nixops

Daniel Jones – AKA “Nixops” Transcript

Daniel Jones - AKA "Nixops""

Note: This transcript was automatically generated by artificial intelligence (AI) and therefore typos may be present.

Rob McNealy – RobMcNealy.com
Hey Rob McNealy here and today I am super super excited. I am talking to someone who is an expert in personal security privacy on the internet, and general all around smart guy when it comes to crypto, crypto hacking, software development. His name it goes he goes by Nixops but his real name is Daniel Jones, which I think sounds either like a fake name or something. But how are you today, Dan?

Daniel Jones – AKA “Nixops”
Good. Oh, good. No, that’s my real name. Most people assume it’s fake, but it’s actually my name. My parents had no originality.

Rob McNealy – RobMcNealy.com
That’s okay. So um, we’ve been connected on social media for a while and you guys, you dig into some cool stuff. And you really talk about a lot of privacy related stuff. And there’s a lot of stuff happening out there. I think right now that people aren’t really even hearing about are talking about, but I just want to talk a little bit about your background. And then let’s just jump into talking about a bunch of different stuff. So Tell, tell the audience who doesn’t know who you are. Tell us a little bit about your background and how you got into this space.

Daniel Jones – AKA “Nixops”
I’m just I’m a programmer. I started off as a Linux, Unix sysadmin and started learning c++ and from there, you got a driver development became a software engineer. I mean, I started working with, you know, ever wide range of experience from Driver Development, OS level stuff to Software as a Service, high performance computing, cryptography and cryptocurrencies. Um, I just like I always say my tagline I’m a general purpose hacker, whatever you need to be done and money’s right. I’ll build it.

Rob McNealy – RobMcNealy.com
Sorry, independent then, do you work for a company?

Daniel Jones – AKA “Nixops”
Uh, I am working for a company right now I’m working for two companies right now, I also do a lot of independent work and some open source development. It just depends on time that should right there. If you can figure out how to add a few more hours per day, I would pay you a lot for that, you know, you just make that happen.

Rob McNealy – RobMcNealy.com
I’m working on it. My magic wand. Actually, it’ll be our next rollout on, you know, hard fork number, blah, blah, blah, and extra hours in the day blocks.

Daniel Jones – AKA “Nixops”
Are you gonna put that in?

Rob McNealy – RobMcNealy.com
Well, I mean, I mean, I get that too, because like, you know, like, what? We’re, you know, we’re doing our we do our little crypto project, and we’re open source and everybody’s got a full time day job, right. So it’s like, people don’t understand what that really means. I think the words community project have been thrown around so many times. But if people actually knew what the hell it took to just manage a community project and actually get stuff done in a community project, they would like go out of their minds. Oh, just for the project. management standpoint?

Daniel Jones – AKA “Nixops”
Well, I mean, that’s what a lot of people really don’t get to select the open source community, something that a lot of people have no idea that how much open source and free software they use. And they rely on every day, even services such as this one that we’re using, majority of it is built upon free and open source software. And the thing is, is that these companies pay individuals to work some of their time to contribute to them for features and things they need. And when you break away from company, paying for that, it is truly a community like truly open or truly just individuals running it. People don’t understand that we got bills to pay and things like that. They don’t they don’t really grasp that. Just because you write code, they think that you’re going to get what Silicon Valley pays. No, that’s not how it works. Someone has to foot the bill. And if someone’s not footing the bill for that your time is completely free, and that’s fine. But there are also you got responsibilities. You know what I mean? You got you got mortgages, you got car nodes, you got everything else, just like ever Anyone else does. But the thing is, is like, you know, you hope and strive to get to the point where you don’t have to worry about that. But at the same time, you’re still writing software. And if you’re doing it for free, it can be cumbersome. Because you still have to work a day job to put food on the table and to be able to survive. And rent ain’t cheap. It ain’t free either. You know what I’m saying? Like, depending on where you are. So I think that’s also a misconception people have is like, Oh, I know, somebody is an open source developer. And they get paid, you know, to do this. And it’s like, Yeah, but they’re being paid by a company because they use that software. So they need a contributor at their company to push the features they need and want. And I think that that’s a lot of times where the confusion sets in because in cryptocurrency, it’s, you know, we look at that as centralization. But in reality, when you look at like free and open source software, that’s just the way of the game. You know what I mean? Like, outside of like, coin x or whatever, you look at a coin that’s mainly company controlled, because they’re paying all the devs and they have the resources, whether they Ico or not, which I’m not a fan of the Ico world, but regardless, you know, they’re being funded. And open source canoe projects, for example, it can be very hard to be funded. So a lot of times companies are the people who put people in charge of maintaining that software because they use it. And so I think like you said, the community driven projects and community community ran projects, people don’t realize this, how many man hours are human hours, I should say that takes it takes a lot, because you have to have project management scopes. You know, what features are going to add? Who can deliver that feature on time life happens. So if you only got like a team of two or three developers, what’s going to happen if someone gets sick, ran over by a bus, whatever, you know, you take all that into consideration. And people often overlook all that.

Rob McNealy – RobMcNealy.com
And I think even from a project management standpoint, when you’re dealing with, you know, truly, you know, community driven open source software is that people can be really flaky. I mean, it’s not it’s just there’s a lot of flaky people. That’s again, Sounds great. Yeah, I want to work. I think people get really excited about being a part of something, and then they don’t show up. It’s like, Oh, well, this really is work. Okay. It’s, it sounds great. But, you know, ultimately, there’s needs to be some work done. And I think a lot of people, it’s almost like they like the LARP that they do open source can, you know, contributions, when they’re just like, you know, and they don’t show up. And I think that’s kind of frustrating to on the community program. And

Daniel Jones – AKA “Nixops”
I think you also have to look at it from another standpoint to like, say, for example, I can use this for my own personal So say, for example, you’re, you have a project, you’ve outlined a scope, you’ve built all these documentation. And then next thing, you know, you end up in some snafus over intellectual property of some other code. So now all of a sudden, you’re having a halt, what you’re able to push even for open source, because you don’t want that intellectual property to then get compromised because there may be a dispute over when it was Britton who technically owns it, that kind of thing. And that happened to me before and happens to a lot of people and like thankfully now that stuff is is behind me. But you know people are very greedy and especially in Silicon Valley which I’m so glad I’m out of now by the way, so I’m a I’m an ex Valley guy and no longer going back to that but you know the valley is is one of those things is shit I gotta handle some of the ones I got I got a wasp one..

Rob McNealy – RobMcNealy.com
Well be safe. Don’t don’t get killed by the wasps. Is that like a murder Hornet kind of thing? Or

Daniel Jones – AKA “Nixops”
There’s two of them in here. I didn’t realize that I’m allergic to those fucking things.

