You Should IGNORE Most Security Advice (w/ Henry from Techlore)
Summary
TLDRВ видео скрипте Джош из All Things Secured встречается с Генри из Techlore, чтобы обсудить вопросы безопасности и конфиденциальности данных. Оба эксперта делятся своими взглядами на выбор инструментов и стратегий для защиты личной информации. Тематика включает в себя обсуждение 2-факторной аутентификации, VPN, парольных менеджеров и важность постоянного обновления знаний и методов защиты. Женри делится своими инициативами, включая курс 'Go Incognito', а также обсуждается влияние местных условий на выбор безопасности, что особенно актуально для людей, находящихся в разных странах.
Takeaways
- 😀 Генри из Techlore и Джош из All Things Secured обсуждают важность цифовых прав, конфиденциальности и безопасности.
- 🔒 Джош выражает уважение к Генри и его работе, подчеркивая влияние канала Techlore на сообщество.
- 📢 Обсуждается эффективность различных средств связи, включая Signal и его функции, которые могут быть как полезными, так и негативными в некоторых ситуациях.
- 🔑 Генри и Джош обсуждают использование 2FA-ключей от Yubico и их значимость для безопасности учетных записей.
- 🌐 Обсуждается важность постоянного обновления и совершенствования в области безопасности и конфиденциальности, а также непрерывного изучения новых инструментов и технологий.
- 🤔 Важность 'эволюции' угрозной модели и адаптации к ним, включая изменение географического местоположения и изменение предпочтений в выборе инструментов безопасности.
- 🛡️ Дискуссия о роли маркировки и брендинга в оценке новых продуктов и услуг, а также о том, как это может влиять на доверие и выбор пользователей.
- 📱 Обсуждение использования второго телефона для 2FA-кодов и альтернативных номеров для более высокого уровня безопасности.
- 🔗 Генри делится своими критериями оценки новых продуктов, включая открытый исходный код, обновления безопасности, репутацию команды и долгосрочную стабильность.
- 🔍 Джош подчеркивает значимость критической оценки новых сервисов и необходимость предоставления резервных предположений при рекомендации новых продуктов.
- 🎥 Обсуждение о том, что каналы, такие как Techlore и All Things Secured, продолжают искать новые и интересные способы обеспечения безопасности и конфиденциальности для своих аудиторий.
Q & A
Какое количество лет Henry работает в области цифровых прав, конфиденциальности и безопасности?
-Henry работает в этой сфере уже почти 10 лет.
Какой тип медиа Henry считает наиболее подходящим для установления контакта с аудиторией?
-Henry считает, что подкасты и YouTube-каналы особенно хороши для установления контакта с зрителями, так как они создают ощущение интимности и близости.
Какой спонсор поддержал этот лайв-стрим?
-Этот лайв-стрим поддерживается компанией Yubico, которая специализируется на 2-факторной аутентификации.
Какой тип устройств Yubico предлагает для своих 2FA ключей?
-Yubico предлагает 2FA ключи с различными типами подключений, включая USB-C и Lightning.
Почему Henry предпочитает использовать YubiKey для аутентификации?
-Henry считает YubiKey более эффективным и удобным для использования, так как он может просто коснуться ключа, который всегда подключен к его ноутбуку.
Как Henry подходит к выбору VPN для использования в разных странах?
-Henry изменяет свой подход к выбору VPN в зависимости от страны, в которой он находитесь, учитывая местные условия и необходимость обхода определенных ограничений.
Какую рекоммендацию Henry дает по поводу использования Password Managers?
-Henry рекомендует выбирать Password Managers с учетом их функций, безопасности и того, насколько они подходят для индивидуальных потребностей пользователя.
Какую позицию Henry занимает по поводу использования SMS для 2-факторной аутентификации?
-Henry считает, что использовать SMS для 2-факторной аутентификации не очень хорошо, и предпочитает использовать физические ключи или другие более безопасные методы.
Как Henry считает, что пользователи должны подойти к выбору мессенджера с учетом конфиденциальности?
-Henry рекомендует выбирать мессенджеры с учетом их функций по защите конфиденциальности, например, Signal, который предоставляет высокий уровень защиты метаданных.
Какую рекоммендацию Henry дает по поводу использования новых сервисов в области безопасности?
-Henry рекомендует подойти к новым сервисам критически, изучить их безопасность, команду, стоящую за продуктом, и не торопиться переключаться на них без достаточных оснований.
Как Henry подходит к обучению в области конфиденциальности и безопасности?
-Henry создал курс под названием 'Go Incognito', который является подробным источником знаний о конфиденциальности и безопасности и постоянно обновляется.
Outlines
🤖 Вступление и представление
В видео скрипте Джош из All Things Secured встречается с Хенри из Techlore для обсуждения вопросов, касающихся цифровых прав, конфиденциальности и безопасности. Оба являются владельцами YouTube-каналов, на которых они делятся своими знаниями и опытом в области безопасности. В этом разговоре они обсуждают различные аспекты кибербезопасности, включая использование VPN, 2FA-ключей, парольных менеджеров и многое другое. Также упоминается подкаст 'Surveillance Report', который они ведут с Нате.
🔒 Основы кибербезопасности и личная модель угроз
Джон и Хенри обсуждают, что нет универсальных решений в области кибербезопасности, и каждый должен выбирать инструменты в зависимости от своих потребностей и угроз. Они затрагивают тему использования VPN, 2FA-ключей и парольных менеджеров, а также важность периодической проверки и обновления паролей. Обсуждается, что выбор инструмента зависит от личной модели угроз пользователя, и что идеальным решением является то, которое пользователь готов и способен использовать.
🌐 Обсуждение географического влияния на выбор безопасности
В разговоре подчёркивается, что выбор инструментов безопасности может зависеть от местоположения пользователя. Хенри делится своими впечатлениями о том, как различные страны, в которых он прожил, влияли на его предпочтения в выборе VPN и других инструментов безопасности. Также затрагивается тема того, что инструменты, идеально работающие в одной стране, могут быть не самыми лучшими выборами в другой.
🔑 Использование и преимущества 2FA-ключей от Yubico
Джон и Хенри обсуждают преимущества использования 2FA-ключей от Yubico для дополнительной защиты аккаунтов. Упоминается скидка, доступная для зрителей, и то, как физический ключ может предотвратить доступ несанкционированных лиц к аккаунтам, даже если они войдут в систему через скомпрометированный канал.
📱 Обсуждение специфики использования Signal и других мессенджеров
В разговоре затрагивается тема использования Signal и других мессенджеров с учетом их конфиденциальности и безопасности. Обсуждается, как функции Signal, такие как требование номера телефона, могут быть как полезными, так и негативными в зависимости от ситуации. Также упоминается альтернативный мессенджер Briar, который предлагает анонимность без центрального сервера.
🛡️ Критический взгляд на новые сервисы и их проверка
Джон и Хенри выражают важность критического подхода к новым сервисам безопасности, подчёркивая необходимость изучения их команды, долговечности и надежности перед тем, как рекомендовать их широкой аудитории. Обсуждается важность избегания преувеличенного маркетинга и предоставления объективной информации о новых продуктах.
🔄 Динамическая природа кибербезопасности и необходимость обновления
В разговоре подчёркивается, что выбор инструментов безопасности и применение методов защиты является динамичным процессом, который должен быть в курсе с изменяющимся технологическим ландшафтом. Обсуждается иллюзия стабильности и необходимость периодической переоценки выбранных инструментов и методов.
🏢 Вызовы и критерии выбора инструментов безопасности для бизнеса
Джон делится своими критериями оценки новых инструментов безопасности, которые включают в себя проверку долговечности продукта, открытости исходного кода, регулярности обновления безопасности и многое другое. Также затрагивается тема важности избегания маркетинга и предоставления объективной информации о новых продуктах.
