April 1, 2023 - Freedomain Radio - Stefan Molyneux
47:59
| 
| Time | Text |
|---|---|
| Hi, everybody. This is Stefan Molyneux from Free Domain. | |
| I'm here with Naomi Brockwell, who has come to put the fear of both God and Satan into your online practices. | |
| She is from nbtv.media, and I've been watching her videos and slowly wetting myself, really over the course of two or three days, realizing how my kimono is blowing in the wind on the Internet. | |
| So thanks for taking the time today. | |
| Very nice to meet you. | |
| And if you'd like to tell us a little bit about yourself and how you got into the voodoo witch curse of online security. | |
| Absolutely. That is the first time I've ever heard the analogy, my Komodo blowing in the virtual wind or however you put it. | |
| But that's beautiful because that is basically what all of us have currently. | |
| We are very exposed. We are very vulnerable. | |
| And a lot of people don't understand the repercussions of this until it's too late. | |
| So my main focus, I started off being very intent on getting Giving people tools for individual sovereignty, whether it's financial tools, whether it's privacy tools. | |
| And I slowly just transitioned to focus on privacy mainly because by that stage, everyone was like, oh, crypto will give you financial autonomy. | |
| Everyone was already on that bandwagon. | |
| And no one was talking about the elephant in the room, which is that everything we do online is tracked. | |
| So it doesn't matter if you have a tool for financial sovereignty. | |
| If the government knows you're using it, they don't want you to use it. | |
| They're just going to go after you. So we have to learn how to use the Internet privately. | |
| We have to understand that all of this data collection, it does harm us. | |
| And because the Internet is this very abstract idea, a lot of people don't realize what harm is going on. | |
| I thought that it was very important that people start to recognize how important privacy is for an open society, how important it is for people to have private thoughts so that they can dissent, so that they can push back against bad authoritarian dictates. | |
| It's just so vital. | |
| It's crucial to an open society to maintain that freedom of expression. | |
| And so I give people tools to teach them how to preserve that. | |
| Yeah, and most of this audience is not going to be super keen on just about any government. | |
| They happen to live nearby. But you had an excellent point in one of your videos where you say, look, even if you like the government that's currently in there, governments come and go, but data is forever. | |
| And that is quite important because you never know who's going to come sashaying in who might have some issue with something you posted and use it against you. | |
| Absolutely. And, you know, we often think that the data we're handing over, it's so harmless, right? | |
| It's like, why do I care that Google wants to send me a nicer pair of shoes? | |
| And that's the way we think about it. | |
| But the fact is, is that, yeah, Google has a silo of data about these things, and Facebook has this silo of data about these things, and, you know, our search engine has this silo of data, but governments siphon up all of it. | |
| They get all of that, plus all of the data from your telecommunications provider, plus the text messages that you're sending, because all of that is out in the open if you're using SMS. You know, all your unencrypted phone calls. | |
| All of that stuff is siphoned up into this one giant treasure trove of data. | |
| And yes, it is searchable. | |
| We've known that ever since the Snowden revelations. | |
| We've known that they have programs like Keyscore, X-Keyscore where it's basically like Google for your private information. | |
| It was actually created by Google where people can type in IP addresses. | |
| They can type in Twitter handles. | |
| They can type in keywords that you think are pseudonymous or even anonymous. | |
| And it brings up all of this data that is associated with those identifiers. | |
| So I think people need to realize that this stuff isn't harmless. | |
| You know, that's one side of things. | |
| It's being collected by governments. | |
| The other side of things is that... | |
| Our consumer choices aren't the only things that are being targeted. | |
| You know, people learn about our political interests and our activism and all of that, our sexual preferences, whatever. | |
| And these tools, they're tools for manipulation. | |
| You know, people just say, oh, they're just manipulating my consumer choices. | |
| No, they're showing you specific content so that you can think in a particular way. | |
| They're strategically showing you content. | |
| People are using this data to target you. | |
| This isn't some sort of conspiracy theory. | |
| We know that this is happening all the time. | |
| Facebook has been shown to strategically go through and manipulate people's emotions and try to get them to think in certain ways. | |
| So people need to be mindful that every piece of data that they put on the internet, if they're not protecting their privacy, that is all being used to make it easier to manipulate you. | |
| To get you to think in a certain way. | |
| To hate certain groups of people because you think that they're hating you. | |
| All of this stuff is so important to be mindful of. | |
| Well, and the data that's out there is incredible because not many people know this. | |
| I guess I'm confessing this for the first time. | |
| I actually teleported back to Alpha Centauri three years ago. | |
| I've been recreated as an AI avatar simply from the data people got from four floppy disks in my smartwatch. | |
| So it's really, really amazing what they can do. | |
| I'm very vivid, very realistic. | |
| The only thing they couldn't get is my hair back. | |
| You know what? It's so much better than what I've been watching on Stable Diffusion or all of that. | |
| Really, this is GPT-5, right? | |
| 5.1, actually. | |
| It's 5.1. Okay, so... | |
| What is it that people take the most for granted? | |
| I mean, I think everyone has that vague sense that there are these machines out there like ringing our choices like the rings of Saturn. | |
| There's some machines out there doing all their funky stuff. | |
| What do you think people generally overlook or don't want to know about that's being collected about them and how it's being used? | |
| Because I think of some of the manipulations like over the pandemic or the Ukraine thing and people just seem to be these giant levers that can be moved around. | |
| I think the data has so much to do with that. | |
