13 January 2021
CD4: Censorship, Privacy, and Open Source Software with J9Roem and benthecarman
Join Matt Odell as he sits down with J9Roem and benthecarman
EPISODE: 0.0.4
BLOCK: 665779
PRICE: 2885 sats per dollar
TOPICS: Censorship, Privacy, and Open Source Software
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch​
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch​
telegram: https://t.me/citadeldispatch​
support the show: https://tippin.me/@odell
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
[00:00:00]
Unknown:
Category because that's what that is. 39,000. Where's it going?
[00:00:08] Unknown:
I mean, can you play the clip in 2,012 and 13 when it was at 200 and everybody was laughing at me on CNBC every time I would talk about Bitcoin? Where is it going? It's probably going to a 100, then a 150, then 200,000. In what period? I don't know. 5 years, 10 years, but it's going there. And the reason is because every time you see all of this stuff happening, it just reminds you that, wow, our leaders are not as trustworthy and reliable as they used to be. And so just in case, we really do need to have some kind of, you know, insurance we can keep under our pillow that gives us some access to an uncorrelated hedge.
And it's going to eventually transition to something much more important, But for right now, you're just getting all these data points that prove this thing. It's just the fabric of society is frayed. And until we figure out how to make it better, it's time to just have a little, schmuck insurance on the side, and everybody's running in. It's just an incredible thing. I could never have imagined it. Good to be a schmuck, I guess, if you got if you got
[00:01:49] Unknown:
Hey, Freaks. It's your boy, Matt Odell. Sorry about that little technical mishap we had there. Thank you for joining us on the rebroadcast. This is Citadel Dispatch episode 4. I'm joined by my friends, Janine and Ben Decarman. I'd like to welcome them here to the show. I wanna thank all the freaks for joining us live. Without you, we couldn't do this show. And it's been a pretty crazy week, so the topics I wanna cover mostly the focus I really wanna have here is on censorship, privacy, and open source software because I think these last few weeks have really highlighted to a lot of people what the 3 of us, have been talking about a lot lately, which is the need for more ship resistant tools and platforms, available to individuals.
So with that being said, let's get this party started. Janine, do you wanna give a brief intro, on how the freaks, what what your focus has been in the last few years?
[00:02:59] Unknown:
Yeah. Hi, everyone. For anyone who doesn't know me, I'm an investigative journalist and privacy researcher. Middle of last year, I started a newsletter called, This Month in Bitcoin Privacy. So if you want to specifically know about anything, related to privacy in Bitcoin, that's what I focus on. I also do other work, but that's mainly the Bitcoin stuff. I also have a shout out to, John Spahary for reminding me. Worked on wallets recovery with, with, I just my brain is a bit dead right now. Yeah. Worked on recovery, which helps with, which which helps with, if you have issues, like, importing your, your keys or your seed to other wallets and and are struggling with that, it kind of explains why that's the case and what which wallets are compatible with each other.
[00:04:11] Unknown:
That's great. And, no don't don't worry about being a little frazzled here. I think we all are, after my little technical issue there. Ben, how should people know you?
[00:04:25] Unknown:
Hey, guys. I'm Ben. I've been in Bitcoin for, like, 3 years now, and I've been doing Bitcoin development for about 2 years ish now. Started at, like, Bitcoin Core, just basic stuff, and then worked out with Sabi for a while. And then for the past year, I've been at doing, discreet log contract stuff.
[00:04:48] Unknown:
Thank you for introducing yourself. I just put the link to this month in Bitcoin privacy, Janine's most recent, newsletter, into the comments. Everyone should go check that out. I really have been enjoying them. So thank you for that, Janine. I guess let's just jump right into it. We had the sitting president of the United States got removed from, from Twitter completely forever. And I think all of a sudden, people are starting to realize that if it can happen to one of the most powerful people in the world, then maybe it is actually happening to much, you know, much more vulnerable people, all the time.
And, let's I I think I think I think it'd be good to shed some light on on what this particular issue is, this idea of deplatforming, this idea that that you can basically remove someone from an online platform, and and what are the implications of of that for us going forward?
[00:05:59] Unknown:
Yeah. It's been a real crazy week because it it wasn't just, like, the present. It was, like, lots of, other things. Like, Ron Paul's, like, page got removed off Facebook and, like, seeming and, like, some, like, even some, like, stuff from the left got removed that, like, seemingly was unrelated to Trump. So it's been, like, a huge purge from social media, and it's like I don't know. I think, like, Gab and, like, Mastodon have been getting huge influx of which is good to see.
[00:06:32] Unknown:
So, the the issue is bigger, I think, than so so so I'm I'm gonna how do how can we unpack this? Let let's unpack this a little bit because we had we literally had Parler, right, which is one of these competing Twitter like, services. I guess it was it was a relatively new service. It had, you know, it it was it was a very amateur hour type of operation they seem to be having over there. They didn't have very good security, policies in place. But besides all of that, Amazon, AWS, removed Parler from their service. They deplatform them from the actual cloud servers. You know, Amazon's cloud servers are running a a large majority of the Internet, and Parler's operations were part of that, and they removed Parler from there. And then app before that happened, Apple and Google removed them from the App Store. So we have we have multiple different things happening. Right? We have we have, like, platforms on platforms on platforms. Right? So so, like, for so so you have the individual user who is being hosted on a platform. You have that platform, which is then also is being hosted on a cloud server somewhere, and then you have the actual app distribution, which is going through these controlled walled gardens.
And wherever you have the central point of failures is where you you tend to see pressure happen. So let's unpack it even further than that. Janine, now she's no longer having cat problems. Janine, why is free speech important? Why is the ability for anyone to to interact interact freely online so important.
[00:08:20] Unknown:
Yeah. Just to insert really quickly, I blanked on Rodolfo Novak's name because I was staring at my cat about to push something off of a bookshelf. So, that is fixed now. But yeah. So I actually gave a talk in December, called financial cancel culture about the link between freedom of speech and money, and how censoring financial access, and also just limiting financial access in general can affect, speech. And so, yeah, I definitely think that in terms of, recent events, but also I mean, I I covered mainly events that happened just in November December in my presentation, and there was quite a lot. I focused on that because there was just so many examples that I could give.
Obviously, the most prominent one that most people know about is, when WikiLeaks, published the diplomatic cables. And then, you had various payment processors and even banks, kicking them off. Not for any real, explicit reason in most cases, and not saying no whether there was any pressure, but I think it's reasonable to assume that there was pressure at a very high level to do so. But even if there wasn't, that without Bitcoin existing, I could I think I could reasonably say that WikiLeaks itself may not have continued to exist after that point, or at least it would have been significantly harder because they're at the moment, I think they're still relying on, basically other institutions to accept donations on their behalf, which, you know, that works, but it's not the best.
So in terms of journalism, which is my focus, I definitely see the value in in having a money that is censorship resistant because, like, WikiLeaks is and a lot of other people now are skilled in, you know, finding ways to at least make their platform censorship resistant. There's a lot of different methods for that that don't have anything to do with Blockchains despite many attempts at that in recent years. But a lot of them haven't really looked at money. And I think, you know, examples like WikiLeaks, but also others, they're the only people who have really considered that and actually been willing to experiment with things like Bitcoin, which is, you know, back in 2010 was so much smaller, and that was, you know, it's always this rumor that, part of the reason that Satoshi went quiet is because one of the last messages he, she or they posted was about the, hornet's nest being kicked in terms of WikiLeaks possibly accepting donations in Bitcoin.
And weirdly enough, I still think that a lot of Bitcoiners have that fear of even talking about, the case or trying to link Bitcoin with that in any way, which is unfortunate because I feel like, you know, if one organization if you can't even talk about an organization accepting Bitcoin, is Bitcoin really censorship resistant? If you're afraid about that.
[00:11:48] Unknown:
Yeah. I mean, I I I think that's an excellent point. And and the you you touched on something that was that that is really key there, I mean, for us as Bitcoiners, which is that oftentimes, the financial aspects are what gets squeezed first. And if if if if you're able to defund a particular movement, you're able to prevent them from raising funds, you're able to prevent maybe a independent media personality or individual from monetizing their work, then you're able to essentially censor their speech even if you're not stopping the specific speech because you're making it so that they, they're not able to fundraise. They're not able to support their operations.
But this is a a phenomenon that we've seen growing more and more over the years. I mean, most recently, I think a a big element of, the financial censorship side, has been I think it was called Operation Chokepoint, which was against, I believe, sex workers and, marijuana businesses. And and these type of businesses are are and and you see the trend here. Right? The trend is is you basically put a business or entity in a bad light. You you you equate WikiLeaks with with terrorism or, foreign governments. You equate marijuana and and sex working with, you know, illegal distasteful activities, and then you're it's easier for you to go and censor them. And and that's exactly the MO we've seen, on the speech platform. So so it comes down to what is the solution here, as our as our lives get more and more digital. And is is that solution really, as some have said, like, competing platforms. Right? So if Stripe censors you, well, do you go to Cash App? Or if Twitter censors you, do you go to a Gap?
Alternatively, we've seen that because of the way our our our tech situation is set up, our tech infrastructure is set up. There's so many choke points that prevent those companies from even competing in the first place. So I would argue, and I I think you guys would tend to agree with me, that the real the real solution here is some type of tech based solution. We we basically need networks and protocols and tools, that that can't be censored by an individual, whether you like it or not. And that's the only real way to to protect speech and or and to tangentially to protect privacy, I would say, is the same thing. Ben, what are your thoughts here?
[00:14:30] Unknown:
I completely agree. Like, I mean, I think, like, this week kinda proves how much, like, competing platforms, like, isn't really the solution because, like and there's, like, that picture from, like, Fox News of, like, 20 different platforms that banned Trump. And then, like, we saw, like, the actual Twitter platforms, you know, like, Parler. Like, it got delisted from both app stores, and a d AWS stopped hosting them. So, like, you can try to create a separate platform, but it's still, like, it's still another central point of failure that you're relying on. It's just a different central point of failure. So, like, building a actual decentralized alternative where you actually have, like, censorship resistance and not just relying on some other party is a much better alternative. And, I think we're people are recognizing that a lot more now, and there's hopefully some people are waking up and realizing, like, we need to build these, like, censorship resistant platforms or protocols, for things, like, other than money.
[00:15:28] Unknown:
So I think, like, an interesting way of framing it, is is is this idea, like, the when you when you see this this censorship coming from a, a a central body, it it tends to be the playbook tends to be to do 2 things, to identify critical participants, and then pressure those participants. So I I think when you're looking at tools, that are trying to help further the goals of censorship resistance. I think, like, the two main things that we can benefit from is is making it more difficult to identify the specific participants. And even if you do identify the participants, make it so each in participant doesn't have, you know, any kind of real significant power over the others.
Otherwise, you can find 1 and you and you can pressure them. And so a key element here is free open source software. Because if if if we do not have free open source software, then you always have some kind of centralized company, sitting here and operating, whatever tool you're using, such as Twitter, and that company can get pressured. I was hoping, Janine, that you could, help enlighten the freaks, you know, why why open source is so much more powerful, and and why is it why it's basically absolutely essential, for us moving forward.
No worry if you disagree with me.
[00:17:04] Unknown:
Well, one thing I thought was interesting. I don't know if you guys looked at the notice that BitGo received that, you know, they had, basically violated US sanctions because they had supposedly, hosted wallets for users that were connecting from the banned countries like Iran and Syria and such. I thought that was interesting because that happened around or that notice was published within days of a similar notice that was in the complete opposite direction from GitHub, which for anyone who didn't see in 2019, there was this controversy because GitHub was suddenly limiting, access to developers from Iran, and they were citing US sanctions as the reason. And interestingly, very unless I can't remember the date when it was posted. It was the last week or so. But, they posted an update saying that they had actually applied for a license to be able to offer their services in Iran.
And the argument that they gave was that they basically said that the freedom of information benefits of making their services available for developers there should it was greater than the need to impose to basically deny it on the basis of imposing economic sanctions, which I thought was really interesting because, basically, it was saying, you know, the the the value of, you know, offering these services and having people from Iran contribute to open source software was, was outweighed or it no. It it outweighed the the desire for the government to restrict that.
So I thought that's interesting that those two things happened at the same time even though they went in completely opposite directions.
[00:19:00] Unknown:
Right. With GitHub, they actually got a they got approved. Right?
[00:19:05] Unknown:
Yeah. They they Yeah. Yeah. Their license got approved, and they say that they're going to apply for licenses for other countries. At the moment, they just have Iran. But, yeah, it's unfortunate that the same argument can't also be made for money, but, obviously, money is perceived as much more political than simply software, hosting, unfortunately. But, I would argue that Right? Very similar.
[00:19:37] Unknown:
I, well, I was surprised about BitGo, or I was surprised about GitHub? No. BitGo, what didn't surprise me, and we can get back to that. But but the the, you know, the reversal on GitHub allowing Iranians I mean, I I was pleasantly surprised at that, but I I did not I don't think that's something that we can really expect going forward. Right? It caught me off guard.
[00:19:59] Unknown:
Yeah. I mean, I yeah. I wasn't expecting it. I mean, because as everyone should know by now, GitHub is owned by Microsoft. So I'm guessing that the reason they were able to do that was maybe Microsoft stuck its giant foot in there and said that they wanted to support it. I have no idea what stance Microsoft, may have taken in those kinds of negotiations, but, I mean, it is good that, that that argument that they made was successful, because I didn't even know that I didn't I wasn't even aware that you could actually apply for a license to basically ignore the sanctions under certain circumstances.
But, I was surprised that it sounds like they made the argument that, it's it's important for, spreading intellectual freedom or something.
[00:20:52] Unknown:
No. Yeah. I mean, a 100% great to see that. You did have you do have a good point there that it kinda hits both ways. Right? These big companies, it's it's more likely in in some in some ways, it's more likely that they can, you know, bend the rules in their favor, and get a carve out for themselves for Iranian users in this case. But then other times, I I they're almost bigger targets, and that they'll be more likely to have to comply because, because they are one of the largest companies in the world, and and the governments have more leverage over them.
Like, sometimes I want you you see, like, these smaller a lot of times, you'll see, like, these smaller start ups, and they might not do any kind of geo blocking. And then once they get bigger, then they have to. Just to go back to BitGo, that's really interesting because what we're seeing here is is basically it was a non custodial wallet with BitGo. It was a noncustodial Bitcoin wallet. They weren't holding anyone's Bitcoin, but they were providing, infrastructure. And, so they knew the IP addresses of their users. And and one of the issues is is using IP addresses to mass classify users is that you can use a VPN to, you know, fake an IP address or have a different IP address, located in a different country. So what happens after that is what we usually see is justification of KYC, which is which is mass data collection of users to make sure, that the user is who they say they are and to censor appropriately.
Ben, you've been you've been awfully quiet over there. You you wanna talk to the freaks a little bit about why, you know, why KYC concerns us so much?
[00:22:47] Unknown:
And it says, like, KYC is like a it's a double edged sword where, like, one, you're, like, you know, you're giving up this info that now, like, you, like, you don't wanna give up. Like, if you're just giving us info to Ditko or whatever, like, they can use this information against you, and, like, you shouldn't need to do that. It's a huge hassle, and you're, like, putting yourself up for, like, risk because, like, we've seen countless times where, you know, Bitco could get hacked, and now they're selling this data on the market, like, what we saw with Ledger earlier this, like, few months ago where now, like, there's just a huge, entire database of people that own Bitcoin and, you know, they have their, like, their house address and phone number and full name and, like, if you had something like that where it's if you're doing it even full KYC, we're giving up a something like a driver's license or a Social Security number, now you can be at risk for, like, someone stealing your identity and then someone could, you know, open up credit cards in your name and, like, really screw things up. And, like, it's a huge problem in America. I think, like, a quarter of Americans get their identity stolen in their lifetime, which is utterly ridiculous. And, like, that's thousands of hours that people are spending not only, like, getting wasted by, like, having to deal with that, but then, like, the like, if they don't catch it, they could actually, like, ruin parts of people's lives. And, like, these people have no reason to be able to give up this information. Like, you know, I should be allowed to use BitGo services if me and BitGo want to use it, but, you know, some people don't like that.
[00:24:19] Unknown:
Yeah. I think there's kind of 2 aspects to KYC that are harmful. The one is, the one aspect is for people who even have information relevant to KYC to begin with, which is that, you know, once you enter that, you're as you said, you're at risk of, identity theft. You're at risk of things like, the ledger data breach happening where, you know, potentially thousands to 100 of thousands of people, if they didn't use, you know, if they didn't obfuscate their identity somehow or obfuscate their, shipping location, whether that's a, in a lot of cases, it was probably a home address, then you basically open yourself up to anyone with the motivation to come and find you with the knowledge that, you know, you have some interest at least in a, volatile, asset.
The other aspect of KYC is that from the start, it blocks out anyone who doesn't have the identity, documents necessary to participate in the system by going through the KYC process. Like, if they don't have it, they don't even get the choice of whether to participate because they don't. They whether to make that, take those privacy risks. They just don't have the option. So that's also an issue. And so, you know, at on one hand, that means, you know, you're, you know, financially censored in the sense, and your speech in effect can be censored as well if you've not if you're not even allowed to join these platforms because you don't have the right documents.