🔄 Обсуждение постоянных изменений в выборе VPN и других сервисов
Хенри и Джон обсуждают, что выбор VPN и других сервисов безопасности подвержен изменениям. Упоминается, что даже если пользователь выбрал определенный VPN, это не означает, что он должен использовать его вечно. Важно следить за обновлениями и изменениями в сервисах для выбора лучшего варианта.
📚 Обзор и ожидания обновления курса 'Go Incognito' от Хенри
Хенри делится своими планами по обновлению своего курса 'Go Incognito', который является подробным руководством по безопасности и конфиденциальности. Он рассматривает возможность выпуска второй версии курса с учетом изменений, произошедших в области безопасности за последнее время.
🤝 Заключительные слова и благодарности
Джон и Хенри заканчивают разговор, выражая благодарность зрителям за их участие и интерес к обсуждаемым темам. Они также благодарят Yubico за партнерство и поддержку их мероприятия, и поддерживают идею оставления вопросов и обсуждений в комментариях после завершения видео.
Mindmap
Keywords
💡цифовые права
💡конфиденциальность
💡безопасность
💡YouTube каналы
💡VPN ресурсы
💡2FA ключи
💡личная модель угроз
💡облачные сервисы
💡открытое программное обеспечение
💡аутентификация
💡энкрипция
Highlights
Henry from Techlore introduces himself and his work in digital rights, privacy, and security spanning almost 10 years.
Josh appreciates Henry's podcast, Surveillance Report, and discusses the connection that podcast medium offers to listeners.
Sponsorship by ybio is mentioned, emphasizing the importance of 2FA keys for online account security.
The complexity of giving security advice is discussed, highlighting that solutions often depend on individual circumstances.
Henry explains his personal approach to security and privacy, focusing on understanding the purpose of each tool or service.
The conversation delves into the nuances of password management, discussing built-in vs. third-party managers and the trade-offs involved.
Josh and Henry agree on the difficulty of providing security advice within the constraints of video content and varying audience needs.
The importance of understanding one's personal threat model is highlighted, with the acknowledgment that it is unique and evolves over time.
The impact of location on security practices is discussed, with different countries requiring different approaches.
Henry talks about the challenges of evaluating new security tools and the criteria he uses to assess their value and trustworthiness.
Josh shares his experience with recommending security tools, emphasizing the need for long-term sustainability and reliability.
The discussion touches on the importance of data portability and the challenges of being dependent on a single ecosystem or service.
The benefits of physical 2FA keys like YubiKeys are praised for their convenience and high security.
Josh and Henry explore the idea of privacy and security being situational, with different solutions being optimal for different individuals.
The conversation concludes with a Q&A session, addressing questions from the audience about specific security tools and practices.
Transcripts
- This is Henry from Techlore.
My name's Josh with All Things Secured.
Henry, thank you so much for joining us, man.
Where like, you wanna do just a
brief introduction to yourself?
- Yeah, so I'm Henry from Techlore
and I've been working in digital rights, privacy
and security now for almost 10 years,
which is kind of crazy to say.
And I have a YouTube channel similar to Josh's,
which talks about very similar concepts.
And so yeah, we also have a forum.
We do some direct coaching with certain clients
and we have a couple open source projects
and we have some VPN resources and stuff on our site.
So just dabble in a lot of different things.
Oh, and you, you definitely seem to like the podcast I do
with Nate, which is Surveillance Report,
which is our weekly news.
That's what I've heard you talk about the most. I think so.
- Well I, I think it's something about the podcast medium
that really like helps you connect with somebody.
Like even, even the YouTube medium.
Sometimes I feel like when I'm watching on TV it's, it's
that person's over there, I'm over here.
But with podcasts you're like, you're like in my head.
So yeah, I,
I think you guys do a great job with the Surveillance Report.
I've been a huge fan of Techlore for a long time,
so if you have not seen or
or you know, yeah, been on that channel,
you can find everything with Henry here at Techlore
for the YouTube channel.
He talked about that forum, which is fantastic.
It discuss Techlore tech
and of course he's got his websites both personal
and the Techlore side.
So if you wanna go check those out.
I also wanna make sure that everybody knows
that this podcast
or this podcast, I feel like I'm gonna podcast now
that this live stream is, is being sponsored by ybio,
which you guys have heard me talk about this a lot.
For those of you who are coming from the Techlore side,
I have no doubt that Henry,
or that you guys are familiar with 2FA keys.
I actually went out and visited the Ybio offices in Sweden
last year and really got to enjoy meeting their,
their founders, their current president
and just a lot of the team they've got, I I, I've loved
what I've seen and but not more than that.
I've used a UCO key for many years
and I think that they are probably,
aside from a password manager, one of the best things
that anybody can do for their, for their security,
for at least their online accounts.
So if you don't have a key, you can go
and there's actually gonna be a link.
I think it's all things secure.
Do, oh I think I have it over here.
Lemme just pull this up right now just so
that we've got that.
There's the, you can get a $5 off any of their keys,
all things secure.com/ub five off and,
and you'll be able to get one of those keys if you don't
have one or if you need to go grab a backup.
Alright. So with that out of the way Henry, I,
one of the things what, like we've been, this is a long,
long time coming in the collab that we've, you know,
that we're doing here.
And I like when I was sitting down trying to figure out,
hey, what would be the best thing for us to talk about?
I think the thing that came coming that kept coming up
to my mind is like this phrase you
and I both have used, I've heard you use it
so many different times
and I've used it as well, which is this phrase, it's just,
it depends, like you
and I get questions all the time from people
and they're asking some kind of security question
and the answer unfortunately is not just this black
and white, here's what you should do,
here's what you shouldn't do.
It ends up being like this.
It depends, which can be both frustrating and
and helpful in different ways.
I'm, I'm curious for you personally,
before we jump into like all these other things, like
for you personally, how do you view what you do
for your personal security and privacy and like the lens
and the rubric
through which you make those kind of decisions?
- Yeah, first it depends. Always kind of sucks to hear.
'cause I know that people just want a simple answer
and there really is nothing in the world
that I feel like has very many simple answers.
And so when people ask me something, should I use A VPN?
It's like, well if they came to me
and said should I buy a hammer?
I'd go, well, it kind of depends. Why do you need a hammer?
What are you gonna use it for?
What's the purpose of purchasing it?
And then we can go from there.
And it's the same thing I think with
what we recommend and do.
I think that there's very few things I can just outright
suggest to everybody
because there's always going to be somebody
who doesn't align with that advice.
And it's also, I'm sure you deal with this as well,
we make content
and we talk about things for thousands if not hundreds
of thousands of people.
So when we produce something
and give advice, we can't just give advice
and say everybody needs to do this
because you can't guarantee that hundreds of thousands
of people will be on that same page.
So it has to be nuanced, there has to be some, it depends.
And on my end I definitely look at it through
what are the things that I'm concerned about.
So any time I ask what device should I buy,
what services should I use, what software should I decide
to implement into my daily workflow?
It normally comes from a place of, okay,
well why am I getting this in the first place?
What's the purpose of it?
Does that purpose agree with the things
that I'm concerned about in my life?
And then from there I go, well
what are my options within this little bubble
of things that I'm trying to do?
So for example, a big concern of mine is making sure
that my passwords are a kept up to date.
They're also secure passwords
and also they're things
that aren't gonna be reused easily across websites.
So what are my options here?
I can use my built in password manager on my operating
system, I can use a third party password manager,
but now that introduces a second party I have to trust.
