Simple Conversations

Cybersecurity Confessions: The Truth About Being "Safe" Online | Winn Schwartau | SC62

ASG Season 1 Episode 62

Share episode

What’s been annoying you this week?

We've never been safe online. Our digital identities have been compromised multiple times while big tech companies harvest our behavioral data to predict our responses and sell targeted advertising.

ASG Links

Winn's Website


• Government agencies like NSA or GCHQ aren't typically monitoring average citizens
• The real collectors of your data are tech companies like Google, Meta, and Microsoft
• These companies track "personally identifiable behavior" rather than just personal information
• Americans' identities have been stolen at least three times on average
• Stolen data gets sold in criminal marketplaces, often resulting in fraudulent charges
• When suspicious charges appear, don't automatically request new cards—verify with your bank instead
• Secure messaging apps like Signal and Telegram offer reasonable protection for communications
• The concept of "free speech" online remains complex and context-dependent
• Blockchain technology, while innovative, has serious energy consumption and scalability issues
• Critical thinking is essential—verify information from multiple sources before believing it
• The digital world requires a new mantra: "Trust nothing. Verify at least twice"


If you could take some time to Like, Comment, Share it would really help me out.

If you are listening on Spotify or Apple, please rate the show as it will help build a much better show.

Peace.

Speaker 1:

So tell me, who is one short owl.

Speaker 2:

I'm a fundamentally old, analog geeky engineer. Science doesn't give a shit about your opinion. Every single American's identity has been stolen at least three times. Does free speech mean? Are you allowed to go to an airport with free speech and say I got a? With no Consequence.

Speaker 1:

Trust nothing. Have them with a consequence. Trust nothing. Verify at least twice. Welcome to simple conversations with asg. So the big one I want to ask you about, from adult infants like myself are we safe online? Say that again, are we?

Speaker 2:

safe online? No, never have been. Then again, without going down the whole paranoid thing, is GCHQ in the UK? Is NSA in the USA? Are they listening in on Wynn or Bob or Susie? Probably not. You're not worth it. You're not that important, You're just some schmuck. Deal with it.

Speaker 2:

However, when it comes to bulk data and the use of data of an entire population or an entire cultural subset of a population, there are certainly the possibilities that an awful lot of groups are looking at you, as you're one of 100,000 people that are likely to do this, but more so than the government. That's advertisers, that's big tech. That's Google, Meta, Microsoft, Google. It's them wanting to know not so much your personal behavior, obviously, your personal identity, your social security number, whatever. That's personally identifiable behavior. What we're doing today, and you are contributing to and all of your listeners are contributing to, is giving advertisers, giving big tech, your personally identifiable behavior.

Speaker 2:

How are you going to react in any given situation? We see it in stores and retail with conventional signage Big sale, 90% off, and you're going to drive some traffic. Your numbers will go up. Sail online and you can track the numbers. The same thing with targeting audiences. Yeah, we know who you are. We know a lot about your proclivities and what you're likely going to do. Does that mean you're safe or unsafe? You brought into it. You have traded your privacy for ease, for facility, for tools, for free email.

Speaker 1:

You have given away your personal information, a good deal of your personal identity and a good deal of who you are as a soul, as a human being, through your personal behavior, reacting to the stimulus around you. There's a common trend come it started, but it is common in quite fast motion to social media apps where, if you want to be verified or if you want to access certain features, you need to upload and validate a form of id. Is that safe?

Speaker 2:

safe, let's get into it, it's arranged to laundry.

Speaker 2:

We've had this debate in security forever Could anonymity be allowed on the internet? Well, there's a huge amount of it. That's why there's bot farms. That's why the massive rise in malware and phishing and ransomware are occurring because of massive, massive numbers of unverified, no IRL, no human identification. So many of us have said unless it's real, I'm not going to participate. So, for example, your banking assuming people are doing banking online I do. There are several layers of security that you have to go through and then there's periodic re-vetting to verify certain information.

