Your Car, TV, Phone, Computer and Other Devices Spy On You

Years ago this would be called a “conspiracy theory” but now that the CIA’s “Vault 7” hacking tools have been released this is an established truth.  What’s more scary is the revelation applies to pretty much all computing devices and all OS’s.   The CIA has found exploits and used backdoors into the various devices.  I suspect the backdoors and some vulnerabilities were forcefully injected by the US government.  To make it more scary we have the NSA’s PRISM and this combined with the CIA dump is alarming because those entities combined with other governments surely have a lot more than what has been revealed.  It is not a stretch but rather insane to believe you are not likely being watched and listened to.  We haven’t even covered well funded, private hacking groups.

There are two issues here.  The first one is companies who willingly create vulnerabilities and backdoors at the request of governments and private groups.  The second issue is compounded by the first one where on top of that many products and companies also spy on their customers and also share that data with third party companies and governments at will without any disclosure or regulation.

It’s more than just following where you’ve gone and listening and watching you, the new smart vehicles can be hacked and likely have government mandated malware or backdoors.  Imagine if a government doesn’t like someone and they suddenly have a tragic accident.  There is absolutely no reason why this shouldn’t be the case and perhaps one day we may learn of cases of bizarre traffic accidents that were not really accidents at all.

On an interesting note the “Marble Framework” was released which is essentially an anti-forensic tool to make it difficult for malware and virus experts to attribute the code to the CIA or the US government.  The framework would essentially make it look like enemies of the US such as China, Russia, Iran, or North Korea were responsible for cyberattacks and malware that the US itself had created.

With all this it sounds hopeless but it is not, Edward Snowden famously stated “do not give up on encryption” as clearly not everything is hackable and compromised, there are steps we can take to prevent ourselves from being hacked by the government.  Edward Snowden’s comments and actions are of particular use, the fact that he still says to use encryption means there are ways to be secure.  We should also remember that he used the Tails distribution for communication and used OpenPGP, so it appears at least in the recent past, this was a secure and unbreakable way of communicating.

“What last year’s revelations showed us was irrefutable evidence that unencrypted communications on the internet are no longer safe. Any communications should be encrypted by default,” he said. — Edward Snowden

How can you protect yourself?  There are steps we can take but avoiding the usage of free, insecure services to communicate such as gmail,facebook,whatsapp and also avoiding products that spy on us.  Try to get an older TV or if you get a newer one rip it open and disable the microphone, wifi etc.  If you drive a vehicle consider again seeing if it is possible to disable some of the spying features on it or drive an older vehicle without technology that logs and calls home.  It’s time to get armed and follow certain procedures, avoid certain products and make it as a difficult as possible to be spied on.  Although the programs and hacking methods, groups like the CIA possess are incredible, not all are guaranteed to be successful especially on those who do not run default or standard settings.

Bitcoin vs Bitcoin Cash

This has been one of the most controversial issues in cryptocurrency.  The Bitcoin Cash Hardfork emanates from this issue of what amounts to basically a setting in a config file.

The issue was real back then with Bitcoin only having a 1MB (megabyte) blocksize.  You would think 1MB could store a lot of transactions and this was fine until Bitcoin exploded and began to be used by millions worldwide (something not exactly expected or planned for by the original devs).  Bitcoin can only do 7 transactions per second which is way too slow and what was happening is that the entire block was already fully utilized as soon as it was mined.  It would be like your banks ATM or POS machine crashing before you could do a transaction.  In other words Bitcoin was overloaded and couldn’t keep up with the transactions that were being demanded causing slow processing that could take days to send some Bitcoin!

Some of the devs felt that this wasn’t an issue and wanted to keep things the same as Satoshi created them (with the 1MB blocksize). They felt Bitcoin was never meant to be used for payments such as a cup of coffee and that very slow transactions weren’t an issue.  They also voiced concerns that a larger blocksize would stop people from running full nodes and increase centralization since a larger blocksize requires more computing power.

The Bitcoin Cash team disagreed and did a hardfork which is essentially a copy and counterfeit of the original Bitcoin.   The only real change they made was the blocksize to 8MB which means faster and cheaper transactions than the original Bitcoin.

There were problems initially with potential reply attacks since to get this Bitcoin Cash you have to use your real Bitcoin wallet/private keys to receive it.  This meant that nefarious wallet creators could steal your coins from the real Bitcoin network if you didn’t move your original coins to another wallet first.  There is also the threat of a replay attack.  Replay attacks work on the fact that both chains are identical.  If you send a transaction on one chain, an attacker could see it and then broadcast the transaction on the other chain to their own address.

