Is Bitcoin being used to spread “child abuse imagery”? Not really.

Yesterday, the Guardian wrote that “researchers have discovered unknown persons are using bitcoin’s blockchain to store and link to child abuse imagery, potentially putting the cryptocurrency in jeopardy.”

Is that true? This is a serious allegation. Unfortunately, both the Guardian story and a Bitcoin.com article which rejects these claims make grossly inaccurate statements. Furthermore, the cited study makes false statements about Bitcoin in its abstract. Aside from the sensational claims in the abstract, and the even more sensational claims in mainstream media articles about it, the paper is fairly thorough and accurate – but contains no new insights or discoveries, and duplicates prior work without credit. This is a common pattern: researchers make modest claims about something, an editor exaggerates them in the abstract to get attention, and then allows ignorant journalists to make an even more dramatic exaggeration in the press.

So does the Bitcoin blockchain contain illegal content? Not really.

While the media and the public like simple and definitive answers, getting to the truth of this claim requires understanding something about how Bitcoin works.

Bitcoin is a payment network. For the most part, the network itself only records the destination addresses of payments and the amount sent. There is no need for the network to store any arbitrary information which is not specific to a transaction. For example, unlike bank wires, there is not “memo” field in Bitcoin for adding “for pizza, love mom.” Aside from an 80 character field available for miners who sign blocks, the primary way to store non-payment information in the blockchain to use fake destination addresses for transactions. It’s kind of like one of the crank calls in The Simpsons:

Moe: Hello, Moe’s Tavern. Birthplace of the Rob Roy.
Bart: Is Seymour there? Last name Butz.
Moe: Just a sec. Hey, is there a Butz here? Seymour Butz? Hey, everybody! I want a Seymour Butz! [the entire bar laughs; realizes] Wait a minute… Listen, you little scum-sucking pus-bucket! When I get my hands on you, I’m gonna pull out your eyeballs with a corkscrew!

As you might imagine, this is a very inefficient way to store information. Bitcoin transactions have size limitations, so one can either send very small files or split files among many transactions. Since the Bitcoin network charges senders based on transaction size, sending large files is expensive, and much more so with the increase in the price of Bitcoin. The more popular Bitcoin becomes, the more expensive it becomes to insert non-trivial amounts of information.

This is why most images stored in the Blockchain so far were placed there when Bitcoin was cheaper and are tiny, low-resolution images (sample embedded “image” follows):

---BEGIN TRIBUTE---
#./BitLen
:::::::::::::::::::
:::::::.::.::.:.:::
:.: :.' ' ' ' ' : :
:.:'' ,,xiW,"4x, ''
:  ,dWWWXXXXi,4WX,
' dWWWXXX7"     `X,
 lWWWXX7   __   _ X
:WWWXX7 ,xXX7' "^^X
lWWWX7, _.+,, _.+.,
:WWW7,. `^"-" ,^-'
 WW",X:        X,
 "7^^Xl.    _(_x7'
 l ( :X:       __ _
 `. " XX  ,xxWWWWX7
  )X- "" 4X" .___.
,W X     :Xi  _,,_
WW X      4XiyXWWXd
"" ,,      4XWWWWXX
, R7X,       "^447^
R, "4RXk,      _, ,
TWk  "4RXXi,   X',x
lTWk,  "4RRR7' 4 XH
:lWWWk,  ^"     `4
::TTXWWi,_  Xll :..
=-=-=-=-=-=-=-=-=-=
LEN "rabbi" SASSAMA
     1980-2011
Len was our friend.
A brilliant mind,
a kind soul, and
a devious schemer;
husband to Meredith
brother to Calvin,
son to Jim and
Dana Hartshorn,
coauthor and
cofounder and
Shmoo and so much
more.  We dedicate
this silly hack to
Len, who would have
found it absolutely
hilarious.
--Dan Kaminsky,
Travis Goodspeed
P.S.  My apologies,
BitCoin people.  He
also would have
LOL'd at BitCoin's
new dependency upon
   ASCII BERNANKE
:'::.:::::.:::.::.:
: :.: ' ' ' ' : :':
:.:     _.__    '.:
:   _,^"   "^x,   :
'  x7'        `4,
 XX7            4XX
 XX              XX
 Xl ,xxx,   ,xxx,XX
( ' _,+o, | ,o+,"
 4   "-^' X "^-'" 7
 l,     ( ))     ,X
 :Xx,_ ,xXXXxx,_,XX
  4XXiX'-___-`XXXX'
   4XXi,_   _iXX7'
  , `4XXXXXXXXX^ _,
  Xx,  ""^^^XX7,xX
W,"4WWx,_ _,XxWWX7'
Xwi, "4WW7""4WW7',W
TXXWw, ^7 Xk 47 ,WH
:TXXXWw,_ "), ,wWT:
::TTXXWWW lXl WWT:
----END TRIBUTE----

Here’s the address for the above tribute. It cost 1 BTC to send or $8500 at the current price of Bitcoin. Not a very cost-effective way to share illicit files, is it?

Still, based on the above, it seems like it would be possible to store illegal information on the Blockchain if one were able to make it very compact and spend enough money on it. Even if there is nothing illegal in the Blockchain yet (and the study presents no evidence of such information, despite articles which state otherwise), it could always be added in the future.

However, here is an important point: arbitrary information in Bitcoin can only be included by steganography, and cannot be read without tools which have nothing to do with the primary function of Bitcoin. Steganography is “hiding data in plain sight” – in other words, using information flows in ways other than they were intended to and that are not visible to normal users without special tools. Steganography has been known since 440 BC when Herodotus mentioned two examples in his Histories.

