This video is designed for beginners.
Hopefully I will go over the process of actually making your website live on a server in a future video. Please let me know in the comments if you would find that helpful. 🙂
But what is a cryptocurrency and why should I care?
Find out in this episode.
What is a cryptocurrency?
A cryptocurrency is a type of digital money, especially one that uses cryptography and decentralization to make sure that you can only spend each unit once and that you can only create new units after performing some service to the community.
You might ask, “But if I use digital US dollars already, what benefits do I gain by using crypto?”
There are many problems with the US dollar, which crypto can solve. Since this episode is an introduction, I will focus on Bitcoin—the “original gangsta”—and the solutions and limitations which it offers.
First, let’s analyze fiat currencies, like the US dollar, the euro, and the Chinese yuan.
Quantity of new bitcoins created is determined by an exponential decay function.
Pseudonymous. Instead of using your real name, you use your public key. But beware: as soon as someone is able to link your public key to your real identity, your entire transaction history for that wallet is revealed.
If you can understand the code, it is trustless. However, those who cannot read code must trust the code itself. However, they still do not need to trust any third party.
If private keys are well-hidden, Bitcoin can be extremely difficult to be confiscated by authorities.
Easy to send Bitcoin to anyone’s wallet, regardless of where they are in the world.
Transactions are irreversible.
Transactions can be completed despite what governments, banks, and other institutions think.
Keep in mind, Bitcoin is the first cryptocurrency as we know it. Obviously, there are a TON of improvements that have been made to the concept. That’s why you see many different types of cryptocurrencies, from Bitcoin, to Bitcoin Cash, to Ethereum, to Litecoin, to Dogecoin, to Marscoin. Each of these cryptos has its own set of pros and cons, which I hope to address in future episodes.
My challenge to you all this week is to do a self-assessment of your own financial situation.
“If the dollar were to go into hyperinflation, would my family be prepared?”
“Is crypto a viable alternative to cash and card payments?”
“What if the government were to seize my entire bank account tomorrow through civil asset forfeiture? Would my entire net worth be down the tubes?”
Then decide what you should do NOW to prepare yourself for when trouble comes.
It is easy to underestimate your vulnerability…until it’s too late.
Websites get hack attacked.
Websites that are political or journalistic in nature are at an increased risk of being hacked, since not only do they attract the “regular” attackers, but they are a more likely target for ideologically-driven attackers as well. Hackers can be literally anyone.
Organizations on all sides of the political spectrum can be targeted.
Gab, a social media platform dominated by the Right and Alt-Right, wastargeted, and so was Liker, which appears to be a more Leftist social media platform, especially when they characterized their own hack incident as being a politically-motivated attack by “Trumpers“.
A thought experiment:
Let’s assume, for the sake of argument, that you are a startup political activism organization that relies heavily on your resources connected to the Internet (like a website, databases, communication channels, social media, banking, etc.).
Let’s also assume you ideologically align with position “A”.
There are bound to be computer-savvy individuals somewhere who align with other positions that conflict with position “A”. If those individuals also are willing to hack attack you based on that difference of beliefs, then you are a natural target.
These attackers could be citizens of your own country, or another country. They could be private individuals acting out of their own animosity, or they could be government officials attacking to achieve some political goal.
Regardless of where the attacker comes from, they can deal a whole lot of damage to your organization if they are both motivated and able to find a way to do so. Imagine an attacker hacking into your one of your employees’ poorly-passworded email accounts and sending fraudulent emails to all your donors, asking them for money, when in reality it is a scam. When your donors read the emails, they will see that it comes from a legitimate email address. So the donors click on the link in the email, which takes them to a page that looks practically identical to your own fundraising site. The attacker’s fraudulent site accepts your donors’ payment information, withdraws money from their accounts, and makes them think that it was all legitimate.
Imagine that the attacker also hacks into your admin account for the website, and puts malware into your website so that when visitors think they are getting one thing, they end up with their computer becoming useless and acting as a carrier of self-replicating malware that tries to spread itself like a disease to other computers.
Imagine the attacker not only wants to plunder you, but also wants to shame you as well. They hack into your (again) poorly-passworded official social media accounts and change all the email and phone number settings, then start posting propaganda that goes directly against what your organization stands for. Your followers start “unfollowing” you en masse and comment how disappointed they are with your organization. It’s a public relations mess!