Speaker 2:

Are you safe when you do that? Yeah, pretty, I do it. I do it. If something goes wrong, it's not going to be really my fault unless I transfer you all my money, but it's going to be an infrastructure problem. It'll be at Amazon AWS or it'll be within Bank of America or whatever. Something up in the tech is going to go wrong and all the credentials will be out. Are you safe? You're as safe as you can be today. If you want to be a billionaire, you're going to be a target. So use common sense and basically most governments. They don't give a shit about you unless you become so noisy that you have risen yourself up to become and want to be visible for whatever reason. The rest of ad tech and big tech they don't give a shit who you are. They care that you are a profile within this particular demographic that will generate income and attention economy for their particular applications. That's it.

Speaker 1:

Yeah, they want to make sure you're a real person.

Speaker 2:

No, in most cases they don't care. They do not care the only time they care. I can sign up with a fake ID, an email address and a stolen credit card. Tomorrow, anywhere, I can do a two-factor authentication to my identity on my little burner phone. I can create that little ecosystem. The only thing in that case that ties me to a real-life person would be a credit card, some method of payment, which then goes back to the financial industry, which should be doing a really, really good job of verifying. Humans are on the back end. But until the in real life verification that occurs in the finance and the health industries and in those kinds of places, until that ties together with the rest of the online experience, you kind of don't know who you're dealing with. That's why we all get. Did you make a charge of $38 to something you never heard of before? If so, we'll cancel your card. You know all that stuff, and that's because your credit card ended up farmed in a criminal database on the dark web. That's it.

Speaker 1:

Yeah, I guess.

Speaker 2:

And there's ways around. You don't need to get a new just because somebody's using your credit card. Do not get a new credit card. Do not have them replace it. That is no. Don't do that Because any reputable financial institution and I use one of the big global ones you get a thing and it says hey, wynn, this $38 from the place you've never heard of.

Speaker 2:

Is this your charge or not? If you say no, they will say okay, we're going to cancel your card, cancel everything, and then you're SOL. You're shit out of luck until you get your new credit card. And again, I can't say all institutions work this way, but enough do. Was this your charge? Yes, so I'll click. Yes, that was my charge and they'll go. Thank you for letting us know. Please reinitiate the charge so we will let it through. Don't do anything. You're back to zero without having to replace your credit card. But again, that is part of the responsible security that has been evolving over the years and in this case, the financial institutions protect money I want to kind of play devil's advocate here a little bit, because I know this is a concern for people at the moment.

Speaker 1:

With, like we mentioned, you can verify someone's identity by getting them to verify a form of identity, a form of id. But the problem people have with putting their personal information online or putting it under these websites that they they probably do know they are real but they're still paranoid is because they are constantly seeing data breaches happen. I know I get messages and emails all the time saying your password could be part of a data breach. These data breaches, can you give an overview of what they actually are to at least put people's mind at ease? Because I know from my point of view, it just sounds like somebody scrabbled them all down in a butter paper and handled them.

Speaker 2:

There are large criminal elements whose job it is to find financial information, to find financial information credit cards numbers, identification, personally identifiable information, pii and then resell it. It's a marketplace. I believe one of the current stats is that, at least in the US, every single American's identity has been stolen at least three times, has been stolen at least three times. In Europe. The numbers are not nearly that bad because of the IRL, in real life requirements and identification and some of the pain in the ass stuff. I mean, I hang out in France a lot and it's just no, I'm not getting a French bank account. That'll take me nine months of your bureaucratic hell. But they also don't have a whole lot of fraud either. Your information is out there, whoever you are, they already got it and you're in some database. So what happens? Once the database has your name? It's going to be profiled. We got this database from this retailer and it has 3 million names and credit card numbers. Cool, they're going to go off and sell it and they're going to sell it for $50, $1,000, some number. Then it's going to hit down to the retail market and they'll go out for $20 to $50 to $100 per card number, based upon American Express credit limit, depending upon how much information that they've been able to get out of the database that they hacked. And basically they have one chance to find out if it's any good or not. And are they going to get that one charge through and that's the charge that you end up seeing on yours. Just learn how to respond to it with your particular bank.

Speaker 2:

It's not. Is it a pain in the ass? I sort of look at it like thank you, because it used to be a royal, royal pain. And again, I've been doing this for 118 years now. I've watched it from oh my God, this is absolutely awful to a system. Now that is perfect. Nope. Perfect security, nope. Is absolutely awful to a system. Now that is perfect. No, perfect security, no. But is it tolerable risk? Is it acceptable? Does it work?