Rob McNealy – RobMcNealy.com
Well, don’t get killed by the murder Hornet.

Daniel Jones – AKA “Nixops”
Yeah, they’re not murder hornets. They’re just typical South Mississippi, fucking, big as hell. So there’s just gonna be a painful thing. But anyway, yeah, I mean, like, you know, some of the things that people don’t get is that software is coming. complicated, especially when you’re working a day job, and you’re trying to do open source contributions, who owns it, depending on contractual agreements and things like that, and then also what state you’re operating in, because a lot of people don’t understand that some states honor non competes, some don’t even have your software. In some states, there’s precedents where, you know, they haven’t had much of a tech industry. So say, for example, you write software that just does something on the network, you may be in violation of your very own invention agreement that you signed on your employer, even though your employer verbally may tell you it’s okay. It’s still problematic, because it depends on how well that now verbally agreed upon project that you’ve kicked or that you pushed out. Now, if that takes off your company, or your employer may decide they want it, you see what I mean? Anyway, I’m like, that’s a complicated sector that people really don’t get into. Because unless you work in the industry, you really don’t know so like in the crypto space. You have a lot of people who read up on some bootcamp stuff and done a few you know, playgrounds. They think they could write code Professionally, and they don’t realize that it’s a lot more complicated than just putting together a couple of tutorials. You know what I mean? Like, there’s more to it. You have product spec, you have ideas, you have to look at longevity, you have to look at scaling, you have to look at a number of factors that boil down to your design. And if you’ve never implemented something in production, or if you’ve never had real users, then how are you supposed to know how to construct that? You see what I mean?

Rob McNealy – RobMcNealy.com
Absolutely. Um, privacy. One of the things that we’re seeing right now..

Daniel Jones – AKA “Nixops”
Hold on, let me let me kill this fucking thing.

Rob McNealy – RobMcNealy.com
Okay.

Daniel Jones – AKA “Nixops”
Am I prepared? Oh, me.

Rob McNealy – RobMcNealy.com
No worries, man. It’s all good. All right. So we, before the break, we were talking a little bit about privacy and the state of privacy in the digital world, where we are right now. So tell me a little bit like or at least tell the audience a little bit about what you see is the state of privacy right now. Just in general, what would you say? where we are as a culture with our online presences right now. Where is privacy?

Daniel Jones – AKA “Nixops”
Privacy is dying very quickly. And it’s all being derived from, you know, a lot of that’s coming from companies like Amazon, Google, and others who are pushing smart home. Uh, you know, Siri, even Apple is guilty of it. But but a lot of these features that are nice to have end up becoming compromising situations for the individual. And you know, what I mean by that is like a lot of very just like Snowden. And people will say, Oh, I ain’t got nothing Hi, great, just because you don’t have anything to say, do you not need your freedom of speech? And then they’re like, Oh, well, it’s not quite the same and say, Well, yeah, it is. Because think about it like this. What’s your last for your social your mother’s maiden name? And they’re like, Well, I’m not going to give you that, well, you have something to hide. Otherwise, then you would be fine with giving me that information. So why are you not okay with giving me that information? But instead, you’re willing to give a company Oh, well, this company protects that data. We know that’s a fallacy. companies get hacked all the time. compromised individual employees that work at these companies do nefarious things such as stalking, listening on individuals and do things that are that are, you know, beyond their reach and scope of their job. And we know that for under percent fact, like, you know what I mean? Like it’s nothing new. And what what I’m seeing today is that people are just okay with a just like this, Google and Apple, you know, integration. That’s why I told people to stop updating their phones. Because they’re, you know, the future patch releases will have that framework in there. And tell me, tell me about that. What do you do? Let’s step back a little bit.

Rob McNealy – RobMcNealy.com
What do you mean not update phones? What’s going on with the updates?

Daniel Jones – AKA “Nixops”
Well, so for example, updates are always dangerous for automatic updates, you should really try to make sure that you understand what update is, before you run it just like in Bitcoin or anything else. You need to know what the software that you’re installing on your device does. And the problem with proprietary software is that’s hard to do. Because companies aren’t going to release the secret sauce. Then on the other token, when you start looking at Android, you have an issue where you know you haven’t OEM manufacturers who released stuff that’s not public either. There are drivers on certain phones, I can’t list brands because my work with them in the past that have features that aren’t necessarily noted or properly able to be found unless you’re under an NDA with them, in which case you can’t even speak about it post working on it. You have trackable software, you have things that can enable features on your phone such as your mic, camera, things like that, that can turn them on or off, or the cases Apple Google, as you know, agreement, where these future updates, they’re going to allow the tracing apps to work for contact tracing who you came in contact with. But in reality, they can already do that with your mZ and they can already do that with your cell phone. The problem is that’s not presented in a clean data way. And there’s a subpoena that’s required to get that information per person, which adds a hurdle for law enforcement. At the same time, there’s pros and cons to that the good side is that oh well, we’ll be able to distinguish Who came in contact with infected person? Blah, blah, blah, blah, blah. And that’s great. That’s good to some level. But at what risk? Because again, just because this feature is enabled for this one time event, does it ever get turned off look at the Patriot Act looked at anything else, like we never regain what we had, once we lose it. That’s that’s not how privacy works. And, you know, the dangerous part is, is that now with biometrics and things like that a lot of people are reliant on that on their phones. You know, these companies have the ability to access those enclaves so long as their application is signed. And so literally, they can do approvals for updates on devices for certain feature sets, things like that, or auto updates or module specifics, things like that. And the dangerous part about that is that very slippery slope, because yes, already not trustworthy now. But just think about it once you start adding in who there come contact with. Now you can start doing real correlation attacks to figure out who these people serve. Friends are, who their family members are things like that. And like I’ve discussed it before, that’s dangerous, especially because of people like Eva from the Electronic Frontier Foundation and others who’ve talked about stalker where now you’re presenting an API for stalker where basically, the government’s are going to be able to use, but just remember, just because the government has access to it doesn’t mean no one else will. I says, We’ve found that out before too. Once you open Pandora’s box, it’s open. And the risk there is the individual privacy and the idea that I have the protection to do what I want without fear of retribution. I should not be afraid of who I come in contact with, and neither should you. However, under the guise of security or the idea that people are willing to sacrifice those liberties, and there’s options at best, those that are willing to sacrifice freedom and liberties for the idea of security deserve neither.

Rob McNealy – RobMcNealy.com
So government using this for I would argue that contact At least the no contact tracing can be analog as well, not just digital is one of the things that, you know, the countries that have, you know, gone through and started getting COVID under control. They tested early and they did contact tracing, and then they isolated people all the way from their houses. That’s how they’ve been able to do this. Now, I don’t disagree with you. I think that people be able to access everything about you digitally remotely without permission or without a warrant is an issue because it will be abused by somebody, whether it’s a government agent, or just through government ineptitude, a hacker will get access to it or a foreign power could get access to a seems like there’s a massive security issue or multiple security issues based on them. When you can still do contact tracing manually and analog which I think is the more appropriate way I think this is the way you should handle that but I don’t even like electronic voting. So that’s just me.

