WBD248 Audio Transcription
The Bitcoin Cypherpunk Box with Matt Hill & Aaron Greenspan
Interview date: Monday 27th July 2020
Note: the following is a transcription of my interview with Matt Hill and Aaron Greenspan from Start9 Labs. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.
In this interview, I talk to Matt and Aaron from Start9. We discuss the growing demand for a private internet, retaining control of personal data, encryption and why bitcoin is fundamental to all of this.
“I don’t think you can do the future that we envision, without Bitcoin.”
— Matt Hill
Interview Transcription
Peter McCormack: Matt, Aaron, how you both doing?
Aaron Greenspan: Doing great! Thanks for having us on, Peter.
Matt Hill: Yeah, doing very good. Thanks so much.
Peter McCormack: It's great to get you on. When Eric referred you to me, he said, "You got to check out these guys." I went to your website, let me tell you actually straight away, I really like your website.
Matt Hill: Cool!
Aaron Greenspan: Thank you.
Peter McCormack: Just love the simplicity of it and it kind of suits what you're doing. But I do have a confession. I bought your node, it arrived and I cleared up my office, and I put it away with all my Bitcoin stuff, and I never got around to opening it up, which people will say, "Well, typical you Pete," with regards to a node. But it sat here, and I've actually got to get it set up. So perhaps after this session I'll do that and let you guys know about it.
Aaron Greenspan: That's pretty messed up to be honest.
Matt Hill: You'll be pleasantly surprised when you get to it. It only takes about a minute.
Peter McCormack: Right, okay, well, I'm going to get on that then. Okay, so listen, privacy is very, very important right now. It's a hot topic, and Bitcoin's a hot topic, and we've got a world that's going absolutely crazy. It feels like we're starting to see a shift in the way people are thinking. But I know we're in our own little Bitcoin bubble here. But for everything that's going on in the world right now, these weird times, Matt, you seem to be perfectly positioned as a business that can really provide people with the type of products that they want to live a life with a high level of privacy. How do you feel about that?
Matt Hill: Yeah, that is our overarching goal as a company is to afford non-technical individuals the ability to exist on the internet, whether that is the traditional internet or the Tor side of things in total privacy, without trusting anyone, because that is really the crux of the issue, is that to obtain privacy today in a non-technical user friendly way, you have to entrust your private data and communications channel to a central third party. There are very few avenues for achieving real self privacy, and it requires a lot of technical expertise to do.
Peter McCormack: So you sent me some notes beforehand and one of the things you put in there is privacy is a necessary prerequisite for individual liberty and a free society. Do you want to talk me through this?
Matt Hill: Yeah, absolutely. So privacy affords a few benefits that invariably lead to a free society or a lack thereof if they're violated. So the first one is that it's sort of an insurance policy against political uncertainty. We've seen throughout history that just because something was permissible yesterday or is permissible today to say and do, does not mean that it will be permissible tomorrow. So you may want to have conversations in private today that are perfectly fine, but that you think could become dangerous in the future under a regime change for instance.
So privacy allows you to exist without worrying about who's going to come into office next and use what you said against you. Another benefit is that it protects you against extortion and manipulation by people who know a lot about you. It's sort of like tipping your cards in the game of poker. If your opponent knows your cards, they know how to play you. So if everything I say and do, and everywhere I go is tracked and monitored, the analytics and opportunities for manipulation against me increase likewise. One that's less talked about, but is also very important is that privacy affords an environment for experimentation and tinkering.
So humans, you can see this even with children, I know when I was a kid I valued my privacy very much. That wasn't something that was taught to me, it wasn't an ideological consideration, it was a very biological impulse. I wanted to go off on my own and enjoy my private time and think and perform experiments on building and feel free to make mistakes where I wasn't going to be judged by any onlooker. When you have a surveillance state, that feeling of constantly being watched actually, I think it squelches creativity. Then to the first point, this idea that regime change, I want to bring up a saying that is used very often that I was taught in schools when I was young that I think is very widely misunderstood, which is the very common phrase of, "Absolute power corrupts absolutely."
I think that this phrase is most commonly held to believe that if you grant an individual absolute power, that if an individual rises to power, that they will invariably corrupt, that this individual will become an all-powerful dictator, corrupt person and I don't believe that for a second. I think integrity is a real thing, and that individuals can rise in power and maintain their principles and integrity just fine, and that we have plenty of examples of this throughout history. What doesn't maintain its integrity, what that phrase really applies to is transgenerational political systems, or organizations of any kind, because what corrupts is the changeover.
So if a system has enormous amounts of power, the people in charge of that system today may be totally fine and benevolent and remain that way, but their successors may not be. So over time, systems with absolute power will corrupt absolutely, even if it takes a few hundred, or even thousands of years. So that is what privacy affords, is that you can almost predict with certainty that a system that is growing in power will also grow in corruption and so you need to be very careful about what you do today so that it won't be used against you tomorrow.
Peter McCormack: That reminds me of something Andreas said. I was watching one of his presentations in preparation of my interview with Brian Armstrong last week, and he said, "You lose your privacy today and you are punished later." One of the problems with privacy is that you lose your privacy every day, but you don't pay the price for that until perhaps a lot later, and you can't immediately identify the moment of which your loss of privacy goes for something that is an inconvenience to a deadly risk.
Matt Hill: Yup.
Aaron Greenspan: Yeah, and there are just multitudes of examples throughout history where exactly that happens. New regimes comes into power, culls all of the old supporters, or the supporters of the previous regime, and all of that stuff is recorded in details, in records that are being kept for a long time. That's exactly how you hunt those people down.
Peter McCormack: But I'm sitting here in the UK thinking that's not going to be a problem for me, and I imagine people have sat in the US or Australia or places thinking it's not going to be an issue for them. So are we being naïve?
Matt Hill: Yeah, well it might not be an issue for you, but what about your children and grandchildren? Political systems take time to evolve and corrupt. So we should be planning for the future I think.
Peter McCormack: Can you give me some examples where this has happened in history?
Matt Hill: Oh, boy, concrete examples...
