EPISODE: 49
BLOCK: 717203
PRICE: 2165 sats per dollar
TOPICS: digital privacy tools and strategies, vpns, browsers, operating systems, password managers, 2fa, emails, burner phone numbers
@techloreistaken: https://twitter.com/techloreistaken
streamed live every tuesday:
https://citadeldispatch.com
twitch: https://twitch.tv/citadeldispatch
bitcointv: https://bitcointv.com/video-channels/citadeldispatch/videos
podcast: https://anchor.fm/citadeldispatch
telegram: https://t.me/citadeldispatch
support the show: https://citadeldispatch.com/contribute
stream sats to the show: https://www.fountain.fm/
join the chat: http://citadel.chat/
[00:00:00]
Unknown:
Some of your tweets which which caught my attention, and that is that, recently Bitcoin miners are increasing capacity. Now normally that that costs money, and they may have have financed that in different ways. Now it's being financed, through banks or or market based financing, which not only could add, you know, it it it it could add to the popularity of the whole space, obviously, but it also doesn't take selling of Bitcoin to finance the mining operation. So do you see producing more as bullish?
[00:00:33] Unknown:
Or Absolutely. You do? Absolutely. And that's a that's a fascinating thread to pull on, John. Something that has been very overlooked in the market, in my opinion. One of the big developments over the past 12 months was the migration of mining from China, the Bitcoin mining from China. And a lot of that went to the United States, which has two main effects. 1, it changes the narrative around the energy consumption. Moving to North America does give miners access to a much more diversive a more diversified mix of energy sources as well as enable them to participate in the establishment of more renewable sources as well as strengthen some of the existing grids, changing the energy narrative around Bitcoin. But even more significantly, perhaps, for the Bitcoin market directly is the access that this gives Bitcoin miners to financing, be it through bank based financing, like some credit lines that you're seeing, or through market based financing. We're seeing more and more Bitcoin miners lift on public exchanges and actually do very well. What does this mean for Bitcoin itself? It means that whereas before, miners had to sell Bitcoin in order to fund their expansion and operations Now they don't need to they can hold on to that bitcoin and we're seeing on chain data support that. Less new Bitcoin coming into the market is bullish. They can be hold
[00:02:27] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Odell, here for serial dispatch 49. I know it's been a few weeks since our last dispatch. Hope you guys enjoyed your holidays. With friends and family, focus on what's really important out there, get your priorities in order. I know I sure did. I'm really excited about this show. I've been excited since last year. So let's get right to it. So dispatch is an interactive live show about Bitcoin distributed systems privacy and open source software. As always, I wanna thank the rider dive freaks who continue to support this show, keeping it ad free and sponsor free and focus purely on actionable Bitcoin discussion.
And, also, as always, a huge shout out to the ride or die freaks who join us, for the live shows and participate in the live chat whether that's through Twitter, Twitch, or YouTube. Reminder, it is also posted after the fact, to our podcast feed and, to bitcointv.com. I know some of you freaks while live streaming on bitcointv.com. It is coming. The functionality is already there. I need to iron out some kinks, so I'd leave it disabled for now. But, it will be coming soon in this new year. You can support the show via I I I I spent 2 weeks off, and I I ruined my show a little bit. You can support the show at seal dispatch.com, using Bitcoin, whether that's lightning or on chain using a pay NIM, or what a lot of freaks like doing is you can support it through podcasting 2 point o apps.
My favorite too is fountain podcasts and Breeze Wallet. You simply download the app through the app store, load it up with some sats, search Siddle Dispatch, click that subscribe button, and you can stream stats directly to my node as you listen. I literally go to my node and it's just every day of the week I just see, you know, 1, 5, 10, 20, 30 sets coming in, and you, like, literally see as people are listening because they're coming in, per minute. It's really it's really fucking cool, and I appreciate all the freaks out there who continue to support the show that way. With all that said, this is serial dispatch 49.
We have a focus on digital privacy tools and strategies, with Henry from Tech Lore is taken. I'm really excited about this one. How's it going, Henry?
[00:05:01] Unknown:
Really good here. You?
[00:05:03] Unknown:
Very good. Very good. I, have been looking forward to this conversation for quite some time. We've had it on both of our calendars. I really I just I I mean, before we get started, I just wanted to say I really do appreciate all your work. You're an absolute legend, and you're you're a major asset to the space. So I hope all the freaks after this conversation go and and and check out all all the resources you've built over there.
[00:05:31] Unknown:
Yeah. And, I mean, same goes for you too. I mean, the stuff you put out is just incredibly good. So, it goes both ways.
[00:05:38] Unknown:
So let's first start with, so I guess, we talked a little bit about this before the show, but so we have Techlore, which is techlore.tech, which is your baby, and you got, like, a whole team there now. And then you have, this this new podcast that I'm really enjoying, The Surveillance Report. What else are you working on? Are you working on anything else in addition to that?
[00:06:11] Unknown:
No. So, I have a big issue of, overcommitting the projects. Yeah. Me too. It's kind of a big deal. So, actually, it's been toning things down over time. We used to do a lot more things, but now it really is just the majority of, just the mostly a YouTube channel. It's also on Bitcoin, TV as well, which is very exciting. And, really, it's mostly just the main content, and then survey and support is the new podcast as well. And everything is built for digital pricing security and to pretty much educate people on how to take back their ownership of their data. And, obviously, there's a lot of overlap with cryptocurrencies as well.
[00:06:48] Unknown:
Yeah. I mean, I I was very excited to get you on bitcointv.com. I I guess you had issues with your previous peer 2 provider or something like that?
[00:07:01] Unknown:
Big, transition over to privacy guides, and now they split into 2 projects. So we are kind of caught in that mix a little bit because we were in our peer tube instance. It's
[00:07:10] Unknown:
kind of a messy situation, but it's all good. I feel that. Well, anyway, you found a welcome home over at Bitcoin TV, and, we're very we're very happy to have you. I think you add a lot to to the content on that platform. So, I mean, our show is, very much focused on digital privacy. So I think you don't have to necessarily be too shy about going into the weeds a little bit as we go here. The freaks have gone
[00:07:43] Unknown:
what was that? I love that.
[00:07:45] Unknown:
Yeah. Me too. The freaks have gone on quite a journey, with me over this last year. So they are pretty they're predisposed to a lot of the topics that I I think we're gonna talk about. But every good privacy conversation starts with the age old question, which is why is privacy important to you and why should everyone else care?
[00:08:09] Unknown:
Are you asking the community or me? I'm asking you. Well, for me I think first, I discovered privacy mainly because I read The Art of Invisibility by Kevin Mitnick. Great book. Great introduction to the privacy world. And I think that, just the overwhelming amount of dystopian technologies that were found in that book that was it's already an outdated book, was just unfathomable. Like, things that you see in Black Mirror and things that you see in pretty much any kind of dystopian novel, they're technologies that for the most part can happen today and many of them are used as privacy invasive tools. And, I'm sure this will resonate with the crypto community, but many of you want control over finances as well as your life, and I think that carries over to data. And, ultimately, I think privacy is just control over data.
You get to choose what you wanna share with the world. I don't necessarily believe everyone needs to be perfectly private, but if you're able to choose what you're sharing with the world, then I consider that an overall win for a lot of people.
[00:09:12] Unknown:
100%. I mean, I and within the cyp in the cyberpunk manifesto, I think there's a really clear delineation there where, like, privacy is not secrecy. It's the ability to selectively reveal yourself to the world. And I think a lot of people, tend to fall down that hole, which is like, I'm not going to ever obtain a 100% secrecy, so there's no reason for me to try. But, really, there's bunch of different shades of gray there, and you really want to, have control over where you basically end up in that in that process. Right?
[00:09:55] Unknown:
Exactly. And it it's funny because, a lot of people who do say that, like, oh, I have nothing to hide or I can't achieve perfect secrecy. You know that in real life, if they're, talking to a stranger, they're not sharing every little personal detail about themselves. But the moment that it goes into the digital realm, we we don't care if we're pretty much seeing the equivalent of that with companies, governments, and everyone in between. Just interesting.
[00:10:19] Unknown:
And, I think I had this converse so you were on Seth's Seth's great podcast, Opt Out. I also joined him on there, and I had an interesting conversation with him because, and I I mean, you're in you're in the same boat. I mean, the 3 of us are are are relatively public figures that talk about privacy. And I I imagine you get a lot of hate about people saying, well, you shouldn't be talking if you really cared about privacy, you wouldn't be talking about it publicly. I mean, I've seen your face on a 1000000 YouTube videos, quite good YouTube videos.
How do you how do you counter that when when people bring that up?
[00:11:05] Unknown:
Yeah. Well, it's funny because I've gotten a lot better answering that question over the years. I think a few years ago, it was a very common YouTube comment. Like, LOL, you're talking about privacy and deleting Google, but did you know that YouTube is owned by Google? Laughing emojis. And it's like, yeah. We're very much aware. It's all about a threat model. It's all about choosing what you wanna share with the world. It's unfortunate because I I didn't know TechFlow was gonna become a big thing when I first did it. And if I could go back in time, I wouldn't have shown my face. So it's actually one of the things that is both a blessing and a curse because I think the face adds familiarity. I think people feel more comfortable with the content. It makes privacy more presentable, because when you're someone who's hiding behind just a screen, it it in some ways does make you less of a presentable person. So there is those pros, but again, it's not a sacrifice I'd probably make again.
But it's something that I can work with. I'm able to hide aspects of my life that I don't wanna share. I'm able to pretty much share with the world what I want to be shared because I'm able to follow my threat model and take proper precautions in the meantime. So, really, like, what we do is exactly what we preach, which is we let the world decide what they wanna share. And and yeah. That's the best answer I have for that. Well said. I mean, I think that,
[00:12:31] Unknown:
I think exposing my face is my biggest regret as well. Yeah. We have this guy in the comments, Radixrat mentioning a full body green suit. Our boy, Gigi. Do you know Gigi? He's in the Bitcoin community? I do not. Gigi's a fucking legend. He's one of my really good friends, and he is also very focused on privacy. And he's been doing a bunch of videos lately, and he wears a full green bodysuit so that he can green screen whatever face or images he wants on his body. And he's actually presented live in person that way as well. So for a while, like, I kind of justified my, me self doxing my face as a a necessary evil to basically try and further education and whatnot. And, also, like you, like, I just didn't expect my content to blow up as much, and I wasn't really thinking about it clearly enough.
And then Gigi just comes around and just shows that it's possible. He just goes out there and just wears the full green suit. It's
[00:13:42] Unknown:
it's definitely a good move. The I I yeah. I I'm with you there. If I could go back, I probably wouldn't have shown my face, but it does come with pros. The thing with the green suit and this is kind of a side tangent, but, it's interesting because the face is something that's so, I guess, unique to to us as humans. Like, we think of, a face as the definition of exposing sensitive information, but, there's some people, I I I don't mind naming them, but like the hated one. I think it's a great channel. He'll show his hands in some videos. And I'm thinking, well, what what if in 10 years, a hand is enough to identify someone?
[00:14:24] Unknown:
So it's just interesting for me to some people that way. There were I it was a drug dealer or a terrorist or or, you know, some, some some type of criminal that they got because he was taking, like, photos of his product, and I think they pulled the fingerprints off the HD photo.
[00:14:46] Unknown:
Yep. And there was a study done, this was many years ago, probably at least 5 years ago, that just a thumbs up in a selfie is enough to get your fingerprint, depending on the quality of the image. So yeah. It's just interesting because there is a face, but there's also many other things. So I'd also ask, I guess, how well the green suit idea would hold up in the meantime?
[00:15:08] Unknown:
Yeah. Well, I mean, the the green suit's been holding up so far, but I guess he's stress testing the the privacy protections of the green suit for us in in real time. Absolute. I love that for him. I, I mean, look. This is one of the reasons why so, like, my other show, rabbit hole recap, we do a live video stream and with our faces. And one of the reasons that dispatch is like an audio video hybrid, is so that I make sure that my guests don't feel pressured into like, I I feel like I want we we should kind of as, like, an industry almost, especially with with all the lockdowns and stuff that happened around COVID. I feel like there was a major push towards digital media, and I feel like content just automatically does better if you actually have a face there, like you said.
So dispatch was one of the ways of kind of, like, playing with the format so that it is an audio only show in terms of participants, but there's still a video interaction with this live chat and whatnot.
[00:16:22] Unknown:
I like that. It's definitely a little bit of a rebellious take on it.
[00:16:27] Unknown:
Yeah. I mean, there it's it's let me put it this way. It's a topic I think about all the time. Some mornings I wake up and I'm like, you're a fucking idiot. Like, why'd you ever go public about privacy? And then other times, I'm like, what else would be better to do with your life than this? And most of the time, it's the latter. So that is that is the good news here.
[00:16:49] Unknown:
That's very relatable.
[00:16:51] Unknown:
So one of the things I really like about, your channel is you don't really or just your work in general, you don't really you have a very broad demographic. You kind of you're kind of you're you have videos and guides that are very accessible to people that that aren't necessarily very technically savvy, and then you have guides and content that are for more, savvy individuals. Like, I would say I mean, the surveillance report to me is, like, I'm the demographic for that. And, like, maybe some of my ride or die listeners are the demographic of that. But then and I know this is a touchy subject, but, like, your your main Graphene guide at the time was on a Windows computer to make it more accessible to, newcomers.
When when you when you think about privacy, when you think about someone who is trying to basically take the first steps to make their life a little bit more private, to not share absolutely everything on the Internet. What do you think is, like, the first, like, actionable steps that someone should consider doing?
[00:18:07] Unknown:
It's a great question. So first, you're right. We make a ton of different content aimed at different demographics. What we're really against is the idea of going to the extreme on every topic, which is, like, my biggest gripe with a lot of other channels, which they still have their place and they still have their demographic. But, I don't think not accessible. It's not accessible, and I think that it's unhealthy to set such high expectations for everyone all the time. And it doesn't include threat models. Because some people are fine using social media and sharing everything about themselves. Right? Like, we we share our faces, we share certain information about ourselves, and it's totally fair for someone else who's consciously making a decision and understanding the drawbacks, of course, to make a decision that they know might be harmful.
But we also make several different kinds of content. So some of them you're gonna find are more advanced, and they talk about how to obtain cryptocurrencies anonymously, how to store them safely, all about, like, hardware keys, t TOTP, things that most people might not want to touch. But the people who wanna touch it, they still have that access available. It's a very hard balancing act though. You know? In Go incognito yeah. In in Go incognito, the the course, that I put together, it was like a 2 year project. And one of the biggest challenges was figuring out how to deal with that problem. And one of the best ways I found was each topic so let's say it was 2 f a. It starts with the the bare minimum of what you need to understand and know, and it slowly escalates from there. And then, actually, in the background, it's a green screen and the green screen chain changes color, to pretty much represent a higher threat model.
So that's, like, one nice way I found of pretty much accommodating different demographics. For your second question though, we made a video and I actually this is video was made a while ago, so I don't remember all the tips, but it was like how to get started on your privacy journey. I'm trying to find it right now, but it pretty much answers that question and it's, here it is.
[00:20:13] Unknown:
One sec.
[00:20:16] Unknown:
Many of the steps are just basic things for most of you listeners, but it's gonna be things like moving to a password manager, enabling 2 f a on your accounts, just deleting old accounts you don't have anymore, being conscious of what you're uploading to the Internet. Those are all basic things that would take people very far. And I think one of the biggest ones that we don't talk about is just moving to end to end encrypted mesh messaging when you can. I think moving to an end to end encrypted messenger is already a massive step forward. If you combine that with migration to a password manager and enabling 2FA on your accounts, at least people will have basic security in mind.
And you can't have privacy without security, so it's a great starting point.
[00:20:58] Unknown:
What's your favorite messengers?
[00:21:01] Unknown:
I'm big into signal. I by the way, I I'm big into signal, but I'm also very critical of signal. Lots of things about signal I don't like. But, overall, I do think it's probably the best messenger to recommend to the people I know. I'd say almost all the people I talk to on a day to day basis in my personal life are on signal.
[00:21:18] Unknown:
Yeah. I mean, I, I pretty I pretty much slow and steadily onboarded everyone that's important in my life onto signal. But, like, I I even got my my family basically uses it. I have, like, a group chat with my ladies immediate family and my immediate family, and it's basically almost used as a social media type of situation where, like, photos are shared and stuff, in that in that single group, which is a really nice touch, I think, that people are missing when they're like, I, you know, I don't want to completely detach myself from that that social sharing kind of aspect, but I care about privacy.
[00:22:03] Unknown:
100%. It's funny, my partner and I, we use the one x photo as kind of like a Snapchat feature. It's a pretty bad Snapchat knock off, but it does work. There's a lot of things signal's good for. I'm seeing some people here. What do you think about matrix with the bridges? We actually have a whole community on matrix, and we bridge it to our Discord community. It's a pain in the ass. There's really no other way to say it. We host our own bridge and, it has a lot of problems. It resets permissions pretty frequently, but it does work. It's a very cool project, and I think that bridges are a very cool way. If someone's on WhatsApp, you're able to self host your own bridge essentially on WhatsApp and be able to use Matrix with them. So it's it's very nifty. I like Matrix, but I think it's very unpolished, and it's not something I would use,
[00:22:51] Unknown:
for people I know in real life. I mean, I would I would push back a little bit. I mean, the Bridges system is a bit hacky. I mean, I have people love Discord. I have my own problems with Discord. I mean, Discord's not end to end encrypted. Oh, hey. Hey, Discord. Matrix, like, vanilla matrix, if you're not using with bridges, if you're if you're using it, with, like, Element or one of the other popular clients, is is very user friendly. It's it's it's pretty easy to get started, especially if you're using, you know, the matrix.org home server.
We have our own self hosted matrix room, which I meant to show in the beginning of this chat because, because it's relatively new. That's citadel dot chat. Got almost 300 freaks in there right now. But, I'm I'm slowly starting to to fall in love with Matrix because Matrix is is end to end encrypted. It's open source. You can self host it. It's kind of it's kind of like the the dream messaging platform in a lot of ways. I I mean, the biggest thing signal has going for it, which is also probably your biggest complaint, but is also the best part of it in a lot of ways is that it uses the phone numbers as a, like, a contact mechanism, which is just very user friendly. People are are are used to that with, like, the WhatsApp types of situations and the Imessage types of situations.
[00:24:27] Unknown:
Yes. I think everything you said is valid. I those are the aspects of Matrix that I really like as well. Really, the only complaint I have with matrix is the metadata leakage because there is kind of a metadata problem with that signal handles a lot better. And, also, I do like disappearing messages on signal. But outside those two things, I still think matrix is an overall great platform. Experience as you have personally. So, that's why I really like signal. But then there are some great things about matrix. Like, I can get element from F droid. Right. You know? Like, I can't get signal from F droid. Kind of a bummer.
So, again, like, I I have issues with signal as well. The phone number requirement would be nice if it was optional. I wish it was available on F droid. I wish they were more open source friendly. I wish that they had basic ARM support for Linux.
[00:25:21] Unknown:
What's on on the single desktop app or whatever? Yep. I mean, the single desktop app sucks. That's another thing that's an issue with it. Yeah. It's not great. Just in general. Yeah. And even just like how it, like, it it's basically using your phone as a relay for the like, I don't think you can use it. If your phone is off, I don't think you get messages on the desktop client.
[00:25:46] Unknown:
Yep. The only projects that people should be aware of, but I think really trumps everything else in regards to privacy, security, and anonymity is Briar, b r I a r. It's onion routed. It's only available on Android, and it's peer to peer.
[00:26:04] Unknown:
Fantastic. Well, it's it's like optionally peer to peer. Right? I believe so, but Like, if No. I if I mean, there was all the stories that in, like, China, like, it got censored so then you can use, like, their Bluetooth WiFi to just automatically, like, almost like a mesh net type of situation. Right?
[00:26:22] Unknown:
You can, but I'm pretty sure it's, peer to peer no matter what. I don't think there's any central service because everything's onion routed.
[00:26:30] Unknown:
But I mean, it's it's not purely it's not purely mesh. Like, if you're in the western world, like, I downloaded Briar and, like, I could chat with people on the other side of the world. But in, like, a worst case scenario, one of the cool aspects of Briar is that if you could have, like, no cell reception and still use Briar if there's people that use Briar that are near you. Right?
[00:26:53] Unknown:
Yeah. Well, those are 2 different. So, just because it's global doesn't mean it can't be peer to peer. So peer to peer means that it's just 2 people connecting to each other directly instead of having a central server. The Internet. Yeah. Yep. So there's no central server with Briar. So there's no messages being processed through any server. It's just you directly communicating to another device over Tor. But the UX is kind of Oh, yeah. Clunky. Right?
[00:27:18] Unknown:
Yeah. It's not great. Yeah. And then there's someone mentioned session. I've I've what what are your thoughts on session app?
[00:27:27] Unknown:
I feel like it needs work Yeah. Polish wise. I've used session. Actually, Nathan from the surveillance support interviewed, a team team member from session, Jeffrey Keyes, I believe. And, overall, I think it's a really promising
[00:27:48] Unknown:
Right. But it does have some in that way. Right? Like, it give you, like, a code, and then Yep. You share with the code. What do you think about 3ma?