There is no way to prevent information from being hidden in any communications channel. For example, two criminals could conduct a series of bank transfers where the monetary amount itself encodes a message with illegal content. There is no way to detect or prevent such a message. However —  the payment network itself has no capability to decode such a message and is not designed for such a use. It’s actively hostile to such a use since all transactions (whether we’re talking about Bitcoin or bank transfers) incur a cost and can store very limited data.

Here is a screenshot I took of a Bitcoin transaction which contains the entire whitepaper where Satoshi Nakamoto presented Bitcoin:

As you can see, the output (aka destination) field contains a hex-encoded alpha-numeric string, which no Bitcoin client can convert into a human-readable message – because that is not their purpose. Furthermore, using Bitcoin to share secrets is a terrible idea. Not only is the amount of information that can be stored very limited, but the information is public for the world to see. Worse, Bitcoin transactions require spending Bitcoin and have the potential to trace back the transaction to a real-world Bitcoin purchase.

A final note: a major inaccuracy is the paper’s claim that “clearly objectionable content such as links to child pornography, which is distributed to all Bitcoin participants.”  The paper provides no such evidence, and only mentions that it found unspecified “nudity of a young woman.”  More importantly,  99.9% of Bitcoin users use a “light” client, which does not contain the full blockchain. Light clients defer blockchain validation to online servers which store the full node.

Here is an earlier and more accurate paper which contains a more fair analysis of the possibilities for data insertion on the Bitcoin blockchain.

 

The Internet Did Not Kill the Music Star

For decades now, we’ve been hearing how file sharing, cheap iTunes singles, online radio, and stream ripping “killed” the music industry. In 2014, Taylor Swift wrote about the future of the industry in a Wall Street Journal article.  Her fantastic economic claims have been debunked elsewhere, but one of her basic criticisms was that Internet streaming is challenging the traditional revenue model of the music industry.  However, Taylor’s own career demonstrates how the Internet and digital technology have lent themselves to a creative renaissance of the music industry, in part due to her own leadership.

Rather than the death of the music industry, we are seeing a glorious revival of music, and nowhere is that more evident than the top music videos on YouTube, which has become one of the primary ways that young people listen to music. The YouTube “music” channel has almost 100 million subscribers, with over 4 billion views for top videos. Nearly all of the top 100 videos on YouTube are music videos.

Here are five videos which demonstrate how the Internet is enabling a glorious revival of the music industry:

1: Taylor Swift – Shake It Off

Shake it Off seamlessly blends Taylor’s “dorky dancer” style with some of the world’s best dancers, combining hip hop, ballet, modern dance, jazz, breakdancing, and even a cheerleader performance. The video makes dozens of pop culture references while mocking Taylor’s competition and inspiring dozens of articles about her feuds with other celebrities.

When it rocked the charts with 2.4 billion views, Shake it Off was one the biggest pop music videos ever. Released for her 1989 concert tour, the video helped Taylor make over $250 million, making hers the highest grossing concert tour ever, and making Taylor one of the world’s highest-paid celebrities.

Taylor used the demand for her album to force Apple to change its policy of not paying artists during free trials of its music service. While Taylor often denounced streaming music on the Internet for not paying artists enough, it’s clear that she (or her publicity team) is a clever negotiator, and skillfully used the audience made possible by the Internet to achieve massive success.

2: Fifth Harmony – Work from Home ft. Ty Dolla $ign

With 1.7 billion views, Fifth Harmony’s hit music video Work from Home shows that the girl group still has massive appeal.

Fifth Harmony rose to stardom through effective social media marketing, with billions of YouTube views and over 10 million followers on both Instagram and YouTube.

In “Work from Home” the group mixes R&B hooks with hip-hop and minimalist synth beats to create a sexy, modern neo-feminist take on the relationship dynamic.

The song features “…slinking beats and playfully sexy lyrics about convincing your partner to skip the boardroom for the bedroom.” Numerous double entendres are present in the lyrics and the music portrays “freaky bedroom fun as glorious mostly in the bounds of a relationship.”

While a previous generation of R&B and pop music presented women as sexual objects, this song and video flips the dynamic and presents men in hard hats with bulging muscles as the object of desire. The women in this video “appear to now be in full control of their collective sexuality and [are] wielding it as they choose.”

The audio and video editing on the music video are impeccable. Before digital editing, music videos like his would have been prohibitively expensive to produce for all but the biggest stars. Modern digital video editing tools have allowed little-known groups like Fifth Harmony to rocket to stardom by releasing tracks and videos that are just as polished and thought-out as Hollywood blockbusters.

The music in Work from Home was digitally produced by two artists, while other groups recorded the vocals, and yet another company mixed the vocals and audience, and incorporated samples from other songs. The digital nature of modern music and video production allows the entire process to be distributed across a complex global supply chain.

Similar videos have led to great success for other girl groups: see G.R.L.’s Ugly Heart and Little Mix’s Black Magic.

3: Cher Lloyd – Want U Back

Cher Lloyd’s track Want U Back is one of my favorites for the playful and creative way she uses her voice:

The track is produced by Shellback, a musician and record producer (with four Grammys) who is responsible for several songs on this list. Cher’s vocals span from low note A3 to high note F#5, and Shellback uses Cher’s vocal dexterity to “give the song an almost caricature quality.”

While digital audio processors such as Auto-Tune are often known as cheap gimmicks, modern pitch correction tools are much more subtle and were creatively used to mix LLoyd’s vocals, including a recurring hook from the sound of her ‘frustrated grunts.’

