starting strength gym
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 39

Thread: Starting Privacy with Ben Gillenwater | Starting Strength Radio #55

  1. #21

    Default

    • starting strength seminar april 2024
    • starting strength seminar jume 2024
    • starting strength seminar august 2024
    I think that for right now a flip phone (or any non-smartphone) might reduce your exposure to a smartphone-specific contract tracing system.

    But...I have my reservations as to whether the world's governments are limiting their contact tracing efforts to smartphones and digital systems. If I were the FBI and/or a local police dept, I'd be asking the cellular network providers for triangulation data on which IMEIs (this is the serial number attached to the SIM card in your phone, including traditional "dumb" phones) were in the close vicinity of an IMEI belonging to an infected person. There are problems with this approach related to geolocation accuracy, but in my experience accuracy doesn't always stop govt agencies from pursuing gathering up as much information as they can possibly get their hands on. There is also history of the govt pursuing data collection programs from corporate entities in a secret fashion - either forced via National Security Letter or cooperative via NDA - which could mean that this is occurring already and we are not aware of it.

    If you carry around a device with a wifi radio in it (e.g., iPod Touch, iPad, laptop) then you need to assume that every wifi access point it comes into contact with is making your efforts at privacy nullified. If you keep such a device powered off then that helps from a location tracking perspective. Then you'll only be tracked when you power the device on and it connects to wifi. Same goes for your computer in this context.

    Here's my view on what to do given the following scenarios:
    • You absolutely cannot risk any 3rd party knowing your location without your prior consent - buy a faraday bag for each of your digital devices, turn those devices off to prevent unnecessary battery drain, store them in the faraday bags while traveling and while not in use. This will be a major pain in the ass but a faraday bag should block all ingress and egress radio frequencies. For the cellular devices that you do use, buy prepaid SIM cards from stores that do not require your ID when buying them and pay in cash. When you park at the store, park somewhere not in view of any nearby cameras that could read your license plate. You may need to park a few blocks away where there are no cameras and walk to the store from there. Wear clothing that conceals your body shape, wear a face mask, wear glasses that you don't usually wear and wear a hat that you don't usually wear. When you are powering down your internet connected devices, turn their wifi radios off first so that when you power them back up they don't automatically start communicating with nearby access points. Use cash for everything and do not enter your phone number into the machine at the grocery store or use your rewards card at the gas station. Be very aware of digital systems you interact with and always assume they are trying to know who you are. Consider using a privacy-friendly VPN like Mullvad with the Kill Switch option enabled so that your internet does not work when the VPN isn't connected. Pay for the VPN service using Bitcoin or Bitcoin Cash (doing so is its own pain in the ass). This is all the tip of the iceberg but it'll get you started in a pretty secure way. See my notes below on how to stay private otherwise while using the internet.
    • You prefer to minimize your privacy risks while also maintaining easy contact with the outside world - buy a "dumb" phone and do not travel with any other devices that are powered on. When you do use an internet connected device use a privacy focused web browser, use NextDNS to block as much as you possibly can, only use Signal for messaging purposes (which means the person you're messaging needs to use Signal too) and do not use any services that leverage Google, Facebook, Twitter or LinkedIn for their back-end systems or analytics. This includes services directly from those companies too of course - Gmail, Google Photos, Facebook, Instagram, WhatsApp, SMS text messages, etc.
    • You need access to the internet all the time, including while traveling - consider following my advice above about staying private on the internet. Be aware of the fact that your location is being recorded continuously as you move about and will be made available to various 3rd parties without your consent or knowledge.


    I personally require connection constantly due to the nature of the businesses I'm involved with, so I fall into the last scenario which puts me at a high risk of being tracked. This will be the case for most people.

    If you fall into one of the first two scenarios, then I'd recommend wading into the requisite territory as an experiment so that you can be sure it's going to work for you before you throw your Android phone or iPhone in the trash. Make sure you can operate your life in a sustainable way for at least a couple weeks before destroying your existing setup.

  2. #22
    Join Date
    Mar 2020
    Posts
    311

    Default

    Quote Originally Posted by bgilly View Post
    There is an open source project that Android is based on, yes. That is the version of Android that all the non-Google-partner phones use. A lot of Chinese budget Android phones use this because they don't have to pay any fees to Google and it therefore allows them to reduce the handset cost. And then there's Huawei - since their being banned by the US govt they've had to stop using all Google services and they can only use the open source version of Android.