[00:27:58] Unknown:
I like it, but I can't convince it's already hard enough to convince people to use a new messenger, not to mention pay for Well, I have, like, 7 messengers on my phone.
[00:28:09] Unknown:
Yeah. I mean, the pay model is definitely friction, especially if you're using something like Kallix where you can't even, like, pay for it through the, to the app store because there is no Google Play store on on Kallax or or Graphene or something like that. So you have to go and I mean, they accept Bitcoin. You can pay with Bitcoin or credit card. But I, most of my conversations were at 3 I I've moved to Matrix now. What was the the what's the metadata issue with Matrix?
[00:28:41] Unknown:
Pretty much whatever home server you're connected to can collect whatever it wants about you. That's kind of the issue with the decentralized model of Matrix. So if you're a part of matrix dotorg, matrix.org is able to collect most metadata on whatever's happening. But if you're in end to end encrypted rooms, they can't actually get the
[00:28:57] Unknown:
what the conversations are happening inside the rooms.
[00:29:00] Unknown:
Yeah. Not the conversations, but, I mean, when you're talking, who's talking is still accessible data, which is the problem. What rooms you're in? Yep. Now this can be mitigated because on matrix, you can just self host your own home server. In that way, you can assure that everything that's happening on it is is owned by you. So that's kind of the the the awesome thing and the sucky thing about
[00:29:30] Unknown:
you're running your own matrix server, you can still chat with everyone that's on the other matrix servers servers. Yep. Exactly. But, obviously, you might be unwittingly leaking metadata to their servers if they're communicating with you.
[00:29:46] Unknown:
Yep.
[00:29:47] Unknown:
And we we have a freak who's asking how do we know these messenger chat apps are not spook apps like ANOM? Well, the number one thing is to be using open source software, so that you or other people can verify the code. I mean, ANAM was an interesting story in itself. Were you aware of this?
[00:30:10] Unknown:
Yes.
[00:30:11] Unknown:
I mean, it was a messenger that I had never heard of until after they arrested everybody. Had you heard of it before that?
[00:30:19] Unknown:
Not before then. No. A lot of these we, for some reason, like, they seem very popular in, like, the underground world until they, you know, get busted and then we all hear about them. They, like, they, like, push them in through back channels or
[00:30:32] Unknown:
double agents and stuff like that, I guess. But, like, I think ANOM wasn't even open source. But yeah. I mean, look. The number one thing is open source. Obviously, it could still be a spook operation. You know, there's it might not be that many eyes on the code. So you gotta be you you still should be you should still be careful. You shouldn't, you know, blindly trust everything. There's no easy answer there. Do you have do you have an answer for that question that's more eloquent than mine?
[00:31:08] Unknown:
I think open source is a great starting point. If something's open source, you you already have some assurance there. I think looking at previous history, one really cool thing about signal is we can look back at actual attempts of trying to get user data, and it's exactly what signal says. They only were able to give up, like, the creation the the time and date that they created their account and the last time they were online, and that's it. And that's what they promise. You're also able to look at actual expert opinions. So not me.
Not other people. Like, people who are actual cryptographers who can look at this stuff and give their actual, like, really expert advice on these things to give their best recommendations. Really, you wanna look for, people who are specialized in their very specific field when you're looking for those kind of solutions. So if you're looking to make sure cryptography is good, you wanna look at the people who are experts in cryptography and what they think about the product. One big thing that I've seen a ton, especially in the cryptocurrency community, so this might, be a big one for a lot of you. There's a lot of services that are very similar to, a ANOM that, Matt brought up. Where pretty much, you can get this messenger. It's completely off the grid, completely anonymous, and the other big one is, an iPhone. It's like an iPhone. I think Skyphones is something similar where they ship you an iPhone that's completely hardened and unhackable, and they make all these massive claims.
If it's not open source,
[00:32:41] Unknown:
run away as fast as you can. And and usually, like, the massive claims are a a mat are big red flag too when people say, like, unhackable or absolutely private.
[00:32:52] Unknown:
Exactly. Be very careful with all of those things. Really, like, there's a reason why the most recommended services are all open source services. If someone's trying to recommend some, like, really weird proprietary thing that no one else is talking about, that should be a big red flag. Yeah. And I mean, a big a big theme I talk about,
[00:33:13] Unknown:
a big theme we talk about on dispatch and and my other show, is just this this whole idea. First of all, everything has trade offs. And most of the time when we're talking about these things, it's it's it comes down to a trade off between convenience and privacy and security. And you should be you should be very reluctant when something something sells itself as both convenient and private. Would we do we want things that are that are privacy focused to be as convenient as possible? Yes. But at the same time, like, if you're taking shortcuts, if you're trying to just order a, you know, just order a hardened phone or something from some fly by night operation that promises to do everything for you, that is probably a that that is probably not a good idea.
[00:34:11] Unknown:
Yeah. And actually Yeah. Go on. This brings I have a question for you because I have a few services that I'm very passionate about, that actually do strike an amazing balance between privacy, security, and convenience, and they're kind of unicorns in the space. So I was wondering if you had any.
[00:34:26] Unknown:
Well, I mean, I think signal kind of falls into that category, especially for Android users. Because with Android, you can kind of use it as almost like an Imessage alternative where it handles it just becomes your text message client. I I mean, look. Everything has trade offs. I I kind of I'm curious. What are what are what are your unicorns?
[00:34:56] Unknown:
Signals one of mine. I especially agree on the Android front. Because, like, right now, if I open Signal, I can send a message to all of my contacts through Signal, through my SIM card, or through Silent Link, which is just incredible. And then, I really like Brave and Tor Browser, which is a little bit unpopular on the Brave front, especially probably in the crypto world. I just turn off all the crypto stuff in Brave personally because I'm not a big fan of Brave rewards.
[00:35:22] Unknown:
But, I think the Tor Browser in Brave, it's just download and go. What worries me about Brave is I just feel like there's not many eyeballs on that project. Tor Browser, I would say, kinda fits that bill. I mean, the question is how you feel about the word convenience. Right? Because, obviously, tour is really slow. And then there's a whole trade off of I mean, there's certain websites that are just gonna break if you try and access them through Tor. Yep. Thinking like banking websites and stock websites and stuff like that. But they've done a really good job with Tor Browser. I mean, I have a lot of issues with how the Tor project is run.
I have a lot of appreciation for them, though, and, they've done a good job they've done a good job with the Tor browser. I know it's it's it's it's it's difficult. I mean, a lot of times it comes down to defaults. Right? I mean, I think Brave has pretty good defaults. I mean, I don't use it personally. They had some kind of I think it was, like, a couple months ago, they had something that was really bad. That, like, slipped through the cracks even though it was open source because there weren't that many eyeballs. I forget what it was, though. And that kind of rubbed me the wrong way. There's a few things. They've had a few,
[00:36:48] Unknown:
financial related scandals with the cryptocurrency as well as their affiliate links and also cryptocurrency
[00:36:54] Unknown:
token thing is just a major turn off. Yeah. I think that's most people's turn offs from Brey. But you can disable it, but it's still like, okay. I'm using a product by a team that thinks that's fine. So
[00:37:06] Unknown:
Yep.
[00:37:08] Unknown:
So, like, you question you question their decision making and their motives. I mean, signal gets a lot of that shit too because signal just added their own token.
[00:37:17] Unknown:
So am I.
[00:37:18] Unknown:
Who, like, I have a lot of respect for him, but Moxie, like, pretend Moxie, the the creator of signal, is, like, heavily involved in that token project, and then they integrated the token. And he just constantly pretends like it's not affiliated with Signal at all. And it's like, yeah, we know it's not affiliated with Signal. It's affiliated with you, and you're affiliated with Signal. Oh, I really like Pop!OS, the Linux distro. Mhmm. I think they strike a really good balance. I don't know if I'd go as far as call it a unicorn, but I I think it actually makes Linux very user friendly, and accessible with pretty sane defaults.
So I'm pretty happy about that. I mean, I love Kallix. I know you like Kallix a lot. I think Kallax strikes a pretty good balance.
[00:38:16] Unknown:
Yeah. Those are good ones.
[00:38:20] Unknown:
So, I mean, you kind of piqued my interest because you mentioned when we were talking earlier, you were talking about one of the things about signals, they have these court cases, where they've shown that they've they can't give over information, And a space that is very ripe with scams and requires a lot of trust from their users to the provider is the hosted VPN space. Hosted VPNs are a massively useful tool for privacy. They give you very good Internet speeds while helping mask your your Internet activity from your ISP and also from the sites you visit. But as a result, instead of your Internet service provider knowing, all of your Internet traffic, you are basically handing that information over to a different third party company that ideally you get to choose and there's competition and whatnot.
And one of the most popular ones has become private Internet access, which is based in the United States. And they make, like, all these big claims about no logging, and they have all these court cases where they say they aren't logging and people point to that. But I just can't get it out of my head that it's a that it's a massive honeypot and that I mean, all VPN providers are honeypots, but that it's actually a active honeypot where they're tracking users, partially because they're based in the US and also because some people on their team have really sketchy back stories. How do you circle that square?
[00:40:09] Unknown:
Yeah. So, first, what you're saying about VPNs is very accurate. It's a very iffy industry, and, actually, we have open source VPN tools on our site that hope to at least offer some kind of resource for these. PIA is kind of so I'm gonna get subjective here. A lot of our tools are objective. They're meant to be open source, but I'm gonna give my my thoughts on PIA here. First off, those court cases, I believe, are from 2013, based on memory. They're from a long time ago. What really does rub me the wrong way outside of the terrible history and also their recent purchase by Kape. Kape is a malware. They used to produce malware and now they bought Hapen PIA.
And they own a bunch of VPN providers. Right? Exactly. So they own several VPN providers as well. They really rubbed me the wrong way mostly because there's some basic things they could be doing that they're not. A warrant canary is a big one, which pretty much says oh, what a warrant canary is is, essentially, you put a web post on your website that says we are not compromised. And if that company is ever forced a gag order or forced to start collecting data, they change the warrant canary or take it off. That's pretty much a legal workaround to be able to let people know that they've been compromised. Because the gag order doesn't allow them to post, we've been compromised,
[00:41:34] Unknown:
but they can remove something. They can't add something.
[00:41:37] Unknown:
Exactly. PIA not only does not have a warrant canary, they have a massive blog post detailing why warrant canary is not a good thing to have at all and how it solves the wrong it I'm mostly quoting word for word. It solves the wrong problem because people should just not keep logs in the 1st place. Like, that's that's not really the issue. It's trying to be targeted there. Something else is that with signal, the encryption's done on your device. And this is done as well with a VPN, but the difference of the VPN is even though it's encrypted, the the data is still being traveled through their servers. And at the end of the day, you're still having to trust this VPN company with that data.
I just don't personally don't have enough faith in a company like PIA to be able to handle that data well. Well, your data is encrypted, but they know the entry point and the endpoint.
[00:42:30] Unknown:
Right. Right. So they know what sites you're visiting, and they know your IP address, obviously. So they know who you are. If you're paying with a credit card, then they know who you are even more. Mhmm. I think we both like the same 2 VPN providers.
[00:42:50] Unknown:
IVPN and Mullvad?
[00:42:51] Unknown:
Yeah. But I'm like, I've been recommending for so long that my running joke with the freaks is that if it is a honeypot, then we'll just all go down together because I'm I'm using it too. So
[00:43:03] Unknown:
Yeah. I think, IVPN, Mullvad, and my other 2 that I throw in there would be Proton and Windscribe. I like those 2 as well. The Proton definitely, kinda sends some people the wrong way, which I think is valid. I think if you distrust companies, that's fine, though I still like to encourage people to look at all the data points.
[00:43:22] Unknown:
Proton's a weird one for me in general. Yeah. That's fair. I I know some a lot of people don't trust Proton. I mean, they, like, came out, like, right after so I'm, like, kind of a little bit curious about your privacy journey. I mean, my privacy journey really began in earnest with the Snowden leaks. Like, I thought we could trust tech companies before Snowden. After Snowden, I basically realized that, whether whether they, you know, do it voluntarily or whether they're forced to, there's a lot of cooperation. They're basically an extension of the state, but also, like, a lot of these companies have financial incentive to track users.
And, like, Proton, like, kind of came out of the Snowden leaks, and it was, you know, championing privacy directly after the Snowden leaks. And it always felt to me, like, I don't know. Like, if if if if if if you were the state and you wanted to and you and you wanted to take advantage and and still hold some of your grasp post note and leaks, like, the best thing to do is, like, launch a Swiss based company that says we're gonna take care of all your privacy for you. But, like, the email is a very compelling offer. It's a compelling project product.
You know, I'm not skilled enough to inspect the code, but I I believe it it is it is supposed to be all everything is supposed to be done client side in your browser. The whole way they handle, like, their anti spam mechanism or where they're, like, they wanna verify a phone number or an external email address in order to sign up kinda rubs me the wrong way. I mean, both IVPN and MOLVAD, you don't even have to provide an email address by default, which I like that flow a lot better.
[00:45:20] Unknown:
I agree.
[00:45:21] Unknown:
But, like, I don't I don't particularly, like, not recommend Proton. I just always had this, like, weird vibe about it.
[00:45:29] Unknown:
Yeah. And, that is something that we talk about sometimes. It's like, there's just some services that I just don't like. And when I cover content, I I recommend them. But it's like I the it's just a subjective thing. So I think it does come back to, like, if you don't trust something, I still recommend you look through the data and make your own assessment on it. But if you don't trust something, trust that instinct, to some extent, I I think be aware that it is just a a feeling, but I don't know. I say, like, to some extent, it's fine to act on that. Personally, I trust Proton. Our whole team uses Proton. I use Proton in my personal life. I think they're password protected emails to external contacts is just phenomenal because even Right. Someone who doesn't have Proton or doesn't use PGP, they can still get an encrypted email. That's end to end encrypted.
It's fantastic. But yeah. I think it's all based on trust. And if Proton wasn't able to prove that they're trustworthy to you, then I think you're valid.
[00:46:39] Unknown:
And didn't they recently, like, change their privacy policy or something?
[00:46:44] Unknown:
Yeah. So there was a recent, there was a French activist, and pretty much, what happened was they were part of a nationwide investigation, and what happened was Proton then had to start logging an IP address on that one user. So they updated the privacy policy to now better reflect that they do that, but they've always said that they did that. If you looked back through their articles from 2013, way back in the day, they post all this information of what they collect. And most pretty much any centralized email provider is going to collect that information. And if they're not, they're probably lying to you, because they're not gonna be able to fight against the massive government.
So, just be aware of what a, quote, private email provider will will offer you. They're not gonna offer you magical IP address protection, but they if they're promising end to end encrypted and it's open source, you can guarantee that it's gonna be end to end encryption.
[00:47:39] Unknown:
Right. But which is why it's important to couple that with a VPN so you're not leaking your IP address to them or Tor. But if you're using their VPN, it kinda defeats that purpose.
[00:47:53] Unknown:
It's funny because they argue other ones, which I'm kind of iffy on. I don't think that would fly, but they actually argue otherwise because they say their VPN is handled differently and they wouldn't be able to to do anything there. That that's what they're saying. I'm Well, that sounds like a bullshit. The message. Yeah. Yeah. It does sound like bullshit to me. We're gonna shoot you. We're we're shooting you live on dispatch. Just real quick. Someone asked about TorGuard. I think you can do better. Personally, I think you should have higher standards for the pricing security of your VPN. Same goes with NordVPN.
[00:48:26] Unknown:
Most people horrible. Nor Nord is a horrible track record. Nobody should use Nord. I'll go just say that.
[00:48:33] Unknown:
I I really would stick to to, like, IVPN and Mullvad if privacy and security is your absolute goal, And I think Proton and win and Windscribe are great alternative options as well. I used to like Bolle a lot. Did Bolle
[00:48:46] Unknown:
cross your radar ever? No. I've never heard of it. No. I mean, I haven't used it in years, so don't count this as a recommendation, freaks. But, before I discovered Molebat, I liked. I think they were based in Singapore. Anyway so, I mean, look. The VPN question is not an easy question, and it's a perfect example to me in the privacy world, the digital privacy world, about trying to measure trade offs and measuring it against your threat model and trying to make a decision yourself, because it is a topic that you could literally dedicate hours to talking about days, with tons of nuance. And then all at the end of the day, like, a lot of it just comes down to reputation.
So where do we go next? Do you, someone asked in the comments about Libre Wolf Browser. Have you ever heard of that?
[00:49:48] Unknown:
Yeah. Libre Wolf essentially is Firefox. Well, I do you want me to explain it or do you I just want my thoughts. Sorry. I don't know. Explain it. Explain it and then give us your thoughts. Okay. Libre Wolf is pretty much an open source. Firefox is open source, so Libre Wolf took Firefox and forked it, and they pretty much applied some out of the box patches to it to make it more private and secure out of the box. So they disable some of the, analytics and telemetry collected by Mozilla, and they also, I think, pre install ublock origin, and they modify some I think they modify some of, it's not flags. It's the other about the about config menu for Firefox.
But, yeah, personally, I I I don't see a need for it. I personally just like using, Firefox if I'm gonna use Firefox. But I think that if you just want kind of a Brave esque alternative to Firefox, which is just like out of the box ready to go, I think that's probably your best bet, something like Libre.
[00:50:47] Unknown:
But it sounds like for your daily driver, you use Brave.
[00:50:50] Unknown:
Yes. I use Brave and I use Tor Browser for pretty much everything. Those are my two favorites.
[00:50:55] Unknown:
And then you don't use, like, that built in Tor feature on Brave. Right? What was that? That that built in Tor feature on Brave?
[00:51:04] Unknown:
Very rarely. I wouldn't trust that for anonymity. Like, the same anonymity you'd get from the Tor browser. Because the Tor browser's built from the ground up to make you anonymous. Brave won't do that. Brave just essentially masks your IP address. I do use it if someone just sends me an onion URL to download download something, which for some reason is happening more often than than I'd like. Well, actually, you know, it's a good problem to have, but it's just frustrating downloading things that are just, like, gonna be public videos,
[00:51:32] Unknown:
through, like Yeah, man. I mean, I feel like me and you are I I think most people aren't getting lots of onion addresses, but I would like to see more of them. Agreed. I, I mean, the browsers is another can of worms that's really just personally interesting in the privacy world. I mean, in general, you should probably not be using browsers, I think, that don't have that many eyes on them. Your browser has so much information on you. Capability of collecting so much information on you that it is a really, really crucial tool, if you care at all about your privacy and security.
I mean, if we're gonna talk about, like, actionable first steps, like, you probably shouldn't be using Google Chrome signed into your Google account. Probably should get rid of your Google account if you have the capability of doing that. But definitely, you know, your main browser shouldn't Chrome signed in to your completely doxed Google account. Personally, I was I was using ungoogled Chromium for a while. The I mean, a lot of the web is, like, built for Chromium or Chrome, which is unfortunate. And then recently, I just switched now I just use Firefox, and I just change a bunch of settings myself.
[00:53:01] Unknown:
Nice. That's a good setup.
[00:53:03] Unknown:
There's a lot of things that, like, get broken when you use Firefox and go to websites. It's weird. But my pay grade.
[00:53:10] Unknown:
Yeah. No. I I really am not a fan of using Firefox personally. Very personal preference. But I think the browser wars are pretty ridiculous, at the end of the day. Like, as long as you're avoiding Chrome and Opera and Edge and you're sticking with either Firefox Brave or Tor or really any other semi private browser, you're doing better than majority of the people. So it's always a good step forward.
[00:53:35] Unknown:
I forgot Opera still exists. They're owned by a Chinese company. Right? I believe so. I think they have a VPN too. One of the interesting things is, Mozilla for Firefox now has Firefox VPN, which is just white labeled Movad.
[00:53:52] Unknown:
Yep.
[00:53:54] Unknown:
Which I feel like makes it a lot more accessible. Should we talk about operating systems? How do you feel So, like, you have a bunch of guides that incorporate Windows. I've maybe I've just gotten, I've, like, gotten to the point in my privacy journey or my education privacy journey where I just I just tell people they shouldn't use Windows. How do you feel about Windows?
[00:54:26] Unknown:
Yeah. So first, we have, we spent a lot of time on this. This took pretty much all of 2021 to do, but we have a whole, like, 20 minute per operating system guide. So we did a guide for iOS, a guide for Android, a guide for Windows, a guide for macOS, and a guide for Linux. So we made 5 different guides for different operating systems, all covering the same information, but essentially specific to each operating system. And the Windows one, it starts with a skit because it it it starts with someone like, oh, this is the all in one Windows privacy and security guide. And then someone crashes through the door and says, just use Linux. And, while I think that probably is the easiest way to essentially prevent almost all of Windows problems, at the end of the day, there's just some things, that Windows still does for people. Like, if someone's dependent on Adobe and they can't switch to the open source solutions, they're either gonna be using Mac OS or Windows, or they're gonna try to get some half baked solution using wine, using a old version of Adobe, or they have to use KVM to get Windows. But either way, if you're using KVM with Windows inside of Linux virtual machine, don't you still wanna make that version of Windows private secure? So, essentially, like, we like to be open to different people's, situations because at the end of the day, you can make Windows significantly more private and secure.