4: Logic: 1-800-273-8255

American rapper Logic often writes about his drug use and issues facing African-American communities. His song 1-800-273-8255 referrers to the phone number for the National Suicide Prevention Lifeline.

This track shows the remarkable merger of rap and hip-hop with pop music culture, both musically and socially. Here is Logic’s explanation of his song:

So the first hook and verse is from the perspective of someone who is calling the hotline and they want to commit suicide. They want to kill themselves. They want to end their life. When I jumped on a tour bus that started in Los Angeles, California and I ended in New York City and did a fan tour where I went to fans’ houses and shared meals with them, hung out with them, played them my album before it came out. Them along with other people on tour, just fans that I met randomly, they’ve said things like, “Your music has saved my life. You’ve saved my life.” And I was always like, “Aw so nice of you. Thanks.” And I give them a hug and s**t but in my mind, I’m like, “What the f**k?” And they’re really serious. And they tat s**t on their arms and get s**t like lyrics that save their life and in my mind, I was like, “Man I wasn’t even trying to save nobody’s life.” And then it hit me, the power that I have as an artist with a voice. I wasn’t even trying to save your life. Now what can happen if I actually did?

Rap music has evolved from boasting about women, drugs, and money to awareness of greater social issues. Logic’s music video features a young black man who struggles with his sexuality and considers suicide. Following the night of the 2017 MTV Video Music Awards, the NSPL experienced a 50% surge in the number of calls to their hotline.

For a similar video in the electronic music genre, check out Clean Bandit’s Symphony, which merges classical opera and electronic music.

5: Sia – Chandelier (Official Video)

Sia’s “Chandelier” is brilliant on several levels. On first listen, the song appears to celebrate binge drinking culture. However, a closer look reveals that Sia is really diving into her experience with substance addiction and the culture of binge drinking. The music video reinforces the message with a stunning dance performance by 11-year-old Maddie Ziegler. Maddie’s performance is an “interpretive dance in a deserted, dirty apartment ‘while spinning, kicking, leaping, crawling, falling, twirling and hiding herself behind window drapes.’”

I am no fan of contemporary dance, but Maddie is clearly a highly skilled artist who integrates movements from ballet and gymnastics into a sequence which deftly visualizes the mix of ecstasy, escapism, and – ultimately – the self-loathing and desperation of Sia’s lyrics.

While Chandelier is lyrically and visually simple, it also highlights cultural assimilation at its best. It is an electropop song that features electronica, R&B, and reggae influences. Sia is an Australian whose career took her to London and ultimately Southern California, where she met local choreographer Ryan Heffington on the set of her music videos. Their collaborations have “done more to raise the standards of dance in pop music than nearly any current artist integrating the forms.” Ryan has since choreographed several hit music videos, tv shows, and even the film Baby Driver.

One unique aspect of Sia’s performances is that she chooses not to reveal her face, and even faces away from the audience during live performances. With 5 billion views, the success of her YouTube videos has been essential in taking her career from a music writer for other musicians to a successful performer, despite her unconventional performing style.

While musicians and music industry executives have often criticized the impact that the Internet and technologies are having on music, several tech innovations are in fact enabling a creative renaissance in music. These include:

  • Digital audio processing innovations such as Auto-Tune and pitch correction have opened up new harmonic and compositional possibilities and created stars from singers with less-than-pitch-perfect voices.
  • Digital video production and editing tools that have dramatically lowered the cost of producing quality videos.
  • Social media allows artists to reach fans on an unprecedented scale and bootstrap themselves to massive success.
  • Instant global communications have allowed artists to collaborate in new ways, sourcing the best talent from around the world, and inspiring the synthesis of cultures and genres.

The Internet and tech aren’t killing music, they are driving its creative explosion.

Can DAG-based cryptocurrencies like IOTA scale better than the blockchain?

Some people claim that DAG (directed acyclic graph) technologies like the IOTA’s Tangle or Byteball will be able to scale (process large transaction volumes) better than blockchain-based technologies like Bitcoin and Ethereum.

Let me start by saying that only a few people in the world are qualified to offer an expert opinion on the question of whether a blockchain or DAG perform better. They make a great deal of money, and their time is generally too valuable to comment on Internet forums. This is why you see a lot of DAG advocates claim that it is superior without informed counterpoints.

I will admit that I’m not qualified to offer an expert opinion on this either.

However, the claim that a DAG scales better than Blockchain should not be accepted at face value. A number of people smarter than I have said that validating a DAG is far more labor intensive than a block.

There no magic solution to the problem of keeping thousands or millions of nodes synchronized, and DAG based networks like IOTA actually rely on a single Coordinator node which keeps the network from fragmenting. This is the very thing that cryptocurrencies were created to avoid!

While some see the need to put transactions in a block as a negative, the blockchain is actually a very efficient, market-driven way for the users of a network to bid on processing capacity. Transaction fees ensure that the network is always capable of processing the most valuable transactions, whereas a DAG-based network may be overwhelmed and fail if load gets too high. Centralized “coordinator” nodes may solve this problem, but if so, DAG advocates cannot claim that they are necessarily more distributed and scalable than Bitcoin.

Furthermore, with second-layer technologies like Lightning Network, Bitcoin has explicit and unlimited scaling options. The scaling potential of coordinator/master node model in DAG-based currencies is far less clear.