Daniel Jones – AKA “Nixops”
I make a big stink about that stuff. You know, like electronic systems are prone to vulnerabilities and problems because they’re written by people because people are prone to that, you know?

Rob McNealy – RobMcNealy.com
Well, I think ultimately, a lot of people that are making these decisions about implementing these kind of surveillance technologies, even though it sounds good on its face, I think a lot of the people that are doing it one, at least in the government side, one, maybe don’t understand the ramifications long term and the potential security risks, but I think a lot of them on the other hand also might be getting bribed, because the companies that do produce these things, that’s gonna be you know, some good corporate welfare going their way, as well. So I think there’s a lot of concern about that. And I guess the question is, what do we do about it? What can an individual like me, what can I do about that right now what can I do to help make my my footprint safer on the privacy level?

Daniel Jones – AKA “Nixops”
Learning good offside, but also like, like, I started off with All series and haven’t posted because I’ve been dealing with some some matters but not a return this weekend on use tools but understand how to use them properly. For example, you know, keep a stark separation of your online identities if you’re using an account for shitposting, for example, and you want it purely on that, don’t merge that with your personal accounts. Keep that separate, use separate devices use multiple devices, and especially now you can get clean devices that are literally untraceable because of COVID. You can exploit a situation where you can go in and legally buy devices with cash, that there’s no traceable record that you bought it because you can go and fully mask covered up, no one knows who you are. And it’s not even been an eyelash whereas, you know, back in January, if I was to do that people will report me to the FBI. You see what I mean? Right now people need to understand that there are attack surfaces for people and then there are attack surfaces that open up for being able to fight routine your privacy, you just need to understand what your goal is. For example, I have separation of my, you know, my personal accounts and my older accounts and certain accounts that I do things with in regards to certain certain projects I work on. My aliases are not ever connected in any way, I don’t even use the same devices, not even the same emails never even touch the same GPG keys. Neither one of them have each other’s public keys in the key chains, things like that. Those are important to understand. Because if you have a traceable link, and especially in cryptography, which a lot of people don’t really understand, I’ll put it this way. Cryptography can be a great tool to protect you, but it can also sync your battleship. Understand that if you have cryptographically sound methods like GPG, and you signed something with a GPG key, that’s as good as saying this was me. This is my digital fingerprint. So anything else it’s just digital fingerprint is important to understand that wherever that may be. That can be used to correlate that you are that person. The biggest instance of this would have to be the frosty@frosty key. You’re familiar with frosty right?

Rob McNealy – RobMcNealy.com
I’m not.

Daniel Jones – AKA “Nixops”
Okay. So there was this guy, you may have heard of him, Ross Ulbricht? So, he used the frosty key, frosty@frosty to sign the Silk Road login page, but he also used it in Stack Overflow question. Now, do you? Yes. So you have to really understand that that is as good as saying, This is me. I have proven this key. And so that’s dangerous. Everyone have to understand that that is one of many bad opsec steps that he took. But that’s one major opposite No, no, never have keys, never sign keys and never use them from accounts that are associated with who you are. If you’re doing anything that you don’t want people to know about. I don’t judge people. I don’t care. Cryptography can’t be gay cubed. Neither can encryption. It shouldn’t But it will be used for good or bad. Same thing with a clear announcing thing with everything right? And so like you, as an individual, you need to understand and make a decision on what you’re willing to allow people to know and what you’re not willing to allow people to know. And then from there, you derive a toolkit that makes sense for your exposure or what you’re willing as a comfortable exposure rate, or limit in this case. So like me, certain things people know about me, a lot of things people don’t know about me, and I choose to never disclose that. And the reason why is because I believe in not doxxing people in the sense of like, when people get petty on the internet, they like, here’s their address, or blah, blah, blah. I think that’s stupid, that’s also really ignorant. And that showcases that, you know, they themselves don’t care about operational security of others, and they’re endangering people by doing that. Now, I’m a firm believer, if you can’t take some shit on the internet, and you need to dock someone to get back at them. You probably need to grow the fuck off. And you know, that’s a growing trend on Twitter right now is doxing people and exposing personal information about people like where they live, things like that. There’s a lot of people who you know, that we don’t know their past, what if they have an ex that they’ve been hiding from for years now all of a sudden, they’re easy access to that information. You just open them up to be personally endangered. Because of your, you know, your ignorance and your anger and your emotions overwhelmed you to not think with logic and reason. And instalay One of the things I like to tell people is Be very careful also on who you expose what to remember, public channels are public. So if you say I’m on Twitter, expect it to be documented and archived. Because while Twitter has policies on API gathering of what can be stored offline, all this other stuff, don’t think for a second that there’s not people who have archives of every tweet that’s ever been made. There are and it’s constantly being analyzed things like that. Piano style autography is being used to confirm who’s tweeting in certain, you know, certain vocal stuffs, that kind of thing to be able to trace who someone is. And the risk of that is, is that these companies are selling that data to analyze who is someone or who could be someone’s on their account. Same thing with like, you know, the Satoshi man on all these things, all of those boil down to operational security, and what people are willing to disclose. And the dangerous part is, is that as an individual, you have to make that choice. And that choice can be very hard if you’re on uninitiated into what it means. Does that make sense? Like, I can’t go and tell my uncle, hey, you’re about your opsec when he has no idea, but he also doesn’t have a public facing anything other than his phone number associated with his business card. You see what I mean? Like, for him, his operational security is a much different risk and it’s more in person than it is in a digital sense. So you have to divide that you have to look at. Okay, here’s what I want to do. Here’s how I would like to be. And then you have to figure out what works to make that a reality. And the dangerous part is, is there’s really no guidebook on that. Like they there’s not like a questionnaire you can fill out and be like, Well, here’s the tools you should use, you know what I’m saying? You know, I mean, because if you had a poll that did that kind of stuff, or a survey, literally that person running the survey would be collecting data on the individual pushing the buttons.

Rob McNealy – RobMcNealy.com
So what are a good set of tools for people to protect their privacy with?

Daniel Jones – AKA “Nixops”
First thing I would suggest is everyone should learn PGP whether you’re dealing with your mom and grandmother, your best friend, whatever, PGP for email as a must. And the reason why is because he keeps snooping guys from looking plus, we’re using PGP with like iCloud or Gmail, which a lot of people have, or you know, it allows you to have some level of control of the security and you don’t have to necessarily upload your puppy to a key server. You can give a public key like I can give you my key through a Private Channel, the uninsured Whatever, there’s no trace that that transaction ever occurred between us that you have my public key, but we can communicate and encrypted email cryptographically sound emails back and forth without having the fear of Google or someone else listening now, they will read it, but it’ll be all encrypted. And the thing is, is that when you do that, that’s that’s one layer. Now, a lot of people say, Why don’t really use email, you use email for more important things than use your text messages. Would you agree or disagree on that?