Finally, the attackers encrypt all your organization’s data and demand a ransom for it, but never actually decrypt it for you, even if you pay up.
You want to hire a security firm to “clean things up” for you, but you don’t have enough funds and your donors have just been milked for all they have to spare.
Needless to say, that would be a mess.
It would also be a preventable mess. While there is no way to guarantee that all cyberattacks will fail, you can stack the deck in your favor by following some basic cybersecurity best-practices.
Here are some of the things that I consider most important:
“Shift your thinking from passwords to passphrases.”
While all elements of cybersecurity can be important, passphrases are probably the single most important category. Keep your password only to yourself. If you have a collaborator, add an account for them, but never share your passwords.
Brute forcing a password (using a computer to guess it), and/or guessing a password based on a user’s personal life, can be extremely easy for those hackers who know what they are doing.
Before you read the following passphrase tips, please understand that there are plenty of password managers to help you out. Most modern browsers like Brave already have a password manager built-in.
Use math to your advantage
In order to beat the attackers at the password-guessing-game, you must recognize the power of almighty math.
If you were to pick a single lowercase letter (and I knew it was a single lowercase letter), then it would take me a maximum of 26 attempts before I would correctly guess it. This is because there is only one character and it is limited to only one type of character–the lowercase English alphabet. The probability of me guessing your letter correctly the first time (assuming I eliminate each possibility after it proves to be incorrect), can be represented mathematically as 1/26.
However, if you were to now pick two lowercase letters (and I knew they were two lowercase letters), then I would not have 1/26 chance of guessing it the first time, but rather 1/(26*26), which equals 1/676.
Likewise, if you were to pick two characters, but this time were to have the characters be either lowercase letters OR digits OR a combination of them, I would be forced to assume that either character could be either type. Thus, my likelihood of guessing on the first try would not be 1/(26*26) or 1/676, but rather 1/(36*36), which equals 1/1296.
Do you notice what is happening? As the quantity and diversity of the characters INCREASES, the likelihood of me guessing correctly DECREASES. With each additional character, the added security is not simply linear, but exponential.
However, since hackers can use computers to automate their guessing, our passphrases must be longer than what we would reasonably expect them AND their computers to be able to guess.
The longer your passwords, the better. Go for around 17+ characters, but understand that–as technology progresses–it will become easier for attackers to overcome longer passwords.
Use a diverse range of character types, including lowercase letters (“abcd”), uppercase letters (“ABCD”), digits (“1234”), and special characters (“!@#$”).
Do not use the same password across multiple platforms. This prevents an attacker from gaining instant access to multiple areas of your online life in the event they are able to successfully crack one of your passwords. When you get attacked, you want the damage to be as limited as humanly possible.
Do not use words that you associate yourself with. Do not use your pet’s name, your favorite political slogan, or your mother’s maiden name in your password. Hackers can easily do reconnaissance on your social media profiles and figure out a TON of info about you. If you mention something to your friends and followers online, a hacker recognizes that you just might be using that thing in your password. Therefore, try to go for a passphrase along the lines of these:
Password examples: the longer and more complicated, the better!
Obviously, you want to be creative and come up with original passphrases. These are just some examples to hopefully inspire you.
Two-factor authentication (2FA) is basically when you are required to use not only your username and passphrase to login, but also another means of showing that the person logging-in is really you, like sending a login approval notification to your phone. This is basically a fail-safe for users having weak passwords, in my opinion, and can be very useful for preventing the impact of some human errors.
I personally have a bias against 2FA because very often 2FA systems are extremely inflexible. For example, suppose a user is required to use their phone to perform 2FA. What is that user supposed to do if they lose or break their phone? What if they change their number and forget to update their account information ahead of time? While I was in college at Andrews University, I literally resigned from my job as a writer for Student Movement (in part) because of their arbitrary 2FA requirement for all employees.
Use secure connections to the Internet
This is where a VPN can come in handy.
Also, if you are typing or receiving sensitive information (like login info, for example) make sure to always use https. The “s” means that your connection between you and the site is encrypted.
I personally use ClamAV, which is a free and open-source option.
Have email filters to prevent your employees’ inboxes becoming filled with spam
While no filter is bulletproof, having one in place can certainly help. Many email providers have a separate “spam” folder as the default, but check to make sure.
Having a filter helps limit the amount of phishing emails that you get.