Aaron Greenspan: Yeah, I think one that comes to mind very quickly, the Iranian revolution in the '80s is a great example where you have a fairly democratic and erring more and more towards a democratic... I guess it was a monarchy at the time, but a very liberal and progressive kind of system, which gets taken over, at least the revolution is hijacked by Islamic supremacists, and yeah, suddenly all of those previous academics that were leading that revolution are now in prisons. Yeah, it's exactly the kind of thing that we're afraid of.
Aaron Greenspan: Even this interview being recorded for all time is the exact kind of thing that could implicate us if something were to happen in the UK or the United States.
Peter McCormack: Okay, but this is a public interview, so we've chosen to make this public. What you're saying is that this could affect private communications as well.
Aaron Greenspan: No, that's a good point. We have chosen to keep it public. In this case it's more like yeah, just the fact that it's permanent could be used to implicate us. But yeah, if we were having this communication in private, and perhaps we were... So for example, the Start9 private chat where we're developing these technologies, which are specifically meant to enforce privacy, that's the kind of thing where if those conversations were made public under a regime that wanted to establish a surveillance state of some kind, of course that would be extremely implicating.
Aaron Greenspan: So yeah, having private channels in order to discuss this kind of thing is exactly what gives political dissonance and in some cases political dissonance fighting for freedom against regimes that are trying to take that away, yeah, the lack of privacy makes that really problematic.
Matt Hill: So Peter, also when it comes to financial privacy too, this is what Bitcoin and other privacy networks, and layer two technologies are designed to protect is that money is communication as well.
Peter McCormack: It's a really interesting time for this to happen, and interesting time for you guys to be working on this because we have this explosive acceleration in technology. We've been through the experience of Snowden and understanding that everything is being tracked and monitored by the NSA. But we're also at a time where we've got this massive growth in AI, data storage in the cloud, there's so much going on everywhere with regards to technology. It's almost kind of like we can't come back from this, but it's almost like nobody's really thought through the implications for the individuals.
I think Apple as a major tech company is thinking about this, but we're at this real cross section, and at the same time the world has gone absolutely fucking mad at the moment. We've got a massive growth in surveillance technology in the UK where I live, also with terrible labour laws. So it does feel like Start9 kind of positioned at just the right time for things that I think people are going to start demanding, outside of your typical tech nerds.
Matt Hill: So we have been surprised by some of the feedback and reactions we've gotten from various demographics that we speak with about our product and technology, in that one of the more responsive groups and actually the Baby Boom generation, which is traditionally not recognized as the most technical or on board with the most radical new technologies.
The statement of, "Google is reading your emails," seems to resonate very, very deeply with that generation, I think in part because they can remember a time in history in the not-to-distant past where privacy was a default, that was cash was prevalent and phone calls were made, and wire taps were required a warrant. Suddenly everything that you do is public by default, no warrants are needed for anything anymore in practice and there's this idea that a return to the way things used to be is a powerful concept.
So we have not found our primary support to be just amongst the hard line Bitcoin privacy advocates, but this is a very human issue. This is a very sensitive, human issue that people feel very passionately about, even if they don't understand the implementation, how we're accomplishing it, because at the end of the day, the product that we are selling, even though the technology underneath it may be on the edge, and it is, the product itself is actually very friendly and familiar.
Gary Leland is one of our biggest supporters. He was one of the first people to buy an Embassy and has just ranted and raved about how he was able to set it up and have a full Bitcoin node running over Tor, as well as a private messaging app as well as a self-hosted password manager in a matter of seconds, with absolutely no technical knowledge or expertise of how it was working at all, and with no compromise, no sacrifice in the self-sovereignty aspect of it. There's no trust as part of that setup process.
Peter McCormack: So what would you say to somebody who has listened to this, who perhaps has never really taken privacy seriously? They're not perhaps a Bitcoiner, they have Facebook, they use every Google service, they have all their location tracking set up on their phone. They're, I would say, the kind of person who's unknowingly put themselves in a position where everything they do is being tracked and recorded and perhaps when you explain this, they'll say, "Well, it's not really affecting my life."
Matt Hill: Yeah, so we're not actually out to convert everyone right now, the world is doing our job for us. There is a growing number of people who are seeing invasion of privacy and censorship, by the way, as a corollary to everything that we're doing, as a problem, and who are passionate about finding and implementing that solution, both for themselves and for their loved ones and that market is plenty to sustain us, and it is growing rapidly by the day. Now, the people who are not aware, or who don't care, we think are won over gradually by the world doing our job for us, and through education.
So we are implementing educational tracks so that people can become aware of what the problem is in case you don't know. Deep dives into how our technology helps solve the problem will be available for everyone and Aaron, actually, is one of the leaders on the team in terms of education and his ability to explain this to non-technical users.
Aaron Greenspan: I was just going to say Peter, you made this comment a couple minutes ago that there doesn't seem like there's a way back from the proliferation of data and surveillance that seems to be growing, especially in the Western world. I think some of what Matt is getting at is we disagree fundamentally at Start9. As the internet has become the way that people interact in their day-to-day life, as it's taken on more and more from dating to getting jobs and everything else, there's been no alternative for a long time to putting all of that data out there.
It was the cost that we were willing to pay in order to have all of the convenience and the connectivity that we have today. But at Start9, what we're attempting to do is offer that same exact convenience, the same apps, the same functionality, but served and architected in a completely novel way, which removes that trade off. Suddenly it's your data, it's possessed literally on this three-inch box or whatever. It doesn't leave that box, and it is your data is your private property in a very literal and physical sense.
We think that gradually over time as the apps become better and there are more of them, I just see no reason why... Even someone who doesn't really care about privacy, given the choice between having your emails read by Google or not, supposing there's future parity, it's a no-brainer. So we think as our software gets better, it'll just gradually sort of spread, because it's a no-brainer.
Peter McCormack: All right, okay. So as I said, we're in this kind of weird world at the moment. I'm starting to find that almost the things I expected from more authoritarian kind of countries are happening in the West. I'm kind of worried about the slippery slope that we're heading down in the UK that's happening in the US and there is this growing desire for a sovereign individual. I say it's come out of Bitcoin because it's almost like the money started this for a lot of people.