    But, and this an important but, the version of Android that's running on your Android phone is not open-sourced. Google used to open source their version (known as a "fork" in the software developer community) of Android but they stopped doing that a long time ago. The Android that most people are used to is closed source.

    It's also worth mentioning that open source does not equal easy to modify. Even if Android were totally open-sourced, changing any part of it would require some fair amount of expertise as a software developer and a whole suite of developer tools to compile your own custom version of Android and then deploy it to your phone. For anybody who is not a seasoned developer it would be a difficult task to say the least.

    Back to the contact tracing stuff relevant to all this - you're still screwed. There's no removing this from your phone as far as I can tell. I hope that changes in the future. Software developers and network engineers that are privacy advocates will hopefully come to our rescue at some point with some clever ways to break the contact tracing system. I sure hope so anyways because where I live in Orange County, California we were just told yesterday that if a contact tracing system determines that we've been exposed to somebody who has tested positive for COVID then the police can force us into a 14-day quarantine.
    That's very interesting, thanks a lot for write up! If the contact tracing does start, that just means I'll leave my phone in the car a lot more often. I avoid crowds anyways. I wonder what the courts will say about all this if it comes to that.

    Do you have any experience/thoughts on crypto currency? I'm almost a complete newbie to it, but it seems like it might have some utility if the US financial system finally blows up.

  3. #23

    Default

    @ltomo you're welcome, I'm enjoying the conversation.

    I do have thoughts to share on cryptocurrency but it's a big one to cover. We may have to approach it in pieces here where I respond to specific inquiries or curiosities as we go.

    First, I'd like to recommend that you watch YouTube and YouTube. Those are my two favorites videos related to cryptocurrency.

    If anybody is curious to dabble with cryptocurrency, the simplest place to start is coinbase.com. Buy $10 of Bitcoin Cash (BCH) and send it to a friend or two for fun (they'll need a BCH wallet of their own with which to receive it). You will then be one of relatively few people on the planet who have done something like that.

    Be forewarned that the US Dept of Treasury has their hooks in and standard banking KYC (Know Your Customer) practices apply where you have to show proof of identity for various activities related to cryptocurrencies. Do not store any more value in a 3rd party system like Coinbase than you'd be comfortable losing. If you want to store some fair amount of value in a cryptocurrency, make sure to do it in a hardware wallet that you control. I recommend a Trezor Model T. Also make sure to put a copy of the backup seed in a secure location. I store mine in an offsite vault. It is the only thing that can get your money back should you lose your hardware wallet. Cryptocurrency land is deep nerd territory, so be prepared for some clunkiness and frustration during your attempts to use whatever system you end up trying. Cryptocurrencies are not mass market consumer friendly yet.

  4. #24
    Join Date
    Jul 2019
    Posts
    1,364

    Default

    This is excellent information. Thank you for taking the time to post!
    What would be the design requirements for a Faraday cage or Faraday bag that is not a pain in the ass to use?

    I have for years been thinking about crypto currency pegged to underlying assests; I heard about some people finally trying to do it a couple of years ago, but the governments may have put a stop to it.

  5. #25

    Default

    It's not so much that the design characteristics of a Faraday bag or cage are what makes it a pain in the ass, but rather the process of using one is a pain.

    For example, you have to shut down your devices or at least put them in airplane mode before putting them in. If you forget to do that, your battery will be dead when you go to use the device. If you did remember to shut it off or turn on airplane mode, then you have to power the device back on or turn airplane mode off. This process takes a device like a smartphone that most people are used to having constant realtime data access and turns it into an ad-hoc device. The mental shift in how you use such a device is what gets most people and eventually makes them let their guard down over time due to the annoyance factor.

    There are cryptocurrencies commonly referred to as stablecoins which are pegged to other stores of value like gold or USD. I think that defeats the purpose of a decentralized stored value platform and allows for external market forces to effect the cryptocurrency. But I have almost no expertise in stablecoins, so my opinion here might be way off base.

  6. #26
    Join Date
    Mar 2020
    Posts
    311

    Default

    Quote Originally Posted by bgilly View Post
    @ltomo you're welcome, I'm enjoying the conversation.