| Okay, I can give you a couple of things that will probably scare you a little bit. | |
| Cell providers. We know that they know exactly where we are at all times. | |
| That's how these systems work. | |
| They need to know where we are in order for calls to get routed to our mobile devices. | |
| So they have all of our real-time location data. | |
| A lot of people don't know that they have a long history of selling that data, and they have a long history of selling that to basically anyone. | |
| Vice did a great story, I think it was 2019, where they, you know, these cell providers basically sold his information to a bounty hunter who he paid money to to see, like, can you track me down? | |
| And the cell providers, you know, he got the information. | |
| They're all bounty hunter. | |
| So if you have a stalker or a crazy ex-lover or some sort of ruthless opponent, some rival, it's trivially easy to find people's real-time location data. | |
| You had another scandal where it was discovered that as you're scrolling through Facebook, reading your feed, Facebook was looking at your camera. | |
| And the fact that they're just turning your camera on to watch your facial expressions. | |
| Now, they say that this was a bug. | |
| And I believe them because Facebook's always been very trustworthy when it comes to how they use our data. | |
| But, you know, some people may say that this was... | |
| It was dangerous and not all above board. | |
| But the fact is that as soon as we give apps permissions to use our camera, to use our location data, like we literally, they ask us, they say, hey, to use this app, we need all of these permissions. | |
| And we say, and we click it. | |
| And we've just given that app to use it. | |
| It's not within the confines of you give us... | |
| You've given permission to use these apps within what you expect would be legitimate purposes for this app. | |
| No, you've given the permission. | |
| There's nothing written into the code about what the legitimate purpose of this app is. | |
| If it's an app to take pictures of leaves, you might think, okay, so when I want to take pictures of leaves, the camera will work. | |
| No, you've given access to your camera. | |
| That's it. Full stop. | |
| So I think a lot of people don't realize how a lot of things that we install on our devices can actually be malicious. | |
| Most of the VPN apps that you find in the App Store are just shells for data collection. | |
| They're just monitoring what you're doing on your devices. | |
| So it's really important that people start to Become more informed about the digital choices they make in their lives. | |
| Because as soon as we become more informed, then we can make better choices. | |
| And a lot of people don't realize how easy it is to just simply swap out some of these awful things for our privacy with things that are much better for our privacy. | |
| Just don't use Gmail. | |
| Gmail is literally just going through and analyzing the contents of every email you receive. | |
| So don't use them. Use someone like ProtonMail or Tutanota or someone who stores your content of your emails out of reach with zero knowledge encryption, which basically means that as soon as it comes in, They encrypt it so that they can no longer access it with a key that they do not have access to. | |
| And it also means that if someone hacks into their system, they can't get access to it either. | |
| If someone subpoenas them and says, hey, we want access to these contents, they can't actually provide that because they don't have access to it themselves. | |
| So just finding these easy substitutes. | |
| You know, I did not cry at night when I stopped using Gmail. | |
| It turns out that other email providers are just as good I think we're good to go. | |
| Well, philosophically speaking to me, there's just also significant free will ramifications. | |
| Like if you have particular buttons, and we all do, things that, oh, like for me, I see a shiny new microphone and I just start salivating. | |
| It's like a Pavlovian thing. | |
| And so we all have particular buttons. | |
| And if we are just sending everything out there, oh, this is what I like. | |
| This is what turns me on. | |
| This is what gets me excited. | |
| This is what makes, I guess, looking at your pupils dilating when you're looking at the... | |
| Video feeds or something like that, then when they hit you with this kind of information, these kinds of stimuluses, I mean, of course you can, you know, you still have your free will, but you're really kind of wearing it down if you're putting all these buttons out there and then just people pushing those buttons. | |
| Have you not limited some of your choice in life or reduced it to sort of this reptile brain response system? | |
| Mm-hmm. And also, when you're scrolling, whether it's your YouTube black hole or Facebook black hole or Twitter black hole, whatever it is, you click on that first post and you're like, oh, this seems interesting. | |
| And then it leads you somewhere else. | |
| You're like, oh, they suggested this. | |
| Okay, I'll go here. And then suddenly there's a response there that's been highlighted and other comments are hidden, but you can see someone and you're like, okay, yeah, that seems interesting, too. | |
| You started off here and then suddenly you end up here on the internet and that's by design. | |
| A lot of that stuff isn't accidental and it's not necessarily driven by, you know, your own curiosities. | |
| It's those curiosities plus people strategically putting things in front of you to say, hey, what about this one? | |
| So we need to be mindful of that, making sure that we are maintaining our free will, being cognizant of manipulative forces around us, because it's so easy to be swayed. | |
| We don't want to all be useful idiots. | |
| We don't all want to just kind of go along with, oh, well, I'm going to... | |
| Do this thing because suddenly everything around me is suggesting that I should go here. | |
| Just take a step back and think critically about the information that's being put in front of you. | |
| If you're using a browser that doesn't know who you are, it's not going to show you things that it thinks it wants you to see. | |
| If you're not Putting all your personal information into a giant treasure trove of data in your emails to a company that's actually an advertising company and actually sells that fire hose of data to thousands of other companies who then use it to target you with things. | |
| Again, you're helping to preserve your autonomy when it comes to freedom of thought. | |