Rob McNealy – RobMcNealy.com
I would agree.

Daniel Jones – AKA “Nixops”
So if your first step or your important things is that you’re using PGP or GPG, or new GPG or open PGP open GPG, whatever iteration of a you know, generally, pretty good privacy or good new Privacy Guard. Um, once you would see there is that Okay, first up, the important stuff unlocking down. I now have asked companies to use PGP a lot of companies actually do have it set up They use PGP or public private keys in private, and they’re willing to use it with with outward facing customers. You just have to request it. And the more people that were requested, the more people will use it. And that’s important, because that’s the important channels, right? So so like if you covered that ground, cool. Make sure you don’t disclose certain email addresses with those keys to other people that you don’t want to know or associated with their email address. For example, if you’re using you know, an iCloud account, it’s probably not a good idea to use that same iCloud account if it’s tied to, you know, your Apple Store account. Because if someone wants to really screw you over, and they know enough personal information about you and you use proper research, they use security questions that are easily guessable because they know you. That’s the security like that’s an attack surface. That’s how a lot of celebrities got into trouble. But it’s also why you see those things on Facebook asking what’s your favorite color, where you grew up? Those kind of things. Those are information gathering tools that people are using to be able to reset your information when and if they need it. So next step is use a good messaging service, a signal signal for your phone calls. So you go for your text messages. And if people don’t use signal ask them to it’s not hard, it’s easy to set up works on all your devices. I mean, it’s really simple. You know what I mean? Like, and those two pieces right there cover a large attack surface for most people. Not to mention, you know, you’re enforcing that these people have you as a contact in their phone. And you can use you know, a burner phone was signal, which I highly recommend. You can get a burner phone right now at Walmart or insert any United States retailer that you can go and fully mass fully clothed, and buy, you know, a starter SIM card and a phone and literally be able to do that. The next step is that if you really want to stay on that hardcore version, only happy Who are important contact you on that number, having another disposable phone for other businesses or whatever the hell you’re doing. But also remember smartphones are dangerous. Don’t be open and links. Don’t be open in your email PDF attachments and stuff like that because there’s malware in that stuff. Yeah, yeah. You know exactly what to say. I don’t have I don’t mean physically because I don’t have any phones on me right now for GPS reasons. But yeah, that’s a house. But yeah, there’s other on the flip phone, man. I mean, I agree. I have I have several of them right now. And like I said, it’s, again, you don’t have nothing now I but you may not want to expose yourself to everyone knowing everything about you. So like I said, start with the email service signal. And then for your browsing habits. I would recommend Tor but most people don’t ever listen to me when I say use Tor properly and what that means. And basically what I mean by that is don’t have Tor open if you have Firefox, Chrome and Safari also Open on your device. Does that make sense? Because you’re basically broadcast and everyone that you have Tor running. And they can see that the cookie information is being shared can see that, oh, service providers, not just your ISP, but the company’s login to So say, for example, you have your Gmail account logged in through your browser, and you’re turning around and going to Google, they’re seeing the same traffic come from the same IP, they’re going to know that there’s distinguishable session IDs and things like that, especially if you’re logged in on both, which is a bad note. Also, resizing Tor is dangerous because you can look at the packets and see whether or not there’s been a resize. So if you can visibly see someone on your network, you can tell who’s using it, that kind of thing. Um, and there’s a lot of dangerous stuff like if people really want to understand how dangerous the world is learn about cookies, and learn about them really well because the web is dangerous. Cookies can do a lot. They tell a company a lot. They can provide a lot of information. They provide a lot of stuff. to advertisers, as well as the company who you may be using their services. And so, you know, the hard part is, like I said, there’s really no easy guide for this kind of stuff. You have to really understand technology before you can protect yourself from it. And, you know, you’re in tech, so am I. And that’s why most of us in tech are almost Luddites in today’s time, because we don’t want any smart home. We don’t want any of that garbage. No.

Rob McNealy – RobMcNealy.com
Well, it’s kind of funny because like last year, we’ve been doing some remodeling around our house and trying to find a low tech thermostat. For instance, we put in a new sprinkler system last year, everything is Wi Fi enabled now. And it was funny like we put in a pretty you know, I’m not gonna go on all the details but our landscaping but this crazy smart, you know, sprinkler controller, we pulled the module Cuz I don’t want someone to be able to hack my sprinkler. And then you know the doorbells with the ring thing where that’s like the only kind of doorbell you can get almost. And I’m trying to find some low tech thing and when in a lot of things that in our house are very modern, right? I mean, we’re, we’re, we like tech. But I also for the same reason I just don’t see opening up all these ways for people to come into my house and monitor things or be able to worse to hack things. That can be bad. And so you’re right, I am very Luddite ish. Depending on what the tech is on some things I’m very tech forward and tech savvy. And other things. I’m just like, No, I don’t want that in my house. But it’s interesting, but I have my one of my cars that I use for work has like manual, doesn’t even have electric windows. It’s got roll up windows.

Daniel Jones – AKA “Nixops”
I mean, like I said, You know, I used to work in IoT as well. Um, and the amount of air information is collected on the individuals running the servers. It should be criminal and is dangerous because, you know, it’s under the guise Oh, well, this makes your life easier. This allows you to do that. Yes, but at what cost? Like I don’t know about you, but like, say for example, I’m having a personal conversation with someone about my health. I don’t necessarily want Alexa to fucking know about it. Like I’m sorry, my life we’ve all the time as well. Like, you know, you write software that you know you’ve written software before that’s used in Alexa or this that or the other and I’m like, yeah, and they’re like, why don’t you use those things? Because I fucking know what they do. Like Like when you when you build it, you have a and you work on these things. You have a real understanding about the dangers right? majority of society isn’t involved in tech enough to understand it. Like you show like someone Echo Dot you show them a you know, with a few little words I can, I can control your lights cool. They see that as a value. They don’t know that it’s listening. Every couple The seconds to look for a trigger word to do something, they don’t know that they don’t realize how that works. And then that information is being sent to the cloud. And they also have no idea what cloud means. But cloud is just basically a distributed network of computers, meaning is someone else’s computer, and it stores all this information, that information is being properly parsed on a regular basis for various things advertisement, what to push to you what you might be interested in buying, because they want your money. And then like that, that again, goes back to, you know, I hate to say this, going back to the ring, Amazon’s made deals with local police, law enforcement to allow the work to someone else’s ring. So if your neighbor has a ring and it’s pointing to your house, they can literally just walk over or contact your neighbor and gain access to it without ever physically going there to look at it. And without ever having to disclose you know me. Oh, you were you Trying to hire you doing selling drugs? No. But I don’t need to know when somebody comes to my house and leaves. You know what I mean? Like, why should my neighbor be giving that information out about me? You see what I mean? Like there are pros and cons to this. Yes, it’s great helping solving a crime or heinous crime. But you also have to understand that there are a lot of people who really don’t want other people knowing what the hell they’re doing, because they believe in their right to privacy. Like me, I don’t fucking want people to know that I showed up. You know, got home at four o’clock the other morning from a night out and drinking. I don’t need them to know that. They see me cool. They can make fun of me, but they didn’t. I don’t need the police to know that I got home at four in the morning being dropped off with a Lyft or an Uber You see what I’m saying? Or that someone gave me a ride or that I used a cab because I decided to pay cash. And, you know, I just told them the general direction to drop me off in that kind of thing. Because you’d have to pay attention to that stuff. Like it’s nothing you haven’t been But you also don’t want the world to know what you’re doing. You see what I mean?