    I do have thoughts to share on cryptocurrency but it's a big one to cover. We may have to approach it in pieces here where I respond to specific inquiries or curiosities as we go.

    First, I'd like to recommend that you watch YouTube and YouTube. Those are my two favorites videos related to cryptocurrency.

    If anybody is curious to dabble with cryptocurrency, the simplest place to start is coinbase.com. Buy $10 of Bitcoin Cash (BCH) and send it to a friend or two for fun (they'll need a BCH wallet of their own with which to receive it). You will then be one of relatively few people on the planet who have done something like that.

    Be forewarned that the US Dept of Treasury has their hooks in and standard banking KYC (Know Your Customer) practices apply where you have to show proof of identity for various activities related to cryptocurrencies. Do not store any more value in a 3rd party system like Coinbase than you'd be comfortable losing. If you want to store some fair amount of value in a cryptocurrency, make sure to do it in a hardware wallet that you control. I recommend a Trezor Model T. Also make sure to put a copy of the backup seed in a secure location. I store mine in an offsite vault. It is the only thing that can get your money back should you lose your hardware wallet. Cryptocurrency land is deep nerd territory, so be prepared for some clunkiness and frustration during your attempts to use whatever system you end up trying. Cryptocurrencies are not mass market consumer friendly yet.
    Quote Originally Posted by bgilly View Post
    There are cryptocurrencies commonly referred to as stablecoins which are pegged to other stores of value like gold or USD. I think that defeats the purpose of a decentralized stored value platform and allows for external market forces to effect the cryptocurrency. But I have almost no expertise in stablecoins, so my opinion here might be way off base.
    Excellent, thank you for the resources! I haven't had a chance to watch the videos, but I will do so this weekend.

    I currently have about $80 USD in BTC I bought a few weeks ago. I don't expect many big jumps like what happened a few years ago, but I thought it might be good to start understanding how it worked after watching Congress pass the CARES Act and being worried about inflation. Here are pros/cons of what I see in BTC. Feel free to correct expand on any of these, and again, much appreciation for all the time you've taken addressing all these security issues.

    PROS:

    #1 There's a finite amount of BTC possible, right around 21 million as I understand. We just hit 18 million and had a halving. We won't hit 21 million for another 100 years, so there's a good chance the value of BTC relative to other currencies will stabilize. And, because there's a finite amount if BTC, it has a potential to be used to return to something like the gold standard pre-WWI.

    The blockchain exists by itself apart from any government agency, so there's no way for the government to just sieze everyone's BTC without being very invasive. While it might not be great as a currency for daily use, it could provide stability to the value of more liquid currencies that are backed by BTC.

    #2 The decentralized nature means it's harder for the government to regulate it and manipulate it. BTC is also more secure against theft because there's no way to steal from someone unless a person could leverage more than 50% of the bitcoin miners. Once something has been written to the blockchain and it's been confirmed that nobody tried to double spend, it's essentially impossible to steal without acces to that person's wallet.

    CONS

    #1 There's a number of competitors like Etherium, LTC, and others. Will one of them win out, or will all of then prove useful in their own right? Either way, it seems like the jury is still out on what's going to happen, which adds uncertainty and make crypto less viable as an actual currency. BTC has been around for 10 years so it has some history, so you never know.

    #2 The rules around double spending mean that it's hard to steal for an individual, and probably counter intuitive/difficult for a group to attempt it. The computing power that it would require is just too much. However, a government and its massive defense budget could muster the processing power necessary. They might not be interested in stealing BTC for its value, but they could destroy the system and force the people using BTC back on a fiat currency.

    #3 The Federal Reserve doesn't like competition. This is the biggest issue in my mind. I could see BTC taking off if someone were to open some sort of full-reserve bank that issued bank notes backed by BTC, a la Rennaissance Italy, but I'm sure the government would step in and nip it in the bud long before it could happen.

    I only started researching this stuff the past few weeks, so feel free to let me know if I'm completely off base with these hot takes. I read Satoshi's paper, but I don't have a computer science background so I had to take him at his word for a lot of the logic behind it.

  7. #27

    Default

    @ltomo - pretty good summary!

    I'm not a fan of BTC in particular because it is not totally anonymous. The metadata about each transaction on the blockchain has been used to identify people in the past. It's very difficult to do so, but it is possible. I personally prefer Monero (XMR) for that reason alone.