Also, never click on email links that you just randomly see in your inbox. If you see an email from Company X that says you must log in now, open a new tab and manually type-in Company X’s domain name. See if it is legit. If anything seems phishy, talk with your IT person.
Limit permissions to only the essentials for each user
You wouldn’t give your personal credit card to a random 16-year-old. Why would you give administrator-level control over your entire website to someone who is new to the field of technology?
Don’t get me wrong: young professionals DO NEED opportunities to prove themselves, to fail, to succeed, but you don’t have to put your whole business at risk in order to achieve that opportunity for them. Give them more permissions gradually as they become more and more competent and prove themselves worthy of more of your trust.
Update/upgrade your software regularly
Often, companies update their software because they discovered a vulnerability and have now made a patch for it. If you don’t update it for your team, then you still have that vulnerability, which makes it easier for attackers to beat you.
Never reveal sensitive information
If some random person calls you asking for your date of birth, bank account info, login credentials, or anything else, DO NOT GIVE IT TO THEM, even if they seem “nice” or “legitimate.”
Back up and encrypt your data
Backing up your data helps shield you from permanent loss if something happens to your primary store of data.
Encrypting your own data helps shield you from the attackers understanding your data in the event they find it.
The human element
Hackers don’t play by the wider society’s preconceptions about what the “rules” are. Hackers try to figure out how to play by what the rules of reality are. Hacking is the guerrilla warfare of the Internet.
As humans, we often like to think of our fellow humans as being trustworthy and of goodwill. However, it is often this tendency to trust that can do the most damage to your organization.
When a hacker manipulates your employees in order to gain unauthorized access to your organization’s information, that is called social engineering. Twitter said last year that social engineering of Twitter’s employees is what led to the famous Twitter hack where several high-profile accounts appeared to post a Bitcoin scam which took an estimated $120,000 USD worth of BTC from users.
This goes to show that training your employees is super important if you care about the cybersecurity health of your organization. At the end of the day, your IT people can be stellar, but if your other employees are untrained, they remain a liability. Talk to a technical/cybersecurity professional about the possibility of them speaking to your team about this issue. Don’t just bury your head in the sand and hope you never get targeted.
If there is any context in which you should be paranoid, THIS IS IT. Cybersecurity can make or break your organization, so take it seriously.
UPDATE – 17 March, 2021: OBB has reached out to Liker to request evidence of why they concluded that the hack on their platform was committed specifically by Trump supporters
Liker.com, a social media site based in North Hollywood, California, claims it was hacked by politically-motivated “Trumpers,” resulting in the platform going completely offline.
This hack comes in the wake of right-wing social media company Parler being booted off the App Store and AWS, resulting in it being down completely and only recently starting to gain back some limited functionality for users. For example, I was able to now log in and post while in the web app, but the iOS app still is empty for me.
The Liker.com hack also comes in the wake of Gab, another social media site apparently dominated by right and alt-right individuals, being hacked. As news of the hack came out, Outsmart Big Brother™ (OBB) noticed uncharacteristic material being posted by Gab CEO Andrew Torba‘s account, including a porn video with a caption indicating that it was depicting incest. After seeing that, OBB promptly blocked Torba, not realizing at the time that the porn video was probably posted by a politically-motivated hacker who had already gained access to Torba’s account. OBB has reached out to Torba for clarification on this.
Here is the email that was sent by Liker.com to OBB on March 14:
“Why Liker is down: We were attacked by Trumpers…“
This is very difficult email to write. As many of you all know, Liker is a grassroots social network that set out with a difficult, herculean mission of creating a kinder, smarter social network where hatred is unacceptable and thoughtfulness, love, and humanity flourish. After over a year of testing and tweaking in preparation for our full public launch, we were well on our way toward achieving that, and were only days away from launching our brand new, world class version of Liker to the public when disaster struck.
Computer savvy Trump supporters, angered by Parler being de-platformed, decided to retaliate against Liker. Unfortunately, they were successful in extracting their revenge, breaching our system and gaining access to the accounts of many of our users. As soon as we were alerted to their attack, we made the difficult decision of taking Liker offline in order to protect our community.
But it’s not all bad news. We have been overwhelmed by all the emails from our users who are sad that their go-to social network, their Liker family, has been temporarily taken from them. While we share your pain, we are glad to know that the Liker family is stronger than ever, and that we have succeeded in creating an amazing community of over a quarter million thoughtful and kind individuals who call Liker home.