And just because you can't make it perfect, doesn't mean that, we shouldn't, like, cater to that audience at all. But in that Well, that's why I appreciate you about about you guys. But, I mean, to me, Windows is just spyware at the OS level. Agreed. I don't even Yeah. And and, like, so we talk about that too in the guide. At the end, we're like, hey. We did a ton. We might have made Windows 80% better, but at the end of the day, there's still, like, the following things you can't do. And if you're still concerned about this, you should really look into Linux or any other operating system. So that's that's kind of our approach. We like to keep things open ended. We like to cater to everyone.
It's definitely easier though sometimes to just go, yeah, just go use Linux. Because sometimes there's someone who's fully capable of using Linux, but they're a little bit intimidated by it, and I go go try it out. Or if anything, I think the under discussed option, which definitely gets a lot of hate, I'd rather people be using a MacBook than Windows.
[00:56:45] Unknown:
Yeah. I mean, that's where I land on it. Like, I mean, I I mean, the other thing about Linux, I mean, there's a there there's, like, a I mean, there's obviously a learning curve. I think Pop!OS does a pretty good job, bridging that learning curve, but if you don't know what you're doing, it could be more dangerous than if you're using OSX, if you're using a MacBook. I also would say, like, if you need to use something that is Windows specific, if you have work related things or something like that, like, you can have a dedicated machine just for that. I mean, it's still useful that you have your guides to to harden that machine as much as possible. But, you know, a lot of our conversations end up what what we see in the Bitcoin world, and I've seen this on my own personal journey is, you know, Bitcoin is a a purely digital bearer asset.
So all of a sudden there's this direct financial reason, why you wanna take digital privacy and security safely. And that's because you're managing these these secrets, these private keys that if they're taken, you lose your Bitcoin. So when I have people come to me and they're saying, I'm trying to do this Bitcoin thing or this Bitcoin thing on a Windows machine, I'm like I'm like, man, you just gotta get another computer, and you it's either gotta be ideally a a you you flash Linux on it and you put Pop!OS on it. But even if it's a MacBook, you gotta just have a dedicated machine that's not Windows, and use that because you're just you're just starting off on the wrong foot if you're trying to secure these secrets on Windows.
[00:58:32] Unknown:
Agreed. I think that, for sure, for certain, threat models and for people who really wanna start on the right foot, starting on Windows is incredibly challenging to do. Yeah. And I think that having separate devices is a great solution. And there's other solutions too. Like, there's virtual machines. There's dual booting. Dual booting is a really nice one. And you can add different devices. You can there's there's more extravagant solutions, but those are all great solutions as well.
[00:58:59] Unknown:
Yeah. I mean, the problem with dual booting for me was always, like, one of the things that I always really liked about Linux is, like, if you just fuck if you fuck something up, like, as long as you have the important files backed up, you can just start fresh again. True. I feel like when you're dual booting, it just It's messy. And you're entering, like, all these BIOS issues and stuff like that, and it kind of complicates things. I agree. You have, like, $500 to buy a dedicated machine kind of solve. But,
[00:59:30] Unknown:
Totally agree.
[00:59:31] Unknown:
Yeah. It's always a battle of trying to decrease your attack surface, increase convenience, make it a little bit less shoot shoot yourself in the foot capability there where you fuck yourself over.
[00:59:49] Unknown:
Have you ever used, live operating systems before?
[00:59:53] Unknown:
Oh, I love tails. Tails, I feel like is a, there's a unicorn. Agreed. Tails is Tails is fantastic. And for the Bitcoiner crowd, they have Electrum built in, so you don't even have to download additional software in order to use Bitcoin with it.
[01:00:13] Unknown:
Yeah. It has KeePass as well out of the out of the box, which is really Yeah. I love KeePass.
[01:00:18] Unknown:
That's a good that's a good next topic, password management. Before we get there, I feel like Tails let's just talk about Tails for a little bit longer. Tails used to be easier to use, but now I feel like a lot of the modern computers, like, they have all these different, like, quote, unquote secure features that, like, make it difficult to boot from the drive. Have you noticed that?
[01:00:38] Unknown:
I haven't. I haven't used tails in probably about, like, a year, year and a half personally. So if there were any, like, recent depends on what machine you're running it on or
[01:00:48] Unknown:
but, like, I was helping out a friend, and I think it was, like, a Dell. And it was, like, a pain in the ass in the bios to get it to run. And and because they had some kind of secure elements that was, like, making verifying what was running. They, like, made it, you know, under the guise of security, they were really just trying to make it difficult for you to run Linux off of the USB drive. And I have no idea. I'm not really familiar with how it works on on Mac. Are you I yeah. But but the cool part about tails for the freaks that are just completely confused about what we just were talking about is it tails is a specific Linux distro that has Tor built in that you run on a USB drive. You plug it into your computer, you boot up the computer, it boots into tails. You have this nice little Linux environment.
As Henry said, it has KeePass on it. As I said, it has Electrum on it. It has a bunch of other tools on it towards it tours the default. And then when you unplug the USB drive, it's it's supposed to just wipe everything from memory. So you have you have you have nothing left on the machine that could compromise you if you're doing something. So if privacy is of the utmost importance, Tails is a extremely useful tool.
[01:02:11] Unknown:
Yeah. It has some other things too, like MAT 2. MAT 2 is a tool that wipes metadata on pretty much any file type, just really
[01:02:20] Unknown:
neat. Yeah. I mean, that is a that's something I don't really discuss on this show. Image metadata specifically is a is a big foot gun moment where people leak more information than they realize. I mean, a lot of modern phones now embed, like, GPS locations into the into the photos.
[01:02:43] Unknown:
It's how John McAfee was caught.
[01:02:46] Unknown:
Yeah. Well, John McAfee didn't kill himself. I I still think I I mean, I still think. I don't know. But, I'm, like, 10, 15% on the side that he's still alive somewhere. But I I would I would argue that the biggest thing against me is is that I think he has too big of an ego to just not publicly say anything for this long. But it'd be, like, completely in his MO to bribe a Spanish prison guard and fake his death. Never saw a body. So what were we talking about right before I pulled us back to Tails? Oh, password managers. So I feel like this is a very interesting one because, I mean, there's these memes in, like, the privacy security community, like, just use Linux, just use signal, just use password manager, just use Tor.
And there's a lot of pushback that it's oversimplified, And I feel like password managers really embody that.
[01:03:54] Unknown:
Yeah. Really? Okay. The the the goal of password managers, right, is to get people to use strong and unique passwords. So they're not reusing passwords, and they're using strong passwords. In my opinion, anything that does that in a safe, secure way is better than reusing same passwords. So I think that's already a great start. If you're not using a password manager, even if you're writing them out and you're keeping them in a in a safe or something, I still think that's better than reusing the same password on every website. However, I would really caution people away from generally unsafe password managers. Look into the history of your password manager.
See, if they suffered several security issues. See how they handled those issues. See if they're I I think you shouldn't be using a password manager. It's not open source in my opinion. So, really, like, the main options that we pretty much end up leaning everyone towards are Bitwarden and KeePass. So Bitwarden is cloud based like a traditional password manager, but everything's open source and you can self host it yourself if you wanted to. KeePass is completely offline by default and it's all open source, and it's probably one of the most secure ways to go in regards to password management. But the problem is it's a little bit less, noob friendly. It's like it's clunky because you have to actually either
[01:05:16] Unknown:
I mean, if it's if you keep it completely offline, you have to type out the password yourself.
[01:05:22] Unknown:
Yeah. Though, actually, I just dis I discovered this feature way too late, but KeePass XC has an auto sync feature. So you can pretty much give it 2 KeePass, documents and it'll sync them into 1. It'll merge them together. So, like, my phone is offline and my computer is offline. They own they have their own password managers. I can pretty much combine them, and it'll sync everything properly, which is really dope. To me, the unicorn product in
[01:05:47] Unknown:
the password management world is a notepad and a pen. That's fair. I just feel like it's just so simple. Just write it down on paper. Use unique passwords. Keep it somewhere secure. And someone has to come into your come into your house or office to get it, like, don't put it on a post it note.
[01:06:12] Unknown:
It it it accomplishes the goals. Right? I've heard passwords.
[01:06:17] Unknown:
I I I like KeePass a lot. I've heard very, very good things about Bitwarden. The switching cost for your password management is a lot in terms of, you know, if you already have a lot of passwords, so I've never actually used it myself. What really scares me is, like, the last passes of the world.
[01:06:40] Unknown:
Agreed.
[01:06:41] Unknown:
Did you see we published survey and support this morning, and it was the last pass security incident. Oh, I haven't listened to it yet. By the way, that's a great. It's a really great show. I recommend all the freaks listen to it. You don't really have to listen to it, freaks, if you don't want to because I listen to it every episode. So I do talk about things they talk about. But if you wanna go direct to the source, it's, it's a really fantastic show. You do a great job with that, Henry.
[01:07:06] Unknown:
Yeah. And then Nate does too. He he Yeah. He he really can't do. Yeah. He's fantastic.
[01:07:16] Unknown:
Yeah. I mean, LastPass is, like, a perfect example where it's like I mean, talk about a honeypot. That's just, I mean, I don't even know I mean, I obviously, you shouldn't reuse passwords, but, like, if all of if all of your passwords are in LastPass, like, literally, you're just one compromise away from just having absolutely everything compromised. So I don't even know if that's a I guess it's still an advantage over I don't know. This is, like, a perfect example of us getting into the weeds. Like, most people are just using horrible fucking passwords, and they're reusing them over and over again, and they have them in their Apple Notes unencrypted.
[01:08:02] Unknown:
Super common.
[01:08:03] Unknown:
Yeah.
[01:08:04] Unknown:
Yeah. Don't do that. But then it becomes kind of a personal choice. Like, if one of my friends comes to me with all their notes in an Apple Notes thing, and they're like like, yeah. The only thing I use is LastPass. I'm I'm gonna I'm gonna be very mixed about it. I'll probably be like, hey. Just so you know, here are all the concerns of LastPass. And by the way, here are other solutions that are better than LastPass and will accomplish literally everything that it does. So I'll do my hardest to convince them, but, ultimately, I I really do think I I hate saying this because I really dislike LastPass, but I do think in that situation, for me, personally, I lean them towards using LastPass instead of, like, unencrypted Apple Notes. But
[01:08:44] Unknown:
Just tell them to use a pen and paper, the unicorn.
[01:08:47] Unknown:
True. Like, pen and paper, Bitwarden, even Apple's key chain. Like, Apple has its own password manager, you know, like and it's end to end encrypted and Apple generally has decent security. So, like, I'd still choose Apple's keychain over both LastPass and just keeping it in notes personally.
[01:09:07] Unknown:
Yeah. I mean, I have a lot of problems with Imessage too, but obviously, I think Imessage is a significant improvement over using text.
[01:09:15] Unknown:
I like Jonah's comment. What really gets me are the people who have all their passwords in Apple Notes, and also their passwords are all basically the same week 1.
[01:09:23] Unknown:
Yep. Seen that many times. Yeah. It's,
[01:09:32] Unknown:
Good point by someone here. Apple keychain sucks to get out of. Look at that too before you move to a passive manager.
[01:09:38] Unknown:
Like, how are these do. Right? It's like their switching costs are massive.
[01:09:45] Unknown:
It depends. Like, I think last pass to Bitwarden is relatively straightforward. Bitwarden to anything is straightforward. It really depends on how user friendly they wanna be. Apple, as you can imagine, is trying not to be user friendly with exporting things. So it just depends.
[01:10:03] Unknown:
The way I kinda look at it is and this is also I I wonder I mean, you probably struggle with this too is, talking about privacy and security, but not, like, completely doxing your own setup and exposing how you do things, is really difficult. I mean, I had one freak put me on the spot when I was drinking beers with him in person, and and I I stopped doing this. I'd it was, like, 2 years ago, two and a half years ago, and he's like he's like, what's your favorite option for this or whatever? And I told him this option, and he was like, but you said something else on the show. I was like, oh, that's my second favorite option because I didn't want to. I didn't want to talk about my first option.
[01:10:48] Unknown:
The
[01:10:50] Unknown:
with passwords, there's there's an argument to be made about convenience and security being different. Like, the trade offs you wanna make are different depending on what the password is for. So to me, as as, you know, you can cell phones, bit warden, I've already said earlier that I don't I haven't used it personally. To me, my most secure passwords, you know, things I mean, first of all, you should be using multiple email addresses, but important email address is, like, important bank account information. Like, the really important stuff, I'm just a offline only kind of person. Like, I think those things should be offline, and then you have other things that are maybe more easily accessible because you're not as worried if they do get compromised. Would you agree with
[01:11:45] Unknown:
that? Yeah. I I think that that's a good way to do it. I think, and you don't have to answer this, but I'm curious. What do would you store your seeds offline?
[01:11:54] Unknown:
Yeah. All my seeds are offline. Got it. That makes sense. But but I have, like, I have a mobile wallet, right, that has a less amount of that has, like, spending cash in it, and and that is that is on Internet connected device. That's on my phone. Right? But, like, for for my my life savings, I go through extreme, extreme offline scenarios, to secure my life savings, especially as a public person. Because the second it the the amount of improvement you can make, especially if you're not someone, who can verify code themselves and check line by line what is running. The amount of improvement you can make by simply just keeping something offline, keeping a secret offline is dramatic. Like, it is it is significant. I mean, you're you're basically entering a situation where someone has to get physical access to whatever that secret is. And in Bitcoin land, it's even better because we have this concept called multisig, where you can have multiple secrets, and they all need, to be compromised in order to access your funds, and you can keep them offline in different physical locations.
So then all of a sudden you enter a situation where an attacker needs to actually get physical access to your home, your office, some other place, some other place, and then it just adds, it adds protection there. It is like a main it is a mainstay of my privacy and security journey is that for the most important things, yeah, for the most important things, you should try and keep them offline. I like that there's a freak accusing me of using Bitward and then pretending I'm not using it. No. So we talked about VPNs. We talked about messaging apps. We talked about operating systems.
Talked about password managers, talked about browsers. What should we talk about next?
[01:14:16] Unknown:
Good question. That really does sum up a good portion of the areas in the pricing. Oh, 2 factor.
[01:14:23] Unknown:
Oh, good one.
[01:14:25] Unknown:
What's your recommendations on 2 factor? How do you go about how do you go about that process of education?
[01:14:33] Unknown:
We so TOTP is probably, like, the most popular one. So TOTP is time time based one time passwords. And what that is is, like, Google Authenticator is TOTP. Google Authenticator is just an open standard. It uses TOTP, which is an open standard that's used in pretty much everything else. That is probably the easiest and most convenient, best balance like, that's probably the unicorn option for a lot of people. You can download, aegis from F droid on Android and, Aegis. Is that your favorite? That's probably my favorite TOTP app that I've used. I know there's AndOTP, but in my opinion, Aegis is better than AND OTP in, like, every way. I really like Aegis' backup mechanism. It's really good.
Yes. It's very nice. So that's really my main recommendation. Go through all your accounts. See what supports. They'll probably call it Google Authenticator. I'm doing quotes in the air, but it's really you can use any TOTP app. They give you, like, a QR code. You scan it with Aegis. I guess Aegis is Android only though. Right? Yes. But they also give you your seed, so you can import that into any iOS app. And you can use Rivo, r a I v o, on, iOS. That's probably the best one I found. That's your favorite iPhone one? Yes. Probably hands down. It's like the only one that actually lets you export your seeds, which by the way, the seeds are what the QR code is. Just like you you guys know this because you're in a crypto world.
Lots of 2FA apps, once you scan the code, don't let you view your seeds. So there's no easy way to migrate all of your Right. I think Google Authenticator doesn't let you. No. They're just change that. Yep. I don't think they do unless they did it in a newer version, but Authy doesn't either. It's my biggest gripe with Authy. So I really try to avoid, people using Authy.
[01:16:27] Unknown:
I put Authy in, like, the last pass boat. Yeah. Same. It's not not a great situation.
[01:16:33] Unknown:
Now someone's also bringing up physical 2FA devices. I have been I've actually never used a, hardware 2FA thing until the last, like, few months. Yubikey sent us a couple test, units review, and so I've been using it the last couple months. And it's it's pretty nice. The only problem is it's I can't convert as many accounts to a hardware key as I can to TOTP. So I'm now probably gonna have to use a combination of YubiKey and TOTP. Now the YubiKey does support TOTP. You can use your YubiKey to also support those codes. But it doesn't, to me, feel as clean of a solution, and I'm not a fan that it constantly it's something I either have to keep track of or that constantly takes up, a port on my laptop.
[01:17:18] Unknown:
Right. It's a physical device you plug into the USB port. Yep. So personally, I'm I'm on team TOTP,
[01:17:24] Unknown:
but I think it's pretty much, a nonnegotiable that, generally speaking, hardware keys are more secure.
[01:17:32] Unknown:
But, again, like, we're talking, like, the top because it's the same thing. It's the offline it's the offline concept. Yep. Because most people will just have Aegis on their phone. They'll have a 2 factor app on their phone, and that's obviously connected to the Internet. But I I personally I personally think the hardware device is overkill for most people. You should already have a secure password on the account, and there's never and at least that I'm aware of, there hasn't been a a real, like, sweeping compromise that has affected people that have used, 2 factor apps, even the bad ones.
In general, attackers tend to go for the lowest hanging fruit, and that's the people that are not using secure passwords that aren't using 2 factor.
[01:18:29] Unknown:
Yeah. And, at like someone mentioned, well, a few things. 1, someone corrected and said Google Authenticator does give you an export option. Yeah. I think they added it recently. So that's cool. I'm happy to see that. And someone else is saying t0tp 2FA isn't connected to the Internet and they're right. And that's kind of why personally, I don't think there's a huge difference between a hardware.
[01:18:50] Unknown:
Well, if you have I mean, if the app is doing what it's saying it's doing, and if it's open source, then you or someone else can verify it, And it's not supposed to be connecting to the Internet.
[01:19:01] Unknown:
Sure.
[01:19:03] Unknown:
Theoretically, you can have a spare Android phone or tablet that is running KeePass and is running Aegis that is never connected to the Internet, and it will still work, with your two factor codes. And then you kind of get some of that that, you you get that, like, air gap benefit. You get that offline benefit because you're just not connecting it to the Internet, period. But I would caution the good apps for a lot of these things do things locally. They're not connecting to the Internet when they're not supposed to be connecting to the Internet, but, ultimately, your mobile phone is this black box device that is always connected to the Internet.
So I wouldn't necessarily assume that, in your threat model. But all that said, I do think for the overwhelming majority of people, using a solid TOTP two factor app is is a massive improvement and is probably sufficient. I would add that, you know, we talked about exporting, but a key element here of the good the good apps is that is that you can easily back up. Because if you've ever been in a situation, people have gone in this situation many times where they if if their phone breaks or something, if you lose those codes, you're gonna have a really hard time accessing your accounts after that. So you wanna have a backup so so you can still access your important accounts without going through a massive customer service process. Because if if you can circumvent the 2 factor code through a customer service process, so can a malicious actor. So they're they're the good services are designed in a way that if you lose those 2 factor codes, you're gonna have a really bad time. So make sure that you can back them up.
[01:20:59] Unknown:
Absolutely. Just like backing up your seeds.
[01:21:01] Unknown:
Yeah. I've I the way Aegis does it is really cool because you can just back it up directly to a USB drive, never connect anything to the Internet. They also have this option that is very familiar to, Bitcoiners in that they'll link they encrypt your backup. So you can actually just store it in any cloud service even if it's untrusted cloud service, and then you write down the the encryption code on on your trusty pad and paper that you keep offline. Definitely. Just a nice nice little balancing act there.
[01:21:40] Unknown:
Just wanted to add that Jonah brings up a really good point in the chat here. He pretty much is saying the main benefit of a hardware key are that they're unphishable. Because of TOTP, you still have to enter the code, which could be used on the phishing site. True. Whereas, with a hardware key, which uses, FID02, VIT02, it'll only access the legitimate domain. So it's a good phishing prevention.
[01:22:05] Unknown:
Oh, that's a really good answer. Yeah. So that actually that actually might change my opinion because everyone gets phished. People get phished a lot, man.
[01:22:16] Unknown:
Yep. And there's real so this didn't used to be a problem, I feel, because back in the day 2 f a used to be, like, a good phishing prevention. I think it still is, but a more sophisticated phishing attack will, in real time,
[01:22:28] Unknown:
log in given given a 2FA code from a TOTP app. Yeah. And you see it with a lot with the the Bitcoin sites because the Bitcoin sites have kind of any sites that have kinda standardized on 2 factor. Those attackers have obviously moved to actually phishing the the code as well. So they'll they'll pretend you're signing in, you give them your password, then you give them the code, and then they quickly sign in to your account. It's how that attack looks, which is why you shouldn't click links and you should always type where you're going directly into your browser. This conversation wouldn't be complete without a conversation about using text based 2 factor authentication.
Do you wanna go into that for us?
[01:23:11] Unknown:
Yeah. I I I hate it because it's bad on, like, almost every level. You know? Like, SMS is the the closest thing to public as it can be. Someone can set up some few $100 devices outside your home and intercept SMS messages fairly easily. It's like a postcard instead of an envelope. Exactly. It's super easy to for for a random person to investigate what's going on. It's super easy for your cell carrier. There was a recent story that you might have seen this on Twitter, where someone someone's cell carrier injected an ad into the Google 2FA code sent to their phone number. So it says, like, oh, your Google number is 123456.