How Easy Money Is Rotting America from the Inside-Out

The Federal Reserve has been the main cause of business cycles in America since 1913. For several decades, it has tried to hide the consequences of its policies by enabling easy credit during each recession. As Jonathan Newman wrote yesterday, pouring trillions of dollars into the financial sector obscures the external signs of the recession such as low asset prices and high unemployment and promotes economic malinvestment.

This malinvestment creates the conditions that cause the next recession. Some of the consequences of the Fed’s policies, such as stock market and housing bubbles can be directly attributed to its policies. In other cases, the artificially low interest rates and other “easy money” policies foster an “infrastructure rot” that erodes the efficiency of the American economy, the standard of living of consumers, and eats away at American infrastructure. These effects are difficult to trace back to the Fed’s policies, so let’s concretize some examples to understand how Federal Reserve policies affect America.

At the city level, low interest rates allow cities to fund new public projects such as parks and bridges. While this may seem fine and dandy, all infrastructure projects have a maintenance cost. It’s not sufficient to build a park. One must also have the money to maintain it every year. If there is not enough revenue to pay for maintenance, the park will literally rot until the playgrounds fall apart, the lawns are overgrown, the lights fail, and the park becomes too dangerous for families to play in.

The same thing will happen to streets, bridges, and plumbing. This is one of the ways urban decay happens: easy money policies fund unsustainable urban infrastructure projects which make politicians look good, but end up crumbling a few years or decades later. The Flint water crisis happened in large part because the Federal government funded infrastructure projects that were not sustainable by the incomes of the people of Michigan.

Easy money from the Fed also rots the guts of American corporations. New money goes to the most politically-connected businesses first, and funds projects that would not be possible in a free market. Because private investors haven’t actually saved enough to see the projects through to completion, and consumers don’t value the product enough to cover production costs, the companies getting free money from the government either fail or receive endless bailouts. For example, easy money encouraged unsustainable commitments like high union wages and pensions, forcing US automakers to sell cars for prices that consumers could not pay given their actual savings rate. When sales dipped in 2009, the government was forced to bail out GM, Chrysler, and Ford in 2009.

While small businesses are the last to get access to the Fed’s easy money taps, big banks received over $700 billion in TARP bailouts and even more selling U.S. Treasury bonds to the Fed under the QE program. Such subsidies signal to banks that their primary customer is the government, not consumers. As a result, financial services have stagnated, and banks have fought rather than embraced genuine innovations like the blockchain.

The 2009 crisis made banks cautious of making mortgages to people who clearly could not afford them. But the Fed kept giving away free money and enabled a new phenomenon: zero-interest auto loans. While this may seem like a good deal for consumers, the Fed’s credit expansion has created an auto-credit bubble worth 9.2% of all household debt. Consumers are buying and leasing cars that they would not normally be able to afford.

Instead of being taught to save, millennials are learning to have a negative savings rate (acquiring more debt than assets) and trust their future entirely to the government. If a recession happens, millions of people will suddenly find that they are unable to keep their cars and lack any emergency savings. When millions of unwanted cars are dumped back onto the market, automakers will again be unable to keep up with their inflated liabilities, requiring another bailout.

Perhaps one of the most destructive products of easy money has been the War On Terror. The U.S. has spent about $5 trillion on this seemingly endless war, and most of the money has not come from higher taxes, but from selling bonds to institutions like pensions funds, and especially foreign countries such as China and Japan. American citizens have gained nothing of value, while our government has been spreading death, destruction, and revolution abroad.

While the national economy has gotten away with federal deficits and a $20 trillion dollar debt for decades, this trend is only sustainable as long as the rest of the world keeps lending the U.S. money. When they decide to stop funding our wars and financial irresponsibility, Americans will suddenly be faced with paying trillions of dollars in liabilities. This overdue correction will likely come with dramatic reductions to Americans’ standard of living.

My point in writing this is to help you visualize the destructive effect of the U.S. government’s easy money policies from an abstract harm to the practical harm: collapsing bridges, kids poisoned from lead plumbing, millions of cars rotting in junkyards, scandalous bank services fees, bombs falling on innocent people all over the world, and widespread poverty once the easy-credit party ends.

Originally published on FEE.org

Is the value of Bitcoin based solely on speculation?

It’s not true that Bitcoin’s value is set solely by speculators. It has a use value which would exist even if all the speculators vanished. I know a company that pays their employees in Bitcoin – not because they think its value will go up, but because it’s cheaper than the transaction costs involved in fiat-denominated payments. I know a lady in Zimbabwe who is using Bitcoin because she does not have access to a sound currency.

These people are not speculators: they may prefer to trade their Bitcoin for a fiat currency at the first chance. However, their ongoing usage provides a demand for Bitcoin and thus establishes a price floor. The price of Bitcoin is the combination of current non-speculative usage and expectations for future non-speculative use cases for the Bitcoin network.

This is different than a purely speculative asset like rare stamps or baseball cards, which have no current or future use value.

Bitcoin is still the most innovative crypto asset

I’ve heard an assumption that because many alt-coins do “more” than Bitcoin and have a higher combined market cap, their technology must be more advanced, and therefore Bitcoin will be left behind in value and market share.

I disagree for two reasons:

First, the fact that an asset such as Ethereum does “more”, does not mean that the market will value its feature set higher.
The potential market value of any given cryptoasset depends on the value proposition it offers to individuals times its potential market share. It remains to be seen whether Ethereum will be able to create meaningful products for individuals and how big the “smart contract” market will be in the near to medium future. Likewise for Blockchain-based lending, eSports, prediction markets, or organic banana crypto assets. Currency is a more universal need than smart contracts, so even if Ethereum provides a lot of value to autonomous corporations, the Bitcoin market may be much larger.