But then also, you can be censored if you say something that is not acceptable to that platform, and they don't wanna host it anymore, and they kick you off.
[00:26:11] Unknown:
Yeah. Like, that it's like a huge deal where, like, now, like, say if I I don't know. If if you're a sex worker and you have to and you wanna use, like, someone's service, like like, if I'm, like, wanna have a wall at Bicco, it shouldn't matter, like, what my job is. Like but if you have to, like, submit an ID, they could, like, do some cross check and be like, oh, this person does this job that we deem inappropriate, and now they block you from the service, which, like, they shouldn't be like, they shouldn't have to know who I am and, like, they shouldn't need to be able to do all that stuff. Like, it's it'd be so much better for, like, both parties if they could just ignore that and just, like, offer the service and honestly.
[00:26:49] Unknown:
Well, I mean, that's the thing. Right? It's, like, all these arguments are made, that it's to protect the users, or at least we often hear that. But, ultimately, this data collection is ineffective, because criminals can buy, KYC information, fake information. They can steal fake information. All that information find usually, it it you should assume that it's gonna leak, because companies have hard time securing that information. So so, really, it's not only does it put users in in massive risk in terms of their private data, but it's not even effective because it creates this loop where that private data is such a honeypot, that it can then be used to circumvent any kind of, compliance benefits that they so called compliance benefits that they could possibly get out of it, that they pretend they can get out of it. Ideally, if we were talking about protecting the user, that that that service, that company, that tool should know as little as possible about them.
Compounding that on top of that, we have a Internet model, a monetization model on the Internet that that is the main monetization model that's gotten widespread use is really, the monetization of user data and advertising to them. So, you know, many of our most profitable companies not only are are required by regulation to collect intimate data on us, but they actually have an incentive system in place to to make money by collecting additional data on top of that. And then I I I don't even know where to put this, but, Americans know about the Equifax leak, which the Equifax hack, where we weren't even customers. They were just a third party company that just, you know, automatically takes data on every single American.
So we just have these systems in place that, that prioritize data collection over data protection. And it's just us. So, I mean, another thing that's been happening, So, I mean, a key element here, I think, is privacy. I think I think it it all it all comes together. You can't really have proper censorship resistance without without privacy, without some elements of privacy. And you can't really, I guess, you could get privacy without censorship resistance, maybe. But I think I feel like if you have privacy, then you're almost you're you're almost censorship resistant inherently. What do you guys think about that relationship between privacy and censorship resistance?
[00:29:39] Unknown:
I agree with that. Like, if you don't know who I am, like, it's a lot harder to censor me, like, based off, like like, it was impossible to censor me based off who I am. Like, you can't if you don't know what my job is, you can't censor me because I'm a sex worker, because, you know, I deal drugs or whatever. So you'll you'll always get that inherent censorship. Now if they could do, like, extra analysis, but you're still, like, always enhancing that. And, I mean, that's always just gonna be a net benefit.
[00:30:08] Unknown:
Yeah. I think I mean, in terms of, if if you think of privacy as, you know, if if you first do threat modeling and figure out what your threats are in privacy and because I think that's part of the promise that and it's something I'm going to kind of talk about, for the Bob meetup, but I can go into the gist here, which is that, I kind of am annoyed with the way that people a lot of people respond to me when I say I'm researching privacy or I'm a privacy searcher because usually the first question I get is why why does privacy matter? And I think that has to do with the fact that people don't think of privacy as information security.
And, I mean, information security is a lot broader than just privacy. It's also about authentication and integrity. But privacy is a big part of that, and if, you know, if someone calls himself a security researcher, you don't you don't see them getting asked why is security important. And so if people started thinking about privacy as a strategy for security, then I think they would understand that that question is kind of weird, to get asked because, yeah, I I I definitely think that having I think, you have to have some privacy in terms of I actually use the the the German term, because in in Germany, they don't have privacy really in the constitution. They have what's called informational self determination, and that's the idea that you should be able to decide who has access to your information or at least have knowledge of who has access.
That's actually in their constitution. And I find that a lot better in terms of explaining to people what privacy is, like, the scope of it, because if it's about, you know, volunteerism and making being able to make decisions about who has access to your information and having control over it, then I think people will appreciate privacy a lot more if it's framed in that way and not just I'm hiding stuff because that's how most people, I think, see privacy is that you have to, you know, you have to go dark and, you know, interact with people in a very limited way. But I think that that's a very that's like a narrow section of what I think privacy means.
[00:32:49] Unknown:
I yeah. So, I mean, that that's a that's definitely a very a very good point, that I've struggled with myself is is do people actually does the average person care enough? I mean, I I think I I think the answer is overwhelmingly no. I think and I think, ultimately, in our society, we've kind of found ourselves in this weird situation where privacy is actually the default is the opposite, unfortunately. And and and and that wasn't always the case before. It's it's mostly tech enabled. Our our our world has become more and more digital. And, you know, I mean, a perfect example is is the status quo was if you spoke in your house about something, it was only heard by, like, you and your family members and whoever was in the house.
Now, for a large number of people around the world, they have Internet connected microphones that they plugged in themselves, to provide them additional conveniences. So that's not it's no longer the status quo. Right? It's it's it's almost the the people who are seeking privacies are the outliers. You have to, like, go out of the way.
[00:34:11] Unknown:
Yeah. There on that subject, there was a very interesting talk at CCC, about, I think it was specifically about Amazon's oh, no. I think it was Siri, actually. And yeah, a lot of people, they kind of see Apple as, oh, I mean, actually, the researcher who presented justified her continued use of Siri personally as to say Apple's business model isn't, isn't to sell your data. And that's to I I would debate that. I would say it's true in the larger context of all the other companies who are doing and creating similar products, But I would definitely recommend watching that because a lot of people think, oh, the the Alexa only turns on or is engaged when you give the call the call phrase, like, hey, Alexa or hey, Siri, or whatever. And it turns out that's not the case.
She actually tested it on her own house and family, and it was getting triggered by, like, random laughter, random conversation that you couldn't even hear in the recording. So if anyone I hope no one has those. I would never have one of those devices. But anyone who does, you might want to check that out because it is picking up a lot more than you think it does.
[00:35:32] Unknown:
I think I think what a lot of people don't understand too is it's not like, you know, you have your assigned FBI agent listening on your Alexa device. It's like, these companies have, like, some of the smartest people in the world working on, like, data collection and data analysis. Like, your Alexa is just, like, streaming some data to the Amazon servers, and it's going through this, like, this complex thing they wrote that's doing analysis. And that's where you're, like, losing, like, privacy and other aspects like that. It's not like, you know, even if, like, quote unquote, the government doesn't care about you, like, you're still losing something here. And, like, it's still something you should be protecting that, like, you know, Amazon doesn't need this data from you and you have no reason to give it to them.
[00:36:12] Unknown:
So, I mean, there's a there's a good point there in terms of Amazon telling, individuals that it's only collecting information under a specific set of circumstances. That brings us back to the open source software, conversation. In that, we can have tools, at our disposal that allow us to to easily prove and verify that they're doing what they're doing. Unfortunately, the status quo is the exact opposite. I mean, you said there, that Siri, you know, Apple says they protect my privacy, and it's their business model to protect my privacy. There is no way that any of us can prove that or verify
[00:36:57] Unknown:
that. Yeah. Definitely. And I mean, a big a big reason of why those kinds of devices concern me is, if anyone's not familiar with kind of the US, statute, there's a principle called the 3rd party doctrine that, I've especially been following a lot in my newsletter, when it comes to, like, the EFF looking at the lack of privacy protection and transparency with Fintech apps, including some that have to do with cryptocurrency. And the 3rd party doctrine in the US basically says that, if you if you give data to a 3rd party, that could be your friend. It could be a business, but in general, it gets applied to instances with businesses.
Basically says that if you give your data to a third party, you have a decreased or in some cases, no expectation of privacy anymore because you have, like, surrendered that privacy to someone else. And so what scares me about I I haven't seen whether this has been applied anywhere, but I am afraid of the idea that if you have these devices in your house, that at some point someone's going to make the argument that because you have, you know, surrendered the privacy of your conversations in your own home and other people can access that, that that decreases your like, the the there's this assumption that within the home, there is, you know, it's different on, like, public streets and such. But in the home, that is considered, like, the gold standard of places where you should expect to have privacy. And so if that is then stripped away, what other what other place is there anymore?
[00:38:48] Unknown:
Yeah. I mean, you could take that argument, pretty much all the way down. Right? Especially now that we have so much of our lives are are connected to the Internet all the time. I mean, most people are walking around with a phone in their pocket. They, have Apple Watches. As we said, you know, they have these, these voice assistants. When you're walking down the street, there's cameras everywhere. So, yeah, the status quo is is is lack of privacy, and you basically have to seek it out. And I think that is one of the many issues that we have in terms of a society, that's trying to be a a beacon of free speech and a beacon of of personal rights.
I I think we've ended up very far from that, and there's a there's a lot of progress that needs to be made there. I wanted to cover this this recent this this the so we have free open source software allows us to verify that we are that these tools are doing what they say they're doing. We have individuals that need to actually care to use those tools. And then we have the overwhelming set of individuals that don't realize. And I think, ultimately, what happens is as we see our society become more and more, anti privacy by design, is people are gonna get burned. Right? And we're gonna see worse and worse data leaks. Like, I think, if you look if you look at the scale of of instances we've had and and leaks we've had and hacks we've had, and and privacy compromises, we've had massive privacy compromises, it gets worse and worse, as the years go by because just by design, there's more information available out there. You know, the Ring camera system that Amazon has in front of everyone's house is a relatively new, is a relatively new device in terms of of network effects. Yet now you're starting to see it all throughout the suburbs, in America.
What happens when those cameras start the implications of stuff like those cameras? And I think what happens is people will get burned, and then once they get burned, we we it's up to us as as privacy advocates. It's up to us to have those tools ready for them and the education ready for them so that when they're a motivated individual, they can improve their own situation. Would you guys agree with that?
[00:41:21] Unknown:
I I completely agree with that. It's also, like, in a kind of an incentive problem too of creating these open source solutions because, you know, as an open source developer, you're not generally not getting paid to do that. And, you know, Amazon's just gonna hire thousands of people to create a better product. So, like, it really, really does have to come from, like, the actual user to want to to want to seek the privacy because, like, the open source solution won't probably be the better product initially because, you know, they don't have multimillion dollar companies behind them.
[00:41:57] Unknown:
Any thoughts there, Janine?
[00:42:01] Unknown:
Yeah. I mean, I definitely think, I mean, I because on the subject, I actually have been reading a book, called The Making and Maintenance of Open Source Software by Nadia Agbal. I haven't finished it yet, so I can't do a review. But I was generally really excited about it because basically she studied, how open source communities function and how open source software is built. And one of the things that she starts off with, at the beginning is kind of dispelling the notion that, like, yes, open source software, ideally, anyone can contribute anytime. It has, like, a wide contributor base.
But in in practice, she actually split up, she kind of defined, like, the different types of projects that you can have, based on some having, like, really high user growth versus very low contributor growth. So you don't have tons of contributors for for most open source products, projects. They have very, very few contributors. In some cases, only 1. But then some of them can have a really high user base. And so, I mean, in Bitcoin, I think we're especially sensitive to that because we have this. We care about consensus and about who's able to make changes to the code. And so, Bitcoin is actually mentioned, I think, at least once in the book, as an example that it's a community that cares very highly about, like, the quality of the code and the security of, you know, who is able to make contributions.
And, so part of that problem where you we kind of have over the years, we've kind of seen open source software development as the commons and something that's just there and available. And, I mean, part of the reason why I think there aren't as many contributors to each project is because a lot of these people are just contributing their free time, and they do that because, they're I don't think it's so much that in some cases, maybe there aren't people who want to fund them, but I think in a lot of cases, it's just the barriers to funding contributors and what makes sense, has not had not really been possible until Bitcoin.
And so I definitely think stuff to get developers funded and even exploring different ways of, like, you know, how how much should you give to particular contributors? Is the maintainer getting all of it and then they distribute it? Or are you paying on, like, a per commit basis? I think that would that's going to be really interesting in the future if open source projects can get funded because we've broken down the kind of, onboarding hurdles to doing so. Because I think people want to. It's just a struggle in a lot of cases to figure out how to do that. Like, I myself, at the moment, I don't have any public facing funding options.
I'm trying to fix that, but it is, it is a you know, a lot of people, they just set up like a cash up profile or something. There's there's a lot of user experience. There's a lot of money being put into user experience lately with those kinds of things by big companies. The problem is, you know, these are essentially still bank accounts. So the people who can access them still have to go through the regular KYC process to do it. And so in that way, that still limits who can then get funded for contributing. So that would be unfortunate. But with with Bitcoin, we can do better than that.
[00:45:58] Unknown:
I I mean, that's some interesting those are some interesting points there. In terms of of getting funding, a key aspect of of Bitcoin is that it enables developers who are unknown developers, developers who do not have their their legal government identity publicly attached with working with this this open source project are able to receive funding. We've we've seen multiple developers get funded from Square Crypto, for instance, that are NIMs that are that are located around the world. So so that is a a a new opening, which is really good to see because I we were talking about earlier the relationship between censorship resistance and privacy.
I think it's extremely important that we have developers on on important projects like Bitcoin that do not have their public identity associated with it, it becomes a lot more difficult to pressure them and to stop working on that kind of code, especially in in situations where that code could get politically heated. I I kinda I I feel like this is a a good moment to kind of discuss, the this apparent Tor attack that we see happening, because Tor is considered, you know, one of the leading open source projects, I would I would argue. And it seems to me that there's a there's almost a completely different mentality in terms of adversarial mindset versus versus, you know, the Bitcoin project, the Bitcoin open source project. Is that something that you've noticed, Ben? Like, do you do you I I feel like people grossly underestimate, the the, basically, the mindset that's gone into the motivation that's gone into developing Bitcoin software.
[00:47:54] Unknown:
Yeah. I think, like, a lot of people, like, kinda just assume Tor is the thing that will always work and, like, and, you know, it's not something that needs to be defended. Like, we we we, like, all agree we need to defend Bitcoin, but, like and this week, we kinda saw, like, all, like, the v three to our addresses were down and, like, tons of, like, services rely on that. And, like, you're commenting this on somewhere saying, like, you know, this could severely affect the lighting network and stuff like that. So yeah. Like, I think, like and, hopefully, this is, like, a wake up period for people, like, you know, is just as, like, probably as important as Bitcoin and, like, this is a network I need to defend. And, hopefully, you know, maybe this could incentivize people to, like, fund tour devs or, you know, to contribute themselves. But, yeah, it's it's pretty scary to see, like, how big of an attack it seemed to be. And I don't think I know they said they have it fixed, but I don't even know if it's out yet. And it's been, like, 2 or 3 days now. So, like, it's been a pretty serious attack.
[00:48:58] Unknown:
Yeah. I mean, I've been following I've been following the developments of v 3 just from a Bitcoin standpoint, in my newsletter because, v 3, I believe, is going to be added in the next major release of Bitcoin Core, instead of v 2. Yeah. That's right. So I've been going yeah. And, yeah, I haven't I haven't looked too much into this, recent problem with it. I did notice it was happening because on the day that it supposedly started, you know, I am a Tor user. I am around Tor users, and so there was issues with Tor, and we noticed that immediately. But, yeah, I'm not I haven't looked into the details. As far as I saw, it was just an implementation bug.
But, yeah, I I mean, part part of that is, like I mean, supposedly, you know, also Bitcoin core developers were looking at it, but that is, you know, scary that something a lot of people depend on for, just privacy in general. And then in Bitcoin financial privacy, that would be really bad if there was an issue that, suddenly took that down.
[00:50:20] Unknown:
I mean, they so just I mean, a a a base overview is is there was a bug, that they appear to have, you know, narrowed down what what the bug was. I mean, the question is, it was it getting intentionally exploited by an attacker to bring down v three, services or, was it just unintentionally done? Right? And I think in these types of situations, it's probably better to assume an attack than otherwise. At least I at least call it an alleged attack. But but one thing that really struck me here is, I mean, the this these issues have been going on since the 6th January.
I've noticed these issues myself as a Tor user. I'm still noticing them. It's not resolved, at least on, you know, on my nonscientific, usage myself, and I see other people on the Internet reporting issues continue continuous issues here. And just like the the way the messaging was handled, right, just like the way and I'm, you know, a huge fan of the Tor project. Just the way the messaging was handled on on their official blog and their official communication channels, it's just night and day from the Bitcoin project. I I I can't imagine, like, radio silence out out of out of Bitcoin developers if there was an ongoing attack for multiple days?
[00:51:55] Unknown:
I mean, I think part of it. I mean, I've I've been following the Tor project outside of Bitcoin, for various reasons. And there over the years, there has definitely been a cultural change, and the number of the number and the type of people who are involved in contributing to Tor has changed a lot. Part of that is because it went from being a like, when when Tor started out, it was just basically a couple of guys, who were, you know, doing academic research. And, as Tor got more popular and got more attention, and also there was this desire to shift Tor as much as possible away from this image of it's the dark net market browser, because that has been something that has followed Tor for a very long time. And so there was a lot of there was a lot more focus on the interface design on user experience and making it really accessible to the everyday person as is possible, which I think is a good thing in general.