| So what do you think the biggest issues are that people have or the biggest vulnerabilities that people have in their lives regarding privacy? | |
| Because vulnerabilities, I think it is just that complete disregard for the data that they're putting out there. | |
| I mean, we have to keep in mind that a lot of the data invasions going on, whether it's data being siphoned up by governments or companies or whatever, is from our own volition, right? | |
| It's information we're choosing to hand over voluntarily. | |
| And I think people need to realize that. | |
| So, like, there's something called the third-party doctrine, right? | |
| Which is basically saying that once you hand over your information to a third party, whether it's like a cell provider or Facebook or whatever, you no longer really own that data. | |
| You've given that company permission to do with it whatever they want. | |
| Now, we might bristle at that and say, well, no, it was implicit in my contract with this company that it's for these purposes, but from the government's perspective, it's not, which means that any of that information can then be siphoned up and You know, the government doesn't need subpoenas to ask for information from companies if they voluntarily hand it over. | |
| So they can just hand over your data if they want to. | |
| So I think that just understanding that we are in control, we're more empowered than we realise, and a lot of this stuff is our own voluntary choice to hand over data, that It is empowering to realize that because then we can make better choices so easily. | |
| And I think a lot of people just don't think about that. | |
| One of the worst things I hear, because I do a lot of stuff on privacy and speak at a lot of conferences and make a lot of videos, I get this comment all the time where people are like, We're good to go. | |
| You can absolutely reclaim a huge amount of privacy on the internet. | |
| You just have to learn how. | |
| You know, there are cracks in these systems of surveillance that can be learnt, and it's actually pretty easy to learn them. | |
| But the problem is, is that people are so quick to just be like, ah, you know, this is too difficult for me, or, you know, it's trivially easy for the government to target me if they want to, therefore there's no point trying. | |
| It's like, no, there's absolutely a point in trying. | |
| There's absolutely a point in trying because the vast majority of data being collected about you is data that you've been handing over of your own volition and you can make better choices. | |
| So is it routers, Wi-Fi, cell phones, the apps you have installed? | |
| I mean, I know to all of the above, but if people were to have, say, I don't know, I might write this down like a panic checklist of things to get done this afternoon, what would you give the sort of top three or top five priorities that would give the most bang for the buck? | |
| Let's go through the top five. | |
| Email. Switch out that email. | |
| Don't use Gmail. Don't use Microsoft Outlook. | |
| Don't use any of these providers that don't encrypt your data with zero-knowledge encryption. | |
| Something like ProtonMail and Tutanota, I would go for. | |
| But there are lots out there. | |
| There are paid providers. There are free providers. | |
| Choose something that works for you. | |
| But you need something that... | |
| offers end-to-end encrypted email. | |
| Email's a bit tricky because you need the other person on the other side | |
| to be using the same provider for that to be end-to-end encrypted | |
| because email is an inherently insecure protocol. | |
| But something like ProtonMail has great network effects, so there's a strong chance that lots of people in your | |
| community are probably already using it. | |
| So I would switch up your email immediately. | |
| Stop using Gmail. | |
| Oh, and also with ProtonMail, right, opt out of their IP collection | |
| and try not to use it in the browser if you can avoid it because there's lots of stuff where there's little cracks | |
| on the bridge, right? | |
| Well, the IP address you can bypass with VPN laws. | |
| So actually ProtonVPN, they're based in Switzerland, and Switzerland has very strong laws | |
| around not being able to force providers of VPN companies to log IP addresses. | |
| So that is one way that you can also protect yourself. | |
| So VPN is a great one. | |
| Be very careful of all the scamware out there. | |
| I mean, MulVAD is very good. | |
| I like ProtonVPN as well, but just be really careful. | |
| A lot of the major Players out there are actually owned by single companies who own a whole bunch of things, just put a different brunt base on it, and they're huge data collection companies. | |
| So I would be very, very careful which one you download, but Mulvet is all open source. | |
| You can look into that. | |
| It's highly recommended by the security community. | |
| So VPN is another one. | |
| Search engine. Most of us will just Google something. | |
| It's become a verb. I will Google it because they have captured that market. | |
| You don't need to Google it. | |
| You can Brave it, in fact. | |
| You know, swap that out for something like Brave. | |
| I used to recommend DuckDuckDon'tGo. | |
| I don't anymore because they went from... | |
| They're filtering their sensory now too, right? | |
| Yeah. Yeah, and one of their, I mean, there are lots of places that censor, and it could be good or bad, like some people censor because they're trying to filter it to more relevant results. | |
| But the problem with DuckDuckGo is they started out with one of their pillars being, we will not filter anything, it will be completely unblemished, we'll just hand you the raw data, and then they change their mind, and we're like, no, now we're actually going to filter out misinformation. | |
| So I don't recommend them anymore. | |
| They also do some other things that I don't agree with. | |
| But I like Brave. | |
| I use them for my search results. | |
| There's also something called Start Page, which is basically a private front-end for Google. | |
| The thing about Google is they have really good results because they're capturing so much information. | |
| Not for everyone, but for a lot of people, absolutely very good results. | |
| Yeah, right, right. | |
| So if you wanted to use a Google product with a more private front-end start page, it's an interesting product. | |
| So if they take your search, they drop it to Google, return it, and give it back to you, so they're like a VPN layer through to the Google searches, if I understand that right? | |
| Yeah. Yeah. And they have different things where they might provide you like archived links. | |