If it's a smaller organization, then I have
to rely on their security infrastructure
and maybe lack of proper security team.
If it's a larger one, they have more funding behind it,
but maybe they're putting too much money into marketing,
so maybe it makes more sense
to actually roll my own password database.
And that's actually what I opted to do.
So I use key password, my password manager,
but it really just depends on what I'm going for.
And then now you start implementing
that password manager into your workflow
and it goes, okay, well do I need a
password manager on every device?
Does it need the cloud sync?
What features will I utilize in my password manager?
Which clients, 'cause KeyPass has different clients on
every operating system.
Which client will I go with? Is it being frequently updated?
Does it integrate with the features I need?
So it's a very nuanced thing
and that's just a password manager.
There's dozens if not hundreds of different security
and privacy tools out there.
So Yeah.
Does that help just at least break down how difficult it is
to like do that for thousands
of people somehow in an eight minute video?
- I know, I know. And and yeah, so true.
Like I think the, the, the thing
for me is it's like there are best practices, right?
That, that it feels like everybody should be doing.
And then there are, you know, kind
of these like gray area things,
but even within the best practices,
like you're saying like I think one
of the best practices is hey, you need
to be using a password manager.
But within that, like there's just, okay, well do you host
that vault in the cloud?
Do you have to self-host, you know, does it sync?
Like do you store all
of your passwords in that password manager?
Do you salt your passwords
or what I call a double-blind password?
Like there's, there's all these within even the,
the easy answer where it's like the easy answer, yeah,
sure you should use a password manager,
but within that, now we've got this, this branch
of 20 different options that that, that run the gamut of
hey, you know, just a person that needs to have a better,
you know, stronger password, right?
And so for them using Google Chrome to store their passwords
and create password managers, maybe that's, that that's,
that's as good as they're gonna get for them and,
and their, you know, what their tech
savviness is all the way to the other end where, hey,
I'm hosting my own password manager, it's on my servers,
it doesn't sync in the cloud.
Like all of that type of stuff.
So I completely agree with you.
I think it, it makes it very difficult,
especially when we're dealing with attention spans,
which you know, on YouTube are, are very limited where I,
I do have eight minutes or less.
I mean I could do, I've got some videos that are longer,
but I can only really dive
so deep in those, you know what I mean?
- Right, right. Yeah, no, I agree.
It's definitely difficult.
And I think also what's tough, you don't always,
it's probably not always good
to constantly be nuanced though,
because in the context of friends
or family, they don't want me
to go on a one hour spiel about password managers.
They just want, they, they just want an answer.
What do I use? And I think sometimes that lack
of nuance is important
and that's something that like for people
who are already involved in this space,
probably tuning into this livestream
who are already involved in this community, they want
that nuance because they want to understand things better.
But I I, I don't think that the average person needs to
give a damn about this, honestly.
Like they shouldn't have to, like, they should just have
to worry about living their lives
and not deal with security, not deal with privacy.
And that should just be a default.
So that is the ideal world,
but that's not quite the one we live in.
- Yeah, I think that's a really good point.
Like I, I do, I I have started to answer with nuance
before with some friends and, and,
and they're like, they
stopped me and they're like, whoa, whoa, whoa.
Like what do you use? It's like, well I use this.
Okay, that's all I needed to know.
Like that's good enough for me.
If you use it then that's good enough for me.
But I'm sure that you have to deal with this too, Henry,
I get, I have to deal with comments in the videos of people
that are maybe frustrated that I didn't go into the nuance
where it's like, oh yeah, you use one password,
but you know, anything that uploads to the, to the cloud is,
is a terrible security idea.
It's like, well maybe for you I
I I'm not gonna, I'm okay with it.
- Right. And also I feel like the comment sections is always
hard because I feel like there are things
that make sense when you read them at first glance something
like the password manager, it's like, well yeah,
you don't want, in theory your password's accessible on
someone's cloud that can be broken into,
but that's not how it works, right?
Because the encryption iss done on the client side.
So actually it's still local in a way
because one password can't see what your passwords are.
So yes, there is a little bit of a handoff of trust,
but if you can trust the code that's running on your device
and you're trusting that everything's encrypted locally
before it touches the cloud,
then really it's just in transit.
Everything's fine in transit,
it's just on your devices where it's unencrypted.
Yeah. And so when you explain that to people then,
and for the record, I don't use a cloud-based password
manager, but I still don't think they're a bad option
for people because I think it's unrealistic
to expect the average person to have
to somehow manually sync their password manager every week
when they add or remove a password to change a password.
It's just, it conflicts.
'cause if we're gonna suggest people consistently like check
their password to make sure they're not breached
and when they are breached change them,
now you're also asking them
to manually change it on eight devices instead of
that being automatic, which is now making it harder for them
to have better practices. So
- Yeah. Yeah.
- I don't know if you probably deal with all
of these things as well in your life.
- Oh, 100%.
And I wish it was just password managers,
but it's like, it goes from password managers to 2FA keys
to, you know, you,
you name like even goodness don't even get me started on VPN
stuff where it's like they're, people are very,
very opinionated, especially if they're within the security
and privacy space.
And you know, I, I live overseas, for those of you
who don't know, I'm out in Asia, I've been out here
for many years with, in a couple different countries
and like my approach to some of that,
it actually changes depending on what, what country I'm in.
I think that's one of the things
that I was gonna ask you Henry and
and kind of really bring up myself is, you know, I I,
when I think of a personal threat model, a lot
of it is one very unique to you and,
and you know, your situation, it's built over time.
Like I know some people just wanna like know right now this
is what do I need to do right now?
It's like man, this is something
that's gonna take time for you.
It's taken time for me to build
and it's something that's constantly evolving, right?
Something that I used, you know,
before, I'm not gonna use maybe five years from now.
And perhaps it's something like skiff
because it goes out of business or perhaps it's
because there's, you know, another option
or something else that has come up
that I would much rather use.
And for me sometimes it has to do with, you know, location.
You know, when I was in China
that's different than if I'm in a southeast Asian country.
Henry, I was curious if you wanted to kind
of share any thoughts on when you are coaching somebody,
let's say if you're coaching somebody on this stuff
or you know, creating a video on it.
Like what are the questions that you are asking in order
to figure out what kind of threat model
and what what solutions would be best for that person?
- Yeah, well it's, it's tough
because not many of our videos
are really targeted towards like
answering the question for people.
And that's where we probably could be doing better I would
say is that a lot of our videos are just like,
well here's what it is.
Here's the information you need, period.
There is no, this is why you should be doing X, y,
Z tied to our videos.
'cause that's where it starts getting difficult to do.
And that's really where it's really hard to get into
that without, again, making mistakes
and saying things that don't apply to everybody.
And so it's easier to just give people the information
and give them the tools necessary
to make their own decisions on what to do.
And that's kind of how we do a lot of things.
But I would say there are a couple videos here
and there where it is very just, here's what you need
to know, here's what we suggest you do.
And normally in that context
it really is just really thinking through the kind of person
what their threat might be
and trying to make assumptions on behalf of them.
But normally there's always a giant asterisk
of if you have a specific country that you live in,
you need a specific feature,
then definitely just explore other options,
get advice from other people.
Don't just rely on us.
And I think that's also an important thing
to hear from somebody is don't just rely on us
because we might not have all the answers
for you, nor do we claim to.
And so make sure you take what we say,
hopefully it's helpful, make your own decision,
hear from someone else, see what they say maybe
or connect better with them.
And I think that's the best way to do it. Yeah.
But I don't know if you have a different
approach to it as well. No,
- I 100% I think, I think what you said,
I i I totally agree with.