But I don't want Bitcoin to be the prerequisite, because I think a lot of people are still put off by Bitcoin. I still think it has a reputation problem. But you guys talk about privacy at the base, like this concrete plan for achieving untrusted, uncompromising, and unstoppable privacy is started in the home. So if you were to talk about this layer by layer building up, what are the things that people can actually start doing now, outside of even the money?
Matt Hill: Yeah, so I'm glad you brought up Bitcoin. Obviously that is an important thing to us, and to many. Bitcoin showed how and it was a novel way to assemble existing technologies where the whole was greater than the sum of the parts. Bitcoin is a new thing, it is a new technology, and it showed us how you can achieve decentralized systems, how you can build money in a decentralized way and it is to this day, the beating heart and the battle cry, if you will, of this whole movement, and it is central to it.
I personally consider it somewhat indispensable. I don't think that you can do the future that we envision without Bitcoin, but it is not the whole story. Bitcoin itself is vulnerable on top of centralized infrastructure. The push for everyone to run nodes, for instance, means nothing if all those nodes are being run on AWS and DigitalOcean.
Peter McCormack: Like Ethereum.
Matt Hill: Yeah, exactly like Ethereum, and even nobody's running those nodes. So there's like three nodes and they're running on clouds. It's just you could snip it, and be attack...
Peter McCormack: Is that true?
Matt Hill: There are very few people who run full archival Ethereum nodes, like clients are abundant, but when we were... So me, Aaron, Keagan, Aiden were all at SALT prior to leaving SALT and starting up Start9, and we had to run a full archival Ethereum node, so we know very intimately how difficult that is to do, and how few people are doing it, because we were in touch with members of the Ethereum community as we were setting this up for SALT to get questions answered and get collaboration. It's just very rare.
Aaron Greenspan: It was our dev ops guy at the time who really dealt with the pain of that, made sure that we all knew how painful it was all of the time.
Peter McCormack: Why is it so difficult though? Was it just the volume of data that's being generated?
Matt Hill: Not just that, no. The implementations themselves, so Parity is what we ended up using because... What was the first one, GUESS?
Aaron Greenspan: Yeah.
Matt Hill: Yeah, GUESS just flat out kept breaking during the sync. It couldn't sync a node and this is common. There are just issues with the setup and maintenance and the GUESS nodes, and we switched to Parity and that worked really well. Then that would break sometimes, and so we had backups that were running.
It was very expensive in terms of compute and disc space, and we just had to implement redundancies to make sure that we didn't go down and that was part of why we reached out to Ethereum community was like, "Hey, if we ever go down because ETH goes down, can we plug into your node remotely as an emergency backup?"
And that's how we found out that there were so few people running them, because they were like, "Oh, we don't actually run full archival node." We found out that almost nobody does, in part because of the difficulties and problems.
Peter McCormack: There's probably more examples you can give, but these kind of unstoppable systems of which Bitcoin is one and I also kind of think of Pirate Bay as one as well. It seems to be like whatever they try to do to switch that off, it's impossible. But what can be learned from things like Bitcoin for future unstoppable systems that people want to build, or the things that you want to build? What are the key learnings from that?
Matt Hill: Decentralization at all costs, that is the ultimate uncompromising principle. The second you centralize power, including trust, is the seedling of the cancer. It doesn't mean that it kills you today, it just means that you've planted the seed of demise. So when you think about a decentralized system like Bitcoin running on centralized infrastructure, then in fact it is not decentralized. The enemies of Bitcoin may have to go to more extreme measures to stop it such as actually going to the ISPs, going to Amazon and DigitalOcean and shutting things down, but it is possible.
So you're basically laying the groundwork for a huge battle later as opposed to small battles today and so we're coming in and saying, "We need the whole thing to be decentralized." It's got to be decentralized down to the base. Bitcoin needs a decentralized infrastructure upon which to reside if it's going to remain resilient to increasing levels of attack from increasingly powerful adversaries. So that's what we're attempting to do is actually lay the base layers foundation of a decentralized internet.
I know that sounds like a crazy statement, because again, it is sort of this thing people joke about as like, "Oh, let's just build a new internet," but it actually is possible and it's possible in a non-network effect type of way as in we don't need everyone to buy into the concept of a decentralized internet to build a decentralized internet. You can actually build it one brick at a time such that if you get on board with this concept and this technology, that you gain personal private benefit from doing it even if nobody else in the world is using it.
But then every subsequent person who joins this with you, they don't just get the value of joining the network like you did, you incrementally gain value the more people that join. So it's valuable to begin with, but as it scales, the value diffuses equally to everyone as it grows and grows, and that's the approach that we're taking is that this little device that goes in your living room, yeah, it's a private server, but it's actually one brick of a future internet.
Peter McCormack: Okay, so talk me through the device. Talk me through Start9, and talk me through the Embassy device that you guys have created, because when you say it's one brick and you talk about a decentralized internet, first question is, is this a different place on the internet, or is this how I interact with the internet?
Aaron Greenspan: This is a little bit based on the previous question as well, essentially what we have here is you have a personal server sitting on your... The Embassy really is a casing for it and not only is it a physical casing, but we've wrapped it up in a custom operating system and a bunch of custom software, which essentially makes server management, what is being done on DigitalOcean for example, extremely easy.
So with just the companion app you can install services, which maybe it's Bitcoin, or maybe it's the backend for a messaging app, or the backend for email or data transfer or all kinds of stuff that we have plans for in the future, backend for Lightning, you just click a button, pulls it down, runs that software, and suddenly you're running a full Lightning node just like that. So when you ask the question, "Is it a different internet?" The answer is sort of yes and no. Of course we're riding the traditional internet infrastructure. We haven't done away with WiFi, though we have thought about it, and thought about ways that we can maybe get past that in the future.