But as with any project, when you focus on one thing, that means other things can suffer. And I don't know if that was the case here, but it that tends to be the reason for these types of things ham happening. It doesn't mean it can never happen if there isn't a focus, on security and things like that as the primary thing, which I think it is to the greatest extent. But, I think that might be part of the reason that this might have gotten missed. In terms of attackers, I mean, Tor is a very, it's a very highly visible project, and there is a lot of incentive for people to break it in comparison to other things. So that's also part of the problem is that there are because there are so many vulnerable people who rely on it, there are also attackers who want to break it and hurt those people.
So, you know, when things get missed, it can have even if it's a small thing, it can have a big catastrophic effect compared to other projects that have less visibility.
[00:54:14] Unknown:
Yeah. I was I don't know. It's like the the timing of it too is, like, very weird too because, like, this is it happened on the same day that, like, the capital was stormed and everything, and it's kinda followed by, you know, all this the deep platform and various platforms. So and it could it could be completely unrelated, but, like it's kinda weird to see, like, lots of people getting deep platforms and then, like, the the private part of the Internet getting, like, attacked at the same time. So it kinda shows, like, we do need to fight for these, like, no matter what because, you know, if you got the platforms and now you need to be, like, using the Internet privately for some reason, Like, you could be and then if Torres down, you're, like, totally screwed.
[00:54:56] Unknown:
Yeah. I mean, I think that's, like, that's that's the key similarity we see between the two projects. Right? There are these 2, massive open source projects that that basically have have that have to operate in this massive adversarial mindset always because they're just always constantly you just have to constantly assume they're they're under attack. And I'm just all I'm saying is I just I feel like the culture is the the culture of the different communities is very important, and it's it just kind of, it's it's kind of interesting when you compare the Tor culture versus, like, the Bitcoin culture just from, you know, the more active developers on those projects, especially since there's there's some, like, interesting comparisons there. You you have the adversarial mindset comparison, but you also have the comparison, that you basically have, like, 2 different types of users.
You you and I get and this is what Janine, like, kind of touched on is, like, this idea that that that Tor is trying to get away from being, you know, the dark market browser. And and Bitcoin, a lot of people would say, is trying to get away from being, you know, pigeonholed as as the dark market currency only. So, I mean, there are some similarities there, but at the same time, it just feels like I I I just I I was surprised that you don't see that much chatter going on in Torland of of I mean, you see it on on, like, some of these forums and stuff, but you don't really see it, like, in their in their dev community, like, that that they're that they're worried that it all happened at the kind of the same time, and it's it's just weird. It's just a weird thing to to it was a concern I kinda had, and then to to watch it play out, it's just kind of rubbed me the wrong way a little bit. That's all.
So and then the other thing I wanted to touch on was, I saw this in the comments. And, Freaks, thank you for joining us. Anyone who's here live, you know, thanks to everyone who's listening after after the fact as well. This show is all about you guys. We couldn't do it without you. But I saw one of the freaks mentioned in here, Cloudflare. Do you guys have any strong opinions on Cloudflare?
[00:57:29] Unknown:
I I have fuck Cloudflare stickers.
[00:57:34] Unknown:
Yeah. They've censored people before, and they'll do it again.
[00:57:38] Unknown:
So can we explain what, you know, what what Cloudflare's business is and why it's a concern?
[00:57:50] Unknown:
From my understanding, Cloudflare is kind of like a DDoS protection, and then they also do, like, a bunch of DNS stuff. And, you know, just like and then some hosting, I think, as well. And, like, they're a huge like, it's kinda central point of failure for the Internet where, like, I remember, like I think it was sometime in 2020 Cloud Fair went down and, like, half the Internet's, like, sites were down because, like, they rely on Cloud Fair to do stuff like that. So, like, if if you lose service from Cloud Fair, you can lose a whole lot of stuff. Like, if you lose your your DNS, that could be huge. Because now someone needs to actually type in your IP address to tie find your website. Or, you know, if you lose your DDoS protection, your site could go down pretty easily.
So I mean, so, like, losing Cloudflare can be a a huge thing. And I know the sites that have taken down, you know, they weren't the most outstanding sites. It was, like, a super, like, Nazi site or something that they took down, but it's still, like, you don't have to defend these people, then who who are you gonna defend, when they come for you?
[00:58:50] Unknown:
Yeah. I mean, I I I I think the key aspect here is that the Internet as we know it, has has some, you know, very integral broken incentives, and is you know, it it is not this, you know, magic piece of of networking that that people necessarily think it is in today's age. Right? Like, people just think it just works. They think it's just like magic. But what really is is is happening is the the way it's set up is it's very easy for a a a relatively easy for a sophisticated actor to essentially, like, bomb a site with traffic. And if you bomb a site with traffic, this is what we call a a a DDoS, a distributed denial of service attack.
You you basically hit them so hard that they're not able to serve regular customers. And in the process, it becomes very expensive to them. So they're constantly serving, serving, serving the attacker, and the attacker could maybe they're not even, a lot of times, the attacker isn't using their own compute. They're using compromised computers, to then attack those those sites. So what happens is all these independent site owners, and I and we see it a lot with the Bitcoin exchanges if we wanna bring it back to Bitcoin, rely on the the easiest way for them to handle those just distributed denial of service is, through a centralized actor who's able to basically have massive block lists and distribute any kind of traffic around their global network. They they have they have massive economies of scale that allow them to mitigate these DDoS attacks.
But what that means is that's a centralizing incentive. So now we have a few companies that are offering this service, and those companies become central points of failure. And it's kind of, tangential to the to the Tor concerns because Tor, as a network that prioritizes privacy, inherently has, DDoS concerns because you can't, you know, like, if the protocol's working correctly, like, you shouldn't be able to block individual users. So it's it's a and the way Tor handles it is they handle it with these centralized directories, and that's what was getting hit. So, usually, when we see these protocols, the way they handle distributed denial of service is they handle it via increased centralization.
But as we know, that doesn't work if you're facing a a massive a a a masters massive pro censorship force that, you know, has regulatory powers over you. So, like, in in towards in towards threat model, they basically assume the US government isn't gonna go after them, which has been good so far. It's in the US government's good graces, and we take advantage of that. Bitcoin doesn't have that luxury. So so the way Bitcoin handles it is is pretty graceful. The way Bitcoin handles it is is essentially those transaction fees, allow you to allow you to mitigate massive spam on the network, which would essentially be like a a DDoS on the network. It's very, very, it's just slick how how that incentive model is set up, and I I think people don't realize, you know, how massive that is.
[01:02:25] Unknown:
Yeah. And on that subject, both Tor and, Didio was saying, the Tor project is actually, exploring using anonymous tokens. And when I say tokens, they did, specify that they don't necessarily mean with a blockchain. It could be with something else. But they, have indicated, I think since September that they are exploring using tokens. Not I mean, they kind of hinted at possibly monetizing them, but that is not the main use case. I think, I'll get their, posts. They say additional benefit of a token based approach is that it opens up a variety of use cases for Tor in the future. For example, in the future, tokens could be used to restrict malicious usage of Tor exit nodes by spam and automated bots, hence reducing exit node censorship by centralized services. Tokens can also be used to register human memorable names for onion services. That is good. I I side note that I think that's going to be a big one because if you've ever used if you've ever used an onion service, you know, it's a basically a random generated string, and that is not something that's easy to remember without pinning it somehow, which is kind of hard to do in a poor browser because it's built to not allow you to do things like that.
They can also be used to acquire private bridges and exit nodes for additional security. Lots of details need to be ironed out. So yeah, they are looking at ways, within toward itself of kind of solving that problem to change the incentives.
[01:04:07] Unknown:
Yeah. I mean, I think it'll be interesting to see how they play around with those, with those different models because I think something does need to be done. The incentives need to be, you know if if not a completely different network, but, I mean, that's a completely above my pay grade. I have a love hate relationship with Tourer where I we rely on it all the time, and I support the project. But but I think it needs to be more robust, and I hope it becomes, more robust over time.
[01:04:39] Unknown:
Wasn't there a proposal for a network, like, some, like, routing, like, basically, like, for a network, but I was using, like, lightning network. I think it came out, like, in 2019. It was, like, mesh 40 9 or something like that names. I can't remember exactly.
[01:04:56] Unknown:
Are you thinking of lot 49, but Yeah. Mesh Labs? Yeah. I think so.
[01:05:01] Unknown:
Yeah. Because there is, like, a it was, like, a basically, like, a toy network, but they use, like, basically, like, lightning to incentivize people, to be honest.
[01:05:13] Unknown:
Yeah. I mean, I guess, the the general concept I mean, I think their focus is was more mesh, related. But, I mean, you can you can do that kind of, you know, that kind of layout on a on, like, a non mesh infrastructure as well. You know, the general idea, I mean, is and it's what we see on the Lightning Network, right, which is an onion network, where the individual nodes are incentivized to route messages. And if you're an attacker, it should come with a cost. Right? And that cost is, a transaction fee. So so then then you have an incentive where an attacker it it costs more for an attacker than it costs for a for a good user, and you can reduce the, vulnerability to to these kind of, you know, large scale denial of service attacks.
But we'll see how that plays out. Freaks, you got anything else for us in the comments there you want us to touch on? Been really enjoying this conversation. Ben, Janine, you got you have anything in mind that you think we should touch on here?
[01:06:23] Unknown:
One thing, it was, it was mentioned at the very beginning of the show. Someone brought up, RSS, And I just wanted to point out, a lot of people don't know that, Aaron Schwartz. I'm sure most people know who Aaron Schwartz is, but a lot of people don't know he was actually the creator of RSS and Markdown. Markdown is what, Git, and in particular GitHub, although it has its own flavor of Markdown, he was the creator of that. So I just wanted to bring that up because a lot of people don't know that.
[01:07:01] Unknown:
I have no idea. I think something good to bring up was, were Mozilla. They were saying, like, we need more than deplatforming and, like, they didn't explicitly say, like, censor the Internet, but they were saying, you know, bring up, like, trustworthy trustworthy voices or something like that. And, like, so, like, that's a pretty, like, kinda scary thing to see. Like, I stopped using Firefox after I saw that post where people, like, I don't know. Your your browser should be, like, your your gate to the Internet. It shouldn't be, like, telling you what to go on the Internet and see. So I think, like, stuff like that is kinda scary too, where, like, I think me and a lot of other people I know switched to, like, like, on Google Chromium, like, an actual open source, browser, which is good to see. And, hopefully, that's a good trend we see going forward.
[01:07:49] Unknown:
Well, I mean, the browser's you know, the browser situation is kind of fucked. Right? I I well, you you were meant you mentioned, de googled Chromium. Right?
[01:07:59] Unknown:
Yeah. Yeah. That's like, it's open source and everything. You can It's, like, basically the only option at this point. Yeah. And you need it on your phone. So you kinda screwed that way too.
[01:08:11] Unknown:
Yeah. So, I mean, let's just backtrack here for a second and talk about the there's a concept here. There's this idea here that you can you can selectively filter out only bad content. And I I firmly in the camp that in order to protect the most vulnerable amongst us, you have to basically protect everyone en masse. Because if you don't, then then the powers that be in any individual power relationship will always, exert that power and control over the more vulnerable. I I both of you agree agree with that. Right?
[01:08:56] Unknown:
Yeah. A 100%.
[01:08:59] Unknown:
I mean, that's the that's the the gap. Right? That's that's where the the real disagreement is. Would you would you agree?
[01:09:10] Unknown:
I think so. Like, you know, like, Mozilla and Firefox might have, like, good intentions today, but, you know, 20 years from now, they they might not, and they could be, you know, using this to censor whatever they deem unworthy, which could be, like, you know, something that we deem perfectly fine. And, you know, if it's not a good, prescient dissent and, you know, these people could, like, very well abuse this power. Or even if we trust Mozilla, they could be, you know, threatened by a third party, like, you know, a a government or, you know, just a bad actor and, you know, screw over someone that, you know, needs, to use their browser for some reason or, you know, someone that was relying on that as infrastructure.
[01:09:53] Unknown:
Well, I mean, I I think us Americans tend to have an American centric view, but if if if it's it's easier for for an American and maybe do the same exercise if you're from another country to vision a country that you consider, has poor human rights. And and and if you if you're if if you think about a country like China, I think most Americans would agree that we can't trust, the Chinese government with choosing who can speak and who can't speak. So if if that is the threshold that that we agree on and we agree at that premise, how do we bridge the gap between understanding that as a concept, but thinking that, I I mean, I think a large amount of the country thinks, like, a Twitter or an Apple can choose what what speech is good speech and what's not. Like, how do we bridge that divide?
[01:10:46] Unknown:
Yeah. I mean, it's I I find it really hard to answer that question because on the one hand, I believe in the idea that, you know, if you're a private person or a private company, you're not beholden to, you know, what you're, you know, what you're kind of entitled to host or not host as a government is, you know, obligated to not censor people at least in countries like the US. But on the other hand, a lot of these big platforms, the reason they are so big is because the state makes it difficult for smaller players to to run, you know, their own infrastructure, especially infrastructure that's private and censorship resistant, do any actual meaningful degree.
So it's really hard because the you know, that's essentially where this kind of public square argument comes in is because they've effectively been given this kind of cushion by the state because of how they've you know, because they were either first into the field or because they had enough power from a, you know, resisting regulatory challenges in different ways to to kick out all of the competitors or at least limit the ability of competitors to get any good user share. I don't know. It kind of makes the question a bit murky to me.
[01:12:18] Unknown:
I mean, I kind of feel like the only real solution is, you know, we build and support platforms that that no one can easily censor by design, and then we just kind of just wait till enough people get burned to realize that it's an issue. Because I don't know how how you how you get through to people, if without without them getting burned. Like, if if you look at this last week, I I think a a a large amount of people woke up to the issue, and I think it's just kind of getting started. I think as as as more voices get, squeezed, as more people get cut off from the financial system.
As more private information gets leaked, people will start to ultimately realize that that they need to seek out better solutions.
[01:13:11] Unknown:
Yeah. And I mean weirdly enough, weird weirdly enough, apparently, Mark Zuckerberg, at a conference in 2019 actually so he actually said that he believes that the future of social platforms is private, which I find, I mean, he's the kind of person that says a bunch of things that are completely contradictory to the existence of Facebook in so many ways. So I I but I find it interesting that he said that.
[01:13:40] Unknown:
He means perceived private privacy. Right? And this idea that you can have, like, a group chat or something, but he he doesn't actually mean actual privacy, because that goes against their whole business model. But yeah. So so this is actually a perfect example here. Right? Is that people group have been using WhatsApp for years. Facebook has owned WhatsApp for years, the the number one chat application. And all of a sudden, people realized I guess, there was, like, this mass movement recently, like, this last week, I guess, something changed in their privacy policy or they had to disclose it because Apple forced them to disclose it. And, like, a bunch of people woke up. Right? And they just switched to signal. But they there was there's 2 key elements there. Right? It's, like, the people need to wake up, but then once they wake up, there has to be something that's, you know, relatively easy for them to switch to waiting.
[01:14:36] Unknown:
Yeah. And I think, I mean oh, you go ahead, Ben.
[01:14:39] Unknown:
And the sad thing is just, like, Signal is not even, like, a perfect solution where now, like, people might not have to be giving up phone numbers to someone they otherwise might have not had to. So, like, we really do need, like, alternative solutions, which kinda sucks. But, I mean, hopefully, people are working on these things now.
[01:14:57] Unknown:
Yeah. I mean, I'm I've used signal before. Like, I have general I don't use it anymore. I'm I mean, I have, I have a phone for circumstances where there's no other option, but, like, it's almost never on. And, yeah, I find it as a as a generally phone free person, I'm I mean, I would say that in general, I would trust signal a lot more than WhatsApp slash Facebook. But at the end of the day, it's the same model, and the model that I'm worried about is the fact that, you know, it's based on this idea that a phone number is an identifier. And I really hate that because, phone numbers are not good identifiers. You don't own them. You don't control them. Especially if you're in the US, your phone number can, in most circumstances, so easily be taken away from you, just by knowing some small details, and a lot of which is public, in a lot of cases. So I I just I'm not a fan of any application that requires a phone number to use it. And in signals case, they are trying to get away with it, but so far, they are still the requirement of the phone number as a security measure.
In fact, they they say that it's a way to prevent spam, like their services getting overwhelmed or at least that's what they said before.
[01:16:30] Unknown:
So related to that, topic of yeah. It's a it's a centralized KYC method of handling a denial of service.
[01:16:40] Unknown:
Yeah. Well, I mean, I don't know if I would call it it's kind of debatable how much signal knows. I mean, the the I mean, if anyone doesn't know if they store their stuff on Amazon. Yeah. I mean so the supposedly, the way that signal has designed their infrastructure, they don't know your phone number, explicitly. But still that yeah. So that data though is still being stored on Amazon, which I like so much so much is stored on Amazon. I'm yeah. In in terms of, like, centralized adversaries, Amazon's a big one for a number of reasons.