| They can provide you like proxy links so that when you click on things, the website can't actually see that you're clicking on it. | |
| So there are multiple different tools that they use. | |
| So search engine is the other one. | |
| Browser is the other thing. | |
| So if you're using Google Chrome, Stop using it. | |
| Just don't do it. It is a giant data collection machine. | |
| Again, I use Brave. | |
| I really like it. | |
| Some people use... The thing about Brave is that it's great right out of the box for privacy. | |
| So if you don't want to tinker, you just want to use it. | |
| Brave is an awesome choice. | |
| Firefox is another one that's recommended by a lot of security experts if you like to tinker because it does allow you to have fine-grained control over things with different plugins. | |
| So that is something that I would recommend. | |
| So what have you done? Browse a search engine, email, VPN. Just back up to Brave for a sec, because Brave has the Blackmagic Tor built in. | |
| And I did start looking up Tor, and then I started to feel rather old and squinty. | |
| So I wonder if you could just step people through, because, you know, there's regular browsing, there's private browsing, and then there's private browsing with Tor, which apparently has been through a space station in another dimension through time. | |
| So is it data hopping a bunch of You know, they always see this in the Mission Impossible movies, right? | |
| They trace the IPs. It's just data hopping across a bunch of computers, and it shields you from just about everything? | |
| Is that the idea behind Tor? | |
| So one thing I would say is, if you're going to use Tor, use it through the Onion, so the Tor browser. | |
| Although, like, I love Brave, but Tor browser is configured from the ground up to be specifically for Tor, so you're going to have a more robust experience, more secure experience. | |
| Tor stands for the Onion Routing, which if you can imagine something like whatever internet request you're making, it's all bundled up in layers and layers of encryption. | |
| And the idea is that your request is sent out to this first node and that node knows who you are, but it can't see anything in this bundled encryption. | |
| And then one layer is peeled off like the layer of an onion, it's sent to another node. | |
| Another layer is peeled off, it's sent to another node. | |
| The idea is that it gets scrambled around amongst these nodes and finally goes to the website that you're trying to visit. | |
| And that website knows the node that it came from, but it doesn't know it came from you originally. | |
| And so the idea is that there's no single party that knows both who you are and what you're visiting. | |
| So it's just a way of obfuscating that, wrapping it in all these layers of encryption, and then one by one peeling those layers off. | |
| Sorry to interrupt. | |
| It's just kind of funny to me how the internet got faster and faster and faster but less and less secure or less and less private and so we now have to put so many layers back on you can really emulate that like when I was a kid you know that 56k modem experience of like well I'm private and I might as well be sending off carrier pigeons to get my data but sorry go ahead. | |
| Carrier pigeons are also, you know, very good for privacy, as long as they're encrypted notes with the carrier pigeons. | |
| Yeah, so the Onion Router, it's a really great tool for really secure browsing. | |
| Privacy is a spectrum, and people have to realize that. | |
| So there is always a trade-off with convenience with all the tools that you're using. | |
| A person has to understand their own threat model. | |
| Are you targeted by nation-state actors? | |
| You're going to have to go far beyond just using Tor. | |
| Yeah. You're going to have to be, you know, masking every layer of your internet activity. | |
| Are you someone who, you know, probably not that interesting, but you're interesting enough that Google is collecting all your data because, yeah, they're doing it indiscriminately. | |
| Well, yeah, a lot of these tools are going to get you 80% of the way there to block that data. | |
| I think, I mean, backing up to like Tor and VPNs as well, I think that people, they don't realize how much information is revealed to websites when they visit websites. | |
| Your IP address is revealed, which is kind of like a proxy for your real-time location right now because there are so many maps out there that, you know, can pin IP addresses to show geographical location. | |
| And so do you really want every website you go to to know exactly where you are? | |
| I think that people should be using a VPN for everything that they do and Tor if they're doing more sensitive things. | |
| There are ways to use both of them, but be careful with that because it's very nuanced in terms of... | |
| Which order do you do it in? | |
| Sometimes it can actually make you less private. | |
| Sometimes it can make you more private. | |
| So just be careful. Just adding privacy layers on top of each other doesn't necessarily help. | |
| You have to understand a little bit more about what you're doing. | |
| So I think stick to the basics when you're first starting out. | |
| Just swapping out that email. | |
| This is probably like privacy 102. | |
| But I would also recommend that you not ever give anyone your real cell number. | |
| And I'm sure you've had a lot of listeners and viewers who are like, how am I meant to make a call? | |
| This person's an idiot. VoIP. | |
| You should be using VoIP. And here's the reason why. | |
| Because when you use a cell number, those cell towers know where you are, right, to route the calls to your phone. | |
| But it also means that anyone who has your cell number Now has an identifier for finding your location from those centralized databases. | |
| When you use a VoIP number, this is not the case. | |
| Now, there's a distinction. | |
| I might have a SIM card in my phone and I'm using VoIP. | |
| the cell providers are still giving me that data, but it's completely separate to the VoIP number. | |
| A VoIP number is just an app that I install on my phone and they give me a different number and I | |
| can tell people that number. And if someone types in that number to one of these centralized | |
| databases, they have no idea where I am because it has nothing to do with the cell number associated | |
| with the number on my SIM card. So, I don't recommend that people use their cell number | |
| for anything. What was it? There was recently some giant hack of real-time location data | |
| from people having access to their cell numbers. | |