And it said your Google number is 123456. Check out this product online underneath it. The cell carrier injected that because obviously your cell carrier sees all your SMS messages. They're not end to end encrypted. So just avoid it. But the thing that sucks is if you use I think, like, almost every bank out there with very few exceptions only gives you phone based SMS as an option for 2FA. And when that happens, you just gotta tough it out.
[01:24:19] Unknown:
The banks are really bad about it.
[01:24:22] Unknown:
Yep. I the I mean, the banks run on
[01:24:25] Unknown:
30, 40 year old technology. So, it doesn't surprise me. Yeah. If you ever if you ever want a fun time, just walk into a bank and just look at all their computer systems. If you really want a fun time, try and open a bank account and just sit down with them. But I'm gonna I have I have a couple promises to myself, and one of them is I'm never gonna open another bank account. So
[01:24:46] Unknown:
You might like this. I recently have been going on a journey to pretty much, decredit everything. I wanna stop using credit. Say say fuck the credit score. You know? I think it's very hippie, but it's something The society really fucks you if you don't have
[01:25:03] Unknown:
your least basic credit. It does. But, I don't know. Such a perverse system, the credit system, the, like, credit scores and stuff.
[01:25:12] Unknown:
Yeah. It's a it's a general gauge. I think a a better they say it's how well you use your finances. It's how well you use your finances while still giving people money.
[01:25:22] Unknown:
And they're just massive surveillance holes. The whole thing is just surveillance capitalism, like, packaged in a rewards card. Yep.
[01:25:29] Unknown:
And it's funny because people always you know, not to discount China's problems, but people are always, like, China is a surveillance state. They have these social credit scores. And I'm like, what's your credit score, bestie? Like, obviously, it's it's not a fair comparison, but it still kind of really pushes me the wrong way that we're given scores to essentially represent how our financial status is.
[01:25:51] Unknown:
Yeah. And we're moving to more social credit systems. Like, what China's doing is just they're just 5 years ahead of us.
[01:25:57] Unknown:
True.
[01:25:59] Unknown:
This is what I like to say. And this is why I mean, it's you know, I'm very Bitcoin focused person, but this is why I love cash. I mean, cash is cash is king, and and it's a very private way to transact. And in a lot of ways, it's more convenient than using a credit card. So you can't if you pay with cash at the bar, you're not gonna accidentally leave your tab open. And you don't have to wait around for the waiter to come back with the piece of paper if you if you just pay cash. Give them a little tip there. Round it up. So what were we talking about? I just had an oh, so the other issue with SMS two factor is it is it's it's also a way for these companies to harvest your phone number, which is basically used as a social identifier nowadays. It's almost used more than your Social Security number, but it's used in a similar way.
And you really wanna limit the amount of services that that that know your phone number and then know the same phone number. Ideally, you have multiple phone numbers. I mean, that's obviously a main issue of of these SMS two factors as well. Right? Yeah. Definitely.
[01:27:15] Unknown:
This actually I I don't know why I'm thinking of this now. I was driving home. This is probably last week and it it was just a new perspective. So I just get random it's like, you know, shower thoughts. It's like driving thoughts. And this one was I feel like the data points that we should be protecting the most are the ones that are the hardest to change and we're most invested in. So you think of Social Security number. It's nearly impossible to change a security number, unless you're able to prove that you're you're victim of abuse or or all these other legal loopholes that you're able to go through. But most people can't just go and change their social security number. So this is just a single number that if it gets out into the world once, you're screwed for the rest of your life.
It's horrible. Phone numbers are pretty high up on that chart. You know, most people don't change their phone number sometimes ever in their entire life. Yeah. Massive switching costs on that too. Exactly. So, phone numbers are really high up there. Emails are definitely lower, but really the goal should be to use as few of those high level identifiers as possible because they're extremely hard to switch off of. I I really like that term you use, switch cost. Yeah. Switching costs. I really like that because it's a really good way of looking at it and I think that yeah. Just trying to avoid out the those really high level identifiers that are almost impossible to change is really the goal.
And the other one that I thought of, massive one, that, like, no one considers, and it's such a normal thing. Home addresses.
[01:28:47] Unknown:
Yeah. Well, we talk about that a lot in the Bitcoin space.
[01:28:50] Unknown:
Yeah. I I feel like it's not talked about in just the real world very much. Like, oh, like, what's the shipping address? Oh, here's my here's my home address. If it ever leaks, I better buy a new home. You literally put all that information in the same form. You put the
[01:29:03] Unknown:
you put the home address, you put the email, you put the phone number. You put your credit card information in. It's literally all going in the same exact form, and you share it everywhere.
[01:29:13] Unknown:
Yep. It's crazy. And and, like, there's no way to change your home address.
[01:29:19] Unknown:
Yeah. And you have to you have to move. Yeah. It gets even more fucked up than that because, like, the way our society works is the government essentially you have to go through great lengths to not have that address and databases that have the other identifiers in them as well, even if you're not providing them to a specific service. If you're providing a phone number to a specific service, there's a good chance that your home address is attached to that or your name or your your name plus your age plus a general vicinity you're in. It's a whole that's a whole rabbit hole in itself trying to and, like, in America, we have this advantage that you can actually buy a home under an LLC, to mask who the the owner of the home is.
But you have to basically go through these very deliberate steps to protect it.
[01:30:13] Unknown:
Exactly. I recently spoke to an attorney to ask about the home buying process, privately, and she's like, well, you can use an LLC or you can use a trust. But here's the thing, there's 2 things. This this is probably a little off topic, but I find it really interesting and I think it's It's on topic. For people to know. You can buy a home and put it in a trust. And, yes, the title of the home is in the trust, but the second layer that you really need to be careful about is how you're financing the home. If you're getting a mortgage, there's no way to get a mortgage through a trust. So the mortgage is public information. Anyone can look at the previous mortgage history of a home. So you can get a house, put it in the trust, and that the title's private, but not the mortgage. So, essentially, you're having to buy a home in cash unless your LLC is able to get its own mortgage.
[01:31:05] Unknown:
Yeah. Yeah. That's, yeah. The it's a it's a very difficult and deliberate process that you have to basically take. And then you have to protect that information after the fact. Then there's no you don't put your shipping address in places. You know? You have to and, like, the the mortgage process in general is that literally just gotta pull your pants down and give them everything. And then who knows how securely that bank is actually storing that information? Definitely not securely. So so it is a mess it is something we talk about a lot because, you know, in America, hopefully, it's not as bad, but in certain countries, you know, you don't want Bitcoin specific stuff shipped to your house.
So you wanna look into PO boxes. You wanna look into remailers, which are basically VPNs, but for physical mail where you're trusting them with all your information. But ideally, outside services only see you going sending it to the re mailer's address, and then it gets shipped to you. UPS stores, all these different tactics you can use to try and, mask mask your home address as another identifier that's in these systems. Another service that is, I would say is, like, kinda unicorn y is have I been pwned.
[01:32:28] Unknown:
No. It's a good one. Yeah.
[01:32:30] Unknown:
Have I been pwned.com to the freaks. If you put in a identifier I think I think it's based on email address as the main identifier. You put in your email address, and it'll tell you, if you've been in any any major leaks. And if you do that, I mean, you should connect with a VPN because, otherwise, you're telling, have I been pwned your IP address connected to that email address. But if you do that, you are gonna be very alarmed. There are compromises that happen constantly, and it could be that I, like, I went to great lengths of protecting my previous address, and I, like, nonchalantly bought a a ticket to to a concert, and the concert venue got compromised. And I didn't remember doing it, and I just fucked it. I fucked that up.
And have I been potent? Let me know. And I was like, fuck. And it was like it just completely compromised everything. But that's one of the advantages of renting that people don't really think about. Like, if you constantly move around, it does add a lot of noise to the to the pool of data out there.
[01:33:42] Unknown:
Definitely. Also, I well, 2 things. 1, bonus points if you're using a password manager that, auto checks haven't been found. My KeePass client does that, which is really neat. That is awesome. Yeah. Every day, it just checks haven't been pwned, and it'll notify me if any passwords or emails were found in in a breach, which is really sick. Aside from that, something else is, I'm I feel like KeyPass client is that? I think KeePass XC does it, but I know for a fact StrongBox does it. The StrongBox is Apple specific.
[01:34:19] Unknown:
No. By the way, Freaks, KeePass is spelled key keyepass, not keyypass. And there's, like, a 1000000 clients of it.
[01:34:29] Unknown:
Yep. It's kind of like matrix. If any of you know matrix, you can use, like, any client. It's like a sort of decentralized model. Something else, I'm sure you've heard of it, especially if you listen to, Seth's opt out podcast, but, SimpleLogin is just next level tool for protecting your email. I don't give any person thing website my real email address ever. It's always a simple login alias. That way my actual email is never shared with anybody. And then the cool thing is if that email still gets exposed, I can transition the host email and still keep all my email aliases through SimpleLogin. So SimpleLogin is like an email aliasing service. So you can have an email set up for every single service you use on the Internet, and it's compartmentalized accordingly. It's like a VPN for emails.
[01:35:26] Unknown:
Do you think that metaphor is good? Metaphor.
[01:35:31] Unknown:
I'm trying to find a better one. It's like a re mailer. Right? It's like a Kind of. Yeah. Yeah. It's like a,
[01:35:37] Unknown:
because you're obviously trusting SimpleLogin with that information instead. Yeah. Trust model wise, it's similar to a VPN.
[01:35:44] Unknown:
Yeah. So, like, a way I use it is, let's say my my actual email let's I'm just gonna use Techclore because it's public and easy. I I know this, so it's very easy for me to share it and I there's no risk. But our like, our Techlore email support at techlore.tech. If I didn't if I just opened that though and I didn't want it to be shared with anybody, I would link that to simple login and then, they'll generate an alias. So it could be school at alias.com, and I give that to my my school. So then my my school only has that school, but everything they send goes to my normal email inbox, and I can still interact with it. Yeah. I'm I'm kind of all over the place with that explanation, but hopefully just check out their website. They do a better job. And also, we have a review of it too on TechFlow. Do they accept Bitcoin?
I believe they do. Let me double check, but I'm pretty sure they even accepted Monero as well. So you should have multiple. Because a lot of these services, it's like you know, and then you provide them your credit card and billing address. No. SimpleLogin's open source, and you can self host it too. Oh, that's awesome. Yeah. Let me let me find their, That was not on my radar. Oh, yeah. So it's funny because, I feel like it hasn't quite, like, seeped its hands into the crypto world yet because Seth also, hadn't heard of it before. And he tried it and he doesn't stop talking about it now.
Let me see. Payment methods.
[01:37:18] Unknown:
What? Are you checking the payment methods on SimpleLogin right now? There was one other thing I wanted to talk about. I think we might have lost Techlore. Let's see if he comes back. It was the most recent episode on Opt Out. Thank you, this douchebag, for letting us know that. Yeah. We did lose Tech Lorry. He'll be back in a second. Yeah. Go check out Opt Out podcast if you haven't already. I had Seth on dispatch, previously. Yeah. Techlord's Internet went out. He'll be back in a second. But definitely go check out Opt Out. In the meantime, freaks, if you wanna throw more questions in the comments, feel free to do that. It looks like it's just me on right now.
But when Henry comes back, we can answer those questions. Or if I can answer them, I will answer them. Someone is asking Jonah is asking about the Calix hotspot. I haven't really had too many issues with the Calix hotspot. It's it's pretty cool concept where they give you this this mobile hotspot, if you contribute to their their foundation, their nonprofit foundation. It obviously feels nice to support, privacy focused work, and then you also have the advantage of of getting this hot spot. The major negative of the hot spot is I believe it uses Sprint and T Mobile, the combination of the 2. So those you know, their reception area is is definitely a worse reception area. So you will have some reception issues if you if you're using that hotspot.
How's it going, Henry? The spooks got you?
[01:39:47] Unknown:
Yeah. I should be back.
[01:39:50] Unknown:
Yeah. We hear you now. Cool.
[01:39:52] Unknown:
What I miss?
[01:39:54] Unknown:
I was just trying to run with it. I didn't realize simple login was the most recent episode on opt out.
[01:40:01] Unknown:
Yeah. You should check it out. What I don't know when I cut out, but pretty much they accept crypto, but unfortunately, they use Coinbase Commerce. So I don't know how popular that'll be. But that that means they accept Bitcoin. Did so they actually don't accept Monero?
[01:40:17] Unknown:
No. They do not. Bitcoin based com wow. So Seth loves them despite that. He's a However,
[01:40:23] Unknown:
Seth is very, pushy with Monero, and I think he did tweet saying he did get them to accept it. So, yeah, he only emailed them. He is very pushy about Monero. So
[01:40:33] Unknown:
Yeah. If anyone can do it, it's him. We were talking about the Kellogg's hotspot.
[01:40:38] Unknown:
The reason I cut out. Oh, is that what you're on right now? Yeah. It it ran out of battery. I ditched my home Internet. I don't even have home Internet anymore, so I just use the Calix hotspot. It's fantastic.
[01:40:51] Unknown:
There you go. It is really great, but I I was talking about how my major my major negative about it is that it's I think it's Sprint and T Mobile they use. Yep. So the reception area isn't as large as, the other two majors as AT and T and Verizon.
[01:41:10] Unknown:
Yeah. It'll it'll vary. I have fantastic Internet at my home. It's better than what I'd get from my, Internet service provider, But I don't have to deal with don't have to deal with the assholes, though. I recently moved, and I have gigabit. So I so I'm very happy with it. That's nice. Very nice to have.
[01:41:30] Unknown:
What, have you ever so Calix hotspot is cool because it's it's it's unlimited. Have you ever hit, like, the point where they've started throttling you?
[01:41:39] Unknown:
No. They've never so Nick Nick Nick Merrill, the the the guy who is the founder of the Calix Institute, he's never had someone throttled. He's had people download, like, 5 terabytes in a month and nothing happened.
[01:41:54] Unknown:
So Yeah. I I did, like, a year of nomadic life, and I used it heavily. But I you know, whenever a company tells me something's unlimited, I always just assume there's a catch.
[01:42:03] Unknown:
But I never hit the throttle point myself, but I thought maybe you did. Nope. The most I've done is, like, I think, 400 gigs in a month, which is not even enough to to cap a normal ISP, which, by the way, is completely, like, nothing gets me more riled up than my ISP because, you know, you're paying premium for this service and they're throttling you to, like my previous one is throttling me to 1.1 terabytes a month.
[01:42:29] Unknown:
Yeah. It's fucked up. And a lot of them throttle even lower than that. I mean, I have buddies in Australia that's really bad. And then they they they spy on you, like, crazy amounts, and they have so much personal information on you. Yeah. Especially in this country, there's, like, not that much competition among ISPs. That's a whole different can of worms, and we're kinda wrapping up here. Before we wrap up, yes. Someone ask, also ask this question. I wanted to talk about SilentLink a little bit because I I love their service, and you mentioned it earlier. Do you use Soundlink? You like Soundlink?
[01:43:12] Unknown:
Yeah. I just I recently started using it the last few weeks. I just put out a review of it on Techstar actually. And, like Yeah. It was on Bitcoin TV too. Yep.
[01:43:22] Unknown:
I watched that review. It was great. I I love I love when something like that happens because I had started recommending silent link to people, and I was like, do I have to make a review about it? And then you made the review, which is even bet like, they I guess so much better when other people make the reviews, and you can just tell people to go to those.
[01:43:40] Unknown:
Yeah. Or just everyone makes a review too. I mean, that it's nice when you get multiple perspectives on things too. But it is nice when someone's already done something, and you just don't wanna touch it. And it's like, here. Just
[01:43:52] Unknown:
Well, the thing about, like I mean, you know this more than anyone. Like, the thing about reviews and guides is they just break so often because things change.
[01:44:01] Unknown:
Yeah. So you're like a never ending update loop. I I would not know what you're talking about. No. No. Don't know what that means. Never heard of that before.
[01:44:10] Unknown:
But, per our earlier conversation about phone numbers and how they leak all this information from you and people don't change them often, silent dot link is a great service that offers you something called an eSIM. So you have that, like, little SIM card that you stick into your device, into your phone, that gives it its phone number and connection to cell towers. Silent.link supports this new concept called esims. So you can pay them Bitcoin and you can just without giving them any personal information, no email, nothing.
They will give you a phone number with data access, and you just download it directly to your phone. And I think it's Android only. Right?
[01:44:58] Unknown:
No. It's just it's just eSIM. So it should work on iPhone. IPhone support eSIM as well? Yep. Some models. Make sure to check which model you have. I'm fairly certain that as long as the phone supports eSIM, then silent link will work. Also, it's a real number, people. It's not like, like, I I like my pseudo and I like Hush. I like these disposable burner apps, but a lot of websites will know that you're using a burner app and they'll they won't let you register for accounts you use. But silent link is an actual real number that you'd get from Verizon, AT and T, or any other cell carrier.
[01:45:32] Unknown:
Yeah. So that link is fantastic. Like I said, you could pay with Bitcoin. Obviously, another option you have is to to actually buy a prepaid SIM with cash, which has a lot more friction. A lot of the providers, like, require a bunch of personal information, and it's not necessarily obvious which ones do and which ones don't, at the time of purchase. And then another service I really like is textverify.com, which also accepts Bitcoin. I heard that one. That one's a little bit different. They will give you a disposable number that's one time use only. But you basically pick which service you're gonna use it for.
And whatever they're doing in the background, like, they know, which services are blocking which numbers on which lists, and they'll give you a number that works. And, like, I've used it with Twitter. I've used it with a bunch of other services. So those those are, like, those are are are literally, like, they burn immediately. You use them once, you get the code to verify yourself, and then you can't use it again. The nice thing about silent.link is, like, you can use it for a couple months and then get a new one and get a new one. So definitely go check them out. Really cool service.
[01:46:58] Unknown:
I just bookmarked, text verified too. It's really cool. I've heard of them before. Text text verified is fantastic.
[01:47:06] Unknown:
I don't someone's asking if you can use it with signal. I'm not sure. But if you go to the website, it'll tell you what services it supports. I would not use it with signal. I would use silent dot link with signal. Yes. Because the other thing is someone mentioned in the comments, these services that these these services that rely on phone numbers, like WhatsApp, if you get a recycled phone number, then you might be able to get access to other people's accounts that they've already used. So you wanna be careful with the with the recycled phone numbers on high value services, stuff like signal.
I guess with signal, it's not as bad, but with WhatsApp, I guess there's some history that you get. With signal, future people might message there, which would be pretty bad, but they won't get message history.
[01:48:02] Unknown:
It will. It will. We don't recommend it for all the reasons that Matt just said, but it will work. Signal has very, almost no checks on the numbers you provide, which is really nice because you can even use my pseudo or something like that. Absolutely. Text verified definitely works.
[01:48:19] Unknown:
Yeah. That's textverified.com. Someone's asking what that is. And then the other one is silent.link. And all these services, you should use with a VPN, With with, with text verified, they do require an email address. So be very careful about which email address you provide there because, obviously, that is linking. Just linking your email address to whatever you're using it for. Yeah. They I'm on their website now. They do support signal. They support a a huge amount of services. Okay. Well, I really appreciate your time, Henry. Thank you so much, for coming on. I appreciate all the work you're doing. Before we wrap up, do you have any final thoughts for us?
[01:49:13] Unknown:
No, man. This has been a lot of fun. I think that what you're doing is great. You're putting great projects. You're spreading great education to these people. I think it's great that so many people are getting pricing security education now. Just beyond us, just really anyone, it's really fantastic. So, thanks for having me on, and really thanks for everything you're doing.
[01:49:34] Unknown:
Yeah. It's, I mean, it's it's it's super promising. Just there's just so much good content out there right now, and I hope to see more and more of it. And thank once again, just thank you so much for all the work you do. Thank you for all the freaks who joined us today, and, I'll see you next week. Thanks, Henry.
[01:49:56] Unknown:
Thank you too. I don't know if that's
[01:50:12] Unknown:
it.
[01:50:20] Unknown:
City lights. No matter how hard I try, I've come as by. And I'm living from where I've started. Rules of loss in a man of saloons, crazed air force.
[01:53:26] Unknown:
Love you, freaks. Dis I'll see you on Thursday for a rapid recap. Dispatch next Tuesday with Statikus and Open Arms is at 4 PM EST. 4 before PM EST, 21 100 UTC. So join us for that. That should be a great conversation. Reminder, you can find Techlore's content at techlore.tech. He's also got a channel on bitcointv.com, and he's got his his new show, the surveillance report. Definitely go check that out. I love you all. Reminder as always, I mean, I've been saying this, to you guys for years now, but don't get overwhelmed. I know we talked about a lot of detailed things here. Little improvements do help. Cutting out social media use, not using an Alexa, not using a Google Assistant, reducing your Google usage, all these little things, they do add up and at scale, they help everybody.
So just consider trying to take little steps to improve your privacy. It is it is not as overwhelming as it may seem, and we we can make progress, each of us, independently and together. So I love you all. Take care. Have a great week. Cheers.