But yeah, currently the idea is that we've essentially, in terms of inter-box communication, inter-Embassy communication, when that does take place, perhaps between Bitcoin nodes or perhaps in a messaging context, we've replaced the traditional clearnet internet structure with the Tor network and other sort of privacy-enhanced ideas. So what that means is we're riding the traditional rails, but we're doing it in such a way that you get completely novel properties.
So not only do you have the idea that your data is physically located on this box, when you are communicating with someone else, that is end-to-end encrypted by default, there is nothing to see or read in between those two points during that transition. Not only that, but if you were to cut off and try to examine that message, you wouldn't even know who was talking to who. It's both de-anonymized or it's anonymized and it's completely private from the base down.
Matt Hill: So let me jump in and elaborate a little bit. So when you talk about a decentralized internet, the base layer of all of this is the cables. You're talking about physical telecommunications infrastructure and we are riding on that. It doesn't mean that we always have to ride on that, like mesh networks are a thing and for instance, if there were enough Embassies present in any given geographic area in the future, those Embassies could, with the proper installed, which of course it will be, mesh together and essentially form their own internet, which then could through one radio signal leap get to another internet in the next neighbourhood, and the next thing you know you've actually done away with the physical infrastructure that the internet rides on today.
But that is an emergent property of what we're building that could happen in the future. In the meantime, we're actually using the existing infrastructure because it's just sitting there and ready for it. But we have bypassed, so the layer of the stack that we are really going after is clearnet. We're going after what most people think of as the internet, which is https blah, blah, blah and what we're doing is we're using the physical cable lines and modems and routers to route Tor traffic as opposed to clearnet traffic.
So most people refer to Tor and Tor websites, hidden services as the dark web and what we're doing is we're just leveraging the dark web to do ordinary things. So we're actually trying to make the dark web, 'the web' and that is the layer of the internet that we are trying to replace right now. The fact that replacing that layer also affords us a future prospect of replacing the infrastructure is not lost on us, but it is not a current ambition, because it's not possible today.
Peter McCormack: So the dark web's been misbranded anyway by calling it the dark web and all the stories you read about it is drug deals and pedophiles, but actually what we're really talking about here is a private web.
Matt Hill: A private web, correct, yes. So we would love to rebrand the dark web 'the private web,' which is what it really is. The fact that people sell drugs on the private web makes sense if drugs are illegal in your jurisdiction, but that is not the only use case of privacy clear.
Peter McCormack: Yeah, so let me ask you, what if something happens with my device, it's corrupted or stolen? Do I not run the risk of losing all my data?
Matt Hill: Yeah, so today if you were, say, using Bitwarden, which is our self-hosted password manager that we offer on the Embassy, or a full Bitcoin node that had funds stored on it and you didn't have your mnemonic backed up, and your house flooded or you smashed the thing to bits with a hammer, then your data would be gone, which is not okay. We are still a beta product. The very next feature that is launching with the next version of Ambassador, Ambassador's our operating system, is a data backup tool, that will evolve over time and become something quite special actually.
In the early days we did the first release will be a very simple USB-style backup where you plug a USB in, you click a button, and the entire data of the Embassy, all the service data and Ambassador data's stored on this USB stick, and then you can go store it wherever you want, and you do that manually in the very near future after that release. We're very sort of MVP and iterate-style of a team. We get something out that works and is user friendly, and then make it better and better. The next iteration of data backup to the Embassy will be self-hosted backups in a cloud, wherever you want. So you could host it up on a different Embassy of yours, you could host it on your DigitalOcean instance and you could even put it on Google Drive.
It's a fully encrypted blob of data that just sits on any cloud service provider you want and the changes of both DigitalOcean, Google Drive, and your friend's Embassy all going down at the same time and you losing all these backups is super rare. But it's still a little bit of a manual process where you're like, "Okay, back it up," or, "Schedule a once-a-day backup at this time."
The Holy Grail of data storage, and backup in our case, is this ability to essentially have an automated process where your Embassy is taking data that it considers to be important, because maybe you said, "Oh, this is really important data, crank up the redundancy" or, "This is data that I don't really care much about, turn the redundancy down, it's okay if I lose it" and based on your settings of how important you say something is, your Embassy will automatically, using the Tor network to network with other Embassies similar to other decentralized protocols, be able to store shards of encrypted data on other people's devices and they don't even know about this.
They've turned it on, somebody obviously you need to opt into, you join this network, and my Embassy will now store whole backups of broken up and encrypted data on random people's servers around the world and pay them to do so using Lightning. So I hand you a chunk of data and I'm like, "Keep this safe for me," and I give you some sats. Then every two seconds I'm pinging your server and saying, "Do you have my entire data? Do you have my entire data?" And you can prove to me using cryptography and Merkle roots that you have the entire set of data.
You can basically sign a message, your server can sign a message proving that you have the whole set that I gave you and every time you prove this to me I send you one satoshi. So it's just like, "Here's a satoshi, prove that you have my data" and then if for whatever reason you don't, my device would automatically find somebody else to store it on and start doing that. So this is a very kind of Holy Grail of distributed data storage with financial incentives system that we're talking about that is not built yet, nobody has tackled this yet, but the pieces to make something like this possible exist.
We internally have the ability to build something like this. It would take a lot of time obviously, but we are actually hoping that from an open source perspective, this becomes a big project that lots of people can collaborate on and take interest in. But it's not today, and it's not tomorrow, it's the day after tomorrow.
Peter McCormack: So looking forward, obviously we want financial privacy because we understand the risk associated with people being able to, or governance, being able to track our finances. We want privacy within our communication with regards to emails, we don't want them read by Google. Our private communications, perhaps something would be used as something like a signal, but there's other things such as Telegram, etc. What other things are really important that you think people should be considering related to their privacy?
Because I'll give you another example, location privacy's obviously hugely important. I switched off all my location tracking things on my phone at one point, and actually just made my phone really difficult to use, a number of things I wanted are very useful. The mapping technology is really useful, even doing searches on Google is really useful where it knows where my location is. So sometimes there's a trade off there. How do we deal with things like that?
