WBD195 Audio Transcription
Beginner’s Guide #12: Bitcoin Privacy & OpSec with Jameson Lopp
Interview date: Monday 17th February 2020
Note: the following is a transcription of my interview with Jameson Lopp from Casa. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.
In Part 12 of the Beginner's Guide to Bitcoin, I talk to Jameson Lopp, co-founder and CTO at Casa, and renowned Bitcoin privacy expert. We discuss Bitcoin privacy, best practices and operational security.
“I think the most important thing is to try to ensure that when those unforeseen events happen that they aren’t completely catastrophic.”
— Jameson Lopp
Interview Transcription
Peter McCormack: Good evening, Jameson. How are you doing?
Jameson Lopp: Doing well!
Peter McCormack: It's been a little bit of time since you've been on the podcast. You were leading the way previously, but we haven't done one in a while, so it's good to get you back. Are you good? You're ready for this?
Jameson Lopp: Yeah, I've got to keep my count up as most recurring appearances.
Peter McCormack: Yeah, I think Tuur Demeester has been chasing you down, but I think this will put you back down in front. So listen, I've been doing this Bitcoin beginner's guide, super simple series, keeping everything as basic as possible. I've covered why you need to care about Bitcoin, I've covered some of the tech, how it works, how you buy it, etc. But now I want to get into the area of privacy and OpSec, and I think we're safe in saying that's the Jameson Lopp bag, right?
Jameson Lopp: I believe so! I've broken new ground in that area.
Peter McCormack: All right, I've put it down as there are five levels of OpSec and privacy to care about. The first one is that you just don't care. The second one is that you have basic care for your online privacy and OpSec. The next one is you have your basic Bitcoin privacy and OpSec. I've got advanced privacy and OpSec, and then I've got Jameson Lopp levels of privacy in OpSec, because I don't know anyone who cares about it quite as much as you.
I don't think we're going to get into Jameson Lopp levels, this is for beginners today, so we're going to try and keep it super basic; the things that people really need to care about. Then what I'll do in the show notes, I'll include links to your various articles and things you've done, and also the previous show we made. So they've got access to further information should they need it. Does that work for you?
Jameson Lopp: Sounds good.
Peter McCormack: So I think a very good starting point is that we're going to have various different people who listen to this show. There's going to be some people who are new to Bitcoin, but we've also got people who have been using this as a refresher course. But for those who are new, for those who have just gone down the rabbit hole, they're working their way through this series, firstly, can you separate out what is privacy and what is OpSec?
Jameson Lopp: Sure. I think most people are familiar with the idea of keeping things private, keeping secrets. Really the best way that I think it was described in a Cypherpunk manifesto is that privacy is the ability to selectively reveal yourself to the world, which means that we don't necessarily need to keep everything a secret from everyone else, but we should have the ability to decide when information gets disclosed.
Of course in today's age, the communication age, information is flowing so freely that this has become a very big challenge and the default is that state that you talked about is not caring because it is very hard for people to care. It takes a conscious effort and in most cases people don't realize what they've lost until it's too late. Of course I have my own story around that, and that has resulted in me going down a path that few have tread so far.
Peter McCormack: So we'll cover that. I think it's good to do a little revisit to that story because it is a very interesting story and you know what, prior to getting into Bitcoin, I didn't care too much, I didn't really give a damn. But I have changed, I still don't have great privacy, but I have pretty good privacy and OpSec with regards to my Bitcoin.
But I still make mistakes, I still do careless things and also sometimes for convenience I have a trade-off. But I think most people are aware of privacy because they have options when they sign up to Facebook, they have a section on privacy and safety, they have that a lot of social media and so I think they're aware of the idea of privacy. OpSec is...
Jameson Lopp: It's a very general thing, right?
Peter McCormack: Yeah!
Jameson Lopp: I mean everyone has windows and they have curtains and you have the choice at any point in time to keep the curtains open or closed.
Peter McCormack: But OpSec is a step up. OpSec is a bit more... You go into a bit more detail about protecting yourself, right?
Jameson Lopp: Yes, this was originally a military term. I believe it really started in World War II era, this idea of operations security. The idea around that is that there were military secrets that if they fell into the wrong hands could be disastrous for one side of the war effort. This is kind of like taking the idea of privacy and then applying it from the perspective of knowing that different information has different potential consequences if it gets into the wrong hands.
So I think a good example of this would be that if you are publicly posting things that are trivial, it's like, "oh I had this for dinner tonight", then that was originally private information, and you then decided to disclose it with the world, but it's pretty unlikely that that information would somehow be used against you, at least at this point in time. It's all about who your adversaries are and what you think people are trying to do to you.
From the operations security perspective, you kind of have to come up with a threat model of who might try to use private information against me and as a result, what is the information that is most important for me to keep secure? So we'll probably go into that later, but it really comes down to what are the most common types of attacks and what is the information that the most number of adversaries out there are trying to get from you and use against you.