Speaker 1:

pretty well, yeah these things, like these criminal agencies, and like think odds.

Speaker 2:

More people are getting trouble from drinking and driving, or drinking and walking or texting through traffic than really get nailed individually on this stuff. It's it, this takes some work for people to do.

Speaker 1:

Well, these things, like these criminal agencies that that is their job to do is to hack these databases or things like the dark web or these kind of like online terrorism groups and stuff. How are they not policed or how are they not being brought down?

Speaker 2:

They are policed, but it's like real crime. If you have a thousand criminals doing really bad stuff, how many cops you got, there's no difference.

Speaker 1:

the numbers always favor the attacker always, and the defenders only have to make one mistake it's that kind of thing of people who are involved in real life crime, make the one mistake of searching the wrong thing and end up on a watch list and that leads to loads of questions and they get caught for the crime they committed.

Speaker 2:

Well, in the kinetic world, in the physical world, there's a different set of rules. For all the obvious reasons, robbing a bank, robbing a jewelry store, is fraught with a lot more potential risk than online crime because of the ability for anonymity and hiding behind layers and layers and layers of security. And hiding behind layers and layers and layers of security and you reference the dark web and the onion peeling of all the layers, and that's why it's called well, one of the tools is called an onion and you can get through the various layers of the dark web.

Speaker 1:

Yeah, that makes a lot of sense. I'm asked it because there was a serial killer in England a few months ago that he it was reported that he was on watch lists because he had downloaded al-qaeda guides, basically, but he was never questioned by police, no one ever asked him anything, no one ever, like, really paid any attention to what he'd done. But he was placing these watch lists and turns out the whole time he was using these guides to construct this master plan to unfortunately take a few people's lives.

Speaker 2:

I thankfully, don't do a lot and avoid the physical security stuff. That's a whole different world with a whole different set of criteria. I speak it, but I'm not the uber expert on physical security. If you want them, I'll get you a guy please.

Speaker 1:

So we met. You mentioned at the start that everyone's online activity is recorded but it won't be investigated because we are no one. So those people that are in high places that they are of note of investigating do, how do they go about doing those things that could be considered dodgy without doing it online? Because I know, like if I have to set up something with somebody I have to message them. How do they get around that? Do they just meet in person?

Speaker 2:

with varying degrees of efficacy. The cybersecurity community, those of us who like to communicate about sensitive stuff, or just in general, we have gone over to programs like Signal and Telegram that have certain features that I won't say China, russia, us can't penetrate it. That I won't say China, russia, us can't penetrate it. But if you're on that level of trouble, you're in a whole nother world. Reasonable levels of protection. We feel pretty good about using end-to-end encryptions, that encryption services that have no memory. We like those. Does that mean somebody can't record it and save it for the future? No, of course they can. Are they going to waste their time With the sheer amount of crap that comes through the internet every day? You'd need a server the size of Manhattan every hour to be able to do it. So again, it's yes, if you spend your time worrying, spend your time worrying about reasonable levels of controls to minimize your risk and, where there is risk, make sure that there's a third party that's ultimately responsible, like your bank or your insurance company or your health care provider.

Speaker 1:

Make sure you've done what, everything you can do so you mentioned signal and I've read about that a lot in the news lately and telegram was in the news a long time ago about it. But how are they allowed to have apps where, from what I know, it like pretty much doesn't record what the activity going on?

Speaker 2:

it's, it's a. There's zero memory. The the snapchat doesn't snapchat. Do the same thing roughly you delete some message after a day yeah or 15 with.

Speaker 2:

My son used it for a while and I told him to stop. It was like no, this is just too annoying. With the debate over encryption and this terrorist is another man's freedom fighter it ends up getting very political and it has since PGP back in the 80s when that first came out. The debate goes on and on and on and it still goes on. They've just changed some of the rules in England. Apple got all pissed off at the UK for changing rules and we're seeing an awful lot of corporate pushback against governments for these reasons right now. And it's the same reason that was given back in 1991, I forget what year it was when the US government proposed the clipper chip and it was absolute total security and only the government holds the key to your conversation. That did not go well and it's those same efforts that are coming up again.

Speaker 2:

So staying aware of what the cybersecurity guys are doing. Where are we? How do we do it? How do we feel reasonably safe? Huge amounts of us will not do much on Facebook at all. I'll post the Lego pictures of my grandson on Facebook.

Speaker 2:

According to some people, that's too much, but I never discuss work or anything at all over on Facebook because I just yeah, it's just. I use professional forums or groups that I'm a part of, hanging out in and commenting and engaging with the sorry about this unwashed masses where opinions proliferate and science is denigrated. I don't go there. It's just, it's pointless. So, yeah, minimize your risk. Learn a little bit about cybersecurity. Follow what the X ask GPT or, if you're on Google, ask Gemini. Hey, what are the cybersecurity guys doing about this? How are they doing safe chats? Are they using Gmail? Well, what kind of email program is safe from bad guy of choice? With AI driving so much of the answer machine these days, it's a great tool to use and then verify, because AI will hallucinate and go hide you. So you still got to be careful, but it's all about being aware of your life, about you and how you relate to this world that we've created, and not just giving up. You've got to take some responsibility for yourself.

Speaker 1:

Are you staying away from Facebook because of the congregation of opinions, or is there a cybersecurity aspect to it that you don't like From?

Speaker 2:

a business standpoint, from a real research study and that I tend to hang out in various forums where the discussion is informed, where you have a real, you can argue and say Jane, you ignorant slut. But it's done with camaraderie, right? And there are certain words used in the British vernacular in bars that are not used in America, that are meant my pal, we can use them over here. So hanging out where there are cogent discussions, that's part of your first choice. One of the choices of going into the morass of Facebook is being aware of the signal to noise ratio. How much of all of what is going into Facebook do you give a shit about? Do you give a shit?

Speaker 1:

about Very little.

Speaker 2:

And so I've got some family friends because they won't go to the other worlds I go to. So my sister sends a picture of Hawaii and we send a picture of travel, very innocuous stuff. I just do not want to engage with people other than my friends or associates. And you know people say I want my 5,000 friends, what the hell for? And that's all part of the addiction that has occurred with technology. If I have more friends, my identity it's back to inflating oneself of identity. When you look at studies that go back thousands of years, when we look at civilization, the optimal size group for a working environment or a living environment or a potential utopia or anything like that, is between 100 and 150 people. We can't do more because then the signal-to-noise ratio gets really low and we've observed it and the studies have proven it. So I don't know how many friends I've got, but I don't engage with perhaps more than 100 people around the world.

Speaker 1:

There's been pushing this for a while about trying to make the platform free speech, or as much free speech as they can. Do you feel like? From your knowledge of this game and of the tech world and security, do you think there's ever a possibility of there being I'm not even going to say 100, I'm going to say 90% free speech?

Speaker 2:

I don't know what that means. You've got to tell me what free speech means.

Speaker 1:

From what I know again, it's going to be a very, very simple.

Speaker 2:

This is the philosopher's question yeah, what are you talking about? Because does free speech mean? Are you allowed to go to an airport with free speech and say I got a boom without a consequence? Are you allowed to go to a movie theater and start screaming fire, fire, fire, everybody leave without consequence? We have certain exceptions, and I say we, I'm talking cultures, I'm not saying US here, but just various cultures have various exceptions.

Speaker 2:

Threatening to go out and murder somebody is a crime in many, many places. In other places it may not be a crime. Context matters oh, I'm going to fucking kill you. Well, we're just bantering. So again, context meaning how do you judge free speech in that? And that is what's become so politicized.

Speaker 2:

Certain conservative right-wing factions are fighting back against the ability to recognize or counter misinformation or disinformation because in many of their mindsets, misinformation and disinformation are part of the core belief systems that they've already got that have no evidentiary basis. Should that be part of free speech? So I'm not trying to answer the question here, because it's so flexible, it is so difficult, it is so fundamental to mental immunology and protecting the mind these days that the cyber issues and the cognitive issues become very intertwined and ends up an awful lot of it with a moral discourse. Just because you have the technology, should you use it, using questions that we need to be asking more and more? And then it's about responsible use.

Speaker 2:

Now I could say, all right, let's try to define responsible free speech. All right, one ethicist and this gets into the history of ethics Can we all agree that harming human beings maliciously is a bad thing? Well, that's a very foundational question. That may have some exceptions. So the concept of free speech, the concept of murder, the concept of anything that has ethical inquiry into it, makes this all the more difficult. Are abject, not evidentiary statements free speech? Are they insightful? Are they mean? Are they anti-ethical? How do we deal with all that?

Speaker 1:

We'll go back to online security for a second, because something's popped into my head that made me realize I forgot to ask a question on this, but I asked a few people in my Substack chat and on Instagram about if there was any questions about online, like the paranoia they have with it and stuff, and there was one that kept coming up and I don't think I'm understanding it well enough because, like I said, I'm an adult infant. I know nothing really about anything. People are asking a lot is crypto and the blockchain safe? If they've been regulated? It's probably a better question because it is very new.

Speaker 2:

No, that's the whole point of blockchain is decentralization of control of it. The biggest problem with blockchain is the sheer amount of energy that it takes to drive it. It's unsustainable. It's a interesting mathematical protocol, but boy does it eat up an awful lot of processing and power and eats trees and all that. Is it safe? We all use it regardless and in many cases, you're using it in places that you and I don't know. When it comes to crypto, you really I have an opinion which is worthless. So, no, I'm not even going to bother with my opinion.

Speaker 1:

It's no well I think the main paranoia with crypto is how you buy crypto. You have to go through the wallets and these different websites. People are maybe wondering is there a way to tell these websites are safe? Like we mentioned before about, you can tell a person's safe to talk to online if there is an authentication process. But with crypto and these websites to buy crypto, you haven't jumped through a lot of rabbit holes, the reason why I don't get involved. How can you really tell that it's safe?

Speaker 2:

The rabbit holes are. These guys are financial institutions that are talking to the traditional banking industry's infrastructure as well, so an awful lot of them have had to adapt their technologies to be able to communicate in a secure banking manner I'm using that term loosely but some way that satisfies the traditional banking industry's criteria. Again, which ones are the real ones? Well, I would call a buddy and say which ones are you using? And I don't know. There's a half a dozen of names Coinbase. I don't even know them because I really don't mess around with it. It's not difficult to find the top three or four. And when you're at the top three or four, again critical thinking, do your research and look for the evidence and don't believe the first thing you saw, don't believe the second thing you saw. It's like my wife was just going through our washer, died, and she goes what are we going to do? I said you're going to go figure it out. And she goes what are we going to do? I said you're gonna go figure it out. And so then, then the next several days was deep dive into everything about washers.

Speaker 2:

And these days, with the amount of bullshit coming your way, whether it's well-intentioned, bs, marketing, bs or misinformation or out and out misrepresentation and lies. You're still got to filter your way through that to find a reasonable answer. And that's back to critical thinking. And so when you hear people I've seen this in politics and religion, but more so in politics you end up with some folks that have some very, very strong ideations based upon a belief system and a very, very fixed ideology. You get into a discussion and you start trying to get them to provide evidence Show me how you got there, show me the threads of the thought of how they connect. And when you hear the response response well, just go, you, do your research. Do you know what that actually means? No, it means I have no fucking idea what I'm. Yeah, I see so in the digital world people, I'm sorry, you got to take responsibility, right, wrong or indifferent. You got to take responsibility or disconnect this question, or indifferent. You've got to take responsibility or disconnect.

Speaker 1:

This question might be marketing BS and you can tell me if it is, but people seem to be really saying that in the future, with this whole getting rid of cash movement thing, the blockchain and crypto is going to be almost like the digital payment type of thing. We're going to be able, like the digital payment type of thing, we're going to be able to pay for everything through it. But you mentioned that it takes an awful lot of energy to drive these things. Do you think that times will adapt to that and eventually the energy will move into that? Or do you think this is all just market and shit, trying to sell a new coin?

