, you know, anybody who might come over.
[00:25:40] Unknown:
Yep. So I'm I'm I'm gonna talk a little bit about that. But the first one, I think, is get that administration, username and password something different to the default. So that's number 1. Number 2, your Wi Fi password itself. When you, give out your Wi Fi password, it needs to be something not the default, and it needs to be quite secure. So what I would recommend is if you go onto the eff.org website, there is a word list that you can use to roll dice. So, basically, what you do is you roll, 5 dice and say you get a 3257 3251 2, you you Google, you, basically use that number, and it will give you a word. You put 5 of those words together, and you roll your dice 5 5 times, and you'll be able to get a nice clean password, that is relatively secure and random. So that's what I would recommend as well is making sure that your Wi Fi password is secure, and it uses at least WPA 2 on the encryption method.
WPA isn't something I I think that that's been well known to be vulnerable at this point. WPA 2 with a decent password is pretty good, and then the new encryption standard, I think, is now WPA 3, but that's on newer routers. And I don't have that at my place, but, your newer models of routers will probably have that encryption standard as well. So that's the second tip that I'd, I'd I'd give is to change your Wi Fi password to something a little bit longer and a little bit more secure. And then the third thing in the as James mentioned, for the for for, in this in this router control room panel, you can set guest Wi Fi's. And what that will do is it will broadcast another Wi Fi to which you would give another password to, and all of your guests, or or devices that you don't trust will sit on this guest Wi Fi. And that guest Wi Fi won't give you the access to your trusted network, and it won't give you access to any other devices within the within the network as well. And so things like your Samsung TV, a Chromecast, security cameras, work laptops, these are the types of, I guess, devices that you want on a guest network rather than on your trusted network. Your trusted network should ideally have things like, your Bitcoin node, your Calix OS flashed mobile phone, your Linux laptop maybe.
These are the types of devices that you you know and trust, and those go into the trusted area. Everything else kind of goes out to this guest. And when your friends come over and you've got family over, you give them the guest Wi Fi password. So those are my top three tips for just getting started, when it comes to routers at home.
[00:28:46] Unknown:
It's great.
[00:28:50] Unknown:
That's awesome. And, yeah. No. That that that is great. So we have some basic router tips if you're just using if if if you don't wanna go too far down the deep end right now and you just want some quick, easy, improvements you can make. They're not perfect, but they're they're quick, easy improvements that you can literally do within, like, 10 minutes. I would add that a lot of routers, like, if you look at them, it'll tell you, like, on the router, it'll say where that admin page is, rather than going back and scrubbing to where Katan listed out the common IP addresses that they give you. And usually, it'll say the password and the the username, the default password and username on the device, which is one of the reasons why you should change it. Because even ISPs that make it something presumably more secure, if someone is at your at your place, they can just pick up the router, and they can they can see what the login information is.
Right. So I guess at this point, do we dive deeper? Is this Well, let me
[00:30:11] Unknown:
I I just wanna emphasize the importance of Catan's advice, especially his, you know, the third point there. Because, I think many many people don't realize that if you put a device on your network, you know, and that device has access to the broader Internet, let's say, buy a smart TV or, you know, some kind of a media device, and you put it on your home network. There are all kinds of things that that device could be doing, and you have no way of of really knowing. You don't have any way of examining the code, or you don't really even maybe know what the the hardware actually is in there. And that could be doing any number of things like surveying, you know, the computers that you have, the services that are running. You know, it could be telling the outside world that you have a Bitcoin node running. So it's really, really important if you can, if it's easy to to isolate these devices to a separate network.
[00:31:05] Unknown:
Yeah.
[00:31:06] Unknown:
I'm glad you reiterated that because I and most people nowadays, we have so many connected devices.
[00:31:12] Unknown:
Right. Right. It's really easy to lose track of everything.
[00:31:15] Unknown:
You may not even realize when you log in to the admin page, one of the things you can see is that all the connected devices,
[00:31:30] Unknown:
Oh, we can talk about a few different things. We could dig more into what a router actually does, or we could talk about the different levels of security in terms of, you know, if you wanna go beyond, using an ISP supplied router. I don't know. Whatever you think.
[00:31:45] Unknown:
Okay. So let's let's I guess, let's take it in steps. Right? So so we have an ISP router, and I I wanna buy a new device. I wanna get a new device, instead of this router, and I wanna replace it with that. What what should I get? What what should I do? Should I just go on Amazon and just buy a device?
[00:32:07] Unknown:
You could. In in in my mind, you know, using a device that isn't isn't sort of known by your ISP is is maybe an improvement because if somewhere in some database, your name is next to, say, a a router model number, then, it makes it more feasible for, you know, an attacker to see maybe what, you know, vulnerabilities are associated with that that model of router. So if you kind of bring your own router, even though, you know, maybe, a router you might buy off the shelf might still have some vulnerabilities, associated with it. At least it's not, like, right next to your name in a row on some database.