This is one big reason I don’t like hardforks aside from the confusion, scams and devaluation, it’s one more huge problem to have a reply attack.

These issues are why I believe hardforks shouldn’t be possible.  If it means the blockchain is not 100% open source and permissionless then this is acceptable.  Open Source is currently what makes most currencies vulnerable.  Let’s take it back to the secure, traditional IT methods of a secure server vs client model (where the secure server should be Bitcoin or whatever currency we are talking about).

My money is on the real Bitcoin.  Bitcoin Cash could have been interesting if they did more than just increase the blocksize and didn’t copy the blockchain.  I pick the original Bitcoin for the long run.

Nasdaq Plans To Become Cryptocurrency Exchange

This is huge news with the CEO of Nasdaq saying they would consider becoming a cryptocurrency exchange.   One caveat is that Adena Friedman said she is waiting for the market to mature.   I anticipate she sees the threat to cryptocurrency as the fact that we don’t know for sure which currencies will be around in the coming years.  She is waiting for the dot-com like bubble to burst which is an excellent strategy for managing the risk.

The fact that Nasdaq would even contemplate this plus the big money from Wall Street going into cryptocurrency is a very positive sign of where the industry is heading.  The coins that survive the bust will become incredibly valuable and I think Bitcoin is one of them dispute its many issues and drawbacks.  It is a tricky call, with one risk of course being hardforks.  After more Bitcoin scams and hardforks will people possibly lose interest in Bitcoin or will it increase interest in the real Bitcoin?

Either way it may be a bumpy and turbulent ride, but cryptocurrency is looking like its about to create its own economy.  Trading cryptocurrency is not the issue though, as we still wait the “messiah coin” which will hopefully resolve the many issues that we have today.  I’d like to see a coin that does everything right or most things right rather than focusing on just a single aspect.

The time will come and the market will follow.  Everyone hold on things are about to keep getting interesting in 2018!

BitPay Accepts Bitcoin Cash

Although we have used Bitpay I didn’t realize it was available for brick and mortar physical transactions since we’ve never done any.   On that end it puzzles me how on earth anyone would ever use them?

Bitcoin can take minutes and even hours to confirm!  Can you imagine waiting at the restaurant held hostage because “your transaction is unconfirmed?”.  This is the advantage fiat processing still has.

But, really I think Bitpay should rebrand to use currencies that are actually usable for instantaneous transactions at retail or restaurant.

They should be using a currency like Ripple or Lumens which is nearly instant.  There are a few currencies that have these properties but any Bitcoin or Ethereum derivative is simply not going to cut it in my opinion.

Personally I don’t know a single person who has or would use any of these coins for payments, we all reach for the cash, debit or credit.  These are people like me, who are crypto enthusiasts but we also value convenience and what works.  And I think a lot of the cryptoworld is stuck in a dream world that simply doesn’t exist.  Now, for us in IT we and the customer can often wait over night for the transaction to be confirmed, but at a grocery store or restaurant neither the seller or customer would be impressed.

 

Federal Reserve Says Bitcoin Cannot Replace the US Dollar

The new chief of the San Francisco branch, of the privately held, Federal Reserve Bank has stated that Bitcoin cannot, and will not ever replace the US Dollar.  First of all, they are doing a fantastic job and understand their market and duties.  They cannot step into this job and say anything else and expect to keep it.

I get it, Bitcoin is printed without supposed backing, although it is backed by a lot of physical hardware assets and electricity.  Fiat currency, especially the US Dollar is printed and floated without any controls or restrictions.  Well, actually, the only control and restriction is that there is none.  The Federal Reserve prints at will and on demand, without limitation or backing of any sort, and they have long abandoned the gold standard.

The fact that the Federal Reserve would comment at all on this matter and mention Bitcoin, to me, is very telling that it is very much a possibility.  When you have this much money put into something that is being traded worldwide, every second, and such an ecosystem I think it is an excellent contender to the US Dollar and fiat currency in general.  Remember, fiat is backed by nothing as well and printed without any limit.  Most cryptocurrencies actually are limited in how many coins can be mined or minted at any rate.

Cryptocurrency is currently at a $421 Billion USD market cap and I think it won’t be long before it is in the trillion dollar range.  This is ultimately the worst nightmare for any central banker with so many competitors, of course your number one priority should be outlawing them and shutting them down.