Aaron Greenspan: Yeah, so in the short term, there's going to be a trade off, and you'll have to make that trade off. In the long-term, and we're talking maybe not the day after tomorrow, but maybe two days after tomorrow, so on Thursday of this week, but in the long-enough term, there is no reason why any feature that you can imagine, so Google Maps with location services turned on etc, there is no reason why all of that software, all of those features can't be hosted in a distributed decentralized fashion across a network of Embassies.
It is just a matter of gradually and slowly, probably over a lot of time, hopefully a lot quicker once the open source community is sort of unleashed on our product with the release of the SDK that's forthcoming, but a gradual migration of these features that we've come to know and rely on from the traditional centralized server back in clearnet web down into the decentralized Embassy-backed or other personal server-backed private web. There's nothing in principle that makes any future that you can see today just not replicable with enough development time and effort.
Matt Hill: Yeah, if you want to get a taste of our roadmap and what the possibilities are, there's a neat GitHub repo called Awesome-Selfhosted, and it's just a huge collection of self-hosted open source software. You start to realize as you look through this list, there's like 1,000 different projects and software that almost everything that you can do in a centralized, trusted, third-party way, you can also do in a self-hosted, distributed, decentralized way. The problem is technical expertise. The problem is that every single one of those projects has a read me that involves a command line, and that requires a server, either physical or cloud-based and that requires an understanding of Linux, and that may require other people to be on the network and you're done before you start.
It's just like a self-hosted project management tool instead of Jira. Well, who does that when Jira's a push of a button and $15 a month? Why would you buy servers and set it up yourself with all that effort? So our roadmap is actually not a 'if you build it they will come' strategy. They're already here, they've been here for decades actually. The open source software ecosystem is rich and growing by the day and most of those projects are founded and run and maintained by the starving artist types.
It's these developers who are passionate about what they're building and put their lifeblood into these projects only to have a few technical people from their Telegram chat run it and provide feedback and contribute, and some obviously are more successful than others. But we trying to unleash things. We're not saying that we're going to build this platform, okay devs, now come and develop for us. We're building this platform that opens the floodgates of things you have already built, such that they can be used by average non-technical people all over the world.
Peter McCormack: And does the device sit essentially between my say, laptop and my router?
Matt Hill: Yes, correct. You interface with the Embassy from either your laptop, desktop or mobile device, and it's all over Tor. So even the traffic between your device and your Embassy, your device meaning your mobile device, and your Embassy is private, encrypted, and secure with no trust or third parties, you are riding on the ISPs. You're still going through the router, through the modem, through the cable, but yeah.
Peter McCormack: But so at the time that I connect it, set it up, from that point on, all my data coming in and out of my property is routed over Tor?
Matt Hill: All of it.
Aaron Greenspan: All of it, yeah.
Peter McCormack: So that's interesting, but one of the problems I've always had with Tor is you slow down your internet usage.
Aaron Greenspan: Yes.
Matt Hill: Sure, that is a short-term trade off that we are very well aware of and know how to fix. So we do not intend to ride on the Tor rails forever. Tor, for us, primarily solved not the privacy problem, the privacy aspects of Tor were a really cool, nice to have. There are other ways to achieve privacy. You can use shared secrets and encrypted lines of communication, you don't have to onion route things. You can do end-to-end encryption by exchanging secrets between devices.
Tor primarily solved for us the addressability problem, which is that normally when you have a device in your home and you want to talk to it from outside of your home, you have to set up port forwarding and potentially get a static IP address from your internet service provider and that in itself is a hassle and a technical feat. It's not crazy, but it is enough to deter most people. So for us, and it's not just about you talking from your phone to the Embassy in your home and needing to find that thing, like literally, it's IP address on the internet. How do you find it?
It's also about Embassies finding each other, Bitcoin nodes finding each other. They can discover each other easily, and without having to worry about any kind of port forwarding or static IPs using Tor. It's a map punching technique that allows us to circumvent the ISPs and the routers and say, "Okay, your Embassy, Ambassador OS, the operating system of your Embassy, and every single service that runs on the Embassy is hosted on its own hidden service with unique .onion URL."
Meaning you can find this thing in the world and through the haze of the internet, through any Tor browser. All you need to do is open up a browser that's capable of resolving .onion URLs, Brave, Firefox, Tor, or forthcoming our own, so hint hint on a product roadmap, and essentially discover your Embassy simply by knowing its onion URL.
Peter McCormack: Okay, so what are the risks with this? For example, say I set up my Embassy, I connect to the internet, but there's going to be certain websites I use where I'm going to leave a trail, whether it's going onto Amazon to buy something, signing into Twitter, something like that.
It feels like whilst you can encrypt the data going in and out, it's very difficult to have a private experience on the net. Is this going to force other companies to change and offer some kind of private experience on there as well, or is it like this acceptance that we have this public and private profile and they exist side-by-side?
Aaron Greenspan: I guess the first thing that jumps to mind is that there are some companies, big companies, the one I have in mind is Facebook actually, which are hosting versions of their site in the Tor network itself, which means you could actually use Facebook in such a way. I wouldn't necessarily recommend ever using Facebook for the record, but there are ways that you could communicate end-to-end in through the Tor network.
Peter McCormack: What's your problem with Facebook? I know it's obvious to others, but...
Aaron Greenspan: Oh sure, this actually touches on where some of the roadmap stuff that you were talking about before and important features to bring down into the Embassy, but the issue with Facebook, and God, I've been reading just a ton about this, it's extremely concerning. It's just the amount of data that's being collected, almost certainly without your knowing it, incredibly and in some ways, somewhat nefarious.
I was actually just reading that the Facebook SDK as of 2018, so this is something that any app that you've ever installed onto your phone that O-offs with Facebook or even gives the option to O-off with Facebook, tells Facebook every time you've opened that app, even if you don't even log into Facebook. You try to O-off with something else, and Facebook knows what apps you've installed on your phone.
So it's just an outrageous... It is its own surveillance state in and of itself and that data is weaponizable, and has been weaponized for hyper-targeted marketing campaigns. That's almost a really generous way to say it. It's hyper-targeted political manipulation campaigns and disinformation campaigns...