I think, you know, I get Henry probably similar to you,
I get emails all the time from people that are like, Hey,
I'm in this particular situation, what should I do?
And you know, if, and,
and this is unfortunately an email
that I get more often than I'd like,
but you know, I get somebody, hey,
I'm in an abusive relationship
or I'm in a relationship where I feel like this person is
stalking me in some way.
The way that that they're going have
to set themselves up is different than somebody who's just
like, Hey, can I, can I have a little better security?
Or you know, hey, I just wanna be
a little more removed from big tech and Google
and all that stuff, which is different than, you know,
somebody who's an expatriate living in another
country like we were talking about.
And, and, and definitely even different than those
who are in positions of power or influence
because what you're trying
to protect is als is different sometimes.
And then, you know, so for like the abusive relationship,
you know, you, you might be trying to protect
even the GPS on your phone
or something of that sort, you know, which is, you know,
I'm not as, not quite as concerned about that
where I am right here.
And so like those, the situation really,
really does have a, a huge influence on the kind of solution
that, that you provide to any person that's reaching out
or asking for advice.
- Right. Totally agreed.
And so before I wanna respond to that, but
before I, I forgot to mention one thing previously you were
talking about how it constantly evolves
and I think that's one of my misconceptions
and maybe some people might disagree,
but I don't really see a finite line
because I think a lot of people think
that there's this definitive end mark of, oh,
I finally figured out, I figured out what to use.
I I have the perfect password manager, perfect browser,
perfect everything and it's all I'm gonna use for the next
50 years that I'm alive.
And that's just not normally how it works.
Even if you did in theory find the perfect thing for you,
which you probably won't and you will never find that,
but if you did things, change services, go outta business,
new services pop up, technology evolves.
And so it really is impossible in my eyes to kind
of have that perfect thing.
What you can do is do your best, see what's new,
make updates, change, just get better over time
as more tools become accessible,
as more information becomes accessible.
And as we learn more things as a community as well.
And it reminds me of health.
I I constantly make this analogy to health.
You're not going to just sit down one day
and go, this is the perfect diet for me.
This is the perfect exercise plan for me.
This is the perfect amount of times I need
to go see my doctor and check my,
my my vitals and everything.
And if I do this, I will live
to be the longest possible time.
No, it's an evolving thing.
You try a certain diet, see what you like, see
what you don't like, you make modifications,
you make improvements, you go, maybe I went too far,
I was starting to obsess
and it started becoming a mental thing for me
and I need to disconnect a little bit from that.
It's a constant push pull game and then that's just diet.
And then we head into exercise plans
and you might prioritize upper body, lower body aerobic.
You realize that you were neglecting your
strength in your back.
I'm a runner and I just realized a few weeks ago
that my upper back is just weak as hell.
I had someone helping me at the gym
and they were watching me do pull-ups
and they go, wow, you don't even engage your back at all
and you're just lifting yourself up with your arms.
And I go, I had no idea.
So yeah,
but what was the most recent thing you said though?
'cause I wanted to respond to that too.
The last thing you said.
- Oh, abusive partners and, and
- Yes.
So on this note,
I think a very common example of this is signal.
So signal, just to give people kind of the idea of
how a feature can both be beneficial and non-beneficial.
One of the reasons that I do believe
Signal uses phone numbers,
which people really complain about is a anti-spam.
And I think that's the number one reason,
but also it makes it easy to add people, right?
Signal is meant to be a one-to-one messenger that you use
with somebody else, you know, who you just met at the bar.
And when you do that, you don't want to have
to do this crazy nonsense to add them like Matrix
and Matrix has a lot of cool things going for it.
But to have to explain to someone, okay, you have
to choose a matrix client,
you gotta choose a Matrix home server, you gotta register
and my home server is probably
gonna be different than yours.
And then here's what you need to know about
how to use it properly.
People just wanna message you
and it needs to be taken care of by default.
And that's not to say both tools can't exist
and they don't have their place,
but that is something
that indirectly benefits everybody's security
because it's simple and it's easy to use on the other hand,
until recently, so now that Signal has dropped usernames,
you can actually hide discoverability
by a phone number now, which solves this issue.
Yeah. But as of two months ago,
it was really bad if you used Signal
because if you join Signal
and your abuser,
this is something I've talked about in the past,
your abuser has signal,
they'll be notified that you join Signal.
So that phone number requirement now works against you in
this very specific situation
and that is not a good thing for that one situation,
but in almost every other situation it's
not a terrible thing.
And so that's just one example of how a feature,
just one feature within an app can actually be detrimental
to your security that is now again,
resolved Signal has released usernames,
they also gave you the feature
to disable discoverability with your phone number.
So you can just turn that off in your signal settings.
Don't have to worry about that anymore.
But that's just one example
and we can probably find countless of these examples in tons
of different workflows where a feature's generally good,
but it's actually awful in another,
in another situation too. Yeah.
- So, well, and I, I tend to think too,
and this is something that I preach to those of my friends
that aren't necessarily like deep into the security
and privacy community, it's just like the, the best security
or privacy measure is the one that you're actually going
to use and do.
Right? You can, I can set you up with all this stuff,
but if you're not actually going to use it,
then what's, what's the point?
I mean, I'm, I'm still in the current,
I'm currently testing, it's been a while for me,
but it's taken a while like a graphene os phone
and it's, it's been fun.
I've enjoyed it, but I'm like, I'm still on that journey.
Like I can't, I still haven't been able to make
that switch away from my iOS app.
And part of that is because all of my family, you know, I,
I live overseas and so, you know,
my family's back in the United States
and I want,
I'm sorry I'm getting all these different comments from
people who are saying sound levels are off.
If that's the case, please let me know in the
comments, I apologize.
But anyway, like I, like I want to, that iOS,
iMessage going back
and forth has been really like, it's gonna be hard to give
that up and to try to get my mom to get on signal.
It's not that bad,
but like she's already, she's using iMessage
and it's like that's, it's really gonna be hard not
to that a point not do that.
Yeah, yeah, exactly.
- And you're also now burdening other people.
That's something that I'm also trying to navigate too is if,
if I have to increase my security
but it burdens the people around me
and it to net loss to everybody around me, is
that something I should be implementing in my life?
And so that's something that's tough as well
to always think about too is like how your privacy
and security journey is impacting the people around you.
And if it's too much of an inconvenience for them,
then it's probably not a net gain.
But on the topic of what you're saying too,
with friction points in the, let's say,
I think it's good though for people who are here
who are tuned into this podcast
or this live stream, sorry, that's all rights good for them
to, I think find what's too extreme.
Yeah. And just acknowledge that, try Linux,
try everything, have fun with it.
Try a custom ro see what it's like, see
what the limitations are and you'll learn something from it.
Definitely. You're going to learn something about installing
it, you're gonna learn how it works.
You're gonna learn why it doesn't work for you
or it might work for you,
but I'm sure you're learning now, well here's,
here are the five reasons why this,
this operating system doesn't work for me.
And now you, you kind of realize now,
well now I realize I have this dependency on a messenger.
Is that a good thing? Is that a bad thing?
And now you start asking these questions
and from there maybe it's less of I'm moving
to a different operating system
but it's less, it's more of I need to move
to a different messenger so that I am less tied
to this ecosystem.
And I'm not saying you necessarily should do that because,
but I'm saying in general, like that's
where my mind goes when I'm dealing
with issues like this as well.
And data portability is also just a big topic. Yeah.
In conjunction with this, I think.
- Yeah, makes sense.
Okay, so I wanna shift just a little bit, which first
of all, by the way, thank you to those
who left comments about my audio.
I had the wrong microphone actually set up.
So hopefully this sounds a lot better when,
you know there there's different ways to look at your,
you know, your your threat model And,
and for us as content creators or you know, influencers,
however you wanna look at it, I'm, I have
to look at it both from, you know, me personally, like
what I do and then I have to have like a separate model
for how I evaluate new software
that comes across my table.
Right? And I'm sure you're like this as well.
There's constantly something like, heck, I I could,
I could fill pages of things
that are people like, Hey, have you tried this?
Have you done this? Have you tried this software?
And I can't do all of it,
but I do have to like I do have to select some
and those have to go through somewhat of a, you know,
some kind of rubric to say, you know, do I,
will I trust this company?
Do is what they're doing, you know, valuable.
And, and so I'm, I wanted to know very selfishly from,
you know, my point of view from, for you like what,
what are the, the kind of the criteria
that you have when something new comes across your table
and you're having to evaluate whether
or not this is a useful tool
or a good company to be working with?
- Yeah, well I'll start with what's more public facing.
'cause we actually do publish criteria for our resources.
So if you go to ler tech slash resources on the very top,
it's gonna, it's gonna go through like I think it's 10
different things and our criteria that we look for.
And it's things like how long they've been around.
It's gonna be things like are they open source?
Do they do consistent security updates? Is it a public team?
Different questions like this.
And these are more objective measurements where I think,
you know, it might be more subjective is
just, it's just experience.
And I'm sure you're already getting a knack for it yourself.
If not, you probably have already
had a knack for it for years.
I don't know what I'm talking about.
But like when you get emails from all these companies,
you start looking into them
and you go, okay, now I know that people
who send emails like this that clearly are there just
to be marketing spam
and are just trying to get people to sell out
for this ridiculous 32nd sponsor segment
that has nothing to do with anything.
Yeah. Then it's like instant red flag, don't even need
to respond that it's full of crap.
And so you definitely just get a knack for it,
which I'm sure you, again, like you've probably
experienced this as well.
But on my end it really is also just
presentation and branding.
And I think marketing is for me just a clear giveaway as to
what a, a company's priorities are
because there's good marketing and there's bad marketing
and I feel like just
because a company has bad marketing doesn't mean a services
are necessarily bad, but it's an instant red flag.
Especially if they're not an established player.
If an established player is doing shady marketing practices,
then maybe sometimes they can get away with it.
But if you're a brand new to the scene
and you're just focused all in on marketing,
then you're already are starting off on the wrong foot.
And I think one of the most common places I see this is
as an example Signal.
Signal to say that Signal isn't like
one of the, I know I've been talking about Signal a lot,
but it's just an easy example
because they really rock it, right?
Signal's encryption is so good
that every other company at this point who's using
end-to-end encryption is pretty much trying to do it.
Signal does, if not, they're utilizing signal's encryption,
Facebook Messenger uses signals encryption, Google
and RCS is using signals encryption.
It really is kind of the gold standard right now.
And for somebody to come forward
and say what signals doing isn't good enough,
what I'm doing is better has a certain connotation to it
of interesting.
Like you better be doing a damn good job
and justifying why it's that good.
And it's quite the claim to make for me.
And so it's also knowing the context of claims
and really appreciating the tools we have.
I feel like if you understand the tools we currently have
access to and just how good they are,
like if someone comes along
and says they're significantly better than one
of those tools, it's almost kind of a red flag.
Like if someone comes forward and says, I have something
that's 10 times more anonymous than the Tor browser,
you better be going, well how the hell are you doing that?
Because like some of the smartest people in the world are
working on the tour browser.
So if that's not you, who are you?
So I know that's kind of a bit, bit of a tangent.
I don't know if something there can help people see,
but I would say there's the objective criteria which have
already listed out and it's things like
how long they've existed,
are they open source, that kind of stuff.
And then there's more of just my personal views
and my subjective stances on things like that,
which I'm sure you have both of them as well.
Yeah,
- Yeah.
That, that one about how long you've been in on the,
in the market and serving customers is, is a hard one
because it, it puts new companies at a huge disadvantage.
And yet, you know, the community has been burned time
and again by companies that just can't maintain the funding.
Like it's this chicken and egg thing.
They need the customers in order to, you know, justify the,
the spend and the burn and all that stuff in order to grow.
But, but it's hard.
And I think, you know, even just, I, I was rooting
for Skiff a lot.
I really was. And,
and I hadn't done, I, by fortunately,
like this was not planned or anything
'cause I was actually gonna be doing a video on them
'cause it, it had been like two years
and I was like, all right, they, they seemed to be,
you know, making some traction.
I know a lot of people who like using them,
I'd been using it for a little while
and then boom, out of the blue, they just,
they got bought up by Notion.
And now, I mean, not just bought up
but like shut down completely, right?
So now if you are a skiff user,
you've gotta be moving off the platform
and that just makes it really hard.
Like it's, it's hard enough to get people to move over
to something different than what they've been using.
And so I wanna make sure as somebody who has
even just a small amount of influence, you know, over
with an audience, like the people
who are watching right now, like I wanna make sure that
what I'm talking about is gonna be
around for at least a little while.
And I think that that is, it's,
it's hard but it's important.
- Right. I think, and I don't mind name calling
because they're public videos
and I'm just referencing public videos.
But yeah, I did talk about the skiff thing as well
and how like skiff was something I was,
I don't know if you saw this,
but in our forum community, I think,
I wanna say it was at least six to eight months ago, um-huh?
Andrew who's the CEO of CFF as part of our forum community.
And these are public posts
and they were asking to be listed on our website
and I pretty much just said, Hey, like you guys,
I just need to wait longer.
And I think it's almost a direct quote
of I don't wanna like recommend my friends
and family to a service
and then they get mad at me when it
shuts down in six months.
And sure enough they shut down. Wow.
It's not like I called it. Yeah.
It's just like that's part of the criteria
and the criteria did what they're supposed to,
which is like make things a little bit safer.
But on the other hand, I think it's
how you cover things, right?
Because if,
and this is actually one of my criticisms
of some stuff I see like online, I don't like things
to be over marketed right away
by not even the companies themselves, but other people.
I see this a lot, which is like,
there's this brand new browser,
it's amazing, it's incredible.
Here's 10 awesome things about the browser. Go download it.
Or you're silly, see you later. Yeah.
And there's no talk about, okay, well how, who's the team
behind this browser?
Why, why are they better than other browsers?
Is it actually that good?
Let's like get objective about this.
Why is this protection in the browser better than a
different browser for who is it better?
And also let's talk about the long-term
sustainability of the project.
Why are you gonna move to this browser if it's going
to just shut down anyway in six months?
Is it reputable?
Are the people who are running this,
they're pushing code to your device?
Do you trust them to push code to your device?
So I wish that there were,
I think you can cover these new services
and it's something that I don't do
'cause I don't have the time for it, but I wish I did.
But as long as you cover new services critically
and honestly,
and you tell people, Hey, yeah, this is super cool.
It seems awesome, but here are my reservations.
I think it's fine. And we actually did that
with something called, I, I saw a question here in the live
chat about eims.
We covered a service called Silent Link a while ago. Yes.
I think it's been a couple years.
And we covered them when I just learned about,
they must have been so much smaller.
I don't know if, I don't know what they're doing,
I haven't kept up with them.
But in the video I straight up say like,
guys, this works.
I tested it for myself,
but I don't necessarily recommend it to people
because I don't know who the team is.
I still have so many questions about this. So proceed.
Proceed with caution. Yeah.
So I think you can cover new services,
but it has to have a lot of disclaimers.
- Yeah. Yeah. Well I mean, to that point
- I'm not recommending them even now
'cause I haven't looked into it since then.
Just for the record. Yeah.
- Well, and I, I'm gonna, I'm gonna be vulnerable here
and hopefully, you know, people will be understanding,
like I went to use Silent link as well just
'cause I wanted to try this anonymous SIM option.
And this is the question I think that Henry was,
was referencing and,
and I eventually was able to use it, but the pro,
but they only accept crypto payment.
And for the life of me,
I consider myself somewhat tech savvy.
I had such a hard time doing it, you know,
I, I I hold crypto,
but I don't necessarily, like, it was, it was hard for me
to, to pay out for some reason.
Like it literally took me hours to try to figure it out and,
and it was like, I'm, there's no way I'm gonna tell my mom
for sure, but even some of my friends that wouldn't be able
to go through a process like that.
So that being an example, both of like what you said,
being careful about how you recommend something,
but even, even if I were to recommend that,
who I would recommend that to
- Great point.
Yeah. Different demographics, different use cases.
And again, I think this is where people just miss the mark
because back to signal, signal might be perfect
for your friends, but it might not be perfect
for in an anonymity oriented messenger.
And that's where something like Briar might be better.
Where there is no like core unique identifier
in a way it's peer to peer.
There's no central server,
there's no one you even have to trust.
And so it really is different use cases
and there's very few tools.
There's so few moments where I say just don't use this.
And the only one I can think of off the top
of my head is like, LastPass just
because there's no reason there's better free options than
LastPass that have better usability,
better every, I just Sure.
It's, it's one of those things that I can't even sit down
and figure out who should use it Yeah.
Relative to the competition.
But I, I can't even do that
for anything else off the top of my head.
Like operating systems, browsers,
messengers in general.
I just feel like there's a use case
for almost everything out there.
And I'm sure you see this with VPNs, you were talking about
how different countries, maybe a v PN that was terrible
to recommend for pricing security might have bypassed
something in China, for example.
I know, I see that a lot.
Yeah, you probably know a lot
more about that than I do though.
- I mean, you're, you're right.
Like I would get so many people that would,
that would criticize my, my recommendations for A VPN
and a lot like I started because I was in China
and how I was recommended VPNs.
And the reality is, is like the,
the game in China is very cat and mouse.
So unless a company is willing to play that game,
if they've got enough of a customer base in that country
to play that game of cat
and mouse, okay, this, you know, IP address
or this server has been blocked in some way,
so let's change it.
Let's, let's adapt for our customer base it like, I don't,
I don't care if you're open source, I'm just trying
to access my email for goodness sakes.
I'm just trying to like message my parents.
I like, it's, it,
there were different criteria that I had for that.
All right. Oh, go ahead.
- No, I'm just agreeing. - Yeah, let's,
we're gonna shift gears here.
So those of you who are in the comments section right now,
I want you, I, we've already got some great questions
that I've starred that I'm gonna bring up for both Henry
and I as we finish out the last 20
minutes of this live stream.
But before we do that, I did wanna say,
and you know, this is, I, it's paying the bills,
but quite honestly I am really, really happy with Yubico.
We were talking about, you know, companies that we trust
and different things that, that we,
that are basically markers
for why I would recommend something.
And I have to be very,
very careful about which companies I allow
to sponsor the All Things Secured channel.
And I'm, right now it's just, you know, Proton, Yubico
and a couple others.
And so right now, Yubico if you don't have a 2FA key,
like this is, I'll show you different types of,
they've got USB-C, they've got the lightning cable,
which may not be useful here in a, in a year or two.
This is one that I keep in my, in my computer, on my,
you know, in my office all the time that keeps plugged in.
Like these keys are the best way to make sure
that you're not just like the, I I always say that,
you know, when it comes to two-factor authentication,
having two-factor authentication is better than not.
But the tier is SMS text would be my least favorite followed
by the authenticator app.
But the, the top of the line there is using a physical key
that somebody would have to steal off of me in order
to be able to log into my accounts.
So if you wanted to get your own key, you can get $5 off,
you can get two of them get $10 off,
and that includes their Security Key series.
So that's their lower, not lower end.
That sounds really bad because it's their entry level.
It does what you need to do.
It just doesn't have certain FIDO2 security features.
But if you wanna go ahead and grab that, this is, I, they,
they haven't given me a code, they've just given me a link.
And so you can go to allthingssecured.com/yubikey5off,
and you can get $5 off.
It's automatically applied even if you, I think if you go to
that link, it automatically puts in a five C key.
But you can take that out, you can put in different keys
and you'll still get that $5 off once you update that.
So let's go ahead and jump in
and look at a couple different,
let's see questions here.
So I'm gonna start kind of in the
beginning. Did you wanna say something?
- Yeah, I wanted to say I, I, I have no involvement
with your deals with Yubico but I do use YubiKeys as well.
Yeah. So they're, they're not just,
they're also just more convenient.
Like that's, it's one of the few things in
security because Right.
Security and convenience normally just not the same.
Normally more security is less convenience,
but exactly the YubiKey for me is much more efficient.
It's, I can just reach over
and tap my YubiKey, which is always plugged into my laptop.
It's faster than getting my phone out,
looking at my authenticator codes, logging in
and then just, exactly.
Yeah.
- All right, let's go ahead
and start, Henry's takes on privacy X.
If you're comfortable providing your
input, please let me know.
I I, I'll be honest,
I'm not a hundred percent sure I know what he's talking about.
What do, do you know what privacy X is? Nope. Okay.
All right. Yeah, well then we will move on.
- Someone said, sorry, someone said your deals,
I didn't mean that to sound condescending.
I just, oh no, my
- Bad. No, no, no. I hope
- You didn't perceive it that way.
- No, not at all. Not at all. Okay.
And again, like the, these are, these are the type
of questions and these aren't bad Luca, I'm
so glad you're asking this question,
but can hope talk about the flop in, you know, for Luca,
again, I've never heard of it.
Are you familiar with flop or flu or however you say that?
- Yeah, so we've gotten questions about this
and we've gotten a little bit criticism for this.
Flo I believe is a Firefox based browser, I believe,
and it's pre hardened.
Again, someone can fact check me on that.
But essentially it's some kind of privacy
and security oriented pre hardened browser
that's gotten a lot of popularity.
And we pretty much went forward
and said, well, we're not going to be really like
doing too much with this until it's around
for at least a few months.
And we can see more about the team
because if you just go on the website,
there's not very much information about the project.
And for me, just, it's not even near the general
pass the test of time.
And also if you look at things like objective measurements,
if you go on something like privacy tests.org,
you don't even see it there.
And so it's even hard for us to even try
to compare it to other options.
So I'm not saying I don't recommend it to people,
it's just when I'm saying I'm not really,
I'm not saying don't use it,
I'm just saying I'm not recommending it.
And I feel like we got a lot of flack for that
because people were saying,
you should be trying out these new things.
And if I was going to cover it,
I'd be doing a proper review of it.
But all I've done is live streams like this
where someone asks what I think about it.
And my only opportunity is to say I, I've just,
I can't say anything about it yet
'cause I haven't like thoroughly looked into it.
But also it's probably not gonna be something I just
overwhelmingly recommend because what is it?
Who is it? Yeah, why is it?
And also there's already so many great pretty hearted
options for browsers at this point in time
and it's gonna be really hard to, I think I outdo those
and the great teams behind them, so.
Agreed. Yeah. But that could be amazing. Yeah.
Again, yeah, could be perfectly great,
could be better than everything else out there,
but that's where I'm at right now.
- No, I think that that's a great way to say it.
Like I think, you know, there could be probably lots
of questions like, oh, what do you think of this?
What do you think of this? And,
and it's really hard to give a good answer to those kind
of questions without Yeah.