[00:32:49] Unknown:
Yeah. The other thing that you might wanna look at is the if you are purchasing a new router is the ability to flash, just like we flash, our mobile our our pixels with the Calix OS. You can also flash, routers with more open source, router firmware, that so I have, for example, a Netgear r 7000. It's it's it's a fair fairly popular model, and this thing is, like, you can put, you know, DD WRT. You can put Fresh Tomato on it. And and what this is is just our our our open source firmwares that, you know, open up a lot more capability than, say, Netgear's stock standard issued, firmware.
So if you are looking to get a router, make sure that it is like, if if if you want to go into this a little bit further, then you can, see if that model is available for flashing, on the websites of these, like DDWRT or, Fresh Tomato, and that could give you a little bit more, room to to grow with your router.
[00:33:59] Unknown:
You know, Ketan, as you're saying that, it strikes me that another good, piece of advice for, you know, people who don't wanna go super far down the rabbit hole is that, if you are gonna use an off the shelf router or, you know, even a router supplied by your ISP, it's worth making sure that the firmware that you're running is up to date, because, you know, routers have a lot of vulnerabilities associated with them, and they're constantly being discovered. And so, it's likely that the router shipped with an older version of the firmware than probably is current. So it's, you know, it's it's a pretty easy process to update your firmware, so that's something, for people to look at as well.
[00:34:37] Unknown:
Definitely. Yeah. I forgot about that. That that's a good point. Yeah. Keep your router firmware up to date even if it's issued by, a company. Yeah. And it's proprietary. It's a good worthwhile, thing to do. Definitely.
[00:34:52] Unknown:
So, you know, thinking about what you just said in terms of flashing, you know, maybe some, third party firmware onto a device that you might buy, I I think that's really interesting, and I think there are some really good projects out there depending on what hard hardware you have. You know, I know pfSense, for example, has been around for a very long time, and it is an excellent project. And I think we're gonna talk a little bit more about that. But, you know, I think you also have to be a little careful because when you start wading into 3rd party firmware, you know, you start introducing, more third party trust, unless you're really gonna sit down and scrutinize a project. And so, you know, sometimes I worry with a lot of things that, something that is marketed as being security focused, you know, prepared by, somebody who is in a device manufacturer.
I mean, that, you know, that could easily be a honeypot. And so it introduces a little bit of complexity into thinking about your your threat model here because, I think if you're gonna go the route of a 3rd party firm where you have to sort of scrutinize who it's coming from.
[00:35:58] Unknown:
I totally agree. I agree. I I would agree with that, analysis. Yeah. I I think there are projects like pfSense, which I think are are working in the, I guess, the the the the the open source community and that it's not like that these, open source communities haven't had, I guess, vulnerabilities in the past. That's not that's not the, it's not like a stop gap. You can't just completely say open source routers are are are gonna be vulnerability free, but they do provide some level of assurance that there's no, at least, you know, backdoor.
And, again, if you're not scrutinizing the code, then it's probably a a little bit more difficult to say. So I I completely accept your point, that, yeah, you know, some of the well, like, well known ones, maybe not a honeypot, but some of the more, you know,
[00:36:56] Unknown:
I'm sorry. Don't definitely don't, like, don't Google search privacy focused router and then, like, buy a router from some no name company, that's claiming to protect your privacy. Right? Like, there's a bunch of them that that are out there specifically. Like, that I think that is a a low hanging fruit because, I mean, we even see under the announcement tweet that I said that we were gonna have this conversation. There was a couple people that posted just, like, no name company routers that I'd never heard of that just you go to the page, like, we are gonna protect your privacy. We're here for you.
[00:37:32] Unknown:
Yeah. Yeah. I know. One of the ones that was mentioned was, Invisibox, and, I I went out to their website and kinda trolled around their GitHub a little bit. And, you know, it's that stuff is really it takes a lot of time to size up if there isn't a really big community around it, if if there isn't, you know, a long history of the project, if, there aren't a lot of eyes on the code base, you essentially have to read through everything that's in there, or get someone you trust to do that and and sign off on it. So, yeah, it's it's it it can be very difficult.
I wanted to make another note, though, about buying your own router. There are a few products out there now that are, really nice from a user experience standpoint. You know, Google and Amazon both have products that are these mesh routers where, you know, you buy maybe they sell you a pack of 3 router nodes, and you can kind of add, you know, nodes as necessary and just put them around your house. And, I actually installed one of these for my mom because I thought it was, you know, simple and, you know, it'd be easy to maintain. And I was surprised to find that the administrative software for these routers is a cloud hosted product, you know, from from one of these companies. And so, you know, you have a mobile app on your phone that allows you to do the administrative stuff, instead of being hosted just on, the router itself.