On that end the Fed is right to do it and is doing their job well.  However, for people who don’t essentially control the fiat financial system, we would do well to root for cryptocurrency as an alternative system.  I think both systems can survive and work together, but if fiat pushes it too much, I think there may be a digital currency revolution that far surpassed the digital rights movement of the late 90s and early 2000s that caught the RIAA and MPAA by surprise.

Study Shows Bitcoin Is More Centralized Than Ethereum

Here is the paradox, the study from this article claims that “Ethereum is more decentralized than Bitcoin” at the London, Genesis Conference.  Then another study quoted by Coindesk from a Caribbean conference says that “Ethereum is more centralized than Bitcoin“.  How can two set of stats say the opposite, what is going on?

It’s quite simple if you’re familiar with IT, networks, banking and coding.  It’s another to put it into perspective and it also depends on your views overall in business and IT.

The first article that says Ethereum is more decentralized, I believe is correct.  It is simply taking into account, known factors, variables and actors.  To this end, it is blatantly clear that there are massive Bitcoin mining farms by major players, more so than Ethereum it appears.  Of course, mining is just one aspect of centralization.  There are also some that just run “nodes” which are not mining.  It is not entirely clear from the article if a differentiation was made between the two (mining vs node runners).  Reading the article, however, it does seem to be a bit biased towards Ethereum and perhaps this is why the context in my opinion is completely missing.  It should be remembered that on that note, Ethereum’s whitepaper itself seems to indicate that centralization of nodes is imminent as small players will not have the CPU, memory and HDD resources to run full nodes for much longer as the blockchain grows.  To make it even worse in a more practical sense, geth/Ethereum can bring most computers to a crawl and a halt, whereas I can run a full Bitcoin or Litecoin wallet without breaking a sweat.  One factor I think Bitcoin in terms of mining at least is more centralized is because of ASIC mining, which Ethereum doesn’t have (although Bitmain is shipping Ethash miners soon).  I think this will change fairly quickly once Bitmain ships.  In fact I could sync the whole Bitcoin chain without a hitch than I could Ethereum.  The article also boasts that Ethereum could process thousands of transactions per second, however this is not in the real-world or implemented yet and the switch to PoS has been indefinitely delayed.  Currently Ethereum processes a meager and insufficient 15 transactions a second.

Then there is the second article which looked at centralization from another aspect. It found that 20% of code in the Ethereum commits was made by a single person, vs 7% on the Bitcoin codebase.  They are implying that a form of centralization is through the developers who create the code.  This is also true in my opinion but we should understand from a practical point that all coins are centralized from the beginning and some will inevitably become more centralized in a “bad way” in the future.  This is especially true for minable coins, it is a game today of who can buy enough hardware or hashing power, and they essentially control the network.  This is true of Ethereum and Bitcoin.

Let’s keep this in context, all coins by definition start out “centralized”.  Bitcoin was initially 100% centralized under Satoshi since him or his group created the entire codebase and ran the entire network initially.  For a time it wasn’t a bad thing at all, Bitcoin has proven fairly reliable, resilient over the years.  However, the bad part is that whoever runs the most full nodes and whoever has the most hashing power has defacto control of the network.  In general this means big corporate and government players control Bitcoin and may soon control it entirely.  Centralization under Satoshi was undoubtedly good and acceptable, but the path today is clearly “the bad way”.

At the end of the day all projects in IT are centralized to a certain degree.  With the first article above, noting that most cryptocurrencies are essentially centralized or will be soon, this shouldn’t be surprise.  Now it is a matter of what the community does and how we adapt.  Should we centralize ourselves in a good way so no bad actors can do what is happening to Bitcoin and Ethereum or should we wait like ducks in a barrel for the big players to fully centralize and control cryptocurrency?

Wikileaks Shutdown by Coinbase

Apparently Julian Assange’s Wikileaks merchant account on Coinbase was shutdown.  This is not at all surprising since PayPal, VISA, Mastercard and the banks did the same thing to him/them in the past.  In all fairness I don’t think Coinbase is to blame, aside from the fact they are a US based company and under the jurisdiction of the US of course.

PayPal came out and admitted they were forced to close down Wikileaks account, and I am certain the same thing has happened with Coinbase.

They have no say in the matter when the US government comes knocking.  Coinbase even recently had to give out information to the US tax department (IRS).

Of course users can still directly pay and donate to any wallets that Wikileaks controls.  As of now he lists addresses for Bitcoin, Litecoin, Ethereum, ZCash and Monero.  This is where things will heat up if he were to have a centralized currency like Ripple or Stellar Lumens.  The US government could possibly have those accounts in XRP/XLM frozen since they are a US based company.