Peter McCormack: This is the Cambridge Analytica stuff.
Aaron Greenspan: Yeah, some of that is coming from Cambridge Analytica, some of that's been hijacked by Russia, political efforts out of there. But when you have all of that data in one place, and combine that with machine learning and big data, and all of the AI stuff we have available, oh my God, it's horrifying how precisely you can bombard people with fake or altered or biased news articles or whatever and get them to flip, change their mind, do this, do that.
So we're far away from this, but social networking needs to be brought down to a level where Facebook could say this or that about, "Oh, we're not going to do that anymore", "Oh, we're not going to do that anymore," but at the end of the day, every incentive that they have is to collect this data and sell it to anybody and the only way I can see to solve this problem for sure is to take a social network like that and blast it into pieces all over hosted...
On all of these different Embassies or private personal servers and then there is no single source of data anymore. If you want to know whatever they said in the documentary, 5,000 beta points on people in America, you'd have to go to each person in America and ask for their data, because they're the only ones that have it and that seems like the only possible way this works in the future.
Matt Hill: Sure, unless they've shared it publicly on a social network, like unless they're openly advertising that they stand for or against something, sure.
Aaron Greenspan: Yes, that's true. But the data we're talking about is you could say that, but on Facebook, there's so much more data that's also being tracked. It's what you have liked, it's what articles you've clicked on, it's stuff that you're not sharing publicly. It's just you using the platform and that gives the expressivity, that just enhances the data to a point where it can become lethal.
Peter McCormack: So you envision we're moving to a world where perhaps we stop having public profiles or people maybe choosing now not to have public profiles on the internet, and instead just have some kind of anonymous identity, which they use for interacting with different services. So for example, if I wanted to shop from Amazon, could I have an anonymous identity to shop with them and only share the information I need to for my shopping and get rid of something like Facebook? Or do you envision that that's not really... Because I don't see that as particularly realistic for most people.
Aaron Greenspan: I also don't think you'd be terribly helpful. If you take a platform like Reddit, which is pseudo-anonymous at a minimum, so you have just a user name, and if you do Reddit right, nobody should know who it associates to. Nevertheless, Reddit has a ton of data about that user name. You sell that data and you start advertising to that specific user, whoever that is, and you could change their mind about something, get them to buy a product, get them to vote for a particular candidate, it doesn't matter who's on the other end.
The danger we have is not targeting any single person because they don't like Aaron. It's targeting a single person because they know everything about that person and the way that comes about is because you have a centralized platform that has all of the users in one place. That's the real problem.
Matt Hill: Well it's also vulnerable to say, a hacking instance, like what happened with Twitter. It's not just the targeted manipulation efforts or even advertising, which a lot of people even like to receive ads that are more relevant to them, it's also just this honeypot of data. If I'm a hacker and I want the most bang for my buck, I'm going to attack the thing that has the most bucks and I might put significant resources into that. I might even be a nation state.
Whereas if the data is distributed, the effort of attacking each individual compartment of data might be a little bit less effort than attacking Twitter, say. I don't have to put as much resources into it, but the payout is negligible. You know what I mean? If you had a distributed network of bios, say, that were never meant to be shared publicly, I would have to attack every single Embassy. To get your information, I have to attack you, to get Aaron's information, I have to attack Aaron and so I'm going to spend all my time nickel and diming my way through life, and so the attack surface just sort of shrinks to zero because it doesn't make sense.
Peter McCormack: Yeah.
Aaron Greenspan: Peter, I want to go back real quick to something that you had said a minute ago, where I want to clear up a potential misunderstanding that a listener might have, which is that your Embassy's not acting sort of a gateway, generally speaking, to the whole internet. You don't use your Embassy to browse Amazon.com. You don't...
Peter McCormack: No, I understand.
Aaron Greenspan: Yeah, the Embassy's housing services that are hosted on hidden services, Tor hidden services, and so you would interact with them directly and if you wanted to do something else, you go over to the dark side, the clearnet, there's two different modes of operating, and that they run in parallel, they don't actually overlap. So the way that we view our forthcoming browser actually, the way that we are designing it is to reiterate this concept that I just explained, which is... I'm going to invert dark and light years, like the dark mode where everything you do is being tracked.
You're using the normal internet, and any time you open an app on your phone, anytime you open a web browser on your phone and go to blah.com, and it's all just out in the open, you should assume that everything's being tracked and public. But if you want to engage private mode, incognito mode, you launch this browser, and inside of this browser you are safe to browse these Tor hidden services that are running on your own physical server in your own home knowing that there are no middle men involved, no means of intercepting or investigating the data, and it's sort of a safe place.
It's like a padded room where you can feel free to just kind of do your things knowing that it's safe and then gradually as the functionality of that mode, of private mode grows and grows and grows, it can encroach upon, and then eventually overtake the other mode as feature parity is reached in various applications. Eventually, you sort of toss your phone and you get a phone that engages privacy mode by default and then if you really need to access whatever remnants there are of the existing prior internet, you can engage unprivate mode as a choice.
Peter McCormack: Yes, because I can't envision a scenario where people don't have public profiles and things they're doing publicly. For example, the best parts of Twitter are the discussions between people who have chosen to dox themselves on Twitter, like, "I am Peter McCormack. This is what I do and I represent myself." If everything moves to anonymous and anonymous identities, we know the quality of certain experiences usually with regards to commenting, talking, discussing ideas, the quality drops.
So I can see the scenarios where, okay, I want to be using Bitcoin, I don't want to be tracked, I want this all over Tor, which is great. I can also see scenarios whereby I don't want my emails read or I want to be sending messages. I don't want them privately. I can also even envisage e-commerce scenarios where there's certain things I want to be buying, which is completely anonymous. At the same time, I think there's a whole part of the web whereby there's things that I won't want to be anonymous. But really, this is just like one step up from...
We know incognito mode really is primarily used for people watching porn. But at the same time, what we're saying here is these will be certain scenarios where people will be self-aware now, like, "I need to be in this private mode for these certain things I'm doing."