| I just think, like, that's a whole area that we've been kind of conditioned to think, oh, well, I have one phone, I have one cell number. | |
| I have... I have dozens of phone numbers. | |
| I silo them. | |
| I think it's great to silo different parts of your life with different email addresses, different VoIP numbers. | |
| People might be like, their heads might be exploding right now. | |
| They're like, this is too confusing. | |
| I assure you it's absolutely not. | |
| These days there are so many tools where you can do it all within a single account and it's just a matter of choosing which one you want to use at any given time. | |
| I highly recommend it because these social graphs are We're created that are so dense with information about us, and we can help to silo that information and make it more difficult for people to find out and correlate all of our activities. | |
| Well, and there's some things, of course, that people think they've done right, like you put on your two-factor authentication with Authy or the Google or Microsoft ones, or even your cell phone. | |
| Of course, you know, I mean, everybody's heard that story of the guy who's like, oh, yeah, somebody called up the cell phone company and said, oh, you know, and you need to send me a new SIM card and blah, blah, blah, and then they're just... | |
| Clone their number and then they can get into accounts that way even without a password. | |
| So what are the things that people think they're doing right that don't cut it in your world? | |
| VPNs is a big one. | |
| Not vetting the VPN company. | |
| And I don't blame them because everywhere you look, there are referral links, there are people pushing products. | |
| Just be careful of people pushing products. | |
| Make sure that you know that they've actually vetted them. | |
| The fact is in the VPN world, the rewards and affiliates are incredibly lucrative because these companies are making money hand over fist. | |
| They can afford to give you 50%. | |
| You know, referral commissions and all that. | |
| That's not to say that all companies that are offering referral links are bad. | |
| They're not. There are people, companies out there that give referral links that are good. | |
| Just make sure that when you're getting these codes that you've actually vetted them from people who've actually done underlying analysis. | |
| So I think that people think they're doing well with that. | |
| They're not. There was a huge migration when WhatsApp, they suddenly changed their privacy policy and said, oh, well, we're going to start sharing some data with Facebook because we're owned by Facebook. | |
| Huge migration to Signal, which is great. | |
| Stop using SMS. Start using Signal. | |
| But there was also a huge migration to Telegram. | |
| That's another thing that people think they're doing right. | |
| Stop using Telegram. | |
| Do not use it. It is not private. | |
| Telegram does not offer end-to-end encrypted messages by default. | |
| It does not offer end-to-end encrypted messages at all in group chat. | |
| So every group that you're a part of, all of that message history is saved to Then a database somewhere that can be subpoenaed or that can be stolen by government, stolen by hackers, whoever. | |
| So just be aware that none of that stuff is private. | |
| And even when you're doing one-to-one messages, unless you opt for a secret chat, it's not private either. | |
| On top of that, they use a really weird encryption protocol, MTProto, which is like this homespun encryption protocol. | |
| It's been looked at by security experts and they're just like, what are they doing? | |
| This is kind of weird. | |
| Anything that's not... A standard encryption method that has been thoroughly vetted and tested and, you know, attacked by security experts, I would be very hesitant to use. | |
| So I don't presume you have any privacy with Telegram. | |
| Well, and I mean, my general approach forever has been like a type on the internet, like there's a judge looking over your shoulder. | |
| You know, I mean, if you have, I don't know, anything controversial or whatever, just, you know, face-to-face meeting and, you know, whatever it is, like walking underwater or something. | |
| I'm not kidding. But yeah, I mean, just recognize, because all of this stuff too, people can just take photos of the screen. | |
| So, you know, just be aware that... | |
| It's not just the data that's being collected to the back end. | |
| Just anything you do online, people can be your friends and then they can turn on you. | |
| Companies can have the best of intentions and then just get hacked in some weird way. | |
| So, yeah, just the people who are sort of, you know, fools rush in where angels fear to tread. | |
| The people who are just out there typing the most crazy stuff out there. | |
| And even if they're following this kind of stuff, you know, I... Just try not to. | |
| It's my general thing as a whole. | |
| It's just, you know, the convenience thing is kind of satanic in a way. | |
| Oh, look how easy we're making it for you. | |
| It's like, yeah, well, I think I remember that from the Old and the New Testament and the slippery slope and all of that. | |
| So... Yeah. | |
| What about... Yeah, we'll just add... | |
| Yeah, go ahead. I was just going to add to that that we've seen a fundamental shift in society once the internet has gotten popular once everything in our lives kind of transitioned to the digital realm. | |
| We used to have ephemeral conversations with people that would disappear as soon as we uttered the words. | |
| We didn't used to have all of our conversations in a format where it was... | |
| For all of eternity preserved. | |
| And I think that we're still coming to terms with what that means because I remember being younger and if I had a note from someone I'd be like, I'm going to say this forever because this is a nice keepsake. | |
| And now I have these messages where I'm like... | |
| A trillion, gazillion messages, and I'm like, I'm going to keep this forever. | |
| It's like, why do I want a track record of everything I have ever uttered? | |
| Why do I want to preserve someone who I was 15 years ago when my thoughts have changed, my likes have changed, my political opinions have changed? | |
| Why do I want something that sort of immortalizes who I was back then and provides an attack surface for people to go after? | |
| You know, we're We are beings that are transitory and we are constantly changing and evolving and learning new things and modifying based on new information that we collect. | |
| And I think that we need to get away from this idea of constantly preserving all of these things. | |