And that to me is a is a pretty big red flag. So I would recommend, you know, if you're if you're thinking about this kind of thing, if you're conscious security, don't get a router where the administrative functionality is on some cloud. So be careful of that.
[00:39:19] Unknown:
Catan, you have something to add here?
[00:39:24] Unknown:
No. That that I think that sums it up.
[00:39:27] Unknown:
I think in general, like, all of those, like, mesh systems, like, the out of the box mesh systems tend to, They're all pretty much proprietary, and they all basically on the like, we talk about it a lot on dispatch, this idea of convenience versus privacy and security trade off. They tend to go more towards the convenience side, which is unfortunate because, in theory, it's a really cool concept that you can just buy, like, a package of of 5 devices and put them all around your house and and have, and have have Wi Fi wherever you need it, with little administration.
But your trade off there is is usually security and privacy. We have BTC pins asking if there's any open source, do it yourself mesh Wi Fi options. This is a question that I've wondered myself, that I do not have an answer to. Do do either of you guys have an answer to this?
[00:40:32] Unknown:
I don't have any experience configuring this, but, you know, one thing that you could do is, I think it would be pretty tractable to set up repeaters that are open source. But I I don't really know of any products. You know, I think, I actually don't know the technology that they use for meshing because the nice thing about meshing, obviously, is you don't have to switch networks as you're navigating the access points. But, but, yeah, I'm not sure of any open source solutions there.
[00:40:59] Unknown:
Neither am I. Sorry. The the difference with, like, a repeater is, like, a repeater is it's almost more analog. It's like taking a signal, and then it's just repeating it out. Oftentimes, like you said, under a different it's it's an access point, so it's like a different Wi Fi name. While the mesh the idea of the mesh is, like, 2 devices can connect to each other and then boost your signal or whatever, and you can also, like, add an Ethernet component to it, like, on a far reaching area, and then that all connects into your your network. And they do make it very simple. And, unfortunately, in my research, there's there's really, your option ends up being, like like James said, is repeaters, or hardwired access points where you, like, run an Ethernet cable to an area, and then you connect it to an access point.
[00:41:54] Unknown:
Yeah.
[00:41:55] Unknown:
Another option Yeah. Go on. Another option could be power line adapters. Have you guys seen those? Say that. Yeah. I remember those from the nineties or, like, the early 2000. So, yeah, you can use your existing, electricity cables. One goes near the router, and the other one goes stairs where you you need it, and the wires or the signal comes through the electricity cables, out of your home. So that's another option, but I think, the speed on those is questionable.
[00:42:28] Unknown:
Yeah. The performance is horrible. You're better off using an access point. But then it did I remember as a as a young kid, it it blew my mind that you can, like, plug in onto one wall outlet and then plug into another wall outlet and get Internet. It's like a cool concept. So we were talking about PFSense earlier. Should we should we start with PFSense? Should we dive into that? I mean, Umbrel just added it, so it's, like, on a bunch of, it's on the radar of a bunch of Bitcoiners all of a sudden. I know you, Catan, dove into it really deep. What is pfSense? How would people use it? Why is it Yep. Why is it good? Okay.
[00:43:09] Unknown:
So pfSense is a project that's been around for a very, very long time. It is a router firmware, or a router operating system, so to speak. You flash it onto basically any potato device, but, generally, the Netgate, which is the company that, that produces, pfSense, also sells hardware alongside the free open source software, and you can get one, from them. There's other hardware that is, available. But, basically, instead of using a, your your Internet service provided, router, you would use this device and plug into the into the WAN section your Internet, and then the LAN section would be all of your other devices. So you can use an existing router to put in a and put that into access point mode. And from there, you'll get Wi Fi as well as 4 other ports, that way you can connect all your devices into.
So the the p f sense router, again, it's very similar to, your router, but it has, more functionality. And, obviously, you log in to that page, and you can do things like, connect, your connect all of your sorry. You can connect the router to a VPN, and then all devices on your network are then also protected by the VPN. So that's one really, really cool, use case. That's not to say that these consumer grade routers can't do it. They can. The open sourced flashed consumer grade routers or even some, you know, Netgear routers and, you know, TP Link and Asus routers may also give you the functionality of connecting through to your VPN, like, mobile VPN or something like that.