Rob McNealy – RobMcNealy.com
Well, I think a lot of thing that people don’t understand is that it’s it’s not necessarily that one data point, but the the cumulative data points about you, that can be used against, you know what I’m saying? It’s the way they can build profiles, that not only, you know, on the surface, it sounds great, because, you know, they’re just trying to market to you, right? Well, okay, they’re just trying to market to me. But the thing is, a lot of these people, these data brokers will sell this information to the highest bidder and they don’t care who gets it, whether, you know, it’s just, you know, some kind of retailer or whether or not it’s a foreign, you know, spy agency friends,

Daniel Jones – AKA “Nixops”
Or what if it’s somebody that you have, you know, protection order against, and all of a sudden they formed an LLC in a state, and they turn around and request that data to buy now they contract this person that they’re not supposed to be tracking and legally, there’s There’s no way of knowing that. Do you see what I mean? That that goes back to the stalker where we are opening ourselves up to a world and it’s already here. But people can curve this now curb this now where they can eliminate what companies know about them. And they should, and they should take it very seriously. Because, again, you may not have anything to hide per se because you’re not doing anything illegal. But most people commit several felonies a day and they don’t realize it, and it’s petty stuff, but they’re still crimes. But if you know there’s nothing for them, there’s no visible proof that it was done or whatever. Then like a heart nobody really cares. But the reality is, is that those can be used against someone in the court of law for something else to gain leverage. And you know, oh well I pay for my music and stuff. Cool. Who else has a bunch of downloaded mp3? I know I do. From the 90s 2000s. Right everybody. Download mp3 is torn to this, that the other those are felonies, though those are those are punishable crimes by finds. And while it seems silly like, oh, they’re not going to do that they do. But if you open up the door where Hey, you have reasonable cause to go and get a warrant for this person now that they’ve been using their devices, or you can prove they use their devices to do something. questionably legal. Guess what, now you’ve opened up the doorway for them to look into everything else you’re doing, whether or not you want them to. And also remember, this is something I’ve been having to educate a lot of people, I metrics is not protected under the Fourth Amendment, but your password is. So on your phone. If you haven’t used a smartphone, don’t use a thumb. Don’t use your thumbprint scanner. Use a fucking password. Don’t use a facial scanner, use a password, because that is protected. But because of the fact that your facial expression and stuff isn’t literally someone can get your mug shot and unlock your fucking phone. There’s nothing that can stop them from doing so because it’s not protected. Your DNA is not protected those types of things, including your thumbprint, all of that information can and will be used against you, regardless of what you’re doing is right or wrong? Do you really need law enforcement to know that you and your wife got in a fight two weeks ago? Do you see what I mean? Like, I’m fucked over. You didn’t close the toilet lid or something, right? Like, you know, yeah, two o’clock in the morning. Do you see what I mean? Do they really need to know that information? And they should.

Rob McNealy – RobMcNealy.com
So what do you think about social media platforms in general? Is there can you use any of those social media platforms safely? From a privacy standpoint, you think?

Daniel Jones – AKA “Nixops”
Twitter probably about the safest if you use the web app only and you keep the separation, your personal and everything else, but then again, once you remove the personal, you get into that ballgame of whether or not you keep alias separations that kind of stuff, you know what I mean? Like you have to look at it, what are you willing to expose to others? And what is your comfortable risk level? Because each person is different on that right your risk level and my risk level are much different than say a completely a non account who is on for various reason. including but not limited to legalities country of where they may be, how they’re getting to Twitter, what they’re doing. All of that is just part of that formula. And each person is different. And like I said, there’s really no checklist. It becomes a personal decision of what they’re willing to accept what they’re willing to do. And Facebook is not safe. Obviously Twitter really isn’t mastodons pretty good. Outside of that, I don’t even have a Facebook. I have Twitter. That’s my only social media, by the way, and Reddit and 4chan and Reddit I really don’t even use but but 4chan I do, but 4chan kind of enforces the anonymous thing by most except for IP address, obviously, to track what you’re doing. If you do something wrong, like posting shit, that’s illegal, that kind of stuff. But outside of that, you know, if you really want the closest thing to unbridled social media fortune is probably going to be hit. And that’s I mean, that’s the closest to us. censorship free platform we have you can say and do just about whatever you want to on there. Whereas Twitter, you can’t even talk about COVID you can’t do certain things otherwise they think deep platforming. Hell if you make the wrong joke about people, they’ll be platforming my buddy carbon. Got the platform last year earlier this year because of gym friend memes. You know what I mean? And all that mean, and all of that stuff goes

Rob McNealy – RobMcNealy.com
That was hysterical, by the way.

Daniel Jones – AKA “Nixops”
Yeah, there it was. But But literally, you know, instead of someone laughing it off. Instead, they chose to go the DMCA route and try to get lawyers and stuff involved and trying to make things much more complicated.

Rob McNealy – RobMcNealy.com
Well, it’s interesting, like, my wife and I have been early adopters of, you know, social media. I’ve been on Twitter for a long time. I think we got our accounts when we first you know, they first started up, and it’s interesting. My wife and I, we have four kids. And we have never put our kids names or pictures on any social media plan. Ever. And this was a conscious decision we made a long time ago. Because I didn’t want to violate their privacy.

Daniel Jones – AKA “Nixops”
I gotta take care of it. go nowhere.