| I mean, sure, you have photos, preserve them, but your text messages, set them to auto-delete, right? | |
| That's going to be the best change in your life, I swear to God. | |
| Like, I used to love to read back over messages, but there's also this, you know, philosophical question of do you want to be constantly reliving the past or do you want to focus on your future, which is a whole other thing we could talk about. | |
| But I think that, like, at a basic level, just realize that everything that you collect in your phone, if you're not auto-deleting your messages, sending that to auto-delete with a timer and signal, for example, If someone gets hold of your phone, if suddenly you get in trouble, you're putting everyone else that you've had a conversation with in jeopardy because now people have every single conversation you have with everyone on your device. | |
| Same with them. They're putting you in danger if they're not auto-deleting that stuff. | |
| So just be mindful that in this new digital landscape where it is the purview of the NSA to collect every single bit of data that they can, where it is the life goal of all these hackers to collect all this information that they can, I think we should be mindful of the risks that we're taking that may be unnecessary and start to look out for the people around us as well. | |
| Okay, great, great. A couple of extra points. | |
| Ring cameras, security cameras, which is kind of like an oxymoron, it seems, after being frightened by everything that you've written and said. | |
| And routers, of course, is another thing. | |
| People don't even upgrade the firmware on their routers. | |
| And I mean, might as well just throw wide the kimono, blast open the door, put a helipad on your living room and just invite everyone in. | |
| So what are some of the things that people overlooked that are pretty simple to kind of patch up? | |
| Yeah. Okay. So with your router, one of the first things that I would do is change your DNS provider. | |
| And probably a lot of people are like, I have no idea what DNS is. | |
| What is she talking about? So DNS stands for domain name system. | |
| And basically it's the lookup system. | |
| It's like the phone book of the internet. | |
| Your computer... You can only talk to other computers with IP addresses. | |
| So when you type in Google.com, that computer doesn't know how to get to Google.com. | |
| That computer only knows how to get to IP addresses. | |
| So what your computer does is outsource the task, this lookup task, to something called a resolver. | |
| That will go off. That'll find, okay, so Google.com is this IP address. | |
| It'll send it back. It allows you to talk. | |
| Now, the problem is, is that, well, you think about it, these resolvers are collecting every single domain you're visiting. | |
| Right. Every URL you type in, those resolvers get access to. | |
| Who is your resolver? By default, your resolver is probably going to be your ISP. ISPs are notorious for collecting and selling data about you. | |
| They are really bad when it comes to data collection. | |
| They have been hounded by Congress for this. | |
| They've been hounded by every digital rights advocacy group. | |
| They're really bad, but they're selling all of your data. | |
| So the first thing you can do is swap out your DNS provider. | |
| Super easy. If you go into your settings for your router, there'll be a section in there that says DNS. You can type in something like 9.9.9.9, which is Quad9. | |
| That is a non-profit based in Switzerland. | |
| They're a DNS resolver that their main mandate is to protect people's privacy. | |
| They don't collect any information about people. | |
| They don't collect IP addresses. | |
| They have none of that. | |
| So, you know, there are lots of privacy-preserving DNS resolvers out there. | |
| You guys can do your own research. | |
| Find one that works for you. But the bottom line is you shouldn't be using your default ISP-provided DNS resolver. | |
| Simple thing that can be switched out. | |
| Next thing, no one changes their admin password for getting into their settings. | |
| I'm not talking about Wi-Fi password. | |
| I'm talking about the admin password to get to the settings on your router. | |
| So if someone does get access to your local network, they could potentially just get straight into those settings, do whatever they wanted there. | |
| So change that. | |
| A lot of people never update the firmware, as you said, on their router. | |
| To be fair, most routers are shipped with firmware that has known vulnerabilities and not just known weak vulnerabilities, but critical vulnerabilities. | |
| They are shipped and the providers don't care. | |
| A lot of these providers of this firmware don't even provide patches. | |
| So I would actually go as far as to say change your router, change the firmware. | |
| I use something that's an open source software, router and firewall software, it's called | |
| PF Sense. | |
| I use that on a device called a Protectly device. | |
| I am not affiliated with Protectly or PF Sense or anything, but I use Protectly because it | |
| supports something called Coreboot. | |
| I'm mentioning a lot of names here. | |
| People are probably going a bit insane. | |
| But Core Boot is open source firmware. | |
| They strip out a lot of the dumb stuff that Intel does, which has a lot of murky stuff that we don't really know what's going on. | |
| So they try to strip out a lot of that. | |
| So I use all of that because PFSense is a lot more secure than... | |
| You know, the software that you've probably got default in your ISP-provided router. | |
| So I would just upgrade that equipment. | |
| It's going to be a lot better for you. | |
| I would start looking into, like, it's not as hard as it sounds, but just segmenting networks. | |
| Everyone has a home network. | |
| It has their printers and it has their phone and their computer and their smart devices, their smart thermostat, all in a single network. | |
| The problem is... | |
| Is that smart devices are notorious for bad security. | |
| So if someone can hack into one of those devices, it makes it easier for them to hack into anything on your network. | |
| Once they get into your network, you know, it's kind of game over. | |
| So if you have devices like your computer that are sensitive, then you might want to not have them on the same network as something like a smart thermostat, where they're giving no thought whatsoever to security. | |
| So you can just segment those networks. | |
| It's all the same router. | |
| It's all of that. You're segmenting it in the software. | |
| So I would look into doing something like that. | |