But you some of these devices are very low powered and low they have low specifications. So, you might not get the full bandwidth, of your Internet connection on these, you know, consumer grade routers. Whereas if you have a separate dedicated hardware, that runs pfSense, you might be able to get the entire full bandwidth that you, that that, yeah, that that can occur through, the VPN. So that's one thing that you can do. The other thing that you can do is, put on an ad blocker, so you can start to, you know, mess around with what you want on your network and what you don't want on your network. So things like trackers and ad blocks and those sorts of things, can be managed from the pfSense router. You can also look into hosting a VPN server.
So what that means is instead of connecting like, a VPN client would be to connect through to something like Malvad or IVPN or something like that, a VPN server allows you to connect back to your home such that you can connect, to your network and access devices and services running in your home from anywhere in the world. And so your pfSense router can do that. That's not to say that other devices in your network can't do the same, but this is a one example of another thing that you can do with your pfSense router. You can also monitor traffic, limit bandwidth to certain devices, and you can create guest networks. All that sort of stuff will, yeah, will yeah. And you can also use VLANs, which is kind of like virtual LANs.
So you can, create existing, using your existing hardware, like the the cables. You can, you know, create more networks out of that. So those are the types of things that you can do with a pfSense router. That's not necessarily to say that, you know, you can't do it with other firmware flash routers, or the stock standard routers, but it is a open source project that you can utilize, and that I've been using for a very, very long time in my home.
[00:47:00] Unknown:
So, yeah, that's basically the case for it. A lot of the things you mentioned people can do, client side. They can do on their individual devices. But the cool aspect of having a router that you have full control over is that you can do it network wide. When when Katam was talking about a VPN, for instance, you can obviously just run, a VPN client on your computer or your phone or something. But if you want all traffic on your network to go through a VPN using one of these open source projects, or as Catan said, even some of the more closed, options offer that functionality, allow you to do it network wide or an ad blocker network wide rather than individual ad blockers every time you're on a on a browser.
Catan, so pfSense is now integrated into Umbrel, I believe. But Umbrel is a ras Raspberry Pi platform pretty much. It only has one Ethernet port. Is that is it is that a practical option for people? Like, how does that how does how does that fit in?
[00:48:13] Unknown:
This is new to me as well. I'm not quite sure. Are you sure that they integrated pfSense? Is that what you're saying?
[00:48:19] Unknown:
Am I wrong about that? Did they not?
[00:48:21] Unknown:
I did not. I have not seen any news on that. That's the first time I You wouldn't you wouldn't run it on a Raspberry Pi. Right? Like, that doesn't make sense. Well, it doesn't make sense. You need 2 Ethernet ports at minimum. A Raspberry Pi only comes with 1 unless you get some sort of adapter or extension or something like that that is also compatible with pfSense. That's gonna be, you know, something that you'll need to sort of research up. But generally speaking, the pfSense routers will typically work with Intel network into interface cards that had some problems with Realtek, which is the other option, but I I've heard that that is getting a bit better.
But, yeah, stick to Intel, network interface cards, and you can put them into any computer, and they usually have 4 ports. So the first port is for your WAN, so that's your Internet coming in. And then the second and third could be for a LAN, so your local area network that you trust, another LAN for your guest, and maybe a third for, you know, security cameras or something like that. So that's, you know, sort of sort of how you'd use those ports. But to put it into a Raspberry Pi, yeah, I would not yeah, I don't think that that's a wise idea.
[00:49:36] Unknown:
Yeah. Yeah. I I agree. And, you know, if your Raspberry Pi is running other stuff in addition to the routing functionality, you're probably gonna be limited, in terms of performance because, you know, there is potentially a lot of data being ferried back and forth there. I see curious mind 123, asked a question that I I think is good to touch on. He says, or they say, can I just use a Linux machine for this stuff? And, I wanna step back and and remind people, you know, this wasn't obvious to me before I got into computers, but your router is really just another computer. It's, it's it's it's much like your host system, except it has, as Catan was talking about, you know, these network ports that are just pieces of hardware, and then there's some software configuration on there and some programs that are running that know how to, you know, route TCP packets or, do do DNS, which we'll talk a little bit about. And pfSense is actually just, a fork, I think, of FreeBSD, which is a famous Unix distribution, known for security. And so all PSense really is is is a nice, GUI interface on top of some unique software configuration.
And all the box that you're running on it is is just a computer with, you know, some Ethernet ports. And, so I think it's it's it's good to keep that in mind. Matt, do you think it would be interesting at all to talk a little bit about, like, DNS,
[00:51:02] Unknown:
and how that works and and why ad blocking works? Yeah. And it actually fits in because I was completely I was wrong about pfSense. They added pie hole.
[00:51:10] Unknown:
Yeah. That makes sense. Right.