[01:17:19] Unknown:
So let's unpack this for a second. I mean, signal is obviously, I mean, Ben said, it's not perfect. I mean, it's clearly not perfect. The the two main things is the the phone number requirement and just the phone requirement in general. I mean, you can't, you can run it on on a computer, but you need to have a phone that basically is relaying the messages to the to the desktop client. It's not a true desktop client. And the phones in general are are, you know, it's it's very difficult to secure a phone privacy wise, so you're opening up your users to to that risk. But I think it's important to make it to it's it's an important point to make to the freaks that we're you're never everything has trade offs. You're never gonna see something you're never gonna see something that's perfect.
Signal can get deplatform from AWS just like we saw it happened to Parler. They haven't, though. So if they can get away with a little bit of centralization, for additional convenience, then there's an argument to be made there, right, that that maybe that trade off balance is the best balance for a lot of people. Like, I mean, if you if you hear you hear Moxie talk about the phone numbers, with signals phone number requirement, and he says, you know, for the average user, they find it as a blessing. They they it it's a convenience for them because the average user joins, and they just already know which contacts are in signal. And, I mean, if you're an Android phone, it basically works like Imessage, right, where you can use it as your regular text client. And if if the other person has, signal, it just automatically switches to signal rather than SMS.
So there's a convenience argument to be made there, and I I think this is the type of trade off balance that we basically see all the time in our day to day lives. Right?
[01:19:12] Unknown:
Yeah. I mean, as, I think it was a a CoinDesk article about cyberpunks, and there was a line in there that said something like, using signal is the equivalent of, like, smoking, smoking weed once in college in terms of the cyberpunk ethos. Like, it's a good onboard. And I I would definitely say I would prefer people using signal to something like just plain text SMS messages, that's monumentally an improvement. But in terms of censorship resistance, at the end of the day, it's not it's not any different, especially with, the requirement of a phone number.
[01:19:58] Unknown:
So if if we're gonna go full, you know, full hard o here, right, and you you have if if we end up in a situation where the most powerful governments in the world, and and the corporations that reside within their jurisdictions, are are doing active censorship. Right? You know, specifically, Amazon. You know, if if if Amazon starts deplatforming more private like, privacy focused services such as signal, we're gonna have to move to a something that Bitcoiners know very well, a user own node model. Right? Like, a almost like a personal server, self host, everything kind of model.
That is always seemed like the holy grail, you know, to a lot lot of sovereignty people, but, I mean, it comes with a massive convenience trade off. Right?
[01:20:59] Unknown:
Yeah. I mean, I think the intermediate stage for something like that would just be, you know, especially if you live, around people who have similar interests and needs, then you would have, you know, at least one person who is self hosting who then provides it for everyone else around. And should to answer the question on yeah. So in terms of encrypted messaging apps, I I use a lot of different ones, and I use them for different things and also even different people. So I have Keybase. I've had Keybase for a very long time prior to it getting acquired by Zoom last year, I think. I can't remember exactly. And I do Yeah. It was definitely
[01:21:47] Unknown:
it was definitely during the pandemic. Go on. Continue.
[01:21:50] Unknown:
Yeah. So I I know I can understand to some degree why they made that decision. I think in terms of the product that they're offering, I think it's, like, on the completely opposite spectrum to what Zoom has shown that it's interested in in terms of privacy. But at least the client, not the server, unfortunately, the server code, but the client for Keybase is still open source. I haven't seen any changes that would indicate something worrying on that end in terms of Zoom putting pressure on them to, I mean, even integrate Zoom. I think they said they might do that at some point, but it doesn't look like it was, looked unfavorably at all. So I do I am definitely concerned about the fact that Keybase is now is now owned by Zoom, and that may be a threat. And so I've even before that, though, I've always treated Keybase as kind of, like, encrypted Twitter DMs. So, like, whatever I would relatively feel okay saying in Twitter DMs, I will say in Keybase and maybe a little more than that, but I don't use it for anything super sensitive. I do think that there the fact that, you know, you can control your own key with it, you know, independent of Keybase.
You can also generate it with Keybase that is not ideal. But, yeah, I think it it's all a matter of, like, what are what are the various options? What can you use them for? And what's the threat model in using them? So Keybase, I prefer people to use that rather than DM ing me on Twitter, for example, where, you know, Keybase has this whole social network thing. So if someone wants to contact me, you know, it's someone that, you know, if they're following me on Twitter or whatever, then that's already public information. I'm not trying to hide that I'm connected to them or something. So it's just that that's I treat it like an encrypted version of Twitter, sort of.
But in terms of, like, your main app, definitely, Keybase is not at the top of the list.
[01:23:47] Unknown:
Yeah. So to the freaks listening to this on the podcast feed, one one of our freaks, Pedro, he asked, Janine what she thought about Keybase, which triggered that, discussion right there. You know, I tend to agree a 100% with what you said. I think an important thing for the freaks to realize here is that that Keybase is open source software. You know, the code could have more eyes on it. You know, the more people looking at code, the better to keep them honest. But it is designed in a way to be end to end encrypted. So the idea there is between the combination of end to end encryption and the fact that it's open source and you can verify it, it means that you don't have to trust the company that's running the servers, with the contents of that message, which I think is a very important distinction. I mean, obviously, there could be certain things that happen there, but but that's, like, the the base standard that I think we we wanna see in all of our tools and services that they're designed in a way to reduce trust in the overarching company as much as possible.
And then they're open the code is open so that we can actually prove and verify that. Do you keep in mind though Yeah. Go on.
[01:25:05] Unknown:
To actually, like, do that entire proof to yourself too, like, you'll need to either build it yourself or, you know, like, PGP verify your download and everything and not get the automatic updates and all that stuff, which is a huge barrier for entry to a lot of people that likely aren't doing that, which
[01:25:22] Unknown:
is another There's trade offs everywhere. Right? But but I think as a base standard, if that's the expectation, ideally, you have some people that are doing it. Right? So at least, you know, users might get fucked, but at least the alarm will be sound, you know, like, someone I it might be after the fact, it might be too late for someone. They've already lost their privacy, or in the case of of of, malicious Bitcoin software, maybe lost their coins. But, at least at least it would be known. Right? Yeah. That's true. Like, it's strictly better than if you compare it to something that's closed and not end to end encrypted.
[01:26:05] Unknown:
Oh, yeah. A 100%.
[01:26:08] Unknown:
Before we got on a key based tangent, Janine, you were saying something pretty interesting. You had it I I was enjoying where we were going with that. I guess we were talking about we were talking about personal servers and and the convenience trade off that that that entails.
[01:26:28] Unknown:
Yeah. I I think the last thing I said before I went to the key based question was about how I think the intermediary step will just be having, you know, a more localized, kind of community rung thing where you know the person who is self hosting the infrastructure and maybe they're, you know, they're the skilled one who knows how to handle that, and they can, you know, an individual or a group of people who know what to do can host for their local community or their friends. Maybe they're not living near each other physically, but I feel like that's the intermediary step because at the end of the day, most people, whether it's because they don't have the money to build up the infrastructure or the the the knowledge to know how to do that properly.
A lot of people most people are not going to do that. So I feel like at least the intermediary step is going to be just, you know, a group of friends or some families who know each other to do that together.
[01:27:34] Unknown:
The uncle Jim model.
[01:27:35] Unknown:
Yeah. The freaks out model very well.
[01:27:40] Unknown:
I think that's a it's a good starting place too because, like, for, you know, for some people, like, getting a whole server rack is, like, know, it's completely untenable. Like, yes, like, my mom did that. She'd, you know, just be like, I'm never doing this. So it it is a good thing, like, if you do have that, you know, the quote unquote uncle gym to be able to set something up. And it's, like, you know, our hardware is getting cheaper and cheaper. Like, you can get a Raspberry Pi, like, 3 for, like, $20 or something. So, like, it it could be doable and, like, it's not exorbitantly expensive where it's not like, you know, you're keeping a barrier to entry from, like, a lot of the, like, poor parts of the world.
But we do need to actually build that software. I don't know. At least, personally, I don't know any messaging that is, like, self hosted, like, the uncle Jim model kind of thing.
[01:28:31] Unknown:
Yeah. I mean, I I've been kind of bullish on the uncle Jim concept. But when I talked to a lot of old timers, they were like, that's kind of what, you know, everyone was always saying, and then it just turned into the cloud model. So I don't know if we're just, like, in our little bubble, but I think that that's kind of what we should try to achieve. Because, I mean, as Janine said, like, I don't think I I don't think we can really expect that many people at scale. I mean, look let's look at Bitcoin nodes, right, which has, like, a massive incentive to to use your own node. Right? And very low burden.
Even with that, we don't see many people running that or using their own node. I mean, what what do we think the upper end of that is? Max, like, a 100000 people?
[01:29:23] Unknown:
Yeah. I think around there is probably right. Like, any like what you said, it's a huge incentive where, you know, you could lose, like, potentially, like, 1,000 or 100 of 1,000 of dollars if you're not running your own node. So, you know, it is kind of bearish for the the home node thing, but, I mean, if you do build, like, something or, like, something that people actually really want, you could, like, get people over there. But, I mean, we need to actually build that, which hopefully, someone does.
[01:29:53] Unknown:
But but overall, ultimately, that's where we wanna go. We wanna go to easy self hosting, make it as easy and and accessible as and allow people to basically operate as as, like, a localized cloud, if you will, for for either their neighborhoods or their friends and family. And then all of a sudden, you have a way more distributed model, that that is more censorship resistant. So that that would be absolutely fantastic to see. And that's what I've been dedicating, like, a lot of my time to is is these, you know, sovereignty boxes, if you will. But, I mean, on top of that, I mean, you still have major infrastructure issues that even if you have the self hosted box in people's homes, I mean, we just go right back to the Tor conversation. Right? And then you're relying on Tor actually working.
Otherwise, like, you can't you can't make that that that future doesn't happen without tour as it stands right now. It's it's fully reliant on Tor. Alright. Hopefully, we have, you know, either Tor 2.0 or a a new and a new protocol in place. But but right now, as it stands, we need tour for it. Right?
[01:31:02] Unknown:
Also, like, you're back to, like, your very first conversation, you get back to like, the app stores could censor you if you wanted to, like, make it usable from the phone unless you, like, side load the app onto your phone, which, you know, you're not gonna be able to get the normie to do. So, like, you still have another
[01:31:16] Unknown:
centrist See, this is where, like, I feel like we get ourselves into holes. You know? Like, here we are, an hour and a half into the conversation. Right? And and we've talked about all these, you know, more intimate things or these more sophisticated things. And and, ultimately, the sheer fact that you can side load an app on an Android phone is a massive improvement over something like iPhone. Right? And how how many people have actually side loaded an app or needed to. Right? There's just, like it's just a lot of nuance. There's nuance everywhere. Yeah.
So I have a question from a freak in the comments, Peloponnesian. Shout out to you. Number one privacy book to read from both of you. Start with Janine.
[01:32:06] Unknown:
I can go first. So my I wouldn't I I it's it's really hard for me to say which is the number one book, so I'm just gonna go with one that I think is really good and kind of undervalued, which is, a book called The Maximum Surveillance Society, The Rise of CCTV by Clive Norris and Gary Armstrong. It was written, long ago enough that it's actually I think it was 1999 that it's, actually available on the Internet Archive, which you can loan from. They have a book, a digital book lending program. So if you want to read it, it is freely available. But I recommend that one because it was written, you know, in the relatively early days of the Internet.
And I think it has a lot of good points about, you know, privacy at a point where, you know, we we were really considering it from so much the, you know, the the apps and serves and such we were thinking or at least he was thinking about it from the standpoint of just cameras, everywhere, which is I mean, the classic image of surveillance is a camera. And I guess that was the starting point for much bigger things where we're now putting the we're doing 1984 all on our own by putting the cameras and microphones in our own houses of our free will.
[01:33:36] Unknown:
I would recommend No Place to Hide by Glenn Greenwald. It's about, like, Glenn Greenwald's the guy that broke the story about Edward Snowden, the NSA, and all that stuff. I think it's really into, you know, like, how perverse, like, the US's surveillance state has really become and talks about, like, you know, like, why this could happen and how they do this. And it's, like, it's a really good read and, you know, it's pressing for the current times, and you get to learn all about Snowdon.
[01:34:07] Unknown:
Yeah. On the subject of, usability, there's a great story in there. If anyone doesn't know when, Snowden was, trying to get in contact with Glenn Greenwald, Glenn was not really using PGP at the time, and so, Snowden was like he, he includes in the book the fact that and I think Snowden also wrote about it in his book. But, yeah, Glenn includes the fact that, like, he, frustrated his source by not using PGP.
[01:34:40] Unknown:
I mean so, I mean, like, PGP is, like, a perfect example, of of the trade off balance we were talking about earlier. Right? It's because PGP has been around for a long time. I mean and if used properly, it solves, private messaging. But the problem is it's so inconvenient to use, you know, it's it's so inconvenient to use, period. And it's even more inconvenient to use in a secure fashion, that it just hasn't had the kind of uptake. And then so you compare that to something like signal, and and people a 100% agree that PGP is a pure one. Right? But signal's the one that probably has sent more encrypted messages than than all the years of PGP combined. But I appreciate those book recommendations. I mean, I the easy one is extreme privacy, by Michael Basil.
Everyone should give that a read. That's a good one. What else do we have here? We have a couple more questions. Twitter exodus to Mastodon. What do you guys think about Mastodon?
[01:35:52] Unknown:
I mean, I've had a I've been on the Bitcoin hackers Mastodon instance since at least a year, I think. I mean, I don't I don't post too much on Twitter, anyway, and usually yeah. I mean, I haven't I haven't fully moved to Mastodon, but I definitely, recommend people should go there just because I mean, one thing, the the character counts a lot bigger. So if you want to do your massive threads, that's a lot easier on Mastodon. I also cross post my newsletter there as well.
[01:36:31] Unknown:
I've been liking Mastodon a lot. Hopefully, this this time is different, TM, and, people actually stay. But, it's been good. Like, this kinda feels like more like the Bitcoin hang where, you know, we don't need to, like, fight with central bankers or Peter Schiff or whoever. We just hang out and share Bitcoin meetings and talk about things we actually care about. Yeah. It's it's been good. I I I've been looking into, like, maybe setting up my own instance too because I feel like that'd be a really fun experiment, and I hope other people try that out too.
[01:37:03] Unknown:
So, I mean, that's kind of it's kind of interesting. I mean, you know, I'm also over there in the Bitcoin Hackers instance. Mastodon had been there for a couple years. I think people look at it the wrong way. I don't think it competes with Twitter. I think these these centralized platforms allow you to, you know like Twitter, these massive centralized platforms let you cheaply, and easily broadcast out to the world, and at at the cost of censorship resistance. So Mastodon's actually really interesting based on the trade offs we've been talking about, because it kinda does sit in the middle there.
Anyone can run their own instance, which is basically a node, their their own server, and they can either use that themselves or they can uncle Jim it, and they can have other people use it. Right? And and you can you it's a federated model, so you can interact across those instances. So it provides some competition, in a more open environment, with with the ability, as Ben said, is you can just run your own instance all by yourself, and that could just be then all of a sudden we're in the personal server model. Right? So so it it is a pretty cool project.
It should be interesting to see how it plays out. I'm I'm kind of cautiously optimistic at all these different, like, open source social media derivations, you know, and and, hopefully, we can move away from these massive centralized platforms because it's gotten it's gotten really, really bad in that respect. Randy McMillan, yes, does mention GPG Suite on Mac did change the game in terms of using PGP. But, I mean, people shouldn't use Windows, but it's it's a pain in the ass on Windows. It's actually pretty easy on Linux, but, I mean, when people see the command line, they get scared. And I think it's important that people realize that the UX is almost as important, as the actual what's going on in the tech in the background. You know, you you need because with privacy, it's just so easy to shoot yourself in the foot, especially.
So if if if a tool is set up in a way where it's possible for a user to shoot themselves in the foot, you gotta assume that most users are gonna do it. Yeah. Yeah. So yeah. Sorry about that. Yeah. So, I mean, I just wanna thank you guys for joining the conversation. I respect both of you a lot, and that's why I asked you here for the 4th episode of this new show. Sorry. It got off a little bit slow here. You know, I'm still trying to to get used to this format, especially in a cabin in the woods when my Internet is we were talking about intermittent connections earlier. Yeah. That's what I'm experiencing.
And I wanted to thank the freaks for joining us again, especially the freaks that are joining us live, but also to all the freaks that are gonna listen to this after the fact. We're gonna have another episode of Citadel Dispatch next week, same time, 5 PM, 22100, 5 PM EST, 22100 UTC on Tuesday. We're gonna have rabbit hole recap on Thursday, at 5 PM, I believe. Also gonna be a live show. So definitely show up for both of those. We'd love to have you. Janine, Ben, I appreciate you guys a ton. I'm gonna throw up for our our our viewers. I'm gonna throw up your your Twitter tags. Those are also their tags on Mastodon atj9roemandat Ben Necarman.
Thank you guys for joining us.
[01:40:53] Unknown:
Thank you. It's fun to be here. You. I'll stop in the beginning.
[01:41:29] Unknown:
That's why I love the moon. Every night, it's there for 2.
[01:41:40] Unknown:
It's constant,
[01:45:13] Unknown:
Just be kept for where you look for love. You can stop it. Love you freaks. Stay humble. Stack sets.
Category because that's what that is. 39,000. Where's it going?
[00:00:08] Unknown:
I mean, can you play the clip in 2,012 and 13 when it was at 200 and everybody was laughing at me on CNBC every time I would talk about Bitcoin? Where is it going? It's probably going to a 100, then a 150, then 200,000. In what period? I don't know. 5 years, 10 years, but it's going there. And the reason is because every time you see all of this stuff happening, it just reminds you that, wow, our leaders are not as trustworthy and reliable as they used to be. And so just in case, we really do need to have some kind of, you know, insurance we can keep under our pillow that gives us some access to an uncorrelated hedge.
And it's going to eventually transition to something much more important, But for right now, you're just getting all these data points that prove this thing. It's just the fabric of society is frayed. And until we figure out how to make it better, it's time to just have a little, schmuck insurance on the side, and everybody's running in. It's just an incredible thing. I could never have imagined it. Good to be a schmuck, I guess, if you got if you got
[00:01:49] Unknown:
Hey, Freaks. It's your boy, Matt Odell. Sorry about that little technical mishap we had there. Thank you for joining us on the rebroadcast. This is Citadel Dispatch episode 4. I'm joined by my friends, Janine and Ben Decarman. I'd like to welcome them here to the show. I wanna thank all the freaks for joining us live. Without you, we couldn't do this show. And it's been a pretty crazy week, so the topics I wanna cover mostly the focus I really wanna have here is on censorship, privacy, and open source software because I think these last few weeks have really highlighted to a lot of people what the 3 of us, have been talking about a lot lately, which is the need for more ship resistant tools and platforms, available to individuals.
So with that being said, let's get this party started. Janine, do you wanna give a brief intro, on how the freaks, what what your focus has been in the last few years?
[00:02:59] Unknown:
Yeah. Hi, everyone. For anyone who doesn't know me, I'm an investigative journalist and privacy researcher. Middle of last year, I started a newsletter called, This Month in Bitcoin Privacy. So if you want to specifically know about anything, related to privacy in Bitcoin, that's what I focus on. I also do other work, but that's mainly the Bitcoin stuff. I also have a shout out to, John Spahary for reminding me. Worked on wallets recovery with, with, I just my brain is a bit dead right now. Yeah. Worked on recovery, which helps with, which which helps with, if you have issues, like, importing your, your keys or your seed to other wallets and and are struggling with that, it kind of explains why that's the case and what which wallets are compatible with each other.
[00:04:11] Unknown:
That's great. And, no don't don't worry about being a little frazzled here. I think we all are, after my little technical issue there. Ben, how should people know you?
[00:04:25] Unknown:
Hey, guys. I'm Ben. I've been in Bitcoin for, like, 3 years now, and I've been doing Bitcoin development for about 2 years ish now. Started at, like, Bitcoin Core, just basic stuff, and then worked out with Sabi for a while. And then for the past year, I've been at doing, discreet log contract stuff.
[00:04:48] Unknown:
Thank you for introducing yourself. I just put the link to this month in Bitcoin privacy, Janine's most recent, newsletter, into the comments. Everyone should go check that out. I really have been enjoying them. So thank you for that, Janine. I guess let's just jump right into it. We had the sitting president of the United States got removed from, from Twitter completely forever. And I think all of a sudden, people are starting to realize that if it can happen to one of the most powerful people in the world, then maybe it is actually happening to much, you know, much more vulnerable people, all the time.
And, let's I I think I think I think it'd be good to shed some light on on what this particular issue is, this idea of deplatforming, this idea that that you can basically remove someone from an online platform, and and what are the implications of of that for us going forward?
[00:05:59] Unknown:
Yeah. It's been a real crazy week because it it wasn't just, like, the present. It was, like, lots of, other things. Like, Ron Paul's, like, page got removed off Facebook and, like, seeming and, like, some, like, even some, like, stuff from the left got removed that, like, seemingly was unrelated to Trump. So it's been, like, a huge purge from social media, and it's like I don't know. I think, like, Gab and, like, Mastodon have been getting huge influx of which is good to see.
[00:06:32] Unknown:
So, the the issue is bigger, I think, than so so so I'm I'm gonna how do how can we unpack this? Let let's unpack this a little bit because we had we literally had Parler, right, which is one of these competing Twitter like, services. I guess it was it was a relatively new service. It had, you know, it it was it was a very amateur hour type of operation they seem to be having over there. They didn't have very good security, policies in place. But besides all of that, Amazon, AWS, removed Parler from their service. They deplatform them from the actual cloud servers. You know, Amazon's cloud servers are running a a large majority of the Internet, and Parler's operations were part of that, and they removed Parler from there. And then app before that happened, Apple and Google removed them from the App Store. So we have we have multiple different things happening. Right? We have we have, like, platforms on platforms on platforms. Right? So so, like, for so so you have the individual user who is being hosted on a platform. You have that platform, which is then also is being hosted on a cloud server somewhere, and then you have the actual app distribution, which is going through these controlled walled gardens.
And wherever you have the central point of failures is where you you tend to see pressure happen. So let's unpack it even further than that. Janine, now she's no longer having cat problems. Janine, why is free speech important? Why is the ability for anyone to to interact interact freely online so important.
[00:08:20] Unknown:
Yeah. Just to insert really quickly, I blanked on Rodolfo Novak's name because I was staring at my cat about to push something off of a bookshelf. So, that is fixed now. But yeah. So I actually gave a talk in December, called financial cancel culture about the link between freedom of speech and money, and how censoring financial access, and also just limiting financial access in general can affect, speech. And so, yeah, I definitely think that in terms of, recent events, but also I mean, I I covered mainly events that happened just in November December in my presentation, and there was quite a lot. I focused on that because there was just so many examples that I could give.
Obviously, the most prominent one that most people know about is, when WikiLeaks, published the diplomatic cables. And then, you had various payment processors and even banks, kicking them off. Not for any real, explicit reason in most cases, and not saying no whether there was any pressure, but I think it's reasonable to assume that there was pressure at a very high level to do so. But even if there wasn't, that without Bitcoin existing, I could I think I could reasonably say that WikiLeaks itself may not have continued to exist after that point, or at least it would have been significantly harder because they're at the moment, I think they're still relying on, basically other institutions to accept donations on their behalf, which, you know, that works, but it's not the best.
So in terms of journalism, which is my focus, I definitely see the value in in having a money that is censorship resistant because, like, WikiLeaks is and a lot of other people now are skilled in, you know, finding ways to at least make their platform censorship resistant. There's a lot of different methods for that that don't have anything to do with Blockchains despite many attempts at that in recent years. But a lot of them haven't really looked at money. And I think, you know, examples like WikiLeaks, but also others, they're the only people who have really considered that and actually been willing to experiment with things like Bitcoin, which is, you know, back in 2010 was so much smaller, and that was, you know, it's always this rumor that, part of the reason that Satoshi went quiet is because one of the last messages he, she or they posted was about the, hornet's nest being kicked in terms of WikiLeaks possibly accepting donations in Bitcoin.
And weirdly enough, I still think that a lot of Bitcoiners have that fear of even talking about, the case or trying to link Bitcoin with that in any way, which is unfortunate because I feel like, you know, if one organization if you can't even talk about an organization accepting Bitcoin, is Bitcoin really censorship resistant? If you're afraid about that.
[00:11:48] Unknown:
Yeah. I mean, I I I think that's an excellent point. And and the you you touched on something that was that that is really key there, I mean, for us as Bitcoiners, which is that oftentimes, the financial aspects are what gets squeezed first. And if if if if you're able to defund a particular movement, you're able to prevent them from raising funds, you're able to prevent maybe a independent media personality or individual from monetizing their work, then you're able to essentially censor their speech even if you're not stopping the specific speech because you're making it so that they, they're not able to fundraise. They're not able to support their operations.
But this is a a phenomenon that we've seen growing more and more over the years. I mean, most recently, I think a a big element of, the financial censorship side, has been I think it was called Operation Chokepoint, which was against, I believe, sex workers and, marijuana businesses. And and these type of businesses are are and and you see the trend here. Right? The trend is is you basically put a business or entity in a bad light. You you you equate WikiLeaks with with terrorism or, foreign governments. You equate marijuana and and sex working with, you know, illegal distasteful activities, and then you're it's easier for you to go and censor them. And and that's exactly the MO we've seen, on the speech platform. So so it comes down to what is the solution here, as our as our lives get more and more digital. And is is that solution really, as some have said, like, competing platforms. Right? So if Stripe censors you, well, do you go to Cash App? Or if Twitter censors you, do you go to a Gap?
Alternatively, we've seen that because of the way our our our tech situation is set up, our tech infrastructure is set up. There's so many choke points that prevent those companies from even competing in the first place. So I would argue, and I I think you guys would tend to agree with me, that the real the real solution here is some type of tech based solution. We we basically need networks and protocols and tools, that that can't be censored by an individual, whether you like it or not. And that's the only real way to to protect speech and or and to tangentially to protect privacy, I would say, is the same thing. Ben, what are your thoughts here?
[00:14:30] Unknown:
I completely agree. Like, I mean, I think, like, this week kinda proves how much, like, competing platforms, like, isn't really the solution because, like and there's, like, that picture from, like, Fox News of, like, 20 different platforms that banned Trump. And then, like, we saw, like, the actual Twitter platforms, you know, like, Parler. Like, it got delisted from both app stores, and a d AWS stopped hosting them. So, like, you can try to create a separate platform, but it's still, like, it's still another central point of failure that you're relying on. It's just a different central point of failure. So, like, building a actual decentralized alternative where you actually have, like, censorship resistance and not just relying on some other party is a much better alternative. And, I think we're people are recognizing that a lot more now, and there's hopefully some people are waking up and realizing, like, we need to build these, like, censorship resistant platforms or protocols, for things, like, other than money.
[00:15:28] Unknown:
So I think, like, an interesting way of framing it, is is is this idea, like, the when you when you see this this censorship coming from a, a a central body, it it tends to be the playbook tends to be to do 2 things, to identify critical participants, and then pressure those participants. So I I think when you're looking at tools, that are trying to help further the goals of censorship resistance. I think, like, the two main things that we can benefit from is is making it more difficult to identify the specific participants. And even if you do identify the participants, make it so each in participant doesn't have, you know, any kind of real significant power over the others.
Otherwise, you can find 1 and you and you can pressure them. And so a key element here is free open source software. Because if if if we do not have free open source software, then you always have some kind of centralized company, sitting here and operating, whatever tool you're using, such as Twitter, and that company can get pressured. I was hoping, Janine, that you could, help enlighten the freaks, you know, why why open source is so much more powerful, and and why is it why it's basically absolutely essential, for us moving forward.
No worry if you disagree with me.
[00:17:04] Unknown:
Well, one thing I thought was interesting. I don't know if you guys looked at the notice that BitGo received that, you know, they had, basically violated US sanctions because they had supposedly, hosted wallets for users that were connecting from the banned countries like Iran and Syria and such. I thought that was interesting because that happened around or that notice was published within days of a similar notice that was in the complete opposite direction from GitHub, which for anyone who didn't see in 2019, there was this controversy because GitHub was suddenly limiting, access to developers from Iran, and they were citing US sanctions as the reason. And interestingly, very unless I can't remember the date when it was posted. It was the last week or so. But, they posted an update saying that they had actually applied for a license to be able to offer their services in Iran.
And the argument that they gave was that they basically said that the freedom of information benefits of making their services available for developers there should it was greater than the need to impose to basically deny it on the basis of imposing economic sanctions, which I thought was really interesting because, basically, it was saying, you know, the the the value of, you know, offering these services and having people from Iran contribute to open source software was, was outweighed or it no. It it outweighed the the desire for the government to restrict that.
So I thought that's interesting that those two things happened at the same time even though they went in completely opposite directions.
[00:19:00] Unknown:
Right. With GitHub, they actually got a they got approved. Right?
[00:19:05] Unknown:
Yeah. They they Yeah. Yeah. Their license got approved, and they say that they're going to apply for licenses for other countries. At the moment, they just have Iran. But, yeah, it's unfortunate that the same argument can't also be made for money, but, obviously, money is perceived as much more political than simply software, hosting, unfortunately. But, I would argue that Right? Very similar.
[00:19:37] Unknown:
I, well, I was surprised about BitGo, or I was surprised about GitHub? No. BitGo, what didn't surprise me, and we can get back to that. But but the the, you know, the reversal on GitHub allowing Iranians I mean, I I was pleasantly surprised at that, but I I did not I don't think that's something that we can really expect going forward. Right? It caught me off guard.
[00:19:59] Unknown:
Yeah. I mean, I yeah. I wasn't expecting it. I mean, because as everyone should know by now, GitHub is owned by Microsoft. So I'm guessing that the reason they were able to do that was maybe Microsoft stuck its giant foot in there and said that they wanted to support it. I have no idea what stance Microsoft, may have taken in those kinds of negotiations, but, I mean, it is good that, that that argument that they made was successful, because I didn't even know that I didn't I wasn't even aware that you could actually apply for a license to basically ignore the sanctions under certain circumstances.
But, I was surprised that it sounds like they made the argument that, it's it's important for, spreading intellectual freedom or something.
[00:20:52] Unknown:
No. Yeah. I mean, a 100% great to see that. You did have you do have a good point there that it kinda hits both ways. Right? These big companies, it's it's more likely in in some in some ways, it's more likely that they can, you know, bend the rules in their favor, and get a carve out for themselves for Iranian users in this case. But then other times, I I they're almost bigger targets, and that they'll be more likely to have to comply because, because they are one of the largest companies in the world, and and the governments have more leverage over them.
Like, sometimes I want you you see, like, these smaller a lot of times, you'll see, like, these smaller start ups, and they might not do any kind of geo blocking. And then once they get bigger, then they have to. Just to go back to BitGo, that's really interesting because what we're seeing here is is basically it was a non custodial wallet with BitGo. It was a noncustodial Bitcoin wallet. They weren't holding anyone's Bitcoin, but they were providing, infrastructure. And, so they knew the IP addresses of their users. And and one of the issues is is using IP addresses to mass classify users is that you can use a VPN to, you know, fake an IP address or have a different IP address, located in a different country. So what happens after that is what we usually see is justification of KYC, which is which is mass data collection of users to make sure, that the user is who they say they are and to censor appropriately.
Ben, you've been you've been awfully quiet over there. You you wanna talk to the freaks a little bit about why, you know, why KYC concerns us so much?
[00:22:47] Unknown:
And it says, like, KYC is like a it's a double edged sword where, like, one, you're, like, you know, you're giving up this info that now, like, you, like, you don't wanna give up. Like, if you're just giving us info to Ditko or whatever, like, they can use this information against you, and, like, you shouldn't need to do that. It's a huge hassle, and you're, like, putting yourself up for, like, risk because, like, we've seen countless times where, you know, Bitco could get hacked, and now they're selling this data on the market, like, what we saw with Ledger earlier this, like, few months ago where now, like, there's just a huge, entire database of people that own Bitcoin and, you know, they have their, like, their house address and phone number and full name and, like, if you had something like that where it's if you're doing it even full KYC, we're giving up a something like a driver's license or a Social Security number, now you can be at risk for, like, someone stealing your identity and then someone could, you know, open up credit cards in your name and, like, really screw things up. And, like, it's a huge problem in America. I think, like, a quarter of Americans get their identity stolen in their lifetime, which is utterly ridiculous. And, like, that's thousands of hours that people are spending not only, like, getting wasted by, like, having to deal with that, but then, like, the like, if they don't catch it, they could actually, like, ruin parts of people's lives. And, like, these people have no reason to be able to give up this information. Like, you know, I should be allowed to use BitGo services if me and BitGo want to use it, but, you know, some people don't like that.
[00:24:19] Unknown:
Yeah. I think there's kind of 2 aspects to KYC that are harmful. The one is, the one aspect is for people who even have information relevant to KYC to begin with, which is that, you know, once you enter that, you're as you said, you're at risk of, identity theft. You're at risk of things like, the ledger data breach happening where, you know, potentially thousands to 100 of thousands of people, if they didn't use, you know, if they didn't obfuscate their identity somehow or obfuscate their, shipping location, whether that's a, in a lot of cases, it was probably a home address, then you basically open yourself up to anyone with the motivation to come and find you with the knowledge that, you know, you have some interest at least in a, volatile, asset.
The other aspect of KYC is that from the start, it blocks out anyone who doesn't have the identity, documents necessary to participate in the system by going through the KYC process. Like, if they don't have it, they don't even get the choice of whether to participate because they don't. They whether to make that, take those privacy risks. They just don't have the option. So that's also an issue. And so, you know, at on one hand, that means, you know, you're, you know, financially censored in the sense, and your speech in effect can be censored as well if you've not if you're not even allowed to join these platforms because you don't have the right documents.
But then also, you can be censored if you say something that is not acceptable to that platform, and they don't wanna host it anymore, and they kick you off.
[00:26:11] Unknown:
Yeah. Like, that it's like a huge deal where, like, now, like, say if I I don't know. If if you're a sex worker and you have to and you wanna use, like, someone's service, like like, if I'm, like, wanna have a wall at Bicco, it shouldn't matter, like, what my job is. Like but if you have to, like, submit an ID, they could, like, do some cross check and be like, oh, this person does this job that we deem inappropriate, and now they block you from the service, which, like, they shouldn't be like, they shouldn't have to know who I am and, like, they shouldn't need to be able to do all that stuff. Like, it's it'd be so much better for, like, both parties if they could just ignore that and just, like, offer the service and honestly.
[00:26:49] Unknown:
Well, I mean, that's the thing. Right? It's, like, all these arguments are made, that it's to protect the users, or at least we often hear that. But, ultimately, this data collection is ineffective, because criminals can buy, KYC information, fake information. They can steal fake information. All that information find usually, it it you should assume that it's gonna leak, because companies have hard time securing that information. So so, really, it's not only does it put users in in massive risk in terms of their private data, but it's not even effective because it creates this loop where that private data is such a honeypot, that it can then be used to circumvent any kind of, compliance benefits that they so called compliance benefits that they could possibly get out of it, that they pretend they can get out of it. Ideally, if we were talking about protecting the user, that that that service, that company, that tool should know as little as possible about them.
Compounding that on top of that, we have a Internet model, a monetization model on the Internet that that is the main monetization model that's gotten widespread use is really, the monetization of user data and advertising to them. So, you know, many of our most profitable companies not only are are required by regulation to collect intimate data on us, but they actually have an incentive system in place to to make money by collecting additional data on top of that. And then I I I don't even know where to put this, but, Americans know about the Equifax leak, which the Equifax hack, where we weren't even customers. They were just a third party company that just, you know, automatically takes data on every single American.
So we just have these systems in place that, that prioritize data collection over data protection. And it's just us. So, I mean, another thing that's been happening, So, I mean, a key element here, I think, is privacy. I think I think it it all it all comes together. You can't really have proper censorship resistance without without privacy, without some elements of privacy. And you can't really, I guess, you could get privacy without censorship resistance, maybe. But I think I feel like if you have privacy, then you're almost you're you're almost censorship resistant inherently. What do you guys think about that relationship between privacy and censorship resistance?
[00:29:39] Unknown:
I agree with that. Like, if you don't know who I am, like, it's a lot harder to censor me, like, based off, like like, it was impossible to censor me based off who I am. Like, you can't if you don't know what my job is, you can't censor me because I'm a sex worker, because, you know, I deal drugs or whatever. So you'll you'll always get that inherent censorship. Now if they could do, like, extra analysis, but you're still, like, always enhancing that. And, I mean, that's always just gonna be a net benefit.
[00:30:08] Unknown:
Yeah. I think I mean, in terms of, if if you think of privacy as, you know, if if you first do threat modeling and figure out what your threats are in privacy and because I think that's part of the promise that and it's something I'm going to kind of talk about, for the Bob meetup, but I can go into the gist here, which is that, I kind of am annoyed with the way that people a lot of people respond to me when I say I'm researching privacy or I'm a privacy searcher because usually the first question I get is why why does privacy matter? And I think that has to do with the fact that people don't think of privacy as information security.
And, I mean, information security is a lot broader than just privacy. It's also about authentication and integrity. But privacy is a big part of that, and if, you know, if someone calls himself a security researcher, you don't you don't see them getting asked why is security important. And so if people started thinking about privacy as a strategy for security, then I think they would understand that that question is kind of weird, to get asked because, yeah, I I I definitely think that having I think, you have to have some privacy in terms of I actually use the the the German term, because in in Germany, they don't have privacy really in the constitution. They have what's called informational self determination, and that's the idea that you should be able to decide who has access to your information or at least have knowledge of who has access.
That's actually in their constitution. And I find that a lot better in terms of explaining to people what privacy is, like, the scope of it, because if it's about, you know, volunteerism and making being able to make decisions about who has access to your information and having control over it, then I think people will appreciate privacy a lot more if it's framed in that way and not just I'm hiding stuff because that's how most people, I think, see privacy is that you have to, you know, you have to go dark and, you know, interact with people in a very limited way. But I think that that's a very that's like a narrow section of what I think privacy means.
[00:32:49] Unknown:
I yeah. So, I mean, that that's a that's definitely a very a very good point, that I've struggled with myself is is do people actually does the average person care enough? I mean, I I think I I think the answer is overwhelmingly no. I think and I think, ultimately, in our society, we've kind of found ourselves in this weird situation where privacy is actually the default is the opposite, unfortunately. And and and and that wasn't always the case before. It's it's mostly tech enabled. Our our our world has become more and more digital. And, you know, I mean, a perfect example is is the status quo was if you spoke in your house about something, it was only heard by, like, you and your family members and whoever was in the house.
Now, for a large number of people around the world, they have Internet connected microphones that they plugged in themselves, to provide them additional conveniences. So that's not it's no longer the status quo. Right? It's it's it's almost the the people who are seeking privacies are the outliers. You have to, like, go out of the way.
[00:34:11] Unknown:
Yeah. There on that subject, there was a very interesting talk at CCC, about, I think it was specifically about Amazon's oh, no. I think it was Siri, actually. And yeah, a lot of people, they kind of see Apple as, oh, I mean, actually, the researcher who presented justified her continued use of Siri personally as to say Apple's business model isn't, isn't to sell your data. And that's to I I would debate that. I would say it's true in the larger context of all the other companies who are doing and creating similar products, But I would definitely recommend watching that because a lot of people think, oh, the the Alexa only turns on or is engaged when you give the call the call phrase, like, hey, Alexa or hey, Siri, or whatever. And it turns out that's not the case.
She actually tested it on her own house and family, and it was getting triggered by, like, random laughter, random conversation that you couldn't even hear in the recording. So if anyone I hope no one has those. I would never have one of those devices. But anyone who does, you might want to check that out because it is picking up a lot more than you think it does.
[00:35:32] Unknown:
I think I think what a lot of people don't understand too is it's not like, you know, you have your assigned FBI agent listening on your Alexa device. It's like, these companies have, like, some of the smartest people in the world working on, like, data collection and data analysis. Like, your Alexa is just, like, streaming some data to the Amazon servers, and it's going through this, like, this complex thing they wrote that's doing analysis. And that's where you're, like, losing, like, privacy and other aspects like that. It's not like, you know, even if, like, quote unquote, the government doesn't care about you, like, you're still losing something here. And, like, it's still something you should be protecting that, like, you know, Amazon doesn't need this data from you and you have no reason to give it to them.
[00:36:12] Unknown:
So, I mean, there's a there's a good point there in terms of Amazon telling, individuals that it's only collecting information under a specific set of circumstances. That brings us back to the open source software, conversation. In that, we can have tools, at our disposal that allow us to to easily prove and verify that they're doing what they're doing. Unfortunately, the status quo is the exact opposite. I mean, you said there, that Siri, you know, Apple says they protect my privacy, and it's their business model to protect my privacy. There is no way that any of us can prove that or verify
[00:36:57] Unknown:
that. Yeah. Definitely. And I mean, a big a big reason of why those kinds of devices concern me is, if anyone's not familiar with kind of the US, statute, there's a principle called the 3rd party doctrine that, I've especially been following a lot in my newsletter, when it comes to, like, the EFF looking at the lack of privacy protection and transparency with Fintech apps, including some that have to do with cryptocurrency. And the 3rd party doctrine in the US basically says that, if you if you give data to a 3rd party, that could be your friend. It could be a business, but in general, it gets applied to instances with businesses.
Basically says that if you give your data to a third party, you have a decreased or in some cases, no expectation of privacy anymore because you have, like, surrendered that privacy to someone else. And so what scares me about I I haven't seen whether this has been applied anywhere, but I am afraid of the idea that if you have these devices in your house, that at some point someone's going to make the argument that because you have, you know, surrendered the privacy of your conversations in your own home and other people can access that, that that decreases your like, the the there's this assumption that within the home, there is, you know, it's different on, like, public streets and such. But in the home, that is considered, like, the gold standard of places where you should expect to have privacy. And so if that is then stripped away, what other what other place is there anymore?
[00:38:48] Unknown:
Yeah. I mean, you could take that argument, pretty much all the way down. Right? Especially now that we have so much of our lives are are connected to the Internet all the time. I mean, most people are walking around with a phone in their pocket. They, have Apple Watches. As we said, you know, they have these, these voice assistants. When you're walking down the street, there's cameras everywhere. So, yeah, the status quo is is is lack of privacy, and you basically have to seek it out. And I think that is one of the many issues that we have in terms of a society, that's trying to be a a beacon of free speech and a beacon of of personal rights.
I I think we've ended up very far from that, and there's a there's a lot of progress that needs to be made there. I wanted to cover this this recent this this the so we have free open source software allows us to verify that we are that these tools are doing what they say they're doing. We have individuals that need to actually care to use those tools. And then we have the overwhelming set of individuals that don't realize. And I think, ultimately, what happens is as we see our society become more and more, anti privacy by design, is people are gonna get burned. Right? And we're gonna see worse and worse data leaks. Like, I think, if you look if you look at the scale of of instances we've had and and leaks we've had and hacks we've had, and and privacy compromises, we've had massive privacy compromises, it gets worse and worse, as the years go by because just by design, there's more information available out there. You know, the Ring camera system that Amazon has in front of everyone's house is a relatively new, is a relatively new device in terms of of network effects. Yet now you're starting to see it all throughout the suburbs, in America.
What happens when those cameras start the implications of stuff like those cameras? And I think what happens is people will get burned, and then once they get burned, we we it's up to us as as privacy advocates. It's up to us to have those tools ready for them and the education ready for them so that when they're a motivated individual, they can improve their own situation. Would you guys agree with that?
[00:41:21] Unknown:
I I completely agree with that. It's also, like, in a kind of an incentive problem too of creating these open source solutions because, you know, as an open source developer, you're not generally not getting paid to do that. And, you know, Amazon's just gonna hire thousands of people to create a better product. So, like, it really, really does have to come from, like, the actual user to want to to want to seek the privacy because, like, the open source solution won't probably be the better product initially because, you know, they don't have multimillion dollar companies behind them.
[00:41:57] Unknown:
Any thoughts there, Janine?
[00:42:01] Unknown:
Yeah. I mean, I definitely think, I mean, I because on the subject, I actually have been reading a book, called The Making and Maintenance of Open Source Software by Nadia Agbal. I haven't finished it yet, so I can't do a review. But I was generally really excited about it because basically she studied, how open source communities function and how open source software is built. And one of the things that she starts off with, at the beginning is kind of dispelling the notion that, like, yes, open source software, ideally, anyone can contribute anytime. It has, like, a wide contributor base.
But in in practice, she actually split up, she kind of defined, like, the different types of projects that you can have, based on some having, like, really high user growth versus very low contributor growth. So you don't have tons of contributors for for most open source products, projects. They have very, very few contributors. In some cases, only 1. But then some of them can have a really high user base. And so, I mean, in Bitcoin, I think we're especially sensitive to that because we have this. We care about consensus and about who's able to make changes to the code. And so, Bitcoin is actually mentioned, I think, at least once in the book, as an example that it's a community that cares very highly about, like, the quality of the code and the security of, you know, who is able to make contributions.
And, so part of that problem where you we kind of have over the years, we've kind of seen open source software development as the commons and something that's just there and available. And, I mean, part of the reason why I think there aren't as many contributors to each project is because a lot of these people are just contributing their free time, and they do that because, they're I don't think it's so much that in some cases, maybe there aren't people who want to fund them, but I think in a lot of cases, it's just the barriers to funding contributors and what makes sense, has not had not really been possible until Bitcoin.
And so I definitely think stuff to get developers funded and even exploring different ways of, like, you know, how how much should you give to particular contributors? Is the maintainer getting all of it and then they distribute it? Or are you paying on, like, a per commit basis? I think that would that's going to be really interesting in the future if open source projects can get funded because we've broken down the kind of, onboarding hurdles to doing so. Because I think people want to. It's just a struggle in a lot of cases to figure out how to do that. Like, I myself, at the moment, I don't have any public facing funding options.
I'm trying to fix that, but it is, it is a you know, a lot of people, they just set up like a cash up profile or something. There's there's a lot of user experience. There's a lot of money being put into user experience lately with those kinds of things by big companies. The problem is, you know, these are essentially still bank accounts. So the people who can access them still have to go through the regular KYC process to do it. And so in that way, that still limits who can then get funded for contributing. So that would be unfortunate. But with with Bitcoin, we can do better than that.
[00:45:58] Unknown:
I I mean, that's some interesting those are some interesting points there. In terms of of getting funding, a key aspect of of Bitcoin is that it enables developers who are unknown developers, developers who do not have their their legal government identity publicly attached with working with this this open source project are able to receive funding. We've we've seen multiple developers get funded from Square Crypto, for instance, that are NIMs that are that are located around the world. So so that is a a a new opening, which is really good to see because I we were talking about earlier the relationship between censorship resistance and privacy.
I think it's extremely important that we have developers on on important projects like Bitcoin that do not have their public identity associated with it, it becomes a lot more difficult to pressure them and to stop working on that kind of code, especially in in situations where that code could get politically heated. I I kinda I I feel like this is a a good moment to kind of discuss, the this apparent Tor attack that we see happening, because Tor is considered, you know, one of the leading open source projects, I would I would argue. And it seems to me that there's a there's almost a completely different mentality in terms of adversarial mindset versus versus, you know, the Bitcoin project, the Bitcoin open source project. Is that something that you've noticed, Ben? Like, do you do you I I feel like people grossly underestimate, the the, basically, the mindset that's gone into the motivation that's gone into developing Bitcoin software.
[00:47:54] Unknown:
Yeah. I think, like, a lot of people, like, kinda just assume Tor is the thing that will always work and, like, and, you know, it's not something that needs to be defended. Like, we we we, like, all agree we need to defend Bitcoin, but, like and this week, we kinda saw, like, all, like, the v three to our addresses were down and, like, tons of, like, services rely on that. And, like, you're commenting this on somewhere saying, like, you know, this could severely affect the lighting network and stuff like that. So yeah. Like, I think, like and, hopefully, this is, like, a wake up period for people, like, you know, is just as, like, probably as important as Bitcoin and, like, this is a network I need to defend. And, hopefully, you know, maybe this could incentivize people to, like, fund tour devs or, you know, to contribute themselves. But, yeah, it's it's pretty scary to see, like, how big of an attack it seemed to be. And I don't think I know they said they have it fixed, but I don't even know if it's out yet. And it's been, like, 2 or 3 days now. So, like, it's been a pretty serious attack.
[00:48:58] Unknown:
Yeah. I mean, I've been following I've been following the developments of v 3 just from a Bitcoin standpoint, in my newsletter because, v 3, I believe, is going to be added in the next major release of Bitcoin Core, instead of v 2. Yeah. That's right. So I've been going yeah. And, yeah, I haven't I haven't looked too much into this, recent problem with it. I did notice it was happening because on the day that it supposedly started, you know, I am a Tor user. I am around Tor users, and so there was issues with Tor, and we noticed that immediately. But, yeah, I'm not I haven't looked into the details. As far as I saw, it was just an implementation bug.
But, yeah, I I mean, part part of that is, like I mean, supposedly, you know, also Bitcoin core developers were looking at it, but that is, you know, scary that something a lot of people depend on for, just privacy in general. And then in Bitcoin financial privacy, that would be really bad if there was an issue that, suddenly took that down.
[00:50:20] Unknown:
I mean, they so just I mean, a a a base overview is is there was a bug, that they appear to have, you know, narrowed down what what the bug was. I mean, the question is, it was it getting intentionally exploited by an attacker to bring down v three, services or, was it just unintentionally done? Right? And I think in these types of situations, it's probably better to assume an attack than otherwise. At least I at least call it an alleged attack. But but one thing that really struck me here is, I mean, the this these issues have been going on since the 6th January.
I've noticed these issues myself as a Tor user. I'm still noticing them. It's not resolved, at least on, you know, on my nonscientific, usage myself, and I see other people on the Internet reporting issues continue continuous issues here. And just like the the way the messaging was handled, right, just like the way and I'm, you know, a huge fan of the Tor project. Just the way the messaging was handled on on their official blog and their official communication channels, it's just night and day from the Bitcoin project. I I I can't imagine, like, radio silence out out of out of Bitcoin developers if there was an ongoing attack for multiple days?
[00:51:55] Unknown:
I mean, I think part of it. I mean, I've I've been following the Tor project outside of Bitcoin, for various reasons. And there over the years, there has definitely been a cultural change, and the number of the number and the type of people who are involved in contributing to Tor has changed a lot. Part of that is because it went from being a like, when when Tor started out, it was just basically a couple of guys, who were, you know, doing academic research. And, as Tor got more popular and got more attention, and also there was this desire to shift Tor as much as possible away from this image of it's the dark net market browser, because that has been something that has followed Tor for a very long time. And so there was a lot of there was a lot more focus on the interface design on user experience and making it really accessible to the everyday person as is possible, which I think is a good thing in general.