Thankfully, we have hired a top-notch security firm, and expect Liker to be back on line within the next 4 to 8 weeks. The great news is that the next time you all see Liker, it will have our updated design that will blow your socks off, strike fear in the heart of Parler, Facebook, Twitter, and other networks, and never again be vulnerable to digital attacks from Trump’s alt-right henchmen.
Please stay tuned! We will send you all an email when Liker is back up , and we promise that it will be worth the wait.
Until then, please accept our heartfelt apology for not being able to share our home while we make these upgrades. Soon, we will all once again be together and toasting to a smarter, kinder social media.
Thank you all,
Jonathan McCormick wrote the following statement on behalf of Outsmart Big Brother™ in response to this incident:
Free expression and property rights are essential to any decent and civilized society.
Outsmart Big Brother™ condemns all efforts to silence people through deliberately interfering with the free flow of information, including the unauthorized hacking of social media platforms and individual accounts. Regardless of a person’s political views, they should be free to peacefully express their beliefs.
If authoritarianism really is as terrible as we believe it to be, then we should be able to debate it and win easily. Censorship not only violates the right to free speech, but it also can be counterproductive to the goals, however just they might seem, of those who engage in censorship. When a minority group is censored, their ideology does not simply disappear; it goes underground, where there is even less opportunity for opposing viewpoints to debate it. Censorship also provides fuel for the passions of those who are upset at the censorship, which can lead to groups resorting to violence as an outlet for their anger, which OBB also condemns.
Because of alleged politically-motivated interference by hacktivists and corporations, OBB has been unable to post content to the online communities on platforms like Liker and Parler. OBB looks forward to joining the conversation on these platforms once they are functional again.
Official statement by Outsmart Big Brother™ 16 March, 2021, at 11:19 GMT-6.
Outsmart Big Brother has reached out to Liker and Parler for comment.
Regardless of your political beliefs, basic cybersecurity practices are essential. Choose strong passwords (the longer and more diverse the characters, the better!). Manage your passwords well using a password manager so you don’t forget all of them (many modern browsers have this feature built into them already). If you suspect malicious actors may have compromised an online account of yours, changing your password and logging-out of all other sessions can help.
DISCLAIMER: nothing posted here is legal, financial, investment, cybersecurity, or any other type of professional advice. This content is posted for educational purposes only. #NotLegalAdvice
Imagine you and your friends are planning a protest, but you fear that if the local authorities find out ahead of time, they might try to stop you. How do you prevent the authorities from discovering what your plans are?
Your friends live too far away from each other for you to hold an in-person meeting, and the COVID-19 lockdowns also make such physical meetings illegal. You have to send messages to each other, but you suspect the police are monitoring your Internet connections and your phone conversations.
How can you and your friends communicate privately so that your protest is successful?
Find out how in this video.
Brief summary of subject matter and use cases.
In order to send private messages to your friends, you need to master the art of making the meaningful turn into the nonsensical and making the nonsensical turn back into the meaningful.
No, I’m not talking about philosophy.
I’m talking about cryptography.
When you encrypt a message, it means you take a message that looks like this…
Let’s have a protest in front of the Liberpolis capitol building at noon on Jefferson’s birthday.
Wear your uniforms and bring your signs.
Let’s make sure our lawmakers know that we care a lot about this issue!
That encrypted message (cyphertext) can then be sent over the Internet to your friends.
If law enforcement were to intercept your message, they would then see the cyphertext, not your actual message. Depending on how complicated your encryption mechanism is, they could try to decrypt it by having their computers do a bunch of guessing (brute force), but to do so would probably be extremely hard for them, if not practically impossible, since there is an astronomical number of possible ways to decrypt it, with only one of them being correct.
So your message is now supposedly safe from being deciphered by the authorities, but how can your friends understand it?
Depending on the encryption scheme you are using, each of your friends could need a “key” sent from you in order to decrypt it, or they could be able to decrypt it with a “private key” which they and they alone already have. It gets kind of complicated, but from all indications, it works.
Therefore, because you and your friends used the power of encryption, you were able to keep your plans a secret and hold the protest as planned. Well done!
Why encryption is important
Encryption enables multiple parties to communicate without eavesdroppers understanding what they are saying to each other. It is almost like two people speaking to each other in a completely unique language in the presence of a crowd who is ignorant of that language.