[00:51:12] Unknown:
Right. Right. Right. So, let's let's step back a little bit and talk about, you know, just some really basic Internet fundamentals here at a very, very high level. So I don't wanna scare anybody away, but, there there is a notion on, the Internet protocol of an IP address, which you've probably heard of. And, essentially, all that is, is a unique number associated with a host on some network. So on the global Internet, you know, we have a a certain set of numbers. And, basically, when you are given, Internet service by an ISP, there is a single IP address or a single number that identifies your router to the rest of the world. And then the router basically translates any traffic incoming to it, to the specific computer on your network, which has a a different numbering space, a numbering scheme, to dole out to hosts.
So, basically, computers know about this one number that identifies some other computer out there on the network, but, obviously, we work in terms of names. You know, I wanna be able to type google.com instead of 8.8.8.8 or something. And so there are there's a software that runs called domain name servers, and, you yourself can have, a domain name server. And, basically, what that does is it translates a human readable name to this IP address. And the way that ad blocking software works is, you configure your router to basically tell a host when it connects, hey. By the way, I'm offering a DNS service. You can use it.
And then when the host decides to use that DNS server and, you know, your browser queries the DNS server for ads.google.com or what, you know, whatever it is, The DNS program on your on your PSN router or or your pie hole or whatever, basically resolves is is configured to resolve that address to 0.zero.zero.zero, which will not serve any traffic. So, basically, we come up with a long list of known ad addresses that we then assign to a specific, you know, the 0 IP address.
[00:53:24] Unknown:
Yeah. I think that was a great explanation. Right. So so, I mean, like, a a way to kind of, like, a way to kind of look at at what we're doing here is is is the idea is to basically put, like, a bodyguard between you and the Internet. Right?
[00:53:44] Unknown:
Exactly. Yeah.
[00:53:47] Unknown:
So we're, like, trying to keep this as we all our guests have time constraints, so we're trying to keep this conversation tighter. So I'm gonna try and move this along. We James, you've been experimenting with PC Engine's APU and running open source, software on that. How's that experience been like? Is that a good option for people?
[00:54:11] Unknown:
I'd say depending on your desire to, you know, sit for hours and debug, you know, various Linux configuration issues. Mean, I'm certainly glad I did it. I had a I had a ball doing it. To be honest, a lot of the ways that I've learned, you know, what I know about computers is through, you know, doing various things with home networking and, you know, setting up a media server in high school. And I think these are just you know, they're these experiences can be frustrating, but, the frustration really forces you to kinda learn. And when your network connection is disabled because, you know, you don't have the right device driver installed for a wireless card and you're, like, digging through, forms to figure out some patch that you might go apply. You know, it's very frustrating, but you you do end up retaining a lot of the skill, that that's necessary to do that stuff. So there there's this, NIM called doctor Duh, and, you can go to github.com/doctorduh.
And he's put together all kinds of interesting guides on security. He's got a really good one for, how to securely set up a a UB key configuration and, you know, move your SSH keys, onto it if if that's your thing. But he's also got a really good, guide on, how to build your own router, essentially. And like I was saying earlier, really, this just amounts to obtaining some hardware, you know, that has a decent Ethernet capability, and then, putting a Linux distribution on it. He actually, has instructions for both Debian and OpenBSD, I think.
And so, you know, you you you get this piece of hardware. It has some Ethernet ports. It has a a a wireless, card, and you install Linux. And he walks you through setting up all of the various parts of what a router does. So you set up, DNS, you set up, IP tables rules, which basically, you know, allows you to articulate how you want traffic, to be regulated within your network, ad blocking, DHCP service, which I I probably won't talk about. But it's it's really educational because you get to see all the different parts of what a router actually does. You get to configure it yourself. And then by the end of it, you know, you have something that's using very a very, very general toolset to secure your network, which I think is really important. Because, again, you know, if I were if I were an attacker and I wanted to compromise as many high value targets as I could, I'd probably try and infiltrate, you know, a project like PSense that is that is made for this kind of thing. Whereas if if you follow this guy's instructions and you go through and you set up the specific software packages, these are very general, very, time tested, you know, very scrutinized software packages, and so it's just kind of a more basic tool set.
So I'd really recommend that to anybody who's card that I use is is is definitely weak as compared to, you know, a router you might buy off the shelf. I don't know if that's still the case, but, that's a little bit of a bummer. But, I'm still really happy, you know, I'm using it because I I have familiarity with all the software, and it's and it's just a Debian box. So, you know, I think that's, that's a good way to go.
[00:57:47] Unknown:
That's cool. I I yeah. That that that sounds very interesting. And, yeah, I might I might get more details from you a bit later on on all of that because I you know, as similar to you, I just play around with these things, and I learn as I go. And, you know, keeping your skills sharp and those sorts of things is something that I just generally want to want to keep progressing with, so I'll I'll I might hit you up, James, on on that.