Rob McNealy – RobMcNealy.com
So I was saying, I was just saying that we don’t ever put our we’ve never put our kids you know, we never doctor kids, we never put their photo online ever, when they were little and never put their names on there. And at the time, we, you know, this is going back in time now, but they didn’t really have photo recognition, facial recognition tech back then. But we said, you know, just out of respect for them, and you know, just creepers in general. I don’t want to put their faces out there. But looking hindsight, my kids don’t have any of that data out there right now. And I always assume

Daniel Jones – AKA “Nixops”
Your kids are gonna be sovereign man. Like I hate to say that. But like if they keep on that, right, like kudos to you because a lot of parents don’t do that. And You know what, kudos to you because and I know sounds stupid a lot of people hate me for this because I’m not a parent but I’ll say this much. I don’t believe kids should ever be on a social media platform at all until they’re 18. And the reason why is because at that point this the state everyone else treats them as an adult. But at that moment they can make a decision what they want to do and it should be left up to that their information should not be out there pictures should not be up there. Birthday should not be up there things like that. And the reason why is because allow that individual to choose what they’re going to do about their privacy. And people you know, I’m going to say this and piss off some SJW is if you don’t mind, is it they want to treat the gender movement, all this stuff like that, right? tree privacy the same fucking way. Don’t put your kid shit out there until they’re adult enough to make a fucking decision. And if you want to if you know people may get upset about it, people may or may not like that, that approach. But I think that’s the only respectable thing to do to an adult is allow the adult To decide what they want to do. And believe it or not, I think a lot more people will be less likely to be using social media, if given the opportunity in that way, versus just seeing their parents constantly on the stuff. I mean, hell, the other day, I went into the store, and I seen like an eight year old on their phone on their Facebook account and their mother on Facebook. And I find that to be very dangerous, and not only for, you know, the kids safety, but also, what information is that kid providing about his family that they are? It’s family that they don’t necessarily the family doesn’t necessarily want to be disclosed and even know about?

Rob McNealy – RobMcNealy.com
Yeah, they’re not even paying attention.

Daniel Jones – AKA “Nixops”
Yeah. Because the phones, the babysitter now, it used to be TV. The worst thing you had to deal with whether or not the kids were watching Cinemax or skinemax, after dark or HBO after dark, right? You know, like that was like the worst. They were watching scrambled porn or something. Now kids have full access to everything they want. And you know, like YouTube and everything like that is the new babysitter. And the dangerous part is is like I’ve watched Some of the stuff that might have used watch before, I would never allow like, we would have been hitting the back of our heads growing up, how do we try to watch something like that on TV? And you know, it’s like eight. And when you start looking at that that’s dangerous, dangerous as hell, because where do they draw the line? Because they’re not they’re not mature enough to understand what is content creation for financial gain, versus what is reality? Do you see what I mean? I mean, that’s, that’s dangerous territory there for them.

Rob McNealy – RobMcNealy.com
So, you know, I, my wife and I are very doxxed like on social media, because we do use it because we’re kind of out there and his personality. So I mean, but we do it. Why would you know, our eyes wide open, right? We knew that going in that we made that, that choice consciously.

Daniel Jones – AKA “Nixops”
And you accepted that risk though. That’s the thing you accepted that you understood what you were going to do, and you did it. And that’s fair. That’s the approach you should take. Understand what you’re doing. About to disclose, but only Don’t get upset if more comes out. Does that make sense?

Rob McNealy – RobMcNealy.com
Yeah, but I always tell people look, but you rarely see me post very many things that are personal nature, like where I’m going that I’m on vacation. And you know, if I do post a picture of something of where I’ve been, it’s already it’s usually after the fact, after I’ve already back home from a security stamp. I do think about those kind of things. But we actually homeschool our kids. And we limit screen time. We don’t even have cable TV in our house at all. We don’t have satellite. So in some ways, we’re very tech forward because my kids are taking computer programming classes. And they’re very digitally, you know, they’re very adept.

But on the other hand, they’re learning..

Daniel Jones – AKA “Nixops”
JavaScript Please tell me they’re not.

Rob McNealy – RobMcNealy.com
No scratch and some other stuff. But, but I think what uh, the other thing is though, like, but we have like, we didn’t give our oldest term First phone until she was in college. Now she started college while she was in high school. So but we said, well, you’re on campus on a college campus, I’m assuming you’re mature enough to handle a phone at that point, and but on the other hand, like our other younger three, we don’t none of them have their own phone, none of them for have social media accounts at all. And then we actually bought a special lockdown phone from gab wireless of all things, which is a super super lockdown phone that we use as a checkout phone for our kids, because none of the kids own their own phone and it doesn’t allow photos. It doesn’t allow surfing on the internet. It’s all locked down. We just do. It’s like Oh, you’re going somewhere, take the phone with you. And this is the phone. And so my wife and I So on one hand, we’re involved with crypto, you know, we’re, you know, very out there on social media. On the other hand, we got our kids very locked down. So I mean, it’s a weird kind of balance, but I think I guess going forward, which I was recommend especially other parents is it is a balance and there is nuance to it. You can have kids can have access to a phone, but I don’t allow my kids to have TVs in their room either. Right? I don’t have a TV in my room. My bedroom for instance.

Daniel Jones – AKA “Nixops”
There is nothing wrong with that like. There’s nothing wrong with no TVs in the rooms. Like I’m a firm believer that like, I don’t like TVs in the room, mainly because you find yourself watching garbage. And like I do, there’s really only four classifications commercials now. prescription medications, insurance, and every now and then car commercial Come on, and then advertisements for other channels in their network. That’s it. That’s the four architecture commercials you see today. I mean, the other day, I literally watch, I was running. I was running a compiler was compiling a large project. And normally it takes about 47 minutes 15 minutes to build. So I’m sitting there waiting. I was watching TV in the background just to see I took note, I took note, in one hour, there was 17 prescription pill, commercials.

Rob McNealy – RobMcNealy.com
Wow.

Daniel Jones – AKA “Nixops”
And one in one hour of TV viewing. And that’s ridiculous when you start thinking about that, how often these breaks are, but like most of the TV is just advertising. But if you look at the Internet, most of the internet is to, unless you’re using proper, you know, upset tools, such as ad tracking blocks, you know, that kind of stuff, or using piehole at home, which I highly recommend, also that is a good step forward, people are looking for something a very inexpensive way of providing a pretty good ad determines piehole um, you know, you get a Raspberry Pi set it up, it takes, it’s a good weekend project. If you’re, if you have kids, and they’re 1415 years old, 13 years old or something, especially during this, you know, all this. You can spend time with them, teaching them how to set this up, you know what I mean? And like those, those are just some fun projects that you can Make something however it can provide a layer of protection for your operational security, both for you and your family.

Rob McNealy – RobMcNealy.com
Like VPNs. Yeah, let’s get into VPNs. Real quick, what do you think of VPN?