    There are huge hurdles to overcome - the availability of useful developer tools and merchant adoption being the top two off the top of my head. It's a huge chicken and egg game if there ever was one.

    I think once non-cryptocurrency experts can build on top of a major blockchain, then we'll start to see some interesting moves being made that are consumer-oriented. I'm not deep enough in the world of cryptocurrencies to be well versed on the specific hurdles currently in place - I'm just waiting on the sidelines and watching to see how things play out. If more merchants accepted XMR, I'd surely use it as much as I could.

  8. #28
    Join Date
    Jul 2019
    Posts
    1,364

    Default

    Quote Originally Posted by bgilly View Post
    It's not so much that the design characteristics of a Faraday bag or cage are what makes it a pain in the ass, but rather the process of using one is a pain.

    For example, you have to shut down your devices or at least put them in airplane mode before putting them in. If you forget to do that, your battery will be dead when you go to use the device. If you did remember to shut it off or turn on airplane mode, then you have to power the device back on or turn airplane mode off. This process takes a device like a smartphone that most people are used to having constant realtime data access and turns it into an ad-hoc device. The mental shift in how you use such a device is what gets most people and eventually makes them let their guard down over time due to the annoyance factor.

    There are cryptocurrencies commonly referred to as stablecoins which are pegged to other stores of value like gold or USD. I think that defeats the purpose of a decentralized stored value platform and allows for external market forces to effect the cryptocurrency. But I have almost no expertise in stablecoins, so my opinion here might be way off base.
    Interesting. There are a few things I want to look into, then maybe I will ping you back on here about that.

    I could be making some inaccurate assumptions as well, but from my perspective the stablecoins would essentially allow a return to the gold standard (for those who wish), except without the difficulties of transporting or trading in gold. It would be a hedge against inflationary forces and provide a relatively stable second option in financial systems where foreign exchange or commodity markets become restricted or nationalized. For example, it could have been very useful in Venezuela during their recent inflation crisis.

  9. #29
    Join Date
    Sep 2019
    Posts
    765

    Default

    Ben, I don't recall this item brought up....

    If I want to separate myself from google (will have to be slowly, unfortunately) what email do you suggest? Is it proton email?

    2) I have privacy badger and duckduckgo on my laptop and desktop. How do I implement these on my phones?

    Very sorry if these were discussed on the podcast and I am forgetting.

  10. #30

    Default

    starting strength coach development program
    Quote Originally Posted by mpalios View Post
    Ben, I don't recall this item brought up....

    If I want to separate myself from google (will have to be slowly, unfortunately) what email do you suggest? Is it proton email?

    2) I have privacy badger and duckduckgo on my laptop and desktop. How do I implement these on my phones?

    Very sorry if these were discussed on the podcast and I am forgetting.

    Hi mpalios, no worries at all, I did not cover these things in the podcast because I tried to keep my advice there more simple in nature.

    For e-mail, I think it is important to note that e-mail is inherently not a secure communications channel. There are quirky ways to try to encrypt e-mails, but they are not user friendly. Even if you use a "secure" e-mail system like protonmail, you will often be sending and receiving e-mails to people who are not using such a system. If we all had protonmail, that would be helpful, but very few people actually do. Assume that most governments can read your e-mails if they so desire.
    What I personally do with e-mail is try to use a system where I am a customer and not a product - I focus on privacy from a commercial perspective. I do not desire to participate in an ad-driven economy. Any free e-mail system is using you as the product to further their ad ecosystems. So I try to use a paid e-mail system where I am a customer. I prefer Fastmail. It is hosted in Australia which has some terrible laws with respect to data privacy, but that doesn't change anything for me because I don't send sensitive data over e-mail anyways (I use Signal for that, or if need be I use protonmail to protonmail assuming my intended recipient has protonmail). My primary requirements for an e-mail host are reliability and support. Fastmail has both of those nailed down.

    Implementing privacy badger on your phone can only be done on Android and you would need to use Firefox. It is not possible on iPhone because iPhones force all browsers to use the iPhone's browser engine, thus eliminating the possibility of add-ons or extensions. However, if you use Firefox on iPhone, it has built-in ad blocking so you don't need any extensions. That's what I use on my iPhone. In addition to NextDNS of course.

    Duckduckgo can be set as the default search engine on most browsers, dig through your browser settings to find that.

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •