And also the creator of statoshi.info and founder of Mensa special interest bitcoin group.
Please welcome Jameson Lopp.
My fellow cypher punks, we are under attack.
Nations and nation states in their quest for omniscience have slowly stripped away our
privacy.
We are the frogs being boiled in the pot of so-called progress.
We cannot expect governments, corporations or other large faceless organisations to grant
us privacy out of their beneficence.
Our failures in this are our own fault.
As privacy only extends as far as the cooperation of one's fellows in society.
And it is up to us to push the boundaries of what is possible.
After being swatted a year ago, I set out on a mission to start my life over with a
renewed focus on privacy.
This journey has been long and arduous because there simply are not many resources out there
for how to achieve what I wanted.
It's important to note that the goal of this presentation is not how to disappear.
Though that is a good book that I recommend reading.
If I wanted perfect privacy, I would have closed all of my online accounts and resurfaced
as a pseudonym and stopped appearing in public at events such as this.
But rather my goal here is to achieve the best possible privacy while still retaining
my reputation.
And I want to be able to openly participate in this ecosystem as myself.
Now I will neither have the time to discuss physical aspects of security.
That could be an entirely separate presentation unto itself.
And another thing to note is that a lot of this advice is specific to your jurisdiction.
So I will reveal I do live in the United States of America somewhere, therefore a lot of this
is U.S. specific.
But in general, when you're looking at privacy resources, you'll find that most of them are
written for Americans.
And this is because Americans are under more attacks with frivolous lawsuits.
They're tracked by more private investigators.
They're targeted for more civil asset seizures and jailed for more homeland security charges
than any other country that I can think of.
In December 2013, Justine Sacco, a woman with a mere 170 Twitter followers, tweeted out
a very bad joke as she was boarding an airplane.
Sacco slept during her 11-hour plane trip and woke up to find out that she was the number
one Twitter topic worldwide.
With celebrities and bloggers all over the world denouncing her and encouraging their
followers to do the same.
Sacco's employer, a New York Internet firm, IAC, declared that she lost her job as director
of communications.
And at least one Twitter user showed up at the Cape Town airport to photograph her upon
her arrival.
Upon getting at her family's house shortly thereafter, she was nearly disowned.
The point being, in the information age, it does not take much for you to attract the
ire of millions of people.
In Bitcoin, we are actually have a long history of physical attacks against Bitcoiners dating
back to the first contributor who worked with Satoshi, Hal Finney, who was harassed for
many months and extorted for quite a bit of money, culminating in finally the swatting
which resulted in him having to be outside in a cold winter night while he was dealing
with ALS and was basically paraplegic, possibly quadriplegic.
Here you can see there are quite a few other more recent attacks that have happened as
the Bitcoin price has gone up, as mainstream adoption has gotten more awareness.
And in fact, we can see this is the results of an open source repository that I've been
running.
This is not a scientific study by any means, but there does seem to be a correlation between
physical attacks against crypto owners and the price and awareness of the Bitcoin space.
So it seems to be pretty common sense that as the Bitcoin and crypto ecosystem becomes
more mainstream, that criminals are going to be becoming aware of this, they're going
to be trying to figure out what their risk and reward ratio is, and they're going to
be perpetuating more attacks against people who publicly talk about crypto.
Because catch 22 is actually a result of the fact that once you get into this space, you
are incentivized to want to talk about it to many other people.
You want to understand it better.
You want to build upon it.
And unfortunately, the result is as soon as you start talking about it, you become a target.
After doing this for a number of years, you have public posts that are three, four, five,
six years old, and criminals out there start scouring the internet and doing the mental
math saying, oh, this person got in when Bitcoin was only X dollars.
They must have Y dollars worth of it by now.
They're probably a pretty juicy target.
So in looking into physical privacy, it really seems like there's about four different levels,
and most of this comes down to how much resources is your attacker going to be interested in
putting into trying to find you?
Or how much effort do you want to put in to trying to require that level of resources
to be spent?
So of course, the ultimate level is going to be a nation-state attack.
Basically unlimited resources.
If you're hiding from a nation-state attacker, I'm not going to be able to help you.
But I think that we can come to an understanding of how to make it reasonably difficult for
the average person, the average troll out on the internet who knows how to get into
various leaked databases to make it difficult for you to be found.
And some of the resources that I used for this guide were books such as How to Disappear,
How to Be Invisible.
My primary takeaways were that we end up giving a lot of personal information up, because
every time you're interacting with a different service provider, you're probably giving them
name, address, other personal information, that's going into a database, eventually over
your lifetime you've interacted with hundreds or thousands of these.
And so just as a result of the sheer magnitude of different replicas of your information
that are over the internet, some of those are going to get leaked and end up in various
databases that can be either searchable by people on the dark net or searchable by private
investigators who use various services that suck up as much data as possible.
So the goal here is to try to prevent any of that data that connects your name, your
identity and your residence, your physical address, to keep them out of any of these
databases.
The general solution to these data leaks is to use proxies of all kinds.
That's electronic, legal and human proxies.
So if you need to protect your physical location, you need to have the ownership of your residence
be in someone else's name.
Maybe that's because you're renting or leasing, maybe that's because you let a friend or family
member who is not really connected to you own the place that you're living in, or what
is more common, at least in America, is creating legal entities, limited liability corporations,
trusts, some sort of legal entity to shield your name from being listed on various public
documents of ownership of these things.
So you will actually find that I spoke to a bunch of the European speakers last night.
This is highly jurisdictional relevant, so you probably need to consult with a lawyer
if you're going to be looking into this because it seems like Europe does not have very good
privacy protections with regard to creating legal entities.
Even in America, it's not that great.
You'll find that really there are only two states in America that have good privacy protection
for corporations, and that is Nevada and Wyoming.
Here you can actually see one privacy-centric lawyer that does Wyoming-specific entities.
This is their sort of ultimate protection package where they're actually creating three
different LLCs and a trust, and they're really wrapping them inside of each other, basically
creating shell corporations that make it hard for anyone to puncture through multiple barriers
there.
If you are in Europe, I hear that Liechtenstein may have some good options, but I don't know
all the details, but just trying to point you in a direction there.
Also, with regard to living in a place that is owned by some other person, this works
well for a lot of people who are transient or don't have specific attackers that they
think are coming after them.
They're just trying to protect themselves in general, but if you're in a situation such
as myself where you think someone may actually be trying to cause you harm, then you probably
don't want to put somebody else in harm's way, and, of course, you should not receive
any deliveries or any other services in your name at this residence.
Same for utilities.
You also need to worry about, of course, any documents that are at your house.
You don't want to just put them in the trash without shredding them.
And then other public registrations, so voter registration being one of them, is definitely
a no-no.
So, if you really care about your privacy, you will probably have to give up on being
in the voter records.
Once you do get into a physical location that is secure, and, by the way, you cannot backdate
any of this.
It's not possible to apply this to your current location.
Your current location is already burned.
You will have to start over and move somewhere else with these protections in place.
Once you do get into a spot that has better privacy, then you have to worry about not
leaking any other data, and so that can be stuff as simple as audio-video data.
If you're doing audio calls, you might want to use a portable sound-proof box that basically
prevents any outside noise that might give away your location.
You would also think about photo metadata, such as the EXIF metadata can have basically
GPS and location coordinates built into it.
There are various tools to strip that out.
If you want to get really extreme, then you will even have to worry about temporal analysis,
so in the bottom left here is from OXT.me showing temporal analysis of Bitcoin transactions,
which show that whoever is making these is probably in Japan, and, in fact, that it does
belong to a Japanese exchange.
Now, this is something that you only really need to worry about if you're living in a
longitude that does not have a lot of land mass on it.
So if you're on an island or in Alaska or something where everywhere else on that longitude
is ocean, then you're creating a more concentrated area if you are not spreading out your time
of doing various public events, like social media tweets or whatever.
And then, of course, you don't want to make any public posts about any physical locations
or businesses that are near you.
And you may think that this is all kind of overboard, but a good example is actually
you may remember a few years ago, Shia LaBeouf had this secret art installation that he had
a video camera feed on, and 4chan managed to crowd source and track it down in about
24 hours.
And the way that they did that was first they looked at the planes that were flying overhead,
and they cross-checked that with public flight path information.
Next, when it went into nighttime, they looked at the positions of stars and managed to basically
get it narrowed down a little bit more.
And then the final piece of info that gave it away was some random 4chaner who was driving
around that general area honking their car horn every few seconds, just waiting until
eventually somebody picked it up on the feed.
And that's how they were actually able to find it.
So don't underestimate the power of the internet.
So the main thing here is you never want to associate your real name and identity with
your residence if you want to retain your privacy, because once this association gets
made and put in any database, then you should consider that to be compromised.
So there's a number of different things you can do from more expensive to least expensive.
There's actually a lot of good data on RV forums, like traveler forums, for people who
they legitimately don't have a permanent physical address, and they need to figure out how to
get around some various legal issues with having a residence that they can prove.
So you might want to get a really, really cheap apartment or an RV lot if you want to
have ultimate privacy without paying a ton of money.
But alternatively, you can talk to an attorney or you can look into these virtual addresses
and remailing services.
Now the downside to the remailing services is that they are in databases themselves,
and you're not going to be able to use a commercial remailing service address as a proof of residence,
because it's just going to get rejected.
That's why you end up needing to use something like an apartment or an RV lot that is not
in one of those databases.
Then it gets really tricky when we're talking about going around in the real world.
I mean, the proliferation of CCTV is pretty terrible.
We of course are all walking around with phones in our pockets.
You definitely want to disable as many location and tracking services on your phone as possible,
though we've seen that that may or may not actually happen if you turn it off.
Of course, keep GPS turned off.
But then CCTV countermeasures.
There's a number of different products out there.
Upper right is something called the justice cap, which is just a cap with infrared pointed
out at it to try to blind any cameras.
The bottom right is something called reflecticles, which is a more passive thing.
It doesn't emit any infrared.
It actually just reflects the infrared of cameras right back at them to cause blurring.
And then we actually see an infrared glasses that are being tested out over here just to
try to screw with facial recognition.
Now the problem with really all of these is that they only tend to work in low light conditions.
So if you're a night owl and you only go out at night, then maybe this would be fine.
But for daytime stuff, the only real option you have is pretty low tech cap, sunglasses,
hoodie.
You don't really want to be walking around with a mask on because that's going to get
some stares and is actually illegal in quite a few jurisdictions.
So next we have real property.
Other than just your house, you've got to have protection for your lambos.
So this is because, at least in America, any of this publicly registered property is easily
searchable on websites of local municipalities.
And so you want to have legal entities that own all of these different things, except
you don't want one legal entity to own everything.
You actually want a different legal entity for every piece of property you have.
And you may ask, why is that the case?
It's because, say you're at your Bitcoin, you're at the Bitcoin conference and you get
in your Lambo and you drive away and somebody tails you and they get your license info,
they give it to a private investigator who starts to do the search to figure out who
owns this car and where is it registered, blah, blah, blah.
They might then find out, oh, this is owned by LLCZ.
And so then they do another search to try to find everything that's owned by LLCZ.
And if your house is also owned by LLCZ, then congratulations, they just found where you
live even though you have all of these legal entities set up.
At least in America, tax records are generally not public information.
But there are 60,000 IRS employees who have access to it.
So I wouldn't exactly call it private information either.
So you probably don't want to have your real residence on your tax records.
And as far as I'm aware, that is legal.
Bottom right is not just another Lambo, that's actually the cheetah.
This is because in many jurisdictions, pets are also considered real property that have
to be licensed and taxed and thus also create public paper trails that people can use to
try to find you.
One other thing to note is that when you have vehicles that are owned by corporations, if
you don't want to get personal insurance on the policy, then you need to get commercial
fleet insurance and that tends to be about twice as expensive in my experience.
So then with your real name, when you're going around wherever you live and you're going
to have to interact with people and service providers, you're probably going to have some
come to your house and do different things, there's no reason to give them your real name.
So you might as well come up with a pseudonym.
And the main thing that is really important when you're having a pseudonym is that you
want it to be common to whatever area you're living in.
You want it to be basically unmemorable.
The best thing that you can do is to look at census data and try to figure out what
are the most common names and just pick one.
And pick one and use it with everyone because otherwise you're going to get confused about
which pseudonym you gave to which provider.
And there's actually, there's this namey, if you're in the United States, that uses
the U.S. census data, makes it very easy to find.
And in my experience, it's not like any of these service providers are going to ask you
for your government ID.
I mean, I've told dozens of people my pseudonym and never had them question me on it.
Unless you're doing something where you're actually trying to purchase like an age-restricted
item, then don't expect to get carded.
Other than proxies, a very common privacy strategy is to hide in the crowd.
So you don't want to stand out.
As such, if you have a mohawk or blue hair or a foot long beard, you should probably
think about getting rid of it.
Don't wear flashy clothes.
Don't drive a Lambo around.
Don't even do any stupid modifications to your car like crazy wheels or Bitcoin stickers
or anything like that.
That's just going to attract attention.
You want to have a run of the mill lifestyle that nobody else even has a second glance.
When we start talking about privacy online, this is a whole other can of worms that could
be its own separate presentation.
Just a few thoughts.
Use a better search engine than Google or Yahoo or whatever.
Use a privacy centric one like DuckDuckGo or StartPage or several others.
Hide as many of these privacy protecting browser extensions as you can.
Privacy badger, you block origin, HTTPS everywhere.
Get a better email provider that is privacy centric.
Protonmail, Tutanota, good examples.
And of course, use a VPN.
Use a VPN all the time.
Why not use a VPN?
You should definitely use a VPN if you're on a Wi-Fi connection that is owned by someone
other than you.
But in general, I'm using a VPN all of the time just to mask where my geographic location
is.
It's not just for, like, the encryption and the tunneling to prevent people from snooping
on the actual traffic.
This is a very complex topic of deciding which VPN is good for you, and I'll have a lot more
resources on that.
More advanced VPN usage, I actually recommend that you set up your VPN on your home router.
This saves you a lot of time versus having to configure it on every single device.
Also, you know, your VPN server is probably going to have a hiccup every now and then,
and having to, like, restart your VPN client on every device gets really annoying.
There's a number of aftermarket firmwares.
I'm a big fan of the Asus Merlin firmware.
Makes it very easy to set up multiple different VPN providers.
And the really important thing, though, is to set up a kill switch.
And basically that means if the VPN goes down, your router stops routing anything.
Otherwise, the default is it will just start sending it over clear net.
And this will happen, and you won't notice for days or weeks until all of a sudden you
notice you're not getting all of those cool identify this car or identify this street
sign captures coming up whenever you're trying to log into stuff.
If you care a lot about the bandwidth that's going through your home connection, you will
find that even with the really high end consumer routers, I have this dual CPU router over
here.
It's going to max out at probably around 30 megabits per second.
So if you need more than that, you're going to want to either buy a VPN accelerator or
spend a lot more time actually buying a beefy standalone Linux box that you set up to be
a router itself.
It will be able to do the compression and decompression a lot faster than even these
expensive at home routers.
So as we said, phones really are terrible for privacy.
But they're really convenient.
And so the best option is not to carry one, but if you must have one, then you should
probably go the prepaid route.
And this basically means using cache or some other anonymous form of purchasing a prepaid
phone that is not a subscription plan, that does not have your name or address connected
to it.
It can actually be tricky to do.
I'm a big fan of the wire.
So I figured I'd just be able to go into any gas station and get my burner and I'd be done.
But at least in my area, that was not the case.
I went into a few different places and asked for prepaid plans and they asked me for ID.
And apparently, you know, homeland security and all of that stuff.
So I actually ended up having to go online and was able to get a track phone without
giving any identifying information.
It's also worth noting that if you are using these virtual phone services, like number
proxy, tossable digits, et cetera, what you can then do is basically have a second proxy
for your phone.
So you never give out your burner phone number.
You actually give out burner virtual numbers that then forward to your actual burner phone.
And by doing this, you're actually protecting yourself even more and should protect you
from sim swapping because even if someone manages to find a phone number that's associated
with you, they still have no idea which service they would go to to even try to social engineer
to steal your phone number.
For more online protections, pretty common stuff.
Hopefully everyone in here knows this and this is preaching to the crowd.
The only password you should know is the password to unlock your password manager, which, by
the way, you should also be securing with additional hardware two factor authentication.
All of your passwords should be really, really long and complex.
Email accounts are big points of failure.
Really any online account that supports hardware 2FA, you should have hardware 2FA on and never
reuse passwords because after all, everything that goes into a database on the Internet
is probably eventually going to get compromised.
Same thing here, though, like for Trezor and Ledger owners is that they support FIDO U2F
standards, so you can actually use those as a hardware 2FA if you're not a YubiKey fan.
And for general communications, there are a few products out there, Signal, Telegram,
WhatsApp that provide pretty decent encryption.
I'm not saying these are perfect.
I'm sure they all have their flaws and tradeoffs.
For sending emails, Cisco has a registered email service that's encrypted, send safely,
allows you to send larger encrypted files.
You may notice that I don't have PGP on here and that's because I can count on one hand
the number of people that I routinely contact via PGP encrypted emails.
It's just way too difficult for the average person and you shouldn't expect other people
to have to use that.
Finally, with financial data, everyone in America is familiar with these top three,
but there's actually quite a few more credit reporting agencies and they have a lot of
your information.
They get hacked.
This results in identity theft.
And basically, if you're in America, you should go to every one of these and request a security
freeze.
I'll have links to all of that later.
For buying stuff, cash, of course, is king, but I've actually found over the past year
that a lot of places don't have enough cash on hand to give me the right change.
I think cash is dying out a lot in first world countries.
Really, the next best thing is prepaid debit cards.
You can buy those in a lot of different stores.
You can also get a number of different virtual prepaid debit card services.
Privacy.com is an interesting one because they let you create an unlimited number of
cards and set different spending policies and even create burner cards.
One side to privacy is that it hooks up to your checking account, so, of course, that
itself is a privacy leak.
The way you get around that is you actually set up using an anonymous LLC or other entity
set up a checking account with them and then hook up the privacy.com to your anonymous
checking account.
This actually works.
It takes them a few days to approve it, but I haven't had any problems with it.
And there are a lot of other gotchas.
People run into various issues with some of these services because some merchants just
don't accept prepaid debit cards.
Driver's license in America is a big problem because it requires us to have real ID, which
means it has our residence on there and we have to provide multiple proofs of residence
to get our driver's license in America.
I think this is not the case in a number of other countries, but if you find yourself
in this situation, if you've done all the other stuff I talked about, you can't prove
your residence.
So what you end up having to do, once again, is either like go to a friend, but if you
don't want to make them a target, you need to go find some other really cheap room or
RV lot or something like that that you can use because you have to be able to get utility
bills and bank statements and other stuff at that address to prove that you live there.
In terms of general data leakage prevention, because there are places that ask you for
your ID, you can actually get a passport card and that will not have an address on it or
even like a state that you live in.
Protecting your vehicle a little bit more.
There are some products you can get.
They may be legal or illegal in various jurisdictions.
Of course, if you have a car that is owned by an anonymous LLC, that's probably the best
thing to do.
You can also think about the fact that a lot of these newer cars basically have tracking
services built into them.
I'm not sure how easy it is to disable some of them.
You may want to end up going with an older vehicle or a cheaper one that doesn't have
that.
Or finally, just don't get one in the first place.
I have found that I've been able to use these anonymous LLCs to set up accounts with various
peer-to-peer ride sharing services so I can still use Uber and Lyft and whatnot without
actually having my identity associated with that account and thus my movements being tracked.
Protecting data at borders.
There's a couple of different schools of thought here.
One is you just encrypt everything and go through and pray they don't ask to get in
because then you might have an issue.
The other one is you don't encrypt or don't carry any data or are willing to log into
your device because there's nothing on it.
If you're going that route, then the trick is to figure out how you're actually going
to get the data across the border.
You could physically mail an encrypted drive to wherever you're going.
You could have it hosted somewhere on a secure server that you then download once you get
to your place, but hopefully there's enough bandwidth for you to do that.
Or you could actually run it on a virtual private server and just use your laptop as
a thin client that you're basically remoting into the server itself.
Stretch goal.
If you get through all this stuff and you're just raring to do even more, misdirection.
So go around like when you're getting ready to move, talk to various people, tell them,
yeah, I'm getting ready to move to and pick your favorite plausible location, and heck,
you can even make a trip out of it.
Go check out that location.
Maybe check out a few houses, apartments, open a small bank account that won't cost
you very much.
Get a ping on your credit report that you're basically setting up shop in that area before
you lock down your credit, of course.
And the idea here being that, once again, what we're trying to do is make it cost more
resources for someone to find you.
So if you end up sending them down the wrong path, then hopefully they'll waste enough
time there and realize that you're just screwing around with them and it's not worth their
time to keep going.
Finally, you need to stress test your setup.
The only way that you know if it works is if someone actually tries to find you.
So I've hired private investigators, hired white hat hackers, and that's how I've learned
a few of these things.
Like I thought that my driver's license wouldn't be a big deal until a private investigator
gave me a data dump with all of my driver's license info, and that's when I learned that
the majority of states in the U.S. have been selling driver's license data for decades
at this point.
So you get, I have not done this, but if you really want to go all out bonus points for
social engineering friends and family, because they will be the weak points.
The limitations here are going to be the other people that you're working with to try to
set up your privacy, because bankers, lawyers, pretty much everybody has no clue how to do
this stuff.
It's still a very rare thing.
And so they're going to make mistakes.
You can ask them, you know, only use these encrypted channels, but they'll probably screw
up just out of habit and submit things unencrypted.
So you have to, you basically have to watch your back, watch everybody else who you're
working with.
So this is only a tiny sliver of the information that I have.
I will actually be posting the in depth right up on my medium in the next few days.
And as I said, I am not omniscient.
I have learned a lot while doing this over the past year, and there are probably a lot
of other things that some of you in the audience have learned.
And if we can collaborate, I would be happy to learn more from you as well.
Can we get a microphone?
Money you can get as well, but your identity you cannot store elsewhere.
Have you thought about storing an identity on the blockchain?
Because I did some investigation to it during my study.
And lots of companies are breaking brains on this subject.
So please give me your view thoughts, etc.
Well, I mean, in general, blockchains are pretty terrible for privacy.
So I'm actually, I'm kind of worried about, you know, what type of identity or tracking
products might come out of trying to apply blockchain to the identity space, mainly because
it's, you know, it's very hard to go back.
If you have, you know, data that's on a blockchain that gets leaked, how do you undo that?
How do you take it back?
How do you secure it?
It's not something that I would want to do unless I had a lot of details of what the
implementation was, but we'll see.
I don't want to be the one who puts a price on privacy, but I'm wondering how much it
costs you if you want to say a magnitude and what's the percentage cost increasing or decreasing
on your daily or yearly budget?
Yeah, and this is something that I talk about in the post, but one of the terrible things
about this is that poor people are priced out of privacy.
I have had to spend close to $20,000 in attorney's fees to do a lot of the research to figure
this out, because as I said, it's jurisdiction specific.
There's a lot of this that you can do on your own, but it's going that extra mile, you know,
that last 5%, that last 1% is when it gets really expensive.
So all in all, I've probably spent close to $30,000, and my ongoing costs, mainly for
maintenance of these legal entities and maintenance of these other properties that are basically
ghost addresses, is going to be in the realm of like $10,000 to $15,000 a year.
So that level of extreme privacy is not something that the average person is able to afford,
and it really sucks that we're in a situation like this.
But I'm afraid I can't answer the rest of your questions, but I will be available on
the Internet as usual.
I'll catch you later.
Thank you.