But as with any project, when you focus on one thing, that means other things can suffer. And I don't know if that was the case here, but it that tends to be the reason for these types of things ham happening. It doesn't mean it can never happen if there isn't a focus, on security and things like that as the primary thing, which I think it is to the greatest extent. But, I think that might be part of the reason that this might have gotten missed. In terms of attackers, I mean, Tor is a very, it's a very highly visible project, and there is a lot of incentive for people to break it in comparison to other things. So that's also part of the problem is that there are because there are so many vulnerable people who rely on it, there are also attackers who want to break it and hurt those people.
So, you know, when things get missed, it can have even if it's a small thing, it can have a big catastrophic effect compared to other projects that have less visibility.
[00:54:14] Unknown:
Yeah. I was I don't know. It's like the the timing of it too is, like, very weird too because, like, this is it happened on the same day that, like, the capital was stormed and everything, and it's kinda followed by, you know, all this the deep platform and various platforms. So and it could it could be completely unrelated, but, like it's kinda weird to see, like, lots of people getting deep platforms and then, like, the the private part of the Internet getting, like, attacked at the same time. So it kinda shows, like, we do need to fight for these, like, no matter what because, you know, if you got the platforms and now you need to be, like, using the Internet privately for some reason, Like, you could be and then if Torres down, you're, like, totally screwed.
[00:54:56] Unknown:
Yeah. I mean, I think that's, like, that's that's the key similarity we see between the two projects. Right? There are these 2, massive open source projects that that basically have have that have to operate in this massive adversarial mindset always because they're just always constantly you just have to constantly assume they're they're under attack. And I'm just all I'm saying is I just I feel like the culture is the the culture of the different communities is very important, and it's it just kind of, it's it's kind of interesting when you compare the Tor culture versus, like, the Bitcoin culture just from, you know, the more active developers on those projects, especially since there's there's some, like, interesting comparisons there. You you have the adversarial mindset comparison, but you also have the comparison, that you basically have, like, 2 different types of users.
You you and I get and this is what Janine, like, kind of touched on is, like, this idea that that that Tor is trying to get away from being, you know, the dark market browser. And and Bitcoin, a lot of people would say, is trying to get away from being, you know, pigeonholed as as the dark market currency only. So, I mean, there are some similarities there, but at the same time, it just feels like I I I just I I was surprised that you don't see that much chatter going on in Torland of of I mean, you see it on on, like, some of these forums and stuff, but you don't really see it, like, in their in their dev community, like, that that they're that they're worried that it all happened at the kind of the same time, and it's it's just weird. It's just a weird thing to to it was a concern I kinda had, and then to to watch it play out, it's just kind of rubbed me the wrong way a little bit. That's all.
So and then the other thing I wanted to touch on was, I saw this in the comments. And, Freaks, thank you for joining us. Anyone who's here live, you know, thanks to everyone who's listening after after the fact as well. This show is all about you guys. We couldn't do it without you. But I saw one of the freaks mentioned in here, Cloudflare. Do you guys have any strong opinions on Cloudflare?
[00:57:29] Unknown:
I I have fuck Cloudflare stickers.
[00:57:34] Unknown:
Yeah. They've censored people before, and they'll do it again.
[00:57:38] Unknown:
So can we explain what, you know, what what Cloudflare's business is and why it's a concern?
[00:57:50] Unknown:
From my understanding, Cloudflare is kind of like a DDoS protection, and then they also do, like, a bunch of DNS stuff. And, you know, just like and then some hosting, I think, as well. And, like, they're a huge like, it's kinda central point of failure for the Internet where, like, I remember, like I think it was sometime in 2020 Cloud Fair went down and, like, half the Internet's, like, sites were down because, like, they rely on Cloud Fair to do stuff like that. So, like, if if you lose service from Cloud Fair, you can lose a whole lot of stuff. Like, if you lose your your DNS, that could be huge. Because now someone needs to actually type in your IP address to tie find your website. Or, you know, if you lose your DDoS protection, your site could go down pretty easily.
So I mean, so, like, losing Cloudflare can be a a huge thing. And I know the sites that have taken down, you know, they weren't the most outstanding sites. It was, like, a super, like, Nazi site or something that they took down, but it's still, like, you don't have to defend these people, then who who are you gonna defend, when they come for you?
[00:58:50] Unknown:
Yeah. I mean, I I I I think the key aspect here is that the Internet as we know it, has has some, you know, very integral broken incentives, and is you know, it it is not this, you know, magic piece of of networking that that people necessarily think it is in today's age. Right? Like, people just think it just works. They think it's just like magic. But what really is is is happening is the the way it's set up is it's very easy for a a a relatively easy for a sophisticated actor to essentially, like, bomb a site with traffic. And if you bomb a site with traffic, this is what we call a a a DDoS, a distributed denial of service attack.
You you basically hit them so hard that they're not able to serve regular customers. And in the process, it becomes very expensive to them. So they're constantly serving, serving, serving the attacker, and the attacker could maybe they're not even, a lot of times, the attacker isn't using their own compute. They're using compromised computers, to then attack those those sites. So what happens is all these independent site owners, and I and we see it a lot with the Bitcoin exchanges if we wanna bring it back to Bitcoin, rely on the the easiest way for them to handle those just distributed denial of service is, through a centralized actor who's able to basically have massive block lists and distribute any kind of traffic around their global network. They they have they have massive economies of scale that allow them to mitigate these DDoS attacks.
But what that means is that's a centralizing incentive. So now we have a few companies that are offering this service, and those companies become central points of failure. And it's kind of, tangential to the to the Tor concerns because Tor, as a network that prioritizes privacy, inherently has, DDoS concerns because you can't, you know, like, if the protocol's working correctly, like, you shouldn't be able to block individual users. So it's it's a and the way Tor handles it is they handle it with these centralized directories, and that's what was getting hit. So, usually, when we see these protocols, the way they handle distributed denial of service is they handle it via increased centralization.
But as we know, that doesn't work if you're facing a a massive a a a masters massive pro censorship force that, you know, has regulatory powers over you. So, like, in in towards in towards threat model, they basically assume the US government isn't gonna go after them, which has been good so far. It's in the US government's good graces, and we take advantage of that. Bitcoin doesn't have that luxury. So so the way Bitcoin handles it is is pretty graceful. The way Bitcoin handles it is is essentially those transaction fees, allow you to allow you to mitigate massive spam on the network, which would essentially be like a a DDoS on the network. It's very, very, it's just slick how how that incentive model is set up, and I I think people don't realize, you know, how massive that is.
[01:02:25] Unknown:
Yeah. And on that subject, both Tor and, Didio was saying, the Tor project is actually, exploring using anonymous tokens. And when I say tokens, they did, specify that they don't necessarily mean with a blockchain. It could be with something else. But they, have indicated, I think since September that they are exploring using tokens. Not I mean, they kind of hinted at possibly monetizing them, but that is not the main use case. I think, I'll get their, posts. They say additional benefit of a token based approach is that it opens up a variety of use cases for Tor in the future. For example, in the future, tokens could be used to restrict malicious usage of Tor exit nodes by spam and automated bots, hence reducing exit node censorship by centralized services. Tokens can also be used to register human memorable names for onion services. That is good. I I side note that I think that's going to be a big one because if you've ever used if you've ever used an onion service, you know, it's a basically a random generated string, and that is not something that's easy to remember without pinning it somehow, which is kind of hard to do in a poor browser because it's built to not allow you to do things like that.
They can also be used to acquire private bridges and exit nodes for additional security. Lots of details need to be ironed out. So yeah, they are looking at ways, within toward itself of kind of solving that problem to change the incentives.
[01:04:07] Unknown:
Yeah. I mean, I think it'll be interesting to see how they play around with those, with those different models because I think something does need to be done. The incentives need to be, you know if if not a completely different network, but, I mean, that's a completely above my pay grade. I have a love hate relationship with Tourer where I we rely on it all the time, and I support the project. But but I think it needs to be more robust, and I hope it becomes, more robust over time.
[01:04:39] Unknown:
Wasn't there a proposal for a network, like, some, like, routing, like, basically, like, for a network, but I was using, like, lightning network. I think it came out, like, in 2019. It was, like, mesh 40 9 or something like that names. I can't remember exactly.
[01:04:56] Unknown:
Are you thinking of lot 49, but Yeah. Mesh Labs? Yeah. I think so.
[01:05:01] Unknown:
Yeah. Because there is, like, a it was, like, a basically, like, a toy network, but they use, like, basically, like, lightning to incentivize people, to be honest.
[01:05:13] Unknown:
Yeah. I mean, I guess, the the general concept I mean, I think their focus is was more mesh, related. But, I mean, you can you can do that kind of, you know, that kind of layout on a on, like, a non mesh infrastructure as well. You know, the general idea, I mean, is and it's what we see on the Lightning Network, right, which is an onion network, where the individual nodes are incentivized to route messages. And if you're an attacker, it should come with a cost. Right? And that cost is, a transaction fee. So so then then you have an incentive where an attacker it it costs more for an attacker than it costs for a for a good user, and you can reduce the, vulnerability to to these kind of, you know, large scale denial of service attacks.
But we'll see how that plays out. Freaks, you got anything else for us in the comments there you want us to touch on? Been really enjoying this conversation. Ben, Janine, you got you have anything in mind that you think we should touch on here?
[01:06:23] Unknown:
One thing, it was, it was mentioned at the very beginning of the show. Someone brought up, RSS, And I just wanted to point out, a lot of people don't know that, Aaron Schwartz. I'm sure most people know who Aaron Schwartz is, but a lot of people don't know he was actually the creator of RSS and Markdown. Markdown is what, Git, and in particular GitHub, although it has its own flavor of Markdown, he was the creator of that. So I just wanted to bring that up because a lot of people don't know that.
[01:07:01] Unknown:
I have no idea. I think something good to bring up was, were Mozilla. They were saying, like, we need more than deplatforming and, like, they didn't explicitly say, like, censor the Internet, but they were saying, you know, bring up, like, trustworthy trustworthy voices or something like that. And, like, so, like, that's a pretty, like, kinda scary thing to see. Like, I stopped using Firefox after I saw that post where people, like, I don't know. Your your browser should be, like, your your gate to the Internet. It shouldn't be, like, telling you what to go on the Internet and see. So I think, like, stuff like that is kinda scary too, where, like, I think me and a lot of other people I know switched to, like, like, on Google Chromium, like, an actual open source, browser, which is good to see. And, hopefully, that's a good trend we see going forward.
[01:07:49] Unknown:
Well, I mean, the browser's you know, the browser situation is kind of fucked. Right? I I well, you you were meant you mentioned, de googled Chromium. Right?
[01:07:59] Unknown:
Yeah. Yeah. That's like, it's open source and everything. You can It's, like, basically the only option at this point. Yeah. And you need it on your phone. So you kinda screwed that way too.
[01:08:11] Unknown:
Yeah. So, I mean, let's just backtrack here for a second and talk about the there's a concept here. There's this idea here that you can you can selectively filter out only bad content. And I I firmly in the camp that in order to protect the most vulnerable amongst us, you have to basically protect everyone en masse. Because if you don't, then then the powers that be in any individual power relationship will always, exert that power and control over the more vulnerable. I I both of you agree agree with that. Right?
[01:08:56] Unknown:
Yeah. A 100%.
[01:08:59] Unknown:
I mean, that's the that's the the gap. Right? That's that's where the the real disagreement is. Would you would you agree?
[01:09:10] Unknown:
I think so. Like, you know, like, Mozilla and Firefox might have, like, good intentions today, but, you know, 20 years from now, they they might not, and they could be, you know, using this to censor whatever they deem unworthy, which could be, like, you know, something that we deem perfectly fine. And, you know, if it's not a good, prescient dissent and, you know, these people could, like, very well abuse this power. Or even if we trust Mozilla, they could be, you know, threatened by a third party, like, you know, a a government or, you know, just a bad actor and, you know, screw over someone that, you know, needs, to use their browser for some reason or, you know, someone that was relying on that as infrastructure.
[01:09:53] Unknown:
Well, I mean, I I think us Americans tend to have an American centric view, but if if if it's it's easier for for an American and maybe do the same exercise if you're from another country to vision a country that you consider, has poor human rights. And and and if you if you're if if you think about a country like China, I think most Americans would agree that we can't trust, the Chinese government with choosing who can speak and who can't speak. So if if that is the threshold that that we agree on and we agree at that premise, how do we bridge the gap between understanding that as a concept, but thinking that, I I mean, I think a large amount of the country thinks, like, a Twitter or an Apple can choose what what speech is good speech and what's not. Like, how do we bridge that divide?
[01:10:46] Unknown:
Yeah. I mean, it's I I find it really hard to answer that question because on the one hand, I believe in the idea that, you know, if you're a private person or a private company, you're not beholden to, you know, what you're, you know, what you're kind of entitled to host or not host as a government is, you know, obligated to not censor people at least in countries like the US. But on the other hand, a lot of these big platforms, the reason they are so big is because the state makes it difficult for smaller players to to run, you know, their own infrastructure, especially infrastructure that's private and censorship resistant, do any actual meaningful degree.
So it's really hard because the you know, that's essentially where this kind of public square argument comes in is because they've effectively been given this kind of cushion by the state because of how they've you know, because they were either first into the field or because they had enough power from a, you know, resisting regulatory challenges in different ways to to kick out all of the competitors or at least limit the ability of competitors to get any good user share. I don't know. It kind of makes the question a bit murky to me.
[01:12:18] Unknown:
I mean, I kind of feel like the only real solution is, you know, we build and support platforms that that no one can easily censor by design, and then we just kind of just wait till enough people get burned to realize that it's an issue. Because I don't know how how you how you get through to people, if without without them getting burned. Like, if if you look at this last week, I I think a a a large amount of people woke up to the issue, and I think it's just kind of getting started. I think as as as more voices get, squeezed, as more people get cut off from the financial system.
As more private information gets leaked, people will start to ultimately realize that that they need to seek out better solutions.
[01:13:11] Unknown:
Yeah. And I mean weirdly enough, weird weirdly enough, apparently, Mark Zuckerberg, at a conference in 2019 actually so he actually said that he believes that the future of social platforms is private, which I find, I mean, he's the kind of person that says a bunch of things that are completely contradictory to the existence of Facebook in so many ways. So I I but I find it interesting that he said that.
[01:13:40] Unknown:
He means perceived private privacy. Right? And this idea that you can have, like, a group chat or something, but he he doesn't actually mean actual privacy, because that goes against their whole business model. But yeah. So so this is actually a perfect example here. Right? Is that people group have been using WhatsApp for years. Facebook has owned WhatsApp for years, the the number one chat application. And all of a sudden, people realized I guess, there was, like, this mass movement recently, like, this last week, I guess, something changed in their privacy policy or they had to disclose it because Apple forced them to disclose it. And, like, a bunch of people woke up. Right? And they just switched to signal. But they there was there's 2 key elements there. Right? It's, like, the people need to wake up, but then once they wake up, there has to be something that's, you know, relatively easy for them to switch to waiting.
[01:14:36] Unknown:
Yeah. And I think, I mean oh, you go ahead, Ben.
[01:14:39] Unknown:
And the sad thing is just, like, Signal is not even, like, a perfect solution where now, like, people might not have to be giving up phone numbers to someone they otherwise might have not had to. So, like, we really do need, like, alternative solutions, which kinda sucks. But, I mean, hopefully, people are working on these things now.
[01:14:57] Unknown:
Yeah. I mean, I'm I've used signal before. Like, I have general I don't use it anymore. I'm I mean, I have, I have a phone for circumstances where there's no other option, but, like, it's almost never on. And, yeah, I find it as a as a generally phone free person, I'm I mean, I would say that in general, I would trust signal a lot more than WhatsApp slash Facebook. But at the end of the day, it's the same model, and the model that I'm worried about is the fact that, you know, it's based on this idea that a phone number is an identifier. And I really hate that because, phone numbers are not good identifiers. You don't own them. You don't control them. Especially if you're in the US, your phone number can, in most circumstances, so easily be taken away from you, just by knowing some small details, and a lot of which is public, in a lot of cases. So I I just I'm not a fan of any application that requires a phone number to use it. And in signals case, they are trying to get away with it, but so far, they are still the requirement of the phone number as a security measure.
In fact, they they say that it's a way to prevent spam, like their services getting overwhelmed or at least that's what they said before.
[01:16:30] Unknown:
So related to that, topic of yeah. It's a it's a centralized KYC method of handling a denial of service.
[01:16:40] Unknown:
Yeah. Well, I mean, I don't know if I would call it it's kind of debatable how much signal knows. I mean, the the I mean, if anyone doesn't know if they store their stuff on Amazon. Yeah. I mean so the supposedly, the way that signal has designed their infrastructure, they don't know your phone number, explicitly. But still that yeah. So that data though is still being stored on Amazon, which I like so much so much is stored on Amazon. I'm yeah. In in terms of, like, centralized adversaries, Amazon's a big one for a number of reasons.
[01:17:19] Unknown:
So let's unpack this for a second. I mean, signal is obviously, I mean, Ben said, it's not perfect. I mean, it's clearly not perfect. The the two main things is the the phone number requirement and just the phone requirement in general. I mean, you can't, you can run it on on a computer, but you need to have a phone that basically is relaying the messages to the to the desktop client. It's not a true desktop client. And the phones in general are are, you know, it's it's very difficult to secure a phone privacy wise, so you're opening up your users to to that risk. But I think it's important to make it to it's it's an important point to make to the freaks that we're you're never everything has trade offs. You're never gonna see something you're never gonna see something that's perfect.