Without either seeing, sounding condescending or,
or too excited about something that, that's coming out.
Guys, make sure you keep those, those questions coming.
I want to, we've got plenty of time
and I want to, if you want that question then keep coming.
- Well, I'm sure you see this too,
because on this note, like there's so many services, right?
There's browsers, there's messengers, there's VPNs, there's
operating systems,
and in each one of those categories you have like 10 plus
services to watch out for.
So we have to keep ourselves updated on
what all of them are doing.
And then people ask, what about this new one?
And it's like, I don't know, we're, we're
so busy just trying to keep up
with the ones we already know about.
And so it's, it's asking a lot, I think to also try
to keep up with new services.
And it's not to say we can't do it, neither
of us Josh, or I can do it.
It's just, it's hard. So we try
to have some understanding too on our time.
- Yeah. And I'm,
I'm seeing a couple different questions related
to specific now that I, now that people said it, I get it.
Privacy x being a YouTube channel or you know, what is it?
The hated one and all these, and I'll just speak for myself.
Henry, you're welcome to go on.
I try not to comment on other people's,
like YouTube, I know how hard it is to be a YouTube creator
or even just a, a public face anyway.
And so I try to do my best not
to publicly call out anybody one way
or the other, just just because I know how hard it is.
- Yeah. I, I, I honestly don't watch much of YouTube.
So like, I've seen some of your videos
'cause they get suggested and
that's, that's kind of about it.
Like I just, I don't watch much YouTube, I I,
I get my YouTube mostly through RSS feeds
and like as involved as I am in a digital right space.
I don't like my RSS feeds to be consumed by digital rights.
So a lot of it's like, I watch K Gaza, I watch Veritasium
School of Life is one of my favorite channels
for like mental emotional stuff
and that's kind of what I watch.
Judge Judy's my daily thing though. I don't know why.
- Really? I don't - Know
- Why Judge Judy.
- Yeah, they, they have a great Clipse channel.
They post every day at the same time I'm part
of JJ lunch crew.
- Wow. I would not, I don't know why
I would've not guessed that.
Henry. I, I do, I love Veritasium though.
That guy and Smarter Every Day amazing. Both of those guys.
Like, I don't dunno, I, it is just one
of those things if I'm gonna spend, you know, 10
to 20 minutes watching something,
it's great if I can actually come away having learned at
least a little something, you know.
- Right. Have you seen Kurz Gaza videos?
- I haven't. Yeah. Like I wouldn't even know
- How to animated ones with the birds
and Oh, they're so, well if you like learning things,
I think you'll like Kurz Gaza,
it's a German channel and Okay.
But it's in English and Okay.
It's, it's just beautifully done.
I think they spend like hundreds if not thousands
of hours on some of their videos and
- Wow.
Alright, let's move on to the next question.
Does Henry recommend using USBC port locks for MacBooks?
Are you familiar with what he's talking about there?
- I haven't seen one of these.
I know that I, I'm assuming what Josh is asking here,
traditionally, there's actually this port
that people don't know what it's for on a computer.
It does, it's not A-U-S-B-C port.
It's not a USB port,
but it's this weird like rectangular port
and it's actually a lock for your computer.
And there's also I think a curved one if I'm not mistaken,
but essentially there's computer lock cables
that you can essentially wrap around your desk
and that way like when you're locked in, you're locked in
and someone can't just snatch your
computer and run away with it.
My guess is someone's released some kind of USBC version
of this for MacBooks,
but I haven't seen it so I can't directly comment on it.
I guess I would ask how it locks into the MacBook.
That seems like it would have
to be an interesting mechanism, but yeah.
Oh, I see here. Prevent people from putting drives in it.
Okay. I haven't heard of that. So not the Covington lock.
I haven't heard of that. Yeah. So It makes sense though,
like block your USBs from people plugging things into it.
I think it's a pretty low that's, sorry,
that's a pretty low risk, high threat model kind of thing.
Yeah, I don't think that's the thing I would even use on my
devices if, even if it was a public device that I take
to a coffee shop, my computers stay on me all the time
and when they're at home, I have other measures in place
to ensure that nothing happens.
Yeah. But yeah, if it works, it works.
It seems like a pretty simple thing.
If it stops someone from plugging a USB drive
and your goal is to stop someone from plugging in a USB
drive, then sure.
But I think most people don't have
to be concerned about that.
- All right. Yeah. Are you familiar with the airdrop,
alternative bip?
What do you think of it? Yeah, I'm not familiar either.
I, to this point here, especially when you're,
when you're talking about Apple Software alternatives,
like I started trying to find out if there was a way to,
you know, there was this company, I can't even remember the
name off the top of my head now,
that was talking about doing iMessage.
Like they had found a way to include, like,
you could use their app and, and bring in iMessage
and Android messages, like all sorts of messages together.
And then all it took was, I think one single,
what was the name of that?
Anyway, all it took was one beeper.
Did you ever hear about that? It was beeper and,
and all it took was one update from Apple
and then boom you couldn't do it anymore.
And, and I just, like, I, I'm, again, it's one
of those things where it's, it's this weird game
and it's hard to like I want that,
something like that to work.
'cause I wanted something on my, you know, Graphos phone
that would allow me to use iMessage
and it, it was unfortunate that that didn't take place.
- Right. iMessage is a big bummer
because there's no reason for a messenger not
to be cross-platform for every major operating system.
And that's very clear,
just market manipulation on Apple's front.
And there's certain things that Apple does
that I do really enjoy and iMessage
and not supporting it on every OS is not one of them. So
- Yeah.
So did you see Apple, did this PQ three
or post quantum security for iMessage, do you think
that's gonna end up being more secure than Signal?
I've actually, you know, I was even talking with Tuda,
which is a, a secure email platform
and one of the things that they were talking to me about is
how they've developed this post quantum encryption.
Like is this something you think we're gonna
see a lot more of?
Is this a good move forward for iMessage?
- Definitely a good move forward.
Quantum security I don't think is really necessary at this
point in time and I don't think anyone's really claiming
that, but they're trying to get ahead of the curve
and I think that's really good.
I think what people really need to remember is that I, I,
I'd actually really push people towards Meredith.
So Meredith is the president of Signal
and Meredith publicly commented on Apple releasing PQ three
for iMessage and it was praised.
She even said, this is great
and more messengers implementing this.
Technology's a win. And I can't comment on whether it's
still more secure than Signal.
Signal still has some other things working in its favor,
even if it's not Post Quantum yet.
But I think it's worth mentioning, signal already is
starting to work on Post Quantum as well.
And what people really forget about is
that this is a security thing and not a privacy thing.
So even if this post quantum thing is more secure than
Signal, which again I think is still debatable
where iMessage does lack, is in privacy
because iMessage doesn't really have a ton
of metadata protection for users.
So on Signal.
Signal has even been court ordered
to hand over everything they had on a user.
And the two things that they could hand over when was when
the user account was created
and the last time they were online,
they couldn't hand over anything else about the user.
If that happened with iMessage,
they could probably hand over a lot more like
who was talking to who at what time
and when they were online, the size
of the attachments and things like this.
And so there's a lot more that Apple can theoretically hand
over, and I'm not necessarily saying they even do,
but iMessage just does not have those built-in
protections like Signal does.
And I would also argue that makes it easier for them
to roll out a more complicated security protocols
for their encryption because they don't have
to think about all that metadata protection
that Signal utilizes.
And I'm sure you spoke with Tuta,
'cause Tuta also just rolled out Post Quantum in their emails
as well, which is awesome.
And I think that should be automatic
for all users coming soon.
So good stuff.
- Oh yeah, sorry. Forgot that I was muted.