[00:58:10] Unknown:
Absolutely, man. Yeah. I'd love that.
[00:58:13] Unknown:
On that topic, I mean, Catan, you've been playing around with fresh tomato. You wanna talk about that at all?
[00:58:20] Unknown:
Look. I think for me, it's just more around, you know, it's an existing, router, that I use as a just a wireless access point. So instead of, you know, having the wireless in the box of the pfSense router, I use a wireless access point, with, you know, fresh tomato. And there, I've been able to get, like, a VLAN setup. So what that means is, you can broadcast 2 Wi Fi signals. One signal is your trusted Wi Fi, and the other one is a guest Wi Fi, for which I can control all the rules on the pfSense router and say, okay. I don't want anyone getting onto my, my trusted network, and I want it to have a VPN, and I want it to have ad blocking.
So you can, you you know, you can configure your, your your your guest network how you want it. So that's something cool that comes out of, having these sorts of, routers that allow you to have VLANs and tag things and those sorts of extra functionalities, which Fresh Tomato does. There's heaps of other things that Fresh Tomato enables as well, and we've spoken about those, you know, opening up a a a a VPN server as well as connecting through to a VPN client. Those sorts of things, are all available on Freshtomato as well if, you know, you wish to to look at that. There's lots of guides on how to flash your router.
You can or, on on YouTube, I'm sure you can search up, how you how you flash these things. It's fairly similar to your Kallix OS phone. The other thing is, though, when you are doing something like this project, keep in mind that there might be other people in your household, and it might be it might take longer than you expect. So just be mindful that you do this during maybe outside work hours as more people work from home and use your Internet connection. If the Internet's down for even just, you know, 5 minutes, people start to scream may start to scream in your household. So just be mindful of that. And then yeah. Like, just yeah.
That's something that you sort of, yeah, wanna just sort of manage expectations around how long things are gonna take. The other thing you can also do is buy a separate router from, like, Gumtree or something, like a a normal router, and play with that and learn in that environment, use that as a testing environment, and then bring that across to a production environment. So that's another way you can sort of test things out and test the waters. So that's what I've been doing as well.
[01:01:05] Unknown:
So you've been using you've used pfSense and Fresh tomato Fresh tomato. Do you have a I don't know how I wanna pronounce tomato. Do you have a preference there if if people are trying one for the first time, which they should try first? Or
[01:01:23] Unknown:
there's no real preference. It really just depends on what you how, you know, how much you want to, get involved or get get dig deeper into this. Networking can get extremely complicated, and pfSense provides not only the beginners, but also a very, very advanced toolset. But if you just wanna focus, like, say, for example, you've already got a router and you can flash it with Fresh Tomato or DDWRT or something, you know, that you can relatively see that it has, you know, a lot of community support and those sorts of things, then that is a a way to learn.
And then if you want to go even further, then PFSense would be the way that you can go, and then you can go full blown like James and get, you know, Debbie in packages and and, you know, all of that command line stuff. It really is kind of a choose your own adventure, but I think the thing is to start somewhere and securing your network. As I said, the basic steps are to just secure your Wi Fi password, keep your router up to date. These are the sorts of basic tools you can start and then go from there.
[01:02:32] Unknown:
Totally. Yeah. And, you know, I mean, Vox Populates, and I've I've gone full 10 hat. And that's totally true. I'm a I'm a crazy person. Most people probably, you know, will not make their own router. And I I, again, I really wouldn't recommend that unless you have a keen interest in figuring out, you know, the ins and outs of networking. But, but, yeah, you know, Catana, I think your your your three points of advice and maybe adding update your firmware, absolutely solid, and I think everybody should look at doing that stuff.
[01:03:04] Unknown:
So we have a question from Roman q. Can you run the router VPN only on a portion of your network and say leave the guest network without the router level VPN? Because the VPN may impact our work computers and what we can access.
[01:03:18] Unknown:
Yes. Yes. That is all configurable. So, for example, I'll give you, so what I've got is I've got a guest network, and it's got my Samsung TV. My Samsung TV also has this program called Kayo Sports, which is, a streaming sports service, and it doesn't like VPNs, because it's all sort of it's kinda like Netflix. They they they go around whack a mole ing all the, the VPN IP addresses. So what you can do is that for that particular device, you can say, alright. This IP address, I want you to go through the normal, tunnel, like, the the usual, un VPNed traffic and all the other devices I want on the VPN. So, yes, you can sort of mix and match what you exactly want or what device you want to have VPN to and what you don't want. You can even bundle them into one whole group. So say, for example, you and that's called an alias. So, basically, you take, alright, these three devices, those IP addresses, I want under unVPN, and then you just tell your router or you create a rule that says for these particular, this particular alias, I I don't want that on the VPN.