Peter McCormack: Okay, great. Well listen, we'll keep it ultra basic to begin with. Let's just forget about Bitcoin for now. It doesn't matter who you are, you should really care about your privacy, it is something that is important. But why is it and why now more than ever should people take an interest in this?
Jameson Lopp: Well the main reason that I tried to get across in some of my posts is that you don't know what's going to happen in the future. You don't know where... Like some data that you currently consider to be unimportant might suddenly become much more important. So for example in my case, I went from being basically a nobody to over the course of just a couple of years having a ton of attention directed at me and as a result, a much higher number of adversaries and people trying attack me, generally digitally.
When it got to the point that someone wanted to find my actual physical address and use that against me, this was a form of attack that I had never really thought about before, that I didn't think was a problem. Not many people consider that to be a highly sensitive piece of information because you give your address out probably several times a day to almost any entity that you deal with and so my case is probably rare and this sort of becoming famous type of case. But there are plenty of examples of that happening really due to social media.
In one example that I give out fairly often is Justine Sacco, who posted a bad tweet basically as she was getting on a plane, and it was a very bad joke and it went viral and basically tens of millions of people got really pissed off at her. By the time she landed, she had all types of digital attacks basically happening against her. It affected her employment, her family, and just really had a cascading effect across her entire life, all as the result of one tweet. She only had about 200 Twitter followers, but this is the sort of asymmetry that we have to deal with today, these unpredictable, unintended consequences.
Peter McCormack: It's funny, I have a little Jameson Lopp who sits on my shoulder now when I'm traveling or going to different places. He sits there and just reminds me of certain things. It's the basics Jameson, like whenever I sign up to free wifi at a hotel or at an airport, I never use my correct email address. I mean we're talking about the basics here, but they always work if you put in a fake email address.
Every single time I do, and then every time when I've left the airport, a hotel, I disconnect the history of that connection to using that wifi from my computer and that's just a single example. I could give a few, but the point being is that by having my own awareness, I carry that around with me wherever I go and just start to consider things. One of the things that might be difficult for people, they might have listened to a bunch of these shows, and it might be a lot to take in all the stuff we go through now.
But I think the real lesson is you have to develop a practice that suits you and just having the awareness, whether you're signing up for wifi, when you're in a store buying something, all the things you're doing, you can leave a trail of information everywhere and you just need to be aware of that and whether you do want to leave that information.
Jameson Lopp: Ultimately, I think most people can deal with and understand some of the more common issues because they are making the news, and that is basically the data leaks. Almost every week it seems like we hear about a new hack where hundreds of millions or billions of accounts and all of their personal information on those accounts got leaked through any number of exploits or just careless configurations on the part of e-commerce people or data warehousing providers etc.
This is, once again, just the result of the information age and how quickly and easily information flows, it's very hard to keep information secure. Once you give information to a third party, you're trusting them, you're assuming that they are putting all of the best practices into place, but really at the end of the day, it's a numbers game. If you're giving your information out to hundreds or thousands of third parties, you're basically guaranteeing that at some point your personal information is going to get leaked and then distributed around.
Peter McCormack: And undoing that is going to be a very, very difficult thing to do. Okay, so if we move on to the next step, because the people who listen to this, they have an interest in Bitcoin, they might have been in Bitcoin for a couple of years and using this as a refresher or they might be brand new to Bitcoin, they might just bought their first amount or thinking about buying their first amount. When we get into the world of Bitcoin, privacy and OpSec isn't really a choice, you really have to start taking this very seriously.
Jameson Lopp: Yes, so once again, you have to really decide what is your threat model. The extreme that some people will go to in the Bitcoin space is making sure that their identity never gets connected to any of the coins that they have acquired. Unfortunately, this is actually an incredibly challenging thing to deal with due to the transparency of Bitcoin and the auditability of the blockchain. You can avoid buying a Bitcoin without having your identity tied to it though that generally requires doing things like over the counter trades or face-to-face trades.
But even if you get to that point, then you have to ask yourself, every time you make a transaction, are you essentially giving away which coins belong to you because the person you're sending money to could potentially look up and see where the money is coming from. So if you want to be 100% private in that fashion, then you basically have to make every spend that you're sending to someone go through a mixer or some other obfuscation method. But for most people, I think that the easy thing, the most important thing to do is just not post your addresses in public places.
This is actually something that I've run into a lot as I've been doing various research of historical events in Bitcoin, is that I've gone back 8, 9, 10 years ago, and back then people were just publishing their Bitcoin addresses and forum posts and leaving trails all over the place and so that was terrible for them. They were very helpful for me when I wanted to basically de-anonymize some of the early adopters in what they were doing many years ago.
Peter McCormack: I'm going to make an assumption that most of the people who listen to this, their first purchase is going to probably be on a Kraken, a Coinbase, a Cash App, it's going to go into be somewhere one of these very public exchanges. I think it's going to be very difficult for these people for day one to operate perfect privacy practices.