| What other things with routers and Wi-Fi and all of that? | |
| I don't know. They're kind of basics and you start to get a little bit tricky when you start to swap out all of your devices. | |
| But DNS is super easy to just swap out. | |
| You did have one thing you mentioned. | |
| Either you mentioned it or I hit my head or something like that. | |
| But it was something like... Use Ethernet for your phone. | |
| And at this point, I did a little tap out because I'm just like, I'm sorry, maybe I'm too old. | |
| Maybe this is just blowing my mind too much. | |
| You might as well ask me to put a garden hose in my armpit. | |
| Like, help me understand this phone Ethernet thing that you got going on. | |
| Okay, so that was from a video I did about three years ago because Snowden tweeted out and said what his security status is. | |
| Keep in mind, Snowden's security posture is not going to be the same as the average Joe's security posture, so you do not need to be doing the same thing as Snowden is. | |
| But Snowden said that he doesn't use Wi-Fi for anything. | |
| He doesn't use it even on his phone. | |
| He uses Ethernet even on his phone, which does work. | |
| You plug in an Ethernet cable, it's going to probably work. | |
| The reason he does this is for a few reasons. | |
| So first of all, let's just talk about Wi-Fi, because I think this is an important concept to just talk about, which is a little bit tangential, actually, to this initial point about using Ethernet on your phone. | |
| But Wi-Fi, there's something called a Wi-Fi beacon. | |
| So when you have your phone and the Wi-Fi is turned on, How does that know to connect? | |
| And you'll notice that when you get home, it'll automatically connect to your Wi-Fi. | |
| How does it know? Or you go to your favorite coffee shop and suddenly it just connects you. | |
| How does it know? It's because it has a list of all of the Wi-Fi networks you've connected to and it is just constantly pinging them out saying, hey, favorite cafe, hey, Naomi's home, are you there? | |
| Now, it's called an SSID. The SSID is literally whatever someone has called their Wi-Fi network. | |
| So, Naomi's Wi-Fi, you know, really good coffee, coffee shop, Wi-Fi, whatever the name is. | |
| Now, there's so many problems with this. | |
| First of all, it opens up you to attack. | |
| If I have Starbucks, and Starbucks is the same Wi-Fi name at every Starbucks, All I need to do is set up something called like a Wi-Fi pineapple and just call my network Starbucks. | |
| My phone doesn't know what actual Starbucks Wi-Fi is, the actual Starbucks Wi-Fi. | |
| All that's going on is the SSID. All it's looking for is something called Starbucks Wi-Fi. | |
| Suddenly, I've connected some malicious actors' Wi-Fi pineapple around the corner because my phone thinks that it's Starbucks. | |
| What does that mean? That means that all of my data, all of my traffic is being routed through this Wi-Fi pineapple and they can get access to it. | |
| It is a man in the middle of attack that actually could be surprisingly common. | |
| So, leaving your Wi-Fi turned on means that you're constantly beaconing out all these names. | |
| Not only is that It's dangerous because your phone might just start connecting to random things because I could see all of the Wi-Fi networks that you've connected to in the past. | |
| I can just emulate it and be like, great, I've now connected to your phone. | |
| But also it reveals a surprising amount of information about someone. | |
| You know, suddenly it shows that I connected to something or other resort, and it also shows that I connected to, you know, the embassy of Ecuador or whatever. | |
| Like, suddenly that's revealing a lot of personal information that you might not want to be revealed. | |
| It's connecting to Hooters, whatever. | |
| Just be mindful of the information. Sorry, I just need to change. | |
| I'm standing on my phone right away. | |
| I'm just kidding. Go ahead. Yeah, you know, it could reveal where you work. | |
| It could reveal where you have coffee. | |
| It could be a tool for people to track other information about you. | |
| So just be mindful that that's going on. | |
| But that's a setting you could turn off, right? | |
| I mean, you can just say don't scan for... | |
| Just turn off Wi-Fi. No, but also you can say don't scan for networks. | |
| Like you can say don't look for things that I have connected to before. | |
| I think that's an option. So things are getting much better than they were like three iOS versions ago or three Android versions ago. | |
| So there are things that are making this more difficult. | |
| Previously, Apple couldn't even let you see the list of stored SSIDs. | |
| So you could delete them. You had to wait until you were in range and only then could you choose to forget it, which is insane. | |
| But you can actually reset that now. | |
| You can even go into your settings and if you just reset your Wi-Fi settings in there, that will delete all of them. | |
| So look into things like that or otherwise just keep Wi-Fi off when you're not using it. | |
| That's a really simple thing. | |
| Sure. Also, I mean, you get a new phone. | |
| There's tons of articles out there. | |
| You probably have some on your site, which is, you know, here are seven security settings to change immediately when you get a new phone. | |
| And this is, you know, that's just phone 101. | |
| I mean, because they basically set it up, again, open kimono style, and you can fix it up pretty quickly. | |
| There's like 20 minutes, 10 minutes even. | |
| Yeah. And so anyway, back to the Snowden thing. | |
| So that's a slightly different area, I think, just for someone who has a larger security posture. | |
| The point that he was making, first of all, was about these Wi-Fi beacons that you don't necessarily want these going on. | |
| But he also mentioned something called access points and said that, you know, there are global maps, public maps of access points that are available. | |
| What an access point is, is basically your Wi-Fi router, for example. | |
| That's an access point. So any... | |
| Anything that's going to allow you to wirelessly connect to that hub and then get out to the internet. | |
| That's an access point. He makes the point that these are all available on the internet because, again, it's not just my phone beaconing out. | |
| There are different beacons going on, and your router is probably also beaconing out and saying, Hey, this Wi-Fi network is available. | |
| Does anyone want to connect to it? | |
| And what that means is that everyone who's in the vicinity of that can see that it's there. | |
| I can also see who else is in my vicinity, the other networks. | |