So, yes, you can do that. It is yeah.
[01:04:35] Unknown:
Yeah. And you can certainly do this, if if you're doing the low level w and stuff.
[01:04:41] Unknown:
And you could also, like, you could run, I mean, you could have, like, a separate access point that is VPN only.
[01:04:51] Unknown:
Right? Yes. You can. Yeah. Or so if you want, you can have, you know, 2 access points, but that like, I think, for me, I didn't want 2 access points, so I wanted more of a a VLAN approach. I just wanted that one hardware. So all I have is a pfSense box and a a wireless access point, but you can put 2 wireless access points, one going into a VPN tunnel and one just freehold for everything else. That's that's always a possibility as well. Basically, what I'm thinking is, like
[01:05:23] Unknown:
so specifically for people that might have come out of our home minor, dispatch, and they have, like, a bunch of ASICs that only connect via Ethernet, they can connect those to an access point and just have that one access point run a VPN if they if they don't wanna put the rest of their home network under a VPN. Right?
[01:05:46] Unknown:
Yes. Yes. This is all very configurable as to how which devices and which, it it it can be done at the device level. It can even be done at the port level or or the network level, the subnet, so to speak. Yeah.
[01:06:01] Unknown:
James, we have a question directed at you from Plus Ultra 21 asking, is Supermicro to be trusted anymore for do it yourself in your opinion?
[01:06:11] Unknown:
I mean, that's that's for you to decide. It depends on how security critical what your building is. And, I'd say given their track record, I mean, I wouldn't necessarily, buy from them, but, obviously, can depend on your project.
[01:06:29] Unknown:
Very diplomatic answer. Before we wrap up, should we should we talk really quickly about why someone would wanna use a hosted VPN in the first place?
[01:06:46] Unknown:
So I think some services are gated on geolocation. And so if all you're trying to do is circumvent, you know, location based restrictions, You don't so much care about the privacy per se. You know, a hosted VPN can be a good option.
[01:07:04] Unknown:
Oh, so this is interesting. So you don't like hosted VPNs, James?
[01:07:10] Unknown:
I I don't know how I feel about them. I mean, you know, obviously, the you're you're sort of routing your traffic through a third party and, you know, that that can mean all sorts of things depending on who they are. Right. Obviously, like, the answer with a lot of the stuff is that you just need to use host to host encryption, and not rely on your your transport layer being actually encrypted. But, but, yeah, I don't have anything against them. But, you know, again, any service where, you know, you can just pay in Bitcoin, I think is an appealing target for a honeypot. I like Mulvid. I've used Mulvid before, but I don't know who runs it. I don't know why they run it. So Right. So so there's a trade off. Right? There's a so there's when you talk VPNs, there's basically 2 types of VPNs if you're talking about an end user. There's
[01:07:58] Unknown:
a there's a, self hosted VPN where you're running the VPN software yourself on ideally hardware you control, but a lot of people will do it on, like, on on some kind of server. And you you host a VPN yourself, and you route your traffic through that VPN, and any traffic that comes out the other side of that that VPN will have your dedicated IP address that's attached to your self hosted VPN. With a hosted VPN, you're trusting the VPN provider to not be keeping logs. Your traffic is going through them. If you're using a shitty VPN, you might even have given them additional personal information besides your traffic and your IP address because you you pay with a credit card or something like that. But in the case of MOLVAD or IVPN, you you pay with Bitcoin.
MOLVAD I I don't think the IVPN requires it either, but MOLVAD does not ask you for an email address even. It doesn't even ask you to set up a password. They give you, like, an account number, and you just pay with Bitcoin. The benefit there with something like a with these hosted VPNs is if they aren't fucking you, which there's no way for us to verify independently if they are or not. But if they aren't, you almost you have an anonymity set almost. You have you're you're sharing the IP address with a bunch of other people. There could be a 1,000 Mullvad users all using the same Canadian IP address at the same time. So when it comes down to something like a miner and you're connecting to, let's say, slush pool with your miner.
Slush pool doesn't require any identifiable information, but they have your IP address. But if you use a hosted VPN with them, then they don't really even have your IP address. They they have this shared IP address that is shared by a bunch of different people. So there's, I I would say, specifically, in the distinct case for miners, to me, it seems, like an obvious option, a hosted VPN. I would say the trade off, maybe there's a little bit more nuance on the trade off in terms of routing your whole network through a hosted VPN. Right.