But at the same time, when they start, one of the things they need to be aware of, and the thing you've talked to me about before in the past is that even if it's a small amount of money, that can become a life changing amount of money later on. So are there any things that people can do early on? Can they create multiple addresses and distribute their Bitcoin amongst multiple addresses, so it doesn't look like they have too much? Are there any early basic practices that they can do?
Jameson Lopp: There are. Once again, it comes down to who you're trying to protect yourself against. I think if we don't worry about nation state level attackers, then really the most important thing is not to broadcast your addresses all over the place publicly. Also, not to reuse addresses. At the very least when you are receiving coins, it costs you nothing to generate a new address and that means that whoever is sending you the coins can't look up on the blockchain and say, "oh you've received all of these other coins at the same address."
As I mentioned earlier, the flip side, unfortunately, is then when you are sending money to other people, they could potentially look back in your history. You may not necessarily care about that, it just depends on the sensitivity of what you're doing and whether or not you're worried about your counterparty learning more information about you. But at least by having those funds split up amongst more addresses, it would be difficult for someone you're sending money to, to see your entire wallet.
But there are many different types of adversaries on the network that are doing many different types of listening for data, whether it's on the blockchain or the network or harvesting data from various providers like exchanges and so it's hard to stay completely off the radar of everything. I think by keeping a low profile, not associating your real identity with any coins at least on social media, in the public, that is going to get you a lot further than what I think a lot of people do by default.
Peter McCormack: Yeah, so that's something that's difficult for you and I, because we both work in the industry, you work for one of the best companies in the Bitcoin space, I have a podcast, so we're known and we're known people. But some people coming in might see that there's a lot of very well-known names in the industry, but their names are funny accounts with funny pictures. You don't actually know who these people are and one of the reasons is they're trying to protect themselves from such situations and I think it's also worth mentioning that we're not just talking about people trying to hack you here. You run a GitHub page which logs a history of physical attacks on people, right?
Jameson Lopp: Yes and thankfully I would say the relative number of physical attacks has remained pretty low. But what I was more interested in was just seeing if there is a correlation between general awareness of Bitcoin and the physical attacks. There really does seem to be a strong correlation there, and it makes sense because as Bitcoin goes more mainstream then more people, including people who are willing to commit violent crimes or essentially threaten others in order to get their money, are starting to look at Bitcoin and weigh the risk and reward and try to figure out if there's easy money to be made in this ecosystem.
Peter McCormack: Well I've broken down the privacy things that people should care about into three categories. I've got your general privacy, which is your general personal privacy, I've got the specific items relating to Bitcoin, and then I've separated your internet privacy. So let's start with the absolute basics of privacy. One of the things I did do after reading your article on Medium, was I switched off a number of location services on my phone, and I also deleted a number of the Google apps and stopped using most of the Google apps. Why is it that you recommend people switch off those location- based services? And also, what is your view related to Google services?
Jameson Lopp: Yeah, I mean the main problem I have with a lot of apps asking for far more information from your phone than they probably need is that you don't know what's going to happen with that information. We've actually seen several cases where that information is getting collected and then resold to third parties and so once again comes down to would an attacker be able to use this information against you if they can figure out your patterns. I think a really easy thing to look at is well, most people leave their house during certain periods of time to go to work or go to the gym, they have basically a pattern.
So even from that perspective, if someone could view your location over a long period of time, they figure out what your life patterns are and can use that against you to perhaps break into your house when they know that you're not going to be there or otherwise set up some sort of trap because they know where you're going to be at a certain time. That of course is getting more on the physical security side of things, but there are also just a lot of unintended consequences from all of this information coming out.
Usually things that you wouldn't really think about, basically being able to determine private parts of people's lives. Say for example, you're going to a certain store or establishment that might be considered embarrassing, that would show up in your history as well. It's hard to even come up with all of the things that could go wrong, but suffice to say, most people would not appreciate being followed around by like a private investigator that's tailing them all day long, that would creep most people out.
But essentially that's what we're doing, is we're carrying around the device in our pocket and then allowing the data to flow out and basically be investigated by any number of entities.
Peter McCormack:Some of us that have got very used to services that rely on location, Uber, Google maps, various things like that, is there an alternative? Is there a way of being able to carry on using these apps without giving away too much information?
Jameson Lopp: It really comes down to an app by app basis and I've had to do a lot of trial and error with them. In many cases, a lot of these apps actually have browser based versions, and the browser based version usually also works on the mobile phone. It's hard to make a blanket statement about them, but even with things like Uber and Lyft, I found at least using Uber without any location services, it looks really junky but it still works. You just don't get quite the same level of real time updates and everything. I think the engineers at these companies want their apps to work in as many situations as possible.
Peter McCormack: What about in terms of your home and your mail, are the things related to how you consider your house and where you live or where you work and things like that, that you should be especially considerate about?