Some of your tweets which which caught my attention, and that is that, recently Bitcoin miners are increasing capacity. Now normally that that costs money, and they may have have financed that in different ways. Now it's being financed, through banks or or market based financing, which not only could add, you know, it it it it could add to the popularity of the whole space, obviously, but it also doesn't take selling of Bitcoin to finance the mining operation. So do you see producing more as bullish?
[00:00:33] Unknown:
Or Absolutely. You do? Absolutely. And that's a that's a fascinating thread to pull on, John. Something that has been very overlooked in the market, in my opinion. One of the big developments over the past 12 months was the migration of mining from China, the Bitcoin mining from China. And a lot of that went to the United States, which has two main effects. 1, it changes the narrative around the energy consumption. Moving to North America does give miners access to a much more diversive a more diversified mix of energy sources as well as enable them to participate in the establishment of more renewable sources as well as strengthen some of the existing grids, changing the energy narrative around Bitcoin. But even more significantly, perhaps, for the Bitcoin market directly is the access that this gives Bitcoin miners to financing, be it through bank based financing, like some credit lines that you're seeing, or through market based financing. We're seeing more and more Bitcoin miners lift on public exchanges and actually do very well. What does this mean for Bitcoin itself? It means that whereas before, miners had to sell Bitcoin in order to fund their expansion and operations Now they don't need to they can hold on to that bitcoin and we're seeing on chain data support that. Less new Bitcoin coming into the market is bullish. They can be hold
[00:02:27] Unknown:
Happy Bitcoin Tuesday, freaks. It's your boy, Odell, here for serial dispatch 49. I know it's been a few weeks since our last dispatch. Hope you guys enjoyed your holidays. With friends and family, focus on what's really important out there, get your priorities in order. I know I sure did. I'm really excited about this show. I've been excited since last year. So let's get right to it. So dispatch is an interactive live show about Bitcoin distributed systems privacy and open source software. As always, I wanna thank the rider dive freaks who continue to support this show, keeping it ad free and sponsor free and focus purely on actionable Bitcoin discussion.
And, also, as always, a huge shout out to the ride or die freaks who join us, for the live shows and participate in the live chat whether that's through Twitter, Twitch, or YouTube. Reminder, it is also posted after the fact, to our podcast feed and, to bitcointv.com. I know some of you freaks while live streaming on bitcointv.com. It is coming. The functionality is already there. I need to iron out some kinks, so I'd leave it disabled for now. But, it will be coming soon in this new year. You can support the show via I I I I spent 2 weeks off, and I I ruined my show a little bit. You can support the show at seal dispatch.com, using Bitcoin, whether that's lightning or on chain using a pay NIM, or what a lot of freaks like doing is you can support it through podcasting 2 point o apps.
My favorite too is fountain podcasts and Breeze Wallet. You simply download the app through the app store, load it up with some sats, search Siddle Dispatch, click that subscribe button, and you can stream stats directly to my node as you listen. I literally go to my node and it's just every day of the week I just see, you know, 1, 5, 10, 20, 30 sets coming in, and you, like, literally see as people are listening because they're coming in, per minute. It's really it's really fucking cool, and I appreciate all the freaks out there who continue to support the show that way. With all that said, this is serial dispatch 49.
We have a focus on digital privacy tools and strategies, with Henry from Tech Lore is taken. I'm really excited about this one. How's it going, Henry?
[00:05:01] Unknown:
Really good here. You?
[00:05:03] Unknown:
Very good. Very good. I, have been looking forward to this conversation for quite some time. We've had it on both of our calendars. I really I just I I mean, before we get started, I just wanted to say I really do appreciate all your work. You're an absolute legend, and you're you're a major asset to the space. So I hope all the freaks after this conversation go and and and check out all all the resources you've built over there.
[00:05:31] Unknown:
Yeah. And, I mean, same goes for you too. I mean, the stuff you put out is just incredibly good. So, it goes both ways.
[00:05:38] Unknown:
So let's first start with, so I guess, we talked a little bit about this before the show, but so we have Techlore, which is techlore.tech, which is your baby, and you got, like, a whole team there now. And then you have, this this new podcast that I'm really enjoying, The Surveillance Report. What else are you working on? Are you working on anything else in addition to that?
[00:06:11] Unknown:
No. So, I have a big issue of, overcommitting the projects. Yeah. Me too. It's kind of a big deal. So, actually, it's been toning things down over time. We used to do a lot more things, but now it really is just the majority of, just the mostly a YouTube channel. It's also on Bitcoin, TV as well, which is very exciting. And, really, it's mostly just the main content, and then survey and support is the new podcast as well. And everything is built for digital pricing security and to pretty much educate people on how to take back their ownership of their data. And, obviously, there's a lot of overlap with cryptocurrencies as well.
[00:06:48] Unknown:
Yeah. I mean, I I was very excited to get you on bitcointv.com. I I guess you had issues with your previous peer 2 provider or something like that?
[00:07:01] Unknown:
Big, transition over to privacy guides, and now they split into 2 projects. So we are kind of caught in that mix a little bit because we were in our peer tube instance. It's
[00:07:10] Unknown:
kind of a messy situation, but it's all good. I feel that. Well, anyway, you found a welcome home over at Bitcoin TV, and, we're very we're very happy to have you. I think you add a lot to to the content on that platform. So, I mean, our show is, very much focused on digital privacy. So I think you don't have to necessarily be too shy about going into the weeds a little bit as we go here. The freaks have gone
[00:07:43] Unknown:
what was that? I love that.
[00:07:45] Unknown:
Yeah. Me too. The freaks have gone on quite a journey, with me over this last year. So they are pretty they're predisposed to a lot of the topics that I I think we're gonna talk about. But every good privacy conversation starts with the age old question, which is why is privacy important to you and why should everyone else care?
[00:08:09] Unknown:
Are you asking the community or me? I'm asking you. Well, for me I think first, I discovered privacy mainly because I read The Art of Invisibility by Kevin Mitnick. Great book. Great introduction to the privacy world. And I think that, just the overwhelming amount of dystopian technologies that were found in that book that was it's already an outdated book, was just unfathomable. Like, things that you see in Black Mirror and things that you see in pretty much any kind of dystopian novel, they're technologies that for the most part can happen today and many of them are used as privacy invasive tools. And, I'm sure this will resonate with the crypto community, but many of you want control over finances as well as your life, and I think that carries over to data. And, ultimately, I think privacy is just control over data.
You get to choose what you wanna share with the world. I don't necessarily believe everyone needs to be perfectly private, but if you're able to choose what you're sharing with the world, then I consider that an overall win for a lot of people.
[00:09:12] Unknown:
100%. I mean, I and within the cyp in the cyberpunk manifesto, I think there's a really clear delineation there where, like, privacy is not secrecy. It's the ability to selectively reveal yourself to the world. And I think a lot of people, tend to fall down that hole, which is like, I'm not going to ever obtain a 100% secrecy, so there's no reason for me to try. But, really, there's bunch of different shades of gray there, and you really want to, have control over where you basically end up in that in that process. Right?
[00:09:55] Unknown:
Exactly. And it it's funny because, a lot of people who do say that, like, oh, I have nothing to hide or I can't achieve perfect secrecy. You know that in real life, if they're, talking to a stranger, they're not sharing every little personal detail about themselves. But the moment that it goes into the digital realm, we we don't care if we're pretty much seeing the equivalent of that with companies, governments, and everyone in between. Just interesting.
[00:10:19] Unknown:
And, I think I had this converse so you were on Seth's Seth's great podcast, Opt Out. I also joined him on there, and I had an interesting conversation with him because, and I I mean, you're in you're in the same boat. I mean, the 3 of us are are are relatively public figures that talk about privacy. And I I imagine you get a lot of hate about people saying, well, you shouldn't be talking if you really cared about privacy, you wouldn't be talking about it publicly. I mean, I've seen your face on a 1000000 YouTube videos, quite good YouTube videos.
How do you how do you counter that when when people bring that up?
[00:11:05] Unknown:
Yeah. Well, it's funny because I've gotten a lot better answering that question over the years. I think a few years ago, it was a very common YouTube comment. Like, LOL, you're talking about privacy and deleting Google, but did you know that YouTube is owned by Google? Laughing emojis. And it's like, yeah. We're very much aware. It's all about a threat model. It's all about choosing what you wanna share with the world. It's unfortunate because I I didn't know TechFlow was gonna become a big thing when I first did it. And if I could go back in time, I wouldn't have shown my face. So it's actually one of the things that is both a blessing and a curse because I think the face adds familiarity. I think people feel more comfortable with the content. It makes privacy more presentable, because when you're someone who's hiding behind just a screen, it it in some ways does make you less of a presentable person. So there is those pros, but again, it's not a sacrifice I'd probably make again.
But it's something that I can work with. I'm able to hide aspects of my life that I don't wanna share. I'm able to pretty much share with the world what I want to be shared because I'm able to follow my threat model and take proper precautions in the meantime. So, really, like, what we do is exactly what we preach, which is we let the world decide what they wanna share. And and yeah. That's the best answer I have for that. Well said. I mean, I think that,
[00:12:31] Unknown:
I think exposing my face is my biggest regret as well. Yeah. We have this guy in the comments, Radixrat mentioning a full body green suit. Our boy, Gigi. Do you know Gigi? He's in the Bitcoin community? I do not. Gigi's a fucking legend. He's one of my really good friends, and he is also very focused on privacy. And he's been doing a bunch of videos lately, and he wears a full green bodysuit so that he can green screen whatever face or images he wants on his body. And he's actually presented live in person that way as well. So for a while, like, I kind of justified my, me self doxing my face as a a necessary evil to basically try and further education and whatnot. And, also, like you, like, I just didn't expect my content to blow up as much, and I wasn't really thinking about it clearly enough.
And then Gigi just comes around and just shows that it's possible. He just goes out there and just wears the full green suit. It's
[00:13:42] Unknown:
it's definitely a good move. The I I yeah. I I'm with you there. If I could go back, I probably wouldn't have shown my face, but it does come with pros. The thing with the green suit and this is kind of a side tangent, but, it's interesting because the face is something that's so, I guess, unique to to us as humans. Like, we think of, a face as the definition of exposing sensitive information, but, there's some people, I I I don't mind naming them, but like the hated one. I think it's a great channel. He'll show his hands in some videos. And I'm thinking, well, what what if in 10 years, a hand is enough to identify someone?
[00:14:24] Unknown:
So it's just interesting for me to some people that way. There were I it was a drug dealer or a terrorist or or, you know, some, some some type of criminal that they got because he was taking, like, photos of his product, and I think they pulled the fingerprints off the HD photo.
[00:14:46] Unknown:
Yep. And there was a study done, this was many years ago, probably at least 5 years ago, that just a thumbs up in a selfie is enough to get your fingerprint, depending on the quality of the image. So yeah. It's just interesting because there is a face, but there's also many other things. So I'd also ask, I guess, how well the green suit idea would hold up in the meantime?
[00:15:08] Unknown:
Yeah. Well, I mean, the the green suit's been holding up so far, but I guess he's stress testing the the privacy protections of the green suit for us in in real time. Absolute. I love that for him. I, I mean, look. This is one of the reasons why so, like, my other show, rabbit hole recap, we do a live video stream and with our faces. And one of the reasons that dispatch is like an audio video hybrid, is so that I make sure that my guests don't feel pressured into like, I I feel like I want we we should kind of as, like, an industry almost, especially with with all the lockdowns and stuff that happened around COVID. I feel like there was a major push towards digital media, and I feel like content just automatically does better if you actually have a face there, like you said.
So dispatch was one of the ways of kind of, like, playing with the format so that it is an audio only show in terms of participants, but there's still a video interaction with this live chat and whatnot.
[00:16:22] Unknown:
I like that. It's definitely a little bit of a rebellious take on it.
[00:16:27] Unknown:
Yeah. I mean, there it's it's let me put it this way. It's a topic I think about all the time. Some mornings I wake up and I'm like, you're a fucking idiot. Like, why'd you ever go public about privacy? And then other times, I'm like, what else would be better to do with your life than this? And most of the time, it's the latter. So that is that is the good news here.
[00:16:49] Unknown:
That's very relatable.
[00:16:51] Unknown:
So one of the things I really like about, your channel is you don't really or just your work in general, you don't really you have a very broad demographic. You kind of you're kind of you're you have videos and guides that are very accessible to people that that aren't necessarily very technically savvy, and then you have guides and content that are for more, savvy individuals. Like, I would say I mean, the surveillance report to me is, like, I'm the demographic for that. And, like, maybe some of my ride or die listeners are the demographic of that. But then and I know this is a touchy subject, but, like, your your main Graphene guide at the time was on a Windows computer to make it more accessible to, newcomers.
When when you when you think about privacy, when you think about someone who is trying to basically take the first steps to make their life a little bit more private, to not share absolutely everything on the Internet. What do you think is, like, the first, like, actionable steps that someone should consider doing?
[00:18:07] Unknown:
It's a great question. So first, you're right. We make a ton of different content aimed at different demographics. What we're really against is the idea of going to the extreme on every topic, which is, like, my biggest gripe with a lot of other channels, which they still have their place and they still have their demographic. But, I don't think not accessible. It's not accessible, and I think that it's unhealthy to set such high expectations for everyone all the time. And it doesn't include threat models. Because some people are fine using social media and sharing everything about themselves. Right? Like, we we share our faces, we share certain information about ourselves, and it's totally fair for someone else who's consciously making a decision and understanding the drawbacks, of course, to make a decision that they know might be harmful.
But we also make several different kinds of content. So some of them you're gonna find are more advanced, and they talk about how to obtain cryptocurrencies anonymously, how to store them safely, all about, like, hardware keys, t TOTP, things that most people might not want to touch. But the people who wanna touch it, they still have that access available. It's a very hard balancing act though. You know? In Go incognito yeah. In in Go incognito, the the course, that I put together, it was like a 2 year project. And one of the biggest challenges was figuring out how to deal with that problem. And one of the best ways I found was each topic so let's say it was 2 f a. It starts with the the bare minimum of what you need to understand and know, and it slowly escalates from there. And then, actually, in the background, it's a green screen and the green screen chain changes color, to pretty much represent a higher threat model.
So that's, like, one nice way I found of pretty much accommodating different demographics. For your second question though, we made a video and I actually this is video was made a while ago, so I don't remember all the tips, but it was like how to get started on your privacy journey. I'm trying to find it right now, but it pretty much answers that question and it's, here it is.
[00:20:13] Unknown:
One sec.
[00:20:16] Unknown:
Many of the steps are just basic things for most of you listeners, but it's gonna be things like moving to a password manager, enabling 2 f a on your accounts, just deleting old accounts you don't have anymore, being conscious of what you're uploading to the Internet. Those are all basic things that would take people very far. And I think one of the biggest ones that we don't talk about is just moving to end to end encrypted mesh messaging when you can. I think moving to an end to end encrypted messenger is already a massive step forward. If you combine that with migration to a password manager and enabling 2FA on your accounts, at least people will have basic security in mind.
And you can't have privacy without security, so it's a great starting point.
[00:20:58] Unknown:
What's your favorite messengers?
[00:21:01] Unknown:
I'm big into signal. I by the way, I I'm big into signal, but I'm also very critical of signal. Lots of things about signal I don't like. But, overall, I do think it's probably the best messenger to recommend to the people I know. I'd say almost all the people I talk to on a day to day basis in my personal life are on signal.
[00:21:18] Unknown:
Yeah. I mean, I, I pretty I pretty much slow and steadily onboarded everyone that's important in my life onto signal. But, like, I I even got my my family basically uses it. I have, like, a group chat with my ladies immediate family and my immediate family, and it's basically almost used as a social media type of situation where, like, photos are shared and stuff, in that in that single group, which is a really nice touch, I think, that people are missing when they're like, I, you know, I don't want to completely detach myself from that that social sharing kind of aspect, but I care about privacy.
[00:22:03] Unknown:
100%. It's funny, my partner and I, we use the one x photo as kind of like a Snapchat feature. It's a pretty bad Snapchat knock off, but it does work. There's a lot of things signal's good for. I'm seeing some people here. What do you think about matrix with the bridges? We actually have a whole community on matrix, and we bridge it to our Discord community. It's a pain in the ass. There's really no other way to say it. We host our own bridge and, it has a lot of problems. It resets permissions pretty frequently, but it does work. It's a very cool project, and I think that bridges are a very cool way. If someone's on WhatsApp, you're able to self host your own bridge essentially on WhatsApp and be able to use Matrix with them. So it's it's very nifty. I like Matrix, but I think it's very unpolished, and it's not something I would use,
[00:22:51] Unknown:
for people I know in real life. I mean, I would I would push back a little bit. I mean, the Bridges system is a bit hacky. I mean, I have people love Discord. I have my own problems with Discord. I mean, Discord's not end to end encrypted. Oh, hey. Hey, Discord. Matrix, like, vanilla matrix, if you're not using with bridges, if you're if you're using it, with, like, Element or one of the other popular clients, is is very user friendly. It's it's it's pretty easy to get started, especially if you're using, you know, the matrix.org home server.
We have our own self hosted matrix room, which I meant to show in the beginning of this chat because, because it's relatively new. That's citadel dot chat. Got almost 300 freaks in there right now. But, I'm I'm slowly starting to to fall in love with Matrix because Matrix is is end to end encrypted. It's open source. You can self host it. It's kind of it's kind of like the the dream messaging platform in a lot of ways. I I mean, the biggest thing signal has going for it, which is also probably your biggest complaint, but is also the best part of it in a lot of ways is that it uses the phone numbers as a, like, a contact mechanism, which is just very user friendly. People are are are used to that with, like, the WhatsApp types of situations and the Imessage types of situations.
[00:24:27] Unknown:
Yes. I think everything you said is valid. I those are the aspects of Matrix that I really like as well. Really, the only complaint I have with matrix is the metadata leakage because there is kind of a metadata problem with that signal handles a lot better. And, also, I do like disappearing messages on signal. But outside those two things, I still think matrix is an overall great platform. Experience as you have personally. So, that's why I really like signal. But then there are some great things about matrix. Like, I can get element from F droid. Right. You know? Like, I can't get signal from F droid. Kind of a bummer.
So, again, like, I I have issues with signal as well. The phone number requirement would be nice if it was optional. I wish it was available on F droid. I wish they were more open source friendly. I wish that they had basic ARM support for Linux.
[00:25:21] Unknown:
What's on on the single desktop app or whatever? Yep. I mean, the single desktop app sucks. That's another thing that's an issue with it. Yeah. It's not great. Just in general. Yeah. And even just like how it, like, it it's basically using your phone as a relay for the like, I don't think you can use it. If your phone is off, I don't think you get messages on the desktop client.
[00:25:46] Unknown:
Yep. The only projects that people should be aware of, but I think really trumps everything else in regards to privacy, security, and anonymity is Briar, b r I a r. It's onion routed. It's only available on Android, and it's peer to peer.
[00:26:04] Unknown:
Fantastic. Well, it's it's like optionally peer to peer. Right? I believe so, but Like, if No. I if I mean, there was all the stories that in, like, China, like, it got censored so then you can use, like, their Bluetooth WiFi to just automatically, like, almost like a mesh net type of situation. Right?
[00:26:22] Unknown:
You can, but I'm pretty sure it's, peer to peer no matter what. I don't think there's any central service because everything's onion routed.
[00:26:30] Unknown:
But I mean, it's it's not purely it's not purely mesh. Like, if you're in the western world, like, I downloaded Briar and, like, I could chat with people on the other side of the world. But in, like, a worst case scenario, one of the cool aspects of Briar is that if you could have, like, no cell reception and still use Briar if there's people that use Briar that are near you. Right?
[00:26:53] Unknown:
Yeah. Well, those are 2 different. So, just because it's global doesn't mean it can't be peer to peer. So peer to peer means that it's just 2 people connecting to each other directly instead of having a central server. The Internet. Yeah. Yep. So there's no central server with Briar. So there's no messages being processed through any server. It's just you directly communicating to another device over Tor. But the UX is kind of Oh, yeah. Clunky. Right?
[00:27:18] Unknown:
Yeah. It's not great. Yeah. And then there's someone mentioned session. I've I've what what are your thoughts on session app?
[00:27:27] Unknown:
I feel like it needs work Yeah. Polish wise. I've used session. Actually, Nathan from the surveillance support interviewed, a team team member from session, Jeffrey Keyes, I believe. And, overall, I think it's a really promising
[00:27:48] Unknown:
Right. But it does have some in that way. Right? Like, it give you, like, a code, and then Yep. You share with the code. What do you think about 3ma?
[00:27:58] Unknown:
I like it, but I can't convince it's already hard enough to convince people to use a new messenger, not to mention pay for Well, I have, like, 7 messengers on my phone.
[00:28:09] Unknown:
Yeah. I mean, the pay model is definitely friction, especially if you're using something like Kallix where you can't even, like, pay for it through the, to the app store because there is no Google Play store on on Kallax or or Graphene or something like that. So you have to go and I mean, they accept Bitcoin. You can pay with Bitcoin or credit card. But I, most of my conversations were at 3 I I've moved to Matrix now. What was the the what's the metadata issue with Matrix?