This comes down to the wider issue of privacy, rights and freedom online and how cryptocurrency can prevent persecution for political reasons.  It also stands to reason that entities based in the US have very little say when the government comes knocking.  Coinbase and PayPal couldn’t have said no to the US government or by doing so they would be in seriously hot water.

I always advocate having some IT resources out of the reach of PRISM countries for reasons of privacy and freedom.  One of my current favorites are Singapore and Hong Kong in Asia.  Hong Kong I place particularly high value on because it has the British based system, yet it is under the protection of China.  Hong Kong is less likely to be influenced by a foreign entity than a smaller country like Singapore.  A good example of this is how Edward Snowden miraculously made it out of Hong Kong as a wanted fugitive.  Surely, Hong Kong was pressured and asked to hand him over, but somehow it never happened.

There are positives here, it looks like some brave entities in Europe have stood up for Wikileaks and at least for now, in France, Germany and Iceland there are some banks, foundations and even a University who are providing him access to the fiat system.

Why Hardforks In Cryptocurrency Are Bad

I’ve always felt this but hardforks are simply bad, even if in the rare case they intend to fix a problem with the original currency.  Most currencies which have issues like Bitcoin are simply not just a “single problem” but a collective bunch of inherent problems.   But most often it is so clear like is the case with Bitcoin Gold that the team just copies and counterfeits a coin to unjustly enrich themselves.

Risks and Issues with Hardforks

  1. Loss of value, normally the original coin is at least temporarily devalued when a hardfork is done.  People wonder which coin will survive or be more popular?
  2. Confusion leading to scams and fraud.  Which is the real Bitcoin or real Bitcoin Gold?
  3. Many forks don’t make a wallet (more evidence of bad intention) and more likely that fraudsters will make a wallet that steals your coins (eg. John Dass and the Bitcoin Gold team).
  4. Community frustration and division.

Instead of hardforking it is much better to do what Cloakcoin or Litecoin did and the many others did by just copying it, making changes and starting their own blockchain.  This ensures the process won’t allow fraud, confusion or devaluation of the original coin and no harm comes to the community that way.

All these coins have stolen value from the main coins like Bitcoin and then people ask why the value went down?  If Bitcoin was not hardforkable I think it should be several times the value we see now, almost certainly 2/3s or more of the crypto market cap.

Bitcoin Private and Cloak Cryptocurrencies

There is a huge emphasis on privacy with a lot of new coins but I do feel that a lot of coins focus on a single issue and leave the overall business and usability aspect out.  How do these newer coins fare?

Cloak

My first impression is why doesn’t the non-www version work while the www version does?  Does their team not know how to properly configure nginx or is it just a simple mistake and oversight?

Cloakcoin.com-Forbidden-ConfigError

They call their encryption ENIGMA which I am not sure is a joke or if they aren’t aware of the ENIGMA encryption box in Germany that was compromised during WWII?  I would more so be worried that it is a read between the lines joke or a hint that the team is doing something more than they claim?  Sorry but I just can’t get over the fact that they would not know about the Enigma box from Germany that was decoded.

For my second point I do like the privacy aspects but this is where I have concerns.  On one head they tout privacy, but then to have more privacy they obfuscate transactions by using other clients wallets?  Why would you allow a third-party and random strange to process or handle any part of the transaction?  I do realize they say it is fully encrypted and obfuscated so the random third party stranger on the network shouldn’t know anything about you or your transaction, but to me it violates the principle of privacy and security.  It reminds me of how everyone believed the TOR network is a good idea and secure, but in reality whoever runs an exit node can spy on other users, including the NSA.  This architecture of Cloak makes me worried that a vulnerability could be found and that privacy could be worse than most other Bitcoin-style coins.  Even if a simple vulnerability was not found, you are essentially passing private information to random strangers on the network, the NSA or other large funded organizations could use this to spy on other users or even perhaps modify transactions and create chaos on the network.

I also find it confusing how they say it is private but you have to enable “ENIGMA” on top of “Cloak Shield” to truly make it private?

Here are the parts I’ve picked on from their website:

Alice’s Cloak wallet then automatically sends a request to the network for other Cloak wallets who have elected to become ENIGMA mixer nodes to obfuscate her transaction. All of this is done privately and securely throughout with no identities or true IP addresses revealed.