Jameson Lopp: Yes, though almost nobody is going to go to the level of, I think trying to protect their mailing address. It is actually pretty easy to do, you can set up re-mailing services for probably around $50 a month. The basic idea there being that you are giving away your mailing address every time you buy something online, and in many cases, every time you even buy something digital online. If you're not getting something shipped to your house, people are often giving their address away as a part of the credit card and billing process.
If you don't want to go to the trouble of actually setting up a PO Box or a re-mailer, you can at least protect your address on the billing side of things by using a service like privacy.com for example, which basically allows you to create these throw away digital credit cards. The nice thing about it, other than just the security side of being able to lock down each one of these cards so that each card has a limit and gets locked to a specific merchant, is that the card will validate with absolutely any mailing address that you give to it. So you can put in a completely junk mailing address and the charge will still be processed on it.
Peter McCormack: Okay and what about social media? Because this is probably the place where I think most people are careless. The way they use Instagram, Facebook and Twitter. I don't think we're going to change a lot of people. I don't think we're going to stop people using these services. I know a few who have dumped Facebook, but my expectation is most people are going to continue using them. So is there a way of using them in a more privacy focused way?
Jameson Lopp: For a while, before I completely dumped Facebook, I was using... I think it was called Tin Foil Hat, but there was basically a stripped down version of Facebook app, I think it was basically running the Facebook mobile site through the app and stripping out a lot of the tracking bugs and whatnot. On Instagram, I'm not as sure, I've also ended up dumping that.
But really it's not just about using that single app but actually about your entire web browsing experience and the problem, at least with Facebook and Google and some of the other large tracking sites out there, is that the genius thing that they've done is that they've managed to get their buttons and their tracking code distributed across who knows how many possibly millions of websites out there.
So as you're going around the internet, just minding your own business, these tracking bugs are getting fired, and Facebook and Google and the other trackers can basically aggregate all that information and see a very large portion of your web browsing, your history. So that's why it's actually, I would say, more important that you just set up some decent ad blockers on any browser that you're using so that you're making it harder for these services to piece together all of your browsing history.
Peter McCormack: Can you recommend some specific ad blockers that you think are the best that are usable? I use Brave, and I think Brave is a great browser, but are there any other specific services you would recommend?
Jameson Lopp: Yeah, Brave has some decent ad blocking. In terms of browser extensions, I like uBlock Origin. Also, I'm a fan of Privacy Badger, which is a tool from the Electronic Frontier Foundation. Really I would install all of the browser extensions from the Electronic Frontier Foundation. They also have one called I think HTTPS Everywhere, which tries to force all of your browsing connections to be encrypted for your own good.
Peter McCormack: Yeah, I've got that one. I've got that based on our previous session. Okay, let's get into the Bitcoin stuff now because this is the stuff that's really important. This is the stuff whether or not they listen to what you said about protecting their phone against surveillance and things like that, that's really down to their privacy. But we do want people getting into Bitcoin to really make sure that they protect their Bitcoin, that they don't get hacked. So what are the scenarios and what are the attack vectors that people are protecting against when they're considering their Bitcoin privacy?
Jameson Lopp: Most of the time I think people are just worried about hackers, someone getting access to their machine, whether it's a desktop, laptop, mobile phone, whatever is running their Bitcoin wallet, and just stealing the private keys and taking all the money because it can be gone in a matter of milliseconds and then you can't get it back. So the really safest and simplest thing I think for most people to do is to buy a dedicated hardware device, whether that's a Trezor or a Ledger or a Cold Card, that gets you to the next level of security where your private keys are no longer on an internet connected device.
That protects you from the vast majority of hacking attempts. There are still ways then that hackers will try to fool you to get you to send your money to them instead of to whoever you are trying to send it to. The next level of issues that I've kind of run into after getting to a hardware device level of security is usually just phishing, social engineering, or in some cases, a malware inside of the browser itself.
I'm not a fan of using browser-based wallets, even if they're tied to a hardware device because there is so many things that can go wrong with the browser whether it's from malware or just like a bad browser extension. It's really hard to keep the entire software stack completely free of any bad software. There's so many layers of software now, like no one can really know all of the code that they're running at any given time.
Peter McCormack: I have both a Ledger, a Trezor, actually I also have a Cold Card, but I find the Ledger has the desktop app, which I can use, whereas Trezor tends to go via the browser. If that's the thing you're talking about there.
Jameson Lopp: Exactly, it's not difficult for a bad browser extension to start screwing with whatever's going on in the browser and cause the user to basically be tricked into sending a transaction to an address that gets swapped out at the last second. If you're not being extremely diligent, there are a lot of things that can go wrong. But the nice thing about these hardware devices is that if you are a diligent, you can verify the amounts and the addresses of where your transactions are going on the actual screen of the hardware device. The likelihood that the software or the firmware on the hardware device has been compromised is extremely low.