Speaker 2:

The coins are on the side that is trying to create value out of perception. That's NFC, non-fungible currency types of things. So let's separate that from technology. Chain-like architecture will likely evolve. The problem that you have with blockchain is the scalability of it. How many credit card transactions are processed daily? 10 billion, whatever? I don't know. There's some big number right. How many blockchain exchanges are done a day? Oh, some very, very small percentage of that, very, very small of people who are engaged in blockchain, crypto exchange, bitwallet and those things. It will not scale to the credit card size and if it did, we wouldn't have a tree left on the planet. So right now, when you talk about cashless, I mean right now, we are just on the edge of cashless.

Speaker 2:

I travel a great deal and cash is. I always have some, especially when I travel international just cause. But you're 95% just either paying with your phone, google Pay wallet or your credit card. We're already there. We're largely there. Going to a cash required place is shit. I better have some cash because I don't know Now, like going to a farmer's market here. Yeah, you better have cash.

Speaker 2:

There was this bar in Paris. I got to tell you it was very funny. A friend of mine took me there a number of years ago. It's the Islamic Christian Porn Bar, believe it or not. I know it's a long story and we were there. And as we're getting ready to leave, I whip out a credit card and goes. They only take cash and I go. I had like 10 euros on me and this is a few years ago. It took a while to be able to find an ATM machine that worked with an American credit card to be able to get cash out, and that is okay. That was the big lesson. Regardless, if we're in a cashless society, always have some cash yeah, I.

Speaker 1:

I asked it because we are pretty much at the cashless society now. I agree with that, but I think people are trying to again this paranoia. People think that big finances somehow scamming them or they're hiding something from them, so they think blockchain is going to be the next thing. But funny, you mentioned the cashless thing in paris because I went to spain last year and I genuinely do not think I had anything close to a euro in my pocket, like I never had any kind of cash coin, nothing. It was all done on my phone that I think people are almost scraping at it because they see that coming and it came quicker than they expected. They probably still expected cash to be in circulation at the moment because crypto's booming, blockchain's trendy. They just assume that that's going to happen.

Speaker 2:

Maybe the power of religion a bit of our cashless society. The vast majority of our cashless society is using specifications written in the 70s on how to do secure exchange of financial information. It has evolved since, of course, over the years, but the fundamental methodology of cash, credit card payment and financial exchange hasn't changed.

Speaker 1:

Actually the final question.

Speaker 2:

Tell me about this book. Well, this book, this book All right, I should have had it prepared, right, it's here somewhere. It's called the Art and Science of Metawar, and it's about how technology influences our senses, how we become overwhelmed by them, and how decisions are often not made by us consciously. They're made by the algorithms, they're made by our addictive qualities, they're made by perceptions and beliefs that may have no basis in reality or evidentiary science. And it's what do we do? How do we do this at the mass societal level? How do we protect individuals from mythomania, from conspiracy theories, from falling in? How do we get people in kindergartens, how do we get kids to recognize BS from not BS? Well, in Finland, they're doing that at the toddler level now, and they're using fairy tales as the teaching tools to teach misinformation, disinformation, reality distortion and BS detection. And they're doing it within the context of a toddler's mind and an environment that they're going to get part of anyway.

Speaker 2:

And I do it with my grandson. He told me the other day. He said, well, I just watched the Godzilla movie with daddy and I go which one? And then I realized, well, he doesn't know the history of 30 Godzilla movies here. Which was stupid on my part. I said weren't you scared he goes. Nah, it's just a play monster. So his cognition of reality versus play is hopefully going to help keep his mental immune system strong and not fall into the dystopia of first person, second person or multiplayer shooter games where the object is murder, death, kill, and so I'm going to be very against doing that because I think it teaches something bad. Did I answer your question or did I end up going?

Speaker 1:

You did. So I have one last question for you before I release you from this prison. If you had the entire world's attention for one moment and you could give them one piece of advice, what would it be?

Speaker 2:

That's easy. That's really easy Today, and I'm doing this with a perspective, and it's unfortunate, but the truth of the matter is nothing. For example, you don't know you're talking to me, don't?

Speaker 1:

break out.

Speaker 2:

I might be an AI, because I've got a great number of people who know how to do AI simulations. How do you know? How did you verify, that I'd be? You took it on faith. You took it on faith. You took it on trust. Trust nothing. Verify at least twice. If you do that, and if humanity does that, we might have a chance of surviving.