| All of this stuff gets mapped. | |
| This stuff gets collected by Apple. | |
| This stuff gets collected by Google. | |
| They have maps of everyone's SSIDs and whatnot. | |
| And There are also people doing war driving who are collecting this stuff as well. | |
| There's a great source called Wiggle.net, which is a map that is basically just a community-driven project of people driving around saying, these are the Wi-Fi signals I can see in my vicinity, and mapping them on a public map. | |
| So you can actually go and actually search for people's Wi-Fi networks and all of that. | |
| And that's like a tiny fraction of the data that Google and Apple... | |
| I think in an apartment building, you know, you feel like you see the scan. | |
| I feel like I'm in a microwave or something. | |
| It's like, can you stop radiating everything and everybody's business all over the place? | |
| My eyes get squiggly. | |
| I feel like the wallpaper is about to start rippling with the amount of radiation floating around. | |
| Yeah. But one more thing on that note, because Wi-Fi beacons is one thing, I would also draw people's attention to Bluetooth, BLE, it's low emission Bluetooth. | |
| Basically, when you have Bluetooth turned on, that's sending out a beacon in the same way that your Wi-Fi is. | |
| That is used by airports and shopping malls and all of these places to actually track with incredibly... | |
| Scary accuracy exactly where you are at any given time. | |
| So there are all kinds of data companies that will install systems in malls to help them track customers to see, okay, they were in front of that aisle for a particular amount of time. | |
| They went into that store. | |
| They are using these signals as basically unique tracking devices as you move around their area. | |
| So again, just turn it off. | |
| Just turn that off. | |
| And that's an easy thing. It's not as scary. | |
| I mean, for me, unless I'm expecting a call, I'm on airplane mode. | |
| That's just my general thing. | |
| Yeah, not a terrible idea. | |
| So, fantastic information. | |
| Thank you so much. And I think, I feel, I sense, buried within you is a speech about how important this is for society as a whole. | |
| I'm a big picture, zoom out kind of guy. | |
| This detail is fantastic because, you know, it's got to be practical about how you approach these things. | |
| But bubbling like a Vesuvius within your... | |
| Heart, I think, is the, what's at stake? | |
| Like, if everybody's just handing out their data everything to everyone and everywhere, what happens to all of us? | |
| Because we're kind of all in this digital maze together, right? | |
| I think that we lose fundamental rights in society when that happens. | |
| I think that once we lose the right to privacy, all is lost because we've lost the right to free speech, we've lost the right to express ourselves. | |
| All of this basically I think is, it's like a frog in boiling water. | |
| We don't quite see how we're losing our freedom right now because we're just thinking this is a very convenient technological tool. | |
| But the fact is that we've started to normalize the pervasive collection of data in every aspect of our lives. | |
| And we've started to hand wave it away as if it's nothing. | |
| Oh, this is just like consumerism and it's going to buy a new pair of shoes and it's going to be great. | |
| But there's something fundamental that is going on right now. | |
| The people who are generally... | |
| Telling you that the privacy tools you're using are just for criminals, that they're just for money launderers, that they're just for bad people. | |
| They're people who have the privilege to live in a society where they're not bearing the brunt of We're good to go. | |
| Every single time throughout history that there's been a successful totalitarian regime. | |
| Surveillance is their tool for power. | |
| So we cannot, as a society, normalize the disappearance of our privacy. | |
| We cannot normalize the collection of all of this data. | |
| Once we do, we are setting up a terrible precedent for future generations and we're also losing freedoms ourselves. | |
| We don't notice it because it's like a frog in boiling water, right? | |
| And we sometimes think of, oh, well, how could we possibly lose our freedom so quickly? | |
| Or it's never going to happen. | |
| I mean, 1961, the Berlin Wall was put up overnight, separating East Germany from West Germany. | |
| That, you know, threw out the window the freedoms of a million people. | |
| you know, you had the security law in Hong Kong come up and suddenly what was once a very bubbling | |
| society where people were allowed to say thought-provoking things and push back against | |
| bad government rules, suddenly you had journalists thrown in jail, you had opposition parties disbanded, | |
| you had all the independent media just close shop, you had in Iran the revolution in the 70s, | |
| within the space of a year it went from a society where people could protest, where people were free | |
| to speak their mind, and suddenly women lost all of their rights within the space of a year. | |
| So freedom can be lost so quickly and we shouldn't take our rights for granted and if we're going to | |
| normalize and perpetuate, perpetualize a surveillance society, I think that we are | |
| just going to rush us ever forward into that totalitarian idea. If we live in a digital | |
| panopticon where surveillance is pervasive, All of our movements are tracked. | |
| All of our thoughts are analyzed and tracked. | |
| It's all aggregated in these centralized databases attached to our real-world permanent identities. | |
| I think that we become shells of ourselves. | |
| We can no longer speak our mind. | |
| We've lost freedom of expression. | |
| We've lost the ability to dissent. | |
| We've lost the ability to organize. | |
| We've lost the ability to push back. | |
| So we need to preserve that for the sake of having a free society. | |
| Well, then you never know. | |
| Values in general degrade or change over time, and things which might be funny now might be incredible leverage against you in 5, 10, or 20 years, and then you lose your choice because people are leaning on you or getting you fired. | |
| Yeah, it's just safer, I think, in the here and now. | |
| Well, listen, I really, really appreciate the information. | |
| I just want to remind people that you can head to nbtv.media, and you guys are a charity, so in the U.S. at least, you get tax deductions for charitable donations. | |
| I really appreciate the work that you're doing, and thank you so much for your time today. |
Export Selection