Peter McCormack: That's one of the things that I've been encouraging through this series, that if you get into Bitcoin, you really should consider getting a hardware device. You don't want to keep your Bitcoin on an exchange because that comes with a number of risks, so if they do go down that route, if they do venture into getting themselves a hardware wallet, there are a few things they need to do to protect themselves there.
So the basics are protecting your private keys, we know that, but in terms of protecting their private keys, there's a number of different ways they can do it and you've got some famous tests. One of my sponsors right now, CypherWheel, have been through your tests, but you've got these famous tests for testing these devices. So can you explain what these key management tools are and what you should be considering when purchasing one?
Jameson Lopp: So the downside to the hardware devices is that most people are using them in a single signature setup, which basically means all of your keys are on that one device and so this, of course, is a single point of failure. If the device screws up for any reason or it gets destroyed, then you've got a problem. So you have to make it a backup of basically the seed phrase data that is used to generate all of your private keys and then this turns into a huge question of well, how do I keep that safe? How do I make sure that it doesn't get destroyed?
I've done a number of tests on various metal devices that are meant to withstand natural disasters. It's not necessarily intuitive which ones are actually the best. In my experience, it's not necessarily the most expensive ones that are the best. So I've got a whole website that's dedicated to me testing both heat and acid and crushing and how well these devices hold up to those different forms of stress.
Peter McCormack: So I'll share that out in the show notes so people have access to that. But if they're not totally aware of what we're talking about here, is when you set up your wallet, you are given a number of seed words, a number of words that you need to store in order to restore the wallet should you lose it, should it be damaged. Now these devices tend to come with a piece of paper inside where you could write that down.
But if you write that down and you hide it away in your house somewhere or at a friend's house, a piece of paper is easy to lose, easy to become damaged. But what these devices do, they allow you to actually usually with little kind of metal letters, is actually recreate all the seed words in the device itself. Now, are there any best practices about how many of these devices you should have, where you should store them? Any advice on that?
Jameson Lopp: Yeah, so this is where things start to get complicated and you once again have to decide what you're trying to protect yourself against. But even with a standard seed phrase, if you put it on a metal device, then a physical attacker that gets a hold of that would be able to sweep all of the funds from your wallet. You can of course create multiple copies. You can create as many copies as you want, but then you have the security aspect. You now have to start thinking about physical security, again which is a fairly well-known problem. But if you're trying to make it so that a physical attacker can't sweep the funds off the device, then you have to do one of a few things.
An easy option that a lot of people go with is they just add a passphrase to their seed, which is generally supported by these hardware devices. But that basically means that the seed phrase requires all the words you wrote down plus some other passphrase in order to actually derive the keys. Now, the problem then is, well, where do you put the passphrase? How do you back that up? It kind of turns into this never ending like Sisyphus cycle of things that you have to keep securing. What I like more than that is just splitting up your keys.
There's a couple of different ways to split up the keys, there's one thing called Shamir's Secret Sharing, which never really had a good standard until recently. Actually Trezor has created a standard around that, though I'm not aware of a ton of people that are using it yet. Another option is to use something called multi-signature, which is where you basically you create a wallet that is comprised of multiple different seed phrases and multiple different devices and that allows you to securely have multiple different sets of keys in different locations so that even if one set of keys gets compromised for any reason, that attacker will not have enough data to actually sweep the funds out of your wallet.
But you start going down a whole rabbit hole here, and ultimately you get to the level of what we've done at Casa, which has resulted in basically a 40 page long documents around all of the threat vectors that we've thought through and how we mitigate them all.
Peter McCormack: Yeah, what I would say right now is that like people listening might be thinking, "God, this sounds so complicated, there's so much to do." But really I think what we should say is that your privacy processes and your key management will develop as you go down the Bitcoin rabbit hole. So you might buy your first few dollars, $50, $100, and actually keep that on an exchange, which isn't best practice, but isn't the worst scenario in the world.
But maybe you buy some more and it grows to a few hundred dollars or $1,000, and then at that point you maybe get your hardware wallet and you transfer it to that, and then you just start investigating ways to manage your private keys. But I would want to say that people shouldn't be too scared off by this. It's like a learning process, right?
Jameson Lopp: Well, yeah. It's really no different than securing anything else of value where the level of value that you're trying to secure will dictate how much resources and time you put into trying to secure it. So people don't put a ton of resources into securing their wallet that they carry $100 around in. If you lose that wallet, then it's not a big deal, it's not the end of your life. That's the same way that I tend to operate with my spending wallet of Bitcoin, my hot wallet on my mobile phone. It's only a few hundred dollars, it doesn't need to have an amazingly high level of security.
But ultimately, if you have been in the space long enough, if you're a really long-term holder, then you may have a significant fraction of your net worth in Bitcoin. That's the point at which you start to think about all of these really crazy attack vectors that are highly unlikely, but because they would be catastrophic to you from a financial standpoint, you start to entertain even the slight likelihood of a crazy scenario happening, and how you might be able to mitigate that without too much trouble.