Aaron Greenspan: Yeah, so let me just speak a little bit to your comments about anonymous versus public profiles, because I think that's kind of getting at it's maybe a little bit of a misunderstanding perhaps of what we could possibly do with these technologies. So for example, depending on the social network you're looking at, so Twitter is a very public kind of oriented network, in the sense that if I just follow you and I really pay attention to everything you're doing, I can pretty much see everything you're doing.
So in a way, potentially I could set up a bunch of bots and I could have them follow a bunch of people, and I could just start to mine data from what is public-facing. In that context, there's not really much that we would be able to do that's just sort of based on the structure of the social network itself. On the other hand, you take a network like Facebook, Facebook is a different story because you can have a public profile where a lot of the stuff that you're doing as a member with that profile is, and should be, private. So you have your messaging with other people, you have interactions with person A that you don't want person B to be able to see.
This is of the privacy that they have, etc and so even though Tor is anonymous, which means that if you were to cut traffic, or intercept traffic between point A and point B, you want to know who's talking to each other, once that traffic appears on the other end and gets decrypted, that could have your public information in it.
So we could do Facebook as public profiles. I would have my public profile, all of the individual servers that are talking to each other are spraying these profiles all over around so we all get a bunch of them and see them and the experience looks a lot like Facebook, but what is private on that platform, which is the stuff that you're doing that I can't see stays private because there's no central Facebook that's collecting all of it from everybody.
So it's really not a distinction between public or anonymous profiles in a social network, it's really a distinction between regardless of public anonymous, what is extracting, what has its octopus hands in every single person's private life and is pulling it out? That's what we don't have.
Matt Hill: The main point here is that, exactly what Aaron's getting at, is that there needs to be a clear distinction between what is private and what is public that you should have to sort of opt into the public side of things. Obviously Twitter only functions as a public forum. Nobody here's arguing that public forums and social media shouldn't exist, and I shouldn't be able to shout to the sky who I am and what I believe. That is crazy to take that stance.
It's that I should know when I'm doing that. I should know what data is being collected by who, and what it's being used for, and the ability to not opt out, but to opt in, in the first place. We are shooting for a private by-default approach to technological infrastructure, and then go in are you wanting to share something now knowing that anyone on earth is going to see it and harvest that data and do analytics on it and advertise to you in whatever way they see fit. It's like, "Yes, I want to share. I'm willing, that's the price, that's the price I'm paying. I want to share what I have to say."
But that the default existence was for thousands of years, and will be again, private by nature. That conversations that you and I have are private, inherently. We don't have to take extra steps, extra technological steps or precautions for it to be private. It should just be private and if we want to share that conversation, like we're going to do with this, it's recorded, and when we want to share it, we can.
Peter McCormack: Are there any risks there that from my property, it is exposed a large amount of encrypted data going in and out, and that would create any suspicion around my property?
Aaron Greenspan: So there are certain places on earth where Tor itself is blocked, exactly for using that type of surveillance capability. Your ISP, if you have lots of Tor traffic coming in and out of your modem is going to be no. They won't have any idea where it's coming from or who it's going to, or why you're doing it, or what the content is. But they can be like, "He's doing private things" and so certain places will just restrict Tor traffic. To get around this, Tor, the foundation has means of what are called bridge nodes where you could cleverly route around them but it's not perfect, and sometimes they're hard to find, and bridge nodes have to be publicly advertised so they can be taken down.
So it's a constant cat and mouse game. So the key here is to flood the network with private traffic. If you make the dark web the private web, and everyone starts using the private web, then it's an all-or-nothing game. It becomes a less targeted approach, where the ISPs can't just say, "Okay, this one person out of 1,000 is using Tor, therefore we can focus on them." If 999 out of 1,000 are using Tor, then it becomes this, okay, you sort of force it to an all-or-nothing game, in which case it's off, as in everything will be allowed because the alternative would be shut the internet down. You know what I mean?
Then everything goes dark, and that's a terrifying future possibility or whatever, but hopefully by the time these technologies proliferate we won't even be riding on those rails anymore. So another product hat tip here is a future version of the Embassy will be a router. It'll be optional add-on feature for a higher tier product, but it will actually double as your home router, which afford us immense capabilities, not only for ensuring resisting censorship, but also managing other home IOT devices, so security cameras, doorbells, door locks, things like that could all be managed on a home land and governed by a brain of the operation without sharing any of that data or information outside of your home.
Matt Hill: Yeah, IOT's a scary place right now.
Peter McCormack: I've heard about heart monitors being able to be hacked with inside people, or baby monitors being able to be hacked, and you can hack into someone's home and look at the cameras inside the home. Wasn't there some weird baby monitor where someone was talking to a child...
Aaron Greenspan: I heard about that!
Peter McCormack: Yeah, but that stuff is scary. That is scary that someone can get inside your home. That stuff does freak me out as an individual. One of the consequences of having Bitcoin is essentially censorship resistance money, which is trustless, permissionless etc, is that it is able to be used by nefarious characters.
We have to accept that North Korea's using this, Iran's using this, Venezuela's using this and I guess there are, outside of personal desires for improving our own privacy, there is the reality that what you're creating also will be used by nefarious characters. How do you think about the morality of that?
Aaron Greenspan: The important thing to start with at least is that we think about it a lot. We take this very seriously. I think there's a bit of a tendency, especially in the cryptocurrency communities to gloss over questions like this. Bitcoin's cool, Bitcoin does a lot of good stuff if it's used for evil, whatever, but it's not what the technology was designed for and whatever, but it's something that we're really thinking a lot about and I think for us it comes down to a variety of different things. The most important one, I'll leave for the end, but it really comes down to what if we didn't make it?
What's the morality around not having a device like this? I think that's the most important thing. But let me say a couple of things before we get there. One thing to note for sure is that we are making something that already exists more convenient. So we're riding on cryptography and protocols that have existed now for 20 years that criminals, whoever these people are certainly know about, it's not like this stuff is completely secret. It takes a fair bit of technical expertise to use this stuff easily, or to use it well, but certainly if your livelihood depends on doing criminal activity and not being caught by having your emails read by Google, we at least imagine it wouldn't be out of the realm of possibility to using this technology already.