Daniel Jones – AKA “Nixops”
Alright, so recently I wrote a thread about this VPN or a touch and go thing. Here’s why a VPN at home is kind of a moot point and dangerous. Here’s why. It’s dangerous because your ISP can correlate the traffic explosions that you’re doing things such as, but not limited to torrenting. And they can see your only VPN and during torrenting, they can literally tell you tell definitively based on a traffic burst that you’re using a VPN to access that and to use that much bandwidth. Like they can profile the traffic. It’s easy to see the other problem of VPN, one of the biggest problems is where the country of location did they run their business because what laws are do they have to adhere to specifically for subpoenas and law enforcement in the country you abide in. So for example, if they’re in Panama, they’re okay if they’re in Geneva, Switzerland, they’re definitely okay. Because Geneva typically just as fuck off. And that’s where you have to really do your research on it right? You can also set up your own VPN. But the problem is, is what a lot of people don’t understand about setting up your own VPN, if you have it at home, is that if you VPN into home while you’re gone, you’re using your home’s public addresses associated to your ISP account. So if you do something stupid, guess where it’s going to come back to us on VPN, bro? Yeah, but you’re using the public IP or just your fucking hours, which you pay for with a subscription to an ISP that have all your KYC information. I’m wondering where that subpoena is gonna go. Like so. And the problem is, is when you use a trust that you use a service or like AWS or something like that to host your own you again are using KYC information to be able to host that service, and then again can be problematic for law enforcement or from that for you because of law enforcement. I don’t care what people do on the internet, I really don’t you do you, but at the same time, you have to know how to protect yourself and VPNs are a great solution. You just need to understand the attack surface for law enforcement. And you know, people say, Oh, well, I’m not doing anything illegal. I just log into bid Max and engage, right? Well, that’s technically illegal under the United States law. That’s why bit Mex doesn’t offer the service to the United States. Boom. Oh, shit. I never realized that. Well, yeah, those are problems. People don’t really grasp some of the..

Rob McNealy – RobMcNealy.com
Like online casinos. Same thing. Really. A lot of people don’t understand that it’s illegal for an American to access online casinos, even if the online casinos are abroad.

Daniel Jones – AKA “Nixops”
Yeah. And again, there’s a lot of services People just don’t really get the legalities up because it’s not. It’s not common knowledge. Like, for example, you know, for a long time it was seen as illegal to use certain types of encryption still is stolen as there’s a legal encryption, you can’t export software, if it utilizes it from the United States. And people are like what I’m like, yeah, there are certain algorithms that you can’t export software from here to sell abroad, because it uses that encryption, because it’s deemed as weaponized. You know, like there’s a lot of stuff from a technical legal perspective that people don’t get, because there’s also not a guidebook on it. You know what I mean? Like, there’s not like there’s an entire set of case law, the Electronic Frontier Foundation and others, including the Tor project and various other organizations that try their best to educate the public. But the problem is, is that there are so many cases, there’s so much that changes on a rapid pace. And you know, people ask me how often technologies You changes. And I tell them what you thought was a good idea today. By the end of the next week, it will have already been that’s last week’s news. There are better ways better methods to do that implementation. Now, you know, there are better tools, they’re better frameworks better this better that there are libraries. And it changes so quickly, because as we have more people become developers, it progresses. So because of that law is slow to catch up. But as these case by cases, set these precedents for, like, you know, VPN laws and things like that, and what can be done legally and illegally, you have to run the gamut of where does that slope end? And where do we, as a society, start fighting back? You know, I mean, our government is quick to say, hey, you can’t do certain things on the internet. But I mean, meanwhile, project playpen. Are you familiar with Operation playpen? I’m not. Oh, our government ran a child pornography site for about six weeks. On the Tor network, while running paid advertisement on torch, which is the search engine for Yeah, for Tor. And then people were like, Oh my God, why they do that because they were trying to, they had seize control the server. And they were trying to gain all the users and getting IP addresses and trying to utilize correlation attacks because they were controlling a majority of the exit nodes, things like that. And they were trying to be able to dachsies people so that they could serve them subpoenas. We were like, Oh, that’s great that they’re doing that, you know, the blocking key point. And I agree, I’m anti HIV because kids have no say so most of this shit abuse and a bunch of other things. There is a huge problem with the way they went about it though, because what’s to stop them from basically running these types of attacks, without the public’s knowledge and then claim someone else ran the service? Because that’s illegal. It’s illegal for you to run a honeypot doing such a thing. Why? Is it legal for our government to do you see what I mean? Like unless let’s, let’s say, What do you mean that? Well, let’s say it was drug markets, I insert, whatever. Now all of a sudden, it’s okay for them to do this because of the the guise of security, just like going back to, it’s okay for them to do contracts racing for the idea of security, it’s okay for them to invade you, or to compromise an entire system that’s designed to protect people from oppression by creating more oppressive methods to be used. You see what I’m saying?

Rob McNealy – RobMcNealy.com
Well, I think that’s why we need to be Villa, you know, vigilant because whatever power government gets, it never sees it, once it, you know, never goes away. And I always tell people that that, you know, you have to, you know, be careful when you give government more power. And it’s, it’s complicated, you know, sometimes, especially when you got, you know, like this COVID stuff, which is, you know, it’s turned into a political nightmare, and it’s hard to decide, you know, it’s hard for you especially just you know, the average guy on the street to know what to believe what not to believe and what to be worried about and what not to be worried about. I think we’ve gotten to the point where people don’t trust anything. And I think that’s all they should.

Daniel Jones – AKA “Nixops”
They should firm believer in that I trust no government trust no agency, because at the end of the day, they all have an incentive to be able to pend something on you. Even if you haven’t done it, they speculate on it, they got numbers, they’re gonna keep to quotas, they got quotas for arrest and everything like that. And if you can be the Fall Guy for catching something as simple as an mp3, later found out that you had conversations with somebody who may or may not have been dealing drugs on the internet. Hey, you’re an accessory, hey, it’s more money to the DEA. These are what I’m saying like, all of that falls into a very dangerous thing because governments are well aware of what technology can do. The government is still in a draconian era. And the reason why I say that is because recently the NSA posted that they’re having a hard time with getting hackers and stuff, because marijuana Well yeah, no shit most hackers smoke do drugs and stuff and most of Silicon Valley does too. Like and you know like that’s also a misunderstanding that people have it in their head that programmers what they see on TV and what they see you know, like the programmer types and things like that. That’s not majority of what builds the software. Majority of these people have vices and are real humans and have problems and they cope with those problems and sitting in a desk for or standing at a desk for 14 hours. I’m sure you can attest to this. You might need a beer or two at the end of the day, you know, sometimes the beginning of the day,

As long as it’s after today have a great day.

Rob McNealy – RobMcNealy.com
The day drinking is a thing now right on quarantine right?