Peter McCormack: One thing we should talk about here that is something that's happened quite a bit, it has happened to quite a few people, is SIM swapping. Could you explain what SIM swapping is and what people can do to help prevent against that happening?
Jameson Lopp: Essentially, it seems to be an American problem, but the problem is that the cell phone companies, at least in America, have made it incredibly easy for someone to take control of your phone number and basically swap the ownership of your phone number over to a different device. Now maybe this is happening because people are social engineering the companies themselves, but I think in many cases it's happening because employees at the companies are getting bribed to do this.
So if we assume that the company and employees at the phone company are compromised, then we should not use a phone number as a security mechanism for anything. That basically means on any of your online accounts don't have SMS based two factor authentication. Don't allow for account recovery based upon SMS, if that's an option at all and really preferably don't put your phone number in any online accounts. It's probably the safest way to go about that.
Peter McCormack: Every time I access my Gmail, that keeps popping up with a little pop up saying, "would you like to add a backup phone number?" And no, I don't. I used to have it on there, but again, after our previous session, I went through every service I had and removed my phone number from it. Also, this comes back to your other point whereby if you're talking about Bitcoin and you're being public and you're leaving bits of information everywhere, it might be quite easy for someone to find out what your phone number is and which service provider you are using.
Jameson Lopp: Exactly and so really the only way that I've been able to really solve this problem is to not even know my own phone number. My phone that I'm using regularly has a SIM card that I purchased anonymously with one of those throw away online credit cards, throw away name etc, so they don't know the identity of me, the SIM card holder. I don't know the actual phone number that is tied to the SIM card.
Then when I have to give out a phone number, I use this other proxy service that essentially forwards to the real phone number and that allows me to actually create many different phone numbers so I don't even have to give out the same virtual phone number to all the different providers and different classes of people that I'm interacting with.
But this is, once again, kind of going down a deeper rabbit hole. For most people, if you don't want to go to all of that trouble, and you're in the United States, I would say the most secure mobile phone provider that I'm aware of is Google Fi and to date I am not aware of anyone on Google Fi ever being SIM swapped. That's what I was using for a number of years before I went down this alternative more complicated path.
Peter McCormack: Well that's a pretty good recommendation. I think we should also say that we're not saying to people that you shouldn't use two factor authentication, we're actually saying the opposite, you really should be using it. But you should be using a tool like Google Authenticator, and always in every scenario avoid using SMS two factor authentication. But some people might not even know what two factor authentication is, so should we explain what that is?
Jameson Lopp: Yeah, it is exactly what it sounds like in that it is a second factor. So your first factor of authentication is generally going to be your username and password. So that's something that you know, you can then use a number of different tools for a second factor. On many phones, there may be some sort of biometric two factor authentication to get into various apps or unlock things in the operating system. For web-based services, for a long time SMS was the default. We seem to be moving away from that, but you can do something called a TOTP, which is Time-based One Time Passwords.
Usually people use Google Authenticator as a mobile app to manage those. It's basically the 30 second rolling six digit codes. What's even better though is actually using dedicated hardware once again. So just like we recommend dedicated hardware devices for your Bitcoin wallets, I also recommend dedicated hardware devices for your two-factor authentication.
A really good one is the Yubikey, which supports both the U2F standard, and even can also support the rolling code passwords via the Yubikey authenticator app. That way you're actually not storing those keys on your mobile phone anymore, you actually store them on the Yubikey itself.
Peter McCormack: Another thing people can consider when going down the Bitcoin rabbit hole is running a node. It's something they're going to learn about early on, it might be a bit intimidating, but what are the benefits of running a node, and how does that help support privacy?
Jameson Lopp: I kind of see it as two different tiers of operating on the Bitcoin network. The first one being holding your own keys, that gives you the first real level of sovereignty. If you hold the keys no one can take your money, only you really control your money. But then the question becomes what is your money? What is the state of the Bitcoin network? And that's where you get to this second level of sovereignty, which is validating everything that's happened on the Bitcoin network yourself to make sure that nobody's breaking the rules.
If you aren't validating the history of all the transactions on the Bitcoin network, then essentially you're trusting someone else to validate them for you and in many cases, that may be okay. A lot of people use SPV wallets, which kind of have a miner based trust model that the majority of miners are being honest and so on and so forth and there's trade offs to all of these things. But running the node not only gives you that level of security that the rules of the network are being followed, it also allows you to query your node directly for the transactions and balances that are related to your wallet and this is something that I think very few people are doing.
As a result, they're going out and their wallet software is querying some other servers, some other nodes, and basically saying, "give me any transactions and any balances related to all of these addresses" and this is a potential network eavesdropper style privacy leak because you don't necessarily know what server is out there that you're connecting to, what nodes you're connecting to, and who's operating them.