[00:28:41] Unknown:
Pretty much whatever home server you're connected to can collect whatever it wants about you. That's kind of the issue with the decentralized model of Matrix. So if you're a part of matrix dotorg, matrix.org is able to collect most metadata on whatever's happening. But if you're in end to end encrypted rooms, they can't actually get the
[00:28:57] Unknown:
what the conversations are happening inside the rooms.
[00:29:00] Unknown:
Yeah. Not the conversations, but, I mean, when you're talking, who's talking is still accessible data, which is the problem. What rooms you're in? Yep. Now this can be mitigated because on matrix, you can just self host your own home server. In that way, you can assure that everything that's happening on it is is owned by you. So that's kind of the the the awesome thing and the sucky thing about
[00:29:30] Unknown:
you're running your own matrix server, you can still chat with everyone that's on the other matrix servers servers. Yep. Exactly. But, obviously, you might be unwittingly leaking metadata to their servers if they're communicating with you.
[00:29:46] Unknown:
Yep.
[00:29:47] Unknown:
And we we have a freak who's asking how do we know these messenger chat apps are not spook apps like ANOM? Well, the number one thing is to be using open source software, so that you or other people can verify the code. I mean, ANAM was an interesting story in itself. Were you aware of this?
[00:30:10] Unknown:
Yes.
[00:30:11] Unknown:
I mean, it was a messenger that I had never heard of until after they arrested everybody. Had you heard of it before that?
[00:30:19] Unknown:
Not before then. No. A lot of these we, for some reason, like, they seem very popular in, like, the underground world until they, you know, get busted and then we all hear about them. They, like, they, like, push them in through back channels or
[00:30:32] Unknown:
double agents and stuff like that, I guess. But, like, I think ANOM wasn't even open source. But yeah. I mean, look. The number one thing is open source. Obviously, it could still be a spook operation. You know, there's it might not be that many eyes on the code. So you gotta be you you still should be you should still be careful. You shouldn't, you know, blindly trust everything. There's no easy answer there. Do you have do you have an answer for that question that's more eloquent than mine?
[00:31:08] Unknown:
I think open source is a great starting point. If something's open source, you you already have some assurance there. I think looking at previous history, one really cool thing about signal is we can look back at actual attempts of trying to get user data, and it's exactly what signal says. They only were able to give up, like, the creation the the time and date that they created their account and the last time they were online, and that's it. And that's what they promise. You're also able to look at actual expert opinions. So not me.
Not other people. Like, people who are actual cryptographers who can look at this stuff and give their actual, like, really expert advice on these things to give their best recommendations. Really, you wanna look for, people who are specialized in their very specific field when you're looking for those kind of solutions. So if you're looking to make sure cryptography is good, you wanna look at the people who are experts in cryptography and what they think about the product. One big thing that I've seen a ton, especially in the cryptocurrency community, so this might, be a big one for a lot of you. There's a lot of services that are very similar to, a ANOM that, Matt brought up. Where pretty much, you can get this messenger. It's completely off the grid, completely anonymous, and the other big one is, an iPhone. It's like an iPhone. I think Skyphones is something similar where they ship you an iPhone that's completely hardened and unhackable, and they make all these massive claims.
If it's not open source,
[00:32:41] Unknown:
run away as fast as you can. And and usually, like, the massive claims are a a mat are big red flag too when people say, like, unhackable or absolutely private.
[00:32:52] Unknown:
Exactly. Be very careful with all of those things. Really, like, there's a reason why the most recommended services are all open source services. If someone's trying to recommend some, like, really weird proprietary thing that no one else is talking about, that should be a big red flag. Yeah. And I mean, a big a big theme I talk about,
[00:33:13] Unknown:
a big theme we talk about on dispatch and and my other show, is just this this whole idea. First of all, everything has trade offs. And most of the time when we're talking about these things, it's it's it comes down to a trade off between convenience and privacy and security. And you should be you should be very reluctant when something something sells itself as both convenient and private. Would we do we want things that are that are privacy focused to be as convenient as possible? Yes. But at the same time, like, if you're taking shortcuts, if you're trying to just order a, you know, just order a hardened phone or something from some fly by night operation that promises to do everything for you, that is probably a that that is probably not a good idea.
[00:34:11] Unknown:
Yeah. And actually Yeah. Go on. This brings I have a question for you because I have a few services that I'm very passionate about, that actually do strike an amazing balance between privacy, security, and convenience, and they're kind of unicorns in the space. So I was wondering if you had any.
[00:34:26] Unknown:
Well, I mean, I think signal kind of falls into that category, especially for Android users. Because with Android, you can kind of use it as almost like an Imessage alternative where it handles it just becomes your text message client. I I mean, look. Everything has trade offs. I I kind of I'm curious. What are what are what are your unicorns?
[00:34:56] Unknown:
Signals one of mine. I especially agree on the Android front. Because, like, right now, if I open Signal, I can send a message to all of my contacts through Signal, through my SIM card, or through Silent Link, which is just incredible. And then, I really like Brave and Tor Browser, which is a little bit unpopular on the Brave front, especially probably in the crypto world. I just turn off all the crypto stuff in Brave personally because I'm not a big fan of Brave rewards.
[00:35:22] Unknown:
But, I think the Tor Browser in Brave, it's just download and go. What worries me about Brave is I just feel like there's not many eyeballs on that project. Tor Browser, I would say, kinda fits that bill. I mean, the question is how you feel about the word convenience. Right? Because, obviously, tour is really slow. And then there's a whole trade off of I mean, there's certain websites that are just gonna break if you try and access them through Tor. Yep. Thinking like banking websites and stock websites and stuff like that. But they've done a really good job with Tor Browser. I mean, I have a lot of issues with how the Tor project is run.
I have a lot of appreciation for them, though, and, they've done a good job they've done a good job with the Tor browser. I know it's it's it's it's it's difficult. I mean, a lot of times it comes down to defaults. Right? I mean, I think Brave has pretty good defaults. I mean, I don't use it personally. They had some kind of I think it was, like, a couple months ago, they had something that was really bad. That, like, slipped through the cracks even though it was open source because there weren't that many eyeballs. I forget what it was, though. And that kind of rubbed me the wrong way. There's a few things. They've had a few,
[00:36:48] Unknown:
financial related scandals with the cryptocurrency as well as their affiliate links and also cryptocurrency
[00:36:54] Unknown:
token thing is just a major turn off. Yeah. I think that's most people's turn offs from Brey. But you can disable it, but it's still like, okay. I'm using a product by a team that thinks that's fine. So
[00:37:06] Unknown:
Yep.
[00:37:08] Unknown:
So, like, you question you question their decision making and their motives. I mean, signal gets a lot of that shit too because signal just added their own token.
[00:37:17] Unknown:
So am I.
[00:37:18] Unknown:
Who, like, I have a lot of respect for him, but Moxie, like, pretend Moxie, the the creator of signal, is, like, heavily involved in that token project, and then they integrated the token. And he just constantly pretends like it's not affiliated with Signal at all. And it's like, yeah, we know it's not affiliated with Signal. It's affiliated with you, and you're affiliated with Signal. Oh, I really like Pop!OS, the Linux distro. Mhmm. I think they strike a really good balance. I don't know if I'd go as far as call it a unicorn, but I I think it actually makes Linux very user friendly, and accessible with pretty sane defaults.
So I'm pretty happy about that. I mean, I love Kallix. I know you like Kallix a lot. I think Kallax strikes a pretty good balance.
[00:38:16] Unknown:
Yeah. Those are good ones.
[00:38:20] Unknown:
So, I mean, you kind of piqued my interest because you mentioned when we were talking earlier, you were talking about one of the things about signals, they have these court cases, where they've shown that they've they can't give over information, And a space that is very ripe with scams and requires a lot of trust from their users to the provider is the hosted VPN space. Hosted VPNs are a massively useful tool for privacy. They give you very good Internet speeds while helping mask your your Internet activity from your ISP and also from the sites you visit. But as a result, instead of your Internet service provider knowing, all of your Internet traffic, you are basically handing that information over to a different third party company that ideally you get to choose and there's competition and whatnot.
And one of the most popular ones has become private Internet access, which is based in the United States. And they make, like, all these big claims about no logging, and they have all these court cases where they say they aren't logging and people point to that. But I just can't get it out of my head that it's a that it's a massive honeypot and that I mean, all VPN providers are honeypots, but that it's actually a active honeypot where they're tracking users, partially because they're based in the US and also because some people on their team have really sketchy back stories. How do you circle that square?
[00:40:09] Unknown:
Yeah. So, first, what you're saying about VPNs is very accurate. It's a very iffy industry, and, actually, we have open source VPN tools on our site that hope to at least offer some kind of resource for these. PIA is kind of so I'm gonna get subjective here. A lot of our tools are objective. They're meant to be open source, but I'm gonna give my my thoughts on PIA here. First off, those court cases, I believe, are from 2013, based on memory. They're from a long time ago. What really does rub me the wrong way outside of the terrible history and also their recent purchase by Kape. Kape is a malware. They used to produce malware and now they bought Hapen PIA.
And they own a bunch of VPN providers. Right? Exactly. So they own several VPN providers as well. They really rubbed me the wrong way mostly because there's some basic things they could be doing that they're not. A warrant canary is a big one, which pretty much says oh, what a warrant canary is is, essentially, you put a web post on your website that says we are not compromised. And if that company is ever forced a gag order or forced to start collecting data, they change the warrant canary or take it off. That's pretty much a legal workaround to be able to let people know that they've been compromised. Because the gag order doesn't allow them to post, we've been compromised,
[00:41:34] Unknown:
but they can remove something. They can't add something.
[00:41:37] Unknown:
Exactly. PIA not only does not have a warrant canary, they have a massive blog post detailing why warrant canary is not a good thing to have at all and how it solves the wrong it I'm mostly quoting word for word. It solves the wrong problem because people should just not keep logs in the 1st place. Like, that's that's not really the issue. It's trying to be targeted there. Something else is that with signal, the encryption's done on your device. And this is done as well with a VPN, but the difference of the VPN is even though it's encrypted, the the data is still being traveled through their servers. And at the end of the day, you're still having to trust this VPN company with that data.
I just don't personally don't have enough faith in a company like PIA to be able to handle that data well. Well, your data is encrypted, but they know the entry point and the endpoint.
[00:42:30] Unknown:
Right. Right. So they know what sites you're visiting, and they know your IP address, obviously. So they know who you are. If you're paying with a credit card, then they know who you are even more. Mhmm. I think we both like the same 2 VPN providers.
[00:42:50] Unknown:
IVPN and Mullvad?
[00:42:51] Unknown:
Yeah. But I'm like, I've been recommending for so long that my running joke with the freaks is that if it is a honeypot, then we'll just all go down together because I'm I'm using it too. So
[00:43:03] Unknown:
Yeah. I think, IVPN, Mullvad, and my other 2 that I throw in there would be Proton and Windscribe. I like those 2 as well. The Proton definitely, kinda sends some people the wrong way, which I think is valid. I think if you distrust companies, that's fine, though I still like to encourage people to look at all the data points.
[00:43:22] Unknown:
Proton's a weird one for me in general. Yeah. That's fair. I I know some a lot of people don't trust Proton. I mean, they, like, came out, like, right after so I'm, like, kind of a little bit curious about your privacy journey. I mean, my privacy journey really began in earnest with the Snowden leaks. Like, I thought we could trust tech companies before Snowden. After Snowden, I basically realized that, whether whether they, you know, do it voluntarily or whether they're forced to, there's a lot of cooperation. They're basically an extension of the state, but also, like, a lot of these companies have financial incentive to track users.
And, like, Proton, like, kind of came out of the Snowden leaks, and it was, you know, championing privacy directly after the Snowden leaks. And it always felt to me, like, I don't know. Like, if if if if if if you were the state and you wanted to and you and you wanted to take advantage and and still hold some of your grasp post note and leaks, like, the best thing to do is, like, launch a Swiss based company that says we're gonna take care of all your privacy for you. But, like, the email is a very compelling offer. It's a compelling project product.
You know, I'm not skilled enough to inspect the code, but I I believe it it is it is supposed to be all everything is supposed to be done client side in your browser. The whole way they handle, like, their anti spam mechanism or where they're, like, they wanna verify a phone number or an external email address in order to sign up kinda rubs me the wrong way. I mean, both IVPN and MOLVAD, you don't even have to provide an email address by default, which I like that flow a lot better.
[00:45:20] Unknown:
I agree.
[00:45:21] Unknown:
But, like, I don't I don't particularly, like, not recommend Proton. I just always had this, like, weird vibe about it.
[00:45:29] Unknown:
Yeah. And, that is something that we talk about sometimes. It's like, there's just some services that I just don't like. And when I cover content, I I recommend them. But it's like I the it's just a subjective thing. So I think it does come back to, like, if you don't trust something, I still recommend you look through the data and make your own assessment on it. But if you don't trust something, trust that instinct, to some extent, I I think be aware that it is just a a feeling, but I don't know. I say, like, to some extent, it's fine to act on that. Personally, I trust Proton. Our whole team uses Proton. I use Proton in my personal life. I think they're password protected emails to external contacts is just phenomenal because even Right. Someone who doesn't have Proton or doesn't use PGP, they can still get an encrypted email. That's end to end encrypted.
It's fantastic. But yeah. I think it's all based on trust. And if Proton wasn't able to prove that they're trustworthy to you, then I think you're valid.
[00:46:39] Unknown:
And didn't they recently, like, change their privacy policy or something?
[00:46:44] Unknown:
Yeah. So there was a recent, there was a French activist, and pretty much, what happened was they were part of a nationwide investigation, and what happened was Proton then had to start logging an IP address on that one user. So they updated the privacy policy to now better reflect that they do that, but they've always said that they did that. If you looked back through their articles from 2013, way back in the day, they post all this information of what they collect. And most pretty much any centralized email provider is going to collect that information. And if they're not, they're probably lying to you, because they're not gonna be able to fight against the massive government.
So, just be aware of what a, quote, private email provider will will offer you. They're not gonna offer you magical IP address protection, but they if they're promising end to end encrypted and it's open source, you can guarantee that it's gonna be end to end encryption.
[00:47:39] Unknown:
Right. But which is why it's important to couple that with a VPN so you're not leaking your IP address to them or Tor. But if you're using their VPN, it kinda defeats that purpose.
[00:47:53] Unknown:
It's funny because they argue other ones, which I'm kind of iffy on. I don't think that would fly, but they actually argue otherwise because they say their VPN is handled differently and they wouldn't be able to to do anything there. That that's what they're saying. I'm Well, that sounds like a bullshit. The message. Yeah. Yeah. It does sound like bullshit to me. We're gonna shoot you. We're we're shooting you live on dispatch. Just real quick. Someone asked about TorGuard. I think you can do better. Personally, I think you should have higher standards for the pricing security of your VPN. Same goes with NordVPN.
[00:48:26] Unknown:
Most people horrible. Nor Nord is a horrible track record. Nobody should use Nord. I'll go just say that.
[00:48:33] Unknown:
I I really would stick to to, like, IVPN and Mullvad if privacy and security is your absolute goal, And I think Proton and win and Windscribe are great alternative options as well. I used to like Bolle a lot. Did Bolle
[00:48:46] Unknown:
cross your radar ever? No. I've never heard of it. No. I mean, I haven't used it in years, so don't count this as a recommendation, freaks. But, before I discovered Molebat, I liked. I think they were based in Singapore. Anyway so, I mean, look. The VPN question is not an easy question, and it's a perfect example to me in the privacy world, the digital privacy world, about trying to measure trade offs and measuring it against your threat model and trying to make a decision yourself, because it is a topic that you could literally dedicate hours to talking about days, with tons of nuance. And then all at the end of the day, like, a lot of it just comes down to reputation.
So where do we go next? Do you, someone asked in the comments about Libre Wolf Browser. Have you ever heard of that?
[00:49:48] Unknown:
Yeah. Libre Wolf essentially is Firefox. Well, I do you want me to explain it or do you I just want my thoughts. Sorry. I don't know. Explain it. Explain it and then give us your thoughts. Okay. Libre Wolf is pretty much an open source. Firefox is open source, so Libre Wolf took Firefox and forked it, and they pretty much applied some out of the box patches to it to make it more private and secure out of the box. So they disable some of the, analytics and telemetry collected by Mozilla, and they also, I think, pre install ublock origin, and they modify some I think they modify some of, it's not flags. It's the other about the about config menu for Firefox.
But, yeah, personally, I I I don't see a need for it. I personally just like using, Firefox if I'm gonna use Firefox. But I think that if you just want kind of a Brave esque alternative to Firefox, which is just like out of the box ready to go, I think that's probably your best bet, something like Libre.
[00:50:47] Unknown:
But it sounds like for your daily driver, you use Brave.
[00:50:50] Unknown:
Yes. I use Brave and I use Tor Browser for pretty much everything. Those are my two favorites.
[00:50:55] Unknown:
And then you don't use, like, that built in Tor feature on Brave. Right? What was that? That that built in Tor feature on Brave?
[00:51:04] Unknown:
Very rarely. I wouldn't trust that for anonymity. Like, the same anonymity you'd get from the Tor browser. Because the Tor browser's built from the ground up to make you anonymous. Brave won't do that. Brave just essentially masks your IP address. I do use it if someone just sends me an onion URL to download download something, which for some reason is happening more often than than I'd like. Well, actually, you know, it's a good problem to have, but it's just frustrating downloading things that are just, like, gonna be public videos,
[00:51:32] Unknown:
through, like Yeah, man. I mean, I feel like me and you are I I think most people aren't getting lots of onion addresses, but I would like to see more of them. Agreed. I, I mean, the browsers is another can of worms that's really just personally interesting in the privacy world. I mean, in general, you should probably not be using browsers, I think, that don't have that many eyes on them. Your browser has so much information on you. Capability of collecting so much information on you that it is a really, really crucial tool, if you care at all about your privacy and security.
I mean, if we're gonna talk about, like, actionable first steps, like, you probably shouldn't be using Google Chrome signed into your Google account. Probably should get rid of your Google account if you have the capability of doing that. But definitely, you know, your main browser shouldn't Chrome signed in to your completely doxed Google account. Personally, I was I was using ungoogled Chromium for a while. The I mean, a lot of the web is, like, built for Chromium or Chrome, which is unfortunate. And then recently, I just switched now I just use Firefox, and I just change a bunch of settings myself.
[00:53:01] Unknown:
Nice. That's a good setup.
[00:53:03] Unknown:
There's a lot of things that, like, get broken when you use Firefox and go to websites. It's weird. But my pay grade.
[00:53:10] Unknown:
Yeah. No. I I really am not a fan of using Firefox personally. Very personal preference. But I think the browser wars are pretty ridiculous, at the end of the day. Like, as long as you're avoiding Chrome and Opera and Edge and you're sticking with either Firefox Brave or Tor or really any other semi private browser, you're doing better than majority of the people. So it's always a good step forward.
[00:53:35] Unknown:
I forgot Opera still exists. They're owned by a Chinese company. Right? I believe so. I think they have a VPN too. One of the interesting things is, Mozilla for Firefox now has Firefox VPN, which is just white labeled Movad.
[00:53:52] Unknown:
Yep.
[00:53:54] Unknown:
Which I feel like makes it a lot more accessible. Should we talk about operating systems? How do you feel So, like, you have a bunch of guides that incorporate Windows. I've maybe I've just gotten, I've, like, gotten to the point in my privacy journey or my education privacy journey where I just I just tell people they shouldn't use Windows. How do you feel about Windows?
[00:54:26] Unknown:
Yeah. So first, we have, we spent a lot of time on this. This took pretty much all of 2021 to do, but we have a whole, like, 20 minute per operating system guide. So we did a guide for iOS, a guide for Android, a guide for Windows, a guide for macOS, and a guide for Linux. So we made 5 different guides for different operating systems, all covering the same information, but essentially specific to each operating system. And the Windows one, it starts with a skit because it it it starts with someone like, oh, this is the all in one Windows privacy and security guide. And then someone crashes through the door and says, just use Linux. And, while I think that probably is the easiest way to essentially prevent almost all of Windows problems, at the end of the day, there's just some things, that Windows still does for people. Like, if someone's dependent on Adobe and they can't switch to the open source solutions, they're either gonna be using Mac OS or Windows, or they're gonna try to get some half baked solution using wine, using a old version of Adobe, or they have to use KVM to get Windows. But either way, if you're using KVM with Windows inside of Linux virtual machine, don't you still wanna make that version of Windows private secure? So, essentially, like, we like to be open to different people's, situations because at the end of the day, you can make Windows significantly more private and secure.
And just because you can't make it perfect, doesn't mean that, we shouldn't, like, cater to that audience at all. But in that Well, that's why I appreciate you about about you guys. But, I mean, to me, Windows is just spyware at the OS level. Agreed. I don't even Yeah. And and, like, so we talk about that too in the guide. At the end, we're like, hey. We did a ton. We might have made Windows 80% better, but at the end of the day, there's still, like, the following things you can't do. And if you're still concerned about this, you should really look into Linux or any other operating system. So that's that's kind of our approach. We like to keep things open ended. We like to cater to everyone.
It's definitely easier though sometimes to just go, yeah, just go use Linux. Because sometimes there's someone who's fully capable of using Linux, but they're a little bit intimidated by it, and I go go try it out. Or if anything, I think the under discussed option, which definitely gets a lot of hate, I'd rather people be using a MacBook than Windows.