Second, the market cap of crypto assets is not an indication of the pace of technical innovation. Bitcoin is worth less than 35% of the 400 billion + crypto market cap, but that does not mean that it has 35% of the resources. According to analysts at JP Morgan, the ratio of money invested to market value for crypto assets is about 50/1. In other words, there has only been a few billion dollars invested in crypto, not $400+. That’s why the price fluctuates so wildly. ICO’s and altcoins are even more overvalued than Bitcoin given how fast their price has shot up. Altcoins have far fewer resources at their disposal than the price would suggest because their price would rapidly drop if the founders sold their share to pay for innovation. The vast majority have only a few people (if any) actively doing development. Bitcoin and Ethereum have the largest development teams by far. I suspect Ethereum has more contributors, but it also has a far larger feature set, so core functionality gets a lot less attention than core Bitcoin functionality.

The fact is, the vast majority of ICO’s and cryptocurrencies are doing very little technical innovation compared to the resources invested in Bitcoin Core. This is not at all to dismiss the value of experimentation and innovation, just to put it in context. As an analogy, it’s great that Bugatti and McLaren are innovating in supercars, but Honda and Toyota invest far more in technology that is practical to the vast majority of drivers and therefore are worth far more. Honda’s work in automatic accident mitigation/prevention is far more important than shaving 1/10th second from your 0-60 time. Likewise, Bitcoin Core’s work in implementing fast and stable large-scale networks (with Segwit and Lightning Network) is more important than the latest exotic token.

I believe that the market will eventually correct the imbalance between the fundamental value of Bitcoin and the hype over altcoins. It is also possible that some other asset has or will come up with a genuine valuable technical innovation, overcome Bitcoin’s network effects, and gain dominance. Presumably, that hope is why Bitcoin is down to 35% market share. However, I have not seen the evidence for it yet, and I would not dilute my portfolio over 1000+ assets (as some friends have) in the hope that one of them will hit the crypto jackpot.

11 Essential Security Practices to Keep Your Bitcoin Safe

The recent explosion in the price of Bitcoin and other cryptocurrencies has inspired me to start a new hobby: helping people recover lost Bitcoin wallets.

As might be expected of early adopters in an anonymous Internet cryptocurrency, many of my customers are information security professionals. It seems that many of them set up so many security measures that they locked themselves out of their Bitcoin. On the other hand, I’ve also heard from many more people who lost their Bitcoin or had it stolen because they either did not follow basic security practices or followed them without understanding their implications and also lost their coins. The inherent balance in information security is that you need walls in place to protect against threats, but the walls you put up to protect yourself can lock you out if you forget your way in.

I, therefore, want to suggest a list of steps that you can take right now to secure your crypto stash. These measures should be both comprehensive enough to keep you safe without being so complicated that you will be locked out of it, or tempted to disable security altogether.

1: Store your wallet seed somewhere safe.

People come to me when they lose their Bitcoins any number of ways, but the one common element in their stories is that they failed to save their recovery seed. Most modern wallets ask you to save your recovery seed/mnemonic phrase somewhere safe when you set up your wallet. You can keep it in a safe place (such as an actual safe) or an encrypted flash drive (I use Veracrypt). Triple-check both the words and the word order, as one person I worked with wrote down his seed incorrectly and lost all of his coins.

2: Use a hardware wallet — or a strongly encrypted software wallet.

A hardware wallet (an electronic device dedicated to storing Bitcoin) such as a Trezor or Ledger is the safest place for your Bitcoin. Read my Trezor review on Amazon to understand the pros and cons of using one.

If you don’t use a hardware wallet, use a wallet which supports strong encryption. The JAXX wallet, for example, can be easily hacked and your coins stolen. I use the Electrum wallet, which allows me to encrypt my wallet file.

3: Encrypt your hard drive.

Encrypting your whole hard drive is essential if you don’t want anyone with physical or virtual access to your computer to be able to extract all of your data. Modern versions of Windows and Apple iOS make this easy.

If you have a Mac, encrypt your hard drive with FileVault. If you have Windows, you can use BitLocker to do the same thing. Personally, I do not use Windows to make any Bitcoin transactions because securing the operating system is too cumbersome, specifically because of the steps below.

4: Set a firmware password.

Apple computers allow you to set a firmware password which prevents your computer from being accessed without your password or using an external device. This is an additional security measure which makes your computer a lot less useful to thieves as it requires a visit to an Apple store and a proof of purchase to reset it. While older Apple computers had some simple workarounds to disable the firmware lock, modern ones are much more difficult for criminals to unlock.

5: Automatically lock your computer when you’re away.

Hard drive encryption will not help you if someone installs a keylogger when you’re away from your keyboard. Set your computer to auto-lock after a few minutes AFK.  Mine is set to auto-lock after five minutes

Here are instructions for Windows and Mac. I also have a “panic button” via a Touch Bar customization which locks my screen on command. I use it whenever I walk away to get coffee, go to the bathroom, etc.

6: Disable automatic login.

Locking does no good if your computer logs in as you when you turn it on. Make sure auto login is disabled.

7: Use a password manager.

I use the password manager LastPass to store the over 600 passwords of every service I use. I generate a new, strong password for each service I use it with it.

LastPass will offer to suck in and audit all your passwords. My score is not great because, like everyone else, before LastPass, I used the same password for most sites before I started using a password manager. LastPass passwords are encrypted using a master password, which for me is a quasi-random list of words which I don’t use for any other purpose.