It's practically guaranteed that a decent number of nodes on the network are probably being operated by companies like Chainalysis that are trying to identify wallets and end users who own those wallets. So if you are doing that, then at the very least, you probably want to be doing that through a VPN or through Tor to try to mask your real IP address and not correlate your IP address with the addresses in your wallet.
Peter McCormack: Okay, that's a good segue into internet privacy because there's a number of things you can do. A number of things I've changed personally since we did our show. I've talked about this now, with regards to your PC and your setup, what are the basics that everyone do you think should be using? Would you say a VPN is basic? Would you say Tor is basic? Do you think that they are things that people should be considering?
Jameson Lopp: I wouldn't normally say that Tor is basic, though I believe Brave has actually done a great job of making Tor basically point and click type of solution. Now you can basically open a Tor browser tab very easily in Brave. But a VPN is something that I think most people should be using simply because it is protecting you from exposing your real home IP address, which it gives away your rough geographic location.
It also is a fairly unique like finger printable item that can be used to correlate other things that you're doing online. So if you're using a VPN, then you're most likely going to end up using a shared IP address that has a lot of other traffic going through it. So that should also help you kind of hide in a crowd from that standpoint.
Peter McCormack: And the VPN, would you recommend that something that's on the whole time when they are using their computer, or just for specific activity?
Jameson Lopp: I would definitely say all of the time is preferable. But this becomes another issue because people have many different devices. What I have ended up doing myself is not having the VPNs configured on every single device, but rather configuring them at the router level and that way my home router ensures that all of the traffic that is going out of my home network is going through a VPN. Unfortunately, this is way beyond a basic level type of thing to configure. I'm not aware of any off the shelf retail consumer network routers that make it easy for you to set up a VPN at the router level.
Peter McCormack: Yeah and one of the things I've found is... I have a VPN on my computer but with certain services it won't work. For example, Netflix. Netflix won't work if you're using a VPN. So I tend to find I switch in and out for when I use it, but I also actually have a VPN on my phone now, I've actually started using that. I'm guessing you would recommend the same?
Jameson Lopp: Definitely. The one downside that I have noticed is that it's going to drain your phone battery a lot faster because essentially what a VPN is doing is it's encrypting and decrypting all of your traffic at an additional layer on top of the web browser level and encryptions that are already occurring. So it basically has additional computational load that it creates, and whether that's on your phone or your laptop or your router, that also can potentially slow down your traffic. If you need really, really high throughput downloads, then you would probably notice a difference if you're doing it through a VPN.
Peter McCormack: Okay, one of the most important tools that I brought into my setup is to use a password manager. One of the big problems is a lot of people reuse passwords. They might have one they use for everything or one they use for general websites and another one they use for maybe their bank.
But one of the main issues is that if a service is hacked, the hackers tend to brute force, use those logins and passwords on multiple websites to try and access them and try to access your information. So I've introduced a password manager. Do you recommend the same? Do you recommend people introduce a password manager? And is there specific ones that you particularly like?
Jameson Lopp: Yeah, the way that I put it is that you should not know any of your passwords other than a master password to open up your password manager. Additionally, your password manager should be, once again, secured by two factor authentication and preferably hardware two factor authentication. A number of people don't like it because it's not open source, but I've had a pretty good experience with LastPass because it has a ton of these features.
It also makes it really easy to use across different devices, both desktops and mobile phones, and it supports the Yubikeys, it actually supports I think half a dozen different types of two factor authentication. I believe some other good ones are like 1Pass and KeePass, not as familiar with how good they are at the cross device automatic syncing though. That's one of the main, I think, detriments to a lot of the open source password management software is keeping them working across all of your devices and in sync without having a lot of overhead.
Peter McCormack: The one I'm a particular fan of is Dashlane. That also supports multiple devices, laptops and mobile apps very well. Have you much experience with that yourself?
Jameson Lopp: No, I can't say I've tried that one.
Peter McCormack: Yeah, it's pretty good. All right, so listen, we've covered a lot here Jameson. There's a lot for people to take in here. I think almost in some ways people are going to be a little bit overwhelmed here, but if we sink it down to the absolute basics, and somebody was getting into Bitcoin now, what are the absolute things that you would say that you should definitely do straight away?
Jameson Lopp: The most important things that you can do are the free ones really, it's the things that don't require anything other than time and effort to set up. So setting up your ad blockers, setting up password managers, which in many cases are free, though you might want to pay a small like $10 or $20 a year subscription to get additional features and syncing and whatnot. Then depending on how much value you're putting in it, if we're talking more than a few multiples of the cost of a dedicated hardware device, then it starts to make sense to looking into one of those.