[00:56:45] Unknown:
Yeah. I mean, that's where I land on it. Like, I mean, I I mean, the other thing about Linux, I mean, there's a there there's, like, a I mean, there's obviously a learning curve. I think Pop!OS does a pretty good job, bridging that learning curve, but if you don't know what you're doing, it could be more dangerous than if you're using OSX, if you're using a MacBook. I also would say, like, if you need to use something that is Windows specific, if you have work related things or something like that, like, you can have a dedicated machine just for that. I mean, it's still useful that you have your guides to to harden that machine as much as possible. But, you know, a lot of our conversations end up what what we see in the Bitcoin world, and I've seen this on my own personal journey is, you know, Bitcoin is a a purely digital bearer asset.
So all of a sudden there's this direct financial reason, why you wanna take digital privacy and security safely. And that's because you're managing these these secrets, these private keys that if they're taken, you lose your Bitcoin. So when I have people come to me and they're saying, I'm trying to do this Bitcoin thing or this Bitcoin thing on a Windows machine, I'm like I'm like, man, you just gotta get another computer, and you it's either gotta be ideally a a you you flash Linux on it and you put Pop!OS on it. But even if it's a MacBook, you gotta just have a dedicated machine that's not Windows, and use that because you're just you're just starting off on the wrong foot if you're trying to secure these secrets on Windows.
[00:58:32] Unknown:
Agreed. I think that, for sure, for certain, threat models and for people who really wanna start on the right foot, starting on Windows is incredibly challenging to do. Yeah. And I think that having separate devices is a great solution. And there's other solutions too. Like, there's virtual machines. There's dual booting. Dual booting is a really nice one. And you can add different devices. You can there's there's more extravagant solutions, but those are all great solutions as well.
[00:58:59] Unknown:
Yeah. I mean, the problem with dual booting for me was always, like, one of the things that I always really liked about Linux is, like, if you just fuck if you fuck something up, like, as long as you have the important files backed up, you can just start fresh again. True. I feel like when you're dual booting, it just It's messy. And you're entering, like, all these BIOS issues and stuff like that, and it kind of complicates things. I agree. You have, like, $500 to buy a dedicated machine kind of solve. But,
[00:59:30] Unknown:
Totally agree.
[00:59:31] Unknown:
Yeah. It's always a battle of trying to decrease your attack surface, increase convenience, make it a little bit less shoot shoot yourself in the foot capability there where you fuck yourself over.
[00:59:49] Unknown:
Have you ever used, live operating systems before?
[00:59:53] Unknown:
Oh, I love tails. Tails, I feel like is a, there's a unicorn. Agreed. Tails is Tails is fantastic. And for the Bitcoiner crowd, they have Electrum built in, so you don't even have to download additional software in order to use Bitcoin with it.
[01:00:13] Unknown:
Yeah. It has KeePass as well out of the out of the box, which is really Yeah. I love KeePass.
[01:00:18] Unknown:
That's a good that's a good next topic, password management. Before we get there, I feel like Tails let's just talk about Tails for a little bit longer. Tails used to be easier to use, but now I feel like a lot of the modern computers, like, they have all these different, like, quote, unquote secure features that, like, make it difficult to boot from the drive. Have you noticed that?
[01:00:38] Unknown:
I haven't. I haven't used tails in probably about, like, a year, year and a half personally. So if there were any, like, recent depends on what machine you're running it on or
[01:00:48] Unknown:
but, like, I was helping out a friend, and I think it was, like, a Dell. And it was, like, a pain in the ass in the bios to get it to run. And and because they had some kind of secure elements that was, like, making verifying what was running. They, like, made it, you know, under the guise of security, they were really just trying to make it difficult for you to run Linux off of the USB drive. And I have no idea. I'm not really familiar with how it works on on Mac. Are you I yeah. But but the cool part about tails for the freaks that are just completely confused about what we just were talking about is it tails is a specific Linux distro that has Tor built in that you run on a USB drive. You plug it into your computer, you boot up the computer, it boots into tails. You have this nice little Linux environment.
As Henry said, it has KeePass on it. As I said, it has Electrum on it. It has a bunch of other tools on it towards it tours the default. And then when you unplug the USB drive, it's it's supposed to just wipe everything from memory. So you have you have you have nothing left on the machine that could compromise you if you're doing something. So if privacy is of the utmost importance, Tails is a extremely useful tool.
[01:02:11] Unknown:
Yeah. It has some other things too, like MAT 2. MAT 2 is a tool that wipes metadata on pretty much any file type, just really
[01:02:20] Unknown:
neat. Yeah. I mean, that is a that's something I don't really discuss on this show. Image metadata specifically is a is a big foot gun moment where people leak more information than they realize. I mean, a lot of modern phones now embed, like, GPS locations into the into the photos.
[01:02:43] Unknown:
It's how John McAfee was caught.
[01:02:46] Unknown:
Yeah. Well, John McAfee didn't kill himself. I I still think I I mean, I still think. I don't know. But, I'm, like, 10, 15% on the side that he's still alive somewhere. But I I would I would argue that the biggest thing against me is is that I think he has too big of an ego to just not publicly say anything for this long. But it'd be, like, completely in his MO to bribe a Spanish prison guard and fake his death. Never saw a body. So what were we talking about right before I pulled us back to Tails? Oh, password managers. So I feel like this is a very interesting one because, I mean, there's these memes in, like, the privacy security community, like, just use Linux, just use signal, just use password manager, just use Tor.
And there's a lot of pushback that it's oversimplified, And I feel like password managers really embody that.
[01:03:54] Unknown:
Yeah. Really? Okay. The the the goal of password managers, right, is to get people to use strong and unique passwords. So they're not reusing passwords, and they're using strong passwords. In my opinion, anything that does that in a safe, secure way is better than reusing same passwords. So I think that's already a great start. If you're not using a password manager, even if you're writing them out and you're keeping them in a in a safe or something, I still think that's better than reusing the same password on every website. However, I would really caution people away from generally unsafe password managers. Look into the history of your password manager.
See, if they suffered several security issues. See how they handled those issues. See if they're I I think you shouldn't be using a password manager. It's not open source in my opinion. So, really, like, the main options that we pretty much end up leaning everyone towards are Bitwarden and KeePass. So Bitwarden is cloud based like a traditional password manager, but everything's open source and you can self host it yourself if you wanted to. KeePass is completely offline by default and it's all open source, and it's probably one of the most secure ways to go in regards to password management. But the problem is it's a little bit less, noob friendly. It's like it's clunky because you have to actually either
[01:05:16] Unknown:
I mean, if it's if you keep it completely offline, you have to type out the password yourself.
[01:05:22] Unknown:
Yeah. Though, actually, I just dis I discovered this feature way too late, but KeePass XC has an auto sync feature. So you can pretty much give it 2 KeePass, documents and it'll sync them into 1. It'll merge them together. So, like, my phone is offline and my computer is offline. They own they have their own password managers. I can pretty much combine them, and it'll sync everything properly, which is really dope. To me, the unicorn product in
[01:05:47] Unknown:
the password management world is a notepad and a pen. That's fair. I just feel like it's just so simple. Just write it down on paper. Use unique passwords. Keep it somewhere secure. And someone has to come into your come into your house or office to get it, like, don't put it on a post it note.
[01:06:12] Unknown:
It it it accomplishes the goals. Right? I've heard passwords.
[01:06:17] Unknown:
I I I like KeePass a lot. I've heard very, very good things about Bitwarden. The switching cost for your password management is a lot in terms of, you know, if you already have a lot of passwords, so I've never actually used it myself. What really scares me is, like, the last passes of the world.
[01:06:40] Unknown:
Agreed.
[01:06:41] Unknown:
Did you see we published survey and support this morning, and it was the last pass security incident. Oh, I haven't listened to it yet. By the way, that's a great. It's a really great show. I recommend all the freaks listen to it. You don't really have to listen to it, freaks, if you don't want to because I listen to it every episode. So I do talk about things they talk about. But if you wanna go direct to the source, it's, it's a really fantastic show. You do a great job with that, Henry.
[01:07:06] Unknown:
Yeah. And then Nate does too. He he Yeah. He he really can't do. Yeah. He's fantastic.
[01:07:16] Unknown:
Yeah. I mean, LastPass is, like, a perfect example where it's like I mean, talk about a honeypot. That's just, I mean, I don't even know I mean, I obviously, you shouldn't reuse passwords, but, like, if all of if all of your passwords are in LastPass, like, literally, you're just one compromise away from just having absolutely everything compromised. So I don't even know if that's a I guess it's still an advantage over I don't know. This is, like, a perfect example of us getting into the weeds. Like, most people are just using horrible fucking passwords, and they're reusing them over and over again, and they have them in their Apple Notes unencrypted.
[01:08:02] Unknown:
Super common.
[01:08:03] Unknown:
Yeah.
[01:08:04] Unknown:
Yeah. Don't do that. But then it becomes kind of a personal choice. Like, if one of my friends comes to me with all their notes in an Apple Notes thing, and they're like like, yeah. The only thing I use is LastPass. I'm I'm gonna I'm gonna be very mixed about it. I'll probably be like, hey. Just so you know, here are all the concerns of LastPass. And by the way, here are other solutions that are better than LastPass and will accomplish literally everything that it does. So I'll do my hardest to convince them, but, ultimately, I I really do think I I hate saying this because I really dislike LastPass, but I do think in that situation, for me, personally, I lean them towards using LastPass instead of, like, unencrypted Apple Notes. But
[01:08:44] Unknown:
Just tell them to use a pen and paper, the unicorn.
[01:08:47] Unknown:
True. Like, pen and paper, Bitwarden, even Apple's key chain. Like, Apple has its own password manager, you know, like and it's end to end encrypted and Apple generally has decent security. So, like, I'd still choose Apple's keychain over both LastPass and just keeping it in notes personally.
[01:09:07] Unknown:
Yeah. I mean, I have a lot of problems with Imessage too, but obviously, I think Imessage is a significant improvement over using text.
[01:09:15] Unknown:
I like Jonah's comment. What really gets me are the people who have all their passwords in Apple Notes, and also their passwords are all basically the same week 1.
[01:09:23] Unknown:
Yep. Seen that many times. Yeah. It's,
[01:09:32] Unknown:
Good point by someone here. Apple keychain sucks to get out of. Look at that too before you move to a passive manager.
[01:09:38] Unknown:
Like, how are these do. Right? It's like their switching costs are massive.
[01:09:45] Unknown:
It depends. Like, I think last pass to Bitwarden is relatively straightforward. Bitwarden to anything is straightforward. It really depends on how user friendly they wanna be. Apple, as you can imagine, is trying not to be user friendly with exporting things. So it just depends.
[01:10:03] Unknown:
The way I kinda look at it is and this is also I I wonder I mean, you probably struggle with this too is, talking about privacy and security, but not, like, completely doxing your own setup and exposing how you do things, is really difficult. I mean, I had one freak put me on the spot when I was drinking beers with him in person, and and I I stopped doing this. I'd it was, like, 2 years ago, two and a half years ago, and he's like he's like, what's your favorite option for this or whatever? And I told him this option, and he was like, but you said something else on the show. I was like, oh, that's my second favorite option because I didn't want to. I didn't want to talk about my first option.
[01:10:48] Unknown:
The
[01:10:50] Unknown:
with passwords, there's there's an argument to be made about convenience and security being different. Like, the trade offs you wanna make are different depending on what the password is for. So to me, as as, you know, you can cell phones, bit warden, I've already said earlier that I don't I haven't used it personally. To me, my most secure passwords, you know, things I mean, first of all, you should be using multiple email addresses, but important email address is, like, important bank account information. Like, the really important stuff, I'm just a offline only kind of person. Like, I think those things should be offline, and then you have other things that are maybe more easily accessible because you're not as worried if they do get compromised. Would you agree with
[01:11:45] Unknown:
that? Yeah. I I think that that's a good way to do it. I think, and you don't have to answer this, but I'm curious. What do would you store your seeds offline?
[01:11:54] Unknown:
Yeah. All my seeds are offline. Got it. That makes sense. But but I have, like, I have a mobile wallet, right, that has a less amount of that has, like, spending cash in it, and and that is that is on Internet connected device. That's on my phone. Right? But, like, for for my my life savings, I go through extreme, extreme offline scenarios, to secure my life savings, especially as a public person. Because the second it the the amount of improvement you can make, especially if you're not someone, who can verify code themselves and check line by line what is running. The amount of improvement you can make by simply just keeping something offline, keeping a secret offline is dramatic. Like, it is it is significant. I mean, you're you're basically entering a situation where someone has to get physical access to whatever that secret is. And in Bitcoin land, it's even better because we have this concept called multisig, where you can have multiple secrets, and they all need, to be compromised in order to access your funds, and you can keep them offline in different physical locations.
So then all of a sudden you enter a situation where an attacker needs to actually get physical access to your home, your office, some other place, some other place, and then it just adds, it adds protection there. It is like a main it is a mainstay of my privacy and security journey is that for the most important things, yeah, for the most important things, you should try and keep them offline. I like that there's a freak accusing me of using Bitward and then pretending I'm not using it. No. So we talked about VPNs. We talked about messaging apps. We talked about operating systems.
Talked about password managers, talked about browsers. What should we talk about next?
[01:14:16] Unknown:
Good question. That really does sum up a good portion of the areas in the pricing. Oh, 2 factor.
[01:14:23] Unknown:
Oh, good one.
[01:14:25] Unknown:
What's your recommendations on 2 factor? How do you go about how do you go about that process of education?
[01:14:33] Unknown:
We so TOTP is probably, like, the most popular one. So TOTP is time time based one time passwords. And what that is is, like, Google Authenticator is TOTP. Google Authenticator is just an open standard. It uses TOTP, which is an open standard that's used in pretty much everything else. That is probably the easiest and most convenient, best balance like, that's probably the unicorn option for a lot of people. You can download, aegis from F droid on Android and, Aegis. Is that your favorite? That's probably my favorite TOTP app that I've used. I know there's AndOTP, but in my opinion, Aegis is better than AND OTP in, like, every way. I really like Aegis' backup mechanism. It's really good.
Yes. It's very nice. So that's really my main recommendation. Go through all your accounts. See what supports. They'll probably call it Google Authenticator. I'm doing quotes in the air, but it's really you can use any TOTP app. They give you, like, a QR code. You scan it with Aegis. I guess Aegis is Android only though. Right? Yes. But they also give you your seed, so you can import that into any iOS app. And you can use Rivo, r a I v o, on, iOS. That's probably the best one I found. That's your favorite iPhone one? Yes. Probably hands down. It's like the only one that actually lets you export your seeds, which by the way, the seeds are what the QR code is. Just like you you guys know this because you're in a crypto world.
Lots of 2FA apps, once you scan the code, don't let you view your seeds. So there's no easy way to migrate all of your Right. I think Google Authenticator doesn't let you. No. They're just change that. Yep. I don't think they do unless they did it in a newer version, but Authy doesn't either. It's my biggest gripe with Authy. So I really try to avoid, people using Authy.
[01:16:27] Unknown:
I put Authy in, like, the last pass boat. Yeah. Same. It's not not a great situation.
[01:16:33] Unknown:
Now someone's also bringing up physical 2FA devices. I have been I've actually never used a, hardware 2FA thing until the last, like, few months. Yubikey sent us a couple test, units review, and so I've been using it the last couple months. And it's it's pretty nice. The only problem is it's I can't convert as many accounts to a hardware key as I can to TOTP. So I'm now probably gonna have to use a combination of YubiKey and TOTP. Now the YubiKey does support TOTP. You can use your YubiKey to also support those codes. But it doesn't, to me, feel as clean of a solution, and I'm not a fan that it constantly it's something I either have to keep track of or that constantly takes up, a port on my laptop.
[01:17:18] Unknown:
Right. It's a physical device you plug into the USB port. Yep. So personally, I'm I'm on team TOTP,
[01:17:24] Unknown:
but I think it's pretty much, a nonnegotiable that, generally speaking, hardware keys are more secure.
[01:17:32] Unknown:
But, again, like, we're talking, like, the top because it's the same thing. It's the offline it's the offline concept. Yep. Because most people will just have Aegis on their phone. They'll have a 2 factor app on their phone, and that's obviously connected to the Internet. But I I personally I personally think the hardware device is overkill for most people. You should already have a secure password on the account, and there's never and at least that I'm aware of, there hasn't been a a real, like, sweeping compromise that has affected people that have used, 2 factor apps, even the bad ones.
In general, attackers tend to go for the lowest hanging fruit, and that's the people that are not using secure passwords that aren't using 2 factor.
[01:18:29] Unknown:
Yeah. And, at like someone mentioned, well, a few things. 1, someone corrected and said Google Authenticator does give you an export option. Yeah. I think they added it recently. So that's cool. I'm happy to see that. And someone else is saying t0tp 2FA isn't connected to the Internet and they're right. And that's kind of why personally, I don't think there's a huge difference between a hardware.
[01:18:50] Unknown:
Well, if you have I mean, if the app is doing what it's saying it's doing, and if it's open source, then you or someone else can verify it, And it's not supposed to be connecting to the Internet.
[01:19:01] Unknown:
Sure.
[01:19:03] Unknown:
Theoretically, you can have a spare Android phone or tablet that is running KeePass and is running Aegis that is never connected to the Internet, and it will still work, with your two factor codes. And then you kind of get some of that that, you you get that, like, air gap benefit. You get that offline benefit because you're just not connecting it to the Internet, period. But I would caution the good apps for a lot of these things do things locally. They're not connecting to the Internet when they're not supposed to be connecting to the Internet, but, ultimately, your mobile phone is this black box device that is always connected to the Internet.
So I wouldn't necessarily assume that, in your threat model. But all that said, I do think for the overwhelming majority of people, using a solid TOTP two factor app is is a massive improvement and is probably sufficient. I would add that, you know, we talked about exporting, but a key element here of the good the good apps is that is that you can easily back up. Because if you've ever been in a situation, people have gone in this situation many times where they if if their phone breaks or something, if you lose those codes, you're gonna have a really hard time accessing your accounts after that. So you wanna have a backup so so you can still access your important accounts without going through a massive customer service process. Because if if you can circumvent the 2 factor code through a customer service process, so can a malicious actor. So they're they're the good services are designed in a way that if you lose those 2 factor codes, you're gonna have a really bad time. So make sure that you can back them up.
[01:20:59] Unknown:
Absolutely. Just like backing up your seeds.
[01:21:01] Unknown:
Yeah. I've I the way Aegis does it is really cool because you can just back it up directly to a USB drive, never connect anything to the Internet. They also have this option that is very familiar to, Bitcoiners in that they'll link they encrypt your backup. So you can actually just store it in any cloud service even if it's untrusted cloud service, and then you write down the the encryption code on on your trusty pad and paper that you keep offline. Definitely. Just a nice nice little balancing act there.
[01:21:40] Unknown:
Just wanted to add that Jonah brings up a really good point in the chat here. He pretty much is saying the main benefit of a hardware key are that they're unphishable. Because of TOTP, you still have to enter the code, which could be used on the phishing site. True. Whereas, with a hardware key, which uses, FID02, VIT02, it'll only access the legitimate domain. So it's a good phishing prevention.
[01:22:05] Unknown:
Oh, that's a really good answer. Yeah. So that actually that actually might change my opinion because everyone gets phished. People get phished a lot, man.
[01:22:16] Unknown:
Yep. And there's real so this didn't used to be a problem, I feel, because back in the day 2 f a used to be, like, a good phishing prevention. I think it still is, but a more sophisticated phishing attack will, in real time,
[01:22:28] Unknown:
log in given given a 2FA code from a TOTP app. Yeah. And you see it with a lot with the the Bitcoin sites because the Bitcoin sites have kind of any sites that have kinda standardized on 2 factor. Those attackers have obviously moved to actually phishing the the code as well. So they'll they'll pretend you're signing in, you give them your password, then you give them the code, and then they quickly sign in to your account. It's how that attack looks, which is why you shouldn't click links and you should always type where you're going directly into your browser. This conversation wouldn't be complete without a conversation about using text based 2 factor authentication.
Do you wanna go into that for us?
[01:23:11] Unknown:
Yeah. I I I hate it because it's bad on, like, almost every level. You know? Like, SMS is the the closest thing to public as it can be. Someone can set up some few $100 devices outside your home and intercept SMS messages fairly easily. It's like a postcard instead of an envelope. Exactly. It's super easy to for for a random person to investigate what's going on. It's super easy for your cell carrier. There was a recent story that you might have seen this on Twitter, where someone someone's cell carrier injected an ad into the Google 2FA code sent to their phone number. So it says, like, oh, your Google number is 123456.
And it said your Google number is 123456. Check out this product online underneath it. The cell carrier injected that because obviously your cell carrier sees all your SMS messages. They're not end to end encrypted. So just avoid it. But the thing that sucks is if you use I think, like, almost every bank out there with very few exceptions only gives you phone based SMS as an option for 2FA. And when that happens, you just gotta tough it out.
[01:24:19] Unknown:
The banks are really bad about it.