However, even if someone gained access to my LastPass credentials, they would not access any of my important services because I also use the following step.

8: Enable multi-factor access.

I use LastPass Authenticator in combination with other passwords to access all my important accounts. The LastPass Authenticator iPhone app works with the LastPass Chrome extension to auto-enter credentials for many sites. Multi-factor authentication apps work by cycling a code every 30 seconds which must be entered in addition to the password to access a service. For some services, I also have a physical security token (my Trezor wallet does this, but most people use a YubiKey) which must be physically plugged into my computer to access a site.

9: Keep your computer up to date.

Mac OS had a nasty root access bug a few weeks ago. Keep your OS up to date to protect against the latest threats.

10: Use private, offline mode for sensitive operations.

I occasionally need to create a paper wallet or perform other sensitive operations in my web browser. This has two risks:

  1. The web page may have malicious code which leaks my keys.
  2. One of my browser extensions may have malicious code (this happened to me a few month ago).

To work around both of these issues, I perform security-critical operations in an Incognito Chrome window. Incognito disables extensions unless you specifically whitelist them.

Furthermore, I perform any paper wallet operations with ethernet/Wifi disabled. This prevents malicious code in the wallet from secretly sending your Bitcoin keys to a third party. I then completely quit my web browser before going back online. I also download any browser-based crypto software directly from GitHub rather than random websites.

11: Setup automatic backups.

I’ve set up my MacBook for triple-redundant encrypted hourly backups with Apple Time Machine. This is not nearly as easy with Windows. CrashPlan (available on Windows and Mac) allows encrypted backup to local storage devices. Windows has a built-in backup app, but it’s not nearly as simple or powerful as Time Machine.

While this is not strictly security advice, automating your backups is important from a security perspective. I’ve noticed that people who are not 100% confident in their backups tend to backup important files over flash drives, work computers, email, DropBox, and other services where it is at risk of theft. Some of my clients thought they’d backed up their wallet, but couldn’t figure out which of the 10 flash drives they had actually held their Bitcoins years later. A complete system backup will allow you to restore both the wallet file and the software you used to open it.

Reposted from Vellum Capital

How to protect yourself online, no matter your security needs

Almost every week, it seems that there is some kind of major security breach. Whether celebrity nudesthe social security numbers of the majority of Americans, or a Bitcoin heist, it seems that our private data is under constant attack.

The Internet and your co-workers are full of advice: put a sticker over your webcamdisable Flash/Java in your browser, encrypt your drives, delete your Facebook account, cover your hand while using the ATM, get a burner phone, pay for everything with cash, start wearing a tinfoil hat to protect against the NSA’s spy rays, etc.

The reality is that as more and more of our lives become digital, information security becomes increasingly important. Many bad things can happen when your privacy is breached: from finding out that you have a boat loan that you didn’t know about to having your naked photos all over the web to being thrown in jail because the government doesn’t approve what you have to say. It’s important to take appropriate measures to protect yourself, but what is appropriate for you really depends on the kind of secrets you have to keep and the kinds of threats you need to protect against.

Let’s consider three people who care about their privacy, and steps they should take to keep their stuff private:

Lisa Monroe

Lisa Monroe lives in Madison, Wisconsin. She is a college student with a part-time job.  She just got her first credit card, and just started going steady with a boyfriend.

Lisa doesn’t have many secrets to keep, but she is worried about fraud to her credit and debit cards and the naughty pics she trades with her boyfriend Brad.

To keep her finances secure, Lisa signed up with the free app WalletHub to keep track of her credit score and uses Clarity Money to monitor her spending and make sure there are no unauthorized charges.

To keep her private photos private, Lisa only sends them using Snapchat, which prevents photos from being saved and notifies her if someone takes a screenshot. She also has enabled a passcode on her iPhone, which she knows is automatically encrypted, so that thieves can’t access her information if it’s lost.

Lisa also uses a password manager, LastPass, which generates a random unique password for every account she keeps so that when the buggy website her college uses is hacked, the stolen passwords can’t be used to login to her bank account.

Andrew Stephens

Andrew Stephens lives in a penthouse facing Central Park in a Manhattan high rise. Andrew was a construction worker when he purchased 1,000 Bitcoins on a whim in 2012. They are now worth $7.2 million, allowing Andrew to massively upgrade his lifestyle. Andrew is obviously worried about the security of his Bitcoin stash, but he’s also concerned about unauthorized transactions on his American Express Platinum card from that club he gets bottle service at. He likes to go diving in Cabo San Lucas and doesn’t want his wealth to leak out, lest he is held for ransom.

Like Lisa, Andrew uses WalletHub, LastPass, and has a security code on his iPhone.

To keep his Bitcoin stash secure, Andrew stashes it on a Trezor. He encrypts all MacBook and Time Machine files using FileVault.   He uses multi-factor authentication with LastPass Authenticator to sign in to his email and bank accounts.  To monitor his financial status, he uses Personal Capital, where he tracks spending on all his accounts.   He uses a YubiKey physical security token to log into his MacBook and lock it when he steps away, so that criminals cannot install a keylogger on it when he leaves it at home or in a hotel room.

Andrew is investing in a Hong Kong startup making an ASIC cryptocurrency miner. When he goes to China, he uses a phone and cheap laptop that he keeps just for travelto protect against both Chinese industrial espionage and the TSA. He wipes the phone and laptop clean just before boarding his flight back to the USA.

Andrew’s home is protected by a home security system with remote cameras he can access anytime.