The really tricky thing I think about Bitcoin is that there are so many different pitfalls. We can't possibly cover all of the things that could go wrong. Like I said, we have a 40 page paper with a lot of the things that can go wrong on the Casa website. Most of this is really just a matter of time and research and how much you put into like thinking about how to protect yourself. The unfortunate thing is that nobody is going to beat you over the head and make you protect yourself and so in many cases, I think what happens is people are lazy and they do the absolute minimum just to get things working, and they don't think adversarially about all the things that could go wrong.
Then things go wrong and they learn the hard way and hopefully it isn't so catastrophic that it completely puts them off to the entire space in general. But I think you would be hard pressed to find someone who has been in the Bitcoin space for many years who hasn't had a few stories of things going horribly wrong. We all learn the hard way one way or another. I think the most important thing is to try to ensure that when those unforeseen events happen that they aren't completely catastrophic.
Peter McCormack: Yeah, one of the things you can do is you can create that personal plan. Especially they can dig up your article on Medium, that I'll put in the show notes. Then you can just sit there with a piece of paper and a pen, and work your way through it and say, "these are the important first steps I'm going to take." I usually say to people, "look, get rid of the Google apps, download Brave, have a VPN, and have a password manager." I always think that's a very good first few steps. Then in terms of your Bitcoin, move to a hardware wallet, and have a very good key management solution and also just be very careful about how and when you start spending your Bitcoin.
I always feel that's like a very good basic start. But then I always say to myself, like I said, I have a Jameson Lopp who sits on my shoulder, and everything I do, I always just have a double think, is this the bit of information I need to give? What information should I provide in? Am I doing anything stupid? I don't think people should be overly concerned to begin with, they should just develop, like you say, that personal plan for you and then probably what? Review it once a year.
Jameson Lopp: I would say it's something that you need to review whenever circumstances change.
Peter McCormack: That's a good point.
Jameson Lopp: So from the Bitcoin standpoint, it's usually, has awareness gone up significantly? Has the price gone up significantly? The way that I try to give people a perspective on what is the appropriate level of privacy and security, is that if you look at the volatility of the space, not just from the price standpoint but general awareness, is that we can very easily do an order of magnitude change in just a few months time.
If you only set up an appropriate level of security and privacy for what the current level of Bitcoin mainstream awareness is, then you're going to get caught flat footed when there's some major event and all of a sudden there's a lot more attention on the space. So I kind of try to frame it in terms of bubbles essentially, of like you want to be prepared for the next bubble happening. You don't want to have to scramble and make a bunch of changes as the bubble is occurring and as everything is going crazy.
You want to be prepared in general. I think that that's why we actually have a number of people in this space who are kind of a prepper mindset, not just for Bitcoin, but for life in general, is that I think a lot of us have that adversarial perspective where we're thinking about the edge cases and the things that probably won't go wrong but could go wrong. Once again, we're just trying to create our own insurance, if you will, mitigate some of these things so that if the outside event that we don't think is going to happen actually does happen, that it won't be as terrible for us as it would have been if we were completely unprepared.
Peter McCormack: All right, well you've talked about Casa a few times in this interview, it's the company you work at, it's the company you work for. Do you want to just explain who they are so if people are listening and they want to find out a bit more information about them, if they think it might be useful for them?
Jameson Lopp: Yeah, so I've worked in Bitcoin and specifically private key management for over five years now, and have seen a lot of things go wrong. I've seen people shoot themselves in the foot quite a few times. I basically had issues with my own personal cold storage set up, it was just so complicated and really what we have been focused on at Casa is helping people improve their own sovereignty. This is kind of a tricky position to be in because the only way to have the ultimate level of sovereignty and privacy is to do absolutely everything yourself.
But that comes with an extremely high learning curve and you basically have to be willing to turn that into your full time job. What we're trying to do at Casa is to help guide people down the path of basically helping themselves. We don't want to be the custodian and fully responsible for other people's coins, but we do want to be able to facilitate them getting into a secure position of self custody.
We ended up creating this multisig key management application that I believe combines both really, really good user experience in a mobile app, along with the security that you get from both these hardware devices that we've talked about, and from just redundancy and splitting your keys up across multiple different geographic locations. I've basically tried to architect a self custody solution that is as easy to follow as basically tapping through a mobile phone app and following the instructions in the app.
So for people who have a decent amount of wealth in this system and don't feel like they have the time or the technical sophistication to think through the ultimate level of security and robustness, I highly recommend that they check out some of our materials on our website and give us a shot.
Peter McCormack: I agree, I recommend everyone checks it out. Well listen Jameson, it's always a pleasure, love having you on every single time. I'm going to put all the previous shows we've done in the show notes and I'm going to put a few links to some of the materials that you've provided online, specifically your Medium article. What was it titled again?
Jameson Lopp: "A Modest Privacy Protection Proposal."
Peter McCormack: That was it, "A Modest Privacy Protection Proposal". So I'll put that up there. It's pretty detailed, but there are some really useful things in there. So yeah, appreciate your time, hope everything's well, and hopefully I'll get to see you soon at some point!
Jameson Lopp: Great, will see you soon!