What we're really doing is making it more convenient and thus allowing me and you and the non-criminal users of Bitcoin, like most of us, and the non-criminal people in general, we're allowing them to have access to the exact same defences and tools that otherwise criminals have and that actually protects us from those very criminals who may be organizing stuff like hacks on Twitter, or hacks on centralized clearnet stuff. So it protects us from them, and it also protects us from all of the government overreach and the corporate overreach that we're seeing all over the world.
So that's an important point is that this stuff already exists, and there is the potential that we're sort of enabling some small-time crooks to get access to some technologies that otherwise they don't have the expertise and don't have the time to learn, but the benefits, I think, massively outweigh that. So yeah, I've been looking into a lot of the ethical arguments around this stuff in order to be able to deal with that question well, and to convince myself even that this is definitely on the right side of history.
So a second thing to definitely look at is legal precedent in the various countries in the world where this may be useful. In the United States where we're selling first, and where it's, in some sense, the hardest sell because we have a lot of liberties that are protected. It's very interesting that the Fourth Amendment here, which is the protection against unreasonable search and seizure just neatly and without any sort of debate as far as I'm aware, I'm not a Supreme Court justice, but based on my readings of these cases, just very neatly puts what we're doing as protected by the Fourth Amendment.
So stuff like currently what's called the third-party doctrine, and I don't want to take things too far off the rails, but it essentially says that when you custody information with a third party, the government can gain access to that information without a search warrant. So based on the fact that you are sort of giving this information away freely, it can be argued that you're not treating it as private information, and if you're not treating it privately, then the government doesn't need to get a search warrant in order to look at it. It's sort of in plain view in some sense.
No such argument can possibly be made for what we're doing at Start9, because there is no custody in third party, and so to even attempt to look at an Embassy or the traffic between the Embassy, to even attempt to decrypt or to understand that would be illegal without a search warrant. So when you think about the ethics of this, it seems to me like the Constitution itself, the US Constitution is very much, and the precedent that has grown out of that, very much is designed to protect this kind of thing specifically. So privacy is built in at the base of this country, and I know that the UK, I think, has a bit less in terms of civil liberties, but I imagine it's pretty similar, and it's protected.
So I think that's another important point. Then finally the ethics of not doing this, the ethics of not having this device are... You can see what's happening in China specifically, the censorship around the muscling communities that's taking hold right now is very scary. Censorship around the Tiananmen Square massacre, the 25th anniversary, there's a lot of self-censorship being reported because if you know that everything you're doing is being watched, and people are actually being taken out of their houses and imprisoned, you're probably not going to say what you actually think.
It's like when it just shakes out at the end, it just doesn't even seem like it's a close call. So there are dangerous uses of many technologies including ours, but that's sort of where our head's at, at the moment.
Peter McCormack: All right, so what's the big plan here? It's obviously very cool what you're doing. I'm going to be checking out the device and spending a bit of time, but what's the big plan for you guys here?
Matt Hill: So Start9 as a company began with really my attempt to set up a Lightning node on my DigitalOcean box at the time and something I'm definitely capable of doing. I have a background in software engineering, and I went through to do this and it immediately occurred to me that nobody would do this unless you had enormous time and expertise on your hands. So at the time, Aaron, Keagan, Aiden and myself, the four founders of Start9, were incubating a bit chaotically, by design in fact, to discover and preserve business.
So I went to, I believe it was Keagan first, and was just like, "Why is this so hard? I should just be able to push a button and have Lightning node running" and he's, "Well, it's obviously not that easy. You have to have Bitcoin installed first, which means you have to have a Bitcoin full node running, and that has its own set of instructions." Obviously I knew all this, but he was just reinforcing this idea that it is a techie process. So we started looking onto the market for solutions that already existed, and found a couple, namely Casa at the time was the real known solution to a plug 'n' play Bitcoin and Lightning full node. So we dug in and we found a lot of things that we liked.
We actually had a dinner with Nick Newman and Jameson here in Denver and talked to them about Casa and their plans for the future and they have since discontinued their node product, which is something we actually sensed at the time based on that dinner. But something Keagan and I were pushing for, even during that dinner was what about email, what about messaging, what about data? Why just have a plug 'n' play Bitcoin full node when you could have a plug 'n' play personal server that runs all sorts of self-hosted open source applications and protocols and they seemed interested.
I think that that had been kicked around at Casa, but it became very clear to us that they were not going to pursue that sort of Holy Grail of personal computing. So we looked at each other and we were like, "Do we want to pursue that?" Like do we really want to try to bite this off? We ran it by Aaron here and Aiden, and not only determined that this was something we wanted to do, and something that was good and righteous even in the context of history, but something that we actually could do.
We believed that we had the expertise to pull something like that off and so we hit the ground running and we launched our first server. I don't want to call it a node, because it's really much more than that. We launched our first personal server about six months later.
Peter McCormack: Okay, so very interesting. Like I said, I'm going to have a play with it. I'm going to come back to you and talk to you about my experience with it, but look, if people want to find out more, where do they go to, because it's obviously super interesting.
Matt Hill: Our website is start9labs.com and we are @start9labs on Twitter. We have a mailing list that you can sign up for, we have a Telegram channel that you can join, which is start9labscommunity. We will be launching another community channel on a self-hosted infrastructure called Matrix, which is a kind of do-it-yourself Telegram Slack that will soon be available on the Embassy that people can join. So two different avenues, but the starting point is start9labs.com.
Peter McCormack: It's very cool, very interesting. You're doing very important work. I'm really glad you guys came on the podcast. Great to talk to you about it and look, I wish you all the best. Hopefully we'll talk again in the future. I'll be all setup and we'll do round two.
Matt Hill: Yeah, let me know once you've got it set up.
Peter McCormack: Cool, man. Good luck, guys!
Matt Hill: Thanks for having us on man, see you!
Aaron Greenspan: Hey, thanks so much Peter!