Zhao Gong

Zhao Gong Li lives in Beijing, China. She works as a lawyer who represents people defending themselves against government-backed property development companies who try to take their family plots without proper compensation. She is worried about the local police ransacking her home to find or plant incriminating evidence as well as spying on her Internet activity to spy on her communications with her clients. Zhao is helping a European NGO to produce a documentary about illegal land seizures in China and does not want the government to find out about her involvement.  She also needs to access the Internet outside China’s firewall for her research.

Zhao’s router is an RT-AC86U router running the Asuswrt-Merlin custom firmware. Whenever she wants to go online, she firsts connects her router to a private VPN service that she pays for with Bitcoin. Zhao keeps all her data on an external hard drive that she encrypts with VeraCrypt. She copies the hard drive at her friend’s apartment once a month in case it is confiscated, and keeps it in her purse at all times. Zhao has a Windows laptop, but the operating system on it is just a decoy used for personal entertainment. She has a tiny encrypted Ubuntu Linux USB flash drive in her makeup case that is her work operating system.

Zhao’s web browser has the extensions HTTPS Everywhere, AdBlock, and ScriptSafeto protect against malicious websites hijacking her computer. She covers up her webcam and the microphone port on her computer.  When she visits her clients, she turns off her smartphone and uses a burner phone with an anonymous sim card she replaces monthly from a street vendor.   Like Andrew and Edward Snowden, Zhao uses the Signal for messaging.

As you can see, your security needs depend on the threats you need to protect against.  Find a balance between security and convenience that is appropriate for your life.  Trying to implement too many security measures will create a lot of extra work and frustration and tempt you (or your kids or employees) to bypass the protections entirely.  Nevertheless, there are some common steps that apply to everyone.  Use a device that is encrypted by default (such as the iPhone) with a long passcode.  Use a password manager to avoid reusing passwords.  Don’t share confidential information (or photos) with people who you don’t trust.    Monitor your financial status.  A few simple steps will protect from becoming yet another victim of the most common online security threats.

Originally published on FEE.org

Three lies the government is telling us about why it wants to backdoor our security

 
First, the US government works against the security of businesses. Just this week, I had to tell Apple that my iPhone app did not have certain kinds of encryption that the U.S. government has export control on. Encryption export controls cripple the security and innovation of software products made by American businesses.  
Furthermore, the U.S. government hoards software exploits so it can hack into your computer rather than publish them that so companies can patch their products.  The NSA intentionally sneaks weaknesses into protocols and bribes businesses to add holes to security products so it can steal the data of their customers.
When businesses want to improve the security of their products, they offer rewards for exploits – Microsoft pays up to $250,000 per exploit, Facebook has paid $40,000, and so on.  The NSA purchases millions of dollars of exploits from hackers, and uses them to spy on the entire world, including U.S. citizens.  Unfortunately, the NSA is incompetent at keeping secrets, so it lost their exploit database and caused millions of computers to be infected and hijacked with the exploits they hoarded.
The hardware and software pieces of both the Internet and individual user’s computers are made by private companies.  There is nothing the U.S. government can do to improve “cybersecurity” other than prosecuting criminal behavior.  However, the U.S. government prosecutes a minuscule proportion of cybercrime.   Whether it is unable or unwilling to punish criminals, the reality is that the only “cybersecurity” that the government cares about is its ability to conduct surveillance and attacks on foreign and domestic political targets
 
Second, the idea that “strong security” is compatible with a government backdoor is a lie. Any security expert can tell you that a backdoor leaves your product vulnerable, even if you trust the government agency with the key. Previous backdoors advocated by the US government have been blown wide open by security experts.  There is near-universal agreement among security experts than government backdoors and security are not compatible – a reality than the DOJ continues to ignore.
 
Third, it is not true that the government wants to weaken American’s security to protect against crime or terrorism. Their real motivation has always been power and money: they want to monitor the flow of information in order to prevent people from hiding their wealth and use their secret keys and vulnerability stash to intimidate and blackmail other countries into compliance with U.S. policies.  This is why the U.S. intelligence budget of over $75 billion dollars did not prevent most American’s personal details from being leaked, but U.S. citizens who do not report foreign bank accounts (under FACTA) can be fined $250,000 or 5 years in jail even if they have never stepped foot in the USA.

Apple’s environmentalist bragging misleads the public

Apple has published a Paper and Packaging Strategy whitepaper in which it brags about eliminating a few grams of paper and plastic from iPhone product packaging and announces technological innovations in eliminating plastic and replacing it with robust wood-derived packaging.  While Apple should be commended for their leadership in this space, Apple’s environmentalist messaging is nevertheless dishonest both in regard to Apple’s overall priorities and many of their specific claims.

Missing the forest for the trees

While Apple brags about eliminating a few grams of paper from its product packaging, it often forces consumers to throw devices in the dumpster prematurely by making them very difficult to repair or upgrade.  These computers and phones are made from precious and rare materials that cost much more than cardboard to procure, not only in terms of raw material cost but also the environmental impact of manufacturing and the human labor involved in processing all the components into a finished product.   Apple chooses to build its products in a way that makes upgrading them impossible, even though it could easily, and in fact used to be far more accommodating to customers who prefer to upgrade their electronics rather than replace them wholesale.