This makes encryption extremely useful, especially for those who want to Outsmart Big Brother.
If you are an everyday citizen in a reasonably free country, encryption hopefully is used to keep your financial, medical, and other private information safe from malicious hackers (“crackers”). You could also use encryption for random stuff that you simply believe is “nobody else’s business,” like that ancient photo of 2-year-old you picking your nose.
On the other hand, if you are a whistleblower, activist, or a journalist living under an authoritarian regime, encryption could literally mean the difference between life and death.
Everyone who wants to defend freedom must understand at least a little bit of the importance of encryption and how to use it. Even if your country is relatively free and politically stable for now, you never know when the need for encryption could arise.
How to encrypt
Here are some examples of how to use encryption in your everyday life.
Use https:// to encrypt your usernames, passwords, and other info exchanged between you and a website. The “s” in “https” is especially important here. Often, when you are using https, your browser will let you know by showing a little lock icon near the address bar. One time I was trying to login to a WordPress-based website and realized that I had submitted my username and password into it while not being protected by https. I was in http. Since I knew that a hacker could have been monitoring my Internet traffic, I decided to immediately switch to https and change my password.
Use a Virtual Private Network (VPN) to mask your IP address. A VPN basically means that another computer that is far away from you interacts with the Internet on your computer’s behalf and sends encrypted data back and forth. It can help make you anonymous online. But beware, many traditional institutions (like banks) will assume you are a malicious hacker if you try to login while connected using a VPN. You will also be required to complete more annoying CAPTCHAs, since many sites care more about protecting themselves against DDoS attacks (a type of hack attack using many computers to overwhelm a website with requests) than about being privacy-friendly.
Switch to an end-to-end encrypted (E2EE) email provider. I personally use both ProtonMail and Tutanota and I consider them both to be excellent choices. ProtonMail is based in Switzerland; Tutanota is based in Germany. Both offer a free version and premium features (like custom domains) for those who are willing to pay. Both are encrypted. Both are outside the U.S. (LavaBit was a similar encrypted email service that failed because it was a U.S. business in the Snowden Era). If you are looking for an alternative to the Google G-Suite, then I would go with ProtonMail since they seem to have a more developed “Proton”-Suite that they are in the process of expanding, including ProtonVPN, ProtonCalendar, ProtonDrive, etc.
Use an E2EE chat app like Signal or Threema. I use both. While Signal requires a phone number to use, Threema does not, which could be a deal-breaker for those who value absolute anonymity. While WhatsApp does claim to be E2EE, the fact that it is owned by Facebook means that you are letting a “fox” of privacy violations guard your “henhouse” of private communication. Why worry about Facebook sneaking into your chat? Just use one of the other options.
If you are configuring a Linux distro, choose the option to encrypt your hard drive. This will mean using two passwords every time you login to your computer, but it will make it much harder for somebody to physically access your data after you shut down your computer. If you can barely handle keeping track of one password, then ignore that last part about encrypting your own hard drive.
How encryption could be used against you
Just like how encrypting your own data makes it harder for attackers to access it, the tables could also be turned against you when the attacker is the one who encrypts your data, like with WannaCry.
WannaCry is a type of ransomware that caused a lot of problems for its victims. It encrypted the data on their computers and demanded a ransom of Bitcoin in exchange for the user (supposedly) getting their data decrypted. Of course, with criminals you can never really know whether they are telling the truth, since they could theoretically keep demanding more and more money even after the victim sends the original ransom.
Why governments generally do not like widespread encryption
For all its benefits to people who want to remain private, encryption also can stand in the way of governments performing surveillance on them. Since the state is responsible for enforcing laws against things like terrorism, money laundering, and other shady activities, the mass-adoption of encryption makes their job harder. However, when the government takes action to oppose encryption (like requiring backdoors for law enforcement), it often violates the right to privacy of the individuals whose data is no longer private.
For those more interested, check out the story of when the NSA tried to create a hardware backdoor to encryption called the “Clipper Chip.”
There is still a TON of stuff that I need to learn about the details of how public key cryptography is able to actually work. We’ve barely scratched the surface here but hopefully this video helps you to be able to use encryption more in your own life.
My challenge to you all this week is…
Find something that you need to encrypt and DO IT. Let me know in the comments what things you are starting to encrypt.