[01:24:22] Unknown:
Yep. I the I mean, the banks run on
[01:24:25] Unknown:
30, 40 year old technology. So, it doesn't surprise me. Yeah. If you ever if you ever want a fun time, just walk into a bank and just look at all their computer systems. If you really want a fun time, try and open a bank account and just sit down with them. But I'm gonna I have I have a couple promises to myself, and one of them is I'm never gonna open another bank account. So
[01:24:46] Unknown:
You might like this. I recently have been going on a journey to pretty much, decredit everything. I wanna stop using credit. Say say fuck the credit score. You know? I think it's very hippie, but it's something The society really fucks you if you don't have
[01:25:03] Unknown:
your least basic credit. It does. But, I don't know. Such a perverse system, the credit system, the, like, credit scores and stuff.
[01:25:12] Unknown:
Yeah. It's a it's a general gauge. I think a a better they say it's how well you use your finances. It's how well you use your finances while still giving people money.
[01:25:22] Unknown:
And they're just massive surveillance holes. The whole thing is just surveillance capitalism, like, packaged in a rewards card. Yep.
[01:25:29] Unknown:
And it's funny because people always you know, not to discount China's problems, but people are always, like, China is a surveillance state. They have these social credit scores. And I'm like, what's your credit score, bestie? Like, obviously, it's it's not a fair comparison, but it still kind of really pushes me the wrong way that we're given scores to essentially represent how our financial status is.
[01:25:51] Unknown:
Yeah. And we're moving to more social credit systems. Like, what China's doing is just they're just 5 years ahead of us.
[01:25:57] Unknown:
True.
[01:25:59] Unknown:
This is what I like to say. And this is why I mean, it's you know, I'm very Bitcoin focused person, but this is why I love cash. I mean, cash is cash is king, and and it's a very private way to transact. And in a lot of ways, it's more convenient than using a credit card. So you can't if you pay with cash at the bar, you're not gonna accidentally leave your tab open. And you don't have to wait around for the waiter to come back with the piece of paper if you if you just pay cash. Give them a little tip there. Round it up. So what were we talking about? I just had an oh, so the other issue with SMS two factor is it is it's it's also a way for these companies to harvest your phone number, which is basically used as a social identifier nowadays. It's almost used more than your Social Security number, but it's used in a similar way.
And you really wanna limit the amount of services that that that know your phone number and then know the same phone number. Ideally, you have multiple phone numbers. I mean, that's obviously a main issue of of these SMS two factors as well. Right? Yeah. Definitely.
[01:27:15] Unknown:
This actually I I don't know why I'm thinking of this now. I was driving home. This is probably last week and it it was just a new perspective. So I just get random it's like, you know, shower thoughts. It's like driving thoughts. And this one was I feel like the data points that we should be protecting the most are the ones that are the hardest to change and we're most invested in. So you think of Social Security number. It's nearly impossible to change a security number, unless you're able to prove that you're you're victim of abuse or or all these other legal loopholes that you're able to go through. But most people can't just go and change their social security number. So this is just a single number that if it gets out into the world once, you're screwed for the rest of your life.
It's horrible. Phone numbers are pretty high up on that chart. You know, most people don't change their phone number sometimes ever in their entire life. Yeah. Massive switching costs on that too. Exactly. So, phone numbers are really high up there. Emails are definitely lower, but really the goal should be to use as few of those high level identifiers as possible because they're extremely hard to switch off of. I I really like that term you use, switch cost. Yeah. Switching costs. I really like that because it's a really good way of looking at it and I think that yeah. Just trying to avoid out the those really high level identifiers that are almost impossible to change is really the goal.
And the other one that I thought of, massive one, that, like, no one considers, and it's such a normal thing. Home addresses.
[01:28:47] Unknown:
Yeah. Well, we talk about that a lot in the Bitcoin space.
[01:28:50] Unknown:
Yeah. I I feel like it's not talked about in just the real world very much. Like, oh, like, what's the shipping address? Oh, here's my here's my home address. If it ever leaks, I better buy a new home. You literally put all that information in the same form. You put the
[01:29:03] Unknown:
you put the home address, you put the email, you put the phone number. You put your credit card information in. It's literally all going in the same exact form, and you share it everywhere.
[01:29:13] Unknown:
Yep. It's crazy. And and, like, there's no way to change your home address.
[01:29:19] Unknown:
Yeah. And you have to you have to move. Yeah. It gets even more fucked up than that because, like, the way our society works is the government essentially you have to go through great lengths to not have that address and databases that have the other identifiers in them as well, even if you're not providing them to a specific service. If you're providing a phone number to a specific service, there's a good chance that your home address is attached to that or your name or your your name plus your age plus a general vicinity you're in. It's a whole that's a whole rabbit hole in itself trying to and, like, in America, we have this advantage that you can actually buy a home under an LLC, to mask who the the owner of the home is.
But you have to basically go through these very deliberate steps to protect it.
[01:30:13] Unknown:
Exactly. I recently spoke to an attorney to ask about the home buying process, privately, and she's like, well, you can use an LLC or you can use a trust. But here's the thing, there's 2 things. This this is probably a little off topic, but I find it really interesting and I think it's It's on topic. For people to know. You can buy a home and put it in a trust. And, yes, the title of the home is in the trust, but the second layer that you really need to be careful about is how you're financing the home. If you're getting a mortgage, there's no way to get a mortgage through a trust. So the mortgage is public information. Anyone can look at the previous mortgage history of a home. So you can get a house, put it in the trust, and that the title's private, but not the mortgage. So, essentially, you're having to buy a home in cash unless your LLC is able to get its own mortgage.
[01:31:05] Unknown:
Yeah. Yeah. That's, yeah. The it's a it's a very difficult and deliberate process that you have to basically take. And then you have to protect that information after the fact. Then there's no you don't put your shipping address in places. You know? You have to and, like, the the mortgage process in general is that literally just gotta pull your pants down and give them everything. And then who knows how securely that bank is actually storing that information? Definitely not securely. So so it is a mess it is something we talk about a lot because, you know, in America, hopefully, it's not as bad, but in certain countries, you know, you don't want Bitcoin specific stuff shipped to your house.
So you wanna look into PO boxes. You wanna look into remailers, which are basically VPNs, but for physical mail where you're trusting them with all your information. But ideally, outside services only see you going sending it to the re mailer's address, and then it gets shipped to you. UPS stores, all these different tactics you can use to try and, mask mask your home address as another identifier that's in these systems. Another service that is, I would say is, like, kinda unicorn y is have I been pwned.
[01:32:28] Unknown:
No. It's a good one. Yeah.
[01:32:30] Unknown:
Have I been pwned.com to the freaks. If you put in a identifier I think I think it's based on email address as the main identifier. You put in your email address, and it'll tell you, if you've been in any any major leaks. And if you do that, I mean, you should connect with a VPN because, otherwise, you're telling, have I been pwned your IP address connected to that email address. But if you do that, you are gonna be very alarmed. There are compromises that happen constantly, and it could be that I, like, I went to great lengths of protecting my previous address, and I, like, nonchalantly bought a a ticket to to a concert, and the concert venue got compromised. And I didn't remember doing it, and I just fucked it. I fucked that up.
And have I been potent? Let me know. And I was like, fuck. And it was like it just completely compromised everything. But that's one of the advantages of renting that people don't really think about. Like, if you constantly move around, it does add a lot of noise to the to the pool of data out there.
[01:33:42] Unknown:
Definitely. Also, I well, 2 things. 1, bonus points if you're using a password manager that, auto checks haven't been found. My KeePass client does that, which is really neat. That is awesome. Yeah. Every day, it just checks haven't been pwned, and it'll notify me if any passwords or emails were found in in a breach, which is really sick. Aside from that, something else is, I'm I feel like KeyPass client is that? I think KeePass XC does it, but I know for a fact StrongBox does it. The StrongBox is Apple specific.
[01:34:19] Unknown:
No. By the way, Freaks, KeePass is spelled key keyepass, not keyypass. And there's, like, a 1000000 clients of it.
[01:34:29] Unknown:
Yep. It's kind of like matrix. If any of you know matrix, you can use, like, any client. It's like a sort of decentralized model. Something else, I'm sure you've heard of it, especially if you listen to, Seth's opt out podcast, but, SimpleLogin is just next level tool for protecting your email. I don't give any person thing website my real email address ever. It's always a simple login alias. That way my actual email is never shared with anybody. And then the cool thing is if that email still gets exposed, I can transition the host email and still keep all my email aliases through SimpleLogin. So SimpleLogin is like an email aliasing service. So you can have an email set up for every single service you use on the Internet, and it's compartmentalized accordingly. It's like a VPN for emails.
[01:35:26] Unknown:
Do you think that metaphor is good? Metaphor.
[01:35:31] Unknown:
I'm trying to find a better one. It's like a re mailer. Right? It's like a Kind of. Yeah. Yeah. It's like a,
[01:35:37] Unknown:
because you're obviously trusting SimpleLogin with that information instead. Yeah. Trust model wise, it's similar to a VPN.
[01:35:44] Unknown:
Yeah. So, like, a way I use it is, let's say my my actual email let's I'm just gonna use Techclore because it's public and easy. I I know this, so it's very easy for me to share it and I there's no risk. But our like, our Techlore email support at techlore.tech. If I didn't if I just opened that though and I didn't want it to be shared with anybody, I would link that to simple login and then, they'll generate an alias. So it could be school at alias.com, and I give that to my my school. So then my my school only has that school, but everything they send goes to my normal email inbox, and I can still interact with it. Yeah. I'm I'm kind of all over the place with that explanation, but hopefully just check out their website. They do a better job. And also, we have a review of it too on TechFlow. Do they accept Bitcoin?
I believe they do. Let me double check, but I'm pretty sure they even accepted Monero as well. So you should have multiple. Because a lot of these services, it's like you know, and then you provide them your credit card and billing address. No. SimpleLogin's open source, and you can self host it too. Oh, that's awesome. Yeah. Let me let me find their, That was not on my radar. Oh, yeah. So it's funny because, I feel like it hasn't quite, like, seeped its hands into the crypto world yet because Seth also, hadn't heard of it before. And he tried it and he doesn't stop talking about it now.
Let me see. Payment methods.
[01:37:18] Unknown:
What? Are you checking the payment methods on SimpleLogin right now? There was one other thing I wanted to talk about. I think we might have lost Techlore. Let's see if he comes back. It was the most recent episode on Opt Out. Thank you, this douchebag, for letting us know that. Yeah. We did lose Tech Lorry. He'll be back in a second. Yeah. Go check out Opt Out podcast if you haven't already. I had Seth on dispatch, previously. Yeah. Techlord's Internet went out. He'll be back in a second. But definitely go check out Opt Out. In the meantime, freaks, if you wanna throw more questions in the comments, feel free to do that. It looks like it's just me on right now.
But when Henry comes back, we can answer those questions. Or if I can answer them, I will answer them. Someone is asking Jonah is asking about the Calix hotspot. I haven't really had too many issues with the Calix hotspot. It's it's pretty cool concept where they give you this this mobile hotspot, if you contribute to their their foundation, their nonprofit foundation. It obviously feels nice to support, privacy focused work, and then you also have the advantage of of getting this hot spot. The major negative of the hot spot is I believe it uses Sprint and T Mobile, the combination of the 2. So those you know, their reception area is is definitely a worse reception area. So you will have some reception issues if you if you're using that hotspot.
How's it going, Henry? The spooks got you?
[01:39:47] Unknown:
Yeah. I should be back.
[01:39:50] Unknown:
Yeah. We hear you now. Cool.
[01:39:52] Unknown:
What I miss?
[01:39:54] Unknown:
I was just trying to run with it. I didn't realize simple login was the most recent episode on opt out.
[01:40:01] Unknown:
Yeah. You should check it out. What I don't know when I cut out, but pretty much they accept crypto, but unfortunately, they use Coinbase Commerce. So I don't know how popular that'll be. But that that means they accept Bitcoin. Did so they actually don't accept Monero?
[01:40:17] Unknown:
No. They do not. Bitcoin based com wow. So Seth loves them despite that. He's a However,
[01:40:23] Unknown:
Seth is very, pushy with Monero, and I think he did tweet saying he did get them to accept it. So, yeah, he only emailed them. He is very pushy about Monero. So
[01:40:33] Unknown:
Yeah. If anyone can do it, it's him. We were talking about the Kellogg's hotspot.
[01:40:38] Unknown:
The reason I cut out. Oh, is that what you're on right now? Yeah. It it ran out of battery. I ditched my home Internet. I don't even have home Internet anymore, so I just use the Calix hotspot. It's fantastic.
[01:40:51] Unknown:
There you go. It is really great, but I I was talking about how my major my major negative about it is that it's I think it's Sprint and T Mobile they use. Yep. So the reception area isn't as large as, the other two majors as AT and T and Verizon.
[01:41:10] Unknown:
Yeah. It'll it'll vary. I have fantastic Internet at my home. It's better than what I'd get from my, Internet service provider, But I don't have to deal with don't have to deal with the assholes, though. I recently moved, and I have gigabit. So I so I'm very happy with it. That's nice. Very nice to have.
[01:41:30] Unknown:
What, have you ever so Calix hotspot is cool because it's it's it's unlimited. Have you ever hit, like, the point where they've started throttling you?
[01:41:39] Unknown:
No. They've never so Nick Nick Nick Merrill, the the the guy who is the founder of the Calix Institute, he's never had someone throttled. He's had people download, like, 5 terabytes in a month and nothing happened.
[01:41:54] Unknown:
So Yeah. I I did, like, a year of nomadic life, and I used it heavily. But I you know, whenever a company tells me something's unlimited, I always just assume there's a catch.
[01:42:03] Unknown:
But I never hit the throttle point myself, but I thought maybe you did. Nope. The most I've done is, like, I think, 400 gigs in a month, which is not even enough to to cap a normal ISP, which, by the way, is completely, like, nothing gets me more riled up than my ISP because, you know, you're paying premium for this service and they're throttling you to, like my previous one is throttling me to 1.1 terabytes a month.
[01:42:29] Unknown:
Yeah. It's fucked up. And a lot of them throttle even lower than that. I mean, I have buddies in Australia that's really bad. And then they they they spy on you, like, crazy amounts, and they have so much personal information on you. Yeah. Especially in this country, there's, like, not that much competition among ISPs. That's a whole different can of worms, and we're kinda wrapping up here. Before we wrap up, yes. Someone ask, also ask this question. I wanted to talk about SilentLink a little bit because I I love their service, and you mentioned it earlier. Do you use Soundlink? You like Soundlink?
[01:43:12] Unknown:
Yeah. I just I recently started using it the last few weeks. I just put out a review of it on Techstar actually. And, like Yeah. It was on Bitcoin TV too. Yep.
[01:43:22] Unknown:
I watched that review. It was great. I I love I love when something like that happens because I had started recommending silent link to people, and I was like, do I have to make a review about it? And then you made the review, which is even bet like, they I guess so much better when other people make the reviews, and you can just tell people to go to those.
[01:43:40] Unknown:
Yeah. Or just everyone makes a review too. I mean, that it's nice when you get multiple perspectives on things too. But it is nice when someone's already done something, and you just don't wanna touch it. And it's like, here. Just
[01:43:52] Unknown:
Well, the thing about, like I mean, you know this more than anyone. Like, the thing about reviews and guides is they just break so often because things change.
[01:44:01] Unknown:
Yeah. So you're like a never ending update loop. I I would not know what you're talking about. No. No. Don't know what that means. Never heard of that before.
[01:44:10] Unknown:
But, per our earlier conversation about phone numbers and how they leak all this information from you and people don't change them often, silent dot link is a great service that offers you something called an eSIM. So you have that, like, little SIM card that you stick into your device, into your phone, that gives it its phone number and connection to cell towers. Silent.link supports this new concept called esims. So you can pay them Bitcoin and you can just without giving them any personal information, no email, nothing.
They will give you a phone number with data access, and you just download it directly to your phone. And I think it's Android only. Right?
[01:44:58] Unknown:
No. It's just it's just eSIM. So it should work on iPhone. IPhone support eSIM as well? Yep. Some models. Make sure to check which model you have. I'm fairly certain that as long as the phone supports eSIM, then silent link will work. Also, it's a real number, people. It's not like, like, I I like my pseudo and I like Hush. I like these disposable burner apps, but a lot of websites will know that you're using a burner app and they'll they won't let you register for accounts you use. But silent link is an actual real number that you'd get from Verizon, AT and T, or any other cell carrier.
[01:45:32] Unknown:
Yeah. So that link is fantastic. Like I said, you could pay with Bitcoin. Obviously, another option you have is to to actually buy a prepaid SIM with cash, which has a lot more friction. A lot of the providers, like, require a bunch of personal information, and it's not necessarily obvious which ones do and which ones don't, at the time of purchase. And then another service I really like is textverify.com, which also accepts Bitcoin. I heard that one. That one's a little bit different. They will give you a disposable number that's one time use only. But you basically pick which service you're gonna use it for.
And whatever they're doing in the background, like, they know, which services are blocking which numbers on which lists, and they'll give you a number that works. And, like, I've used it with Twitter. I've used it with a bunch of other services. So those those are, like, those are are are literally, like, they burn immediately. You use them once, you get the code to verify yourself, and then you can't use it again. The nice thing about silent.link is, like, you can use it for a couple months and then get a new one and get a new one. So definitely go check them out. Really cool service.
[01:46:58] Unknown:
I just bookmarked, text verified too. It's really cool. I've heard of them before. Text text verified is fantastic.
[01:47:06] Unknown:
I don't someone's asking if you can use it with signal. I'm not sure. But if you go to the website, it'll tell you what services it supports. I would not use it with signal. I would use silent dot link with signal. Yes. Because the other thing is someone mentioned in the comments, these services that these these services that rely on phone numbers, like WhatsApp, if you get a recycled phone number, then you might be able to get access to other people's accounts that they've already used. So you wanna be careful with the with the recycled phone numbers on high value services, stuff like signal.
I guess with signal, it's not as bad, but with WhatsApp, I guess there's some history that you get. With signal, future people might message there, which would be pretty bad, but they won't get message history.
[01:48:02] Unknown:
It will. It will. We don't recommend it for all the reasons that Matt just said, but it will work. Signal has very, almost no checks on the numbers you provide, which is really nice because you can even use my pseudo or something like that. Absolutely. Text verified definitely works.
[01:48:19] Unknown:
Yeah. That's textverified.com. Someone's asking what that is. And then the other one is silent.link. And all these services, you should use with a VPN, With with, with text verified, they do require an email address. So be very careful about which email address you provide there because, obviously, that is linking. Just linking your email address to whatever you're using it for. Yeah. They I'm on their website now. They do support signal. They support a a huge amount of services. Okay. Well, I really appreciate your time, Henry. Thank you so much, for coming on. I appreciate all the work you're doing. Before we wrap up, do you have any final thoughts for us?
[01:49:13] Unknown:
No, man. This has been a lot of fun. I think that what you're doing is great. You're putting great projects. You're spreading great education to these people. I think it's great that so many people are getting pricing security education now. Just beyond us, just really anyone, it's really fantastic. So, thanks for having me on, and really thanks for everything you're doing.
[01:49:34] Unknown:
Yeah. It's, I mean, it's it's it's super promising. Just there's just so much good content out there right now, and I hope to see more and more of it. And thank once again, just thank you so much for all the work you do. Thank you for all the freaks who joined us today, and, I'll see you next week. Thanks, Henry.
[01:49:56] Unknown:
Thank you too. I don't know if that's
[01:50:12] Unknown:
it.
[01:50:20] Unknown:
City lights. No matter how hard I try, I've come as by. And I'm living from where I've started. Rules of loss in a man of saloons, crazed air force.
[01:53:26] Unknown:
Love you, freaks. Dis I'll see you on Thursday for a rapid recap. Dispatch next Tuesday with Statikus and Open Arms is at 4 PM EST. 4 before PM EST, 21 100 UTC. So join us for that. That should be a great conversation. Reminder, you can find Techlore's content at techlore.tech. He's also got a channel on bitcointv.com, and he's got his his new show, the surveillance report. Definitely go check that out. I love you all. Reminder as always, I mean, I've been saying this, to you guys for years now, but don't get overwhelmed. I know we talked about a lot of detailed things here. Little improvements do help. Cutting out social media use, not using an Alexa, not using a Google Assistant, reducing your Google usage, all these little things, they do add up and at scale, they help everybody.
So just consider trying to take little steps to improve your privacy. It is it is not as overwhelming as it may seem, and we we can make progress, each of us, independently and together. So I love you all. Take care. Have a great week. Cheers.
Bitcoin miners increasing capacity
Migration of Bitcoin mining from China to the United States
Access to financing for Bitcoin miners
Privacy policies and IP address logging
Choosing a secure email provider
VPN recommendations
Libre Wolf browser
Password managers
Browsers and privacy
Operating systems and privacy
Windows and privacy
Tor and Brave browsers
Password management and security
Two-factor authentication
SMS-based two-factor authentication
Protecting personal information during the mortgage process
Using PO boxes and remailers to protect privacy
Introduction to 'Have I Been Pwned' service
Benefits of using a password manager
Introduction to KeePass and StrongBox password managers
Using SimpleLogin for email aliasing
Comparison of SimpleLogin to a VPN for emails
Introduction to SilentLink for eSIM phone numbers
Discussion on the Calyx hotspot
Discussion on TextVerify for disposable phone numbers