I'm, I'm gonna have to change my audio setup obviously,
'cause everybody's, I've heard comments about my desk noise.
So for those of you who have, that's been a, an issue,
I apologize, is it a good idea to use a second phone just
for receiving 2FA codes?
Henry, how do you handle those accounts
that only allow to fa through SMS text?
- Yeah, I'm assuming I wouldn't be using a different
phone for it.
I think that's overkill.
But definitely if you can have a second phone number
perhaps, but there's gonna be pros and cons.
I mean, if you start using virtual numbers VOIP numbers,
then less services will support that.
But my gold standard for, for things like this, if you have
to use SMS for your two A, if you can try
to get away with something that's VOIP,
particularly if you are fortunate enough
to still have a Google account,
Google Voice is actually better supported, I find,
than other VOIP providers.
And if you have 2FA set up on your Google account
or you're even in Google's Advanced protection program,
you can actually essentially keep those SMS codes
behind your Google Advanced Protection program,
which could even be set up with something like YubiKey.
So that is kind of a workaround,
is if you're using A-V-O-I-P provider,
you can almost utilize the security of that provider
to keep your SMS codes a little bit more secure.
But that's about the best you're gonna be able
to do if you can't do VOIP, if you don't want
to use your actual number that's tied
to your normal cell plan for whatever reason,
you can get a second number that's just for SMS codes.
And there is still some improvement in that, in,
in some capacity perhaps,
but it's gonna depend on why you're doing that.
I, I don't think that's something I would just broadly
suggest, but it's a tough thing.
Yeah, SMS two A just sucks and I wish it just went way
because there's no great solution and yeah, I don't know.
Do you do something else?
- No, I, I do.
I use, I've got the, the virtual phone numbers
and I like what you said.
I hadn't thought about it like that, but I do use it.
I have a Google Voice phone that,
or phone number that was actually an old phone number
that I just ported over.
And I use that now for a, a number of 2FA codes.
And then I've got a separate hush number
as well that I've just been testing.
But that idea of, I mean, like it's, it's locked behind
all the two a protection that I have for my Google account.
I generally try not to have super secure accounts going
through SMS text verification.
So, but,
but in some cases, which unfortunately includes one
of my banks, that's just the only way they do it.
And, and that's unfortunate.
Although I was, I was talking with, you know, Stina, the,
the co-founder of UBI O last year
and she was saying they're, they're in talks with a lot
of major banks to try to get something rolled out.
It's just they're slow because of the size
and the scope of what they do.
- Yeah, that's tough. Banks I feel like just take, so
they take so much time to roll out proper modern features.
It's a bummer.
- All right, well Henry, this kind of being like a, a,
a sly way of, of doing a little promo
for you go Incognito premium version two.
When's that gonna be released? First of all, for those
who in this audience right now who don't know
what Go Incognito is, why don't you do a quick introduction
and then you can answer the question.
- Yeah, it was probably a crazy idea when I did it
because I didn't know I was signing up
for a two year project back then.
But essentially the whole idea was to have a course,
a one stop shop to learn everything you needed
to know about privacy and security.
I was thinking something like a course.
And so it ended up being a course and it took about a year
and a half to two years to fully publish the whole thing.
And that was V one
and I believe it was completed in 2021 if I'm not mistaken.
And essentially things changed, things evolve.
And so I've been wanting to redo that
because I would say if you took the first one
and if you still take the first one,
you're gonna learn a lot of stuff
and a lot of the principles and the ideas will still hold up
and they're pretty much timeless.
But there's like specific service recommendations at this
point that could be improved.
There's a lot of things that can be
improved now if I redo it.
So it's a really fun project if you're trying
to learn about pricing and security,
go incognito is a great way to do that.
And by the way, it's free on YouTube too,
it just has some ads
and there's some extra perks that we include
for the premium people as well.
But generally speaking, the goal isn't
to pay all the information, it's just to have a way
to support it
because it took literally two years to put together.
But V two is gonna have a lot
of great changes and great improvements.
And in terms of an ETA for that, it's really tough
because again, like last time I thought it was gonna take
six months and it took two years.
I guarantee it won't take two years this time.
'cause now I have a better understanding of what to do.
But I'm really hoping by summer everything is like wrapped
up and published and done is the loose goal.
But I mean it's, it's, it's a big time commitment.
So doing my best.
- Yep. All right.
Well we are here at the end of our time if you want
to follow, I put the link to the Go incognito
there if you wanted to follow that.
We also have, you know, Henry's on Techlore
at on YouTube you can join.
They've got an a fantastic forum.
I see it all the time when I'm searching
for things on Google
and they just, it's like a,
like it's a very active forum, which is what's really cool.
So congrats on building that.
So if you wanna find more about him, please do so.
I am just honored Henry, that you were able to,
you'd spent time joining us.
This is a collaboration that I said has been a long time in
the making and I'm glad that we were finally able to do it.
- Yeah, we've been chatting for a while.
Emails, I know Signal.
We never quite got on a video call though, so
if you wanna do something again, I'm definitely down.
It's an honor to, and I'm so glad that you, you know,
you took the initiative to set this all up,
so I really appreciate it.
Yeah, and also thanks all for the good
questions. I really appreciate. Yeah,
- Absolutely. Thank you all
- For and also there's a lot more good ones,
but we don't have time to hit them, so Yeah,
- I know next time know, I know if you want to like,
go ahead and if, if you're one of those people
that has a question that didn't get answered
during this livestream, go ahead
and maybe it, it's hard to go back
to the livestream comments and answer those,
but once this thing goes live as a video on demand,
then you can leave those questions
and I try to do my best to go through and
and answer some of those.
So yeah. Do you have anything else you, me
- To say?
Yeah, is it an issue if if people leave comments they can
add whoever they want to ask the question?
I don't mind going in with my personal Yeah.
YouTube channel and trying to respond
to some comments on this too.
- Absolutely. Yeah. So that's something you guys can do.
You can, you know, you can tag, you just do at
and then Techlore or at all Things secured
and that will tag one of us in the comment section
and hopefully we'll be able to go in and answer those.
So a special thanks again to Henry for taking time
and thank you to Yuko.
I know I've said this already,
but they've been a very gracious partner.
I've enjoyed working with them.
I think that they do great work
and if you don't have your own key,
you can go and grab that.
You can get $5 off using the code
or using this url, all things secure.com/ub key five off.
And you can grab a couple keys there if you want one
primary, one backup.
They've been a wonderful partner of all things secured and,
and just a great company altogether.
Thank you all again for coming out.
I am grateful for the time
and I hope that you have a good rest of your week.
We've got, I've got two more live streams scheduled over the
next couple months, April and May.
One of them I have Naomi Brockwell
coming, which I'm excited about.
Another, I'm still working.
I can't say exactly the company,
but I have a CEO of one of the tech companies coming out
and, and that's gonna be good as well.
So make sure that you stay on top of that.
You can make sure if you're on the,
if you're subscribed here on YouTube,
you'll hear a lot about that.
So thank you guys and have a great week.
تصفح المزيد من مقاطع الفيديو ذات الصلة
Human Rights in the digital age
Сегодня без этого не выжить! 3 ключевых навыка в эпоху блогеров
10 Ways To Get Your Music Heard in 2024
НАСТРОЙ АВТОРЕКЛАМУ ПО ПРАВИЛЬНЫМ КЛЮЧАМ / Как НАСТРОИТЬ РЕКЛАМУ на Wildberries
Илья Суцкевер . Увлекательный и опасный путь к Общему ИИ (AGI). Дублированный перевод
Elraen Yeni Model Chat GPT-4o İle Sesli Sohbet Ediyor
5.0 / 5 (0 votes)