Apple’s shift toward non-upgradable, non-maintainable products

Let’s take my own Apple product history as an example:

My first Apple purchase was a 2008 Unibody MacBook.  Over the next five years, I upgraded the memory from 2GB to 6GB, and replaced the slow spinning hard drive with a solid-state drive.  I replaced the battery (3x), the power adapter (3x), the speakers, and the DVD drive.   In late 2013, I replaced my aging MacBook with a new Retina MacBook Pro.  It has non-upgradable hard drive and memory that is soldered to the mainboard, the battery is firmly glued in place, the display assembly is bonded into a single unit, and proprietary pentalobe screws discourage me from opening it at all.  I replaced that computer in 2016, only three years later because I had filled up the hard drive and decided to upgrade to a new computer.   My new, maxed-out MacBook Pro with Touch Bar cost just about $3000.

Of course, I don’t really need a new $3000 computer.  I could have gotten along just fine with something much cheaper.  Nevertheless, that $3000 represents a significant investment in raw materials, energy, human labor, and of course human ingenuity from the brilliant engineers in Cupertino.   There is nothing wrong per se with buying the latest and greatest Apple gadget, but if Apple had invested a minimal amount of its research into retaining upgradable storage, I could have kept my previous model for several more years.

Recycling is not the panacea that Apple presents

I am just one case of millions who contribute to e-waste caused by non-upgraded and difficult to repair products.  While Apple celebrates recycling, the reality is that 60% of e-waste ends up in landfills, and even when a product is recycled, most of the energy and material resources used to create it cannot be recovered.

Only a fraction of the materials in a typical gadget can be recovered, and it is just as likely to end up in a landfill somewhere in Asia or Africa.  Separating electronics and other kinds of consumer waste is highly labor intensive, with thousands of different kinds of plastics alone.  This is why the majority of recycled material is sent to China, which does not have minimum wage laws that make recycling unprofitable in Western countries.

The real reasons why Apple products are non-upgradable

Apple has legitimate business reasons to force customers to buy expensive new hardware on a regular basis rather than allow them to keep upgrading and maintaining it.  Obviously, buying a new product directly from Apple more frequently results in better profits.  There are other good reasons why Apple might want a shorter product cycle:

  • Newer products provide a better user experience, one which consumers experience during the life of the product, as opposed to the one-time expense of buying.
  • Non-upgradable, non-maintainable products are cheaper to manufacture and easier to support since Apple does not need to carry replacement parts, train its staff, or worry about old or odd hardware configurations.
  • In some cases, non-upgradable products can be made smaller, since modular components add bulk — though Apple sometimes makes components non-upgradable even when there does not seem to benefit from miniaturization.
  • Apple makes more money selling entire devices than parts:  parts for upgrades are often made by third parties and repairs are often performed out in cheaper repair shops rather than Apple stores.

Apple misleads about it’s “green energy” usage

Another egregious misleading claim from Apple is that its data-centers are powered by “100% green energy.”  First, 70% of the energy used by a typical laptop is consumed during its manufactureAccording to Apple itself,  only 17% of the energy used for its devices come from product usage.  The rest comes from manufacturing, transporting and recycling.

What’s worse is that Apple’s claim that 100% if the energy used to power data centers comes from renewable energy simply isn’t true.  As Don Carrington writes in Carolina Journal, “California-based Apple promotes its 500,000-square-foot data center in Maiden, N.C., by saying it runs “100 percent” on renewable energy even though the facility continues to get all of its electricity from Duke Energy, a public utility that primarily generates electricity using coal, nuclear power, and natural gas.”

As Alex Epstein explains,  Apple pays other energy users who derive a fraction of the energy usage from renewable energy to “credit” their renewable consumption to Apple.   For example, a factory which gets 5% of its energy from wind power will “credit” that wind power to Apple, and Apple credits some of their coal-powered data center usage to the factory:

Apple’s flagship data center in Maiden, NC, for example draws from the local Duke Energy grid with 51% nuclear power, 38% coal power, and less than 1% renewable sources in 2014, according to the latest report by Apple.

The average percentage values for the local grid power available to Apple’s data centers as disclosed in the report for 2014 include 34.8% coal, 22.3% natural gas, 18.3% nuclear, and only 10.6% renewables

This kind of twisted accounting is a fraud is only acceptable in environmental impact statements and government budgets.

The policy impact of misleading claims on the environment

Despite the above criticism, I am a loyal Apple customer and plan to keep using their products.  I also think that Apple has legitimate reasons for intentionally crippling the upgradability of their products.   Furthermore, Apple devices are highly durable and enjoy a rich repair and reuse ecosystem independent of Apple’s support or sanction.  Even completely broken Apple laptops and phones can be resold for hundreds of dollars because third parties have created their own repair tools and parts, and small shops in developing countries are happy to fix and resell your broken iPhone.

Apple is welcome to make its products in any way it chooses, but its messaging is dishonest and misleads the public about broader policy issues.  Specifically:

  • Apple, like all other manufacturing industry, currently depends on non-renewable energy such as coal, nuclear, and natural gas.  We are much farther from a fully renewable economy than Apple’s messaging seems to suggest.
  • The majority of the energy usage of electronic goods happens during production, and recycling does not recover any of the energy used to make a product or the majority of its raw materials.  Furthermore, recycling is not nearly as comprehensive or efficient as the public believes.
  • Apple can be actively hostile to consumers ability to repair their products.  For example, it does not publish repair manuals and makes repairs more difficult with proprietary screws.   Even worse, many companies use copyright law to prevent consumers from being able to share repair manuals or device firmware.
  • Human labor is one of the major ingredients of high-end electronics, and recycling not only fails to recover it but adds to the labor cost of products.

If Apple really wants to lower its environmental impact, it should encourage reuse rather than just recycling of its products and contribute to an honest discussion of energy usage.