Signal can get deplatform from AWS just like we saw it happened to Parler. They haven't, though. So if they can get away with a little bit of centralization, for additional convenience, then there's an argument to be made there, right, that that maybe that trade off balance is the best balance for a lot of people. Like, I mean, if you if you hear you hear Moxie talk about the phone numbers, with signals phone number requirement, and he says, you know, for the average user, they find it as a blessing. They they it it's a convenience for them because the average user joins, and they just already know which contacts are in signal. And, I mean, if you're an Android phone, it basically works like Imessage, right, where you can use it as your regular text client. And if if the other person has, signal, it just automatically switches to signal rather than SMS.
So there's a convenience argument to be made there, and I I think this is the type of trade off balance that we basically see all the time in our day to day lives. Right?
[01:19:12] Unknown:
Yeah. I mean, as, I think it was a a CoinDesk article about cyberpunks, and there was a line in there that said something like, using signal is the equivalent of, like, smoking, smoking weed once in college in terms of the cyberpunk ethos. Like, it's a good onboard. And I I would definitely say I would prefer people using signal to something like just plain text SMS messages, that's monumentally an improvement. But in terms of censorship resistance, at the end of the day, it's not it's not any different, especially with, the requirement of a phone number.
[01:19:58] Unknown:
So if if we're gonna go full, you know, full hard o here, right, and you you have if if we end up in a situation where the most powerful governments in the world, and and the corporations that reside within their jurisdictions, are are doing active censorship. Right? You know, specifically, Amazon. You know, if if if Amazon starts deplatforming more private like, privacy focused services such as signal, we're gonna have to move to a something that Bitcoiners know very well, a user own node model. Right? Like, a almost like a personal server, self host, everything kind of model.
That is always seemed like the holy grail, you know, to a lot lot of sovereignty people, but, I mean, it comes with a massive convenience trade off. Right?
[01:20:59] Unknown:
Yeah. I mean, I think the intermediate stage for something like that would just be, you know, especially if you live, around people who have similar interests and needs, then you would have, you know, at least one person who is self hosting who then provides it for everyone else around. And should to answer the question on yeah. So in terms of encrypted messaging apps, I I use a lot of different ones, and I use them for different things and also even different people. So I have Keybase. I've had Keybase for a very long time prior to it getting acquired by Zoom last year, I think. I can't remember exactly. And I do Yeah. It was definitely
[01:21:47] Unknown:
it was definitely during the pandemic. Go on. Continue.
[01:21:50] Unknown:
Yeah. So I I know I can understand to some degree why they made that decision. I think in terms of the product that they're offering, I think it's, like, on the completely opposite spectrum to what Zoom has shown that it's interested in in terms of privacy. But at least the client, not the server, unfortunately, the server code, but the client for Keybase is still open source. I haven't seen any changes that would indicate something worrying on that end in terms of Zoom putting pressure on them to, I mean, even integrate Zoom. I think they said they might do that at some point, but it doesn't look like it was, looked unfavorably at all. So I do I am definitely concerned about the fact that Keybase is now is now owned by Zoom, and that may be a threat. And so I've even before that, though, I've always treated Keybase as kind of, like, encrypted Twitter DMs. So, like, whatever I would relatively feel okay saying in Twitter DMs, I will say in Keybase and maybe a little more than that, but I don't use it for anything super sensitive. I do think that there the fact that, you know, you can control your own key with it, you know, independent of Keybase.
You can also generate it with Keybase that is not ideal. But, yeah, I think it it's all a matter of, like, what are what are the various options? What can you use them for? And what's the threat model in using them? So Keybase, I prefer people to use that rather than DM ing me on Twitter, for example, where, you know, Keybase has this whole social network thing. So if someone wants to contact me, you know, it's someone that, you know, if they're following me on Twitter or whatever, then that's already public information. I'm not trying to hide that I'm connected to them or something. So it's just that that's I treat it like an encrypted version of Twitter, sort of.
But in terms of, like, your main app, definitely, Keybase is not at the top of the list.
[01:23:47] Unknown:
Yeah. So to the freaks listening to this on the podcast feed, one one of our freaks, Pedro, he asked, Janine what she thought about Keybase, which triggered that, discussion right there. You know, I tend to agree a 100% with what you said. I think an important thing for the freaks to realize here is that that Keybase is open source software. You know, the code could have more eyes on it. You know, the more people looking at code, the better to keep them honest. But it is designed in a way to be end to end encrypted. So the idea there is between the combination of end to end encryption and the fact that it's open source and you can verify it, it means that you don't have to trust the company that's running the servers, with the contents of that message, which I think is a very important distinction. I mean, obviously, there could be certain things that happen there, but but that's, like, the the base standard that I think we we wanna see in all of our tools and services that they're designed in a way to reduce trust in the overarching company as much as possible.
And then they're open the code is open so that we can actually prove and verify that. Do you keep in mind though Yeah. Go on.
[01:25:05] Unknown:
To actually, like, do that entire proof to yourself too, like, you'll need to either build it yourself or, you know, like, PGP verify your download and everything and not get the automatic updates and all that stuff, which is a huge barrier for entry to a lot of people that likely aren't doing that, which
[01:25:22] Unknown:
is another There's trade offs everywhere. Right? But but I think as a base standard, if that's the expectation, ideally, you have some people that are doing it. Right? So at least, you know, users might get fucked, but at least the alarm will be sound, you know, like, someone I it might be after the fact, it might be too late for someone. They've already lost their privacy, or in the case of of of, malicious Bitcoin software, maybe lost their coins. But, at least at least it would be known. Right? Yeah. That's true. Like, it's strictly better than if you compare it to something that's closed and not end to end encrypted.
[01:26:05] Unknown:
Oh, yeah. A 100%.
[01:26:08] Unknown:
Before we got on a key based tangent, Janine, you were saying something pretty interesting. You had it I I was enjoying where we were going with that. I guess we were talking about we were talking about personal servers and and the convenience trade off that that that entails.
[01:26:28] Unknown:
Yeah. I I think the last thing I said before I went to the key based question was about how I think the intermediary step will just be having, you know, a more localized, kind of community rung thing where you know the person who is self hosting the infrastructure and maybe they're, you know, they're the skilled one who knows how to handle that, and they can, you know, an individual or a group of people who know what to do can host for their local community or their friends. Maybe they're not living near each other physically, but I feel like that's the intermediary step because at the end of the day, most people, whether it's because they don't have the money to build up the infrastructure or the the the knowledge to know how to do that properly.
A lot of people most people are not going to do that. So I feel like at least the intermediary step is going to be just, you know, a group of friends or some families who know each other to do that together.
[01:27:34] Unknown:
The uncle Jim model.
[01:27:35] Unknown:
Yeah. The freaks out model very well.
[01:27:40] Unknown:
I think that's a it's a good starting place too because, like, for, you know, for some people, like, getting a whole server rack is, like, know, it's completely untenable. Like, yes, like, my mom did that. She'd, you know, just be like, I'm never doing this. So it it is a good thing, like, if you do have that, you know, the quote unquote uncle gym to be able to set something up. And it's, like, you know, our hardware is getting cheaper and cheaper. Like, you can get a Raspberry Pi, like, 3 for, like, $20 or something. So, like, it it could be doable and, like, it's not exorbitantly expensive where it's not like, you know, you're keeping a barrier to entry from, like, a lot of the, like, poor parts of the world.
But we do need to actually build that software. I don't know. At least, personally, I don't know any messaging that is, like, self hosted, like, the uncle Jim model kind of thing.
[01:28:31] Unknown:
Yeah. I mean, I I've been kind of bullish on the uncle Jim concept. But when I talked to a lot of old timers, they were like, that's kind of what, you know, everyone was always saying, and then it just turned into the cloud model. So I don't know if we're just, like, in our little bubble, but I think that that's kind of what we should try to achieve. Because, I mean, as Janine said, like, I don't think I I don't think we can really expect that many people at scale. I mean, look let's look at Bitcoin nodes, right, which has, like, a massive incentive to to use your own node. Right? And very low burden.
Even with that, we don't see many people running that or using their own node. I mean, what what do we think the upper end of that is? Max, like, a 100000 people?
[01:29:23] Unknown:
Yeah. I think around there is probably right. Like, any like what you said, it's a huge incentive where, you know, you could lose, like, potentially, like, 1,000 or 100 of 1,000 of dollars if you're not running your own node. So, you know, it is kind of bearish for the the home node thing, but, I mean, if you do build, like, something or, like, something that people actually really want, you could, like, get people over there. But, I mean, we need to actually build that, which hopefully, someone does.
[01:29:53] Unknown:
But but overall, ultimately, that's where we wanna go. We wanna go to easy self hosting, make it as easy and and accessible as and allow people to basically operate as as, like, a localized cloud, if you will, for for either their neighborhoods or their friends and family. And then all of a sudden, you have a way more distributed model, that that is more censorship resistant. So that that would be absolutely fantastic to see. And that's what I've been dedicating, like, a lot of my time to is is these, you know, sovereignty boxes, if you will. But, I mean, on top of that, I mean, you still have major infrastructure issues that even if you have the self hosted box in people's homes, I mean, we just go right back to the Tor conversation. Right? And then you're relying on Tor actually working.
Otherwise, like, you can't you can't make that that that future doesn't happen without tour as it stands right now. It's it's fully reliant on Tor. Alright. Hopefully, we have, you know, either Tor 2.0 or a a new and a new protocol in place. But but right now, as it stands, we need tour for it. Right?
[01:31:02] Unknown:
Also, like, you're back to, like, your very first conversation, you get back to like, the app stores could censor you if you wanted to, like, make it usable from the phone unless you, like, side load the app onto your phone, which, you know, you're not gonna be able to get the normie to do. So, like, you still have another
[01:31:16] Unknown:
centrist See, this is where, like, I feel like we get ourselves into holes. You know? Like, here we are, an hour and a half into the conversation. Right? And and we've talked about all these, you know, more intimate things or these more sophisticated things. And and, ultimately, the sheer fact that you can side load an app on an Android phone is a massive improvement over something like iPhone. Right? And how how many people have actually side loaded an app or needed to. Right? There's just, like it's just a lot of nuance. There's nuance everywhere. Yeah.
So I have a question from a freak in the comments, Peloponnesian. Shout out to you. Number one privacy book to read from both of you. Start with Janine.
[01:32:06] Unknown:
I can go first. So my I wouldn't I I it's it's really hard for me to say which is the number one book, so I'm just gonna go with one that I think is really good and kind of undervalued, which is, a book called The Maximum Surveillance Society, The Rise of CCTV by Clive Norris and Gary Armstrong. It was written, long ago enough that it's actually I think it was 1999 that it's, actually available on the Internet Archive, which you can loan from. They have a book, a digital book lending program. So if you want to read it, it is freely available. But I recommend that one because it was written, you know, in the relatively early days of the Internet.
And I think it has a lot of good points about, you know, privacy at a point where, you know, we we were really considering it from so much the, you know, the the apps and serves and such we were thinking or at least he was thinking about it from the standpoint of just cameras, everywhere, which is I mean, the classic image of surveillance is a camera. And I guess that was the starting point for much bigger things where we're now putting the we're doing 1984 all on our own by putting the cameras and microphones in our own houses of our free will.
[01:33:36] Unknown:
I would recommend No Place to Hide by Glenn Greenwald. It's about, like, Glenn Greenwald's the guy that broke the story about Edward Snowden, the NSA, and all that stuff. I think it's really into, you know, like, how perverse, like, the US's surveillance state has really become and talks about, like, you know, like, why this could happen and how they do this. And it's, like, it's a really good read and, you know, it's pressing for the current times, and you get to learn all about Snowdon.
[01:34:07] Unknown:
Yeah. On the subject of, usability, there's a great story in there. If anyone doesn't know when, Snowden was, trying to get in contact with Glenn Greenwald, Glenn was not really using PGP at the time, and so, Snowden was like he, he includes in the book the fact that and I think Snowden also wrote about it in his book. But, yeah, Glenn includes the fact that, like, he, frustrated his source by not using PGP.
[01:34:40] Unknown:
I mean so, I mean, like, PGP is, like, a perfect example, of of the trade off balance we were talking about earlier. Right? It's because PGP has been around for a long time. I mean and if used properly, it solves, private messaging. But the problem is it's so inconvenient to use, you know, it's it's so inconvenient to use, period. And it's even more inconvenient to use in a secure fashion, that it just hasn't had the kind of uptake. And then so you compare that to something like signal, and and people a 100% agree that PGP is a pure one. Right? But signal's the one that probably has sent more encrypted messages than than all the years of PGP combined. But I appreciate those book recommendations. I mean, I the easy one is extreme privacy, by Michael Basil.
Everyone should give that a read. That's a good one. What else do we have here? We have a couple more questions. Twitter exodus to Mastodon. What do you guys think about Mastodon?
[01:35:52] Unknown:
I mean, I've had a I've been on the Bitcoin hackers Mastodon instance since at least a year, I think. I mean, I don't I don't post too much on Twitter, anyway, and usually yeah. I mean, I haven't I haven't fully moved to Mastodon, but I definitely, recommend people should go there just because I mean, one thing, the the character counts a lot bigger. So if you want to do your massive threads, that's a lot easier on Mastodon. I also cross post my newsletter there as well.
[01:36:31] Unknown:
I've been liking Mastodon a lot. Hopefully, this this time is different, TM, and, people actually stay. But, it's been good. Like, this kinda feels like more like the Bitcoin hang where, you know, we don't need to, like, fight with central bankers or Peter Schiff or whoever. We just hang out and share Bitcoin meetings and talk about things we actually care about. Yeah. It's it's been good. I I I've been looking into, like, maybe setting up my own instance too because I feel like that'd be a really fun experiment, and I hope other people try that out too.
[01:37:03] Unknown:
So, I mean, that's kind of it's kind of interesting. I mean, you know, I'm also over there in the Bitcoin Hackers instance. Mastodon had been there for a couple years. I think people look at it the wrong way. I don't think it competes with Twitter. I think these these centralized platforms allow you to, you know like Twitter, these massive centralized platforms let you cheaply, and easily broadcast out to the world, and at at the cost of censorship resistance. So Mastodon's actually really interesting based on the trade offs we've been talking about, because it kinda does sit in the middle there.
Anyone can run their own instance, which is basically a node, their their own server, and they can either use that themselves or they can uncle Jim it, and they can have other people use it. Right? And and you can you it's a federated model, so you can interact across those instances. So it provides some competition, in a more open environment, with with the ability, as Ben said, is you can just run your own instance all by yourself, and that could just be then all of a sudden we're in the personal server model. Right? So so it it is a pretty cool project.
It should be interesting to see how it plays out. I'm I'm kind of cautiously optimistic at all these different, like, open source social media derivations, you know, and and, hopefully, we can move away from these massive centralized platforms because it's gotten it's gotten really, really bad in that respect. Randy McMillan, yes, does mention GPG Suite on Mac did change the game in terms of using PGP. But, I mean, people shouldn't use Windows, but it's it's a pain in the ass on Windows. It's actually pretty easy on Linux, but, I mean, when people see the command line, they get scared. And I think it's important that people realize that the UX is almost as important, as the actual what's going on in the tech in the background. You know, you you need because with privacy, it's just so easy to shoot yourself in the foot, especially.
So if if if a tool is set up in a way where it's possible for a user to shoot themselves in the foot, you gotta assume that most users are gonna do it. Yeah. Yeah. So yeah. Sorry about that. Yeah. So, I mean, I just wanna thank you guys for joining the conversation. I respect both of you a lot, and that's why I asked you here for the 4th episode of this new show. Sorry. It got off a little bit slow here. You know, I'm still trying to to get used to this format, especially in a cabin in the woods when my Internet is we were talking about intermittent connections earlier. Yeah. That's what I'm experiencing.
And I wanted to thank the freaks for joining us again, especially the freaks that are joining us live, but also to all the freaks that are gonna listen to this after the fact. We're gonna have another episode of Citadel Dispatch next week, same time, 5 PM, 22100, 5 PM EST, 22100 UTC on Tuesday. We're gonna have rabbit hole recap on Thursday, at 5 PM, I believe. Also gonna be a live show. So definitely show up for both of those. We'd love to have you. Janine, Ben, I appreciate you guys a ton. I'm gonna throw up for our our our viewers. I'm gonna throw up your your Twitter tags. Those are also their tags on Mastodon atj9roemandat Ben Necarman.
Thank you guys for joining us.
[01:40:53] Unknown:
Thank you. It's fun to be here. You. I'll stop in the beginning.
[01:41:29] Unknown:
That's why I love the moon. Every night, it's there for 2.
[01:41:40] Unknown:
It's constant,
[01:45:13] Unknown:
Just be kept for where you look for love. You can stop it. Love you freaks. Stay humble. Stack sets.
The importance of privacy in an increasingly digital world
The impact of KYC on privacy and personal security
The role of open source software and funding for developers
The significance of privacy and censorship resistance in projects like Tor and Bitcoin
The trade-offs between privacy and convenience in messaging apps
The risks of centralized platforms and the need for alternatives
The importance of privacy and decentralization