[01:10:15] Unknown:
So if I just wanted to also clarify. I use my my entire, network goes through a hosted VPN, and the reason that I'm doing that is because I know that my Internet service provider 100% logs all of my metadata, whatever that is, and keeps it on file for 2 years. So I'm trying to sort of somewhat obfuscate that as much as I possibly can, and so that is what why someone could potentially, be doing this, routing it through to another server who which
[01:10:56] Unknown:
may or may not be compromised. We don't know. You know your ISP is fucking you already, and they know your home address. They know your full name and everything else, and you might not even have might not be competition. You might not have many options for your your ISP. Fortunately, on the hosted VPNs, there's many options. It's a global marketplace. Right?
[01:11:15] Unknown:
That's that's kind of my thinking at this point. Yes. Those are all great points.
[01:11:20] Unknown:
And for what it's worth, you know, I I basically have a few boxes on a few, you know, clouds that I don't run, that I, you know, have WireGuard software running on. So what I do is, on my phone, I have WireGuard configured to route all the traffic to those servers, you know, as opposed to, directly through the mobile networks or whatever Wi Fi I'm connecting to, kind of out in the wild because, you know, as you guys are saying, it's it's it's it's a more explicit trust model in terms of, you know, where you're directing your traffic.
[01:11:57] Unknown:
Awesome. Yeah. I mean, I know both of you guys have to go. I don't wanna keep you too long. I appreciate your time. Do you wanna should we wrap up with some final thoughts, before we wrap this up? You want Catan, you wanna start?
[01:12:15] Unknown:
Yeah. So just, now with the advent of Bitcoin, and Bitcoin particularly on our own home networks in the form of lightning network, it's probably wise to start upping your security with, some networking basic networking tips, and then going down the rabbit hole. I've provided throughout the dispatch some practical, tips for you to to do so. And so I think starting is always better than just leaving it and hoping that it's going to be secure. So that would be my closing remarks.
[01:12:53] Unknown:
My closing remarks are listen to Catan because he's got some really great advice. I mostly mostly just have Esoterica to offer. But, yeah, I I I think networking is really, really worth looking into. So kind of whatever the next step for you is, I think it's worth taking because, you know, at this point, this is the infrastructure that that kind of runs a lot of our lives, and, you're never going to not benefit from understanding more about how it works and, you know, how you can preserve your own privacy.
[01:13:25] Unknown:
Thank you to both of you. Thank you for joining us. Thank you to the freaks who joined us. I hope to have both of you on the show again soon. Catan is a little bit too humble to shill it himself, but he runs a consulting service, called Ministry of Nodes. You can go to ministry of nodes.com.au. If you have any questions, you can book some of his time, and pay him in Bitcoin. I think he owns ministry of nodes.com, but the redirect isn't working right now. You should fix that, Catan.
[01:14:02] Unknown:
Yep. I'll get on to that. Sorry.
[01:14:05] Unknown:
But, yeah, highly recommend, one of the best, resources in the space. So thank you, Catan, for everything you do. Thank you, James. And thank you, Freaks, for joining in. Hopefully, I will have a awesome dispatch lined up for next Tuesday, so stay tuned for that. And, rabbit hole recap will be later this week instead of Thursday because we're doing it live in Dallas on Saturday. And I I believe, James, I'm gonna see you there. Right?
[01:14:35] Unknown:
You will see me there.
[01:14:36] Unknown:
Awesome. I'm looking forward to it. Anyway, cheers guys, and and thank you for joining. Hey, Ben the Carmen. I love you too, buddy.
[01:14:47] Unknown:
Thank you.
[01:15:01] Unknown:
Picture this. I'm a bag of dicks. Put me to your lips. I am sick. I will bunch of baby beer in his shit. Give me lip. I'm a send you to the yard. Get a stick. Make motherfuckers. I am jet. Hey. You wanna hear a good joke? Nobody speak. Nobody get jokes. Giving a fuck away. So tell Big and Johnny and mommy to get the fuck away. Here's a gun, son. Now run, get it the cutaway.
[01:18:22] Unknown:
Love you, freaks. Hope to see a bunch of you, for bit block boom this Saturday and Friday in Dallas. Stay humble in StackSats.
New investors are more likely to own cryptocurrencies
New investors are more optimistic about Bitcoin prices
Gender and age differences in crypto ownership and risk perception
Importance of mobile interfaces for banks and brokerage firms
The influence of social media on investment advice
Introduction to the podcast episode topic: routers and network security
The importance of routers in home networks
The role of routers in securing Bitcoin nodes and networks
Tips for improving router security and privacy
Considerations when buying a new router and using third-party firmware
Introduction to pfSense and its features
Overview of DNS and ad blocking
Explanation of IP addresses and routers
Domain name servers and ad blocking software
Purpose of using a router and securing the network
Experience with PC Engine's APU and running open source software
Building your own router with Fresh Tomato or DDWRT
Running a router VPN only on a portion of the network
Using hosted VPNs and the trade-offs
Importance of networking and securing your network