Daniel Jones – AKA “Nixops”
Everybody’s houses like Vegas right now. It doesn’t matter what hour it is. Cocktails are welcome.

Rob McNealy – RobMcNealy.com
Yeah, it’s tough out there. So one last question, before we wrap up the what would be something that you can do to protect yourself, like from RFID? Like you see these wallets? And is there any kind of devices out there like that or solutions that you know, like a purse or a wallet or any of that stuff is that who does that stuff really work?

Daniel Jones – AKA “Nixops”
Some of the works, some of it does not. The thing is, is you have to really do your research to find out what the fabric that’s made with how they’re doing the shielding, and what you’re trying to prevent. So for example, like a debit card, a debit card, you could suppress with wrapping with enough leather, that kind of stuff to some level because it doesn’t have power, right? Like it doesn’t have. So now when you start talking about like passports and stuff like that the newer passports have a very strong RFID chip, and you would be better to get almost like a mini Faraday cage but the problem is don’t buy a foreign a cage. Don’t buy a mini Faraday cage from a company because you’ve literally disclosed to someone else that you’re trying to abuse that information. And, you know, like if I were looking to attack someone, and I knew they had certain devices, or certain purchases recently, I would just figure out what they purchased by breaking into that service and seeing what they purchase find a weakness and that nothing is a silver bullet for security. There’s no one. There’s no silver bullet and software for security. There’s no silver bullet and hardware for security. It’s just like people keeping crypto wallets right a lot of people ask me about those two going on the same RFID thing. Do you use them? No, here’s why. It’s a glorified USB fucking drive. USB drives fail all the goddamn time. Literally all the fucking time. And so now you’re adding another piece of firmware with another moving part on something that’s already touching go as it is. How many times have you went to use a USB drive? Even if it’s not even a year old, turn it on, or plugged into your device and don’t work anymore. How many times have you had that happen? Quite a few. Okay, how many times do you think that happens with things that are specifically designed to stop certain technologies a lot. And that’s why that’s why I say that. That’s why that parallel is important. Because just because something you know, just because something’s designed to stop it, well, it’s designed to stop it as long as you don’t wash it, as long as you don’t clean it with certain chemicals, as long as you don’t expose it to certain hours of sunlight. You know, all of these things are important to keeping that product to work the way it’s supposed to at its maximum operating range. If you exceed any of that by having a life, then you compromise the device and when it does, you see what I mean? Even phones they have a temperature shut off, right? Have you ever been outside? I know you’re in a hotter area than I am at times but you’ve been outside before your phone shut off for temperature overreach. Right?

Rob McNealy – RobMcNealy.com
You leave it in your car in the summertime. If you Leaves like especially a smartphone or an iPhone, I think we’ll get up to like, you know, 130 degrees.

Daniel Jones – AKA “Nixops”
So think about like this. What if the device that you’re intending to projector RFID with is only supposed to operate at a certain temperature range and all of a sudden you’ve exceeded it, but because you exceeded it now there are weak spots in the protective layer. Oh, I think about that. Well, yeah, no shit. Most people don’t read the manual either for anything I like. And that’s that kind of goes back to what I was saying the consumerism side of it impacts the ability to properly do things, the DIY culture, or the DIY, whatever, do it yourself DIY, the DIY culture today on YouTube. What I would like to see is more people and more viewership on the people who are building. You know how to make your own personal RFID preventative wallets. Here’s how to do this. Here’s how to build this from scratch. This is what you need to know. This is so that you can go but pay with cash. No retrace of you, especially during this corn thing, because you can use a masking gloves and cover yourself up completely. And in some places, it’s still snowing. So definitely wear a jacket or whatever in public, nobody knows what the hell you are. And you don’t wear the same clothes you worn in there before you can buy this stuff to do it. You see what I mean? Like that’s important. Because now you’re not only providing privacy yourself, but also you’ve built the device to protect into enable more privacy on your end, without compromising your information to a company to provide that as a service or a device to you. Because literally, they become an attack. They become the attack surface now. And like just like cloud computing and everything else, online storage, all of that is an attack surface by everybody’s eye. Oh yeah, just use Dropbox. Just use this. Well, that’s great. If you’re going to rely on them use GPG to protect those files and things to a different level. Do you see what I mean? Now only you have that access that’s protected by a password that only you know and, you know, I tell people GPG can be a great Password Manager, because you can literally create an encrypted file on on a, on a actual fucking air gapped device that doesn’t even have a network interface to keep your passwords on and protected. So that only you have access to that device to view it, you see what I mean? At that point, you’re able to kind of take some of that control. But if you if you use things improperly, you might as well not use any operational security measures. Because at that point, you’re breaking the the guise of it, right? Like, it’s like I was saying before, if you use Tor improperly you it’s better not to use it at all. Because you’re just telling everybody I’m using Tor and I’m doing it terribly.

Rob McNealy – RobMcNealy.com
So drawing attention to yourself whereas you know, and so you know, you eliminate any possibility of hiding in plain sight?

Daniel Jones – AKA “Nixops”
Yeah. The idea is to hide in plain sight and the thing is, is what I what I tell people is run exit nodes, RUN RUN relays. Run Tor use Tor but use it properly use tools properly. That’s why I was doing the obelisk I’m going to continue now that things have died down a little bit. Um, I’m trying to educate people on how to have a toolkit, but to understand the toolkit to use it properly, because just because you know that this tool will help you do X, Y or Z if you don’t know how to do it properly doing XY and Z could get you a case. You see what I mean? And it’s just like you know, I recently one last post I did was like breaking into wireless networks. And you know how to do WPA pFk braking with better cap and and was a hashtag. And people say all the time, like why why does someone need to know that was better they know how to do it now versus when they’re in a dire straits and they’re trying to look it up.

Rob McNealy – RobMcNealy.com
Daniel, thank you so much for coming on the show today. Where can people where can people find out more about you?

Daniel Jones – AKA “Nixops”
@Nixops on Twitter, social media a lot. My DMS are always open. I may not respond quickly. I’m available and telegram tuner the same thing but if I get too much spam on there sometimes I have to turn telegram off. I get a lot of messages on there so sometimes I don’t check it every day. But yeah, Twitter’s the predominant way to find more stuff about me. Some, you know, interviews and stuff like this when they’re on YouTube and other podcasts you can find me But literally, Twitter’s The best way to find me just because it’s my ability to limit what people know and do about me, you know?

Rob McNealy – RobMcNealy.com
Perfect. Thank you so much. I’m Rob McNealy, checks out on the web RobMcNealy.com.

Episode Links

Audio Interview
Video Interview
Interview Transcript

 

Daniel Jones – AKA “Nixops”

Daniel, AKA “Nixops”, privacy advocate, hacker & digital security expert, talks with Rob McNealy  about tools people can use to protect their privacy online.