Bob has cloaking mode enabled in his wallet and the wallet generates a secure CloakShield encryption channel for communications with Alice’s wallet. Bob’s wallet sends Alice a secure connection, containing encrypted inputs and outputs to commence the transaction.

With this confirmed, Alice, with full anonymity, creates an encrypted ENIGMA transaction containing her true inputs and outputs and Bob’s cloaking (obscured) inputs and outputs. Bob and Alice both sign the ENIGMA transaction before it is submitted to the network for inclusion into a PoS block.

Going back to the concerns I have above, I really don’t like how Alice’s wallet would ever communicate with anyone other than the receiver or the Cloak network.  By introducing Bob, there is the chance that Bob could decipher and identify what Alice is doing.  Of course that’s not what should happen, but I believe it is a huge security whole to involve random third parties in confirming or obfuscating transactions.  The situation reminds me a lot of the vulnerabilities in the TOR network.  Essentially Bob is like an exit node, running transactions for Alice.  Bob shouldn’t know who Alice is or what she is doing, but what if there is an implementation error or other issue?  This could be avoided by not using any random third party.

I think Cloak does a great job but they’ve actually introduced a huge security hole by doing the random, third party, processes the transaction part.  It would be like saying “my data is encrypted so I’ll send encrypted copies to everyone”.  Sure it is encrypted but if someone can ever hack your encrypted data either through bruteforce or an algorithm/implementation error then you are done for.  The best solution is to never send private and sensitive data to an extra, third party.

I do think the Cloak project has worked hard and it has some great ideas but aside from privacy and what I believe are security holes in how they implement it, they have done a great job but it is not a coin that does everything right.

Bitcoin Private

For those who know me, I am very much against forks.  As I’ve stated before they decrease, value, lead to scams and confusion.  This can be evidenced with Bitcoin Gold regardless of who you believe was responsible.  Right off the bat Bitcoin Private is warning of scammers trying to confuse you with a warning on their website.

BitcoinPrivate-BTCP-Scam-Private-Keys

The problem with these types of coins, hardforks or what I think are really counterfeits is that you need to give up the very “private keys” of your real, valuable Bitcoin to claim the “new counterfeit coin”.  This is a huge security problem, regardless of who made the wallet what if the wallet is designed or hacked to maliciously steal your real Bitcoins?  There is no easy and secure way to claim your coins from these counterfeits.   Once you give up your private keys to Bitcoin Cash, Bitcoin Gold, Bitcoin Private they could steal your real Bitcoins.

Now there is a way around it, you could transfer your coins to another wallet but it’s a huge pain and a mistake could cost a novice user all of their Bitcoin.

Now in all fairness I appreciate this team at least has official wallets ready for download, unlike Bitcoin Cash.

Users who have the currency called “ZClassic” are also involved here, which is also another confusing fork of ZCash.

This is what I mean about all of the confusion.  It creates an environment where holders and buyers are easily confused about which is the real “Bitcoin”, which is the real ZCash.  And really, I can’t see any reason why people are forking except as a cash grab and counterfeiting spree.

For this reason I don’t trust Bitcoin Private anymore than I trust the other forks (although I trust Bitcoin Gold the least).  I personally feel there is no good reason to trust any of them.  If they want to make a new or better currency they should really just make their own, or at least copy it under a new name.  But of course forking, creates unwilling participants and owners of the new currency, while enriching and rewarding the hardforkers for their counterfeiting.

For those reason if I had to pick between the two, I think Cloak has our best interests at heart and hardforked coins are just a scam, counterfeit and cash grab by unscrupulous people.

Verge Coin Asks For More Money – Shady Things Coins Do

Verge Coin has faced a lot of issues lately such as a hack of their blockchain via an exploit in how it is mined.  Then, recently they announced a big mystery partner but they wouldn’t release who it is without people buying about $3M USD of XVG coins.

This upsets me, it reminds me of the Finom ICO scam (tokens I paid for but never received) and how instead of delivering the tokens they instead did another ICO asking for more money.

Because of how Verge did it, people accused them of trying to do a pump and dump as an exit scam.  In all fairness they did come through with a fairly big announcement, partnering with Pornhub which could increase the coin’s popularity and usage.  From an investment standpoint I don’t think it is the silver bullet people are looking for.  We want to see a coin that is actively used in everyday transactions and that actually replaces fiat.

But the bigger question to me is concern about the Verge team, tactics like this get you labeled as a scam fairly quickly.  It really seems a lot of teams are just that, scammers or they are completely out of teach with reality and basic practices of business, communication and how to treat your investors.